[Freeipa-devel] GSSAPI/krb5 troubles after dirsrv restart
Rob Crittenden
rcritten at redhat.com
Thu Oct 9 17:16:43 UTC 2008
Thomas Sailer wrote:
> On Thu, 2008-10-09 at 10:21 -0400, Rob Crittenden wrote:
>
>> Hmm, ok. It definitely appears to be some file or directory permissions
>> issue. Does the FDS error log have anything interesting in it?
>
> Doesn't seem so:
>
> Fedora-Directory/1.1.1 B2008.151.1915
> xxx.xxxxx.com:636 (/etc/dirsrv/slapd-XXXXX-COM)
>
> [09/Oct/2008:17:47:55 +0200] - Fedora-Directory/1.1.1 B2008.151.1915 starting up
> [09/Oct/2008:17:47:56 +0200] - slapd started. Listening on All Interfaces port 389 for LDAP requests
> [09/Oct/2008:17:47:56 +0200] - Listening on All Interfaces port 636 for LDAPS requests
> [09/Oct/2008:17:48:10 +0200] - slapd shutting down - signaling operation threads
> [09/Oct/2008:17:48:10 +0200] - slapd shutting down - closing down internal subsystems and plugins
> [09/Oct/2008:17:48:10 +0200] - Waiting for 4 database threads to stop
> [09/Oct/2008:17:48:10 +0200] - All database threads now stopped
> [09/Oct/2008:17:48:10 +0200] - slapd stopped.
>
>> A brute-force way to find the answer is to start FDS with strace,
>> something like:
>>
>> # /etc/init.d/dirsrv stop
>> # strace -o /tmp/out -fF /etc/init.d/dirsrv start
>
> That didn't work for me, strace somehow didn't manage to follow the
> childs. Instead I tried this:
>
> strace -o /tmp/out -fF /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-XXXXX-COM -i /var/run/dirsrv/slapd-XXXXX-COM.pid -w /var/run/dirsrv/slapd-XXXXX-COM.startpid
>
> Which gave me the trace (but apparently also without following clone's,
> but this time without error messages about not being able to follow...)
>
> No EACCES, also no apparently important failures open'ing or stat'ing.
> But it also does not try to read ds.keytab.
>
> I'm a bit at a loss...
>
> Thanks, Tom
>
Ok, what does /etc/sysconfig/dirsrv contain?
It should have something like: export KRB5_KTNAME=/etc/dirsrv/ds.keytab
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20081009/2eaaaf3e/attachment.bin>
More information about the Freeipa-devel
mailing list