Knowledge Partner
Knowledge Partner
1360 views

eDir 9.0.4 second instance - "incorrect interface parameter"

Server upgrade from SLES11Sp4 / eDir 8.8.8.11 to SLES12Sp3 / eDir 9.0.4.

eDir upgrade was first. Then SLES.

systemd fix from TID 7022941 has been applied.

There are two instances configured (was true before the upgrade). Each has its own IP address.

192.168.24.51 is for the first instance. That one works fine.
192.168.24.251 is for the second instance. That one claims:


Aug 02 17:13:48 Path of NetIQ eDirectory configuration file /etc/opt/novell/eDirectory/conf2/nds.conf
Aug 02 17:13:48 Incorrect interface parameter: 192.168.24.251
Aug 02 17:13:48 Unable to bind to address 127.0.0.1.524. Address already in use
Aug 02 17:13:48 Could not bind 127.0.0.1:524 Address already in use
Aug 02 17:13:48 Host process for NetIQ eDirectory 9.0.4 v40006.33 successfully started
Aug 02 17:13:48 Successfully enabled FIPS mode for SSL communication.
Aug 02 17:13:48 DHLog: file size 1048576
[ -- DHost Logging STARTED Thu Aug 2 17:13:48 2018 -- ]
Aug 02 17:13:48 MASV Init called
Aug 02 17:13:48 Mandatory Access Control Service Version: 9.0.4.0 started
Aug 02 17:13:48 Incorrect interface parameter: 192.168.24.251
Aug 02 17:13:48 Incorrect interface parameter: 192.168.24.251
Aug 02 17:13:48 NMAS Server Version:test Build:20170924 started
Aug 02 17:13:48 SPM DClient Version:9.0.4.0 Build:20170921 started
Aug 02 17:13:48 Incorrect interface parameter: 192.168.24.251
Aug 02 17:13:48 Incorrect interface parameter: 192.168.24.251
Aug 02 17:13:49 Incorrect interface parameter: 192.168.24.251
Aug 02 17:13:49 Incorrect interface parameter: 192.168.24.251
Aug 02 17:13:49 MASV Init called
Aug 02 17:13:49 MASV already initialized.
Aug 02 17:13:49 Incorrect interface parameter: 192.168.24.251
Aug 02 17:13:49 Unable to bind to address 192.168.24.51.524. Address already in use
Aug 02 17:13:49 Could not bind to 192.168.24.51:524 Address already in use
Aug 02 17:13:51 The local agent could not be opened - failed, invalid parameter (-702)
Aug 02 17:13:52 NICIext_Health.log in directory: /var/opt/novell/eDirectory2/log/
Aug 02 17:13:52 GAMS Init called
Aug 02 17:13:52 Graded Authentication Management Service Version: 9.0.4.0 started
Aug 02 17:13:52 Information: SNMP Trap Server for NetIQ eDirectory 9.0.4 v40006.11 started.

Aug 02 17:13:52 Incorrect interface parameter: 192.168.24.251
Aug 02 17:13:52 Incorrect interface parameter: 192.168.24.251
Aug 02 17:13:52 Incorrect interface parameter: 192.168.24.251


If I stop the first instance, the second one will start, but it binds to 192.168.24.51. So there's something it doesn't like about the 192.168.24.251 configuration.


n4u.server.interfaces=192.168.24.251@524


Looks correct to me. I can change the address, and the message changes to follow it, so I'm sure that's what it is complaining about, but I'm not seeing anything wrong with it.

netstat -lnp confirms that 524 is not in use on the .251 address (is in use on .51).

Anybody know what ndsd uses to decide if a particular n4u.server.interfaces configuration value is "valid" or not.
Labels (1)
0 Likes
15 Replies
Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parame

This just keeps getting weirder and weirder. It's like I've suddenly forgotten everything I think I know.

