我在 centos 7 上安装了 freeipa。 但是,当我运行kinit admin时,出现以下错误:
kinit: Cannot contact any KDC for realm 'IPA.TESTDOMAIN.COM' while getting initial credentials
当我尝试获取 kadmin 服务状态时:
systemctl status kadmin.service
● kadmin.service - Kerberos 5 Password-changing and Administration
Loaded: loaded (/usr/lib/systemd/system/kadmin.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2018-05-26 19:54:54 UTC; 11s ago
Process: 21040 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=1/FAILURE)
Main PID: 7777 (code=exited, status=2)
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service: main process exited, code=exited, status=2/INVALIDARGUMENT
May 26 19:54:54 ipa.testdomain.com systemd[1]: Unit kadmin.service entered failed state.
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service failed.
May 26 19:54:54 ipa.testdomain.com systemd[1]: Starting Kerberos 5 Password-changing and Administration...
May 26 19:54:54 ipa.testdomain.com _kadmind[21040]: kadmind: kadmind: Cannot open DB2 database '/var/kerberos/krb5kdc/principal': No...orting
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service: control process exited, code=exited status=1
May 26 19:54:54 ipa.testdomain.com systemd[1]: Failed to start Kerberos 5 Password-changing and Administration.
May 26 19:54:54 ipa.testdomain.com systemd[1]: Unit kadmin.service entered failed state.
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
关于如何进一步解决此问题的任何想法?
krb5kdc 服务应该已启动并运行。要启动所有 FreeIPA 服务(以正确的顺序(,您应该尝试使用ipactl restart.如果无法重新启动服务,则可能必须手动终止 krb5kdc 进程。
此问题是由于在安装脚本中使用了错误的域名而导致的。 使用正确的信息运行安装允许我在 centos 上运行 freeipa(我也尝试过在 ubuntu 上,但它从未在 ubuntu 上运行过(。