1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. EDIRECTORY 8.8 SP2
  6. Troubleshooting manual

Novell EDIRECTORY 8.8 SP2 Troubleshooting Manual

Hide thumbs Also See for EDIRECTORY 8.8 SP2:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual, Manual
Novell
eDirectory
TM
w w w . n o v e l l . c o m
8 . 8 S P 2
T R O U B L E S H O O T I N G G U I D E
O c t o b e r 1 2 , 2 0 0 7

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the EDIRECTORY 8.8 SP2 and is the answer not in the manual?

Questions and answers

Related Manuals for Novell EDIRECTORY 8.8 SP2

Summary of Contents for Novell EDIRECTORY 8.8 SP2

  • Page 1 Novell eDirectory 8.8 Troubleshooting Guide Novell eDirectory w w w . n o v e l l . c o m 8 . 8 S P 2 T R O U B L E S H O O T I N G G U I D E...
  • Page 2 Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell is a registered trademark of Novell, Inc., in the United States and other countries. Novell Client is a trademark of Novell, Inc. Novell Directory Services and NDS are registered trademarks of Novell, Inc., in the United States and other countries.

  • Page 5: Table Of Contents

    Contents About This Book 1 Resolving Error Codes 2 Installation and Configuration Installation ..............13 2.1.1 Installation Not Successful .
  • Page 6 Migrating the Sun ONE Schema to Novell eDirectory ....... 53...
  • Page 7 Novell Import Convert Export Utility ........
  • Page 8 On Windows............97 Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 9: About This Book

    Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there. Documentation Updates For the most recent version of the Novell eDirectory 8.8 Installation Guide, see the Novell eDirectory 8.8 Documentation (http://www.novell.com/documentation/edir88/index.html) Web site.
  • Page 10 ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash.

  • Page 11: Resolving Error Codes

    Resolving Error Codes For a complete list and explanation of eDirectory error codes, see the Novell Error Codes Web page (http://www.novell.com/documentation/lg/nwec/index.html). Resolving Error Codes...
  • Page 12 Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 13: Installation And Configuration

    If the -632: Error description System failure error message appears during installation, exit from the installation process. Set the n4u.base.slp.max-wait parameter to a larger value, such as 50, in the /etc/opt/novell/ eDirectory/conf/nds.conf file, then restart the installation process. During installation, if the Tree Name Not Found error message is displayed, do the...

  • Page 14: Installation Takes A Long Time

    Do not configure the product. See “Linux, Solaris, AIX, and HP-UX Packages for Novell eDirectory ” in the Novell eDirectory 8.8 Installation Guide for more information. 4b Edit the /etc/opt/novell/eDirectory/conf/nds.conf and add the following parameters: n4u.uam.ncp-retries = 5 n4u.base.slp.max-wait = 20 4c Edit the /etc/slpuasa.conf to add the following parameter:...

  • Page 15: Nici Installation Failed - 1497

    Group or user names field, then this issue occurs. To work around this problem, do the following: 1 Remove the NICIFK file. This is present in C:/Windows/system32/novell/nici if the system root is C:/Windows/ system32. If the system root is F:/Windows/system32 then this file is present in F:/Windows/ system32/novell/nici.

  • Page 16: Tree Name Lookup Failed: -632 Error While Configuring Edirectory 8.8 On Linux

    1524), the interface specified is incorrect, it uses the default interface and the default port of 524. For n4u.server.interfaces, if the interface specified is incorrect, then ndsd will try to listen on the first interface and the port number would be the one specified in n4u.server.tcp-port. Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 17: Determining The Edirectory Version Number

    On the Agent Summary page, click Known Servers. Then under Servers Known to Database, click Known Servers. The Agent Revision column displays the internal build number for each server. For example, an Agent Revision number for Novell eDirectory 8.7.1 might be 10510.64.

  • Page 18: Windows

    Usage” in the Novell eDirectory 8.8 Administration Guide, or the ndsstat man page (ndsstat.1m). Run ndsd --version. For information on running ndsd, see “Novell eDirectory Linux and UNIX Commands and Usage” in the Novell eDirectory 8.8 Administration Guide, or the ndsd man page (ndsd.1m). Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 19: Solaris

    For information on running ndsd, see “Novell eDirectory Linux and UNIX Commands and Usage” in the Novell eDirectory 8.8 Administration Guide, or the ndsd man page (ndsd.1m). Run iMonitor. On the Agent Summary page, click Known Servers. Then under Servers Known to Database, click Known Servers.

