[Freeipa-users] Kerberos hanging approx. once a day
Torsten Harenberg
harenberg at physik.uni-wuppertal.de
Fri Jul 24 07:20:28 UTC 2015
Dear Rich and all,
thanks to everbody! Really thankful for your support.
The situation really approved.
We:
- enlarged the caches for 389ds until the WARNING messages disappeared
in the log files,
- (just to be sure) re-sync'ed firewalld rules between primary and
secondary server.
Now the server was stable, Kerberos and 389ds are still alive and all
clients can still resolve all users. There is only one issue left (see
bottom).
First let us answer that:
Am 23.07.15 um 18:28 schrieb Rich Megginson:
>
> # ldapsearch -xLLL -D "cn=directory manager" -W -s base -b
> "dc=uni-wuppertal,dc=de"
>
> This search should return immediately. If it hangs, then the problem is
> in slapd, and get a stack trace as before.
>
[root at ipa httpd]# time ldapsearch -xLLL -D "cn=directory manager" -W -s
base -b "dc=pleiades,dc=uni-wuppertal,dc=de"
Enter LDAP Password:
dn: dc=pleiades,dc=uni-wuppertal,dc=de
objectClass: top
objectClass: domain
objectClass: pilotObject
objectClass: domainRelatedObject
objectClass: nisDomainObject
dc: pleiades
info: IPA V2.0
nisDomain: pleiades.uni-wuppertal.de
associatedDomain: pleiades.uni-wuppertal.de
real 0m4.559s
user 0m0.403s
sys 0m0.057s
[root at ipa httpd]#
Looks okay to us, or?
So.. here is the problem which is left over. When logging in as admin
now through th web page or locally:
[Thu Jul 23 21:43:47.340133 2015] [wsgi:error] [pid 1134] ipa: INFO:
[jsonserver_session] wensing at PLEIADES.UNI-WUPPERTAL.DE:
radiusproxy_find(None, version=u'2.114'): SUCCESS
[Thu Jul 23 21:43:48.758849 2015] [wsgi:error] [pid 1133] ipa: INFO:
[jsonserver_session] wensing at PLEIADES.UNI-WUPPERTAL.DE: user_find(None,
version=u'2.114'): SUCCESS
[Fri Jul 24 07:20:10.198903 2015] [wsgi:error] [pid 1134] ipa: INFO: 401
Unauthorized: kinit: Clients credentials have been revoked while getting
initial credentials
[Fri Jul 24 07:20:10.198977 2015] [wsgi:error] [pid 1134]
[Fri Jul 24 07:20:18.181715 2015] [wsgi:error] [pid 1133] ipa: INFO: 401
Unauthorized: kinit: Clients credentials have been revoked while getting
initial credentials
[Fri Jul 24 07:20:18.181809 2015] [wsgi:error] [pid 1133]
[Fri Jul 24 07:21:12.919751 2015] [wsgi:error] [pid 1134] ipa: INFO: 401
Unauthorized: kinit: Clients credentials have been revoked while getting
initial credentials
[Fri Jul 24 07:21:12.919878 2015] [wsgi:error] [pid 1134]
[root at ipa httpd]# kinit admin
kinit: Clients credentials have been revoked while getting initial
credentials
[root at ipa httpd]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin at PLEIADES.UNI-WUPPERTAL.DE
Valid starting Expires Service principal
07/23/2015 11:44:13 07/24/2015 11:44:08
HTTP/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE
07/23/2015 11:44:11 07/24/2015 11:44:08
krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE
[root at ipa httpd]#
Hope you have an idea about that one as well :).
Thanks
Marisa and Torsten
--
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<> <>
<> Dr. Torsten Harenberg harenberg at physik.uni-wuppertal.de <>
<> Bergische Universitaet <>
<> FB C - Physik Tel.: +49 (0)202 439-3521 <>
<> Gaussstr. 20 Fax : +49 (0)202 439-2811 <>
<> 42097 Wuppertal <>
<> <>
<><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>
More information about the Freeipa-users
mailing list