Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
• tcp_keepalive_intvl: Determines the duration for a reply for each keepalive probe. This value<br />
is important to calculate the time before your connection has a keepalive death.<br />
The tcp_keepalive_intvl takes an integer value, the default is 75 seconds. So, 9 probes with 75<br />
seconds each will take approximately 11 minutes. The default values of the<br />
tcp_keepalive_probes and tcp_keepalive_intvl variables can be used to evaluate the default<br />
time before the connection is timed out because of keepalive.<br />
novdocx (en) 6 April 2007<br />
Modify these three parameters in a way that the change does not generate a lot of extra network<br />
traffic and still solves the problem. A sample modification could be as follows (a 3-minute detection<br />
time):<br />
• tcp_keepalive_time set -120<br />
• tcp_keepalive_probes - 3<br />
• tcp_keepalive_intvl - 20<br />
NOTE: Be careful with the parameter settings and avoid setting the already valid connections.<br />
The settings take effect immediately after the files are modified. You need not restart any services.<br />
However, the settings are valid for the current session only. Once the server is re-booted, the settings<br />
revert to the default settings.<br />
To make the setting permanent (even after a reboot), do the following:<br />
Add the following entries in /etc/sysctl.conf.<br />
• net.ipv4.tcp_keepalive_time=120<br />
• net.ipv4.tcp_keepalive_probes=3<br />
• net.ipv4.tcp_keepalive_intvl=20<br />
We recommend these settings only if all the clients and servers are connected through LAN.<br />
18.4 NDS Error, System Failure (-632) Occurs<br />
When Doing ldapsearch for the User Objects<br />
Import the user objects with simple password and then enable universal password for the container<br />
where the user objects are imported. Stop the DS server and set the environment as<br />
NDSD_TRY_NMASLOGIN_FIRST=true and then start DS Server. Then when you do and<br />
ldapsearch for the user objects, which were imported with simple password, you get the following<br />
error:<br />
ldap_bind: Unknown error, additional info: NDS error: system failure<br />
(-632)<br />
To resolve this issue, set the default login sequence as simple password for the container where user<br />
objects are imported before doing ldapsearch for those user objects.<br />
When LDAP requests NMAS to log in a user, NMAS uses the default login sequence. If you do not<br />
specify a default login sequence for these users, then it will use the NDS sequence. If these users are<br />
not given an NDS password when you imported them, then the NDS sequence will not work. If you<br />
enable universal password, then the simple password will be synchronized with the NDS password<br />
and universal password when the user logs in with the simple password.<br />
96 <strong>Novell</strong> <strong>eDirectory</strong> <strong>8.8</strong> <strong>Troubleshooting</strong> <strong>Guide</strong>