Service named-pkcs11.service on replica reports error: Failed to get initial credentials (TGT) using principal 'DNS/ipa-replica.example.com' and keytab 'FILE:/etc/named.keytab' (Generic error (see e-text))
Hi,
when I start service `named-pkcs11.service` on replica server I get these error messages: ``` Dez 29 17:33:28 ipa-replica.example.com named-pkcs11[3936]: Failed to get initial credentials (TGT) using principal 'DNS/ipa-replica.example.com' and keytab 'FILE:/etc/named.keytab' (Generic error (see e-text)) [...] Dez 29 17:34:04 ipa-replica.example.com ipa-dnskeysyncd[3942]: ipa-dnskeysyncd: CRITICAL Kerberos authentication failed: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638972): Generic error (see e-text) Dez 29 17:34:04 ipa-replica.example.com systemd[1]: ipa-dnskeysyncd.service: Main process exited, code=exited, status=1/FAILURE ```
The service is starting successfully though.
The full log is available here: http://freetexthost.com/e53jnsslf1
What's causing this error?
74cmonty via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
Hi,
when I start service `named-pkcs11.service` on replica server I get these error messages:
Dez 29 17:33:28 ipa-replica.example.com named-pkcs11[3936]: Failed to get initial credentials (TGT) using principal 'DNS/ipa-replica.example.com' and keytab 'FILE:/etc/named.keytab' (Generic error (see e-text)) [...] Dez 29 17:34:04 ipa-replica.example.com ipa-dnskeysyncd[3942]: ipa-dnskeysyncd: CRITICAL Kerberos authentication failed: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638972): Generic error (see e-text) Dez 29 17:34:04 ipa-replica.example.com systemd[1]: ipa-dnskeysyncd.service: Main process exited, code=exited, status=1/FAILUREThe service is starting successfully though.
The full log is available here: http://freetexthost.com/e53jnsslf1
What's causing this error?
Is this F29? If so, please retry with krb5-1.16.1-23.fc29. Otherwise, can you show KRB5_TRACE output, and `klist -ekt /etc/named.keytab`?
Thanks, --Robbie
I started setup from scratch. There are no issues observed as of now. I cannot reproduce the issue since the re-installation.
freeipa-users@lists.fedorahosted.org
-
74cmonty -
Robbie Harwood