[Bug 416230] New: System hangs on boot after installing ldap and kerberos
https://bugzilla.novell.com/show_bug.cgi?id=416230 Summary: System hangs on boot after installing ldap and kerberos Product: openSUSE 11.0 Version: Final Platform: i386 OS/Version: openSUSE 11.0 Status: NEW Severity: Normal Priority: P5 - None Component: Booting AssignedTo: jsrain@novell.com ReportedBy: support@microtechniques.com QAContact: jsrain@novell.com Found By: Customer I installed ldap and kerberos on a running SuSE11 system for testing purposes. krb5plugin-kbd-ldap openldap2 openldap2-client pam_ldap nss_ldap yast2-ldap yas2-ldap-client yast2-ldap-server krb5 krb5-client krb5-server pam_krb5 krb5-aoos-clients krb5-apps-server yast2-kerberos-client yast2-kerberos-sever plus any required dependencies. I setup the system by running the yast2 kerberos-server applet. I ran yast2 kerberos-client, and ldap-client applets and saw what seemed to be reasonable options. On rebooting the system, the boot would hang just after switching to run-level 3. I tried to fix the problem by using the repair system and disabeling all but the most basic rc3.d startup applications but was unsuccessfull. I finally got the system to boot by uninstalling krb5plugin-kdb-ldap pam_ldap pam-krb5 nss-ldap I did not do any configuration outside of yast2. Yast2 should not install/configure an application in such a manor that the resulting configuration is un-bootable. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 Jiri Srain <jsrain@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jsrain@novell.com |bnc-team-screening@forge.provo.novell.com Component|Booting |Basesystem QAContact|jsrain@novell.com |qa@suse.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 Robert Vojcik <rvojcik@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |jsuchome@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User jsuchome@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c1 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mc@novell.com, rhafer@novell.com Status|NEW |NEEDINFO Info Provider| |support@microtechniques.com --- Comment #1 from Jiří Suchomel <jsuchome@novell.com> 2008-08-12 05:31:37 MDT --- Well... at which time did the booting hang? Please attach /var/log/messages, /var/log/warn, your LDAP and Kerberos configuration. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c2 --- Comment #2 from Don Hughes <support@microtechniques.com> 2008-08-12 13:41:48 MDT --- The last console message was switching to run-level 3 The logs have been over written. Configuration files attached -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c3 --- Comment #3 from Don Hughes <support@microtechniques.com> 2008-08-12 13:42:49 MDT --- Created an attachment (id=233048) --> (https://bugzilla.novell.com/attachment.cgi?id=233048) krb5 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c4 --- Comment #4 from Don Hughes <support@microtechniques.com> 2008-08-12 13:43:08 MDT --- Created an attachment (id=233049) --> (https://bugzilla.novell.com/attachment.cgi?id=233049) ldap -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c5 --- Comment #5 from Don Hughes <support@microtechniques.com> 2008-08-12 13:44:23 MDT --- Created an attachment (id=233051) --> (https://bugzilla.novell.com/attachment.cgi?id=233051) sladp -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c6 Don Hughes <support@microtechniques.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|support@microtechniques.com | --- Comment #6 from Don Hughes <support@microtechniques.com> 2008-08-12 15:37:30 MDT --- Created an attachment (id=233068) --> (https://bugzilla.novell.com/attachment.cgi?id=233068) boot logs I recreated the problem by reinstalling the 4 files, and saved the logs. This version has the normal complement of rc3.d programs. As mentioned previously, when originally working on the problem, I had disabled all but the minimum programs (the ones also in rc2.d) and the boot still hung just after switching to run level 3 so I do not think that the currently starting program is the culpret. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User jsuchome@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c7 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsuchome@novell.com AssignedTo|jsuchome@novell.com |rhafer@novell.com --- Comment #7 from Jiří Suchomel <jsuchome@novell.com> 2008-08-13 00:31:25 MDT --- I don't know what happened. Seems like LDAP server and/or PAM module is having some problems? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User rhafer@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c8 Ralf Haferkamp <rhafer@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |support@microtechniques.com --- Comment #8 from Ralf Haferkamp <rhafer@novell.com> 2008-08-13 02:32:57 MDT --- Please also attach /etc/ldap.conf, /var/log/messages, /etc/dbus-1/session.conf and the output of chkconfig. I don't see an indication of the LDAP server or a PAM module being the problem with the system hang. Assuming that boot.omsg (containing the boot log of the failed boot "Tue Aug 12 17:05:29 2008"). I seems that booting hung after or during the start of D-Bus or resmgr. The other file (boot.msg from Tue Aug 12 17:15:04 2008 and warn.log) seems to be generated after the four packages mentioned in the initial description have been removed. The LDAP server doesn't start because the kerberos.schema from krb5-plugin-kdb-ldap.rpm is missing and login logs errormessages because of the missing pam-modules. