[Freeipa-users] Can't contact LDAP Server
Sean Hogan
schogan at us.ibm.com
Fri Nov 6 07:21:29 UTC 2015
Hi All,
We are having an issue where a client is showing sssd eatting up 100%
cpu and cannot log into it via ssh. IE.. trying to ssh to it just hangs an
never prompts for password. We have to get to the box from the console at
that point.
Top output on client
2365 root -30 0 89600 79m 18m R 124.5 0.0 22:15.22 rmcd
2627 root 20 0 159m 27m 18m R 100.0 0.0 10:40.98 sssd_be
92718 root 20 0 159m 11m 2560 R 98.8 0.0 0:13.65 sssd_be
The sssd logs on the client in question is showing:
tail -f sssd_ssh.log
(Wed Nov 4 09:29:30 2015) [sssd[ssh]] [ssh_dp_reconnect_init] (0x0010): Could not reconnect to
domain.name provider.
(Wed Nov 4 09:30:00 2015) [sssd[ssh]] [ssh_dp_reconnect_init] (0x0010): Could not reconnect to
domain.name provider.
(Wed Nov 4 09:30:30 2015) [sssd[ssh]] [ssh_dp_reconnect_init] (0x0010): Could not reconnect to
domain.name provider.
(Wed Nov 4 09:31:30 2015) [sssd[ssh]] [dp_id_callback] (0x0010): The Monitor returned an error
[org.freedesktop.DBus.Error.NoReply]
The Client is running:
Red Hat Enterprise Linux Server release 6.6 (Santiago)
sssd-ipa-1.11.6-30.el6_6.4.ppc64
ipa-client-3.0.0-42.el6.ppc64
I have been looking into the logs on our IPA server and found this but not
sure what to make of it as the dirsrv is on the IPA server and if it is
even related to the client issue.
/var/log/dirsrv/slapd-DOMAIN-LOCAL
slapd_ldap_sasl_interactive_bind - Error: could not perform interactive
bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server)
((null)) errno 107 (Transport endpoint is not connected)
/var/log/dirsrv/slapd-PKI-IPA shows:
slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't
contact LDAP server) errno 107 (Transport endpoint is not connected)
IPA server is running:
ipa-server-3.0.0-47.el6.x86_64
Red Hat Enterprise Linux Server release 6.7 (Santiago)
sssd-ipa-1.12.4-47.el6.x86_64
ipa-client-3.0.0-47.el6.x86_64
ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
It seems to be sporadic as the client was working fine under a heavy
application load(application ID is in IPA) and once the load test was over
sssd started causing the DOS. We have seen this happen a few times over
the past few days and does not always happen after a load test is complete.
I have been shutting down sssd and restarting it to clear it up and allow
ssh logins. Is the version difference between the ipa client/sssd and
server an issue and any ideas on where to go next?
Sean Hogan
Security Engineer
CISSP, RHSA, CCNA
Watson Security & Risk Assurance
Watson Cloud Technology and Support
email: schogan at us.ibm.com | Tel 919 486 1397
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151106/e98bfbfa/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 07327181.jpg
Type: image/jpeg
Size: 27085 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151106/e98bfbfa/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 07459251.gif
Type: image/gif
Size: 1650 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151106/e98bfbfa/attachment.gif>
More information about the Freeipa-users
mailing list