IPA: named-pkcs11 service failing to start due to GSSAPI error when connecting to ldap

Solution Verified - Updated -

Issue

  • IPA: named-pkcs11 service failing to start due to GSSAPI error when connecting to ldap.
  • named-pkcs11 service is failing with below error.
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: option 'serial_autoincrement' is not supported, ignoring
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: LDAP error: Invalid credentials: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context: bind to LDAP server failed
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: couldn't establish connection in LDAP connection pool: permission denied
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: dynamic database 'ipa' configuration failed: permission denied
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: loading configuration: permission denied
Oct 18 17:50:23 ipaserver named-pkcs11[23921]: exiting (due to fatal error)
Oct 18 17:50:23 ipaserver systemd: named-pkcs11.service: control process exited, code=exited status=1
Oct 18 17:50:23 ipaserver systemd: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.
Oct 18 17:50:23 ipaserver systemd: Unit named-pkcs11.service entered failed state.
Oct 18 17:50:23 ipaserver systemd: named-pkcs11.service failed.

Environment

  • Red Hat Enterprise Linux 7
  • IPA 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content