On Mon, 2011-12-19 at 11:01 -0500, Dan Scott wrote:
> On Thu, Dec 15, 2011 at 11:51, Rich Megginson <rmegg...@redhat.com> wrote:
> > On 12/15/2011 09:48 AM, Dan Scott wrote:
> >>
> >> Hi,
> >>
> >> On Thu, Dec 15, 2011 at 10:58, Rich Megginson<rmegg...@redhat.com>  wrote:
> >>>
> >>> On 12/15/2011 08:41 AM, Dan Scott wrote:
> >>>>
> >>>> Hi,
> >>>>
> >>>> On my Fedora 15 FreeIPA server, I'm having some problems with
> >>>> stability. The server appears to 'hang' and stops responding to LDAP
> >>>> lookups. When I restart the dirsrv service, I get:
> >>>>
> >>>> Dec 15 09:40:02 ohm kernel: [254566.011404] ns-slapd[28910]: segfault
> >>>> at 17d ip 00007f00dbc0208c sp 00007fff929b7848 error 4 in
> >>>> libc-2.14.so[7f00dbb87000+18f000]
> >>>>
> >>>> and the /var/log/dirsrv/slapd-EXAMPLE-COM/errors contains
> >>>>
> >>>> [15/Dec/2011:09:47:35 -0500] set_krb5_creds - Could not get initial
> >>>> credentials for principal [ldap/example....@example.com] in keytab
> >>>> [WRFILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC
> >>>> for requested realm)
> >>>> [15/Dec/2011:09:47:35 -0500] slapd_ldap_sasl_interactive_bind - Error:
> >>>> could not perform interactive bind for id [] mech [GSSAPI]: error -2
> >>>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> >>>> GSS failure.  Minor code may provide more information (Credentials
> >>>> cache file '/tmp/krb5cc_496' not found))
> >>>>
> >>>> This is happening very frequently, I'm having to restart the dirsrv
> >>>> process once an hour, otherwise people start complaining.
> >>>>
> >>>> I experienced similar problems with FreeIPA 1, when I was using Fedora
> >>>> 14 and earlier, and had to regularly (also once per hour) restart the
> >>>> dirsrv process. Could this be related?
> >>>>
> >>>> I also noticed this:
> >>>> https://bugzilla.redhat.com/show_bug.cgi?id=730387
> >>>>
> >>>> There are updates in 'updates-testing' which I believe fix the above
> >>>> issue, but I'm reluctant to install from a testing repo on my
> >>>> production server, can anyone report any feedback on this?
> >>>
> >>> The above bug does not cause a segfault.
> >>> What version of 389-ds-base are you using?
> >>
> >> [root@ohm ~]# rpm -qa|grep 389
> >> 389-ds-base-libs-1.2.10-0.4.a4.fc15.x86_64
> >> 389-ds-base-1.2.10-0.4.a4.fc15.x86_64
> >> [root@ohm ~]#
> >
> > a4 is alpha software.  Not sure how that got released to stable.
> >
> >>> Please enable the collection of core dumps so we can debug the crash -
> >>> see
> >>> http://directory.fedoraproject.org/wiki/FAQ#Debugging_Crashes
> >>
> >> OK. I think there is a small typo in the instructions:
> >>
> >> 'debuginfo-install 389-ds-base-debuginfo' should be 'debuginfo-install
> >> 389-ds-base'
> >
> > Thanks.  Fixed.
> >
> >> I managed to get the core dump (attached - so I only sent this message
> >> to you, not the list as well), but it doesn't contain much
> >> information.
> >
> > This is https://bugzilla.redhat.com/show_bug.cgi?id=755725
> >
> > Will be fixed in 1.2.10.a6
> >
> > But this still doesn't explain your kerberos errors.
> 
> An additional problem is also occurring. I've been finding that the:
> 
> /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif
> 
> file is empty and prevents dirsrv from starting. I can restore it from
> dse.ldif.bak or dse.ldif.startOK, but this may be related to the LDAP
> problems that I'm having?

This is an upgrade time problem, it should be fixed in latest packages.
Did you recently upgrade freeipa packages if so from what version to
what version ?

(If you used yum you can use 'yum history' to find out)

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to