Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Hi all, After applying the patches and restarting the service, everything was fine for about couple of hours. But again it crashed and gave core dump. I have updated the latest /var/log/messages and core dump with the bugzilla report. Please help. Regards, Nidal --- On Tue, 7/26/11, Adam Tkac wrote: > From: Adam Tkac > Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment > To: "nasir nasir" > Cc: freeipa-users@redhat.com, "Robert M. Albrecht" > Date: Tuesday, July 26, 2011, 7:58 AM > On 07/26/2011 04:51 PM, nasir nasir > wrote: > > Hi All, > > > > Thanks a ton for every one who helped to have such a > quick fix for this issue. I truly appreciate it. I have > applied the patch (generated from the source rpm and applied > with rpm -Uvh ***) and restarted IPA service. Had a > preliminary test of the services and everything seems to be > fine. Will keep watching and update the list in due course. > > > > > Adam, > > > > Do you want me to update the bugzilla now or wait for > a couple of days to observe ? > > Thanks for your feedback, you don't have to update > bugzilla, update it > only in case if named crashes again, please. For now I will > consider the > patch as correct. > > Regards, Adam > ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Hi, the new named just died again: [root@zerberus ~]# nslookup www.google.de ;; connection timed out; no servers could be reached [root@zerberus ~]# rpm --query --all | grep bind bind-debuginfo-9.8.0-7.P4.fc15.x86_64 bind-libs-9.8.0-7.P4.fc15.x86_64 bind-libs-lite-9.8.0-7.P4.fc15.x86_64 bind-dyndb-ldap-debuginfo-0.2.0-3.fc15.x86_64 bind-utils-9.8.0-7.P4.fc15.x86_64 bind-dyndb-ldap-0.2.0-3.fc15.x86_64 bind-9.8.0-7.P4.fc15.1.x86_64 bind-license-9.8.0-7.P4.fc15.noarch [root@zerberus ~]# rndc trace or rndc reload will just freeze or wait forever. cu romal Am 26.07.11 16:58, schrieb Adam Tkac: On 07/26/2011 04:51 PM, nasir nasir wrote: Hi All, Thanks a ton for every one who helped to have such a quick fix for this issue. I truly appreciate it. I have applied the patch (generated from the source rpm and applied with rpm -Uvh ***) and restarted IPA service. Had a preliminary test of the services and everything seems to be fine. Will keep watching and update the list in due course. Adam, Do you want me to update the bugzilla now or wait for a couple of days to observe ? Thanks for your feedback, you don't have to update bugzilla, update it only in case if named crashes again, please. For now I will consider the patch as correct. Regards, Adam ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
On 07/26/2011 04:51 PM, nasir nasir wrote: > Hi All, > > Thanks a ton for every one who helped to have such a quick fix for this > issue. I truly appreciate it. I have applied the patch (generated from the > source rpm and applied with rpm -Uvh ***) and restarted IPA service. Had a > preliminary test of the services and everything seems to be fine. Will keep > watching and update the list in due course. > > Adam, > > Do you want me to update the bugzilla now or wait for a couple of days to > observe ? Thanks for your feedback, you don't have to update bugzilla, update it only in case if named crashes again, please. For now I will consider the patch as correct. Regards, Adam ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Hi All, Thanks a ton for every one who helped to have such a quick fix for this issue. I truly appreciate it. I have applied the patch (generated from the source rpm and applied with rpm -Uvh ***) and restarted IPA service. Had a preliminary test of the services and everything seems to be fine. Will keep watching and update the list in due course. Adam, Do you want me to update the bugzilla now or wait for a couple of days to observe ? Thanks again and regards, Nidal --- On Tue, 7/26/11, Adam Tkac wrote: > From: Adam Tkac > Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment > To: "nasir nasir" > Cc: freeipa-users@redhat.com, "Robert M. Albrecht" > Date: Tuesday, July 26, 2011, 7:13 AM > On 07/26/2011 03:56 PM, nasir nasir > wrote: > > Hi, > > > >>> In my case things are getting worse after the > >> configuration change. Earlier the issue used to > pops up once > >> in a day or so. But now it is recurring in > every hour > >> or so. So I have reverted that parameter. > >> May I ask you if you send reload (rndc reload or > kill -HUP) > >> or stop > >> command to named right before it dies, please? Or > you don't > >> send any > >> signals or rndc commands. Thanks. > >> > >> Regards, Adam > > I had done this while I had noticed