美文网首页
KDC数据库数据备份与恢复

KDC数据库数据备份与恢复

作者: shaopi0211 | 来源:发表于2018-01-03 20:41 被阅读0次

    离线迁移或备份/恢复kdc数据库,建议采用搭建主备kdc在线迁移。

    导出kdc数据库备份文件
    $ sudo kdb5_util dump -verbose /home/dengsc/kdc/bakfile
$ ls -l /home/dengsc/kdc/
total 64
-rw------- 1 root   root  55991 Sep 19 10:30 bakfile
-rw------- 1 root   root      1 Sep 19 10:30 bakfile.dump_ok
    同步kdc.conf,krb5.conf,kadm5.acl,bakfile文件至恢复主机
    $ scp kdc.conf kadm5.acl test01:/var/kerberos/krb5kdc/
$ scp krb5.con test01:/etc/
$ scp bakfile test01:~/
    在恢复主机初始化数据库,领域名与先前一致
    $ sudo kdb5_util create -r HADOOP.COM -s
    导入备份数据
    $ sudo kdb5_util load -verbose ~/bakfile
    登录kadmin.local查看数据是否恢复
    $ sudo kadmin.local 
kadmin.local:  listprincs
    修改krb.conf中的kdc,admin_server host为本地主机
    $ sudo vi /etc/krb5.conf
[realms]
HADOOP.COM = {
kdc = test01
admin_server = test01
}
    调试模式执行kinit认证(失败)
    # 认证
$ kinit -kt dengsc.keytab dengsc
kinit: Generic error (see e-text) while getting initial credentials

# debug信息
$ KRB5_TRACE=/dev/stderr kinit -C admin/admin@HADOOP.COM
[158565] 1505798208.611471: Getting initial credentials for admin/admin@HADOOP.COM
[158565] 1505798208.611939: Sending request (174 bytes) to HADOOP.COM
[158565] 1505798208.612140: Resolving hostname nfjd-hadoop02-node177.jpushoa.com
[158565] 1505798208.612715: Initiating TCP connection to stream 192.168.254.226:88
[158565] 1505798208.612817: Sending TCP request to stream 192.168.254.226:88
[158565] 1505798208.613136: Received answer (175 bytes) from stream 192.168.254.226:88
[158565] 1505798208.613156: Terminating TCP connection to stream 192.168.254.226:88
[158565] 1505798208.613217: Response was not from master KDC
[158565] 1505798208.613268: Received error from KDC: -1765328324/Generic error (see e-text)
[158565] 1505798208.613310: Retrying AS request with master KDC
[158565] 1505798208.613328: Getting initial credentials for admin/admin@HADOOP.COM
[158565] 1505798208.613391: Sending request (174 bytes) to HADOOP.COM (master)
kinit: Generic error (see e-text) while getting initial credentials

    关于报错社区回答:https://bugzilla.redhat.com/show_bug.cgi?id=1184628

    redhat版本bug:"Principal canonicalization does not work for principals in IPA realm"

    安装ipa-server
    $ sudo yum install ipa-server
$ rpm -qa | grep ipa-server
ipa-server-4.5.0-21.el7.centos.1.2.x86_64
ipa-server-common-4.5.0-21.el7.centos.1.2.noarch
    再次执行认证(通过)
    $ kinit admin/admin
Password for admin/admin@HADOOP.COM: 
$ klist
Ticket cache: FILE:/tmp/krb5cc_2190
Default principal: admin/admin@HADOOP.COM

Valid starting       Expires              Service principal
09/19/2017 13:21:11  09/20/2017 13:21:11  krbtgt/HADOOP.COM@HADOOP.COM
    renew until 09/26/2017 13:21:11
$ kdestroy

    相关文章

      网友评论

          本文标题:KDC数据库数据备份与恢复

          本文链接:https://www.haomeiwen.com/subject/cduknxtx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|KDC数据库数据备份与恢复|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!