Opened 15 months ago
Closed 15 months ago
#1406 closed defect (fixed)
Service ordering wrong for ix-kerberos; creates race condition at boot when AD/LDAP is enabled
| Reported by: | gcooper | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | |
| Component: | Backend | Version: | 8.0.4-RELEASE |
| Keywords: | Cc: |
Description
User ran into an issue where basically it would time out every boot trying to do LDAP queries, issue malformed requests (ldap://out:timed), then the NAS box would eventually report:
A KDC could not be located
Did some digging with rcorder and I discovered that the way services were being started up had changed in a subtle way in 8.0.4, but the user claimed that they had been running into the race condition since 8.0.2.
Looking closer, I noticed that ix-kerberos was being started before the network was up, which is a no-no when doing LDAP/dig queries. Unfortunately the ix-kerberos <-> ix-nsswitch service dependency causes a loop which ties ix-kerberos down so it executes before NETWORK has had a chance to execute as ix-nsswitch requires nsswitch, which requires NETWORK.
Workaround:
One has to manually kick either the AD or LDAP service after boot, once the network is up.
Change History (2)
comment:1 Changed 15 months ago by gcooper
- Summary changed from Service ordering wrong for ix-kerberos; creates service race condition at boot when AD/LDAP is enabled to Service ordering wrong for ix-kerberos; creates race condition at boot when AD/LDAP is enabled
comment:2 Changed 15 months ago by jhixson
- Resolution set to fixed
- Status changed from new to closed
I believe r10756 fixes this.