Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
rkatcher Absent Member.
Absent Member.
4980 views

Desperately need help with OES Linux iManager

I have installed my first OES Linux server and seemed to complete the install without error. However, when I go in to iManager --> Roles and Tasks --> Storage --> Devices --> browse to my server I then get the message Error: This user does not have the correct credentials to authenticate to the CIMOM client. I go through TID#7002981 Troubleshooting Linux User Management - Step by Step. The results of each step follow.

1. No SuSe-release command, but rest is OK

2. Everything looked OK to me.

3. Seems to be installed.

4. Seems OK to me

5. They're the same

6.1 UNIX Config and UNIX Workstation - myhost are both in o=myorg
6.2 Server object myhost is in o=myorg

7.1 Context is there and correct
7.2 Groups admingroup.myorg, novlxtier.myorg and www.myorg are listed with access to LUM-enabled Services. When I go to the LUM Enabled Services tab, nothing is listed! I used the wizard to reconfigure LUM but it made no difference.

8. Changed preferred LDAP server from myhostIP to MasterReplicaIP and rebooted. Nothing changed.

9. Used an LDAP browser to access the MasterReplicaServer on both 389 and 636

10. I re-imported the certificate. CONFIG_LDAP_ADMIN_CONTEXT=admin-fdn="cn=admin,o=myorg". There were no proxy-user entries in nam.conf. CONFIG_LUM_PROXY_USER="cn=admin,o=myorg"

11. Has entries that read: passwd: compat nam and group: compat nam

12. What file are they talking about? I skipped this step because I can't make any sense out of it.

13. I didn't see any failures in boot.msg. nam.log has entries of the form
[LDAP 0xhexstring]: initAuthConn: Error: Invalid credentials values:host(masterReplicaIP),port(389),sslport(636 ),admin(cn=admin,o=myorg)
I didn't see any errors in the messages file

14. eDir is loaded, OpenWEBEM is running, NameServiceCacheDaemon is running, NAMCD daemon is running. When I check the status, I seem to have to leave the leading rc off to get a response. Ie,
rcnscd status ==> running
chkconfig rcnscd -l ==> unknown service
chkconfig nscd =l ==> 0:off 1:off 2:off 3:on 4:off 5:on 6:off

15. User ID=0, Primary GroupID=600, org object: o=myorg
namuserlist lists the admin user
id admin ==> No such user

Can anyone help me resolve this? I am desperate for help. If I should be in a different forum, please direct me there. Thanks.
Labels (2)
0 Likes
17 Replies
netwo Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

tail -f /var/log/messages on your storage server while you're trying to access the storage in imanager. From the error log you'll have a better understanding to the event. I encounter that error and solve it by just password reset.
0 Likes
phxazcraig Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

In article <rkatcher.51v9jb@no-mx.forums.novell.com>, Rkatcher wrote:
> : Error: Invalid credentials
> values:host(masterReplicaIP),port(389),sslport(636
> ),admin(cn=admin,o=myorg)
>

Let's start with this area. You are telling the system to read
eDirectory via LDAP using a proxy user of cn=admin,o=myorg. Is myorg
correct? Did you just put that in as an example, but your actual entry
is correct? If the back end system cannot read eDir, you will have
failures. Things to check there:
1. Correct user name and syntax. Note that commas are used instead of
dots when using LDAP formats.
2. Correct password for user
3. Correct port number and encryption.

Are you pointing to this server or another for LDAP? I like pointing
to a NetWare server initially, if possible, just so I can use DSTRACE
commands on the console to see LDAP information.

Craig Johnson
http://www.craigjconsulting.com

0 Likes
rkatcher Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

In article <rkatcher.51v9jb@no-mx.forums.novell.com>, Rkatcher wrote:
> : Error: Invalid credentials
> values:host(masterReplicaIP),port(389),sslport(636
> ),admin(cn=admin,o=myorg)
>

Let's start with this area. You are telling the system to read
eDirectory via LDAP using a proxy user of cn=admin,o=myorg. Is myorg
correct? Did you just put that in as an example, but your actual entry
is correct?
Yes, I replaced my actual organization name with myorg. On my system, it has the correct organization name.

If the back end system cannot read eDir, you will have
failures. Things to check there:
1. Correct user name and syntax. Note that commas are used instead of
dots when using LDAP formats.
2. Correct password for user
3. Correct port number and encryption.
The user name and password are correct. I use them all the time for my Netware administration. I am using a comma. As far as I can tell, the ports are correct. I did use an ldap browser (step 9) to access the LDAP server on both the specified ports.

Are you pointing to this server or another for LDAP? I like pointing
to a NetWare server initially, if possible, just so I can use DSTRACE
commands on the console to see LDAP information.
This server is pointing to my master server for LDAP. Since this is my first linux server, all my other systems are Netware 6.5 with the latest SP. I did enable LDAP trace as suggested in the additional information section of tid #7002981, but I'm not very familiar with it, so to my eyes, I didn't see anything that looked relevant. What should I be looking for.
0 Likes
rkatcher Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

tail -f /var/log/messages on your storage server while you're trying to access the storage in imanager. From the error log you'll have a better understanding to the event.
The log has the following information.
Oct 21 12:24:30 myhost /usr/sbin/namcd[8926]: findUserWithoutUIDAndGID: Return code from the search: [49]
Oct 21 12:24:30 myhost openwbem: PAM_NAM: pam_sm_authenticate: User admin unknown to the authentication module


I encounter that error and solve it by just password reset.
Do you mean I should reset my administrative account password?
0 Likes
brianrbenson1 Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

tell me, what does /var/log/messages say when you restart namcd (rcnamcd restart). Also what does `getent passwd` and `getent group` say? Any edir users?

Do check that the admin.myorg is a member of the admingroup.myorg and that it has LUM attributes, ie uidNumber. etc...

Touchstone Technology Network Consulting Engineer www.touchstonetech.com
0 Likes
rkatcher Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

tell me, what does /var/log/messages say when you restart namcd (rcnamcd restart).
rcnamcd stop
rcnamcd start

Oct 21 13:53:33 myhost /usr/sbin/namcd[18498]: main: Daemonizing namcd
Oct 21 13:53:33 myhost /usr/sbin/namcd[18498]: daemonize: SIGTTOU caught
Oct 21 13:53:33 myhost /usr/sbin/namcd[18498]: daemonize: SIGTTIN caught
Oct 21 13:53:33 myhost /usr/sbin/namcd[18498]: daemonize: SIGTSTP caught
Oct 21 13:53:33 myhost /usr/sbin/namcd[18500]: main: Starting namcd
Oct 21 13:53:33 myhost /usr/sbin/namcd[18500]: readConfigParameter: Base conetxt = o=myorg


Also what does `getent passwd` and `getent group` say? Any edir users?
I see one edir user listed at the end.

getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/bash
daemon:x:2:2:Daemon:/sbin:/bin/bash
lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash
mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false
games:x:12:100:Games account:/var/games:/bin/bash
wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
ftp:x:40:49:FTP account:/srv/ftp:/bin/bash
nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
messagebus:x:100:101:User for D-BUS:/var/run/dbus:/bin/false
haldaemon:x:101:102:User for haldaemon:/var/run/hal:/bin/false
at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash
sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false
postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false
ntp:x:74:103:NTP daemon:/var/lib/ntp:/bin/false
tomcat:x:102:104:Tomcat:/usr/share/tomcat5:/bin/sh
gdm:x:50:105:Gnome Display Manager daemon:/var/lib/gdm:/bin/false
suse-ncc:x:103:106:Novell Customer Center User:/var/lib/YaST2/suse-ncc-fakehome:/bin/bash
novell_nobody:x:104:107:Novell System User:/opt/novell:/bin/bash
man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
news:x:9:13:News system:/etc/news:/bin/bash
uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
myorg_admin:x:0:600::/u/_public:/bin/sh
novlxsrvd:x:82:81:Novell XSrvD System User:/var/opt/novell/xtier/xsrvd:/bin/false
myorg_admin:x:0:600::/u/_public:/bin/sh
novlxregd:x:81:81:Novell XRegD System User:/var/opt/novell/xtier/xregd:/bin/false
wwwrun:x:30:8::/var/lib/wwwrun:/bin/false
mcgrath:x:1001:8::/u/cis/mcgrath:


getent grouproot:x:0:
bin:x:1:daemon
daemon:x:2:
sys:x:3:
tty:x:5:
disk:x:6:
lp:x:7:
www:x:8:
kmem:x:9:
wheel:x:10:
mail:x:12:
news:x:13:
uucp:x:14:
shadow:x:15:
dialout:x:16:
audio:x:17:
floppy:x:19:
cdrom:x:20:
console:x:21:
utmp:x:22:
public:x:32:
video:x:33:
games:x:40:
xok:x:41:
trusted:x:42:
modem:x:43:
ftp:x:49:
man:x:62:
users:x:100:
nobody:x:65533:
nogroup:x:65534:nobody
messagebus:!:101:
haldaemon:!:102:
at:!:25:
sshd:!:65:
postfix:!:51:
maildrop:!:59:
ntp:!:103:
ntadmin:!:71:
tomcat:!:104:
gdm:!:105:
suse-ncc:!:106:
novell_nogroup:!:107:
admingroup:x:600:admin
novlxtier:x:81:novlxregd,novlxsrvd,wwwrun
novlxtier:x:81:novlxregd,novlxsrvd,wwwrun


Do check that the admin.myorg is a member of the admingroup.myorg and that it has LUM attributes, ie uidNumber. etc...
admin.myorg is a member of admingroup.myorg
How do I check for LUM attributes?
0 Likes
rkatcher Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

Now here is something interesting. The user that shows in the response to getent passwd appears to have been a linux user I was trying to give access to a Netware server a long time ago. No other users I can find have the Unix settings that this guy does. When I type "id username" for this guy, I get a uid, gid, and groups. Everyone else gives "No such user". Have I missed a step somewhere to enable users for linux? If so, what is the best way to enable all of them?
0 Likes
brianrbenson1 Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

You can look at the object in C1 or iMan... Also you can check for it like this.
`namuserlist admin` to have it try and list admin
and
`namuserlist -x o=myorg` to list all users it can find

Also, you can look at the admin object directly.
`ldapsearch -H ldaps://<LDAPSERVER> -x -D cn=admin,o=myorg -W -b cn=admin,o=myorg`

you are looking for stuff like this:
loginShell: /bin/bash
homeDirectory: /home/admin
gidNumber: 600
uidNumber: 600
uid: admin
...
objectClass: uamPosixUser
...
groupMembership: cn=admingroup,o=myorg
...

