[Freeipa-users] Kerberos hanging approx. once a day

Alexander Bokovoy abokovoy at redhat.com
Wed Jul 22 10:32:33 UTC 2015 

On Wed, 22 Jul 2015, Torsten Harenberg wrote:
>Dear Alexander, dear Sumit,
>
>thank you very much indeed for the quick replies.
>
>Am 22.07.15 um 11:21 schrieb Sumit Bose:
>> Looks like there are issues getting the needed data from the local LDAP
>> server. The message below about the master key points into the same
>> direction. Can you check the 389ds logs?
>
>I have attached the
>/var/log/dirsrv/slapd-PLEIADES-UNI-WUPPERTAL-DE/errors file to the end
>of the mail, it's a bit larger.
>
>There are some "ticket expired" messages, could that point to the source
>of the problem?
No. It is, in a sense, a chicken-and-egg problem -- something caused KDC
to fail its connection to LDAP server and those LDAP server plugins that
needed Kerberos authentication (replication, for example), attempted to
obtain a ticket but failed because KDC failed.

The backtrace is also showing no problems as it is. Most threads are
simply in a wait state until clients come.

Also, sidgen plugin has issues:
>[21/Jul/2015:14:41:05 +0200] find_sid_for_ldap_entry - [file
>ipa_sidgen_common.c, line 522]: Cannot convert Posix ID [50088] into an
>unused SID.
>[21/Jul/2015:14:41:05 +0200] ipa_sidgen_add_post_op - [file
>ipa_sidgen.c, line 149]: Cannot add SID to new entry.


I'm slightly worried with the slapi-nis plugin reporting issues of
talking to rpcbind to register itself.
>[21/Jul/2015:17:15:20 +0200] nis-plugin - error connecting rpcbind
>client socket to the service
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - timeout registering with
>portmap service
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - timeout registering with
>portmap service
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - timeout registering with
>portmap service
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - timeout registering with
>portmap service
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - timeout registering with
>portmap service
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - timeout registering with
>portmap service
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - timeout registering with
>portmap service
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - error sending request to
>portmap or rpcbind on 9: Connection refused
>[21/Jul/2015:17:15:24 +0200] nis-plugin - timeout registering with
>portmap service

-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list