Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
New setup of Kerberos: Not able to start the Kadmin service : Error as "kadmind: kadmind: Cannot bind to LDAP server 'ldapi://' as 'cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh': Invalid credentials while initializing, aborting"
407 views
Skip to first unread message
patnai...@gmail.com
Nov 30, 2019, 11:51:23 AM11/30/19
to
Hi ,
I am trying to set up new kerberos , After openldap setup i am trying to setup the Kerberos using below steps . PLease find the error as mentioned below. Let me know if you need any more information.
Thanks in Advance !!!!!!!!
1st step
***************
[root@xxxxxxxx openldap]# sudo yum -y install krb5-server krb5-server-ldap
Loaded plugins: langpacks, product-id, search-disabled-repos
Package krb5-server-1.15.1-37.el7_6.x86_64 already installed and latest version
Package krb5-server-ldap-1.15.1-37.el7_6.x86_64 already installed and latest version
Nothing to do
2nd step
**********
[root@xxxxxxxx openldap]# sudo /bin/grep -q "^%cloudera-scm\ *ALL=NOPASSWD:.*krb5kdc" /etc/sudoers || echo "%cloudera-scm ALL=NOPASSWD:/etc/init.d/krb5kdc , /sbin/service krb5kdc *" | sudo /usr/bin/tee -a /etc/sudoers > /dev/null
[root@lvmbgmnp1007 openldap]# sudo /bin/grep -q "^%cloudera-scm\ *ALL=NOPASSWD:.*kadmin" /etc/sudoers || echo "%cloudera-scm ALL=NOPASSWD:/etc/init.d/kadmin , /sbin/service kadmin *" | sudo /usr/bin/tee -a /etc/sudoers > /dev/null
3rd step
***************
sudo chkconfig kadmin on
[root@xxxxxxxx openldap]# sudo chkconfig kadmin on
Note: Forwarding request to 'systemctl enable kadmin.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/kadmin.service to /usr/lib/systemd/system/kadmin.service.
4th step
************
[root@xxxxxxxx krb5kdc]# vi kadm5.acl
[root@xxxxxxxx krb5kdc]# cat kadm5.acl
* /ad...@NP-BIGDATA.EQH *
5th step
************
IN THE SYSTEM
******************
[root@xxxxxxxx etc]# cp krb5.conf krb5.conf_bkup_30112019
[root@xxxxxxxx etc]# vi krb5.conf
[root@xxxxxxxx etc]# cat krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
#Setup /etc/krb5.conf to use Bigdata KDC as default
[libdefaults]
default_realm = NP-BIGDATA.EQH
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
NP-BIGDATA.EQH = {
kdc = ldap.bigdata.eqh:88
admin_server = ldap.bigdata.eqh:749
}
[domain_realm]
np-bigdata.eqh = NP-BIGDATA.EQH
.np-bigdata.eqh = NP-BIGDATA.EQH
[root@lvmbgmnp1007 etc]#
COMMAND
************
[root@xxxxxxxx etc]# kdb5_ldap_util stashsrvpw -f /var/kerberos/krb5kdc/ldap.keyfile cn=kdc-service,ou=services,dc=np-bigdata,dc=eqh
Password for "cn=kdc-service,ou=services,dc=np-bigdata,dc=eqh":
Re-enter password for "cn=kdc-service,ou=services,dc=np-bigdata,dc=eqh":
Update ldap.keyfile under /var/Kerberos/krb5kdc and create adm-service password
go to /var/kerberos/krb5kdc
[root@xxxxxxxx etc]# cd /var/kerberos/krb5kdc
[root@xxxxxxxx krb5kdc]# ls -ltr
total 12
-rw------- 1 root root 451 Dec 18 2018 kdc.conf
-rw------- 1 root root 26 Nov 30 02:43 kadm5.acl
-rw------- 1 root root 92 Nov 30 04:19 ldap.keyfile
[root@xxxxxxxx krb5kdc]# cat ldap.keyfile
cn=kdc-service,ou=services,dc=np-bigdata,dc=eqh#{HEX}4753464b494d574f45695451394d654c404e50
6TH STEP
*************
[root@xxxxxxxx krb5kdc]# kdb5_ldap_util stashsrvpw -f /var/kerberos/krb5kdc/ldap.keyfile cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh
Password for "cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh":
