1

I tried installing freeipa on ubuntu v16 (cloud server) using the following:

  1. modified /etc/host to use the private IP address of the virtual machine and the corresponding host (the A name has propagated)

  2. ran the freeipa-server installation:

    sudo apt-get intall freeipa-server

I added the host information etc. in the responses. After the installation, I ran the following:

kinit admin

However, I get the following error:

 Cannot contact any KDC for realm 'CORRECT.HOST.COM' while getting initial credentials

I checked the realm setup in /etc/krb5.conf file and I can see the host specified there:

default_realm = CORRECT.HOST.COM

[realms]
    CORRECT.HOST.COM = {
        kdc = CORRECT.HOST.COM:88
        admin_server = CORRECT.HOST.COM
    }

I tried modifying the host name to lowercase (as well as the port number). However, the kinit command does not work.

KRB5_TRACE=/dev/stdout kinit admin
[30263] 1524933806.532808: Getting initial credentials for admin@CORRECT.HOST.COM
[30263] 1524933806.536715: Sending request (185 bytes) to CORRECT.HOST.COM
[30263] 1524933806.537110: Resolving hostname correct.host.com
[30263] 1524933806.537618: Sending initial UDP request to dgram 10.132.61.210:88
[30263] 1524933806.537806: Initiating TCP connection to stream 10.132.61.210:88
[30263] 1524933806.537942: Terminating TCP connection to stream 10.132.61.210:88
kinit: Cannot contact any KDC for realm 'CORRECT.HOST.COM' while getting initial credentials

Any thoughts on how to troubleshoot this further (preferably installing on an ubuntu v16 server and not fedora)

ali haider
  • 1,120
  • 3
  • 15
  • 26
  • Is that the correct IP address? Did you actually start the FreeIPA server? What is its status? And why on earth do you want to use Ubuntu for this?! – Michael Hampton Apr 28 '18 at 20:54
  • hi Michael - I realize it would be more convenient to run on fedora/red hat but all the other servers we're using are running ubuntu and I wanted to have the same infrastructure in place (instead of relying on different tools for just this VM) - if not possible, I'll go with fedora. I cannot run kinit correctly (connection to KDC is not established) - I am running this command right after ipa-server install command. The hostname/A name is correct and is set via an external DNS provider. – ali haider Apr 28 '18 at 23:01
  • I tried starting via systemctl but got the error ( Active: failed (Result: exit-code) since Sat 2018-04-28 22:59:19 UTC; 14s ago Process: 1414 ExecStart=/usr/sbin/ipactl start (code=exited, status=1/FAILURE) ) – ali haider Apr 28 '18 at 23:01
  • I tried using both the private and public ip addresses in the /etc/hosts file but without success – ali haider Apr 28 '18 at 23:03
  • FreeIPA is developed on, and runs best on, Fedora and RHEL/CentOS. It's also well documented for these platforms. I've heard other unrelated complaints about the Debian/Ubuntu FreeIPA ports, and I always recommend running it on one of the above distros. – Michael Hampton Apr 28 '18 at 23:04
  • What messages are logged in the journal or in FreeIPA's logs when you tried to start it? – Michael Hampton Apr 28 '18 at 23:04
  • for kerberos: systemctl start krb5kdc Failed to start krb5kdc.service: Unit krb5kdc.service not found. – ali haider Apr 28 '18 at 23:28
  • i only see server and client install logs for ipa in /var/log – ali haider Apr 28 '18 at 23:28
  • Is it already solved? – kokbira Dec 28 '18 at 12:58
  • i ended up using fedora - the installation worked out of the box on that OS but never on ubuntu correctly without issues – ali haider Dec 28 '18 at 13:14

0 Answers0