this crash in the > beginning and didn't know what impact it had on this. Do you > want me to try anything now ? Also, if you want I can afford > downtime now. Please let me know. > I just created the patch which should solve this issue, it > is located on > http://people.redhat.com/atkac/bind/bind97-rh725577.patch > (note this is > patch for bind, not for the bind-dyndb-ldap plugin) > > I also created patched source rpms for RHEL-6 and Fedora > 15: > el6: > http://people.redhat.com/atkac/bind/bind-9.7.3-2.el6_1.P3.2.1.rh725577.src.rpm > fc15: http://people.redhat.com/atkac/bind/bind-9.8.0-7.P4.fc15.1.src.rpm > > Please test if patched version solves this issue. Thanks in > advance. > > Regards, Adam > ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
On 07/26/2011 03:56 PM, nasir nasir wrote: > Hi, > >>> In my case things are getting worse after the >> configuration change. Earlier the issue used to pops up once >> in a day or so. But now it is recurring in every hour >> or so. So I have reverted that parameter. >> May I ask you if you send reload (rndc reload or kill -HUP) >> or stop >> command to named right before it dies, please? Or you don't >> send any >> signals or rndc commands. Thanks. >> >> Regards, Adam > I had done this while I had noticed this crash in the beginning and didn't > know what impact it had on this. Do you want me to try anything now ? Also, > if you want I can afford downtime now. Please let me know. I just created the patch which should solve this issue, it is located on http://people.redhat.com/atkac/bind/bind97-rh725577.patch (note this is patch for bind, not for the bind-dyndb-ldap plugin) I also created patched source rpms for RHEL-6 and Fedora 15: el6: http://people.redhat.com/atkac/bind/bind-9.7.3-2.el6_1.P3.2.1.rh725577.src.rpm fc15: http://people.redhat.com/atkac/bind/bind-9.8.0-7.P4.fc15.1.src.rpm Please test if patched version solves this issue. Thanks in advance. Regards, Adam ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] version mismatch while joining a client ?
Robert M. Albrecht wrote:
Hi,
I tried to join my first client (another fully patched F15, like the
ipa-server).
Joining realm failed because of failing XML-RPC request.
This error may be caused by incompatible server/client major versions.
I think this is the problem caused by a recent libcurl change. libcurl
recently dropped support for GSSAPI ticket delegation which is needed
for the enrollment. If you look in the Apache error log on the IPA
server I'll bet there is an error about principal.
We're waiting on upstream to add support for forwarding back in. Until
then your options are limited. The change was made because it was
considered a security issue: whenever forwarding was allow the ticket
was sent whether it was requested or not.
Downgrading libcurl will fix the problem for enrollment. You should
evaluate the CVE to decide the course of action:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2192
rob
[root@chessur ~]# ipa-client-install --debug --enable-dns-updates
root : DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force':
False, 'sssd': True, 'hostname': None, 'permit': False, 'server': None,
'prompt_password': False, 'realm_name': None, 'dns_updates': True,
'debug': True, 'on_master': False, 'ntp_server': None, 'mkhomedir':
False, 'unattended': None, 'principal': None}
root : DEBUG missing options might be asked for interactively
later
root : DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
^C^C^C^C^C^C^C^C^C[root@chessur ~]# ipa-client-install --debug
--enable-dns-updates
root : DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force':
False, 'sssd': True, 'hostname': None, 'permit': False, 'server': None,
'prompt_password': False, 'realm_name': None, 'dns_updates': True,
'debug': True, 'on_master': False, 'ntp_server': None, 'mkhomedir':
False, 'unattended': None, 'principal': None}
root : DEBUG missing options might be asked for interactively
later
root : DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
root : DEBUG [ipadnssearchldap(vorlon.lan)]
root : DEBUG [ipadnssearchkrb]
root : DEBUG [ipacheckldap]
root : DEBUG args=/usr/bin/wget -O /tmp/tmpLob8Sc/ca.crt
http://zerberus.vorlon.lan/ipa/config/ca.crt
root : DEBUG stdout=
root : DEBUG stderr=--2011-07-26 15:34:18--
http://zerberus.vorlon.lan/ipa/config/ca.crt
Auflösen des Hostnamen »zerberus.vorlon.lan« 192.168.0.230
Verbindungsaufbau zu zerberus.vorlon.lan|192.168.0.230|:80... verbunden.
HTTP Anforderung gesendet, warte auf Antwort... 200 OK
Länge: 767 [application/x-x509-ca-cert]
In »»/tmp/tmpLob8Sc/ca.crt«« speichern.
