Date: Fri, 4 Jan 2013 16:04:03 +0000 From: Attila =?ISO-8859-1?Q?Bog=E1r?= <attila.bogar@linguamatics.com> To: freebsd-fs@freebsd.org Subject: gssd mystery Message-ID: <20130104160403.42b02209d363359b83695730@linguamatics.com>
next in thread | raw e-mail | index | archive | help
Hi All, I have NFS server which exports via kerberos security. The users and groups come from LDAP via port net/nss-pam-ldapd. gssd is linked against the latest heimdal. There are multiple LDAP servers for fail over. A story was the following: - NFS daemon locked up - top shows that it's in gsslock - or similar - I don't remember the exact state - - I noticed, that gssd isn't running - /etc/rc.d/gssd start ... panic, reboot Unfortunately I don't have a kernel dump, but checking the logs I see 3 minutes before the lockup: [nslcd] [warning] [d802da] <passwd="someuser"> ldap_start_tls_s() failed (uri=ldap://ldap1.linguamatics.com): Can't contact LDAP server: Bad file descriptor [nslcd] [warning] [d802da] <passwd="someuser"> failed to bind to LDAP server ldap://ldap1.linguamatics.com: Can't contact LDAP server: Bad file descriptor [nslcd] [info] [d802da] <passwd="someuser"> connected to LDAP server ldap://ldap2.linguamatics.com This may or may not be connected, but I can't see these messages for a long time back in history. Anyway there is some bug around gssd, because it died. I don't know if this is a reproducible bug or not yet. How can be gssd monitored on a production system to figure out the reason for death? Attila -- Attila Bogár Systems Administrator Linguamatics - Cambridge, UK http://www.linguamatics.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130104160403.42b02209d363359b83695730>