When I attach gdb to the process, I have tried the main process and the four child processes, it provides no output. Here are the steps I'm taking:
1. On freeipa-server run htop and find the pid (or ps aux) * Shows one parent PID and four child processes * 934 root 20 0 46784 2656 388 S 0.0 0.1 0:00.00 `- /usr/sbin/krb5kdc -P /var/run/krb5kdc.pid -w 4 * 1939 root 20 0 78664 4460 2056 S 0.0 0.1 0:00.26 | `- /usr/sbin/krb5kdc -P /var/run/krb5kdc.pid -w 4 * 1938 root 20 0 78664 4460 2056 S 0.0 0.1 0:00.26 | `- /usr/sbin/krb5kdc -P /var/run/krb5kdc.pid -w 4 * 1936 root 20 0 78664 4460 2056 S 0.0 0.1 0:00.26 | `- /usr/sbin/krb5kdc -P /var/run/krb5kdc.pid -w 4 * 1935 root 20 0 78664 4212 1808 S 0.0 0.1 0:00.26 | `- /usr/sbin/krb5kdc -P /var/run/krb5kdc.pid -w 4 * run sudo gdb * attach 934 * press "c" * Wait for output… 2. Attempt to login with user that has an expired password. 3. Now the krb5kdc process 934 starts running at 100% and the user is unable to login. 4. Only way to get the process back to normal is to type "service ipa restart" I've never debugged a program before so if I'm missing a step please let me know. -Martin On Sep 8, 2011, at 1:24 PM, Simo Sorce wrote: Also any chance you can attach gdb to the krb5kdc process and take a backtrace ? Hopefully we will find out where it is hanging. Simo. On Thu, 2011-09-08 at 14:04 -0400, Simo Sorce wrote: Is the ns-slapd instance for the ipa domain running when this happens ? Simo. On Thu, 2011-09-08 at 17:56 +0000, Smith, Martin R. [smma0...@stcloudstate.edu<mailto:smma0...@stcloudstate.edu>] wrote: Update: It appears to lockup immediately after a user with an expired password attempts to login. This happens when a user attempts to login at the freeipa-server itself or one of the clients. From: freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Smith, Martin R. [smma0...@stcloudstate.edu<mailto:smma0...@stcloudstate.edu>] Sent: Thursday, September 08, 2011 12:49 PM To: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com> Subject: [Freeipa-users] krb5kdc process at 100% Hello all, I’m running a fairly new install of Freeipa-server and we are running into a problem that is preventing users from logging in. We have two SSH servers that authenticate to our freeipa-server and after 15 min to 4 hrs of runtime the process Krb5kdc will consume 100% of the processor and the freeipa-server will no longer respond to ldap requests from the other machines. Here are some specs: The freeipa-server is running as a virtual machine on a Xen 5.6 box Fedora 15 with all current updates The /home directory is a NFS mount to a different server, also running freeipa-client I updated the freeipa-server package to the “testing” repo today, the problem still exists. The only additional components I’ve installed are fail2ban, and rsyslog. Some of the error messages include: (krb5kdc.log) Sep 08 12:10:23 client1.fake.com<http://client1.fake.com> krb5kdc[1867](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 199.17.59.5: NEEDED_PREAUTH: host/client1.fake....@fake.com<mailto:host/client1.fake....@fake.com> for krbtgt/fake....@fake.com<mailto:krbtgt/fake....@fake.com>, Additional pre-authentication required (pki-ca-system-log) Attached. This log is from the freeipa-server, it appears to be complaining that it can’t connect to itself. I can provide more logs to a personal email if needed. Thanks for your help in resolving this issue. -Martin Smith _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com> https://www.redhat.com/mailman/listinfo/freeipa-users -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com> https://www.redhat.com/mailman/listinfo/freeipa-users -- Simo Sorce * Red Hat, Inc * New York
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users