Common Proxy Repair Script for OES2018, OES2015, and OES11

6 Likes

common-proxy-fix-1.5.zip

Uses:


I recommend running this script if you have services that are failing to start due to authentication, or if you suspect an issue with the Common Proxy User, such as missing user or incorrect password.

Description:


The Common Proxy Repair script checks and fixes all aspects of the Common Proxy user including:

    • Common Proxy user is set in /etc/opt/novell/proxymgmt/proxy_users.conf
    • Common Proxy credentials are set in CASA
    • Common Proxy credentials for OES services (stored in CASA or file)
    • Common Proxy User exists in edir
    • Common Proxy User does not have Intruder Lockout
    • Common Proxy Universal Password Policy exists
    • Common Proxy User is assigned to Common Proxy UP Policy
    • Proxy user setting in /etc/sysconfig/novell/ files
    • change_proxy_pwd.sh script is in crontab


Executing this script on a working system is not harmful as long as the correct user is selected/specified.

See /var/log/common-proxy-fix.log for debug messages

Usage:

 

Usage: common-proxy-fix-1.0.sh -u ADMIN_DN [options]
-u ADMIN_DN Admin username in LDAP syntax (required)
-w ADMIN_PASS Admin password
-h LDAPS_IP LDAPS IP, default is 127.0.0.1
-p LDAPS_PORT LDAPS port, default is 636
-f SERVICE_LIST Comma separated list of services to force config for CASA
cifs,afp,dns,dhcp,ncs,netstorage,lum)

Example: common-proxy-fix-1.0.sh -u cn=admin,o=org
Example: common-proxy-fix-1.0.sh -u cn=admin,o=org -w P@ssw0rd
Example: common-proxy-fix-1.0.sh -u cn=admin,o=org -h 192.168.2.5 -p 1636
Example: common-proxy-fix-1.0.sh -u cn=admin,o=org -f cifs,dns,dhcp

 

Sample Output:

 

pluto:~ # common-proxy-fix-1.0.sh -u cn=admin,o=mf

Logging to /var/log/common-proxy-fix.log . . .

Enter password for cn=admin,o=mf:
Verifying authentication for ADMIN_DN....SUCCESS

Retrieving Common Proxy username and password....SUCCESS....cn=OESCommonProxy_pluto,ou=servers,o=mf
Retrieving CIFS username and password............SUCCESS....cn=admin,o=mf
Retrieving AFP username and password.............SUCCESS....cn=OESCommonProxy_pluto,ou=servers,o=mf
Retrieving DNS username and password.............SUCCESS....cn=OESCommonProxy_pluto,ou=servers,o=mf
Retrieving DHCP username and password............FAILURE
Retrieving LUM username and password.............SUCCESS....cn=OESCommonProxy_pluto,ou=servers,o=mf

/etc/opt/novell/proxymgmt/proxy_users.conf is empty

1) Default Common Proxy User: cn=OESCommonProxy_pluto,ou=servers,o=mf (in eDir)
2) Common Proxy set in CASA: cn=OESCommonProxy_pluto,ou=servers,o=mf (in eDir)
3) Common Proxy set in CONF:
4) Enter Common Proxy Username

Select the correct CP Username (1/2/3/4/q): 2

Checking Common Proxy UP Policy....SUCCESS
Verifying authentication with the existing common proxy password....SUCCESS
Assigning Common Proxy User to Common_Proxy_Policy....SUCCESS
Adding user to /etc/opt/novell/proxymgmt/proxy_users.conf....SUCCESS
Checking Crontab for change_proxy_pwd.sh....SUCCESS

Setting credentials for cifs....username does not match

Setting credentials for afp....ALREADY SET

Setting credentials for dns....ALREADY SET

dhcp is installed, but credentials were not found.
Force dhcp credentials into CASA using CASAcli? (y/n): y
Forcing CASA credentials for dhcp using CASAcli....SUCCESS

Not setting credentials for ifolder....not installed

Not setting credentials for netstorage....not installed

Not setting credentials for ncs....not installed

Setting credentials for lum....ALREADY SET

Log File: /var/log/common-proxy-fix.log

 

Changelog:

Version 1.5

    1. Added the -P option to not check or fix the Universal Password Policy
    2. "-f lum" is now needed to set the lum creds, since they are not set on a server by default

Version 1.4

    1. Improved the common proxy user selection interface
    2. A few other minor improvements

Version 1.3

    1. Fixed a small issue with the Default Common Proxy Name
    2. Added additional handling for /etc/sysconfig/novell/ files

Version 1.2

    1. The proxy user is now updated in the files in /etc/sysconfig/novell/
    2. Added additional checking for the common proxy user in eDirectory

Version 1.1

    1. Added checking for Intruder Lockout
    2. Added additional checking for Common Proxy UP Policy

Labels:

Collateral
How To-Best Practice
Support Tip
Comment List
Anonymous
Related Discussions
Recommended