On 12/19/2011 09:13 AM, Dan Scott wrote:
On Mon, Dec 19, 2011 at 11:03, Rich Megginson<rmegg...@redhat.com>  wrote:
On 12/19/2011 09:01 AM, Dan Scott wrote:
On Thu, Dec 15, 2011 at 11:51, Rich Megginson<rmegg...@redhat.com>    wrote:
On 12/15/2011 09:48 AM, Dan Scott wrote:
Hi,

On Thu, Dec 15, 2011 at 10:58, Rich Megginson<rmegg...@redhat.com>
  wrote:
On 12/15/2011 08:41 AM, Dan Scott wrote:
Hi,

On my Fedora 15 FreeIPA server, I'm having some problems with
stability. The server appears to 'hang' and stops responding to LDAP
lookups. When I restart the dirsrv service, I get:

Dec 15 09:40:02 ohm kernel: [254566.011404] ns-slapd[28910]: segfault
at 17d ip 00007f00dbc0208c sp 00007fff929b7848 error 4 in
libc-2.14.so[7f00dbb87000+18f000]

and the /var/log/dirsrv/slapd-EXAMPLE-COM/errors contains

[15/Dec/2011:09:47:35 -0500] set_krb5_creds - Could not get initial
credentials for principal [ldap/example....@example.com] in keytab
[WRFILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC
for requested realm)
[15/Dec/2011:09:47:35 -0500] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: error -2
(Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure.  Minor code may provide more information (Credentials
cache file '/tmp/krb5cc_496' not found))

This is happening very frequently, I'm having to restart the dirsrv
process once an hour, otherwise people start complaining.

I experienced similar problems with FreeIPA 1, when I was using Fedora
14 and earlier, and had to regularly (also once per hour) restart the
dirsrv process. Could this be related?

I also noticed this:
https://bugzilla.redhat.com/show_bug.cgi?id=730387

There are updates in 'updates-testing' which I believe fix the above
issue, but I'm reluctant to install from a testing repo on my
production server, can anyone report any feedback on this?
The above bug does not cause a segfault.
What version of 389-ds-base are you using?
[root@ohm ~]# rpm -qa|grep 389
389-ds-base-libs-1.2.10-0.4.a4.fc15.x86_64
389-ds-base-1.2.10-0.4.a4.fc15.x86_64
[root@ohm ~]#
a4 is alpha software.  Not sure how that got released to stable.

Please enable the collection of core dumps so we can debug the crash -
see
http://directory.fedoraproject.org/wiki/FAQ#Debugging_Crashes
OK. I think there is a small typo in the instructions:

'debuginfo-install 389-ds-base-debuginfo' should be 'debuginfo-install
389-ds-base'
Thanks.  Fixed.

I managed to get the core dump (attached - so I only sent this message
to you, not the list as well), but it doesn't contain much
information.
This is https://bugzilla.redhat.com/show_bug.cgi?id=755725

Will be fixed in 1.2.10.a6

But this still doesn't explain your kerberos errors.
An additional problem is also occurring. I've been finding that the:

/etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif

file is empty and prevents dirsrv from starting. I can restore it from
dse.ldif.bak or dse.ldif.startOK, but this may be related to the LDAP
problems that I'm having?
I don't know.  What is the sequence of operations that causes dse.ldif to
become empty?
Can I find this in the logs? The dirsrv process is crashing regularly,
so I have to regularly restart it. Occasionally (seemingly randomly)
it fails to restart because the dse.ldif file is empty.
Let me push out the crash fix build to testing and see if that helps.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to