Update: It appears to lockup immediately after a user with an expired password attempts to login. This happens when a user attempts to login at the freeipa-server itself or one of the clients.
From: [email protected] [mailto:[email protected]] On Behalf Of Smith, Martin R. [[email protected]] Sent: Thursday, September 08, 2011 12:49 PM To: [email protected] Subject: [Freeipa-users] krb5kdc process at 100% Hello all, I'm running a fairly new install of Freeipa-server and we are running into a problem that is preventing users from logging in. We have two SSH servers that authenticate to our freeipa-server and after 15 min to 4 hrs of runtime the process Krb5kdc will consume 100% of the processor and the freeipa-server will no longer respond to ldap requests from the other machines. Here are some specs: The freeipa-server is running as a virtual machine on a Xen 5.6 box Fedora 15 with all current updates The /home directory is a NFS mount to a different server, also running freeipa-client I updated the freeipa-server package to the "testing" repo today, the problem still exists. The only additional components I've installed are fail2ban, and rsyslog. Some of the error messages include: (krb5kdc.log) Sep 08 12:10:23 client1.fake.com krb5kdc[1867](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 199.17.59.5: NEEDED_PREAUTH: host/[email protected]<mailto:host/[email protected]> for krbtgt/[email protected]<mailto:krbtgt/[email protected]>, Additional pre-authentication required (pki-ca-system-log) Attached. This log is from the freeipa-server, it appears to be complaining that it can't connect to itself. I can provide more logs to a personal email if needed. Thanks for your help in resolving this issue. -Martin Smith
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
