Highlighted
Honored Contributor.
Honored Contributor.
3927 views

namcd and openwbem entries in messages log

I am seeing entries similar to the following in the messages log file
(var/log/messages). They are occuring at the rate of about 2 per second,
and it is worrying me.

Apr 20 13:25:18 nFILESRV02 /usr/sbin/namcd[5548]: cert_callback:
ldapssl_get_cert_attribute status 10
Apr 20 13:25:18 nFILESRV02 /usr/sbin/namcd[5548]: cert_callback:
ldapssl_get_cert_attribute status 10
Apr 20 13:25:19 nFILESRV02 /usr/sbin/namcd[5548]: cert_callback:
ldapssl_get_cert_attribute status 10
Apr 20 13:25:19 nFILESRV02 /usr/sbin/namcd[5548]: cert_callback:
ldapssl_get_cert_attribute status 10
Apr 20 13:25:20 nFILESRV02 /usr/sbin/namcd[5548]: cert_callback:
ldapssl_get_cert_attribute status 10
Apr 20 13:25:20 nFILESRV02 /usr/sbin/namcd[5548]: cert_callback:
ldapssl_get_cert_attribute status 10

Related to this is the face that any time someone tries to manage "storage"
or "file protocols - samba" through iManager (from any server) I get three
entries similar to th efollowing:

Apr 20 13:25:46 nFILESRV02 openwbem: cert_callback:
ldapssl_get_cert_attribute status 10
Apr 20 13:25:46 nFILESRV02 openwbem: PAM_NAM: _nds_loginUser: Error: Time
limit exceeded
Apr 20 13:25:46 nFILESRV02 openwbem: PAM_NAM: pam_sm_authenticate: NDS Login
failed

This was all noticed after updating from OES 2 sp2 to OES 2 sp3.

I have checked all the servers in the tree and replaced any expired
certificates. I have tried a couple of SR's but haven got an answer on
these messages yet.



Labels (2)
0 Likes
4 Replies
Highlighted
Absent Member.
Absent Member.

Same from here...Any news on this post ?
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

After you deleted and recreated the certificates did you assign them to the ldap server object in iManager and restarted the ldap service?

Thomas
0 Likes
Highlighted
Absent Member.
Absent Member.

Hello Thomas. I Have another one this problem. I Do the steps mentioned, but i need to restart the server. Then, all is working fine.

Regards
Victor

thsundel;2108531 wrote:
After you deleted and recreated the certificates did you assign them to the ldap server object in iManager and restarted the ldap service?

Thomas
0 Likes
Highlighted
Absent Member.
Absent Member.

vgalino;2177905 wrote:
Hello Thomas. I Have another one this problem. I Do the steps mentioned, but i need to restart the server. Then, all is working fine.

Regards
Victor


You don't need to restart the server:
/opt/novell/eDirectory/sbin/nldap -u
/opt/novell/eDirectory/sbin/nldap -l


If someone wants to use the "IP AG 12.34.56.78" certificate on the ldap-server and iManager is giving you an error when you want to apply, you have to escape the ip address like this: "IP AG 12\.34\.56\.78". Then hit apply, restart nldap and see if it works.

After setting up new certificates on ldap, you need to import the certificate in namcd. You can do this by entering the command: "namconfig -k". After that "/etc/init.d/namcd restart" and check the output of /var/log/messages and "ndstrace with the ldap filter enabled".

Cheerio!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.