Existing tree consists of one Netware 6.5 sp8 server, 4 OES1 Linux servers and 4 OES2 Linux servers. My method was to install SLES 11 sp1, patch, then install OES11 as an add on. I preconfigured timesync and slp before starting the install of OES11. I get the message: ndsconfig failed to configure and start edirectory. Strangely though, when I click on the details button I get the message it was successful:
When I type rcndsd status from a command prompt it shows eDir running just fine. I've reviewed the logs located in /var/opt/novell/eDirectory/log and the only error I could find was in PKIHealth.log:
Step 5 Re-verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - hpsRAD.HPS'.
--->KMO IP AG 10\.1\.2\.8 - hpsRAD.HPS is linked.
--->KMO SSL CertificateIP - hpsRAD.HPS is linked.
--->KMO DNS AG hpsRAD\.hps\.dom - hpsRAD.HPS is linked.
--->KMO SSL CertificateDNS - hpsRAD.HPS is linked.
Step 5 succeeded.
Step 6 Create Default Certificates
Server Self-Provisioning is NOT enabled, so we cannot create certificates.
Step 6 succeeded.
Step 7 Syncing certificates for external services
Cannot get the certificate.Step 7 failed -603.
Step 8 Checking validity of eDirectory CA certificates
File /etc/ssl/certs/eDirCACert.pem already exists.
Read /etc/opt/novell/certs/SSCert.der -- 1327 bytes.
Read CA certificate of length 1327.
SSCert.der matchs the CA's certificate.
Step 8 succeeded.
Note: Occasionally multiple problems will be solved with a single fix.
Fixable problems found: 3
Problems fixed: 0
Un-fixable problems found: 0
Also from pkitrace.log:
Tue Jul 24 19:46:08 2012 :Exiting NWCPKIFragmentRequest with 50436
Tue Jul 24 19:46:08 2012 :NWCPKIFragmentRequest for Sign Certificate returned 50436
Tue Jul 24 19:46:08 2012 :Exiting CreateServerCertificate with ccode 50436
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo called
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo KMO exists
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo DDCReadToBuffer successful -- 1 items
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo PRIVATE_KEY
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo numChainCerts 0
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo adding object cert to cache 0
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo exiting with -1226
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo called
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo KMO exists
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo DDCReadToBuffer successful -- 1 items
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo PRIVATE_KEY
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo numChainCerts 0
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo adding object cert to cache 0
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo exiting with -1226
I've gone through the excercise of checking server keys with sdidiag and everything is healthy there.
Any help is appreciated and I can supply additional logs or other info if needed.
Thanks.
Dan
| command: /opt/novell/eDirectory/bin/ndsconfig add -c -t 'HPS_TREE' -n 'o=hps' -a 'cn=admin.o=hps' -p 10.1.0.1:524 -d /var/opt/novell/eDirectory/data/dib -D /var/opt/novell/eDirectory -B 10.1.2.8@524 -L 389 -l 636 -o 8028 -O 8030 --config-file /etc/opt/novell/eDirectory/conf/nds.conf Configuring the NDAP interfaces... Done Configuring the HTTP interfaces... Done Configuring the LDAP interfaces... Done Starting the service 'ndsd'... Done. Done Configuring Novell eDirectory server with the following parameters, Please wait... Tree Name : HPS_TREE Server DN : hpsRAD.o=hps Admin DN : cn=admin.o=hps NCP Interface(s) : 10.1.2.8@524 HTTP Interface(s) : 10.1.2.8@8028 HTTPS Interface(s) : 10.1.2.8@8030 LDAP TCP Port : 389 LDAP TLS Port : 636 LDAP TLS Required : Yes Remote Server Address : 10.1.0.1:524 Configuration File : /etc/opt/novell/eDirectory/conf/nds.conf Instance Location : /var/opt/novell/eDirectory/data DIB Location : /var/opt/novell/eDirectory/data/dib Checking if server is ready to service requests... Logging into the tree as "cn=admin.o=hps". Please wait... Note: If this server is being upgraded into an existing context with a large number of objects or, if network traffic is excessive, then configuration could take several minutes. Synchronizing schema Basic configuration is successful. Proceeding with additional configuration... Extending schema... Done For more details view schema extension logfile: /var/opt/novell/eDirectory/log/schema.log Configuring HTTP service... Done Configuring LDAP service... Done Configuring SNMP service... Done Configuring SAS service... Done Associating certificate with the NCP server object... Done Configuring NMAS service... Done Configuring SecretStore... Done Configuring LDAP Server with default SSL CertificateDNS certificate... Done Triggering the 'External Reference Check' process... Done The instance at /etc/opt/novell/eDirectory/conf/nds.conf is successfully configured. |
Step 5 Re-verifying the links to the KMOs
Reading the links for SAS Service object 'SAS Service - hpsRAD.HPS'.
--->KMO IP AG 10\.1\.2\.8 - hpsRAD.HPS is linked.
--->KMO SSL CertificateIP - hpsRAD.HPS is linked.
--->KMO DNS AG hpsRAD\.hps\.dom - hpsRAD.HPS is linked.
--->KMO SSL CertificateDNS - hpsRAD.HPS is linked.
Step 5 succeeded.
Step 6 Create Default Certificates
Server Self-Provisioning is NOT enabled, so we cannot create certificates.
Step 6 succeeded.
Step 7 Syncing certificates for external services
Cannot get the certificate.Step 7 failed -603.
Step 8 Checking validity of eDirectory CA certificates
File /etc/ssl/certs/eDirCACert.pem already exists.
Read /etc/opt/novell/certs/SSCert.der -- 1327 bytes.
Read CA certificate of length 1327.
SSCert.der matchs the CA's certificate.
Step 8 succeeded.
Note: Occasionally multiple problems will be solved with a single fix.
Fixable problems found: 3
Problems fixed: 0
Un-fixable problems found: 0
Also from pkitrace.log:
Tue Jul 24 19:46:08 2012 :Exiting NWCPKIFragmentRequest with 50436
Tue Jul 24 19:46:08 2012 :NWCPKIFragmentRequest for Sign Certificate returned 50436
Tue Jul 24 19:46:08 2012 :Exiting CreateServerCertificate with ccode 50436
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo called
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo KMO exists
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo DDCReadToBuffer successful -- 1 items
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo PRIVATE_KEY
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo numChainCerts 0
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo adding object cert to cache 0
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo exiting with -1226
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo called
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo KMO exists
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo DDCReadToBuffer successful -- 1 items
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo PRIVATE_KEY
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo numChainCerts 0
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo adding object cert to cache 0
Tue Jul 24 19:46:08 2012 :NPKIGetServerKMOInfo exiting with -1226
I've gone through the excercise of checking server keys with sdidiag and everything is healthy there.
Any help is appreciated and I can supply additional logs or other info if needed.
Thanks.
Dan