0K 100% 96,8M=0s
2011-07-26 15:34:18 (96,8 MB/s) - »»/tmp/tmpLob8Sc/ca.crt«« gespeichert
[767/767]
root : DEBUG Init ldap with: ldap://zerberus.vorlon.lan:389
root : DEBUG Search rootdse
root : DEBUG Search for (info=*) in dc=vorlon,dc=lan(base)
root : DEBUG Found: [('dc=vorlon,dc=lan', {'objectClass':
['top', 'domain', 'pilotObject', 'nisDomainObject',
'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain':
['vorlon.lan'], 'dc': ['vorlon'], 'nisDomain': ['vorlon.lan']})]
root : DEBUG Search for (objectClass=krbRealmContainer) in
dc=vorlon,dc=lan(sub)
root : DEBUG Found:
[('cn=VORLON.LAN,cn=kerberos,dc=vorlon,dc=lan', {'krbSubTrees':
['dc=vorlon,dc=lan'], 'cn': ['VORLON.LAN'], 'krbDefaultEncSaltTypes':
['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special',
'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer',
'krbticketpolicyaux'], 'krbSearchScope': ['2'],
'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special',
'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal',
'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special',
'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal',
'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'],
'krbMaxRenewableAge': ['604800']})]
root : DEBUG will use domain: vorlon.lan
root : DEBUG will use server: zerberus.vorlon.lan
Discovery was successful!
root : DEBUG will use cli_realm: VORLON.LAN
root : DEBUG will use cli_basedn: dc=vorlon,dc=lan
Hostname: chessur.vorlon.lan
Realm: VORLON.LAN
DNS Domain: vorlon.lan
IPA Server: zerberus.vorlon.lan
BaseDN: dc=vorlon,dc=lan
Continue to configure the system with these values? [no]: yes
Enrollment principal: admin
root : DEBUG will use principal: admin
root : DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
http://zerberus.vorlon.lan/ipa/config/ca.crt
root : DEBUG stdout=
root : DEBUG stderr=--2011-07-26 15:34:28--
http://zerberus.vorlon.lan/ipa/config/ca.crt
Auflösen des Hostnamen »zerberus.vorlon.lan« 192.168.0.230
Verbindungsaufbau zu zerberus.vorlon.lan|192.168.0.230|:80... verbunden.
HTTP Anforderung gesendet, warte auf Antwort... 200 OK
Länge: 767 [application/x-x509-ca-cert]
In »»/etc/ip
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Hi, > > > > In my case things are getting worse after the > configuration change. Earlier the issue used to pops up once > in a day or so. But now it is recurring in every hour > or so. So I have reverted that parameter. > > > May I ask you if you send reload (rndc reload or kill -HUP) > or stop > command to named right before it dies, please? Or you don't > send any > signals or rndc commands. Thanks. > > Regards, Adam I had done this while I had noticed this crash in the beginning and didn't know what impact it had on this. Do you want me to try anything now ? Also, if you want I can afford downtime now. Please let me know. Regards, Nidal ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
On 07/26/2011 03:22 PM, nasir nasir wrote: > Hi, > > >> Hi, >> >> I already included it, it's running for 15 minutes now. It >> never >> survived longer than a minute before. >> >> Keep fingers crossed :-) > > In my case things are getting worse after the configuration change. Earlier > the issue used to pops up once in a day or so. But now it is recurring in > every hour or so. So I have reverted that parameter. > May I ask you if you send reload (rndc reload or kill -HUP) or stop command to named right before it dies, please? Or you don't send any signals or rndc commands. Thanks. Regards, Adam ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Hi, it just died. Limiting the connections seems to help, but does not solve the problem. cu romal Am 26.07.11 15:22, schrieb nasir nasir: Hi, Hi, I already included it, it's running for 15 minutes now. It never survived longer than a minute before. Keep fingers crossed :-) In my case things are getting worse after the configuration change. Earlier the issue used to pops up once in a day or so. But now it is recurring in every hour or so. So I have reverted that parameter. Thanks again. Regards, Nidal ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] version mismatch while joining a client ?
Hi,
I tried to join my first client (another fully patched F15, like the
ipa-server).
Joining realm failed because of failing XML-RPC request.
This error may be caused by incompatible server/client major versions.
