gssd mystery

Rick Macklem rmacklem at uoguelph.ca
Fri Jan 4 16:21:08 UTC 2013 

Attila Bogar wrote:
> Hi All,
> 
> I have NFS server which exports via kerberos security.
> The users and groups come from LDAP via port net/nss-pam-ldapd.
> gssd is linked against the latest heimdal.
> There are multiple LDAP servers for fail over.
> 
> A story was the following:
> - NFS daemon locked up
> - top shows that it's in gsslock - or similar - I don't remember the
> exact state -
> - I noticed, that gssd isn't running
> - /etc/rc.d/gssd start
> ... panic, reboot
> 
There are a couple of recent commits to head that were MFC'd to stable/9
yesterday that might be useful. r244331 (MFC'd as r245016) modifies the
gssd daemon so that it uses syslog() when daemonized, so it should leave
a message in /var/log/messages when it exit(1)s, due to a failure.
r244370 (MFC'd as r245018) should keep the kernel from crashing when the
gssd is restarted.

If the gssd daemon crashed, hopefully there is a core dump (/gssd.core).
If you have one of these, please run gdb on it and see where it crashed.

> Unfortunately I don't have a kernel dump, but checking the logs I see
> 3 minutes before the lockup:
> [nslcd] [warning] [d802da] <passwd="someuser"> ldap_start_tls_s()
> failed (uri=ldap://ldap1.linguamatics.com): Can't contact LDAP server:
> Bad file descriptor
> [nslcd] [warning] [d802da] <passwd="someuser"> failed to bind to LDAP
> server ldap://ldap1.linguamatics.com: Can't contact LDAP server: Bad
> file descriptor
> [nslcd] [info] [d802da] <passwd="someuser"> connected to LDAP server
> ldap://ldap2.linguamatics.com
> This may or may not be connected, but I can't see these messages for a
> long time back in history.
> 
Might be related. It will do getpwname() to create a uid/gid-list for
a user principal name.

> Anyway there is some bug around gssd, because it died.
> I don't know if this is a reproducible bug or not yet.
> 
> How can be gssd monitored on a production system to figure out the
> reason for death?
> 
If there is no core dump, hopefully the r244331 patch will result in
a message in /var/log/messages.

Please let us know if you figure out more about why the gssd died.

Good luck with it, rick

> Attila
> 
> --
> Attila Bogár
> Systems Administrator
> Linguamatics - Cambridge, UK
> http://www.linguamatics.com/
> _______________________________________________
> freebsd-fs at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-fs
> To unsubscribe, send any mail to "freebsd-fs-unsubscribe at freebsd.org"

More information about the freebsd-fs mailing list