|
|
| Reporter | ktdreyer | Assigned To | | |
|---|
| Priority | normal | Severity | major | Reproducibility | always |
|---|
| Status | new | Resolution | open | |
|---|
| Platform | x64 | OS | Linux | OS Version | C7 |
|---|
| Product Version | 7.0-1406 | |
|---|
|
|
| Summary | 0007784: krb5kdc fails to start on boot when using local LDAP backend |
|---|
| Description | When running krb5kdc with an OpenLDAP backend (slapd is on the same server), the krb5kdc service will start before slapd is up, which causes krb5kdc to fail during the boot process. It is necessary to restart the krb5kdc service after each reboot. |
|---|
| Steps To Reproduce | 1. Install/configure OpenLDAP's slapd.
2. Install/configure KDC to use the LDAP backend.
3. Confirm that the KDC is working and able to start properly (systemctl start krb5kdc && systemctl status krb5kdc). kinit works, etc.
4. Confirm that both services are enabled in systemd (systemctl enable krb5kdc && systemctl enable slapd).
5. Reboot the system.
After the reboot, slapd will have started, but krb5kdc will have tried to start and failed. The error in /var/log/krb5kdc.log is:
krb5kdc: Can't contact LDAP server - while initializing database for realm EXAMPLE.COM
To fix this, simply restart the krb5kdc service:
systemctl restart krb5kdc
And the KDC will be able to talk to slapd without issue. |
|---|
| Additional Information | I'm using the following versions:
krb5-server-1.11.3-49.el7.x86_64
openldap-servers-2.4.39-3.el7.x86_64
Changing the "After=" line in /usr/lib/systemd/system/krb5kdc.service from
After=syslog.target network.target
to
After=syslog.target network.target slapd.service
allows the KDC to start successfully on boot. |
|---|
| Tags | No tags attached. |
|---|
|
|
| abrt_hash | |
|---|
| URL | |
|---|
|
|
