LUM enabled services LUM Enabled Services are not listed in the unixworkstation object

Hi,

this is OES2108. LUM seems to work. (Can login with a LUM-enabled user;
id <user> shows the same user ID as in iManager)

But in 'iManager / Linux User Management / Modify Unix Workstation
Objekt / LUM enabled services' are no services visible.

In TID7010025 (OES2 from 2012 ;-) is described that pam_nam.so from
/etc/pam.d/openwbem has to be correct. But this file is not there
because openWBEM is migrated to sfcb.

What is the way to get the enabled services visible?

Bernd
  • Based on quick testing on OES2015SP1:
    to get the services listed, you
    - need to have sfcb up and running
    - need the file /etc/pam.d/sfcb
    - need the entries referencing pam_nam.so in the sfcb file
    once all this is done you'll get anything listed in iManager which has the statement
    account sufficient pam_nam.so
    in it. Actually if i create a file named "lalala" with the statement above in it i get "lalala" listed in iManager as a LUM-enabled service.
  • Am 12.07.2018 um 17:54 schrieb mathiasbraun:
    >
    > Based on quick testing on OES2015SP1:
    > to get the services listed, you
    > - need to have sfcb up and running
    > - need the file /etc/pam.d/sfcb
    > - need the entries referencing pam_nam.so in the sfcb file
    > once all this is done you'll get anything listed in iManager which has
    > the statement
    > account sufficient pam_nam.so
    > in it. Actually if i create a file named "lalala" with the statement
    > above in it i get "lalala" listed in iManager as a LUM-enabled service.
    >
    >

    This is OK on OES2015SP1 ;-)

    But this is OES2018!

    The service is called sblim-sfcb.service now. It is up and running.
    (But the rcsfcb is linked to /usr/sbin/service and without parameter
    there is no answer from service)

    The file /etc/pam.d/sfcb is there. The entries referencing pam_nam.so
    are in the sfcb file.

    Even if I create the file test in /etc/pam.d/ it is not shown in the
    list in iMananger.

    Bernd
  • Pretty easy to dupe, even on a single-server vanilla installation. I just have this single VM avail at the moment (and i still haven't found what's going wrong) but on this box i initially couldn't even get a simple "wbemcat" to work. This was related to a wrong statement in sfcb.cfg where
    basicAuthLib
    was set to
    sfcBasicAuthentication
    instead of
    sfcBasicPAMAuthentication
    which obviously can't work. After changing this i still can't list the LUM-enabled services in iManager, but at least i get different errors :-)
    ...and i can login to sfcb with both local and LUM-enabled accounts.
  • Am 17.07.2018 um 18:54 schrieb mathiasbraun:
    >
    > Pretty easy to dupe, even on a single-server vanilla installation. I
    > just have this single VM avail at the moment (and i still haven't found
    > what's going wrong) but on this box i initially couldn't even get a
    > simple "wbemcat" to work. This was related to a wrong statement in
    > sfcb.cfg where
    > basicAuthLib
    > was set to
    > sfcBasicAuthentication
    > instead of
    > sfcBasicPAMAuthentication
    > which obviously can't work. After changing this i still can't list the
    > LUM-enabled services in iManager, but at least i get different errors
    > :-)
    > ...and i can login to sfcb with both local and LUM-enabled accounts.
    >
    >

    The sfcb.cfg entry here was 'sfcBasicPAMAuthentication' so this seems to
    be OK. (in sfcb.conf I read sfcBasicAuthentication is the Default for
    basicAuthLib?) But I'm unable to get 'wbemcat' to run, too. But this is
    because I do not know a correct request file ;-)

    Bernd
  • <?xml version="1.0" encoding="utf-8"?>
    <CIM CIMVERSION="2.0" DTDVERSION="2.0">
    <MESSAGE ID="4711" PROTOCOLVERSION="1.0">
    <SIMPLEREQ>
    <IMETHODCALL NAME="EnumerateClasses">
    <LOCALNAMESPACEPATH>
    <NAMESPACE NAME="root"/>
    <NAMESPACE NAME="cimv2"/>
    </LOCALNAMESPACEPATH>
    <IPARAMVALUE NAME="ClassName">
    <CLASSNAME NAME=""/>
    </IPARAMVALUE>
    <IPARAMVALUE NAME="DeepInheritance">
    <VALUE>TRUE</VALUE>
    </IPARAMVALUE>
    <IPARAMVALUE NAME="LocalOnly">
    <VALUE>FALSE</VALUE>
    </IPARAMVALUE>
    <IPARAMVALUE NAME="IncludeQualifiers">
    <VALUE>FALSE</VALUE>
    </IPARAMVALUE>
    <IPARAMVALUE NAME="IncludeClassOrigin">
    <VALUE>TRUE</VALUE>
    </IPARAMVALUE>
    </IMETHODCALL>
    </SIMPLEREQ>
    </MESSAGE>
    </CIM>
  • Am 18.07.2018 um 13:44 schrieb mathiasbraun:
    >
    > <?xml version="1.0" encoding="utf-8"?>

    (...)

    Thx!

    In sfcb.cfg are:
    httpPort: 5988
    httpsPort: 5989

    but
    enableHttp is false

    set it to true and restart sfcb does show the port 5988 is now
    listening. But 'LUM enabled Services' is empty as before ...

    more hints?

    Bernd
  • After getting the empty list, on a
    rcsblim-sfcb status
    do you get something like
    "novell_pam_settingdata provider exiting due to a SIGSEGV signal"?
  • You might want to open a service request and reference bug 1097239.