我在centos 7上安装了freeipa。但是,当我运行kinit admin时,我收到以下错误:
kinit: Cannot contact any KDC for realm 'IPA.TESTDOMAIN.COM' while getting initial credentials
当我尝试获取kadmin服务状态时:
systemctl status kadmin.service
● kadmin.service - Kerberos 5 Password-changing and Administration
Loaded: loaded (/usr/lib/systemd/system/kadmin.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2018-05-26 19:54:54 UTC; 11s ago
Process: 21040 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=1/FAILURE)
Main PID: 7777 (code=exited, status=2)
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service: main process exited, code=exited, status=2/INVALIDARGUMENT
May 26 19:54:54 ipa.testdomain.com systemd[1]: Unit kadmin.service entered failed state.
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service failed.
May 26 19:54:54 ipa.testdomain.com systemd[1]: Starting Kerberos 5 Password-changing and Administration...
May 26 19:54:54 ipa.testdomain.com _kadmind[21040]: kadmind: kadmind: Cannot open DB2 database '/var/kerberos/krb5kdc/principal': No...orting
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service: control process exited, code=exited status=1
May 26 19:54:54 ipa.testdomain.com systemd[1]: Failed to start Kerberos 5 Password-changing and Administration.
May 26 19:54:54 ipa.testdomain.com systemd[1]: Unit kadmin.service entered failed state.
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
有关如何进一步排查问题的想法吗?
答案 0 :(得分:1)
krb5kdc服务应该启动并运行。要启动所有FreeIPA服务(按正确的顺序),您应该尝试使用ipactl restart。如果无法重新启动服务,则可能必须手动终止krb5kdc进程。
答案 1 :(得分:0)
此问题是由于在安装脚本中使用了错误的域名引起的。使用正确的信息运行安装程序使我可以在centos上运行freeipa(我也尝试在ubuntu上运行,但从未在ubuntu上运行)。