0

我在 centos 7 上安装了 freeipa。但是,当我运行 kinit admin 时,出现以下错误:

kinit: Cannot contact any KDC for realm 'IPA.TESTDOMAIN.COM' while getting initial credentials

当我尝试获取 kadmin 服务状态时:

systemctl status kadmin.service
● kadmin.service - Kerberos 5 Password-changing and Administration
   Loaded: loaded (/usr/lib/systemd/system/kadmin.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sat 2018-05-26 19:54:54 UTC; 11s ago
  Process: 21040 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=1/FAILURE)
 Main PID: 7777 (code=exited, status=2)

May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service: main process exited, code=exited, status=2/INVALIDARGUMENT
May 26 19:54:54 ipa.testdomain.com systemd[1]: Unit kadmin.service entered failed state.
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service failed.
May 26 19:54:54 ipa.testdomain.com systemd[1]: Starting Kerberos 5 Password-changing and Administration...
May 26 19:54:54 ipa.testdomain.com _kadmind[21040]: kadmind: kadmind: Cannot open DB2 database '/var/kerberos/krb5kdc/principal': No...orting
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service: control process exited, code=exited status=1
May 26 19:54:54 ipa.testdomain.com systemd[1]: Failed to start Kerberos 5 Password-changing and Administration.
May 26 19:54:54 ipa.testdomain.com systemd[1]: Unit kadmin.service entered failed state.
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

关于如何进一步解决此问题的任何想法?

4

2 回答 2

1

krb5kdc 服务应该已启动并正在运行。要启动所有 FreeIPA 服务(以正确的顺序),您应该尝试使用ipactl restart. 如果您无法重新启动服务,您可能必须手动终止 krb5kdc 进程。

于 2018-05-28T09:31:40.817 回答
0

该问题是由于在安装脚本中使用了错误的域名引起的。使用正确的信息运行安装允许我在 centos 上运行 freeipa(我也在 ubuntu 上尝试过,但它从未在 ubuntu 上运行过)。

于 2018-07-15T20:25:29.393 回答