dhcp 4.3.2 with ldap backend
Kristof Van Doorsselaere
kristof.vandoorsselaere at hogent.be
Tue May 12 09:41:21 UTC 2015
Below some extra debugging info, maybe it helps someone to further analyse this issue:
1. Break on ldap_read_config
[root at new_server dhcp-4.3.2]# gdb --args dhcpd -4 -pf /run/dhcpd4.pid -cf /etc/dhcp/dhcp_test.conf -lf /var/db/dhcpd/dhcpd4.leases -f -d
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-64.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/dhcpd...done.
(gdb) break ldap_read_config
Breakpoint 1 at 0x45cbf3: file ldap.c, line 1356.
(gdb) run
Starting program: /usr/sbin/dhcpd -4 -pf /run/dhcpd4.pid -cf /etc/dhcp/dhcp_test.conf -lf /var/db/dhcpd/dhcpd4.leases -f -d
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Internet Systems Consortium DHCP Server 4.3.2
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Breakpoint 1, ldap_read_config () at ldap.c:1356
1356 ldap_dn_node *curr = NULL;
(gdb) n
1362 struct berval **tempbv = NULL;
(gdb) n
1364 if (ld == NULL)
(gdb) n
1365 ldap_start ();
(gdb) n
Cannot set LDAP TLS crl check option: Can't contact LDAP server
Cannot init ldap session to ldap://ldaptest.example.com:389
1366 if (ld == NULL)
(gdb) n
1367 return (ldap_server == NULL ? ISC_R_SUCCESS : ISC_R_FAILURE);
(gdb) n
1580 }
(gdb) n
readconf () at confpars.c:70
70 }
(gdb) n
main (argc=10, argv=0x7fffffffe458) at dhcpd.c:614
614 log_fatal ("Configuration file errors encountered -- exiting");
(gdb) n
Configuration file errors encountered -- exiting
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging..
exiting.
[Inferior 1 (process 4893) exited with code 01]
(gdb) n
The program is not being run.
(gdb) q
[root at new_server dhcp-4.3.2]#
2: break on ldap_start
[root at new_server dhcp-4.3.2]# gdb --args dhcpd -4 -pf /run/dhcpd4.pid -cf /etc/dhcp/dhcp_test.conf -lf /var/db/dhcpd/dhcpd4.leases -f -d
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-64.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/dhcpd...done.
(gdb) break ldap_start
Breakpoint 1 at 0x45b320: file ldap.c, line 620.
(gdb) run
Starting program: /usr/sbin/dhcpd -4 -pf /run/dhcpd4.pid -cf /etc/dhcp/dhcp_test.conf -lf /var/db/dhcpd/dhcpd4.leases -f -d
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Internet Systems Consortium DHCP Server 4.3.2
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Breakpoint 1, ldap_start () at ldap.c:620
620 char *uri = NULL;
(gdb) n
623 if (ld != NULL)
(gdb) n
626 if (ldap_server == NULL)
(gdb) n
628 options = NULL;
(gdb) n
629 option_state_allocate (&options, MDL);
(gdb) n
631 execute_statements_in_scope (NULL, NULL, NULL, NULL, NULL,
(gdb) n
635 ldap_server = _do_lookup_dhcp_string_option (options, SV_LDAP_SERVER);
(gdb) n
636 ldap_dhcp_server_cn = _do_lookup_dhcp_string_option (options,
(gdb) n
638 ldap_port = _do_lookup_dhcp_int_option (options, SV_LDAP_PORT);
(gdb) n
639 ldap_base_dn = _do_lookup_dhcp_string_option (options, SV_LDAP_BASE_DN);
(gdb) n
640 ldap_method = _do_lookup_dhcp_enum_option (options, SV_LDAP_METHOD);
(gdb) n
641 ldap_debug_file = _do_lookup_dhcp_string_option (options,
(gdb) n
643 ldap_referrals = _do_lookup_dhcp_enum_option (options, SV_LDAP_REFERRALS);
(gdb) n
646 ldap_use_ssl = _do_lookup_dhcp_enum_option (options, SV_LDAP_SSL);
(gdb) n
647 if( ldap_use_ssl != LDAP_SSL_OFF)
(gdb) n
649 ldap_tls_reqcert = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_REQCERT);
