[Freeipa-devel] GSSAPI/krb5 troubles after dirsrv restart
Thomas Sailer
t.sailer at alumni.ethz.ch
Thu Oct 9 16:19:19 UTC 2008
On Thu, 2008-10-09 at 10:21 -0400, Rob Crittenden wrote:
> Hmm, ok. It definitely appears to be some file or directory permissions
> issue. Does the FDS error log have anything interesting in it?
Doesn't seem so:
Fedora-Directory/1.1.1 B2008.151.1915
xxx.xxxxx.com:636 (/etc/dirsrv/slapd-XXXXX-COM)
[09/Oct/2008:17:47:55 +0200] - Fedora-Directory/1.1.1 B2008.151.1915 starting up
[09/Oct/2008:17:47:56 +0200] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[09/Oct/2008:17:47:56 +0200] - Listening on All Interfaces port 636 for LDAPS requests
[09/Oct/2008:17:48:10 +0200] - slapd shutting down - signaling operation threads
[09/Oct/2008:17:48:10 +0200] - slapd shutting down - closing down internal subsystems and plugins
[09/Oct/2008:17:48:10 +0200] - Waiting for 4 database threads to stop
[09/Oct/2008:17:48:10 +0200] - All database threads now stopped
[09/Oct/2008:17:48:10 +0200] - slapd stopped.
> A brute-force way to find the answer is to start FDS with strace,
> something like:
>
> # /etc/init.d/dirsrv stop
> # strace -o /tmp/out -fF /etc/init.d/dirsrv start
That didn't work for me, strace somehow didn't manage to follow the
childs. Instead I tried this:
strace -o /tmp/out -fF /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-XXXXX-COM -i /var/run/dirsrv/slapd-XXXXX-COM.pid -w /var/run/dirsrv/slapd-XXXXX-COM.startpid
Which gave me the trace (but apparently also without following clone's,
but this time without error messages about not being able to follow...)
No EACCES, also no apparently important failures open'ing or stat'ing.
But it also does not try to read ds.keytab.
I'm a bit at a loss...
Thanks, Tom
More information about the Freeipa-devel
mailing list