[Fedora-directory-users] Centos 4.1 - FDS Problems

Thu Jul 21 15:29:19 UTC 2005

I also think the FDS should be re-installed, using default settings.

If Centos 4.1 is based on SELINUX based kernel, some adjustments may be needed (this is at leaset my case).

# cat /etc/sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targeted

One FireWall rule for port 389 (ldap), another for admin port.

Assuming admin port is 38900

# vi /etc/sysconfig/iptables

Add two lines to the INPUT section:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 38900 -j ACCEPT

Gary

	-----Original Message----- 
	From: fedora-directory-users-bounces at redhat.com on behalf of Rob Crittenden 
	Sent: Thu 7/21/2005 10:29 PM 
	To: General discussion list for the Fedora Directory server project. 
	Cc: 
	Subject: Re: [Fedora-directory-users] Centos 4.1 - FDS Problems

	He is also trying to start FDS on port 389 as a non-root user. That
	simply won't work.

	It may be better to wipe this installation and start over from scratch
	(rather than having unknown and perhaps wide open permissions).

	If you don't want to have to be root when starting this choose all ports
	 > 1024 on the next install. To bind to port 389 you must be root when
	the server starts (but the server doesn't have to run as root).

	As for admin server, it isn't suddenly exiting when you connect to it.
	It simply isn't starting up. We've traced this in the past to an
	interaction with the IBM JDK and SMP kernels. Try a uni-processor kernel
	as a test to see if this helps things.

	rob

	Rich Megginson wrote:
	> Those permissions problems are troubling.  I know the console is having
	> problems writing to something.  Check your $HOME/.mcc directory.  The
	> console needs to be able to create and write to files in that directory.
	>
	> As for the admin server, I'm not sure.  But lets see if we can remove
	> those console errors first.
	>
	> Vik P wrote:
	>
	>> Apologies for continually pestering you but I am really tearing my
	>> hair out trying to get this to work. I ran startconsole in debug mode
	>> and got the following dump:
	>>
	>> [user at node fedora-ds]$ ./startconsole -D
	>> /opt/fedora-ds/bin/base/jre/bin/java -ms8m -mx64m  -cp
	>> .:./mcc70_en.jar:./nmclf70.jar:./mcc70.jar:./ldapjdk.jar:./base.jar:./jss3.jar:./nmclf70_en.jar
	>> -Djava.library.path=/opt/fedora-ds/lib/jss 
	>> -Djava.util.prefs.systemRoot=/opt/fedora-ds/java/.java
	>> -Djava.util.prefs.userRoot=/opt/fedora-ds/java
	>> com.netscape.management.client.console.Console -D  -A
	>> http://node.internal-datacom.com:40795
	>> Fedora-Management-Console/7.0 B2005.132.2143
	>> 21-Jul-2005 11:41:34 java.util.prefs.FileSystemPreferences$2 run
	>> WARNING: java.io.IOException: Permission denied
	>> CommManager> New CommRecord
	>> (http://node.internal-datacom.com:40795/admin-serv/authenticate)
	>> http://node.internal-datacom.com:40795/[0:0] open> Ready
	>> http://node.internal-datacom.com:40795/[0:0] accept>
	>> http://node.internal-datacom.com:40795/admin-serv/authenticate
	>> http://node.internal-datacom.com:40795/[0:0] send> GET  \
	>> http://node.internal-datacom.com:40795/[0:0] send>
	>> /admin-serv/authenticate \
	>> http://node.internal-datacom.com:40795/[0:0] send>  HTTP/1.0
	>> http://node.internal-datacom.com:40795/[0:0] send> Host:
	>> node.internal-datacom.com:40795
	>> http://node.internal-datacom.com:40795/[0:0] send> Connection: Keep-Alive
	>> http://node.internal-datacom.com:40795/[0:0] send> User-Agent:
	>> Fedora-Management-Console/7.0
	>> http://node.internal-datacom.com:40795/[0:0] send> Accept-Language: en
	>> http://node.internal-datacom.com:40795/[0:0] send> Authorization:
	>> Basic  \
	>> http://node.internal-datacom.com:40795/[0:0] send> YWRtaW46cGFzc3dvcmQ= \
	>> http://node.internal-datacom.com:40795/[0:0] send>
	>> http://node.internal-datacom.com:40795/[0:0] send>
	>> http://node.internal-datacom.com:40795/[0:0] error>
	>> java.net.SocketException: Connection reset
	>> CommManager> Retry CommRecord
	>> (http://node.internal-datacom.com:40795/admin-serv/authenticate)
	>> http://node.internal-datacom.com:40795/[0:0] error>
	>> java.net.ConnectException: Connection refused
	>> http://node.internal-datacom.com:40795/[0:0] accept>
	>> http://node.internal-datacom.com:40795/admin-serv/authenticate
	>> http://node.internal-datacom.com:40795/[0:0] error>
	>> java.net.SocketException: Connection reset
	>> CommManager> Retry CommRecord
	>> (http://node.internal-datacom.com:40795/admin-serv/authenticate)
	>> http://node.internal-datacom.com:40795/[0:0] error>
	>> java.net.ConnectException: Connection refused
	>> http://node.internal-datacom.com:40795/[0:0] close> Closed
	>> java.lang.SecurityException: Could not lock User prefs. Lock file
	>> access denied.        at
	>> java.util.prefs.FileSystemPreferences.checkLockFile0ErrorCode(FileSystemPreferences.java:937)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences.lockFile(FileSystemPreferences.java:926)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences.sync(FileSystemPreferences.java:732)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences.flush(FileSystemPreferences.java:825)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences.syncWorld(FileSystemPreferences.java:469)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences.access$1200(FileSystemPreferences.java:51)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences$4.run(FileSystemPreferences.java:437)
	>>
	>>        at java.util.TimerThread.mainLoop(Timer.java:447)
	>>        at java.util.TimerThread.run(Timer.java:397)
	>> java.lang.SecurityException: Could not lock User prefs. Lock file
	>> access denied.        at
	>> java.util.prefs.FileSystemPreferences.checkLockFile0ErrorCode(FileSystemPreferences.java:937)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences.lockFile(FileSystemPreferences.java:926)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences.sync(FileSystemPreferences.java:732)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences.flush(FileSystemPreferences.java:825)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences.syncWorld(FileSystemPreferences.java:469)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences.access$1200(FileSystemPreferences.java:51)
	>>
	>>        at
	>> java.util.prefs.FileSystemPreferences$6.run(FileSystemPreferences.java:447)
	>>
	>>
	>> As you can see, the fun starts when the connection is reset, and this
	>> happens the same time start-admin randomly stops running. So I think
	>> the problem is with that element of the FDS. If it can run fine, then
	>> suddenly stop, without any error codes in any of the logs, etc, then
	>> it can only mean that there's a setting somewhere for the timeout,
	>> making adminserver just stop. Trouble is finding it...
	>>
	>>
	>> ----------------------------------------------------------------------------------------------------------
	>>
	>>
	>>> From: Rich Megginson <rmeggins at redhat.com>
	>>> Reply-To: "General discussion list for the Fedora Directory server
	>>> project." <fedora-directory-users at redhat.com>
	>>> To: "General discussion list for the Fedora Directory server
	>>> project." <fedora-directory-users at redhat.com>
	>>> Subject: Re: [Fedora-directory-users] Centos 4.1 - FDS Problems
	>>> Date: Wed, 20 Jul 2005 09:32:22 -0600
	>>>
	>>> Try startconsole -D for debug mode.  Some preferences are written to
	>>> a file in $HOME/.mcc - I can't remember the name.
