kmaule Absent Member.
Absent Member.
1189 views

OES User Rights Map for NSS for AD Denied Access

Hi there,
I have an OES 2015 SP1 server with CIFS and NSS for AD configured and working correctly for share access by AD domain users. However running the User Rights Map (formally Novell User Rights Map NURM) I'm getting the following errors in the user-rights-map.log after I select "Map User" menu but before authenticating to AD. My account is full Supervisor to the [Root] of the eDirectory tree and has a Universal Password Policy applied. Your thoughts are most welcome!

2016-11-15 11:00:15,583 DEBUG AdminFile :46 Server :127.0.0.2, User :MAUKIR, File :/_admin/Manage_NSS/manage.cmd

2016-11-15 11:00:15,587 DEBUG JCIFSStormFile :59 Open file : smb://127.0.0.2/_admin/Manage_NSS/manage.cmdby user MAUKIR

2016-11-15 11:00:27,829 ERROR StormManager :231 Access Denied. Either cn=MAUKIR,ou=USERS,ou=YYY,o=ZZZ does not have the supervisor permissions or the universal password is not set.

2016-11-15 11:00:28,021 DEBUG StormManager :253 Universal Password set for cn=MAUKIR,ou=USERS,ou=YYY,o=ZZZ : true, NMAS Password status : 19
Labels (2)
0 Likes
3 Replies
AutomaticReply Absent Member.
Absent Member.

Re: OES User Rights Map for NSS for AD Denied Access

kmaule,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Highlighted
kmaule Absent Member.
Absent Member.

Re: OES User Rights Map for NSS for AD Denied Access

Attempted with default Admin user but got same result.

Comparison of Shares SMB vs CIFS
ServerName:/_admin # novcifs -sl
----------------------
List of share points:
----------------------

_ADMIN

DATA

IPC$

TestShare
ServerName:/_admin # smbclient -d 1 -L \\\\127.0.0.2
Enter root's password:
Anonymous login successful
Domain=[WORKGROUP] OS=[SUSE LINUX 11.4] Server=[SUSE LINUX 11.4]

Sharename Type Comment
--------- ---- -------
DATA Disk NSS Volume
IPC$ IPC Remote IPC
TestShare Disk
session request to 127.0.0.2 failed (Called name not present)
session request to 127 failed (Called name not present)
Anonymous login successful
Domain=[WORKGROUP] OS=[SUSE LINUX 11.4] Server=[SUSE LINUX 11.4]

Server Comment
--------- -------

Workgroup Master
--------- -------


The rights to \_admin\Manage_NSS\ have Other = RW
ServerName:~ # l /_admin/Manage_NSS/
total 24
drwxrwxrwx 1 root root 4096 Nov 17 14:50 ./
drwxrwxrwx 1 root root 4096 Nov 17 14:49 ../
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 AuthorizationCache.xml
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 BufferCache.xml
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 CompressionStats.xml
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 FileStats.xml
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 GeneralStats.xml
drwxrwxrwx 1 root root 4096 Nov 17 14:49 LSS/
drwxrwxrwx 1 root root 4096 Nov 17 14:49 Module/
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 NDS.cmd
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 NameCache.xml
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 ObjectCache.xml
drwxrwxrwx 1 root root 4096 Nov 17 14:50 Pool/
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 Thread.xml
drwxrwxrwx 1 root root 4096 Nov 17 14:50 Volume/
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 dataStream.cmd
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 files.cmd
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 linux.cmd
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 manage.cmd
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 rights.cmd
-rw-rw-rw- 1 root root 1048576 Nov 17 14:49 user.cmd



2016-11-21 10:07:35,880 INFO Authenticate :44 IdStore [ipAddress=127.0.0.2, userName=admin, searchContext=, searchCriteria=null, searchScope=0, dsType=1, ldapport=636, ssl=true]
2016-11-21 10:07:35,881 DEBUG AbstractContextSource :418 AuthenticationSource not set - using default implementation
2016-11-21 10:07:35,881 INFO AbstractContextSource :420 Property 'userDn' not set - anonymous context will be used for read-write operations
2016-11-21 10:07:35,882 DEBUG AbstractContextSource :441 Not using LDAP pooling
2016-11-21 10:07:35,882 DEBUG AbstractContextSource :462 Trying provider Urls: ldaps://127.0.0.2:636
2016-11-21 10:07:35,966 DEBUG AbstractContextSource :349 Got Ldap context on server 'ldaps://127.0.0.2:636'
2016-11-21 10:07:36,127 DEBUG AbstractContextSource :349 Got Ldap context on server 'ldaps://127.0.0.2:636'
2016-11-21 10:07:36,129 INFO CustomAuthenticationProvider:127 Authentication successful for cn=admin,o=XXX
2016-11-21 10:07:36,144 INFO CustomAuthenticationProvider:95 Configured log4j to update automatically
2016-11-21 10:07:59,826 DEBUG AdminFile :46 Server :127.0.0.2, User :admin, File :/_admin/Manage_NSS/manage.cmd
2016-11-21 10:07:59,827 DEBUG JCIFSStormFile :59 Open file : smb://127.0.0.2/_admin/Manage_NSS/manage.cmdby user admin
2016-11-21 10:07:59,868 ERROR StormManager :231 Access Denied. Either cn=admin,o=XXX does not have the supervisor permissions or the universal password is not set.
2016-11-21 10:08:00,137 DEBUG StormManager :253 Universal Password set for cn=admin,o=XXX : true, NMAS Password status : 19
0 Likes
TEggers1 Absent Member.
Absent Member.

Re: OES User Rights Map for NSS for AD Denied Access

Hi,

error code :231 is a cifs config error.

example:
2017-03-21 16:44:59,165 ERROR StormManager :231 Access Denied. Either cn=Admin,o=company does not have the supervisor permissions or the universal password is not set.

cat /etc/opt/novell/cifs/cifsctxs.conf
########################################################
# Novell CIFS User Context file #
########################################################
### Please do not modify this file, changes will be ignored.
### Use iManager to edit/modify the user context
ou=IT.o=company
O=company

Use iManager to config CIFS, don't change this file manually.

This works for me.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.