[root@chessur ~]# ipa-client-install --debug --enable-dns-updates
root: DEBUG/usr/sbin/ipa-client-install was invoked with
options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force':
False, 'sssd': True, 'hostname': None, 'permit': False, 'server': None,
'prompt_password': False, 'realm_name': None, 'dns_updates': True,
'debug': True, 'on_master': False, 'ntp_server': None, 'mkhomedir':
False, 'unattended': None, 'principal': None}
root: DEBUGmissing options might be asked for interactively
later
root: DEBUGLoading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
^C^C^C^C^C^C^C^C^C[root@chessur ~]# ipa-client-install --debug
--enable-dns-updates
root: DEBUG/usr/sbin/ipa-client-install was invoked with
options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force':
False, 'sssd': True, 'hostname': None, 'permit': False, 'server': None,
'prompt_password': False, 'realm_name': None, 'dns_updates': True,
'debug': True, 'on_master': False, 'ntp_server': None, 'mkhomedir':
False, 'unattended': None, 'principal': None}
root: DEBUGmissing options might be asked for interactively
later
root: DEBUGLoading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
root: DEBUG[ipadnssearchldap(vorlon.lan)]
root: DEBUG[ipadnssearchkrb]
root: DEBUG[ipacheckldap]
root: DEBUGargs=/usr/bin/wget -O /tmp/tmpLob8Sc/ca.crt
http://zerberus.vorlon.lan/ipa/config/ca.crt
root: DEBUGstdout=
root: DEBUGstderr=--2011-07-26 15:34:18--
http://zerberus.vorlon.lan/ipa/config/ca.crt
Auflösen des Hostnamen »zerberus.vorlon.lan« 192.168.0.230
Verbindungsaufbau zu zerberus.vorlon.lan|192.168.0.230|:80... verbunden.
HTTP Anforderung gesendet, warte auf Antwort... 200 OK
Länge: 767 [application/x-x509-ca-cert]
In »»/tmp/tmpLob8Sc/ca.crt«« speichern.
0K 100% 96,8M=0s
2011-07-26 15:34:18 (96,8 MB/s) - »»/tmp/tmpLob8Sc/ca.crt«« gespeichert
[767/767]
root: DEBUGInit ldap with: ldap://zerberus.vorlon.lan:389
root: DEBUGSearch rootdse
root: DEBUGSearch for (info=*) in dc=vorlon,dc=lan(base)
root: DEBUGFound: [('dc=vorlon,dc=lan', {'objectClass':
['top', 'domain', 'pilotObject', 'nisDomainObject',
'domainRelatedObject'], 'info': ['IPA V2.0'], 'associatedDomain':
['vorlon.lan'], 'dc': ['vorlon'], 'nisDomain': ['vorlon.lan']})]
root: DEBUGSearch for (objectClass=krbRealmContainer) in
dc=vorlon,dc=lan(sub)
root: DEBUGFound:
[('cn=VORLON.LAN,cn=kerberos,dc=vorlon,dc=lan', {'krbSubTrees':
['dc=vorlon,dc=lan'], 'cn': ['VORLON.LAN'], 'krbDefaultEncSaltTypes':
['aes256-cts:special', 'aes128-cts:special', 'des3-hmac-sha1:special',
'arcfour-hmac:special'], 'objectClass': ['top', 'krbrealmcontainer',
'krbticketpolicyaux'], 'krbSearchScope': ['2'],
'krbSupportedEncSaltTypes': ['aes256-cts:normal', 'aes256-cts:special',
'aes128-cts:normal', 'aes128-cts:special', 'des3-hmac-sha1:normal',
'des3-hmac-sha1:special', 'arcfour-hmac:normal', 'arcfour-hmac:special',
'des-hmac-sha1:normal', 'des-cbc-md5:normal', 'des-cbc-crc:normal',
'des-cbc-crc:v4', 'des-cbc-crc:afs3'], 'krbMaxTicketLife': ['86400'],
'krbMaxRenewableAge': ['604800']})]
root: DEBUGwill use domain: vorlon.lan
root: DEBUGwill use server: zerberus.vorlon.lan
Discovery was successful!
root: DEBUGwill use cli_realm: VORLON.LAN
root: DEBUGwill use cli_basedn: dc=vorlon,dc=lan
Hostname: chessur.vorlon.lan
Realm: VORLON.LAN
DNS Domain: vorlon.lan
IPA Server: zerberus.vorlon.lan
BaseDN: dc=vorlon,dc=lan
Continue to configure the system with these values? [no]: yes
Enrollment principal: admin
root: DEBUGwill use principal: admin
root: DEBUGargs=/usr/bin/wget -O /etc/ipa/ca.crt
http://zerberus.vorlon.lan/ipa/config/ca.crt
root: DEBUGstdout=
root: DEBUGstderr=--2011-07-26 15:34:28--
http://zerberus.vorlon.lan/ipa/config/ca.crt
Auflösen des Hostnamen »zerberus.vorlon.lan« 192.168.0.230
Verbindungsaufbau zu zerberus.vorlon.lan|192.168.0.230|:80... verbunden.
