Service ordering wrong for ix-kerberos; creates race condition at boot when AD/LDAP is enabled
|Reported by:||gcooper||Owned by:|
User ran into an issue where basically it would time out every boot trying to do LDAP queries, issue malformed requests (ldap://out:timed), then the NAS box would eventually report:
A KDC could not be located
Did some digging with rcorder and I discovered that the way services were being started up had changed in a subtle way in 8.0.4, but the user claimed that they had been running into the race condition since 8.0.2.
Looking closer, I noticed that ix-kerberos was being started before the network was up, which is a no-no when doing LDAP/dig queries. Unfortunately the ix-kerberos <-> ix-nsswitch service dependency causes a loop which ties ix-kerberos down so it executes before NETWORK has had a chance to execute as ix-nsswitch requires nsswitch, which requires NETWORK.
One has to manually kick either the AD or LDAP service after boot, once the network is up.
Change History (2)
comment:1 Changed 15 months ago by gcooper
- Summary changed from Service ordering wrong for ix-kerberos; creates service race condition at boot when AD/LDAP is enabled to Service ordering wrong for ix-kerberos; creates race condition at boot when AD/LDAP is enabled