Revision as of 23:26, 18 February 2010 by Terickson
Novell Remote Manager (NRM) only allows root to login to OES 2
- Either the Admin volume was not found or you don't have rights to access it
- error: pam_warn(httpstkd:auth): function=[pam_sm_authenticate] service=[httpstkd] terminal=[<unknown>]
- Feb 18 12:17:58 fs3 /usr/sbin/namcd: Starting namcd..
- Feb 18 12:17:58 fs3 /usr/sbin/namcd: namcd populating the user hash tables
- Feb 18 12:17:58 fs3 /usr/sbin/namcd: User profile file cannot be opened/does not exist
- Feb 18 12:17:58 fs3 /usr/sbin/namcd: Failed to populate user hash tables from file, namcd populating the hash tables from eDir
- Feb 18 12:17:59 fs3 /usr/sbin/namcd:
ldap_initconn: LDAP bind failed (error = ), trying to connect to alternative LDAP server
- Feb 18 12:17:59 fs3 /usr/sbin/namcd: Unknown error returned reading configuration parameter: alternative-ldap-server-list
- Feb 18 12:17:59 fs3 /usr/sbin/namcd: _nds_nss_struct_init: Error  in _nds_ldap_private_struct_init.
- this usually means the ldap certificate has expired.
- Feb 18 12:17:59 fs3 /usr/sbin/namcd: Problem in namcd initialization, exiting...
- Feb 18 12:18:01 fs3 /usr/sbin/namcd: Deleted hash tables and flushed data into local files
- Feb 18 12:18:01 fs3 /usr/sbin/namcd: Deinitialized threads
- pam_warn(httpstkd:session): function=[pam_sm_open_session] service=[httpstkd] terminal=[<unknown>] user=
- monitorChangesInLDAP: LUM configuration points to non-replica LDAP server. Persistent search is not supported for this configuration.
- /usr/sbin/namcd: findUserWithoutUIDAndGID: Return code from the search: 
- Documentation on LUM
- Using Iman to lum enable edir users
- OES 2 sp1 documentation on troubleshooting LUM
- rpm -qa | grep lum
- rcnamcd status should be running
- rcnamcd was NOT starting because the ldap server (MUST have replica for LUM) we were talking to had its KMO/cert expired (pkidiag), once that was fixed, namcd would start.
- rcnscd status
- to re-download the keys, namconfig -k
- ensure /etc/nam.conf is pointing to the correct ip addr/etc
- see also http://wiki.novell.com/index.php/Migfilesauthenticationfailure
- find lumdiag and RUN LUMDIAG (not released yet)
- turn on ldap debug
- ldapconfig set Ã¢â‚¬Å“LDAP Screen Level=allÃ¢â‚¬Â
- or on NW modify the ldap group object and enable all ldap options
- get a supportconfig and review the lum.txt
- ensure rcnscd is STOPPED/not running
- screen -a
- ctr A ' "^A"
- tail -f /var/log/messages
- ldapconfig get
- namgroupadd -A -P -x ou=is,o=novell templumgrp
- ndsrepair -P
- nameconfig get | grep -i prefe
- nameconfig get | grep -i persis requires user ID to have a replica copy
- namuseradd -a cn=admin,o=novell -x ou=is,o=novell -g cn=templumgrp2,ou=is,o=novell minime
- namuseradd -a $ADMINFDN -w $ADMINPWD -x $USERCONTEXT -d "$LUM_HOMEDIR" -g cn="$LUM_PRIMGROUP","$GRPCONTEXT" -s "$LUM_SHELL" -o -u "$LUM_UID" "$LUM_USERID"
- One CASE we had to REMOVE the server from edir - this is EXTREME and typically you don't need to do that.
- ndsconfig rm -a cn=admin.o=org
- scrub script novell-scrub.sh
- needed dos2unix novell-scrub.sh