I can't get this instance to run. So, as a test, I'll build a new instance. I have the IP address I want it to use, I know it's not currently in use, so it should be no big deal to just create a new instance and bind it to that IP address. Right? Simple. Done it hundreds of times.

Not today:


Configuring NetIQ eDirectory server with the following parameters, Please wait...
Tree Name : DAGTEST
Server DN : FS1.ou=servers.o=test
Admin DN : cn=admin.o=test
NCP Interface(s) : 192.168.24.251@524
HTTP Interface(s) : 192.168.24.251@8028
HTTPS Interface(s) : 192.168.24.251@8030
LDAP TCP Port : 1389
LDAP TLS Port : 1636
LDAP TLS Required : Yes
Duplicate Tree Lookup : No

Configuration File : /etc/opt/novell/eDirectory/conf3/nds.conf
Instance Location : /var/opt/novell/eDirectory3/data
DIB Location : /var/opt/novell/eDirectory3/data/dib

Starting the service 'ndsd'... Done.
Enabling auto-start of service 'ndsd' after reboot...Done.

Checking if server is ready to service requests... Done
unknown error -702 (fffffd42 hex)NetIQ eDirectory Server configuration failed.
Please make certain that you have provided complete and correct server, admin contexts .

Stopping the service 'ndsd'... Done.
ERROR 104: Unable to unload dsi module - Connection reset by peer.
ERROR: ndsconfig return value = 78.


But if I do the exact same thing, using the "working" address of the first instance, and changing the ports, it works:


Configuring NetIQ eDirectory server with the following parameters, Please wait...
Tree Name : DAGTEST
Server DN : FS1.ou=servers.o=test
Admin DN : cn=admin.o=test
NCP Interface(s) : 192.168.24.51@1524
HTTP Interface(s) : 192.168.24.51@1389
HTTPS Interface(s) : 192.168.24.51@1636
LDAP TCP Port : 2389
LDAP TLS Port : 2636
LDAP TLS Required : Yes
Duplicate Tree Lookup : No

Configuration File : /etc/opt/novell/eDirectory/conf3/nds.conf
Instance Location : /var/opt/novell/eDirectory3/data
DIB Location : /var/opt/novell/eDirectory3/data/dib

Starting the service 'ndsd'... Done.
Enabling auto-start of service 'ndsd' after reboot...Done.

Checking if server is ready to service requests... Done
Basic configuration is successful. Proceeding with additional configuration...

Extending schema... Done
For more details view schema extension logfile: /var/opt/novell/eDirectory3/log/schema.log

Configuring HTTP service... Done
Configuring LDAP service... Done
Configuring SNMP service... Done
Configuring SAS service... Done
Associating certificate with the NCP server object... Done
Configuring NMAS service... Done
Configuring SecretStore... Done
Configuring HTTP Server with default SSL CertificateDNS certificate... Done
Configuring LDAP Server with default SSL CertificateDNS certificate... Done
Updating LDAP TCP port with ldap://:2389... Done
Updating LDAP SSL port number with ldaps://:2636... Done
The instance at /etc/opt/novell/eDirectory/conf3/nds.conf is successfully configured.



So I think I haven't forgotten how to build a new eDir instance. There's something about this IP address or how it's configured that eDir doesn't like.


1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:4f:4b:db brd ff:ff:ff:ff:ff:ff
inet 192.168.24.51/24 brd 192.168.24.255 scope global eth1
valid_lft forever preferred_lft forever
inet 192.168.24.251/24 brd 192.168.24.255 scope global secondary eth1n2
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe4f:4bdb/64 scope link
valid_lft forever preferred_lft forever


This is just going in to YaST and adding a secondary IP address to eth1. Nothing special there. And it was working on SLES11Sp4 before the upgrade.
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parame

Stranger and stranger. I removed the secondary IP address from within YaST, then added it with "ip addr add 192.168.24.251/24 dev eth1".


