Hi! Thanks for the instructions. I have configured KRB5_TRACE as described. I will send logs as soon as we encounter the problem again. Could take a week or two though.
Thank you for your help! Best regards, Thomas On Mon, Jun 16, 2014 at 1:54 PM, Petr Spacek <pspa...@redhat.com> wrote: > On 16.6.2014 09:41, Thomas Raehalme wrote: > >> Hi, >> >> We have a problem with IPA going out of service every now and then. There >> seems to be two kinds of situations: >> >> 1) The connection between named and dirsrv fails. Named can resolve >> external names but the domain managed by IPA does not resolve any names. >> named cannot be stopped. After killing the process and restarting the >> issue >> is resolved. >> >> 2) Sometimes the situation is more severe and also dirsrv is unresponsive. >> The solution then seems to be restarting both named and dirsrv >> (individually or through the 'ipa' service). >> >> Regarding #1 the file /var/log/messages contains the following: >> >> Jun 16 03:22:23 ipa named[7295]: received control channel command 'reload' >> Jun 16 03:22:23 ipa named[7295]: loading configuration from >> '/etc/named.conf' >> Jun 16 03:22:23 ipa named[7295]: using default UDP/IPv4 port range: [1024, >> 65535] >> Jun 16 03:22:23 ipa named[7295]: using default UDP/IPv6 port range: [1024, >> 65535] >> Jun 16 03:22:23 ipa named[7295]: sizing zone task pool based on 6 zones >> Jun 16 03:22:23 ipa named[7295]: GSSAPI Error: Unspecified GSS failure. >> Minor code may provide more information (Ticket expired) >> Jun 16 03:22:23 ipa named[7295]: bind to LDAP server failed: Local error >> >> The reload is triggered by logrotate. For some reason authentication >> fails, >> and the IPA domain is no longer resolvable. >> >> I haven't discovered a pattern how often these problems occur. Maybe once >> a >> week or two. >> >> FreeIPA master running on CentOS 6.5 has been configured with the default >> settings. In addition a single replica has been added. >> >> Any ideas where I should look for the source of the problem? >> > > I have heard about this problem but nobody managed to reproduce the > problem. > > Please: > - configure KRB5_TRACE variable as described on > https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a1. > Gathersymptoms > - restart named > - send me logs when it happens again. > > Thank you! > > -- > Petr^2 Spacek > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -- *Thomas Raehalme* *CTO, teknologiajohtaja* Mobile +358 40 545 0605 *Codecenter Oy* Väinönkatu 26 A, 4th Floor 40100 JYVÄSKYLÄ, Finland Tel. +358 10 322 0040 www.codecenter.fi *Codecenter - Tietojärjestelmiä ymmärrettävästi*
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users