[Freeipa-users] named's LDAP connection hangs
Petr Spacek
pspacek at redhat.com
Mon Jun 16 10:54:18 UTC 2014
On 16.6.2014 09:41, Thomas Raehalme wrote:
> Hi,
>
> We have a problem with IPA going out of service every now and then. There
> seems to be two kinds of situations:
>
> 1) The connection between named and dirsrv fails. Named can resolve
> external names but the domain managed by IPA does not resolve any names.
> named cannot be stopped. After killing the process and restarting the issue
> is resolved.
>
> 2) Sometimes the situation is more severe and also dirsrv is unresponsive.
> The solution then seems to be restarting both named and dirsrv
> (individually or through the 'ipa' service).
>
> Regarding #1 the file /var/log/messages contains the following:
>
> Jun 16 03:22:23 ipa named[7295]: received control channel command 'reload'
> Jun 16 03:22:23 ipa named[7295]: loading configuration from
> '/etc/named.conf'
> Jun 16 03:22:23 ipa named[7295]: using default UDP/IPv4 port range: [1024,
> 65535]
> Jun 16 03:22:23 ipa named[7295]: using default UDP/IPv6 port range: [1024,
> 65535]
> Jun 16 03:22:23 ipa named[7295]: sizing zone task pool based on 6 zones
> Jun 16 03:22:23 ipa named[7295]: GSSAPI Error: Unspecified GSS failure.
> Minor code may provide more information (Ticket expired)
> Jun 16 03:22:23 ipa named[7295]: bind to LDAP server failed: Local error
>
> The reload is triggered by logrotate. For some reason authentication fails,
> and the IPA domain is no longer resolvable.
>
> I haven't discovered a pattern how often these problems occur. Maybe once a
> week or two.
>
> FreeIPA master running on CentOS 6.5 has been configured with the default
> settings. In addition a single replica has been added.
>
> Any ideas where I should look for the source of the problem?
I have heard about this problem but nobody managed to reproduce the problem.
Please:
- configure KRB5_TRACE variable as described on
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a1.Gathersymptoms
- restart named
- send me logs when it happens again.
Thank you!
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list