Avoiding NICI Problems with OES Installs



A Forum reader asked the following question:

"When adding servers through the ndsconfig command line, the nicifk does not get copied across, and is it a real problem. How do we overcome this? I have had a few failed installs and prefer not to start the install from scratch again."

And here's the response from Niklas Ekstedt ...


I had no problems whatsoever installing a new OES SP2 box; I selected not to configure OES during the install. After the install, I went into YaST and selected to configure eDirectory beneath Network Services. I pointed it to the CA server and specified in what context I wanted to have it installed. It worked like a charm, no problems at all.

I then retried the operation, this time from the shell using ndsconfig. Again it worked OK, but it wasn't able to start the LDAP TLS. This was because it hadn't created the SSL CertificateIP object, only the SSL CertificateDNS. I compared it to my CA server and found out that the /var/novell/nicifk file was missing. Again I retried the operation, this time using the following sequence of commands as root:

cd /var/novell/nici
scp root@ ./ ndsconfig add -t
OES1BASE-TREE -n ou=srv.o=admin -a cn=admin.o=admin

You need to be doing the following as root:

cd /var/novell/nici

What I do is that I change the active directory on the new server to /var/novell/nici - this is the directory where the NICI stuff is stored, assuming you're using eDirectory 8.7.3.x ...

scp root@ ./

Next, I use Secure Shell Copy (scp) to login as root and copy the /var/novell/nicifk file from my Certificate Authority server ( into the active directory (./) This is the /var/novell/nici, as we used with the previous step.

ndsconfig add -t OES1BASE-TREE -n ou=srv.o=admin -a cn=admin.o=admin

Finally, I install the new server into the tree, OES1BASE-TREE, and place it in the srv.admin container. The install is done as user admin.admin.


How To-Best Practice
Comment List