HTTP Anforderung gesendet, warte auf Antwort... 200 OK
Länge: 767 [application/x-x509-ca-cert]
In »»/etc/ipa/ca.crt«« speichern.
0K 100% 64,6M=0s
2011-07-26 15:34:28 (64,6 MB/s) - »»/etc/ipa/ca.crt«« gespeichert [767/767]
root: DEBUGWriting Kerberos configuration to /tmp/tmphXdPGl:
#File modified by ipa-client-install
[libdefaults]
default_realm = VORLON.LAN
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifet
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Hi, > > Hi, > > I already included it, it's running for 15 minutes now. It > never > survived longer than a minute before. > > Keep fingers crossed :-) In my case things are getting worse after the configuration change. Earlier the issue used to pops up once in a day or so. But now it is recurring in every hour or so. So I have reverted that parameter. Thanks again. Regards, Nidal ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Am 26.07.11 14:52, schrieb Rob Crittenden: Robert M. Albrecht wrote: Hi, I think I have a similar problem on a fully patched F15. After booting name resolution is working for about a minute, after that it suddenly stops. The logged error sure looks similar. Can you try the configuration option as well to see if it helps? thanks rob Hi, I already included it, it's running for 15 minutes now. It never survived longer than a minute before. Keep fingers crossed :-) cu romal ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Hi, abrt-upload at: https://bugzilla.redhat.com/show_bug.cgi?id=725741 cu romal Am 26.07.11 14:02, schrieb Robert M. Albrecht: Hi, I think I have a similar problem on a fully patched F15. After booting name resolution is working for about a minute, after that it suddenly stops. /var/log/messages Jul 26 13:51:50 zerberus named[2948]: starting BIND 9.8.0-P4-RedHat-9.8.0-7.P4.fc15 -u named Jul 26 13:51:50 zerberus named[2948]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--with-pkcs11=/usr/lib64/pkcs11/PKCS11_API.so' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' Jul 26 13:51:50 zerberus named[2948]: adjusted limit on open files from 1024 to 1048576 Jul 26 13:51:50 zerberus named[2948]: found 4 CPUs, using 4 worker threads Jul 26 13:51:50 zerberus named[2948]: using up to 4096 sockets Jul 26 13:51:50 zerberus named[2948]: loading configuration from '/etc/named.conf' Jul 26 13:51:50 zerberus named[2948]: using default UDP/IPv4 port range: [1024, 65535] Jul 26 13:51:50 zerberus named[2948]: using default UDP/IPv6 port range: [1024, 65535] Jul 26 13:51:50 zerberus named[2948]: listening on IPv6 interfaces, port 53 Jul 26 13:51:50 zerberus named[2948]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 26 13:51:50 zerberus named[2948]: listening on IPv4 interface em1, 192.168.0.230#53 Jul 26 13:51:50 zerberus named[2948]: generating session key for dynamic DNS Jul 26 13:51:50 zerberus named[2948]: set up managed keys zone for view _default, file 'managed-keys.bind' Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 127.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 254.169.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: D.F.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 8.E.F.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 9.E.F.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: A.E.F.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: B.E.F.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: command channel listening on 127.0.0.1#953 Jul 26 13:51:50 zerberus named[2948]: command channel listening on ::1#953 Jul 26 13:51:50 zerberus named[2948]: the working directory is not writable Jul 26 13:51:50 zerberus named[2948]: zone 0.in-addr.arpa/IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: zone localhost.localdomain/IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: zone localhost/IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Jul 26 13:51:50 zerberus named[2948]: managed-keys-zone ./IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: running (END) shell Non-authoritative answer: www.google.de canonical name = www.google.com. www.google.com canonical name = www.l.google.com. Name: www.l.google.com Address: 209.85.149.105 Name: www.l.google.com Address: 209.85.149.106 Name: www.l.google.com Address: 209.85.149.147 Name: www.l.google.com Address: 209.85.149.99 Name: www.l.google.com Address: 209.85.149.103 Name: www.l.google.com Address: 209.85.149.104 [root@zerberus ~]# nslookup www.google.de Server: 127.0.0.1 Address: 127.0.0.1#53 Non-au
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Robert M. Albrecht wrote: Hi, I think I have a similar problem on a fully patched F15. After booting name resolution is working for about a minute, after that it suddenly stops. The logged error sure looks similar. Can you try the configuration option as well to see if it helps? thanks rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Install problems with 2.0.1 on F15
Hi,
sorry, that was my own mistake:
from the docs at
http://directory.fedoraproject.org/wiki/Install_Guide#Removing_Packages
Extra cleanup
After removing all of the packages, you can do something like this to
make sure your system is back to a clean state:
rm -rf /etc/dirsrv /usr/lib*/dirsrv /var/*/dirsrv /etc/sysconfig/dirsrv*
--
I didn't notice the /lib*/. I used it to remove some left over
configuration files.