  • Page 20: Hp-Ux

    For information on running ndsd, see “Novell eDirectory Linux and UNIX Commands and Usage” in the Novell eDirectory 8.8 Administration Guide, or the ndsd man page (ndsd.1m). Run iMonitor. On the Agent Summary page, click Known Servers. Then under Servers Known to Database, click Known Servers.
  • Page 21 For example, an Agent Revision number for Novell eDirectory 8.7.1 might be 10510.64. For information on running iMonitor, see “Accessing iMonitor” in the Novell eDirectory 8.8 Administration Guide. Determining the eDirectory Version Number...
  • Page 22 Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 23: Log Files

    Log Files This section contains information on the following log files: Section 4.1, “modschema.log,” on page 23 Section 4.2, “dsinstall.log,” on page 23 4.1 modschema.log The modschema.log file contains the results of all schema extensions that are applied when an eDirectory server is installed into an existing tree.
  • Page 24 Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 25: Troubleshooting Ldif Files

    Utility” in the Novell eDirectory 8.8 Administration Guide. In order for an LDIF import to work properly, you must start with an LDIF file that the Novell Import Conversion Export utility can read and process. This section describes the LDIF file format and syntax and provides examples of correct LDIF files.
  • Page 26 0. It’s also possible that the LDIF file could be rejected as syntactically incorrect. Novell utilities that process LDIF assume a file version of 0 when the version line is missing.

  • Page 27: Ldif Change Records

    Component Description Record Delimiters Blank lines (lines 5, 10, 15, and 26 in the example above) are used as record delimiters. Every record in an LDIF file including the last record must be terminated with a record delimiter (one or more blank lines). Although some implementations will silently accept an LDIF file without a terminating record delimiter, the LDIF specification requires it.
  • Page 28 1 version: 1 2 dn: cn=Peter Michaels, ou=Artists, l=San Francisco, c=US 3 changetype: delete 5 dn: ou=Artists, l=San Francisco, c=US changetype: delete 10 dn: l=San Francisco, c=US 11 changetype: delete 13 dn: c=US Novell eDirectory 8.8 Troubleshooting Guide...
  • Page 29 14 changetype: delete The Modify Change Type The modify change type lets you to specify the addition, deletion, and replacement of attribute values for an entry that already exists. Modifications take one of the following three forms: Element Description add: attribute type A keyword indicating that subsequent attribute value specifiers for the attribute type should be added to the entry.
  • Page 30 0 Indicates that the old RDN value should be kept in the entry after it is renamed. deleteoldrdn: 1 Indicates that the old RDN value should be deleted when the entry is renamed. Novell eDirectory 8.8 Troubleshooting Guide...
  • Page 31 Field Description newsuperior (optional) The new superior specifier gives the name of the new parent that will be assigned to the entry while processing the modify DN record. The new superior specifier must take of the following two forms: newsuperior: safe_UTF-8_distinguished_name newsuperior:: Base64_encoded_distinguished_ name The new superior specifier is optional in LDIF records with a modify DN change type.

  • Page 32: Line Folding Within Ldif Files

    1 version: 1 2 dn: cn=Peter Michaels, ou=Artists, l=San Francisco, c=US 3 sn: Michaels 4 userpassword: {SSHA}sGs948DFGkakdfkasdDF34DF4dS3skl5DFS5 objectclass: inetOrgPerson Example 3 For Digest MD5 hashed passwords: 1 version: 1 2 dn: cn=Peter Michaels, ou=Artists, l=San Francisco, c=US 3 sn: Michaels 4 userpassword: {MD5}a45lkSDF234SDFG62dsfsf2DG2QEvgdmnk4305 objectclass: inetOrgPerson Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 33: Debugging Ldif Files

    Using the Novell eDirectory Import Convert Export Wizard To enable forward references during an LDIF import: 1 In Novell iManager, click the Roles and Tasks button 2 Click eDirectory Maintenance > Import Convert Export Wizard. 3 Click Import Data from File on Disk, then click Next.
  • Page 34 9 Click Next, then click Finish. To enable forward references during a data-to-data server migration: 1 In Novell iManager, click the Roles and Tasks button 2 Click eDirectory Maintenance > Import Convert Export Wizard. 3 Click Migrate Data Between Servers, then click Next.

  • Page 35: Checking The Syntax Of Ldif Files

    11 Click Next, then click Finish. NOTE: Ensure that the schema is consistent across LDAP Services. Using the Novell Import Conversion Export Utility Command Line Interface To enable forward references in the command line interface, use the -F LDAP destination handler option.

  • Page 36: Using The Ldif Error File

    Administration Guide. 5.2.3 Using the LDIF Error File The Novell Import Conversion Export utility automatically creates an LDIF file listing any records that failed processing by the destination handler. You can edit the LDIF error file generated by the utility, fix the errors, then reapply it to the server to finish an import or data migration that contained failed records.

  • Page 37: Using Ldap Sdk Debugging Flags

    Using the Novell Import Conversion Export Utility Command Line Interface To configure error log options in the command line utility, use the -l general option. For more information, see “General Options” in the Novell eDirectory 8.8 Administration Guide. 5.2.4 Using LDAP SDK Debugging Flags To understand some LDIF problems, you might need to see how the LDAP client SDK is functioning.
  • Page 38 The object classes that can contain the object class being defined are given in the X- NDS_CONTAINMENT section of the object class description. The person object class can be contained by the organization, organizationalUnit, and domain object classes. Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 39: Adding A New Attribute

    5.3.2 Adding a New Attribute To add an attribute, simply add an attribute value that conforms to the specification for NDSAttributeTypeDescription to the attributes attribute of the subschemaSubentry. NDSAttributeTypeDescription = "(" whsp numericoid whsp ; AttributeType identifier [ "NAME" qdescrs ] ;...

