On Thu, Dec 15, 2011 at 11:51, Rich Megginson <rmegg...@redhat.com> wrote:
> On 12/15/2011 09:48 AM, Dan Scott wrote:
>> On Thu, Dec 15, 2011 at 10:58, Rich Megginson<rmegg...@redhat.com> wrote:
>>> On 12/15/2011 08:41 AM, Dan Scott wrote:
>>>> On my Fedora 15 FreeIPA server, I'm having some problems with
>>>> stability. The server appears to 'hang' and stops responding to LDAP
>>>> lookups. When I restart the dirsrv service, I get:
>>>> Dec 15 09:40:02 ohm kernel: [254566.011404] ns-slapd: segfault
>>>> at 17d ip 00007f00dbc0208c sp 00007fff929b7848 error 4 in
>>>> and the /var/log/dirsrv/slapd-EXAMPLE-COM/errors contains
>>>> [15/Dec/2011:09:47:35 -0500] set_krb5_creds - Could not get initial
>>>> credentials for principal [ldap/example....@example.com] in keytab
>>>> [WRFILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC
>>>> for requested realm)
>>>> [15/Dec/2011:09:47:35 -0500] slapd_ldap_sasl_interactive_bind - Error:
>>>> could not perform interactive bind for id  mech [GSSAPI]: error -2
>>>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
>>>> GSS failure. Minor code may provide more information (Credentials
>>>> cache file '/tmp/krb5cc_496' not found))
>>>> This is happening very frequently, I'm having to restart the dirsrv
>>>> process once an hour, otherwise people start complaining.
>>>> I experienced similar problems with FreeIPA 1, when I was using Fedora
>>>> 14 and earlier, and had to regularly (also once per hour) restart the
>>>> dirsrv process. Could this be related?
>>>> I also noticed this:
>>>> There are updates in 'updates-testing' which I believe fix the above
>>>> issue, but I'm reluctant to install from a testing repo on my
>>>> production server, can anyone report any feedback on this?
>>> The above bug does not cause a segfault.
>>> What version of 389-ds-base are you using?
>> [root@ohm ~]# rpm -qa|grep 389
>> [root@ohm ~]#
> a4 is alpha software. Not sure how that got released to stable.
>>> Please enable the collection of core dumps so we can debug the crash -
>> OK. I think there is a small typo in the instructions:
>> 'debuginfo-install 389-ds-base-debuginfo' should be 'debuginfo-install
> Thanks. Fixed.
>> I managed to get the core dump (attached - so I only sent this message
>> to you, not the list as well), but it doesn't contain much
> This is https://bugzilla.redhat.com/show_bug.cgi?id=755725
> Will be fixed in 1.2.10.a6
> But this still doesn't explain your kerberos errors.
An additional problem is also occurring. I've been finding that the:
file is empty and prevents dirsrv from starting. I can restore it from
dse.ldif.bak or dse.ldif.startOK, but this may be related to the LDAP
problems that I'm having?
Freeipa-users mailing list