安装 freeipa 后未设置 kerberos

kerberos not setup after freeipa installation

我在centos 7上安装了freeipa。但是,当我运行 kinit admin时,我得到以下错误:

kinit: Cannot contact any KDC for realm 'IPA.TESTDOMAIN.COM' while getting initial credentials

当我尝试获取 kadmin 服务状态时:

systemctl status kadmin.service
● kadmin.service - Kerberos 5 Password-changing and Administration
   Loaded: loaded (/usr/lib/systemd/system/kadmin.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sat 2018-05-26 19:54:54 UTC; 11s ago
  Process: 21040 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=1/FAILURE)
 Main PID: 7777 (code=exited, status=2)

May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service: main process exited, code=exited, status=2/INVALIDARGUMENT
May 26 19:54:54 ipa.testdomain.com systemd[1]: Unit kadmin.service entered failed state.
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service failed.
May 26 19:54:54 ipa.testdomain.com systemd[1]: Starting Kerberos 5 Password-changing and Administration...
May 26 19:54:54 ipa.testdomain.com _kadmind[21040]: kadmind: kadmind: Cannot open DB2 database '/var/kerberos/krb5kdc/principal': No...orting
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service: control process exited, code=exited status=1
May 26 19:54:54 ipa.testdomain.com systemd[1]: Failed to start Kerberos 5 Password-changing and Administration.
May 26 19:54:54 ipa.testdomain.com systemd[1]: Unit kadmin.service entered failed state.
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

关于如何进一步解决此问题的任何想法?

krb5kdc 服务应该已启动并且 运行。要启动所有 FreeIPA 服务(以正确的顺序),您应该尝试使用 ipactl restart。如果无法重新启动服务,您可能必须手动终止 krb5kdc 进程。

问题是由于在安装脚本中使用了错误的域名引起的。 运行 具有正确信息的安装允许我在 centos 上 运行 freeipa(我也在 ubuntu 上尝试过,但它从未在 ubuntu 上运行)。