Re-enter password for "cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh":
7th step
*************
Create KDC master password
****************************
setup the KDC.CONF
**********************
[root@xxxxxxxx krb5kdc]# vi kdc.conf
[root@xxxxxxxx krb5kdc]# cat kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
NP-BIGDATA.EQH = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
max_life = 1d
max_renewable_life = 7d
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
database_module = openldap_ldapconfbd
}
[dbmodules]
openldap_ldapconfbd = {
db_library = kldap
ldap_kdc_dn = cn=kdc-service,ou=Services,dc=np-bigdata,dc=eqh
ldap_kadmind_dn = cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh
ldap_service_password_file = /var/kerberos/krb5kdc/ldap.keyfile
ldap_servers = ldapi://
ldap_kerberos_container_dn = cn=kerberos,dc=np-bigdata,dc=eqh
ldap_conns_per_server = 5
}
[root@xxxxxxxx krb5kdc]# kdb5_ldap_util -H ldapi:// -D cn=Manager,dc=np-bigdata,dc=eqh create -subtrees ou=Users,dc=np-bigdata,dc=eqh -r NP-BIGDATA.EQH -s
Password for "cn=Manager,dc=np-bigdata,dc=eqh":
Initializing database for realm 'NP-BIGDATA.EQH'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
[root@lvmbgmnp1007 krb5kdc]#
8TH STEP
************
[root@xxxxxxxx krb5kdc]# systemctl status kadmin.service -l
â kadmin.service - Kerberos 5 Password-changing and Administration
Loaded: loaded (/usr/lib/systemd/system/kadmin.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2019-11-30 06:29:30 EST; 11min ago
Process: 28523 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=1/FAILURE)
Nov 30 06:29:29 xxxxxxxx.np-bigdata.eqh systemd[1]: Starting Kerberos 5 Password-changing and Administration...
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh _kadmind[28523]: kadmind: kadmind: Cannot bind to LDAP server 'ldapi://' as 'cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh': Invalid credentials while initializing, aborting
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh systemd[1]: kadmin.service: control process exited, code=exited status=1
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh systemd[1]: Failed to start Kerberos 5 Password-changing and Administration.
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh systemd[1]: Unit kadmin.service entered failed state.
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh systemd[1]: kadmin.service failed.
Error:
Nov 30 06:27:01 xxxxxxxx systemd: Removed slice User Slice of root.
Nov 30 06:27:28 xxxxxxxx systemd: Starting Kerberos 5 Password-changing and Administration...
Nov 30 06:27:28 xxxxxxxx _kadmind: kadmind: kadmind: Cannot bind to LDAP server 'ldapi://' as 'cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh': Invalid credentials while initializing, aborting
Nov 30 06:27:28 xxxxxxxx systemd: kadmin.service: control process exited, code=exited status=1
Nov 30 06:27:28 xxxxxxxx systemd: Failed to start Kerberos 5 Password-changing and Administration.
Nov 30 06:27:28 xxxxxxxx systemd: Unit kadmin.service entered failed state.
Nov 30 06:27:28 xxxxxxxx systemd: kadmin.service failed.
Nov 30 06:28:01 xxxxxxxx systemd: Created slice User Slice of root.
Nov 30 06:28:01 xxxxxxxx systemd: Started Session c26676 of user root.
Nov 30 06:28:01 xxxxxxxx systemd: Started Session c26677 of user root.
Nov 30 06:28:01 xxxxxxxx systemd: Removed slice User Slice of root.
Nov 30 06:28:01 xxxxxxxx systemd: Created slice User Slice of root.
