Project

General

Profile

Bug #13295

[common.freenasusers:384] Directory Users could not be retrieved: {'desc': 'Size limit exceeded'}

Added by David Hedges over 4 years ago. Updated about 4 years ago.

Status:
Closed: Insufficient Info
Priority:
Nice to have
Assignee:
John Hixson
Category:
OS
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

HP PROLIANT DL360 G5
32GB RAM
dual xeon processors

ChangeLog Required:
No

Description

after joining freenas to a windows domain with over 50,000 users and groups, freenas begins to hang on boot, and portions of the web interface become unavailable, and eventually fails. I suspect this is an issue where it may be trying to cache or catalog domain users and groups.
initial boot to the menu prompt on the console took over an hour (this was after upgrading memory to 32GB), prior to adding additional memory once we joined the domain it would crash once it bound to AD due to a lack of swap space.

during the boot process the web ui is available, but options such as cifs settings, advanced settings, disk settings and properties just hang when clicked on. The web ui eventually fails displaying the following:

An error occurred.

Sorry, the page you are looking for is currently unavailable.
Please try again later.

If you are the system administrator of this resource then you should check the error log for details.

Faithfully yours, nginx.

the messages log shows this from booting:

Jan 21 15:33:47 freenastest generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: mount
Jan 21 15:33:47 freenastest generate_smb4_conf.py: [common.pipesubr:71] Popen()ing: /usr/local/bin/net -d 0 getlocalsid
Jan 21 15:33:49 freenastest adtool: [common.pipesubr:71] Popen()ing: klist
Jan 21 15:34:12 freenastest generate_ldap_conf.py: [common.pipesubr:71] Popen()ing: klist
Jan 21 15:34:20 freenastest nmbd4253: [2016/01/21 15:34:20.231292, 0] ../lib/util/become_daemon.c:136(daemon_ready)
Jan 21 15:34:20 freenastest nmbd4253: STATUS=daemon 'nmbd' finished starting up and ready to serve connectionssend_host_announcement: type 809b23 for host FREENASTEST on subnet 10.50.200.226 for workgroup LL
Jan 21 15:34:20 freenastest smbd4256: [2016/01/21 15:34:20.436532, 0] ../lib/util/become_daemon.c:136(daemon_ready)
Jan 21 15:34:20 freenastest smbd4256: STATUS=daemon 'smbd' finished starting up and ready to serve connectionswaiting for connections
Jan 21 15:34:20 freenastest smbd4256: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
Jan 21 15:34:20 freenastest winbindd4259: [2016/01/21 15:34:20.476102, 0] ../lib/util/become_daemon.c:136(daemon_ready)
Jan 21 15:34:21 freenastest smbd4256: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
Jan 21 15:34:22 freenastest smbd4256: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
Jan 21 15:34:23 freenastest smbd4256: dnssd_clientstub ConnectToServer: connect() failed Socket:32 Err:-1 Errno:2 No such file or directory
Jan 21 15:34:23 freenastest winbindd4259: STATUS=daemon 'winbindd' finished starting up and ready to serve connections[ 4396]: request interface version
Jan 21 15:34:26 freenastest winbindd4259: [2016/01/21 15:34:26.709594, 0] ../source3/libsmb/cliconnect.c:1843(cli_session_setup_spnego_send)
Jan 21 15:34:26 freenastest winbindd4259: Kinit failed: Preauthentication failed
Jan 21 15:34:37 freenastest cachetool.py: [common.pipesubr:71] Popen()ing: klist
Jan 21 15:35:20 freenastest manage.py: [common.pipesubr:71] Popen()ing: klist
Jan 21 15:37:08 freenastest manage.py: [common.pipesubr:71] Popen()ing: klist
Jan 21 15:40:09 freenastest cachetool.py: [common.freenasusers:384] Directory Users could not be retrieved: {'desc': 'Size limit exceeded'}
Jan 21 15:40:10 freenastest cachetool.py: [common.pipesubr:71] Popen()ing: klist
Jan 21 15:43:16 freenastest manage.py: [common.pipesubr:71] Popen()ing: klist
Jan 21 15:48:35 freenastest manage.py: [common.freenasusers:384] Directory Users could not be retrieved: {'desc': 'Size limit exceeded'}
Jan 21 15:48:36 freenastest manage.py: [common.pipesubr:71] Popen()ing: klist
Jan 21 16:05:32 freenastest winbindd6399: [2016/01/21 16:05:32.714631, 0] ../source3/winbindd/winbindd_dual.c:1367(child_handler)
Jan 21 16:05:32 freenastest winbindd6399: Could not write result
Jan 21 19:37:59 freenastest manage.py: [common.freenasusers:384] Directory Users could not be retrieved: {'desc': "Can't contact LDAP server"}
Jan 21 19:38:00 freenastest manage.py: [common.freenasusers:384] Directory Users could not be retrieved: {'desc': "Can't contact LDAP server"}
Jan 22 00:00:00 freenastest syslog-ng1790: Configuration reload request received, reloading configuration;