(gdb) n
650 ldap_tls_ca_file = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_FILE);
(gdb) n
651 ldap_tls_ca_dir = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CA_DIR);
(gdb) n
652 ldap_tls_cert = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CERT);
(gdb) n
653 ldap_tls_key = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_KEY);
(gdb) n
654 ldap_tls_crlcheck = _do_lookup_dhcp_enum_option (options, SV_LDAP_TLS_CRLCHECK);
(gdb) n
655 ldap_tls_ciphers = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_CIPHERS);
(gdb) n
656 ldap_tls_randfile = _do_lookup_dhcp_string_option (options, SV_LDAP_TLS_RANDFILE);
(gdb) n
668 ldap_username = _do_lookup_dhcp_string_option (options, SV_LDAP_USERNAME);
(gdb) n
669 ldap_password = _do_lookup_dhcp_string_option (options, SV_LDAP_PASSWORD);
(gdb) n
675 option_state_dereference (&options, MDL);
(gdb) n
678 if (ldap_server == NULL || ldap_base_dn == NULL)
(gdb) n
685 if (ldap_debug_file != NULL && ldap_debug_fd == -1)
(gdb) n
687 if ((ldap_debug_fd = open (ldap_debug_file, O_CREAT | O_TRUNC | O_WRONLY,
(gdb) n
698 if (ldap_use_ssl == -1)
(gdb) n
714 if (ldap_use_ssl != LDAP_SSL_OFF)
(gdb) n
716 if (ldap_tls_reqcert != -1)
(gdb) n
718 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
(gdb) n
726 if( ldap_tls_ca_file != NULL)
(gdb) n
735 if( ldap_tls_ca_dir != NULL)
(gdb) n
737 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR,
(gdb) n
744 if( ldap_tls_cert != NULL)
(gdb) n
746 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE,
(gdb) n
753 if( ldap_tls_key != NULL)
(gdb) n
755 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE,
(gdb) n
762 if( ldap_tls_crlcheck != -1)
(gdb) n
764 int opt = ldap_tls_crlcheck;
(gdb) n
765 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CRLCHECK,
(gdb) n
768 log_error ("Cannot set LDAP TLS crl check option: %s",
(gdb) n
Cannot set LDAP TLS crl check option: Can't contact LDAP server
772 if( ldap_tls_ciphers != NULL)
(gdb) n
774 if ((ret = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
(gdb) n
781 if( ldap_tls_randfile != NULL)
(gdb) n
794 uri = malloc(strlen(ldap_server) + 16);
(gdb) n
795 if (uri == NULL)
(gdb) n
801 sprintf(uri, "ldap://%s:%d", ldap_server, ldap_port);
(gdb) n
802 ldap_initialize(&ld, uri);
(gdb) n
804 if (ld == NULL)
(gdb) n
806 log_error ("Cannot init ldap session to %s:%d", ldap_server, ldap_port);
(gdb) n
Cannot init ldap session to ldap://ldaptest.example.com:389
807 return;
(gdb) n
889 }
(gdb) n
ldap_read_config () at ldap.c:1366
1366 if (ld == NULL)
(gdb) n
1367 return (ldap_server == NULL ? ISC_R_SUCCESS : ISC_R_FAILURE);
(gdb) n
1580 }
(gdb) n
readconf () at confpars.c:70
70 }
(gdb) n
main (argc=10, argv=0x7fffffffe458) at dhcpd.c:614
614 log_fatal ("Configuration file errors encountered -- exiting");
(gdb) n
Configuration file errors encountered -- exiting
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging..
exiting.
[Inferior 1 (process 7927) exited with code 01]
(gdb) q
[root at new_server dhcp-4.3.2]#
Kristof
On 12/05/15 10:06, "Kristof Van Doorsselaere" <kristof.vandoorsselaere at hogent.be> wrote:
>Peter
>
>On 12/05/15 09:08, "Peter Rathlev" <peter at rathlev.dk> wrote:
>
>>On Mon, 2015-05-11 at 13:07 +0000, Kristof Van Doorsselaere wrote:
>>> The fact I’m always getting: configuration file errors encountered, make me think this is a new bug, isn’t it?
