Nrmonlyroot

From CoolSolutionsWiki

-my other wikis

Novell Remote Manager (NRM) only allows root to login to OES 2

Contents

[edit]

error

  1. error: pam_warn(httpstkd:auth): function=[pam_sm_authenticate] service=[httpstkd] terminal=[<unknown>]
  2. Feb 18 12:17:58 fs3 /usr/sbin/namcd[10801]: Starting namcd..
  3. Feb 18 12:17:58 fs3 /usr/sbin/namcd[10801]: namcd populating the user hash tables
  4. Feb 18 12:17:58 fs3 /usr/sbin/namcd[10801]: User profile file cannot be opened/does not exist
  5. Feb 18 12:17:58 fs3 /usr/sbin/namcd[10801]: Failed to populate user hash tables from file, namcd populating the hash tables from eDir
  6. Feb 18 12:17:59 fs3 /usr/sbin/namcd[10801]:
[edit]

ldap_initconn: LDAP bind failed (error = [81]), trying to connect to alternative LDAP server

  1. Feb 18 12:17:59 fs3 /usr/sbin/namcd[10801]: Unknown error returned reading configuration parameter: alternative-ldap-server-list
  2. Feb 18 12:17:59 fs3 /usr/sbin/namcd[10801]: _nds_nss_struct_init: Error [226] in _nds_ldap_private_struct_init.
  3. Feb 18 12:17:59 fs3 /usr/sbin/namcd[10801]: Problem in namcd initialization, exiting...
  4. Feb 18 12:18:01 fs3 /usr/sbin/namcd[10801]: Deleted hash tables and flushed data into local files
  5. Feb 18 12:18:01 fs3 /usr/sbin/namcd[10801]: Deinitialized threads
[edit]

errors

  1. findUserWithoutUIDAndGID
  2. pam_warn(httpstkd:session): function=[pam_sm_open_session] service=[httpstkd] terminal=[<unknown>] user=
  3. monitorChangesInLDAP: LUM configuration points to non-replica LDAP server. Persistent search is not supported for this configuration.
  4. /usr/sbin/namcd[4278]: findUserWithoutUIDAndGID: Return code from the search: [32]
[edit]

documentation

  1. Documentation on LUM
  2. Using Iman to lum enable edir users
  3. OES 2 sp1 documentation on troubleshooting LUM
[edit]

troubleshooting LUM

  1. rpm -qa | grep lum
  2. rcnamcd status should be running
    1. rcnamcd was NOT starting because the ldap server (MUST have replica for LUM) we were talking to had its KMO/cert expired (pkidiag), once that was fixed, namcd would start.
  3. rcnscd status
  4. to re-download the keys, namconfig -k
  5. ensure /etc/nam.conf is pointing to the correct ip addr/etc
  6. see also http://wiki.novell.com/index.php/Migfilesauthenticationfailure
  7. find lumdiag and RUN LUMDIAG (not released yet)
  8. turn on ldap debug
    1. ldapconfig set “LDAP Screen Level=all”
    2. or on NW modify the ldap group object and enable all ldap options
  9. get a supportconfig and review the lum.txt
  10. ensure rcnscd is STOPPED/not running
  11. screen -a
    1. ctr A ' "^A"
  12. tail -f /var/log/messages
  13. ldapconfig get
  14. namgroupadd -A -P -x ou=is,o=novell templumgrp
  15. ndsrepair -P
  16. nameconfig get | grep -i prefe
  17. nameconfig get | grep -i persis requires user ID to have a replica copy
  18. namuseradd -a cn=admin,o=novell -x ou=is,o=novell -g cn=templumgrp2,ou=is,o=novell minime
    1. namuseradd -a $ADMINFDN -w $ADMINPWD -x $USERCONTEXT -d "$LUM_HOMEDIR" -g cn="$LUM_PRIMGROUP","$GRPCONTEXT" -s "$LUM_SHELL" -o -u "$LUM_UID" "$LUM_USERID"
[edit]

solution

  1. One CASE we had to REMOVE the server from edir - this is EXTREME and typically you don't need to do that.
  2. ndsconfig rm -a cn=admin.o=org
  3. scrub script novell-scrub.sh
    1. needed dos2unix novell-scrub.sh
Retrieved from "http://wiki.novell.com/index.php/Nrmonlyroot"