IPA: named-pkcs11 service failing to start due to GSSAPI error when connecting to ldap
Issue
- IPA:
named-pkcs11service failing to start due to GSSAPI error when connecting to ldap. - named-pkcs11 service is failing with below error.
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: option 'serial_autoincrement' is not supported, ignoring
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: LDAP error: Invalid credentials: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context: bind to LDAP server failed
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: couldn't establish connection in LDAP connection pool: permission denied
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: dynamic database 'ipa' configuration failed: permission denied
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: loading configuration: permission denied
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: exiting (due to fatal error)
Oct 18 17:50:23 ipaserver systemd: named-pkcs11.service: control process exited, code=exited status=1
Oct 18 17:50:23 ipaserver systemd: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.
Oct 18 17:50:23 ipaserver systemd: Unit named-pkcs11.service entered failed state.
Oct 18 17:50:23 ipaserver systemd: named-pkcs11.service failed.
Environment
- Red Hat Enterprise Linux 7
- IPA 4.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.