[Freeipa-users] ns-slapd hang/segfault
Dan Scott
danieljamesscott at gmail.com
Mon Dec 19 16:13:48 UTC 2011
On Mon, Dec 19, 2011 at 11:03, Rich Megginson <rmeggins at redhat.com> wrote:
> On 12/19/2011 09:01 AM, Dan Scott wrote:
>>
>> On Thu, Dec 15, 2011 at 11:51, Rich Megginson<rmeggins at redhat.com> wrote:
>>>
>>> On 12/15/2011 09:48 AM, Dan Scott wrote:
>>>>
>>>> Hi,
>>>>
>>>> On Thu, Dec 15, 2011 at 10:58, Rich Megginson<rmeggins at redhat.com>
>>>> wrote:
>>>>>
>>>>> On 12/15/2011 08:41 AM, Dan Scott wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> On my Fedora 15 FreeIPA server, I'm having some problems with
>>>>>> stability. The server appears to 'hang' and stops responding to LDAP
>>>>>> lookups. When I restart the dirsrv service, I get:
>>>>>>
>>>>>> Dec 15 09:40:02 ohm kernel: [254566.011404] ns-slapd[28910]: segfault
>>>>>> at 17d ip 00007f00dbc0208c sp 00007fff929b7848 error 4 in
>>>>>> libc-2.14.so[7f00dbb87000+18f000]
>>>>>>
>>>>>> and the /var/log/dirsrv/slapd-EXAMPLE-COM/errors contains
>>>>>>
>>>>>> [15/Dec/2011:09:47:35 -0500] set_krb5_creds - Could not get initial
>>>>>> credentials for principal [ldap/example.com at EXAMPLE.COM] in keytab
>>>>>> [WRFILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC
>>>>>> for requested realm)
>>>>>> [15/Dec/2011:09:47:35 -0500] slapd_ldap_sasl_interactive_bind - Error:
>>>>>> could not perform interactive bind for id [] mech [GSSAPI]: error -2
>>>>>> (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
>>>>>> GSS failure. Minor code may provide more information (Credentials
>>>>>> cache file '/tmp/krb5cc_496' not found))
>>>>>>
>>>>>> This is happening very frequently, I'm having to restart the dirsrv
>>>>>> process once an hour, otherwise people start complaining.
>>>>>>
>>>>>> I experienced similar problems with FreeIPA 1, when I was using Fedora
>>>>>> 14 and earlier, and had to regularly (also once per hour) restart the
>>>>>> dirsrv process. Could this be related?
>>>>>>
>>>>>> I also noticed this:
>>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=730387
>>>>>>
>>>>>> There are updates in 'updates-testing' which I believe fix the above
>>>>>> issue, but I'm reluctant to install from a testing repo on my
>>>>>> production server, can anyone report any feedback on this?
>>>>>
>>>>> The above bug does not cause a segfault.
>>>>> What version of 389-ds-base are you using?
>>>>
>>>> [root at ohm ~]# rpm -qa|grep 389
>>>> 389-ds-base-libs-1.2.10-0.4.a4.fc15.x86_64
>>>> 389-ds-base-1.2.10-0.4.a4.fc15.x86_64
>>>> [root at ohm ~]#
>>>
>>> a4 is alpha software. Not sure how that got released to stable.
>>>
>>>>> Please enable the collection of core dumps so we can debug the crash -
>>>>> see
>>>>> http://directory.fedoraproject.org/wiki/FAQ#Debugging_Crashes
>>>>
>>>> OK. I think there is a small typo in the instructions:
>>>>
>>>> 'debuginfo-install 389-ds-base-debuginfo' should be 'debuginfo-install
>>>> 389-ds-base'
>>>
>>> Thanks. Fixed.
>>>
>>>> I managed to get the core dump (attached - so I only sent this message
>>>> to you, not the list as well), but it doesn't contain much
>>>> information.
>>>
>>> This is https://bugzilla.redhat.com/show_bug.cgi?id=755725
>>>
>>> Will be fixed in 1.2.10.a6
>>>
>>> But this still doesn't explain your kerberos errors.
>>
>> An additional problem is also occurring. I've been finding that the:
>>
>> /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif
>>
>> file is empty and prevents dirsrv from starting. I can restore it from
>> dse.ldif.bak or dse.ldif.startOK, but this may be related to the LDAP
>> problems that I'm having?
>
> I don't know. What is the sequence of operations that causes dse.ldif to
> become empty?
Can I find this in the logs? The dirsrv process is crashing regularly,
so I have to regularly restart it. Occasionally (seemingly randomly)
it fails to restart because the dse.ldif file is empty.
More information about the Freeipa-users
mailing list