[Freeipa-users] Kerberos hanging approx. once a day

Torsten Harenberg harenberg at physik.uni-wuppertal.de
Thu Jul 23 07:18:43 UTC 2015 

Hi Sumit,


> The principal looks strange, I would at least expect the fully-qualified
> name of the ipa server here. What does the 'hostname' command return? It

[root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]# hostname
ipa.pleiades.uni-wuppertal.de

> is expected that it will return the fully-qualified name. Additionally if
> you added the ipa server to /etc/hosts please only use the
> fully-qualified name to be on the safe side (iirc it is ok to have the
> short name as a second name, but the fully-qualified one should be
> always first).

I removed the entries vom /etc/hosts again.

> 
> The keytab file /etc/krb5.keytab looks strange here. Later on the right
> one /etc/dirsrv/ds.keytab is used. Did you try to run the
> /usr/sbin/ns-slapd binary manually at some time?
>

Yes.. once .. after it did not came up.

After another reboot, the system came up now.

But what I found is

https://fedorahosted.org/freeipa/ticket/2739

and indeed:

[root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]# grep WARNING *
errors:[21/Jul/2015:17:15:21 +0200] - WARNING: cache too small,
increasing to 500K bytes
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[21/Jul/2015:17:15:21 +0200] - WARNING: userRoot: entry cache
size 512000B is less than db size 4177920B; We recommend to increase the
entry cache size nsslapd-cachememsize.
errors:[21/Jul/2015:17:15:21 +0200] - WARNING: changelog: entry cache
size 512000B is less than db size 18096128B; We recommend to increase
the entry cache size nsslapd-cachememsize.
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[22/Jul/2015:11:03:31 +0200] - WARNING: userRoot: entry cache
size 512000B is less than db size 4218880B; We recommend to increase the
entry cache size nsslapd-cachememsize.
errors:[22/Jul/2015:11:03:31 +0200] - WARNING: changelog: entry cache
size 512000B is less than db size 27992064B; We recommend to increase
the entry cache size nsslapd-cachememsize.
errors:[23/Jul/2015:07:33:09 +0200] - WARNING: cache too small,
increasing to 500K bytes
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up
errors:[23/Jul/2015:07:33:09 +0200] - WARNING -- Minimum cache size is
512000 -- rounding up


And what I see is that nodes occasionaly loose their users. I haven't
seen that the two month while testing (of course there were no real
users during that time, so I'm not 100% sure that it did not happen).

Could that be the cause of the trouble??

Kind regards,

  Torsten



-- 
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>                                                              <>
<> Dr. Torsten Harenberg     harenberg at physik.uni-wuppertal.de  <>
<> Bergische Universitaet                                       <>
<> FB C - Physik             Tel.: +49 (0)202 439-3521          <>
<> Gaussstr. 20              Fax : +49 (0)202 439-2811          <>
<> 42097 Wuppertal                                              <>
<>                                                              <>
<><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>

More information about the Freeipa-users mailing list