Terry John wrote: > I have a problem using freeipa version 3.0.0-50 on CentOS release 6.8. The > problem manifests itself as no authentication, and no DNS. > > It seems Kerberos just stops responding to requests and requests just get > queued up > # netstat -tuna | grep SYN_RECV > Active Internet connections (servers and established) > Proto Recv-Q Send-Q Local Address Foreign Address > State > tcp 0 0 <server IP>:88 <client1 > IP>:55440 SYN_RECV > tcp 0 0 <server IP>:88 <client 2 > IP>:40076 SYN_RECV > tcp 0 0 <server IP>:88 <Client 3 > IP>:41525 SYN_RECV > tcp 0 0 <server IP>:88 <Client4 > IP>:53958 SYN_RECV > tcp 0 0 <server IP>:88 <Client5 > IP>:54240 SYN_RECV > > Looking at /var/log/krb5kdc.log > The normal activity of AS_REQ and TGS_REC messages just stops. No error > messages. Just no new messages.
The problem isn't in Kerberos or DNS, ns-slapd is hanging. See this, http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debugging-hangs rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project