1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:4f:4b:db brd ff:ff:ff:ff:ff:ff
inet 192.168.24.51/24 brd 192.168.24.255 scope global eth1
valid_lft forever preferred_lft forever
inet 192.168.24.251/24 scope global secondary eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe4f:4bdb/64 scope link
valid_lft forever preferred_lft forever


Now I can configure a new instance on that address:


Configuring NetIQ eDirectory server with the following parameters, Please wait...
Tree Name : DAGTEST
Server DN : FS1.ou=servers.o=test
Admin DN : cn=admin.o=test
NCP Interface(s) : 192.168.24.251@524
HTTP Interface(s) : 192.168.24.251@8028
HTTPS Interface(s) : 192.168.24.251@8030
LDAP TCP Port : 1389
LDAP TLS Port : 1636
LDAP TLS Required : Yes
Duplicate Tree Lookup : No

Configuration File : /etc/opt/novell/eDirectory/conf3/nds.conf
Instance Location : /var/opt/novell/eDirectory3/data
DIB Location : /var/opt/novell/eDirectory3/data/dib

Starting the service 'ndsd'... Done.
Enabling auto-start of service 'ndsd' after reboot...Done.

Checking if server is ready to service requests... Done
Basic configuration is successful. Proceeding with additional configuration...

Extending schema... Done
For more details view schema extension logfile: /var/opt/novell/eDirectory3/log/schema.log

Configuring HTTP service... Done
Configuring LDAP service... Done
Configuring SNMP service... Done
Configuring SAS service... Done
Associating certificate with the NCP server object... Done
Configuring NMAS service... Done
Configuring SecretStore... Done
Configuring HTTP Server with default SSL CertificateDNS certificate... Done
Configuring LDAP Server with default SSL CertificateDNS certificate... Done
Updating LDAP TCP port with ldap://:1389... Done
Updating LDAP SSL port number with ldaps://:1636... Done
The instance at /etc/opt/novell/eDirectory/conf3/nds.conf is successfully configured.


and my original 2nd instance now also starts and binds to 192.168.24.251 without complaint.

So, what's the difference? I dunno. eDir 9.0.4 on SLES12Sp3 doesn't seem to like YaST configured secondary IP addresses, but works fine with a secondary IP address added from the command line.
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parame

inet 192.168.24.251/24 brd 192.168.24.255 scope global secondary eth1n2
vs.
inet 192.168.24.251/24 scope global secondary eth1

just have access to a SP2 box right now, but this one definitely doesn't create anything like "n2"
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parame

mathiasbraun;2485155 wrote:
inet 192.168.24.251/24 brd 192.168.24.255 scope global secondary eth1n2
vs.
inet 192.168.24.251/24 scope global secondary eth1

just have access to a SP2 box right now, but this one definitely doesn't create anything like "n2"


Yeah. This:


inet 192.168.24.251/24 brd 192.168.24.255 scope global secondary eth1n2


is what you get if you use YaST to add the IP address to the interface. It requires a "label", along with the IP address and netmask:


+------------------+
¦IPv4 Address Label¦
¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦IP Address ¦
¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦Netmask ¦
¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦ [OK][Cancel] ¦
+------------------+


So "eth1n2", 192,168.24.251, and /24.

This:


inet 192.168.24.251/24 scope global secondary eth1


is what you get from "ip addr add...". This is, of course, only a temporary thing, it won't survive an OS reboot.

Being as this is SLES, YaST is supposed to be the way to do things, and I'd expect that eDir would just work with whatever YaST did.
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parame

Does SP3 really force you to use an alias? SP2 does not and, if you still define one, presents it separated from the "real" devname by a colon, resulting in something like "eth1:alias"- I'd bet yast is at fault here. Personally i'd try without an alias. Or maybe with a longer alias such as "bogus", in case yast is just parsing something incorrectly.
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parame

mathiasbraun;2485163 wrote:
Does SP3 really force you to use an alias? SP2 does not and, if you still define one, presents it separated from the "real" devname by a colon, resulting in something like "eth1:alias"- I'd bet yast is at fault here. Personally i'd try without an alias. Or maybe with a longer alias such as "bogus", in case yast is just parsing something incorrectly.