Touchstone Technology Network Consulting Engineer www.touchstonetech.com
0 Likes
brianrbenson1 Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

rkatcher;2147969 wrote:
Now here is something interesting. The user that shows in the response to getent passwd appears to have been a linux user I was trying to give access to a Netware server a long time ago. No other users I can find have the Unix settings that this guy does. When I type "id username" for this guy, I get a uid, gid, and groups. Everyone else gives "No such user". Have I missed a step somewhere to enable users for linux? If so, what is the best way to enable all of them?


I don't think there is really any real need to linux enable all of your users. Just go to that admingroup.myorg in iMan/LUM management and re-LUM enable the group and all of its members. Should kick it into gear.

You can do something similar for all your users, pick a group, add them all to it, then lum enable the group, including its members...

Touchstone Technology Network Consulting Engineer www.touchstonetech.com
0 Likes
rkatcher Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

I don't think there is really any real need to linux enable all of your users. Just go to that admingroup.myorg in iMan/LUM management and re-LUM enable the group and all of its members. Should kick it into gear.
I did this. It does not seem to have affected anything. In particular, admin is the only member of admingroup. After re-LUM enabling the group, it still responds "no such user" to the command: id admin

You can do something similar for all your users, pick a group, add them all to it, then lum enable the group, including its members...
I tried doing this explicitly for the admin user. Again, makes no difference.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Desperately need help with OES Linux iManager

In article <rkatcher.51z31c@no-mx.forums.novell.com>, Rkatcher wrote:
> Have I missed a step somewhere to enable users for linux?
>

One not so obvious step is that you have to LUM enable both the user
AND the group, otherwise you will be out of luck.
Adding a user to a LUM enabled group does not LUM enable the user,
unlike how much the rest of the world works.


Andy Konecny
KonecnyConsulting.ca in Toronto
-----------------------------------------------------------------------
-
Andy's Profile: http://forums.novell.com/member.php?userid=75037


___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
brianrbenson1 Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

What was the output from the commands I asked about?

brianrbenson;2147970 wrote:
You can look at the object in C1 or iMan... Also you can check for it like this.
`namuserlist admin` to have it try and list admin
and
`namuserlist -x o=myorg` to list all users it can find

Also, you can look at the admin object directly.
`ldapsearch -H ldaps://<LDAPSERVER> -x -D cn=admin,o=myorg -W -b cn=admin,o=myorg`

you are looking for stuff like this:
loginShell: /bin/bash
homeDirectory: /home/admin
gidNumber: 600
uidNumber: 600
uid: admin
...
objectClass: uamPosixUser
...
groupMembership: cn=admingroup,o=myorg
...

Touchstone Technology Network Consulting Engineer www.touchstonetech.com
0 Likes
rkatcher Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

You can look at the object in C1 or iMan... Also you can check for it like this.
`namuserlist admin` to have it try and list admin
No such object exists

and
`namuserlist -x o=myorg` to list all users it can find
mcgrath:x:1001:105::/u/cis/mcgrath:
NFAUUser:x:0:0::/:
novlxregd:x:81:81:Novell XRegD System User:/var/opt/novell/xtier/xregd:/bin/false
novlxsrvd:x:82:81:Novell XSrvD System User:/var/opt/novell/xtier/xsrvd:/bin/false
pcadmin:x:0:0::/u/cis/pcadmin:
rwk:x:0:0::/u/cis/katcher:
admin:x:0:600::/u/_admin:/bin/sh
wwwrun:x:30:8::/var/lib/wwwrun:/bin/false

Also, you can look at the admin object directly.
`ldapsearch -H ldaps://<LDAPSERVER> -x -D cn=admin,o=myorg -W -b cn=admin,o=myorg`

you are looking for stuff like this:
loginShell: /bin/bash
homeDirectory: /home/admin
gidNumber: 600
uidNumber: 600
uid: admin
...
objectClass: uamPosixUser
...
groupMembership: cn=admingroup,o=myorg
...
I find all this stuff with three possible anomalies.
First, the gidNumber is 600 but the uidNumber is 0.
Second for some reason uid is myorg_admin. I do have an alias to admin named myorg_admin.
Finally objectClass is posixAccount

Does this give any clues to my problem?
0 Likes
rkatcher Absent Member.
Absent Member.

Re: Desperately need help with OES Linux iManager

I have LUM enabled the admin user. Assuming that I did the correct thing in accepting the default (and only) UNIX Workstation - myhost object and UNIX Config object when asked. It didn't help.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.