Mailing Lists: Apple Mailing Lists
 Image of Mac OS face in stamp
OpenDirectory Critical Bug.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenDirectory Critical Bug.

I'm very sad; here's why: OS X Leopard Server has a bug which causes it to lose track of all users.


Symptom:  Every 5 days or so, our OD Master (10.5.2) shuts down all services (AFP, web, etc) and doesn't allow ssh or console/GUI login for OD or local users.  Rebooting makes life good again.  We've started leaving root login terminal windows open for the next time, but that is sub-optimal for oh-so-many reasons.


Investigation revealed several items of interest: 

1)  /var/log/system.log conained lines of the format below.  Character count of the record name reveals that the record name is 160 characters long, but combing thru various OD header files didn't reveal any relevant structs with similar limits (which just means I didn't find it... $20 says there's an undersized buffer here somewhere).  Incidentally, each successive log line has an additional '1'... clearly some OD loop in a race condition.
 
May 13 09:39:52 stewie servermgrd[80]: *** -[WPSession createRecordWithType:attributes:inNode:error:]: *** Warning: the record of type dsRecTypeStandard:Config was created successfully, but OpenDirectoryFramework cannot find it. More info: recordName 'ServicesInformation111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' in /Local/Default


2)  /var/db/dslocal/nodes/Default/config/ contains ServicesInformation.plist as well as ServicesInformation1.plist and ServicesInformation11.plist and so on up thru names with 197 characters (presumably because that's when I rebooted the server.... yep, something was creating these at the rate of 2 per minute... slapd maybe?  Didn't think to run lsof at the time).


3)  /var/log/system.log ALSO shows many lines of the format below.  The only UIDs that are complained about are 84, 92, 93 (corresponding to jabber, securityagent, and calendar, respectively).  Oh I get it... it's because launchd keeps trying to start these and the os kills them for lack of ability to find a valid user.

May 13 10:04:18 stewie com.apple.launchd[1] (com.apple.launchd.peruser.93[50065]): getpwuid("93") failed
May 13 10:04:18 stewie com.apple.launchd[1] (com.apple.launchd.peruser.93[50065]): PID 188 "Python" has no account to back it! Real/effective/saved UIDs: 93/93/93


4)  Earlier ssh attempts create more system.log entries like the below (even though examination of /etc/passwd and dscl /Local/Default/Users show that it does exist, post reboot.  Didn't think to dscl while the problem was occuring).

May 13 09:57:27 stewie sshd[49768]: fatal: Privilege separation user _sshd does not exist


So... does anyone have any tips/tricks to further nail down where this is broken?  Opening bug with Apple shortly... 

Marc
--
Marc Goldberg
marc@nextnewnetworks.com

aim: webmarc
desk: 646-274-4646
cell: 202-230-2170

 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.