I've been poking at YaST here, and I think this is indeed a YaST bug.

You can't assign an alias to the secondary IP address that contains a colon. It won't let you type that character in YaST. So that's one interesting clue.

If I create the secondary IP address with no alias specified, ifconfig shows nothing for it. There is only eth1 and lo shown for interfaces. "ip a" shows the secondary IP address on eth1 though:


IDM:~ # ifconfig
eth1 Link encap:Ethernet HWaddr 00:0C:29:4F:4B:DB
inet addr:192.168.24.51 Bcast:192.168.24.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe4f:4bdb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:548348 errors:0 dropped:2 overruns:0 frame:0
TX packets:622267 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:93132790 (88.8 Mb) TX bytes:81467345 (77.6 Mb)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:305553 errors:0 dropped:0 overruns:0 frame:0
TX packets:305553 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:240840570 (229.6 Mb) TX bytes:240840570 (229.6 Mb)

IDM:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:4f:4b:db brd ff:ff:ff:ff:ff:ff
inet 192.168.24.51/24 brd 192.168.24.255 scope global eth1
valid_lft forever preferred_lft forever
inet 192.168.24.251/24 brd 192.168.24.255 scope global secondary eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe4f:4bdb/64 scope link
valid_lft forever preferred_lft forever



If I create the secondary IP address with the alias it had when I first looked at it ("eth1n2"), then things get more interesting. "ifconfig" continues to show eth1, and "ip a" shows eth1 with a secondary IP address, but the interesting part is that "ifconfig" throws an error on "eth1n2":


IDM:~ # ifconfig
eth1 Link encap:Ethernet HWaddr 00:0C:29:4F:4B:DB
inet addr:192.168.24.51 Bcast:192.168.24.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe4f:4bdb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:548085 errors:0 dropped:2 overruns:0 frame:0
TX packets:621887 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:93110793 (88.7 Mb) TX bytes:81274269 (77.5 Mb)

eth1n2: error fetching interface information: Device not found



Trying something that didn't seem like it should matter, I recreated the secondary IP address with alias "n2". Doing that, "ifconfig" now shows:


IDM:~ # ifconfig
eth1 Link encap:Ethernet HWaddr 00:0C:29:4F:4B:DB
inet addr:192.168.24.51 Bcast:192.168.24.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe4f:4bdb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:548609 errors:0 dropped:2 overruns:0 frame:0
TX packets:622634 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:93155190 (88.8 Mb) TX bytes:81659956 (77.8 Mb)

eth1:n2 Link encap:Ethernet HWaddr 00:0C:29:4F:4B:DB
inet addr:192.168.24.251 Bcast:192.168.24.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:305568 errors:0 dropped:0 overruns:0 frame:0
TX packets:305568 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:240843042 (229.6 Mb) TX bytes:240843042 (229.6 Mb)


and eDirectory seems perfectly happy to come up and bind to this IP address.

Poking at YaST some more, it seems that it can't figure out what to do if the alias for the secondary IP address starts with the string "eth1". Setting the alias to "eth12" fails in a similar way:


eth12: error fetching interface information: Device not found


but "n2eth1" seems to work fine ("eth1:n2eth1" results), as does "eth2" ("eth1:eth2").

So, resolved, at least for eDirectory. Thanks to James@Support for providing some helpful clues to finding this one. I guess I should open an SR with SUSE on YaST misbehaving.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parameter"

Agreed, it sounds like something may be missing in Yast.

