[Freeipa-users] FreeIPA (directory service) Crash several times a day

Ludwig Krispenz lkrispen at redhat.com
Fri Jul 1 11:29:03 UTC 2016 

please keep the discussion on the mailing list
On 07/01/2016 01:17 PM, Omar AKHAM wrote:
> Which package to install ? ipa-debuginfo?
yes
>
> 2 other crashes last night, with a different user bind this time :
>
>         rawdn = 0x7f620003a200 
> "uid=XXX,cn=users,cn=accounts,dc=XXX,dc=XX"
>         dn = 0x7f62000238b0 "uid=XXX,cn=users,cn=accounts,dc=XXX,dc=XX"
>         saslmech = 0x0
>         cred = {bv_len = 9, bv_val = 0x7f6200034af0 
> "nw_PA\250\063\065\067"}
>         be = 0x7f6254941c20
>         ber_rc = <optimized out>
>         rc = 0
>         sdn = 0x7f62000313f0
>         bind_sdn_in_pb = 1
>         referral = 0x0
>         errorbuf = '\000' <repeats 1856 times>...
>         supported = <optimized out>
>         pmech = <optimized out>
>         authtypebuf = 
> "\000\000\000\000\000\000\000\000\370\030\002\000b\177\000\000\360\030\002\000b\177\000\000\320\030\002\000b\177\000\000\001\000
> \000\000\000\000\000\000\250\311\377+b\177\000\000\320\352\377+b\177\000\000\200\376\002\000b\177\000\000\262\202\211Rb\177\000\000\260\311\377+b\177\ 
>
> 000\000\000\000\000\000\000\000\000\000&\272\200Rb\177\000\000\000\000\000\000\000\000\000\000<\224\204Rb\177\000\000\260\311\377+b\177\000\000\000\00 
>
> 0\000\000\000\000\000\000\210\311\377+b\177\000\000\250\311\377+b\177", '\000' 
> <repeats 14 times>, "\002\000\000\000 \305\363Tb\177\000\000\377\377\37
> 7\377\377\377\377\377\320\030\002\000b\177\000\000\000\000\000\000\000\000\000\000~a\003\000b\177", 
> '\000' <repeats 57 times>
>         bind_target_entry = 0x0
>
>
>
> On 2016-06-30 18:16, Ludwig Krispenz wrote:
>> On 06/30/2016 05:54 PM, dev at mdfive.dz wrote:
>>> The crash is random, sometimes the user binds without probleme, 
>>> sometimes it bind and there is the error message of ipa plugin 
>>> without dirsrv crash. But when it crashes, this user's bind is found 
>>> in the new  generated core file!
>> ok, so the user might try or use different passwords. it could be
>> helpful if you can install the debuginfo for the ipa-server package
>> and get a new stack. Please post it to teh list, you can XXXXX the
>> credentials in the core, although I think they will not be proper
>> credentials.
>>
>> Ludwig
>>>
>>> On 2016-06-30 14:50, Ludwig Krispenz wrote:
>>>> On 06/30/2016 02:45 PM, Ludwig Krispenz wrote:
>>>>>
>>>>> On 06/30/2016 02:27 PM, dev at mdfive.dz wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Please find strace on a core file : http://pastebin.com/v9cUzau4
>>>>> the crash is in an IPA plugin, ipa_pwd_extop,
>>>>> to get a better stack you would have to install also the debuginfo 
>>>>> for ipa-server.
>>>> but tje stack matches the error messages you have seen
>>>> [30/Jun/2016:09:35:19 +0100] ipapwd_encrypt_encode_key - [file
>>>> encoding.c, line 171]: generating kerberos keys failed [Invalid
>>>> argument]
>>>>     [30/Jun/2016:09:35:19 +0100] ipapwd_gen_hashes - [file encoding.c,
>>>> line 225]: key encryption/encoding failed
>>>> they are from the function sin the call stack.
>>>>
>>>> Looks like the user has a password with a \351 char:
>>>> cred = {bv_len = 15, bv_val = 0x7fc7880013a0 "d\351sertification"}
>>>>
>>>> does the crash always happen with a bind from this user ?
>>>>
>>>>> and then someone familiar with this plugin should look into it
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>> On 2016-06-30 12:13, Ludwig Krispenz wrote:
>>>>>>> can you get a core file ?
>>>>>>> http://www.port389.org/docs/389ds/FAQ/faq.html#debug_crashes
>>>>>>>
>>>>>>>
>>>>>>> On 06/30/2016 11:28 AM, dev at mdfive.dz wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> The Directory Services crashes several times a day. It's 
>>>>>>>> installed on CentOS 7 VM :
>>>>>>>>
>>>>>>>> Installed Packages
>>>>>>>> Name        : ipa-server
>>>>>>>> Arch        : x86_64
>>>>>>>> Version     : 4.2.0
>>>>>>>>
>>>>>>>> # ipactl status
>>>>>>>> Directory Service: STOPPED
>>>>>>>> krb5kdc Service: RUNNING
>>>>>>>> kadmin Service: RUNNING
>>>>>>>> ipa_memcached Service: RUNNING
>>>>>>>> httpd Service: RUNNING
>>>>>>>> pki-tomcatd Service: RUNNING
>>>>>>>> ipa-otpd Service: RUNNING
>>>>>>>> ipa: INFO: The ipactl command was successful
>>>>>>>>
>>>>>>>>
>>>>>>>> Before each crash, I have these messages in 
>>>>>>>> /var/log/dirsrv/slapd-XXXXX/errors :
>>>>>>>>
>>>>>>>>     [30/Jun/2016:09:35:19 +0100] ipapwd_encrypt_encode_key - 
>>>>>>>> [file encoding.c, line 171]: generating kerberos keys failed 
>>>>>>>> [Invalid argument]
>>>>>>>>     [30/Jun/2016:09:35:19 +0100] ipapwd_gen_hashes - [file 
>>>>>>>> encoding.c, line 225]: key encryption/encoding failed
>>>>>>>>
>>>>>>>>
>>>>>>>> Any help?
>>>>>>>> Best regards
>>>>>>>>
>>>>>>>
>>>>>>> -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: 
>>>>>>> Grasbrunn,
>>>>>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>>>>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael
>>>>>>> O'Neill, Eric Shander
>>>>>
>>>>
>>>> -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: 
>>>> Grasbrunn,
>>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael
>>>> O'Neill, Eric Shander

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander

More information about the Freeipa-users mailing list