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c9 --- Comment #9 from Don Hughes <support@microtechniques.com> 2008-08-18 15:04:05 MDT --- When I was first debugging this problem I also thought that the boot was hanging at some other package. However, the system continued to hang even after I used the repair system to disable most all of the runlevel 3 packages (taking several hours to do it a package at a time). However, the telling fact is that as soon as I deleted krb5plugin-kdb-ldap, pam_ldap, pam-krb5 nss-ldap, the system booted without my making any other changes; and reinstalling these packages causes the system to again hang. I did not attach /var/log/messages because I have modify syslog-ng and those messages are in the misc.log file that I did attach. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c10 --- Comment #10 from Don Hughes <support@microtechniques.com> 2008-08-18 15:05:47 MDT --- Created an attachment (id=233980) --> (https://bugzilla.novell.com/attachment.cgi?id=233980) chkconfig - after packages uninstalled (ie system boots) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c11 --- Comment #11 from Don Hughes <support@microtechniques.com> 2008-08-18 15:06:50 MDT --- Created an attachment (id=233981) --> (https://bugzilla.novell.com/attachment.cgi?id=233981) session config -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
However, the telling fact is that as soon as I deleted krb5plugin-kdb-ldap, pam_ldap, pam-krb5 nss-ldap, the system booted without my making any other changes; and reinstalling these packages causes the system to again hang. It's likely (I can't say for sure yet, as I was not yet able to reproduce your
I did not attach /var/log/messages because I have modify syslog-ng and those messages are in the misc.log file that I did attach. Hm, interesting what exactly did you change in the syslog-ng configuration? Please attach that configuraton as well. We just had an issues where deadlocks were caused by some strange interaction between OpenLDAP and syslog-ng. (Though
https://bugzilla.novell.com/show_bug.cgi?id=416230 User rhafer@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c12 --- Comment #12 from Ralf Haferkamp <rhafer@novell.com> 2008-08-19 02:57:56 MDT --- (In reply to comment #9 from Don Hughes) [..] problem) that your system hangs in some nss_ldap call. But nss_ldap, when configured and installed, is dynamically loaded into almost every process. That means the process causing the system to hang can be almost every process that is started during boot. Can you please re-install all the above packages, except of nss_ldap an test if the problem is still present? that might be unrelated to you problem) Additionally please attach /etc/dbus-1/system.conf. The requested session.conf in comment#8 was a copy'n paste error by me. Sorry for that. You still did not attach /etc/ldap.conf. The attached ldap.conf file is /etc/openldap/ldap.conf but I need /etc/ldap.conf, as that contains the nss_ldap/pam_ldap configuration. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c13 --- Comment #13 from Don Hughes <support@microtechniques.com> 2008-08-19 05:47:33 MDT --- Created an attachment (id=234087) --> (https://bugzilla.novell.com/attachment.cgi?id=234087) syslog-ng -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c14 --- Comment #14 from Don Hughes <support@microtechniques.com> 2008-08-19 05:48:09 MDT --- Created an attachment (id=234088) --> (https://bugzilla.novell.com/attachment.cgi?id=234088) session.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c15 --- Comment #15 from Don Hughes <support@microtechniques.com> 2008-08-19 05:50:55 MDT --- Syslog-ng and system.conf attached. I don't have ldap.conf - the system has been rebuilt for testing another bug, and that file was not on the backup. I will try and re-create. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User rhafer@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c16 --- Comment #16 from Ralf Haferkamp <rhafer@novell.com> 2008-08-19 06:04:47 MDT --- You attached again session.conf. I need system.conf :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User support@microtechniques.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c17 --- Comment #17 from Don Hughes <support@microtechniques.com> 2008-08-19 10:41:32 MDT --- I just labeled it wrong, it is the system.conf file. However, I reinstalled Kerberos and LDAP on the rebuilt system and can no longer recreate the problem. The main difference is that the first system was an upgrade from SuSE 10.3 to 11.0 and this one is a clean install of 11.0 (well, that and many months of software testing). Since I do not have the time nor interest to reinstall and upgrade 10.3, go ahead and close the incident. I will reopen it if the problem happens again. I am fairly sure the the issue was with nss_ldap, especially since you indicate that it is loaded into almost every process, and that was one of the pieces that I removed when it worked. Might I suggest a boot-time flag that could be used with the failsafe boot-time menu option and which would force a sucessfull return even when ldap errors are encountered. Thanks for your efforts -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=416230 User rhafer@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=416230#c18 Ralf Haferkamp <rhafer@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|support@microtechniques.com | Resolution| |WORKSFORME --- Comment #18 from Ralf Haferkamp <rhafer@novell.com> 2008-08-29 02:13:07 MDT --- Ok, I close this as "WORKSFORME" for now as I am not able to reproduce the problem here on my test machines. And you are right in that the problem was most probably in nss_ldap. E.g. nss_ldap locking up in an LDAP request before the network was started. But to resolve that issue (which might well be just a configuration problem) we'd need to reproduce it. Anyway, thanks for you efforts in providing all the requested details. Please reopen this report if you run into this problem again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com