With that written, you should not use ifconfig at all after kernel version
2.0, which was released in 1996. Essentially this is because ifconfig is
old and does not know a lot of new (circa 1996, so now less-new) tricks,
and will probably show things incorrectly, or incompletely. Per
ifconfig's manpage:


WARNING: Ifconfig is obsolete on system with Linux kernel newer than 2.0.
On this system you should use ip. See the ip manual page for details


Back to Yast, it may be useful to see what it writes under
/etc/sysconfig/network to see how it represents those aliases in each
situation.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parame

ab;2485737 wrote:
Agreed, it sounds like something may be missing in Yast.

With that written, you should not use ifconfig at all after kernel version
2.0, which was released in 1996. Essentially this is because ifconfig is
old and does not know a lot of new (circa 1996, so now less-new) tricks,
and will probably show things incorrectly, or incompletely. Per
ifconfig's manpage:


WARNING: Ifconfig is obsolete on system with Linux kernel newer than 2.0.
On this system you should use ip. See the ip manual page for details



Yeah, I agree, but you might want to tell eDir Support that. And engineering as well, as whatever they're doing to decide if the configured IP address is "valid" is tripping over something that ifconfig also trips over.


ab;2485737 wrote:

Back to Yast, it may be useful to see what it writes under
/etc/sysconfig/network to see how it represents those aliases in each
situation.


Here you go. The working config with alias "n2" looks like:


IDM:~ # cat /etc/sysconfig/network/ifcfg-eth1
BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='192.168.24.51/24'
MTU=''
NAME='82545EM Gigabit Ethernet Controller (Copper)'
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'
IPADDR_0='192.168.24.251/24'
LABEL_0='n2'


And here's the broken version, with alias "eth1n2":


IDM:~ # cat /etc/sysconfig/network/ifcfg-eth1
BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='192.168.24.51/24'
MTU=''
NAME='82545EM Gigabit Ethernet Controller (Copper)'
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'
IPADDR_0='192.168.24.251/24'
LABEL_0='eth1n2'


Both look fine to me. eDir barfs on the second one. eDir support says this is a YaST / SuSE bug, so now SuSE Support has an SR. If they say this is ok, correct, fine, should be working, don't use ifconfig, etc., I'll be happy to agree with them and throw it back to eDir support. One, the other, or both, should fix whatever it is that this isn't write with.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parameter"

Sound like an eDirectory bug, and reminds me of something; have you tried
configuring by device rather than address? Notice that when you use Yast
it gives you a secondary device name (eth1n2) where the IP command itself
does not bother. What if you tried configuring n4u.server.interfaces to
use @eth1n2 rather than the IP, or @524, or whatever? I think I've heard
of a bug, maybe in the last year, having to do with this kind of thing,
and it would be interesting to see what you can get to work, particularly
since your 'ip' setting will not persist across a reboot like the Yast
stuff will.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parame

ab;2485158 wrote:
Sound like an eDirectory bug, and reminds me of something; have you tried
configuring by device rather than address? Notice that when you use Yast
it gives you a secondary device name (eth1n2) where the IP command itself
does not bother. What if you tried configuring n4u.server.interfaces to
use @eth1n2 rather than the IP, or @524, or whatever? I think I've heard
of a bug, maybe in the last year, having to do with this kind of thing,
and it would be interesting to see what you can get to work, particularly
since your 'ip' setting will not persist across a reboot like the Yast
stuff will.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.


I'm leaning toward "bug" myself, but this seems like one that shouldn't be. Multiple instances have been supported for some time now, as has SLES12.

Got any syntax hints on using the interface name? That doesn't seem to be a documented option.


n4u.server.interfaces


The IP address and port number that eDirectory server should listen on for client connections. The value can be a comma-separated list specifying more than one combination of possible settings. For example: n4u.server.interfaces=101.1.2.3@524,100.1.2.3@1524
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parameter"

On 08/03/2018 12:44 PM, dgersic wrote:
>
> Code:
> --------------------
>
> n4u.server.interfaces
>
>
> The IP address and port number that eDirectory server should listen on for client connections. The value can be a comma-separated list specifying more than one combination of possible settings. For example: n4u.server.interfaces=101.1.2.3@524,100.1.2.3@1524
>
> --------------------


