Hello all,
I'm running a fairly new install of Freeipa-server and we are running into a
problem that is preventing users from logging in. We have two SSH servers that
authenticate to our freeipa-server and after 15 min to 4 hrs of runtime the
process Krb5kdc will consume 100% of the processor and the freeipa-server will
no longer respond to ldap requests from the other machines.
Here are some specs:
The freeipa-server is running as a virtual machine on a Xen 5.6 box
Fedora 15 with all current updates
The /home directory is a NFS mount to a different server, also running
freeipa-client
I updated the freeipa-server package to the "testing" repo today, the problem
still exists. The only additional components I've installed are fail2ban, and
rsyslog.
Some of the error messages include:
(krb5kdc.log)
Sep 08 12:10:23 client1.fake.com krb5kdc[1867](info): AS_REQ (7 etypes {18 17
16 23 1 3 2}) 199.17.59.5: NEEDED_PREAUTH: host/[email protected] for
krbtgt/[email protected], Additional pre-authentication required
(pki-ca-system-log)
Attached. This log is from the freeipa-server, it appears to be complaining
that it can't connect to itself.
I can provide more logs to a personal email if needed.
Thanks for your help in resolving this issue.
-Martin Smith
4692.Thread-13 - [14/Aug/2011:17:04:05 CDT] [3] [3] CRLIssuingPoint MasterCRL -
Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
4692.Thread-13 - [14/Aug/2011:17:04:05 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
4692.Thread-13 - [14/Aug/2011:17:04:05 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
4692.Thread-13 - [14/Aug/2011:17:04:05 CDT] [3] [3] CRLIssuingPoint MasterCRL -
Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
1105.Thread-14 - [15/Aug/2011:16:07:47 CDT] [8] [3] Publishing: Could not
publish certificate serial number 0xc. Error Failed to publish using rule: No
rules enabled
1105.Thread-15 - [15/Aug/2011:16:23:02 CDT] [8] [3] Publishing: Could not
publish certificate serial number 0xd. Error Failed to publish using rule: No
rules enabled
1105.Thread-16 - [15/Aug/2011:16:26:23 CDT] [8] [3] Publishing: Could not
publish certificate serial number 0xe. Error Failed to publish using rule: No
rules enabled
1105.Thread-17 - [16/Aug/2011:18:57:17 CDT] [8] [3] Publishing: Could not
publish certificate serial number 0xf. Error Failed to publish using rule: No
rules enabled
1105.Thread-18 - [16/Aug/2011:19:03:18 CDT] [8] [3] Publishing: Could not
publish certificate serial number 0x10. Error Failed to publish using rule: No
rules enabled
1105.Thread-19 - [16/Aug/2011:20:08:28 CDT] [8] [3] Publishing: Could not
publish certificate serial number 0x11. Error Failed to publish using rule: No
rules enabled
1096.Thread-15 - [18/Aug/2011:14:32:48 CDT] [8] [3] Publishing: Could not
publish certificate serial number 0x12. Error Failed to publish using rule: No
rules enabled
30655.Thread-14 - [23/Aug/2011:10:37:58 CDT] [8] [3] Publishing: Could not
publish certificate serial number 0x13. Error Failed to publish using rule: No
rules enabled
3129.Thread-12 - [29/Aug/2011:12:06:33 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
3129.Thread-12 - [29/Aug/2011:12:06:33 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
3129.Thread-12 - [29/Aug/2011:12:06:33 CDT] [3] [3] CRLIssuingPoint MasterCRL -
Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
3129.Thread-12 - [29/Aug/2011:12:06:33 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
3129.Thread-12 - [29/Aug/2011:12:06:33 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
3129.Thread-12 - [29/Aug/2011:12:06:33 CDT] [3] [3] CRLIssuingPoint MasterCRL -
Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
4590.Thread-12 - [29/Aug/2011:13:10:46 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
4590.Thread-12 - [29/Aug/2011:13:10:46 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
4590.Thread-12 - [29/Aug/2011:13:10:46 CDT] [3] [3] CRLIssuingPoint MasterCRL -
Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
4590.Thread-12 - [29/Aug/2011:13:10:46 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
4590.Thread-12 - [29/Aug/2011:13:10:46 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
4590.Thread-12 - [29/Aug/2011:13:10:46 CDT] [3] [3] CRLIssuingPoint MasterCRL -
Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
24135.Thread-12 - [06/Sep/2011:07:31:11 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
24135.Thread-12 - [06/Sep/2011:07:31:11 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
24135.Thread-12 - [06/Sep/2011:07:31:11 CDT] [3] [3] CRLIssuingPoint MasterCRL
- Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
24135.Thread-12 - [06/Sep/2011:07:31:11 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
24135.Thread-12 - [06/Sep/2011:07:31:11 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
24135.Thread-12 - [06/Sep/2011:07:31:11 CDT] [3] [3] CRLIssuingPoint MasterCRL
- Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
9620.Thread-12 - [07/Sep/2011:11:38:12 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
9620.Thread-12 - [07/Sep/2011:11:38:12 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
9620.Thread-12 - [07/Sep/2011:11:38:12 CDT] [3] [3] CRLIssuingPoint MasterCRL -
Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
9620.Thread-12 - [07/Sep/2011:11:38:12 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
9620.Thread-12 - [07/Sep/2011:11:38:12 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
9620.Thread-12 - [07/Sep/2011:11:38:12 CDT] [3] [3] CRLIssuingPoint MasterCRL -
Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
11308.Thread-12 - [08/Sep/2011:11:19:17 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
11308.Thread-12 - [08/Sep/2011:11:19:17 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
11308.Thread-12 - [08/Sep/2011:11:19:17 CDT] [3] [3] CRLIssuingPoint MasterCRL
- Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
11308.Thread-12 - [08/Sep/2011:11:19:17 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
11308.Thread-12 - [08/Sep/2011:11:19:17 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
11308.Thread-12 - [08/Sep/2011:11:19:17 CDT] [3] [3] CRLIssuingPoint MasterCRL
- Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
5178.main - [08/Sep/2011:11:52:58 CDT] [8] [3] In Ldap (bound) connection pool
to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
5178.main - [08/Sep/2011:11:52:58 CDT] [13] [3] authz instance DirAclAuthz
initialization failed and skipped, error=Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
5178.Thread-12 - [08/Sep/2011:12:04:16 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
5178.Thread-12 - [08/Sep/2011:12:04:16 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
5178.Thread-12 - [08/Sep/2011:12:04:16 CDT] [3] [3] CRLIssuingPoint MasterCRL -
Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
5178.Thread-12 - [08/Sep/2011:12:04:16 CDT] [8] [3] In Ldap (bound) connection
pool to host server1.fake.com port 7389, Cannot connect to LDAP server. Error:
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
5178.Thread-12 - [08/Sep/2011:12:04:16 CDT] [5] [3] Failed to get a connection
to the LDAP server. Error Could not connect to LDAP server host
server1.fake.com port 7389 Error netscape.ldap.LDAPException: failed to connect
to server ldap://server1.fake.com:7389 (91)
5178.Thread-12 - [08/Sep/2011:12:04:16 CDT] [3] [3] CRLIssuingPoint MasterCRL -
Cannot store the CRL cache in the internaldb. Error Failed to connect LDAP
server Could not connect to LDAP server host server1.fake.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server
ldap://server1.fake.com:7389 (91)
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