I didn't see that it will also remove parts of the directory server
programm files.
Was a bit late that night ...
cu romal
Am 25.07.11 15:12, schrieb Rob Crittenden:
Robert M. Albrecht wrote:
Hi,
I get an error message while installing freeipa on F15.
...
ipa-server-install --setup-dns
...
all testing updates are installed:
Configuring ntpd
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
done configuring ntpd.
Configuring directory server for the CA: Estimated time 30 seconds
[1/3]: creating directory server user
[2/3]: creating directory server instance
root : CRITICAL failed to restart ds instance Command
'/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpJ8Tbtg' returned
non-zero exit status 2
[3/3]: restarting directory server
root : CRITICAL Failed to restart the directory server. See the
installation log for details.
done configuring dirsrv.
Configuring certificate server: Estimated time 6 minutes
[1/16]: creating certificate server user
[2/16]: restarting certificate server
[3/16]: configuring certificate server instance
from ipserver-install.log
2011-07-23 09:10:06,059 DEBUG calling setup-ds.pl
2011-07-23 09:10:06,108 DEBUG args=/usr/sbin/setup-ds.pl --silent
--logfile - -f /tmp/tmpJ8Tbtg
2011-07-23 09:10:06,109 DEBUG stdout=
2011-07-23 09:10:06,110 DEBUG stderr=Can't locate Setup.pm in @INC (@INC
contains: /usr/lib64/dirsrv/perl /usr/local/lib64/perl5
/usr/local/share/perl5 /usr/lib64/perl5/vendor_perl
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at
/usr/sbin/setup-ds.pl line 44.
BEGIN failed--compilation aborted at /usr/sbin/setup-ds.pl line 44.
2011-07-23 09:10:06,111 CRITICAL failed to restart ds instance Command
'/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpJ8Tbtg' returned
non-zero exit status 2
2011-07-23 09:10:06,113 DEBUG duration: 0 seconds
2011-07-23 09:10:06,114 DEBUG [3/3]: restarting directory server
2011-07-23 09:10:06,226 DEBUG args=/sbin/service dirsrv restart PKI-IPA
2011-07-23 09:10:06,227 DEBUG stdout= *** Error: no dirsrv instances
configured
2011-07-23 09:10:06,227 DEBUG stderr=
2011-07-23 09:10:06,228 CRITICAL Failed to restart the directory server.
See the installation log for details.
2011-07-23 09:10:06,229 DEBUG duration: 0 seconds
2011-07-23 09:10:06,230 DEBUG done configuring dirsrv.
2011-07-23 09:10:06,231 DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2011-07-23 09:10:06,237 DEBUG Configuring certificate server: Estimated
time 6 minutes
2011-07-23 09:10:06,238 DEBUG [1/16]: creating certificate server user
2011-07-23 09:10:06,239 DEBUG ca user pkiuser exists
2011-07-23 09:10:06,240 DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2011-07-23 09:10:06,243 DEBUG duration: 0 seconds
2011-07-23 09:10:06,243 DEBUG [2/16]: restarting certificate server
2011-07-23 09:10:47,022 DEBUG args=/sbin/service pki-cad restart
2011-07-23 09:10:47,024 DEBUG stdout=Stopping pki-ca: [ OK ]
Starting pki-ca: [ OK ]
'pki-ca' must still be CONFIGURED!
(see /var/log/pki-ca-install.log)
2011-07-23 09:10:47,024 DEBUG stderr=
2011-07-23 09:10:47,083 DEBUG duration: 40 seconds
2011-07-23 09:10:47,084 DEBUG [3/16]: configuring certificate server
instance
Any idea ?
cu romal
Can you give us some information on your system? It would appear that
you are running a 64-bit kernel, is that right? (uname -a).
