Directory Server gateway over SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Hmm - that's not good at all.  What OS is this?  You mentioned that 
> you have an FC5 system running fine.  Is this from just the initial 
> click on the DS Gateway link from the main admin server page?  Or do 
> you actually get into the DS Gateway app?
>

This is a RedHat Enterprise 3 system (current update) on an x86 HP 
Proliant system.  This logs look like this from the link page on up.  
For instance, when SSL is enabled for the admin server, these are the 
entries for the root page ("Services for Users" at the top):

--
[Tue Apr 25 09:04:44 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x
[Tue Apr 25 09:04:45 2006] [notice] child pid 20951 exit signal 
Segmentation fault (11)
[Tue Apr 25 09:04:46 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x
[Tue Apr 25 09:04:47 2006] [notice] child pid 21018 exit signal 
Segmentation fault (11)
[Tue Apr 25 09:04:48 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x, 
referer: https://admin.server.host:49657/dist/download
[Tue Apr 25 09:04:48 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x, 
referer: https://admin.server.host:49657/dist/download
[Tue Apr 25 09:04:49 2006] [notice] child pid 21087 exit signal 
Segmentation fault (11)
--

Where x.x.x.x is the client system.  Funny thing is, I get that page - 
it's just slow.  But if I go into the DS Gateway (and I can), only parts 
of the pages manage to get received by the client.   The "Fedora 
Administration Express 
<http://biowulf.nih.gov:49657/admin-serv/tasks/configuration/HTMLAdmin?op=index>" 
section does the same.  Images, for instance, successfully get fetched 
at random and many parts of the forms never manage to get downloaded.  
The log output looks the same however: a "can't resolve host" line 
followed by a "segfault" line for almost everything.  Here's a piece of 
the "Directory Gateway" front page:

--
[Tue Apr 25 09:22:58 2006] [notice] child pid 24036 exit signal 
Segmentation fault (11)
[Tue Apr 25 09:22:59 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x, 
referer: 
https://admin.serv.host:49657/clients/dsgw/bin/lang?context=dsgw&file=maintitle.html
[Tue Apr 25 09:22:59 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x, 
referer: 
https://admin.serv.host:49657/clients/dsgw/bin/lang?context=dsgw&file=maintitle.html
[Tue Apr 25 09:23:00 2006] [notice] child pid 24107 exit signal 
Segmentation fault (11)
[Tue Apr 25 09:23:01 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x, 
referer: 
https://admin.serv.host:49657/clients/dsgw/bin/lang?context=dsgw&file=maintitle.html
[Tue Apr 25 09:23:01 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x, 
referer: 
https://admin.serv.host:49657/clients/dsgw/bin/lang?context=dsgw&file=maintitle.html
[Tue Apr 25 09:23:02 2006] [notice] child pid 24179 exit signal 
Segmentation fault (11)
[Tue Apr 25 09:23:03 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x, 
referer: 
https://admin.serv.host:49657/clients/dsgw/bin/lang?context=dsgw&file=maintitle.html
[Tue Apr 25 09:23:04 2006] [notice] child pid 24249 exit signal 
Segmentation fault (11)
[Tue Apr 25 09:23:05 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x, 
referer: 
https://admin.serv.host:49657/clients/dsgw/bin/lang?context=dsgw&file=maintitle.html
[Tue Apr 25 09:23:06 2006] [notice] child pid 24318 exit signal 
Segmentation fault (11)
--

Here's the output when accessing via the Java console (which attaches 
via a different interface):

--
[Tue Apr 25 09:09:48 2006] [notice] [client 10.1.128.5] 
admserv_host_ip_check: ap_get_remote_host could not resolve 10.1.128.5
[Tue Apr 25 09:09:48 2006] [notice] [client 10.1.128.5] 
admserv_check_authz(): passing [/admin-serv/authenticate] to the 
userauth handler
[Tue Apr 25 09:09:50 2006] [notice] child pid 21154 exit signal 
Segmentation fault (11)
[Tue Apr 25 09:09:59 2006] [notice] [client 10.1.128.5] 
admserv_host_ip_check: ap_get_remote_host could not resolve 10.1.128.5
[Tue Apr 25 09:09:59 2006] [notice] child pid 21576 exit signal 
Segmentation fault (11)
[Tue Apr 25 09:10:00 2006] [notice] [client 10.1.128.5] 
admserv_host_ip_check: ap_get_remote_host could not resolve 10.1.128.5
[Tue Apr 25 09:10:01 2006] [notice] child pid 21650 exit signal 
Segmentation fault (11)
[Tue Apr 25 09:10:02 2006] [notice] [client 10.1.128.5] 
admserv_host_ip_check: ap_get_remote_host could not resolve 10.1.128.5
[Tue Apr 25 09:10:03 2006] [notice] child pid 21736 exit signal 
Segmentation fault (11)
--
The console appears to work, but I haven't done a lot of testing.  It is 
what I use to turn SSL on and off.

If I turn SSL off, here's the root (Services for User) page from a browser:

--
[Tue Apr 25 09:12:40 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x
[Tue Apr 25 09:12:44 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x
[Tue Apr 25 09:12:44 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x, 
referer: http://admin.server.host:49657/dist/download
[Tue Apr 25 09:12:44 2006] [notice] [client x.x.x.x] 
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x, 
referer: http://admin.server.host:49657/dist/download
--

With SSL off, everything works quickly and nicely with the exception of 
these log entries.

The client name/address and the system's name/address, do resolve 
correctly via DNS.

The LDAP portion of the server works fine over SSL.





[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux