[Freeipa-users] Kerberos hanging approx. once a day
Torsten Harenberg
harenberg at physik.uni-wuppertal.de
Thu Jul 23 06:35:45 UTC 2015
Huu.. situation is getting worse.
Even after a full reboot, slapd does not start at all anymore on the
primary server.
This is the full log (looks like the realm is missing suddenly?):
[23/Jul/2015:07:40:53 +0200] - slapd stopped.
[23/Jul/2015:08:25:06 +0200] - Config Warning: - nsslapd-maxdescriptors:
invalid value "8192", maximum file descriptors must range from 1 to 4096
(the current process limit). Server will use a setting of 4096.
[23/Jul/2015:08:25:06 +0200] nis-plugin - error connecting rpcbind
client socket to the service
[23/Jul/2015:08:25:06 +0200] SSL Initialization - Configured SSL version
range: min: TLS1.0, max: TLS1.2
[23/Jul/2015:08:25:06 +0200] - SSL alert: Configured NSS Ciphers
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA:
enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA:
enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert:
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[23/Jul/2015:08:25:06 +0200] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA:
enabled
[23/Jul/2015:08:25:06 +0200] - 389-Directory/1.3.3.8 B2015.036.047
starting up
[23/Jul/2015:08:25:06 +0200] - WARNING: cache too small, increasing to
500K bytes
[23/Jul/2015:08:25:06 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:25:06 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:25:06 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:25:06 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:25:06 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:25:06 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:25:06 +0200] - WARNING: userRoot: entry cache size
512000B is less than db size 4251648B; We recommend to increase the
entry cache size nsslapd-cachememsize.
[23/Jul/2015:08:25:06 +0200] - WARNING: changelog: entry cache size
512000B is less than db size 173367296B; We recommend to increase the
entry cache size nsslapd-cachememsize.
[23/Jul/2015:08:25:07 +0200] - resizing db cache size: 320000 -> 400000
[23/Jul/2015:08:25:07 +0200] nis-plugin - warning: no entries in
domain=pleiades.uni-wuppertal.de,map=ethers.byaddr
[23/Jul/2015:08:25:07 +0200] nis-plugin - warning: no entries in
domain=pleiades.uni-wuppertal.de,map=ethers.byname
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:25:08 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:25:08 +0200] schema-compat-plugin - warning: no entries
set up under cn=computers, cn=compat,dc=pleiades,dc=uni-wuppertal,dc=de
[23/Jul/2015:08:25:09 +0200] schema-compat-plugin - warning: no entries
set up under ou=sudoers,dc=pleiades,dc=uni-wuppertal,dc=de
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
cn=dns,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
cn=dns,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
cn=keys,cn=sec,cn=dns,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
cn=dns,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
cn=dns,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
ou=sudoers,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de
does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de
does not exist
[23/Jul/2015:08:25:09 +0200] NSACLPlugin - The ACL target cn=automember
rebuild membership,cn=tasks,cn=config does not exist
[23/Jul/2015:08:25:09 +0200] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de--no CoS Templates
found, which should be added before the CoS Definition.
[23/Jul/2015:08:25:09 +0200] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa@] in keytab [FILE:/etc/krb5.keytab]:
-1765328164 (Cannot resolve network address for KDC in requested realm)
[23/Jul/2015:08:25:09 +0200] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Jul/2015:08:25:09 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Jul/2015:08:25:09 +0200] NSMMReplicationPlugin -
agmt="cn=meToipa2.pleiades.uni-wuppertal.de" (ipa2:389): Replication
bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1):
generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may
provide more information (No Kerberos credentials available))
[23/Jul/2015:08:25:09 +0200] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de--no CoS Templates
found, which should be added before the CoS Definition.
[23/Jul/2015:08:25:09 +0200] - slapd started. Listening on All
Interfaces port 389 for LDAP requests
[23/Jul/2015:08:25:09 +0200] - Listening on All Interfaces port 636 for
LDAPS requests
[23/Jul/2015:08:25:09 +0200] - Listening on
/var/run/slapd-PLEIADES-UNI-WUPPERTAL-DE.socket for LDAPI requests
[23/Jul/2015:08:25:12 +0200] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa@] in keytab [FILE:/etc/krb5.keytab]:
-1765328164 (Cannot resolve network address for KDC in requested realm)
[23/Jul/2015:08:25:12 +0200] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Jul/2015:08:25:12 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Jul/2015:08:25:18 +0200] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa@] in keytab [FILE:/etc/krb5.keytab]:
-1765328164 (Cannot resolve network address for KDC in requested realm)
[23/Jul/2015:08:25:18 +0200] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Jul/2015:08:25:18 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Jul/2015:08:25:30 +0200] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa@] in keytab [FILE:/etc/krb5.keytab]:
-1765328164 (Cannot resolve network address for KDC in requested realm)
[23/Jul/2015:08:25:30 +0200] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Jul/2015:08:25:30 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Jul/2015:08:25:54 +0200] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa@] in keytab [FILE:/etc/krb5.keytab]:
-1765328164 (Cannot resolve network address for KDC in requested realm)
[23/Jul/2015:08:25:54 +0200] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Jul/2015:08:25:54 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Jul/2015:08:26:42 +0200] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa@] in keytab [FILE:/etc/krb5.keytab]:
-1765328164 (Cannot resolve network address for KDC in requested realm)
[23/Jul/2015:08:26:42 +0200] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Jul/2015:08:26:42 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Jul/2015:08:28:21 +0200] nis-plugin - error connecting rpcbind
client socket to the service
[23/Jul/2015:08:28:22 +0200] SSL Initialization - Configured SSL version
range: min: TLS1.0, max: TLS1.2
[23/Jul/2015:08:28:22 +0200] - SSL alert: Configured NSS Ciphers
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA:
enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA:
enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert:
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[23/Jul/2015:08:28:22 +0200] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA:
enabled
[23/Jul/2015:08:28:22 +0200] - 389-Directory/1.3.3.8 B2015.036.047
starting up
[23/Jul/2015:08:28:22 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:28:22 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:28:22 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:28:22 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:28:22 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:28:22 +0200] - WARNING -- Minimum cache size is 512000
-- rounding up
[23/Jul/2015:08:28:22 +0200] - WARNING: userRoot: entry cache size
512000B is less than db size 4251648B; We recommend to increase the
entry cache size nsslapd-cachememsize.
[23/Jul/2015:08:28:22 +0200] - WARNING: changelog: entry cache size
512000B is less than db size 173367296B; We recommend to increase the
entry cache size nsslapd-cachememsize.
[23/Jul/2015:08:28:22 +0200] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.
[23/Jul/2015:08:28:23 +0200] nis-plugin - warning: no entries in
domain=pleiades.uni-wuppertal.de,map=ethers.byaddr
[23/Jul/2015:08:28:23 +0200] nis-plugin - warning: no entries in
domain=pleiades.uni-wuppertal.de,map=ethers.byname
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:28:25 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:28:25 +0200] schema-compat-plugin - warning: no entries
set up under cn=computers, cn=compat,dc=pleiades,dc=uni-wuppertal,dc=de
[23/Jul/2015:08:28:26 +0200] schema-compat-plugin - warning: no entries
set up under ou=sudoers,dc=pleiades,dc=uni-wuppertal,dc=de
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
cn=dns,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
cn=dns,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
cn=keys,cn=sec,cn=dns,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
cn=dns,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
cn=dns,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
ou=sudoers,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=pleiades,dc=uni-wuppertal,dc=de does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de
does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de
does not exist
[23/Jul/2015:08:28:26 +0200] NSACLPlugin - The ACL target cn=automember
rebuild membership,cn=tasks,cn=config does not exist
[23/Jul/2015:08:28:26 +0200] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de--no CoS Templates
found, which should be added before the CoS Definition.
[23/Jul/2015:08:28:31 +0200] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: disordely shutdown for replica
dc=pleiades,dc=uni-wuppertal,dc=de. Check if DB RUV needs to be updated
[23/Jul/2015:08:28:31 +0200] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa@] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found)
[23/Jul/2015:08:28:31 +0200] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Jul/2015:08:28:31 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Jul/2015:08:28:31 +0200] NSMMReplicationPlugin -
agmt="cn=meToipa2.pleiades.uni-wuppertal.de" (ipa2:389): Replication
bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1):
generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may
provide more information (No Kerberos credentials available))
[23/Jul/2015:08:28:32 +0200] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de--no CoS Templates
found, which should be added before the CoS Definition.
[23/Jul/2015:08:28:32 +0200] - slapd started. Listening on All
Interfaces port 389 for LDAP requests
[23/Jul/2015:08:28:32 +0200] - Listening on All Interfaces port 636 for
LDAPS requests
[23/Jul/2015:08:28:32 +0200] - Listening on
/var/run/slapd-PLEIADES-UNI-WUPPERTAL-DE.socket for LDAPI requests
[23/Jul/2015:08:28:34 +0200] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa@] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found)
[23/Jul/2015:08:28:34 +0200] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Jul/2015:08:28:34 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Jul/2015:08:28:40 +0200] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa@] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found)
[23/Jul/2015:08:28:40 +0200] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Jul/2015:08:28:40 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Jul/2015:08:28:52 +0200] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa@] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found)
[23/Jul/2015:08:28:52 +0200] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Jul/2015:08:28:52 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Jul/2015:08:29:16 +0200] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa@] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328203 (Key table entry not found)
[23/Jul/2015:08:29:16 +0200] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Jul/2015:08:29:16 +0200] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Jul/2015:08:29:17 +0200] - slapd shutting down - signaling operation
threads - op stack size 4 max work q size 3 max work q stack size 3
[23/Jul/2015:08:29:17 +0200] - slapd shutting down - waiting for 28
threads to terminate
[23/Jul/2015:08:29:17 +0200] - slapd shutting down - closing down
internal subsystems and plugins
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - error sending request to
portmap or rpcbind on 9: Connection refused
[23/Jul/2015:08:29:17 +0200] nis-plugin - timeout registering with
portmap service
[23/Jul/2015:08:29:17 +0200] - Waiting for 4 database threads to stop
[23/Jul/2015:08:29:17 +0200] - All database threads now stopped
[23/Jul/2015:08:29:17 +0200] - slapd shutting down - freed 3 work q
stack objects - freed 4 op stack objects
[23/Jul/2015:08:29:17 +0200] - slapd stopped.
[root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]#
There is no rpcbind on the system. Can install one, but don't know if
that is meaningful or not.
Any help is really much appreciated now.
Kind regards
Torsten
--
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<> <>
<> Dr. Torsten Harenberg harenberg at physik.uni-wuppertal.de <>
<> Bergische Universitaet <>
<> FB C - Physik Tel.: +49 (0)202 439-3521 <>
<> Gaussstr. 20 Fax : +49 (0)202 439-2811 <>
<> 42097 Wuppertal <>
<> <>
<><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>
More information about the Freeipa-users
mailing list