Rob, Thanks again! I installed the debuginfo package for bind and the named crashed after a few minutes and gave a core dump file . But this time abrt is not listing any crash(for previous crashes it was listing). I generated a stacktrace from the core file using gdb. But I had not installed debuginfo for bind-dyndb-ldap package. Now I have installed debuginfo package for bind-dyndb-ldap package too. Please find the attached stack trace along with this.
I can afford to reboot/test the server today for a few hours from now. Please let me know anything that can be done to help you to fix this. It is really causing a big issue as the entire IPA becomes useless and people cannot login to their system at all or do anything because of this. Regards, Nidal --- On Mon, 7/25/11, Rob Crittenden <[email protected]> wrote: > From: Rob Crittenden <[email protected]> > Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment > To: "nasir nasir" <[email protected]> > Cc: [email protected] > Date: Monday, July 25, 2011, 7:22 AM > nasir nasir wrote: > > Hi Rob, > > > > Thanks indeed for the quick reply! Please see the > attached backtrace > > files. I have generated it with the abrt. Is it OK ? > please let me know > > if you need anything else. > > As I feared this doesn't quite show us whether > bind-dyndb-ldap is the > culprit or not. Knowing that this is a production system is > it possible > to install the bind debuginfo package so we can get a more > complete > backtrace the next time it crashes? > > rob > > > > > Regards, > > Nasir > > > > > > --- On *Mon, 7/25/11, Rob Crittenden /<[email protected]>/* > wrote: > > > > > > From: Rob Crittenden <[email protected]> > > Subject: Re: [Freeipa-users] > FreeIPA for Linux desktop deployment > > To: "nasir nasir" <[email protected]> > > Cc: [email protected] > > Date: Monday, July 25, 2011, > 6:16 AM > > > > nasir nasir wrote: > > > Hi, > > > > > > Further to the ongoing > deployment of Linux clients and servers using > > > FreeIPA, I was able to > successfully get all the requirements like, > > > > > > -- complete centralized > authentication and administration > > > -- NFS home share > > > -- HBAC > > > -- FreeIPA acting as > Integrated DNS server > > > > > > Everything was good during > the testing period. But when we went to > > > production since day before > yesterday, we are facing a serious issue. > > > The DNS in IPA is giving out > some problems. All of a sudden it > > becomes > > > unresponsive. We already > noticed this twice in the past 48 hours. > > Since > > > this is the name server for > the entire network, everything > > depending on > > > this for name resolution > fails. When I log in to FreeIPA server > > machine > > > and tries to see the status > of named service(service named > > status) the > > > command hangs. Then I need to > forcefully kill the named service and > > > start it again(or > alternatively restart ipa service) to get > > everything > > > back to normal. I checked all > the relevant log files and could > > see the > > > following at various point of > time in the > > /var/log/messages(trimmed out > > > most of the part to show only > possible named/sssd/ipa errors) > > > > > > Jul 22 05:57:55 openipa > named[10135]: semaphore.c:70: fatal error: > > > Jul 22 05:57:55 openipa > named[10135]: > > > > RUNTIME_CHECK(((pthread_mutex_destroy((&sem->mutex)) > == 0) ? 0 : > > 34) == > > > 0) failed > > > Jul 22 05:57:55 openipa > named[10135]: exiting (due to fatal error in > > > library) > > > Jul 22 05:57:55 openipa > abrt[12698]: /var/named/core.10135 is not a > > > regular file with link count > 1: Permission denied > > > > > > > > > Jul 22 14:35:56 openipa > [sssd[ldap_child[17070]]]: Failed to > > initialize > > > credentials using keytab > [(null)]: Decrypt integrity check failed. > > > Unable to create > GSSAPI-encrypted LDAP connection. > > > Jul 22 14:35:56 openipa > [sssd[ldap_child[17072]]]: Failed to > > initialize > > > credentials using keytab > [(null)]: Decrypt integrity check failed. > > > Unable to create > GSSAPI-encrypted LDAP connection. > > > > > > > > > Jul 22 17:54:33 openipa > named[15678]: error (network unreachable) > > > resolving > 'snapfiles.com/AAAA/IN': 2001:503:231d::2:30#53 > > > > > > > > > Jul 22 20:00:02 openipa > python: IPA compliance checking failed: Error > > > initializing principal > host/[email protected] > > </mc/[email protected]> > in > > > /etc/krb5.keytab: > (-1765328353, 'Decrypt integrity check failed') > > > > > > > > > Jul 23 09:10:01 openipa > abrt[21599]: saved core dump of pid 20934 > > > (/usr/sbin/named) to > > > /var/spool/abrt/ccpp-1311401401-20934.new/coredump > > > (37900288 bytes) > > > Jul 23 09:10:01 openipa > abrtd: Directory 'ccpp-1311401401-20934' > > > creation detected > > > Jul 23 09:10:01 openipa > abrtd: Crash is in database already (dup of > > > > /var/spool/abrt/ccpp-1307530903-2297) > > > Jul 23 09:10:01 openipa > abrtd: Deleting crash > > ccpp-1311401401-20934 (dup > > > of ccpp-1307530903-2297), > sending dbus signal > > > Jul 23 09:10:03 openipa > named[21631]: starting BIND > > > 9.7.3-RedHat-9.7.3-2.el6 -u > named -4 > > > > > > > > > Jul 23 15:35:56 openipa > [sssd[ldap_child[22297]]]: Failed to > > initialize > > > credentials using keytab > [(null)]: Decrypt integrity check failed. > > > Unable to create > GSSAPI-encrypted LDAP connection. > > > Jul 23 15:35:56 openipa > [sssd[ldap_child[22298]]]: Failed to > > initialize > > > credentials using keytab > [(null)]: Decrypt integrity check failed. > > > Unable to create > GSSAPI-encrypted LDAP connection. > > > > > > Jul 23 09:10:03 openipa > named[21631]: adjusted limit on open > > files from > > > 1024 to 1048576 > > > > > > > > > Jul 24 03:16:01 openipa > [sssd[ldap_child[22964]]]: Failed to > > initialize > > > credentials using keytab > [(null)]: Decrypt integrity check failed. > > > Unable to create > GSSAPI-encrypted LDAP connection. > > > Jul 24 04:00:02 openipa > python: IPA compliance checking failed: Error > > > initializing principal > host/[email protected] > > </mc/[email protected]> > in > > > /etc/krb5.keytab: > (-1765328353, 'Decrypt integrity check failed') > > > Jul 24 06:17:25 openipa > named[21631]: semaphore.c:70: fatal error: > > > Jul 24 06:17:25 openipa > named[21631]: > > > > RUNTIME_CHECK(((pthread_mutex_destroy((&sem->mutex)) > == 0) ? 0 : > > 34) == > > > 0) failed > > > Jul 24 06:17:25 openipa > named[21631]: exiting (due to fatal error in > > > library) > > > Jul 24 06:17:25 openipa > abrt[23220]: saved core dump of pid 21631 > > > (/usr/sbin/named) to > > > /var/spool/abrt/ccpp-1311477445-21631.new/coredump > > > (143396864 bytes) > > > > > > Also, I could see the > following in my krb5kdc.log, > > > > > > ul 24 06:20:46 > openipa.hugayet.com krb5kdc[23721](Error): preauth > > pkinit > > > failed to initialize: No > realms configured correctly for pkinit > > support > > > Jul 24 06:20:46 > openipa.hugayet.com krb5kdc[23721](info): setting up > > > network... > > > Jul 24 06:20:46 > openipa.hugayet.com krb5kdc[23721](info): > > listening on > > > fd 9: udp 0.0.0.0.88 > (pktinfo) > > > krb5kdc: > setsockopt(10,IPV6_V6ONLY,1) worked > > > krb5kdc: No realms configured > correctly for pkinit support - Cannot > > > request packet info for udp > socket address :: port 88 > > > Jul 24 06:20:46 > openipa.hugayet.com krb5kdc[23721](info): skipping > > > unrecognized local address > family 17 > > > Jul 24 06:20:46 > openipa.hugayet.com krb5kdc[23721](info): skipping > > > unrecognized local address > family 17 > > > krb5kdc: > setsockopt(10,IPV6_V6ONLY,1) worked > > > Jul 24 06:20:46 > openipa.hugayet.com krb5kdc[23721](info): > > listening on > > > fd 10: udp > fe80::6ab5:99ff:fec8:160%eth0.88 > > > krb5kdc: > setsockopt(11,IPV6_V6ONLY,1) worked > > > Jul 24 06:20:46 > openipa.hugayet.com krb5kdc[23721](info): > > listening on > > > fd 12: tcp 0.0.0.0.88 > > > Jul 24 06:20:46 > openipa.hugayet.com krb5kdc[23721](info): > > listening on > > > fd 11: tcp ::.88 > > > Jul 24 06:20:46 > openipa.hugayet.com krb5kdc[23721](info): set up > > 4 sockets > > > > > > Also, please note the > following points, > > > > > > ---- For the DHCP service, I > have a cobbler server running the > > service > > > which will use the FreeIPA > server's DNS servicee.(with > > > *ddns-update-style interim; > *option in the dhcp configuration file) > > > ---- After seeing some > permission related issues for named, I > > have given > > > /var/named sufficient > permission to named daemon for the folder. > > > ---- Disabled ipv6 for named > as I don't use it anyway(OPTIONS="-4" in > > > /etc/sysconfig/named) > > > > > > Thanks indeed for for all the > help so far and waiting for your > > valuable > > > input on this! > > > > If you can get a backtrace on > the named core I think that would be very > > helpful. It could be a problem > in bind or in the bind-dyndb-ldap plugin > > that we use to LDAP as a > backend store for bind. > > > > rob > > > >
gdb_core
Description: Binary data
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