Nov 30 06:28:01 xxxxxxxx systemd: Started Session 18510 of user root.
Nov 30 06:28:01 xxxxxxxx systemd: Removed slice User Slice of root.
Nov 30 06:28:46 xxxxxxxx systemd: Stopping OpenLDAP Server Daemon...
Nov 30 06:28:46 xxxxxxxx systemd: Stopped OpenLDAP Server Daemon.
Nov 30 06:28:46 xxxxxxxx systemd: Starting OpenLDAP Server Daemon...
Nov 30 06:28:46 xxxxxxxx slaptest: auxpropfunc error invalid parameter supplied
Nov 30 06:28:46 xxxxxxxx slaptest: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
Nov 30 06:28:46 xxxxxxxx slapcat: auxpropfunc error invalid parameter supplied
Nov 30 06:28:46 xxxxxxxx slapcat: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
Nov 30 06:28:46 xxxxxxxx slapd[28349]: auxpropfunc error invalid parameter supplied
Nov 30 06:28:46 xxxxxxxx slapd[28349]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
[root@xxxxxxxx log]# cat kadmind.log
Nov 30 06:27:28 xxxxxxxx.np-bigdata.eqh kadmind[28086](Error): Cannot bind to LDAP server 'ldapi://' as 'cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh': Invalid credentials while initializing, aborting
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh kadmind[28523](Error): Cannot bind to LDAP server 'ldapi://' as 'cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh': Invalid credentials while initializing, aborting
Thanks and Regards
Bibhu
I am trying to set up new kerberos , After openldap setup i am trying to setup the Kerberos using below steps . PLease find the error as mentioned below. Let me know if you need any more information.
Thanks in Advance !!!!!!!!
1st step
***************
[root@xxxxxxxx openldap]# sudo yum -y install krb5-server krb5-server-ldap
Loaded plugins: langpacks, product-id, search-disabled-repos
Package krb5-server-1.15.1-37.el7_6.x86_64 already installed and latest version
Package krb5-server-ldap-1.15.1-37.el7_6.x86_64 already installed and latest version
Nothing to do
2nd step
**********
[root@xxxxxxxx openldap]# sudo /bin/grep -q "^%cloudera-scm\ *ALL=NOPASSWD:.*krb5kdc" /etc/sudoers || echo "%cloudera-scm ALL=NOPASSWD:/etc/init.d/krb5kdc , /sbin/service krb5kdc *" | sudo /usr/bin/tee -a /etc/sudoers > /dev/null
[root@lvmbgmnp1007 openldap]# sudo /bin/grep -q "^%cloudera-scm\ *ALL=NOPASSWD:.*kadmin" /etc/sudoers || echo "%cloudera-scm ALL=NOPASSWD:/etc/init.d/kadmin , /sbin/service kadmin *" | sudo /usr/bin/tee -a /etc/sudoers > /dev/null
3rd step
***************
sudo chkconfig kadmin on
[root@xxxxxxxx openldap]# sudo chkconfig kadmin on
Note: Forwarding request to 'systemctl enable kadmin.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/kadmin.service to /usr/lib/systemd/system/kadmin.service.
