On Mon, Dec 19, 2011 at 11:03, Rich Megginson <rmegg...@redhat.com> wrote: > On 12/19/2011 09:01 AM, Dan Scott wrote: >> >> On Thu, Dec 15, 2011 at 11:51, Rich Megginson<rmegg...@redhat.com> wrote: >>> >>> On 12/15/2011 09:48 AM, Dan Scott wrote: >>>> >>>> Hi, >>>> >>>> On Thu, Dec 15, 2011 at 10:58, Rich Megginson<rmegg...@redhat.com> >>>> wrote: >>>>> >>>>> On 12/15/2011 08:41 AM, Dan Scott wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> On my Fedora 15 FreeIPA server, I'm having some problems with >>>>>> stability. The server appears to 'hang' and stops responding to LDAP >>>>>> lookups. When I restart the dirsrv service, I get: >>>>>> >>>>>> Dec 15 09:40:02 ohm kernel: [254566.011404] ns-slapd[28910]: segfault >>>>>> at 17d ip 00007f00dbc0208c sp 00007fff929b7848 error 4 in >>>>>> libc-2.14.so[7f00dbb87000+18f000] >>>>>> >>>>>> and the /var/log/dirsrv/slapd-EXAMPLE-COM/errors contains >>>>>> >>>>>> [15/Dec/2011:09:47:35 -0500] set_krb5_creds - Could not get initial >>>>>> credentials for principal [ldap/example....@example.com] in keytab >>>>>> [WRFILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC >>>>>> for requested realm) >>>>>> [15/Dec/2011:09:47:35 -0500] slapd_ldap_sasl_interactive_bind - Error: >>>>>> could not perform interactive bind for id [] mech [GSSAPI]: error -2 >>>>>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified >>>>>> GSS failure. Minor code may provide more information (Credentials >>>>>> cache file '/tmp/krb5cc_496' not found)) >>>>>> >>>>>> This is happening very frequently, I'm having to restart the dirsrv >>>>>> process once an hour, otherwise people start complaining. >>>>>> >>>>>> I experienced similar problems with FreeIPA 1, when I was using Fedora >>>>>> 14 and earlier, and had to regularly (also once per hour) restart the >>>>>> dirsrv process. Could this be related? >>>>>> >>>>>> I also noticed this: >>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=730387 >>>>>> >>>>>> There are updates in 'updates-testing' which I believe fix the above >>>>>> issue, but I'm reluctant to install from a testing repo on my >>>>>> production server, can anyone report any feedback on this? >>>>> >>>>> The above bug does not cause a segfault. >>>>> What version of 389-ds-base are you using? >>>> >>>> [root@ohm ~]# rpm -qa|grep 389 >>>> 389-ds-base-libs-1.2.10-0.4.a4.fc15.x86_64 >>>> 389-ds-base-1.2.10-0.4.a4.fc15.x86_64 >>>> [root@ohm ~]# >>> >>> a4 is alpha software. Not sure how that got released to stable. >>> >>>>> Please enable the collection of core dumps so we can debug the crash - >>>>> see >>>>> http://directory.fedoraproject.org/wiki/FAQ#Debugging_Crashes >>>> >>>> OK. I think there is a small typo in the instructions: >>>> >>>> 'debuginfo-install 389-ds-base-debuginfo' should be 'debuginfo-install >>>> 389-ds-base' >>> >>> Thanks. Fixed. >>> >>>> I managed to get the core dump (attached - so I only sent this message >>>> to you, not the list as well), but it doesn't contain much >>>> information. >>> >>> This is https://bugzilla.redhat.com/show_bug.cgi?id=755725 >>> >>> Will be fixed in 1.2.10.a6 >>> >>> But this still doesn't explain your kerberos errors. >> >> An additional problem is also occurring. I've been finding that the: >> >> /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif >> >> file is empty and prevents dirsrv from starting. I can restore it from >> dse.ldif.bak or dse.ldif.startOK, but this may be related to the LDAP >> problems that I'm having? > > I don't know. What is the sequence of operations that causes dse.ldif to > become empty?
Can I find this in the logs? The dirsrv process is crashing regularly, so I have to regularly restart it. Occasionally (seemingly randomly) it fails to restart because the dse.ldif file is empty. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