IMG_1986[1].JPG (2.52 MB) IMG_1986[1].JPG David Hedges, 01/25/2016 01:52 PM
IMG_1987.JPG (2.27 MB) IMG_1987.JPG David Hedges, 01/25/2016 01:54 PM
4954
4955

History

#1 Updated by John Hixson over 4 years ago

  • Status changed from Unscreened to 15
  • Priority changed from No priority to Nice to have
  • Target version set to 261

Can you please attach a debug after this occurs? system->advanced->"save debug".

#2 Updated by David Hedges over 4 years ago

John Hixson wrote:

Can you please attach a debug after this occurs? system->advanced->"save debug".

is there a way to pull this from the cli? As stated above, the advanced menu is inaccessible after I join the domain. I am however able to ssh in to the freenas device.

also, I think I misrepresented the number of users and groups in the domain, I went back and took a look, it's actually much higher and in the realm of about 200,000+ users and groups within active directory.

#3 Updated by John Hixson over 4 years ago

David Hedges wrote:

John Hixson wrote:

Can you please attach a debug after this occurs? system->advanced->"save debug".

is there a way to pull this from the cli? As stated above, the advanced menu is inaccessible after I join the domain. I am however able to ssh in to the freenas device.

Yes.

mkdir /tmp/foo
ixdiagnose -d /tmp/foo -s -l -1

There will be a ixdiagnose.tgz in /tmp/foo

also, I think I misrepresented the number of users and groups in the domain, I went back and took a look, it's actually much higher and in the realm of about 200,000+ users and groups within active directory.

FreeNAS is known to work with this many users and groups. The size limit exceeded error tells me there is a size limit on your AD server. This shouldn't matter however, as we have code that works around that so I'm interested in what is going wrong here.

#4 Updated by David Hedges over 4 years ago

4954
4955

John Hixson wrote:

David Hedges wrote:

John Hixson wrote:

Can you please attach a debug after this occurs? system->advanced->"save debug".

is there a way to pull this from the cli? As stated above, the advanced menu is inaccessible after I join the domain. I am however able to ssh in to the freenas device.

Yes.

mkdir /tmp/foo
ixdiagnose -d /tmp/foo -s -l -1

There will be a ixdiagnose.tgz in /tmp/foo

also, I think I misrepresented the number of users and groups in the domain, I went back and took a look, it's actually much higher and in the realm of about 200,000+ users and groups within active directory.

FreeNAS is known to work with this many users and groups. The size limit exceeded error tells me there is a size limit on your AD server. This shouldn't matter however, as we have code that works around that so I'm interested in what is going wrong here.

I've been trying to pull the diagnostics when this happens, but keep getting faults and reboots after a while.
I think I may try building this in a vm and testing again tomorrow to see if my results end up different there.

#5 Updated by John Hixson over 4 years ago

Hi David,

Would you be available for a teamviewer session? I'd like to take a look at this for myself.

#6 Updated by David Hedges over 4 years ago

John Hixson wrote:

Hi David,

Would you be available for a teamviewer session? I'd like to take a look at this for myself.

Sure, let me now how to get in contact with you

#7 Updated by John Hixson over 4 years ago

David Hedges wrote:

John Hixson wrote:

Hi David,

Would you be available for a teamviewer session? I'd like to take a look at this for myself.

Sure, let me now how to get in contact with you

#8 Updated by John Hixson over 4 years ago

John Hixson wrote:

David Hedges wrote:

John Hixson wrote:

Hi David,

Would you be available for a teamviewer session? I'd like to take a look at this for myself.

Sure, let me now how to get in contact with you

Hi David,

I'm not sure if you have sent me an email. If you have, can you please resend it?

#9 Updated by John Hixson over 4 years ago

Hi David,

I'm not sure if you have sent me an email. If you have, can you please resend it?

#10 Updated by John Hixson over 4 years ago

Hi David,

I'd like to look at this more. Do you have time? Can you please email me again?

We recently upgraded our email servers and I don't seem to have any emails from you. Can you please re-send ?

#11 Updated by John Hixson over 4 years ago

Hi David,

I'd like to look at this more. Do you have time? Can you please email me again?

We recently upgraded our email servers and I don't seem to have any emails from you. Can you please re-send ?

#12 Updated by John Hixson over 4 years ago

  • Status changed from 15 to Closed: Insufficient Info

#13 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

  • Target version changed from 261 to N/A

Also available in: Atom PDF