4th step
************
[root@xxxxxxxx krb5kdc]# vi kadm5.acl
[root@xxxxxxxx krb5kdc]# cat kadm5.acl
* /ad...@NP-BIGDATA.EQH *
5th step
************
IN THE SYSTEM
******************
[root@xxxxxxxx etc]# cp krb5.conf krb5.conf_bkup_30112019
[root@xxxxxxxx etc]# vi krb5.conf
[root@xxxxxxxx etc]# cat krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
#Setup /etc/krb5.conf to use Bigdata KDC as default
[libdefaults]
default_realm = NP-BIGDATA.EQH
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
NP-BIGDATA.EQH = {
kdc = ldap.bigdata.eqh:88
admin_server = ldap.bigdata.eqh:749
}
[domain_realm]
np-bigdata.eqh = NP-BIGDATA.EQH
.np-bigdata.eqh = NP-BIGDATA.EQH
[root@lvmbgmnp1007 etc]#
COMMAND
************
[root@xxxxxxxx etc]# kdb5_ldap_util stashsrvpw -f /var/kerberos/krb5kdc/ldap.keyfile cn=kdc-service,ou=services,dc=np-bigdata,dc=eqh
Password for "cn=kdc-service,ou=services,dc=np-bigdata,dc=eqh":
Re-enter password for "cn=kdc-service,ou=services,dc=np-bigdata,dc=eqh":
Update ldap.keyfile under /var/Kerberos/krb5kdc and create adm-service password
go to /var/kerberos/krb5kdc
[root@xxxxxxxx etc]# cd /var/kerberos/krb5kdc
[root@xxxxxxxx krb5kdc]# ls -ltr
total 12
-rw------- 1 root root 451 Dec 18 2018 kdc.conf
-rw------- 1 root root 26 Nov 30 02:43 kadm5.acl
-rw------- 1 root root 92 Nov 30 04:19 ldap.keyfile
[root@xxxxxxxx krb5kdc]# cat ldap.keyfile
cn=kdc-service,ou=services,dc=np-bigdata,dc=eqh#{HEX}4753464b494d574f45695451394d654c404e50
6TH STEP
*************
[root@xxxxxxxx krb5kdc]# kdb5_ldap_util stashsrvpw -f /var/kerberos/krb5kdc/ldap.keyfile cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh
Password for "cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh":
Re-enter password for "cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh":
7th step
*************
Create KDC master password
****************************
setup the KDC.CONF
**********************
[root@xxxxxxxx krb5kdc]# vi kdc.conf
[root@xxxxxxxx krb5kdc]# cat kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
NP-BIGDATA.EQH = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
max_life = 1d
max_renewable_life = 7d
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
database_module = openldap_ldapconfbd
}
[dbmodules]
openldap_ldapconfbd = {
db_library = kldap
ldap_kdc_dn = cn=kdc-service,ou=Services,dc=np-bigdata,dc=eqh
ldap_kadmind_dn = cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh
ldap_service_password_file = /var/kerberos/krb5kdc/ldap.keyfile
ldap_servers = ldapi://
ldap_kerberos_container_dn = cn=kerberos,dc=np-bigdata,dc=eqh
ldap_conns_per_server = 5
}
[root@xxxxxxxx krb5kdc]# kdb5_ldap_util -H ldapi:// -D cn=Manager,dc=np-bigdata,dc=eqh create -subtrees ou=Users,dc=np-bigdata,dc=eqh -r NP-BIGDATA.EQH -s
Password for "cn=Manager,dc=np-bigdata,dc=eqh":
Initializing database for realm 'NP-BIGDATA.EQH'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
[root@lvmbgmnp1007 krb5kdc]#
8TH STEP
************
[root@xxxxxxxx krb5kdc]# systemctl status kadmin.service -l
â kadmin.service - Kerberos 5 Password-changing and Administration
Loaded: loaded (/usr/lib/systemd/system/kadmin.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2019-11-30 06:29:30 EST; 11min ago
Process: 28523 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=1/FAILURE)
Nov 30 06:29:29 xxxxxxxx.np-bigdata.eqh systemd[1]: Starting Kerberos 5 Password-changing and Administration...
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh _kadmind[28523]: kadmind: kadmind: Cannot bind to LDAP server 'ldapi://' as 'cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh': Invalid credentials while initializing, aborting
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh systemd[1]: kadmin.service: control process exited, code=exited status=1
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh systemd[1]: Failed to start Kerberos 5 Password-changing and Administration.
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh systemd[1]: Unit kadmin.service entered failed state.
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh systemd[1]: kadmin.service failed.
Error:
Nov 30 06:27:01 xxxxxxxx systemd: Removed slice User Slice of root.
Nov 30 06:27:28 xxxxxxxx systemd: Starting Kerberos 5 Password-changing and Administration...
Nov 30 06:27:28 xxxxxxxx _kadmind: kadmind: kadmind: Cannot bind to LDAP server 'ldapi://' as 'cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh': Invalid credentials while initializing, aborting
Nov 30 06:27:28 xxxxxxxx systemd: kadmin.service: control process exited, code=exited status=1
Nov 30 06:27:28 xxxxxxxx systemd: Failed to start Kerberos 5 Password-changing and Administration.
Nov 30 06:27:28 xxxxxxxx systemd: Unit kadmin.service entered failed state.
Nov 30 06:27:28 xxxxxxxx systemd: kadmin.service failed.
Nov 30 06:28:01 xxxxxxxx systemd: Created slice User Slice of root.
Nov 30 06:28:01 xxxxxxxx systemd: Started Session c26676 of user root.
Nov 30 06:28:01 xxxxxxxx systemd: Started Session c26677 of user root.
Nov 30 06:28:01 xxxxxxxx systemd: Removed slice User Slice of root.
Nov 30 06:28:01 xxxxxxxx systemd: Created slice User Slice of root.
Nov 30 06:28:01 xxxxxxxx systemd: Started Session 18510 of user root.
Nov 30 06:28:01 xxxxxxxx systemd: Removed slice User Slice of root.
Nov 30 06:28:46 xxxxxxxx systemd: Stopping OpenLDAP Server Daemon...
Nov 30 06:28:46 xxxxxxxx systemd: Stopped OpenLDAP Server Daemon.
Nov 30 06:28:46 xxxxxxxx systemd: Starting OpenLDAP Server Daemon...
Nov 30 06:28:46 xxxxxxxx slaptest: auxpropfunc error invalid parameter supplied
Nov 30 06:28:46 xxxxxxxx slaptest: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
Nov 30 06:28:46 xxxxxxxx slapcat: auxpropfunc error invalid parameter supplied
Nov 30 06:28:46 xxxxxxxx slapcat: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
Nov 30 06:28:46 xxxxxxxx slapd[28349]: auxpropfunc error invalid parameter supplied
Nov 30 06:28:46 xxxxxxxx slapd[28349]: ldapdb_canonuser_plug_init() failed in sasl_canonuser_add_plugin(): invalid parameter supplied
[root@xxxxxxxx log]# cat kadmind.log
Nov 30 06:27:28 xxxxxxxx.np-bigdata.eqh kadmind[28086](Error): Cannot bind to LDAP server 'ldapi://' as 'cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh': Invalid credentials while initializing, aborting
Nov 30 06:29:30 xxxxxxxx.np-bigdata.eqh kadmind[28523](Error): Cannot bind to LDAP server 'ldapi://' as 'cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh': Invalid credentials while initializing, aborting
Thanks and Regards
Bibhu
patnai...@gmail.com
Dec 1, 2019, 6:07:05 AM12/1/19
to
I found few entries were not proper in krb5.conf file those are as" kdc = ldap.bigdata.eqh:88 and admin_server = ldap.bigdata.eqh:749" under realm, i changed to "lvmbgmnp1007.np-bigdata.eqh:88 and lvmbgmnp1007.np-bigdata.eqh:749" but still i am not able to start the kadmin services getting the error as " lvmbgmnp1007.np-bigdata.eqh _kadmind[23910]: kadmind: kadmind: Cannot bind to LDAP server 'ldapi://' as 'cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh': Invali..., aborting"
Can you please suggest.
