seems that 'rcxad-krb5kdc start' is (at least a symptom of) the problem:
/var/opt/novell/xad/log/ndsd.log has lines like:
/var/opt/novell/xad/log/kdc.log shows:
so TID 7009851 says to do ldapsearch:
which would point to some sort of ldap problem in general, not necessarily what the TID was trying to fix. Because, in fact. I can successfully perform the same query on the working dsfw server:
But ldap seems to be working, a query like
ldapsearch -v -LLL -x -h ldaps://tcdsfw -p 1636 -b o=acps "(objectClass=*)" 1.1
does return all objects.
But a query like
ldapsearch -v -LLL -x -h ldaps://tcdsfw -p 636 -b dc=acps,dc=int "(objectClass=*)" 1.1
fails. (It also fails against the existing dsfw server. Should this query work?)
So TID 7007030 tells how to do ldapsearches on the dsfw server. So let's try that:
The same ldap search as above process successfully when run on the first dsfw server.
In any case ,unable to proceed with implementation of this second dsfw server (or the third) . My google-foo has failed me, so any suggestions wlll be welcomed...
Code:
# rcxad-krb5kdc start
Waiting for LDAP server to be ready ...
Starting Kerberos KDCstartproc: exit status of parent of /opt/novell/xad/sbin/krb5kdc: 1
failedCode:
-1228802304: LDAP: [Tue Jul 30 15:30:09 2013] FATAL: NlGetLocatorConfiguration: Could not get forest name from directory
-1255356672: LDAP: [Tue Jul 30 15:30:38 2013] FATAL: NlGetLocatorConfiguration: Could not get forest name from directoryCode:
krb5kdc: No such entry in the database - while initializing database for realm ACPS.INTCode:
tcdsfw:/ # export LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf
tcdsfw:/ # ldapsearch -v -Y EXTERNAL -LLL -Q -b "cn=tcdsfw,ou=Domain Controllers,dc=acps,dc=int" uniquedomainid
ldap_initialize( <DEFAULT> )
filter: (objectclass=*)
requesting: uniquedomainid
Other (e.g., implementation specific) error (80)Code:
codsfw:/ # ldapsearch -Y EXTERNAL -LLL -Q -b "cn=tcdsfw,ou=Domain Controllers,dc=acps,dc=int" uniquedomainid
dn: cn=RID Set,cn=TCDSFW,ou=Domain Controllers,dc=acps,dc=int
uniquedomainid: 1049076
dn: cn=TCDSFW,ou=Domain Controllers,dc=acps,dc=int
uniquedomainid: 1049076But ldap seems to be working, a query like
ldapsearch -v -LLL -x -h ldaps://tcdsfw -p 1636 -b o=acps "(objectClass=*)" 1.1
does return all objects.
But a query like
ldapsearch -v -LLL -x -h ldaps://tcdsfw -p 636 -b dc=acps,dc=int "(objectClass=*)" 1.1
fails. (It also fails against the existing dsfw server. Should this query work?)
So TID 7007030 tells how to do ldapsearches on the dsfw server. So let's try that:
Code:
tcdsfw:~ # export LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf
tcdsfw:~ # which ldapsearch
/usr/bin/ldapsearch
tcdsfw:~ # ldapsearch -Y EXTERNAL -LLL -Q -b "" -s sub objectClass=DomainDNS dn distinguishedName
No such object (32)
Additional information: NDS error: no such entry (-601)
tcdsfw:~ # cat /etc/opt/novell/xad/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE DC=acps,DC=int
URI ldapi://%2fvar%2fopt%2fnovell%2fxad%2frun%2fldapi
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_REQCERT allow
SASL_MECH GSS-SPNEGOIn any case ,unable to proceed with implementation of this second dsfw server (or the third) . My google-foo has failed me, so any suggestions wlll be welcomed...