Hi Terry, > I've no idea why this keeps happening, everything looks ok then it just stops
Check time an date on all involved servers/workstations - if the difference is more than 300 seconds , Kerberos might not work correctly. Apply the same time to all involved servers/workstations. Regards, Gerald On Wed, Mar 1, 2017 at 1:25 PM, Terry John <[email protected]> wrote: > I have a problem using freeipa version 3.0.0-50 on CentOS release 6.8. The > problem manifests itself as no authentication, and no DNS. > > It seems Kerberos just stops responding to requests and requests just get > queued up > # netstat -tuna | grep SYN_RECV > Active Internet connections (servers and established) > Proto Recv-Q Send-Q Local Address Foreign Address > State > tcp 0 0 <server IP>:88 <client1 > IP>:55440 SYN_RECV > tcp 0 0 <server IP>:88 <client 2 > IP>:40076 SYN_RECV > tcp 0 0 <server IP>:88 <Client 3 > IP>:41525 SYN_RECV > tcp 0 0 <server IP>:88 <Client4 > IP>:53958 SYN_RECV > tcp 0 0 <server IP>:88 <Client5 > IP>:54240 SYN_RECV > > Looking at /var/log/krb5kdc.log > The normal activity of AS_REQ and TGS_REC messages just stops. No error > messages. Just no new messages. > > In /var/log/messages the named server reports messages like > Mar 1 00:00:23 freeipa named[18989]: LDAP error: Can't contact LDAP server > Mar 1 00:00:23 freeipa named[18989]: connection to the LDAP server was lost > Mar 1 00:00:23 freeipa named[18989]: bind to LDAP server failed: Can't > contact LDAP server > > The command "kinit" is totally unresponsive and will time out if you wait > long enough. > > If I try to restart ipa with "service ipa restart", it hangs on the first > stage, trying to stop DIRSRV. > I have to do a "ps ax" and look for this line. > 2758 ? Sl 2:13 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-MY-REALM -i > /var/run/dirsrv/slapd-MY-REALM.pid -w /var/run/dirsrv/slapd-MY-REALM.startpid > > Then I have to a "kill -9" on the pid > Then I can do "service ipa restart" > > After that it works ok for a while. "A while" may be a few minutes or several > hours. > The filesystem is only 58% used and "free" shows no swap in use so there > seems to be plenty of RAM available. > "top" shows CPU(s) 96% idle with "dirsirv" typically using about 3%CPU at most > > I've no idea why this keeps happening, everything looks ok then it just stops > > Terry John > System Administrator- Cox Automotive Software > E: [email protected] > > > > Cox Automotive group of companies within the UK comprises: Cox Automotive UK > Limited (registered number: 03183918), Manheim Limited (registered number: > 00448761), Cox Automotive Retail Solutions Limited (registered number: > 02838588), Motors.co.uk Limited (registered number: 05975777), and Real Time > Communications Limited (registered number: 04277845). Each of these companies > is registered in England and Wales with the registered office address of > Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Cox Automotive group > of companies within the UK operates under various brand/trading names > including Cox Automotive UK, Manheim Inspection Services, Manheim Auctions, > Modix, Xtime and Closeit. > > V:0CF72C13B2AD > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
