kdc server cannot log its events to a log file.

Kernels & Hardware, configuring network, installing services

kdc server cannot log its events to a log file.

Postby mystro2016 » 2016-07-01 01:51

Good Day All,

Please Help: kdc server cannot log its events to a log file.

I am getting this error everytime when the kdc server is restarted;
(krb5kdc[5739]: Couldn't open log file /var/log/krb5/kdc.log: Read-only file system)

The filesystem is not mounted in readonly mode as the log file suggests, Since I am able to add and removes files
and folders on the system. I have tried to change the location of the log file in question, but nothing works.
I even changed the folders and file writes to Read, Write Execute for all, but the error persists and the are no log
messages on the kdc.log file.
I have also try to search the net about this issue but the only results that I get are about file system issues that
have nothing to do with problem that I am facing. the other log file does get written into however (kadmin.log).

Here is some addtional infor about my system.

System Information

Debian: Jessie
Hostname: directoryserver
Domain: directory.net

Kerbos Server Installation / Configuration ;
apt-get install krb5-{user, kdc, admin-server}

I have attached the krb5.conf file for more details about the configuration.
krb5.conf.zip
Kerberos configuration file
(591 Bytes) Downloaded 35 times


I trying to get the server function an increamental fashion, but the log file does not allow me to troubleshoot,
other issues within the system. see extract from the daemon.log file;

Jun 28 08:14:16 Directory krb5kdc[5250]: Couldn't open log file /var/log/krb5/kdc.log: Read-only file system
Jun 28 09:10:11 Directory krb5kdc[5523]: Couldn't open log file /var/log/krb5/kdc.log: Read-only file system
Jun 28 09:28:40 Directory krb5kdc[5620]: Couldn't open log file /var/log/krb5/kdc.log: Read-only file system


Kind Regards
mystro2016
mystro2016
 
Posts: 12
Joined: 2016-06-03 08:25

Re: kdc server cannot log its events to a log file.

Postby kiyop » 2016-07-02 23:47

When and how is the kdc server restarted?
At the initial stage of boot, the /(root) partition is mounted as read-only.
Execute the following and post the results
Code: Select all
cat /etc/fstab
ls -la /var/log/krb5
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/
User avatar
kiyop
 
Posts: 3984
Joined: 2011-05-05 15:16
Location: Where persons without desire to improve themselves fear to tread, in Japan

Re: kdc server cannot log its events to a log file.

Postby mystro2016 » 2016-07-04 03:09

Good day Kiyop

Please see the response below;

more /etc/fstab;

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/Directory--vg-root / ext4 errors=remount-ro 0
1
# /boot was on /dev/sda1 during installation
UUID=9e226a2e-4fea-4b36-967a-e072d6c444ee /boot ext2 defaults
0 2
/dev/mapper/Directory--vg-home /home ext4 defaults 0 2
/dev/mapper/Directory--vg-tmp /tmp ext4 defaults 0 2
/dev/mapper/Directory--vg-var /var ext4 defaults 0 2
/dev/mapper/Directory--vg-swap_1 none swap sw 0
0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0


ls -la /var/log/krb5

-rwxrwxrwx 1 root root 6440 Jun 28 18:51 kadmin.log
-rwxrwxrwx 1 root root 25 Jun 28 19:14 kdc.log

ls -lad /var/log/krb5
drwxrwxrwx 2 root root 4096 Jun 21 13:17 /var/log/krb5/


Pls note;
I have also restarted the krb5kdc service using this command "service krb5-kdc restart", It issues the same error.
There problem is not connected with the mounting of the filesystem because other services are able to log results to
thier respective directories. I have also run this command as a normal user "echo hello world >> /var/log/krb5/kdc.log"
and the string does get written to the file.


Warm Regards
Mystro
mystro2016
 
Posts: 12
Joined: 2016-06-03 08:25

Re: kdc server cannot log its events to a log file.

Postby kiyop » 2016-07-04 12:31

mystro2016 wrote:/dev/mapper/Directory--vg-var /var ext4 defaults 0 2

/var is a separate partition from /(root) partition.
I wonder if it has filesystem error and mount as read-only or if it is full.
Execute
Code: Select all
mount | grep /var
df | grep /var

and post the results.
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/
User avatar
kiyop
 
Posts: 3984
Joined: 2011-05-05 15:16
Location: Where persons without desire to improve themselves fear to tread, in Japan

Re: kdc server cannot log its events to a log file.

Postby mystro2016 » 2016-07-04 18:36

Hi

mount | grep var ;
/dev/mapper/Directory--vg-var on /var type ext4 (rw, relatime,data=ordered)

df -h | grep var ;
/dev/mapper/Directory--vg-var 2.7G 1.1G 1.6G 41% /var
mystro2016
 
Posts: 12
Joined: 2016-06-03 08:25

Re: kdc server cannot log its events to a log file.

Postby kiyop » 2016-07-05 13:08

Thanks for your reply. :)
/dev/mapper/Directory--vg-var is mounted as read-write mode.
/dev/mapper/Directory--vg-var is not full.

Then, I do not know how to solve your problem, partly because I am not familiar with kerberos.

"ls -la /var/log/krb5"
gave
mystro2016 wrote:-rwxrwxrwx 1 root root 25 Jun 28 19:14 kdc.log

Is it normal? Did you change the permission of /var/log/krb5/kdc.log?

Maybe due to a misconfiguration of kerberos.
Maybe a bug in kerberos (krb5). How about reporting the possible bug?
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/
User avatar
kiyop
 
Posts: 3984
Joined: 2011-05-05 15:16
Location: Where persons without desire to improve themselves fear to tread, in Japan

Re: kdc server cannot log its events to a log file.

Postby skl » 2016-08-23 11:13

Hi,

I found this thread because I had the exact same problem. Just add your intended log directory to "ReadWriteDirectories" in "/lib/systemd/system/krb5-kdc.service" and the service will be able to write to the log file.

skl
skl
 
Posts: 1
Joined: 2016-08-23 11:06

Re: kdc server cannot log its events to a log file.

Postby mystro2016 » 2016-10-06 00:09

Good day Skl

I tried what you suggested and the service is now able to write to the log file.

Thanks man, much appreciated.

warm regards
mystro
mystro2016
 
Posts: 12
Joined: 2016-06-03 08:25

Re: kdc server cannot log its events to a log file.

Postby Frank Thynne » 2017-11-03 15:34

Yes, thanks too.
That solved my problem and I can start to debug my problem now!
A possible alternative approach would be to choose one of the existing writeable directories in /lib/systemd/system/krb5-kdc.service, although /var/log seems to be an obvious choice to add to its list, and to /lib/systemd/system/krb5-admin-server.service, too.
Frank Thynne
 
Posts: 1
Joined: 2017-11-03 14:52


Return to System configuration

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable