[Freeipa-users] FreeIPA (directory service) Crash several times a day

Mon Jul 4 07:39:55 UTC 2016

On 07/03/2016 03:04 PM, Omar AKHAM wrote:
> Where can i find core file of ipa-server?
you still need to look for the core file of slapd, but IPA deploys 
plugins for slapd and that  is why you need the debuginfo for ipa-server 
for a better analysis of the slapd core.
>
> On 2016-07-01 13:29, Ludwig Krispenz wrote:
>> please keep the discussion on the mailing list
>> On 07/01/2016 01:17 PM, Omar AKHAM wrote:
>>> Which package to install ? ipa-debuginfo?
>> yes
>>>
>>> 2 other crashes last night, with a different user bind this time :
>>>
>>>         rawdn = 0x7f620003a200 
>>> "uid=XXX,cn=users,cn=accounts,dc=XXX,dc=XX"
>>>         dn = 0x7f62000238b0 "uid=XXX,cn=users,cn=accounts,dc=XXX,dc=XX"
>>>         saslmech = 0x0
>>>         cred = {bv_len = 9, bv_val = 0x7f6200034af0 
>>> "nw_PA\250\063\065\067"}
>>>         be = 0x7f6254941c20
>>>         ber_rc = <optimized out>
>>>         rc = 0
>>>         sdn = 0x7f62000313f0
>>>         bind_sdn_in_pb = 1
>>>         referral = 0x0
>>>         errorbuf = '\000' <repeats 1856 times>...
>>>         supported = <optimized out>
>>>         pmech = <optimized out>
>>>         authtypebuf = 
>>> "\000\000\000\000\000\000\000\000\370\030\002\000b\177\000\000\360\030\002\000b\177\000\000\320\030\002\000b\177\000\000\001\000
>>> \000\000\000\000\000\000\250\311\377+b\177\000\000\320\352\377+b\177\000\000\200\376\002\000b\177\000\000\262\202\211Rb\177\000\000\260\311\377+b\177\ 
>>> 000\000\000\000\000\000\000\000\000\000&\272\200Rb\177\000\000\000\000\000\000\000\000\000\000<\224\204Rb\177\000\000\260\311\377+b\177\000\000\000\00 
>>> 0\000\000\000\000\000\000\210\311\377+b\177\000\000\250\311\377+b\177", 
>>> '\000' <repeats 14 times>, "\002\000\000\000 
>>> \305\363Tb\177\000\000\377\377\37
>>> 7\377\377\377\377\377\320\030\002\000b\177\000\000\000\000\000\000\000\000\000\000~a\003\000b\177", 
>>> '\000' <repeats 57 times>
>>>         bind_target_entry = 0x0
>>>
>>>
>>>
>>> On 2016-06-30 18:16, Ludwig Krispenz wrote:
>>>> On 06/30/2016 05:54 PM, dev at mdfive.dz wrote:
>>>>> The crash is random, sometimes the user binds without probleme, 
>>>>> sometimes it bind and there is the error message of ipa plugin 
>>>>> without dirsrv crash. But when it crashes, this user's bind is 
>>>>> found in the new generated core file!
>>>> ok, so the user might try or use different passwords. it could be
>>>> helpful if you can install the debuginfo for the ipa-server package
>>>> and get a new stack. Please post it to teh list, you can XXXXX the
>>>> credentials in the core, although I think they will not be proper
>>>> credentials.
>>>>
>>>> Ludwig
>>>>>
>>>>> On 2016-06-30 14:50, Ludwig Krispenz wrote:
>>>>>> On 06/30/2016 02:45 PM, Ludwig Krispenz wrote:
>>>>>>>
>>>>>>> On 06/30/2016 02:27 PM, dev at mdfive.dz wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Please find strace on a core file : http://pastebin.com/v9cUzau4
>>>>>>> the crash is in an IPA plugin, ipa_pwd_extop,
>>>>>>> to get a better stack you would have to install also the 
>>>>>>> debuginfo for ipa-server.
>>>>>> but tje stack matches the error messages you have seen
>>>>>> [30/Jun/2016:09:35:19 +0100] ipapwd_encrypt_encode_key - [file
>>>>>> encoding.c, line 171]: generating kerberos keys failed [Invalid
>>>>>> argument]
>>>>>>     [30/Jun/2016:09:35:19 +0100] ipapwd_gen_hashes - [file 
>>>>>> encoding.c,
>>>>>> line 225]: key encryption/encoding failed
>>>>>> they are from the function sin the call stack.
>>>>>>
>>>>>> Looks like the user has a password with a \351 char:
>>>>>> cred = {bv_len = 15, bv_val = 0x7fc7880013a0 "d\351sertification"}
>>>>>>
>>>>>> does the crash always happen with a bind from this user ?
>>>>>>
>>>>>>> and then someone familiar with this plugin should look into it
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>>
>>>>>>>> On 2016-06-30 12:13, Ludwig Krispenz wrote:
>>>>>>>>> can you get a core file ?
>>>>>>>>> http://www.port389.org/docs/389ds/FAQ/faq.html#debug_crashes
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 06/30/2016 11:28 AM, dev at mdfive.dz wrote:
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> The Directory Services crashes several times a day. It's 
>>>>>>>>>> installed on CentOS 7 VM :
>>>>>>>>>>
>>>>>>>>>> Installed Packages
>>>>>>>>>> Name        : ipa-server
>>>>>>>>>> Arch        : x86_64
>>>>>>>>>> Version     : 4.2.0
>>>>>>>>>>
>>>>>>>>>> # ipactl status
>>>>>>>>>> Directory Service: STOPPED
>>>>>>>>>> krb5kdc Service: RUNNING
>>>>>>>>>> kadmin Service: RUNNING
>>>>>>>>>> ipa_memcached Service: RUNNING
>>>>>>>>>> httpd Service: RUNNING
>>>>>>>>>> pki-tomcatd Service: RUNNING
>>>>>>>>>> ipa-otpd Service: RUNNING
>>>>>>>>>> ipa: INFO: The ipactl command was successful
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Before each crash, I have these messages in 
>>>>>>>>>> /var/log/dirsrv/slapd-XXXXX/errors :
>>>>>>>>>>
>>>>>>>>>>     [30/Jun/2016:09:35:19 +0100] ipapwd_encrypt_encode_key - 
>>>>>>>>>> [file encoding.c, line 171]: generating kerberos keys failed 
>>>>>>>>>> [Invalid argument]
>>>>>>>>>>     [30/Jun/2016:09:35:19 +0100] ipapwd_gen_hashes - [file 
>>>>>>>>>> encoding.c, line 225]: key encryption/encoding failed
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Any help?
>>>>>>>>>> Best regards
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: 
>>>>>>>>> Grasbrunn,
>>>>>>>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>>>>>>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael
>>>>>>>>> O'Neill, Eric Shander
>>>>>>>
>>>>>>
>>>>>> -- Red Hat GmbH, http://www.de.redhat.com/, Registered seat: 
>>>>>> Grasbrunn,
>>>>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>>>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael
>>>>>> O'Neill, Eric Shander

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander