If there is a resolution to this, we would love to know. We have been
experiencing the same issues.
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Thomas Raehalme [thomas.raeha...@codecenter.fi]
Sent: Sunday, June 22, 2014 8:29 AM
Subject: Re: [Freeipa-users] named's LDAP connection hangs
Today it finally happened again - named is not resolving names under the IPA
domain, pvnet.cc. Killing the named process and restarting it solves the
problem (until it happens again).
Petr, I'll send you the logs directly so I don't have to leave anything out. I
hope that's okay.
Thank you for the help!
On Mon, Jun 16, 2014 at 1:54 PM, Petr Spacek
On 16.6.2014 09:41, Thomas Raehalme wrote:
We have a problem with IPA going out of service every now and then. There
seems to be two kinds of situations:
1) The connection between named and dirsrv fails. Named can resolve
external names but the domain managed by IPA does not resolve any names.
named cannot be stopped. After killing the process and restarting the issue
2) Sometimes the situation is more severe and also dirsrv is unresponsive.
The solution then seems to be restarting both named and dirsrv
(individually or through the 'ipa' service).
Regarding #1 the file /var/log/messages contains the following:
Jun 16 03:22:23 ipa named: received control channel command 'reload'
Jun 16 03:22:23 ipa named: loading configuration from
Jun 16 03:22:23 ipa named: using default UDP/IPv4 port range: [1024,
Jun 16 03:22:23 ipa named: using default UDP/IPv6 port range: [1024,
Jun 16 03:22:23 ipa named: sizing zone task pool based on 6 zones
Jun 16 03:22:23 ipa named: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (Ticket expired)
Jun 16 03:22:23 ipa named: bind to LDAP server failed: Local error
The reload is triggered by logrotate. For some reason authentication fails,
and the IPA domain is no longer resolvable.
I haven't discovered a pattern how often these problems occur. Maybe once a
week or two.
FreeIPA master running on CentOS 6.5 has been configured with the default
settings. In addition a single replica has been added.
Any ideas where I should look for the source of the problem?
I have heard about this problem but nobody managed to reproduce the problem.
- configure KRB5_TRACE variable as described on
- restart named
- send me logs when it happens again.
Freeipa-users mailing list
Mobile +358 40 545 0605
Väinönkatu 26 A, 4th Floor
40100 JYVÄSKYLÄ, Finland
Tel. +358 10 322 0040
Codecenter - Tietojärjestelmiä ymmärrettävästi
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project