Novell eDirectory 8.8 Troubleshooting Guide - NetIQ

More documents

Recommendations

Info

Cause: The realm object’s master key is changed. Cause: The LDAP service principal object was not found in the subtree of the realm to which it belongs. SASL-GSS: Creating GSS context failed novdocx (en) 6 April 2007 Cause: The time is not in sync between the client, KDC and the eDirectory servers. Cause: The key of the LDAP service principal was changed in the Kerberos database, but not updated in eDirectory. Cause: The encryption type is not supported. SASL GSSAPI: Invalid user FDN = user_FDN Cause: The user FDN provided by the client is not valid. SASL GSSAPI: No user DN is associated with principal client_principal_name Cause: A user object under the subtree is not attached with the Kerberos principal name. SASL GSSAPI: More than one user DN is associated with principal client_principal_name Cause: More than one user object under the subtree is associated with the same principal. ldap_simple_bind_s: Invalid credentials major = 1, minor =0 Cause: The cause might be the version mismatch between the ldap service principal on the KDC server and the ldap service principal on the eDirectory server. This is because every time you extract the ldap service principal key to the keytab file, the key version number gets incremented. Action: Do the following: 1 Update the key in eDirectory server so that the version numbers are in sync. 2 Destroy the tickets at the client. 3 Get the TGT again for the principal. 4 Perform the ldap sasl bind operation. 94 Novell eDirectory 8.8 Troubleshooting Guide
18Miscellaneous • Section 18.1, “Backing Up a Container,” on page 95 • Section 18.2, “Repeated eDirectory Logins,” on page 95 • Section 18.3, “TCP Connection not Terminating after Abnormal Logout,” on page 95 • Section 18.4, “NDS Error, System Failure (-632) Occurs When Doing ldapsearch for the User Objects,” on page 96 • Section 18.5, “Disabling SecretStore,” on page 97 18.1 Backing Up a Container While using ndsbackup to backup a container that has many objects (like a million), it might take some time to get the list of the objects in the container and start their individual backup. 18.2 Repeated eDirectory Logins Repeated eDirectory logins can use up the available memory. Disable the Login Update attribute using ndsimonitor to overcome this problem. 18.3 TCP Connection not Terminating after Abnormal Logout Sometimes the OES Linux server fails to detect a client host that has gone down abruptly due to a workstation crashing or a power outage. However, the connection is active for the default timeout (about 12 to 15 minutes) before the connection is cleared. If you have set the concurrent connections to 1, it is recommended that you either terminate the connection manually, or wait for the estimated timeout before logging in again. This situation occurs when the watchdog process fails to close the connection cleanly. So, if the concurrent connections are set to 1 and the connection is not cleared by the watchdog, users cannot log in. Linux kernel provides three parameters to change the way keepalive probes work from the server side. Use these parameters to implement a workaround at the TCP level. These parameters are available in /proc/sys/net/ipv4/ directory. • tcp_keepalive_time: Determines the frequency of sending the TCP keepalive packets to keep a connection alive if it is currently unused. This value is used only when keepalive is enabled. The tcp_keepalive_time takes an integer value in seconds. The default value is 7200 seconds or 2 hours. This holds good for most of the hosts and does not require many network resources. If you set this value to low, it engages your network resources with unnecessary traffic. • tcp_keepalive_probes: Determines the frequency of sending TCP keepalive probes before deciding a broken connection. The tcp_keepalive_probes takes an integer value, recommended less than 50 depending on your tcp_keepalive_time and the tcp_keepalive_interval values. The default is to set to 9 probes before informing the application of the broken connection. 18 novdocx (en) 6 April 2007 Miscellaneous 95
Page 1 and 2:
Novell eDirectory 8.8 Troubleshooti
Page 3 and 4:
Novell Trademarks Client32 is a tra
Page 5 and 6:
Contents About This Book 9 novdocx
Page 7 and 8:
multiserver tree after having moved
Page 9 and 10:
About This Book This Troubleshootin
Page 11 and 12:
1Resolving Error Codes For a comple
Page 13 and 14:
2Installation and Configuration •
Page 15 and 16:
DA_ADDR = IP_address_of_the_NetWare
Page 17 and 18:
3Determining the eDirectory Version
Page 19 and 20:
• Run iMonitor. On the Agent Summ
Page 21 and 22:
server. For example, an Agent Revis
Page 23 and 24:
4Log Files This section contains in
Page 25 and 26:
5Troubleshooting LDIF Files The Nov
Page 27 and 28:
Component Record Delimiters Descrip
Page 29 and 30:
14 changetype: delete 15 The Modify
Page 31 and 32:
Field newsuperior (optional) Descri
Page 33 and 34:
5.2 Debugging LDIF Files • “Ena
Page 35 and 36:
Option Base DN Description Base dis
Page 37 and 38:
Using the Novell Import Conversion
Page 39 and 40:
5.3.2 Adding a New Attribute To add
Page 41 and 42:
objectclasses: (2.16.840.1.113719.1
Page 43 and 44: 6Troubleshooting SNMP This section
Page 45 and 46: For any problem configuring the eDi
Page 47 and 48: 7Obituaries There has been a great
Page 49 and 50: If the obituary is a Primary obitua
Page 51 and 52: • Obituaries can change states on
Page 53 and 54: 8Migrating to Novell eDirectory Thi
Page 55 and 56: add:objectclasses objectclasses : (
Page 57 and 58: operatingSystemHotfix $ volumeCount
Page 59 and 60: 8.3.3 Migrating the Open LDAP Data
Page 61 and 62: 9Replication • Section 9.1, “Re
Page 63 and 64: 10Novell Public Key Infrastructure
Page 65 and 66: 1Troubleshooting Utilities on Linux
Page 67 and 68: Option Description -P Replica and P
Page 69 and 70: Option Optional Schema Enhancements
Page 71 and 72: a replica on the partition is synch
Page 73 and 74: 11.6 Using ndstrace The ndstrace ut
Page 75 and 76: Trace Flag FRAG IN Description Mess
Page 77 and 78: Trace Flag Parameters Description !
Page 79 and 80: Trace Flag Parameters Description *
Page 81 and 82: 12NMAS on Linux and UNIX • Sectio
Page 83 and 84: 13Troubleshooting on Windows • Se
Page 85 and 86: 14Accessing HTTPSTK When DS Is Not
Page 87 and 88: 15Encrypting Data in eDirectory In
Page 89 and 90: OR 2. Disable ER at the parent or c
Page 91 and 92: 16The eDirectory Management Toolbox
Page 93: 17SASL-GSSAPI This section discusse
Page 97: 18.5 Disabling SecretStore An eDire
show all

Novell eDirectory 8.8 Troubleshooting Guide - NetIQ

Create successful ePaper yourself

Delete template?

Save as template?