Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

kdc server cannot log its events to a log file.

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
mystro2016
Posts: 12
Joined: 2016-06-03 08:25

kdc server cannot log its events to a log file.

#1 Post by mystro2016 »

Good Day All,

Please Help: kdc server cannot log its events to a log file.

I am getting this error everytime when the kdc server is restarted;
(krb5kdc[5739]: Couldn't open log file /var/log/krb5/kdc.log: Read-only file system)

The filesystem is not mounted in readonly mode as the log file suggests, Since I am able to add and removes files
and folders on the system. I have tried to change the location of the log file in question, but nothing works.
I even changed the folders and file writes to Read, Write Execute for all, but the error persists and the are no log
messages on the kdc.log file.
I have also try to search the net about this issue but the only results that I get are about file system issues that
have nothing to do with problem that I am facing. the other log file does get written into however (kadmin.log).

Here is some addtional infor about my system.

System Information

Debian: Jessie
Hostname: directoryserver
Domain: directory.net

Kerbos Server Installation / Configuration ;
apt-get install krb5-{user, kdc, admin-server}

I have attached the krb5.conf file for more details about the configuration.
krb5.conf.zip
Kerberos configuration file
(591 Bytes) Downloaded 275 times
I trying to get the server function an increamental fashion, but the log file does not allow me to troubleshoot,
other issues within the system. see extract from the daemon.log file;

Jun 28 08:14:16 Directory krb5kdc[5250]: Couldn't open log file /var/log/krb5/kdc.log: Read-only file system
Jun 28 09:10:11 Directory krb5kdc[5523]: Couldn't open log file /var/log/krb5/kdc.log: Read-only file system
Jun 28 09:28:40 Directory krb5kdc[5620]: Couldn't open log file /var/log/krb5/kdc.log: Read-only file system


Kind Regards
mystro2016

User avatar
kiyop
Posts: 3983
Joined: 2011-05-05 15:16
Location: Where persons without desire to improve themselves fear to tread, in Japan
Been thanked: 3 times

Re: kdc server cannot log its events to a log file.

#2 Post by kiyop »

When and how is the kdc server restarted?
At the initial stage of boot, the /(root) partition is mounted as read-only.
Execute the following and post the results

Code: Select all

cat /etc/fstab
ls -la /var/log/krb5
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/

mystro2016
Posts: 12
Joined: 2016-06-03 08:25

Re: kdc server cannot log its events to a log file.

#3 Post by mystro2016 »

Good day Kiyop

Please see the response below;

more /etc/fstab;

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/Directory--vg-root / ext4 errors=remount-ro 0
1
# /boot was on /dev/sda1 during installation
UUID=9e226a2e-4fea-4b36-967a-e072d6c444ee /boot ext2 defaults
0 2
/dev/mapper/Directory--vg-home /home ext4 defaults 0 2
/dev/mapper/Directory--vg-tmp /tmp ext4 defaults 0 2
/dev/mapper/Directory--vg-var /var ext4 defaults 0 2
/dev/mapper/Directory--vg-swap_1 none swap sw 0
0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0


ls -la /var/log/krb5

-rwxrwxrwx 1 root root 6440 Jun 28 18:51 kadmin.log
-rwxrwxrwx 1 root root 25 Jun 28 19:14 kdc.log

ls -lad /var/log/krb5
drwxrwxrwx 2 root root 4096 Jun 21 13:17 /var/log/krb5/


Pls note;
I have also restarted the krb5kdc service using this command "service krb5-kdc restart", It issues the same error.
There problem is not connected with the mounting of the filesystem because other services are able to log results to
thier respective directories. I have also run this command as a normal user "echo hello world >> /var/log/krb5/kdc.log"
and the string does get written to the file.


Warm Regards
Mystro

User avatar
kiyop
Posts: 3983
Joined: 2011-05-05 15:16
Location: Where persons without desire to improve themselves fear to tread, in Japan
Been thanked: 3 times

Re: kdc server cannot log its events to a log file.

#4 Post by kiyop »

mystro2016 wrote:/dev/mapper/Directory--vg-var /var ext4 defaults 0 2
/var is a separate partition from /(root) partition.
I wonder if it has filesystem error and mount as read-only or if it is full.
Execute

Code: Select all

mount | grep /var
df | grep /var
and post the results.
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/

mystro2016
Posts: 12
Joined: 2016-06-03 08:25

Re: kdc server cannot log its events to a log file.

#5 Post by mystro2016 »

Hi

mount | grep var ;
/dev/mapper/Directory--vg-var on /var type ext4 (rw, relatime,data=ordered)

df -h | grep var ;
/dev/mapper/Directory--vg-var 2.7G 1.1G 1.6G 41% /var

User avatar
kiyop
Posts: 3983
Joined: 2011-05-05 15:16
Location: Where persons without desire to improve themselves fear to tread, in Japan
Been thanked: 3 times

Re: kdc server cannot log its events to a log file.

#6 Post by kiyop »

Thanks for your reply. :)
/dev/mapper/Directory--vg-var is mounted as read-write mode.
/dev/mapper/Directory--vg-var is not full.

Then, I do not know how to solve your problem, partly because I am not familiar with kerberos.

"ls -la /var/log/krb5"
gave
mystro2016 wrote:-rwxrwxrwx 1 root root 25 Jun 28 19:14 kdc.log
Is it normal? Did you change the permission of /var/log/krb5/kdc.log?

Maybe due to a misconfiguration of kerberos.
Maybe a bug in kerberos (krb5). How about reporting the possible bug?
Openbox, JWM: Jessie, Sid, Arch / Win XP (on VirtualBox), 10
http://kiyoandkei.bbs.fc2.com/

skl
Posts: 1
Joined: 2016-08-23 11:06

Re: kdc server cannot log its events to a log file.

#7 Post by skl »

Hi,

I found this thread because I had the exact same problem. Just add your intended log directory to "ReadWriteDirectories" in "/lib/systemd/system/krb5-kdc.service" and the service will be able to write to the log file.

skl

mystro2016
Posts: 12
Joined: 2016-06-03 08:25

Re: kdc server cannot log its events to a log file.

#8 Post by mystro2016 »

Good day Skl

I tried what you suggested and the service is now able to write to the log file.

Thanks man, much appreciated.

warm regards
mystro

Frank Thynne
Posts: 1
Joined: 2017-11-03 14:52

Re: kdc server cannot log its events to a log file.

#9 Post by Frank Thynne »

Yes, thanks too.
That solved my problem and I can start to debug my problem now!
A possible alternative approach would be to choose one of the existing writeable directories in /lib/systemd/system/krb5-kdc.service, although /var/log seems to be an obvious choice to add to its list, and to /lib/systemd/system/krb5-admin-server.service, too.

Post Reply