LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   DBUS problems after changing LDAP/Kerberos/NSCD settings (https://www.linuxquestions.org/questions/linux-server-73/dbus-problems-after-changing-ldap-kerberos-nscd-settings-876631/)

spidernik84 04-23-2011 03:24 AM
DBUS problems after changing LDAP/Kerberos/NSCD settings
 
Hello,
we're running an Ubuntu 10.04 LTS network on our company, authenticating against an Openldap/heimdal-kerberos server.
Previously, the clients were authenticating against a Windows 2003 Domain without any problems.
After modifying the krb.conf, ldap.conf, nsswitch.conf and nscd.conf files to authenticate the machines against the openldap/heimdal setup, we started experiencing strange problems.
One issue is, for example, the polkit-agent-gnome not starting. This component integrates policykit into gnome.
It looks like the agent is unable to start due to some kind of delay with DBUS. Starting the agent manually keeps giving errors until about 70 seconds after login, when the agent can be started without problems.
During the delay it is also impossible, for instance, to open the "shut down" menu on the top right of gnome. You can click on the menu, but nothing appears.

Trying to start the polkit-agent manually gives these errors (I'll be attaching detailed errors when at work!):
Code:
DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken


GLIB ERROR ** default - Not enough memory to set up DBusConnection for use with GLib
It really looks like DBus or something related to it is starting "too late" but I can't seem to find the reason. I'm pretty sure this has to do with some timings or whatever in the krb/ldap config files...
Thanks for help, I've got no clue so far. And happy Easter!

spidernik84 04-25-2011 05:43 AM
I'm doing some more investigations and I think this could be related to some service starting too soon, probably due to upstart parallel processes starting or something.
Any suggestion on the service startup order? I'm clueless :(

spidernik84 04-27-2011 03:53 AM
Some updates: it really looks like this is somehow related to DBus, but I'm still unable to tackle down the cause of the issue. This is what happens:
If, immediately after login, I restart DBus manually (service dbus restart), gdm restarts also and I can log in. This time, the log in is really fast and all the softwares depending on dbus are working fine (polkit-agent, power manager, network manager, etc.).

So, what's happening? :(

spidernik84 04-28-2011 08:09 AM
Ok, I was right, DBUS was somehow related.

The problem was more complex and the agent was just a "victim" of something bigger.
Basically, DBUS was not starting properly. In fact, the polkit-agent was not the only service unable to start: network manager, gnome-power-manager, bluetooth stuff, etc. were amongst the missing pieces.
What happens is that Dbus starts at boot and queries LDAP authenticating as "messagebus". Since NSCD is not started yet, dbus has problems.
These are some more enlightening errors:
Code:
dbus-daemon: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_101' not found)
dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://<server>/: Local error
dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable
We must start NSCD before DBUS, then. Ubuntu 10.04 is using upstart for many services, including DBUS. Nscd is still relying on symlinks, so the startup order can't be modified easily.
The problem has been solved with a modification of the dbus upstart script and creating a custom Nscd upstart script, to make dbus depend on nscd. Briefly, something of this kind:

upstart dbus.conf modified line:
Code:
"start on started nscd"
upstart nscd.conf new file
Code:
"description        "name service cache daemon"

start on local-filesystems
stop on runlevel [06]

#expect fork
pre-start script
    mkdir -p /var/run/nscd
end script

exec /usr/sbin/nscd -f /etc/nscd.conf"
I'm pretty scared about the maintainability of this solution, an update could break everything. At least, we got the cause.
I really don't know who should be contacted here, whether ubuntu devs, dbus devs or whatever!


All times are GMT -5. The time now is 03:58 AM.