>>
>>It sure does sound something like that. A few other possible ideas:
>>
>>You mentioned that tcpdump on the LDAP server shows nothing. What about
>>a local tcpdump on the DHCP server, using the "any" interface?
>
>I ran tcpdump locally today on the dhcp server, and again I do don’t see any outgoing data during dhcpd startup attempt
>
>>
>>Does the daemon start and release the PTY, just logging the errors to
>>syslog? Or does it not release the PTY and dump the syntax error to
>>STDERR? I would expect the latter for an actual configuration syntax
>>error. I'm not sure how systemd's systemctl starts a daemon and if you
>>would actually see the STDERR output.
>
>I’m currently testing manually (so avoiding systemd), and output looks like this:
>
>[root at new_server dhcp-4.3.2]# dhcpd -4 -pf /run/dhcpd4.pid -cf /etc/dhcp/dhcp_test.conf -lf /var/db/dhcpd/dhcpd4.leases -d -tf /tmp/debug
>Internet Systems Consortium DHCP Server 4.3.2
>Copyright 2004-2015 Internet Systems Consortium.
>All rights reserved.
>For info, please visit https://www.isc.org/software/dhcp/
>WARNING: Overwriting trace file "/tmp/debug"
>Cannot set LDAP TLS crl check option: Can't contact LDAP server
>Cannot init ldap session to ldap://ldaptest.example.com:389
>Configuration file errors encountered -- exiting
>
>
>If you think you have received this message due to a bug rather
>than a configuration issue please read the section on submitting
>bugs on either our web page at www.isc.org or in the README file
>before submitting a bug. These pages explain the proper
>process and the information we find helpful for debugging..
>
>
>exiting.
>[root at new_server dhcp-4.3.2]# echo $?
>1
>[root at new_server dhcp-4.3.2]# ps aux | grep dhcp | grep -v grep
>[root at new_server dhcp-4.3.2]#
>[root at new_server dhcp-4.3.2]#
>
>In the dhcp_test.conf I have: log-facility local4;
>
>Rsyslog redirects local4 to:
>
>
>local4.* /var/log/dhcpd4.log
>
>During startup nothing is logged to this file (while trying to start 4.3.2), so I think its not releasing the PTY and dumping the syntax error to
>STDERR
>
>
>
>>
>>You could also try starting the daemon in the foreground (-f) in an
>>"strace" session and look at what actually happens. Like if the daemon
>>actually creates a socket ("socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)")
>>and what the "connect" returns.
>
>I tried but I don’t see a different behavior while using -f to run in foreground
>
>[root at new_server dhcp-4.3.2]# dhcpd -4 -pf /run/dhcpd4.pid -cf /etc/dhcp/dhcp_test.conf -lf /var/db/dhcpd/dhcpd4.leases -f
>Internet Systems Consortium DHCP Server 4.3.2
>Copyright 2004-2015 Internet Systems Consortium.
>All rights reserved.
>For info, please visit https://www.isc.org/software/dhcp/
>Cannot set LDAP TLS crl check option: Can't contact LDAP server
>Cannot init ldap session to ldap://ldaptest.example.com:389
>Configuration file errors encountered -- exiting
>
>
>If you think you have received this message due to a bug rather
>than a configuration issue please read the section on submitting
>bugs on either our web page at www.isc.org or in the README file
>before submitting a bug. These pages explain the proper
>process and the information we find helpful for debugging..
>
>
>exiting.
>[root at new_server dhcp-4.3.2]#
>
>
>For extra debugging, I started with strace, output is attached as file: strace_output.txt
>
>I also tried to start with gdb, to see some more debug output, but it’s hard for me to tell where it goes wrong as I’m not a developer
>
>Gdb output is attached as gdb_output.txt
>
>Kristof
>
>
>
>>
>>I'm afraid we don't use the LDAP backend and I try to avoid Windows RHEL
>>2007 like the plague. Not a fan of systemd on servers. :-)
>>
>>--
>>Peter
>>
>>
>>_______________________________________________
>>dhcp-users mailing list
>>dhcp-users at lists.isc.org
>>https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list