	>>>
	>>> Vik P wrote:
	>>>
	>>>> I've chowned the lock and server folder to the ldap user, and even
	>>>> tried as nobody and I still got the same warning. After changing
	>>>> several other permissions ./start-admin still doesn't remain running
	>>>> but when I run startconsole, while continually running start-admin
	>>>> (as su) I eventually got the following error dump:
	>>>>
	>>>> [user at node fedora-ds]$ ./startconsole
	>>>> 20-Jul-2005 12:40:39 java.util.prefs.FileSystemPreferences$2 run
	>>>> WARNING: java.io.IOException: Permission denied
	>>>> java.lang.SecurityException: Could not lock User prefs. Lock file
	>>>> access denied.        at
	>>>> java.util.prefs.FileSystemPreferences.checkLockFile0ErrorCode(FileSystemPreferences.java:937)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences.lockFile(FileSystemPreferences.java:926)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences.sync(FileSystemPreferences.java:732)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences.flush(FileSystemPreferences.java:825)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences.syncWorld(FileSystemPreferences.java:469)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences.access$1200(FileSystemPreferences.java:51)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences$4.run(FileSystemPreferences.java:437)
	>>>>
	>>>>
	>>>>        at java.util.TimerThread.mainLoop(Timer.java:447)
	>>>>        at java.util.TimerThread.run(Timer.java:397)
	>>>> java.lang.SecurityException: Could not lock User prefs. Lock file
	>>>> access denied.        at
	>>>> java.util.prefs.FileSystemPreferences.checkLockFile0ErrorCode(FileSystemPreferences.java:937)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences.lockFile(FileSystemPreferences.java:926)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences.sync(FileSystemPreferences.java:732)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences.flush(FileSystemPreferences.java:825)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences.syncWorld(FileSystemPreferences.java:469)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences.access$1200(FileSystemPreferences.java:51)
	>>>>
	>>>>
	>>>>        at
	>>>> java.util.prefs.FileSystemPreferences$6.run(FileSystemPreferences.java:447)
	>>>>
	>>>>
	>>>>
	>>>> Trying to run start-admin as non-root doesn't do anything at all,
	>>>> checking the log files reveals that they weren't even written to
	>>>> meaning the admin server didn't even attempt to start. I've checked
	>>>> all the permissions and I can't see any problems.
	>>>>
	>>>> Any help would be appreciated.
	>>>>
	>>>>
	>>>> ------------------------------------------------------------------------------------------------------
	>>>>
	>>>>
	>>>>
	>>>>> From: Rich Megginson <rmeggins at redhat.com>
	>>>>
	>>>>
	>>>>
	>>>> ------------------------------------------------------------------------------------------------------
	>>>>
	>>>>
	>>>>
	>>>>> Reply-To: "General discussion list for the Fedora Directory server
	>>>>> project." <fedora-directory-users at redhat.com>
	>>>>> To: "General discussion list for the Fedora Directory server
	>>>>> project." <fedora-directory-users at redhat.com>
	>>>>> Subject: Re: [Fedora-directory-users] Centos 4.1 - FDS Problems
	>>>>> Date: Tue, 19 Jul 2005 07:49:53 -0600
	>>>>>
	>>>>> Vik Lionheart wrote:
	>>>>>
	>>>>>> Yes I have x11 installed, it is required for nomachine to run
	>>>>>> correctly, which has been installed correctly.
	>>>>>>
	>>>>>> I tried running start-slapd as a non-root and, after fixing
	>>>>>> several permission errors I got the following message:
	>>>>>>
	>>>>>> [user at node slapd-node]$ ./start-slapd
	>>>>>> Server failed to start !!! Please check errors log for problems
	>>>>>>
	>>>>>> Viewing the error log revealed the following:
	>>>>>>
	>>>>>> [19/Jul/2005:11:56:12 +0100] - Warning - couldn't set the
	>>>>>> ownership for /opt/fedora-ds/slapd-node/locks/server/4346
	>>>>>
	>>>>>
	>>>>>
	>>>>>
	>>>>> Make sure you chown locks and locks/server to the uid of the slapd
	>>>>> process (e.g. ldap).  Make sure those directories are writable by
	>>>>> the uid of the slapd process.
	>>>>>
	>>>>>> [19/Jul/2005:11:56:12 +0100] - Fedora-Directory/7.1 B2005.146.2010
	>>>>>> starting up
	>>>>>> [19/Jul/2005:11:56:12 +0100] createprlistensocket - PR_Bind() on
	>>>>>> All Interfaces port 389 failed: Netscape Portable Runtime error
	>>>>>> -5966 (Access Denied.)
	>>>>>>
	>>>>>> This may be the reason why admin server kept randomly stopping.
	>>>>>> I've made sure that no other services are trying to run on port
	>>>>>> 389 but I still have this error.
	>>>>>>
	>>>>>>
	>>>>>>
	>>>>
	>>>> _________________________________________________________________
	>>>> Use MSN Messenger to send music and pics to your friends
	>>>> http://messenger.msn.co.uk
	>>>>
	>>>> --
	>>>> Fedora-directory-users mailing list
	>>>> Fedora-directory-users at redhat.com
	>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
	>>>
	>>>
	>>>
	>>> << smime.p7s >>
	>>> --
	>>> Fedora-directory-users mailing list
	>>> Fedora-directory-users at redhat.com
	>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
	>>
	>>
	>>
	>> _________________________________________________________________
	>> Winks & nudges are here - download MSN Messenger 7.0 today!
	>> http://messenger.msn.co.uk
	>>
	>> --
	>> Fedora-directory-users mailing list
	>> Fedora-directory-users at redhat.com
	>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
	>
	>
	>
	> ------------------------------------------------------------------------
	>
	> --
	> Fedora-directory-users mailing list
	> Fedora-directory-users at redhat.com
	> https://www.redhat.com/mailman/listinfo/fedora-directory-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 20998 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20050721/64c2d4b2/attachment.bin>