Can you give us the output from the following:
rpm -q --queryformat='%{N}-%{V}-%{R}.%{arch}\n' 389-ds-base
rpm -q --queryformat='%{N}-%{V}-%{R}.%{arch}\n' ipa-server
Does /usr/lib64/dirsrv/perl exist?
rob
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Hi, I think I have a similar problem on a fully patched F15. After booting name resolution is working for about a minute, after that it suddenly stops. /var/log/messages Jul 26 13:51:50 zerberus named[2948]: starting BIND 9.8.0-P4-RedHat-9.8.0-7.P4.fc15 -u named Jul 26 13:51:50 zerberus named[2948]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--with-pkcs11=/usr/lib64/pkcs11/PKCS11_API.so' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' Jul 26 13:51:50 zerberus named[2948]: adjusted limit on open files from 1024 to 1048576 Jul 26 13:51:50 zerberus named[2948]: found 4 CPUs, using 4 worker threads Jul 26 13:51:50 zerberus named[2948]: using up to 4096 sockets Jul 26 13:51:50 zerberus named[2948]: loading configuration from '/etc/named.conf' Jul 26 13:51:50 zerberus named[2948]: using default UDP/IPv4 port range: [1024, 65535] Jul 26 13:51:50 zerberus named[2948]: using default UDP/IPv6 port range: [1024, 65535] Jul 26 13:51:50 zerberus named[2948]: listening on IPv6 interfaces, port 53 Jul 26 13:51:50 zerberus named[2948]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 26 13:51:50 zerberus named[2948]: listening on IPv4 interface em1, 192.168.0.230#53 Jul 26 13:51:50 zerberus named[2948]: generating session key for dynamic DNS Jul 26 13:51:50 zerberus named[2948]: set up managed keys zone for view _default, file 'managed-keys.bind' Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 127.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 254.169.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: D.F.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 8.E.F.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 9.E.F.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: A.E.F.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: B.E.F.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jul 26 13:51:50 zerberus named[2948]: command channel listening on 127.0.0.1#953 Jul 26 13:51:50 zerberus named[2948]: command channel listening on ::1#953 Jul 26 13:51:50 zerberus named[2948]: the working directory is not writable Jul 26 13:51:50 zerberus named[2948]: zone 0.in-addr.arpa/IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: zone localhost.localdomain/IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: zone localhost/IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Jul 26 13:51:50 zerberus named[2948]: managed-keys-zone ./IN: loaded serial 0 Jul 26 13:51:50 zerberus named[2948]: running (END) shell Non-authoritative answer: www.google.de canonical name = www.google.com. www.google.com canonical name = www.l.google.com. Name: www.l.google.com Address: 209.85.149.105 Name: www.l.google.com Address: 209.85.149.106 Name: www.l.google.com Address: 209.85.149.147 Name: www.l.google.com Address: 209.85.149.99 Name: www.l.google.com Address: 209.85.149.103 Name: www.l.google.com Address: 209.85.149.104 [root@zerberus ~]# nslookup www.google.de Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: www.google.de canonical name
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Hi Adam/Rob,
Many many thanks indeed for the lightning fast action on this and the
workaround! As per your suggestion, I have modified the named.conf file and
attached the log file to the bugzilla entry.
Please let me know if there is anything else that I can do to help you to help
me.
Thanks again and best regards,
Nidal
--- On Tue, 7/26/11, Adam Tkac wrote:
> From: Adam Tkac
> Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
> To: "nasir nasir"
> Cc: freeipa-users@redhat.com
> Date: Tuesday, July 26, 2011, 1:14 AM
> Note this issue is also tracked in RH
> bugzilla:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=725577
>
> Regards, Adam
>
> On 07/26/2011 10:06 AM, Adam Tkac wrote:
> > Hello Nasir,
> >
> > I checked the backtrace and this is a bug in the
> bind-dyndb-ldap plugin.
> >
> > I wasn't able to reproduce your crash but I think the
> workaround is to
> > limit "connections" argument to 1 (note this is number
> of connections
> > from bind-dyndb-ldap to LDAP server, not number of
> clients that named
> > can handle simultaneously). You can simply open your
> named.conf, search
> > the "dynamic-db {}" statement and add (or modify)
> following line:
> >
> > arg "connections 1";
> >
> > Would it be possible to send me your named log
> messages before named
> > crashes, please? Thank you in advance.
> >
> > Regards, Adam
> >
> > On 07/25/2011 06:04 PM, nasir nasir wrote:
> >> Rob,
> >> Thanks again! I installed the debuginfo package
> for bind and the named crashed after a few minutes and gave
> a core dump file . But this time abrt is not listing any
> crash(for previous crashes it was listing). I generated a
> stacktrace from the core file using gdb. But I had not
> installed debuginfo for bind-dyndb-ldap package. Now I have
> installed debuginfo package for bind-dyndb-ldap package too.
> Please find the attached stack trace along with this.
> >>
> >> I can afford to reboot/test the server today for a
> few hours from now. Please let me know anything that can be
> done to help you to fix this. It is really causing a big
> issue as the entire IPA becomes useless and people cannot
> login to their system at all or do anything because of
> this.
