I have been dealing with this issue for some time now and I am
wondering if anyone has seen this before and has a solution (except
for my 'plan').
I've got an Intel server running under 10.4.11 that sits with one and
in the big bad Internet world and with the second port in our local
subnet. I am using that server for Mail (smtp) and VPN. (Mail is
running fine).
My VPN users authenticate against their LDAP account on my OD master
(yet another 10.4.11 server).
Now the problem:
From time to time I get these error message in the system log
Jan 7 06:29:41 smtp2 DirectoryService[2575]: Search connection
failure: During an attempt to bind to [x.x.x.x] LDAP server.
Jan 7 06:29:41 smtp2 DirectoryService[2575]: Search connection
failure: Disabled future attempts to bind to [x.x.x.x] LDAP server for
next 120 seconds.
followed by -of course- very long login times etc. Which is already
annoying enough.
Often enough it works after that, but It can get worse:
Jan 7 18:16:29 smtp2 DirectoryService[2575]: socket(PF_ROUTE) failed:
Too many open files
Jan 7 18:16:30 smtp2 DirectoryService[2575]: socket(PF_ROUTE) failed:
Too many open files
Jan 7 18:16:30 smtp2 DirectoryService[2575]: socket(PF_ROUTE) failed:
Too many open files
Jan 7 18:16:31 smtp2 DirectoryService[2575]: socket(PF_ROUTE) failed:
Too many open files
Jan 7 18:16:31 smtp2 DirectoryService[2575]: socket(PF_ROUTE) failed:
Too many open files
Jan 7 18:16:47 smtp2 DirectoryService[2575]: DSLDAPv3PlugIn: Server
Mappings for [x.x.x.x] LDAP server not found.
Jan 7 18:16:47 smtp2 DirectoryService[2575]: DSLDAPv3PlugIn:
[x.x.x.x] LDAP server config not updated with server mappings due to
server mappings error.
Jan 7 18:16:47 smtp2 DirectoryService[2575]: LDAPv3: SafeOpen Can't
retrieve server mappings from search base of
<cn=config,dc=odm,dc=wab,dc=edu>.
Jan 7 18:16:47 smtp2 DirectoryService[2575]: LDAPv3: SafeOpen Cannot
retrieve server mappings at this time.
Jan 7 18:16:47 smtp2 DirectoryService[2575]: DSLDAPv3PlugIn: Server
Mappings for [x.x.x.x] LDAP server not found.
Jan 7 18:16:47 smtp2 DirectoryService[2575]: DSLDAPv3PlugIn:
[x.x.x.x] LDAP server config not updated with server mappings due to
server mappings error.
Jan 7 18:16:47 smtp2 DirectoryService[2575]: LDAPv3: SafeOpen Can't
retrieve server mappings from search base of
<cn=config,dc=odm,dc=wab,dc=edu>.
Jan 7 18:16:47 smtp2 DirectoryService[2575]: LDAPv3: SafeOpen Cannot
retrieve server mappings at this time.
Jan 7 18:16:47 smtp2 DirectoryService[2575]: DSLDAPv3PlugIn: Server
Mappings for [x.x.x.x] LDAP server not found.
Jan 7 18:16:47 smtp2 DirectoryService[2575]: DSLDAPv3PlugIn:
[x.x.x.x] LDAP server config not updated with server mappings due to
server mappings error.
Jan 7 18:16:47 smtp2 DirectoryService[2575]: LDAPv3: SafeOpen Can't
retrieve server mappings from search base of
<cn=config,dc=odm,dc=wab,dc=edu>.
Jan 7 18:16:47 smtp2 DirectoryService[2575]: LDAPv3: SafeOpen Cannot
retrieve server mappings at this time.
Once I get the 'socket(PF_ROUTE) failed: Too many open files' things
start to deteriorate and service gets worse.
When this happens there are usually only a few (<5) users accessing
the VPN server from outside. So it's not really an overload issue.
So far the only thing that helps is to do a 'sudo killall
DirectoryService' (DS gets restarted automatically after that thanks
to launchd). This keeps the server going, sometimes for days sometimes
just hours. I don't think it's directly related to usage of the VPN
server it just happens.
I also have verified that the LDAP server is just fine. I can ping/
access it at any time from the VPN server. I did a continous ping for
a week .. 0% packet loss but the DS server was acting up several times
that week (as normal).
I was kind of hoping that 10.4.11 might fix this ... unfortunately not.
Has anybody seen this before?
Right now I've got a cron job running that kills DirectoryService once
an hour, a 'solution' that works but that I don't like very much.
Any ideas, hints, etc. are greatly appreciated.
Cheer,
Rene
-----
Rene Schaetzl
IT Exorcist - Western Academy of Beijing
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
