[Freeipa-users] named's LDAP connection hangs
Thomas Raehalme
thomas.raehalme at codecenter.fi
Mon Jun 16 20:30:33 UTC 2014
Hi!
Thanks for the instructions. I have configured KRB5_TRACE as described. I
will send logs as soon as we encounter the problem again. Could take a week
or two though.
Thank you for your help!
Best regards,
Thomas
On Mon, Jun 16, 2014 at 1:54 PM, Petr Spacek <pspacek at redhat.com> wrote:
> On 16.6.2014 09:41, Thomas Raehalme wrote:
>
>> Hi,
>>
>> We have a problem with IPA going out of service every now and then. There
>> seems to be two kinds of situations:
>>
>> 1) The connection between named and dirsrv fails. Named can resolve
>> external names but the domain managed by IPA does not resolve any names.
>> named cannot be stopped. After killing the process and restarting the
>> issue
>> is resolved.
>>
>> 2) Sometimes the situation is more severe and also dirsrv is unresponsive.
>> The solution then seems to be restarting both named and dirsrv
>> (individually or through the 'ipa' service).
>>
>> Regarding #1 the file /var/log/messages contains the following:
>>
>> Jun 16 03:22:23 ipa named[7295]: received control channel command 'reload'
>> Jun 16 03:22:23 ipa named[7295]: loading configuration from
>> '/etc/named.conf'
>> Jun 16 03:22:23 ipa named[7295]: using default UDP/IPv4 port range: [1024,
>> 65535]
>> Jun 16 03:22:23 ipa named[7295]: using default UDP/IPv6 port range: [1024,
>> 65535]
>> Jun 16 03:22:23 ipa named[7295]: sizing zone task pool based on 6 zones
>> Jun 16 03:22:23 ipa named[7295]: GSSAPI Error: Unspecified GSS failure.
>> Minor code may provide more information (Ticket expired)
>> Jun 16 03:22:23 ipa named[7295]: bind to LDAP server failed: Local error
>>
>> The reload is triggered by logrotate. For some reason authentication
>> fails,
>> and the IPA domain is no longer resolvable.
>>
>> I haven't discovered a pattern how often these problems occur. Maybe once
>> a
>> week or two.
>>
>> FreeIPA master running on CentOS 6.5 has been configured with the default
>> settings. In addition a single replica has been added.
>>
>> Any ideas where I should look for the source of the problem?
>>
>
> I have heard about this problem but nobody managed to reproduce the
> problem.
>
> Please:
> - configure KRB5_TRACE variable as described on
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a1.
> Gathersymptoms
> - restart named
> - send me logs when it happens again.
>
> Thank you!
>
> --
> Petr^2 Spacek
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
--
*Thomas Raehalme*
*CTO, teknologiajohtaja*
Mobile +358 40 545 0605
*Codecenter Oy*
Väinönkatu 26 A, 4th Floor
40100 JYVÄSKYLÄ, Finland
Tel. +358 10 322 0040
www.codecenter.fi
*Codecenter - Tietojärjestelmiä ymmärrettävästi*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140616/da99dd47/attachment.htm>
More information about the Freeipa-users
mailing list