> >>
> >> Regards,
> >> Nidal
> > ___
> > Freeipa-users mailing list
> > Freeipa-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Hello,
I saw this problem from 02/2011 (Fedora 14/freeipa 2.0.0RC1). Many
times, as a MacOS computer started on network, he made deja vu request,
(4 dns request in the same time), and freezed bind. I made a script to
request bind every 3 seconds, and restart when nedded.
Regards,
Sylvain PANNETRAT
Le 26/07/11 10:14, Adam Tkac a écrit :
Note this issue is also tracked in RH bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=725577
Regards, Adam
On 07/26/2011 10:06 AM, Adam Tkac wrote:
Hello Nasir,
I checked the backtrace and this is a bug in the bind-dyndb-ldap plugin.
I wasn't able to reproduce your crash but I think the workaround is to
limit "connections" argument to 1 (note this is number of connections
from bind-dyndb-ldap to LDAP server, not number of clients that named
can handle simultaneously). You can simply open your named.conf, search
the "dynamic-db {}" statement and add (or modify) following line:
arg "connections 1";
Would it be possible to send me your named log messages before named
crashes, please? Thank you in advance.
Regards, Adam
On 07/25/2011 06:04 PM, nasir nasir wrote:
Rob,
Thanks again! I installed the debuginfo package for bind and the named crashed
after a few minutes and gave a core dump file . But this time abrt is not
listing any crash(for previous crashes it was listing). I generated a
stacktrace from the core file using gdb. But I had not installed debuginfo for
bind-dyndb-ldap package. Now I have installed debuginfo package for
bind-dyndb-ldap package too. Please find the attached stack trace along with
this.
I can afford to reboot/test the server today for a few hours from now. Please
let me know anything that can be done to help you to fix this. It is really
causing a big issue as the entire IPA becomes useless and people cannot login
to their system at all or do anything because of this.
Regards,
Nidal
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Note this issue is also tracked in RH bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=725577
Regards, Adam
On 07/26/2011 10:06 AM, Adam Tkac wrote:
> Hello Nasir,
>
> I checked the backtrace and this is a bug in the bind-dyndb-ldap plugin.
>
> I wasn't able to reproduce your crash but I think the workaround is to
> limit "connections" argument to 1 (note this is number of connections
> from bind-dyndb-ldap to LDAP server, not number of clients that named
> can handle simultaneously). You can simply open your named.conf, search
> the "dynamic-db {}" statement and add (or modify) following line:
>
> arg "connections 1";
>
> Would it be possible to send me your named log messages before named
> crashes, please? Thank you in advance.
>
> Regards, Adam
>
> On 07/25/2011 06:04 PM, nasir nasir wrote:
>> Rob,
>> Thanks again! I installed the debuginfo package for bind and the named
>> crashed after a few minutes and gave a core dump file . But this time abrt
>> is not listing any crash(for previous crashes it was listing). I generated a
>> stacktrace from the core file using gdb. But I had not installed debuginfo
>> for bind-dyndb-ldap package. Now I have installed debuginfo package for
>> bind-dyndb-ldap package too. Please find the attached stack trace along with
>> this.
>>
>> I can afford to reboot/test the server today for a few hours from now.
>> Please let me know anything that can be done to help you to fix this. It is
>> really causing a big issue as the entire IPA becomes useless and people
>> cannot login to their system at all or do anything because of this.
>>
>> Regards,
>> Nidal
> ___
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA for Linux desktop deployment
Hello Nasir,
I checked the backtrace and this is a bug in the bind-dyndb-ldap plugin.
I wasn't able to reproduce your crash but I think the workaround is to
limit "connections" argument to 1 (note this is number of connections
from bind-dyndb-ldap to LDAP server, not number of clients that named
can handle simultaneously). You can simply open your named.conf, search
the "dynamic-db {}" statement and add (or modify) following line:
arg "connections 1";
Would it be possible to send me your named log messages before named
crashes, please? Thank you in advance.
Regards, Adam
On 07/25/2011 06:04 PM, nasir nasir wrote:
> Rob,
> Thanks again! I installed the debuginfo package for bind and the named
> crashed after a few minutes and gave a core dump file . But this time abrt is
> not listing any crash(for previous crashes it was listing). I generated a
> stacktrace from the core file using gdb. But I had not installed debuginfo
> for bind-dyndb-ldap package. Now I have installed debuginfo package for
> bind-dyndb-ldap package too. Please find the attached stack trace along with
> this.
>
> I can afford to reboot/test the server today for a few hours from now. Please
> let me know anything that can be done to help you to fix this. It is really
> causing a big issue as the entire IPA becomes useless and people cannot login
> to their system at all or do anything because of this.
>
> Regards,
> Nidal
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
