[Freeipa-users] named's LDAP connection hangs
Thomas Raehalme
thomas.raehalme at codecenter.fi
Mon Jun 16 07:41:11 UTC 2014
Hi,
We have a problem with IPA going out of service every now and then. There
seems to be two kinds of situations:
1) The connection between named and dirsrv fails. Named can resolve
external names but the domain managed by IPA does not resolve any names.
named cannot be stopped. After killing the process and restarting the issue
is resolved.
2) Sometimes the situation is more severe and also dirsrv is unresponsive.
The solution then seems to be restarting both named and dirsrv
(individually or through the 'ipa' service).
Regarding #1 the file /var/log/messages contains the following:
Jun 16 03:22:23 ipa named[7295]: received control channel command 'reload'
Jun 16 03:22:23 ipa named[7295]: loading configuration from
'/etc/named.conf'
Jun 16 03:22:23 ipa named[7295]: using default UDP/IPv4 port range: [1024,
65535]
Jun 16 03:22:23 ipa named[7295]: using default UDP/IPv6 port range: [1024,
65535]
Jun 16 03:22:23 ipa named[7295]: sizing zone task pool based on 6 zones
Jun 16 03:22:23 ipa named[7295]: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (Ticket expired)
Jun 16 03:22:23 ipa named[7295]: bind to LDAP server failed: Local error
The reload is triggered by logrotate. For some reason authentication fails,
and the IPA domain is no longer resolvable.
I haven't discovered a pattern how often these problems occur. Maybe once a
week or two.
FreeIPA master running on CentOS 6.5 has been configured with the default
settings. In addition a single replica has been added.
Any ideas where I should look for the source of the problem?
Thank you in advance!
Best regards,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140616/5938056e/attachment.htm>
More information about the Freeipa-users
mailing list