Thanks for the instructions. I have configured KRB5_TRACE as described. I
will send logs as soon as we encounter the problem again. Could take a week
or two though.
Thank you for your help!
On Mon, Jun 16, 2014 at 1:54 PM, Petr Spacek <pspa...@redhat.com> wrote:
> On 16.6.2014 09:41, Thomas Raehalme wrote:
>> We have a problem with IPA going out of service every now and then. There
>> seems to be two kinds of situations:
>> 1) The connection between named and dirsrv fails. Named can resolve
>> external names but the domain managed by IPA does not resolve any names.
>> named cannot be stopped. After killing the process and restarting the
>> is resolved.
>> 2) Sometimes the situation is more severe and also dirsrv is unresponsive.
>> The solution then seems to be restarting both named and dirsrv
>> (individually or through the 'ipa' service).
>> Regarding #1 the file /var/log/messages contains the following:
>> Jun 16 03:22:23 ipa named: received control channel command 'reload'
>> Jun 16 03:22:23 ipa named: loading configuration from
>> Jun 16 03:22:23 ipa named: using default UDP/IPv4 port range: [1024,
>> Jun 16 03:22:23 ipa named: using default UDP/IPv6 port range: [1024,
>> Jun 16 03:22:23 ipa named: sizing zone task pool based on 6 zones
>> Jun 16 03:22:23 ipa named: GSSAPI Error: Unspecified GSS failure.
>> Minor code may provide more information (Ticket expired)
>> Jun 16 03:22:23 ipa named: bind to LDAP server failed: Local error
>> The reload is triggered by logrotate. For some reason authentication
>> and the IPA domain is no longer resolvable.
>> I haven't discovered a pattern how often these problems occur. Maybe once
>> week or two.
>> FreeIPA master running on CentOS 6.5 has been configured with the default
>> settings. In addition a single replica has been added.
>> Any ideas where I should look for the source of the problem?
> I have heard about this problem but nobody managed to reproduce the
> - configure KRB5_TRACE variable as described on
> - restart named
> - send me logs when it happens again.
> Thank you!
> Petr^2 Spacek
> Freeipa-users mailing list
Mobile +358 40 545 0605
Väinönkatu 26 A, 4th Floor
40100 JYVÄSKYLÄ, Finland
Tel. +358 10 322 0040
*Codecenter - Tietojärjestelmiä ymmärrettävästi*
Freeipa-users mailing list