Earlier
*********
[root@xxxxxxxx etc]# cat krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
#Setup /etc/krb5.conf to use Bigdata KDC as default
[libdefaults]
default_realm = NP-BIGDATA.EQH
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
NP-BIGDATA.EQH = {
kdc = ldap.bigdata.eqh:88
admin_server = ldap.bigdata.eqh:749
}
[domain_realm]
np-bigdata.eqh = NP-BIGDATA.EQH
.np-bigdata.eqh = NP-BIGDATA.EQH
Changed/Update
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
#Setup /etc/krb5.conf to use Bigdata KDC as default
[libdefaults]
default_realm = NP-BIGDATA.EQH
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
NP-BIGDATA.EQH = {
kdc = ldap.bigdata.eqh:88
admin_server = ldap.bigdata.eqh:749
}
[domain_realm]
np-bigdata.eqh = NP-BIGDATA.EQH
.np-bigdata.eqh = NP-BIGDATA.EQH
******************
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
#Setup /etc/krb5.conf to use Bigdata KDC as default
[libdefaults]
default_realm = NP-BIGDATA.EQH
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
NP-BIGDATA.EQH = {
kdc = lvmbgmnp1007.np-bigdata.eqh:88
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
#Setup /etc/krb5.conf to use Bigdata KDC as default
[libdefaults]
default_realm = NP-BIGDATA.EQH
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
NP-BIGDATA.EQH = {
admin_server = lvmbgmnp1007.np-bigdata.eqh:749
}
[domain_realm]
np-bigdata.eqh = NP-BIGDATA.EQH
.np-bigdata.eqh = NP-BIGDATA.EQH
Thanks and Regards
[domain_realm]
np-bigdata.eqh = NP-BIGDATA.EQH
.np-bigdata.eqh = NP-BIGDATA.EQH
Bibhu
patnai...@gmail.com
Dec 1, 2019, 7:50:04 AM12/1/19
to
I found one discrepancy in ldap.keyfile that is small s is there in ou=services of cn=kdc-service . could you please suggest whether i need to take a backup of ldap.keyfile and delete the two entries and try to create new two password entries.? please suggest
[root@lvmbgmnp1007 krb5kdc]# cat ldap.keyfile
cn=kdc-service,ou=services,dc=np-bigdata,dc=eqh#{HEX}4753464b494d574f45695451394d654c404e50
cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh#{HEX}586d6e3056487a6d784a4a5746556b6a404e50
Thansk and Regards
Bibhu
patnai...@gmail.com
Dec 2, 2019, 6:54:15 AM12/2/19
to
I have changed the above entry as ou=Services(capital s) . but still getting the same error. could you please suggest.
[root@lvmbgmnp1007 ~]# systemctl stop kadmin.service
[root@lvmbgmnp1007 ~]# systemctl start kadmin.service
Job for kadmin.service failed because the control process exited with error code. See "systemctl status kadmin.service" and "journalctl -xe" for details.
[root@lvmbgmnp1007 ~]# systemctl status kadmin.service
â kadmin.service - Kerberos 5 Password-changing and Administration
Loaded: loaded (/usr/lib/systemd/system/kadmin.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2019-12-02 06:48:30 EST; 14s ago
Loaded: loaded (/usr/lib/systemd/system/kadmin.service; enabled; vendor preset: disabled)
Process: 48116 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=1/FAILURE)
Dec 02 06:48:30 lvmbgmnp1007.np-bigdata.eqh systemd[1]: Starting Kerberos 5 Password-changing and Administration...
Dec 02 06:48:30 lvmbgmnp1007.np-bigdata.eqh _kadmind[48116]: kadmind: kadmind: Cannot bind to LDAP server 'ldapi://' as 'cn=adm-service,ou=Services,dc=np-bigdata,dc=eqh': Invali..., aborting
Dec 02 06:48:30 lvmbgmnp1007.np-bigdata.eqh systemd[1]: kadmin.service: control process exited, code=exited status=1
Dec 02 06:48:30 lvmbgmnp1007.np-bigdata.eqh systemd[1]: Failed to start Kerberos 5 Password-changing and Administration.
Dec 02 06:48:30 lvmbgmnp1007.np-bigdata.eqh systemd[1]: Unit kadmin.service entered failed state.
Dec 02 06:48:30 lvmbgmnp1007.np-bigdata.eqh systemd[1]: kadmin.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
Thanks and Regards
Bibhu
0 new messages