I just meant to use =@eth0 or @eth0n1 or whatever. In theory that works.
I have this from a customer setup:


n4u.server.interfaces=@524


Note that the reason I have that explicitly is because of Bug# 1054190
which is where idm-install-schema fails when the n4u.server.interfaces
parameter does not have an IP address. In theory while broken in 4.6 SP2,
is now fixed in 4.6 SP3, and hopefully 4.7 too.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parame

ab;2485173 wrote:
On 08/03/2018 12:44 PM, dgersic wrote:
>
> Code:
> --------------------
>
> n4u.server.interfaces
>
>
> The IP address and port number that eDirectory server should listen on for client connections. The value can be a comma-separated list specifying more than one combination of possible settings. For example: n4u.server.interfaces=101.1.2.3@524,100.1.2.3@1524
>
> --------------------


I just meant to use =@eth0 or @eth0n1 or whatever. In theory that works.
I have this from a customer setup:


n4u.server.interfaces=@524


Note that the reason I have that explicitly is because of Bug# 1054190
which is where idm-install-schema fails when the n4u.server.interfaces
parameter does not have an IP address. In theory while broken in 4.6 SP2,
is now fixed in 4.6 SP3, and hopefully 4.7 too.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.


So I'm doing a 4.6.2 to 4.7 upgrade here on this poor box. I get to the end of that, and:


2018-08-03 16:45:48-04:00 : Identity Vault started
Identity Vault started
2018-08-03 16:46:03-04:00 : Extending Identity Manager schema /opt/novell/eDirectory/lib/nds-schema/vrschema.sch.
Extending Identity Manager schema /opt/novell/eDirectory/lib/nds-schema/vrschema.sch.
2018-08-03 16:46:03-04:00 : Check /var/opt/netiq/idm/log/idmupgrade.log file for more information.
Check /var/opt/netiq/idm/log/idmupgrade.log file for more information.
2018-08-03 16:46:03-04:00 : Identity Manager Engine configuration failed with the exit code 1
Identity Manager Engine configuration failed with the exit code 1
2018-08-03 16:46:03-04:00 : ###############################################################
###############################################################
2018-08-03 16:46:03-04:00 : Aborted configuration of : Identity Manager Engine
Aborted configuration of : Identity Manager Engine
2018-08-03 16:46:03-04:00 : Fri Aug 3 16:46:03 EDT 2018
Fri Aug 3 16:46:03 EDT 2018
2018-08-03 16:46:03-04:00 : ###############################################################
###############################################################


2018-08-03 16:46:03-04:00 : Exiting due to the failure in configuration of Identity Manager Engine
Exiting due to the failure in configuration of Identity Manager Engine


That looks like what you're talking about here. Yay.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parameter"

Maybe 4.7 SP1, then? Hopefully?

Either way you know how to work around it with the ndssch command, I
suspect, but it would be nice if it worked in the first place.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir 9.0.4 second instance - "incorrect interface parame

ab;2485158 wrote:
Sound like an eDirectory bug, and reminds me of something; have you tried
configuring by device rather than address? Notice that when you use Yast
it gives you a secondary device name (eth1n2) where the IP command itself
does not bother. What if you tried configuring n4u.server.interfaces to
use @eth1n2 rather than the IP, or @524, or whatever? I think I've heard
of a bug, maybe in the last year, having to do with this kind of thing,
and it would be interesting to see what you can get to work, particularly
since your 'ip' setting will not persist across a reboot like the Yast
stuff will.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.


Not documented in the regular docs, but TID 10096238 seems to indicate that this:


n4u.server.interfaces=@eth1n2@524


should work. It ... doesn't.


Aug 03 14:39:23 Incorrect interface parameter: 192.168.24.251


though it does seem to have figured out the correct IP address from the interface name, so that's interesting.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.