  • Page 40: Adding Or Removing Auxiliary Classes

    # add an attribute to store a bear’s picture dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( 2.16.840.1.113719.1.186.4.11 NAME ’bearPicture’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE ) # create an Auxiliary class for the bearfeatures dn: cn=schema changetype: modify add: objectclasses Novell eDirectory 8.8 Troubleshooting Guide...
  • Page 41 objectclasses: (2.16.840.1.113719.1.186.6.101 NAME ’bearFeatures’ MAY (bearHair $ bearPicture) AUXILIARY) # now create a user named bobby dn: cn=bobby,o=bearcave changetype: add cn: bobby sn: bear givenName: bobby bearHair: Short bearHair: Brown bearHair: Curly bearPicture:< file:///c:/tmp/alien.jpg objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: bearFeatures # now create a person named john that will later be changed # into a bear when bearFeatures is added to its objectClass...
  • Page 42 Known Problems with XML Parsing XML processing of any LDIF Record (LDIF format or records generated from LDAP server) will not succeed if the individual records will not satisfy all the XML rules specified in the XML file Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 43: Troubleshooting Snmp

    Troubleshooting SNMP This section includes information for troubleshooting SNMP on all platforms. Section 6.1, “Traps Might Not Get Generated As Expected,” on page 43 Section 6.2, “SNMP Group Object,” on page 43 Section 6.3, “SNMP Initializing Errors,” on page 43 Section 6.4, “SNMP Subagent Does Not Start,”...

  • Page 44: Snmp Subagent Does Not Start

    NOTE: By default, naaagt terminates automatically when snmpdm terminates (unless naaagt is started with the -K option). See the naaagt man page for more details. 6.5.4 Unable to Get the SNMP Query Result from the MIB Browser Ensure that net-snmp-5.0.8 is configured, up, and running. Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 45: Traps Are Not Received At The Snmp Console Or The Mib Browser

    For any problem configuring the eDirectory SNMP subagent (ndssnmpsa), see the /etc/opt/novell/ eDirectory/conf/ndssnmp/ndssnmpsa.log file. To get the debug messages, start ndssnmpsa in verbose mode as follows: /opt/novell/eDirectory/bin/ndssnmpsa -v 3 -l 3 Where v is verbose mode and l indicates the log mode.
  • Page 46 Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 47: Obituaries

    Unlike some directory products, Novell eDirectory ensures referential integrity between objects. For example, if Group A has a member, User B, and User B is deleted, the directory automatically removes the reference to User B from Group A.

  • Page 48: Examples

    Computes a time vector which is a minimum transitive vector, referred to as the purge vector. Later versions of eDirectory compute a second minimum vector, called the obituary vector, which does not consider replicas which are subordinate references. Each Obituary in this partition is now examined. Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 49: Moving An Object

    If selected in the configuration page, the server can also generate NDS Agent Health information for every server in the tree. See “Configuring and Viewing Reports” in the Novell eDirectory 8.8 Administration Guide for more information on running the Server Information report. Obituaries...

  • Page 50: Troubleshooting Tips

    Based on the information in the ndsimonhealth configuration file stored with iMonitor (see “Configuration Files” in the Novell eDirectory 8.8 Administration Guide), this report will check the eDirectory agent version to ensure you are running the correct directory patches tree- wide.

  • Page 51: Solutions

    Obituaries can change states only after all agents holding a copy of the replica ring have seen the state change. There are several ways to ensure that every replica has seen the data: While browsing the entry with obituaries, click the Entry Synchronization link. The page displayed will show all attributes that have not been synchronized to all replicas.

  • Page 52: Previous Practices

    This should be done with great care because you might lose data changed on other servers. We recommend that this be a rarely employed method of obituary cleanup. Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 53: Migrating To Novell Edirectory

    This chapter explains the process to migrate to Novell eDirectory from: Section 8.1, “Migrating the Sun ONE Schema to Novell eDirectory,” on page 53 Section 8.2, “Migrating the Active Directory Schema to Novell eDirectory Using ICE,” on page 56 8.1 Migrating the Sun ONE Schema to Novell...
  • Page 54 There are two ways of adding cn to Top: Method 1: Create a file as shown below and name it topsch.ldf. version : 1 dn:cn=schema changetype :modify delete : objectclasses objectclasses : ( 2.5.6.0 NAME ’top’ STRUCTURAL ) Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 55: Step 3: Import The Ldif File

    Standard LDAP objectClass’ SUP (ndsLoginProperties $ top) STRUCTURAL ) 8.1.3 Step 3: Import the LDIF File Use the following Novell Import Conversion Export command to import the modified schema compare LDIF file (err.ldf in our example): ice -e error_file -SLDIF -f modified_LDIF_file -DLDAP -s...

  • Page 56: Migrating The Active Directory Schema To Novell Edirectory Using Ice

    “Step 3: Import the LDIF File” on page 55 8.2.1 Step 1: Perform the Schema Cache Update Operation While migrating schema from Active Directory to Novell eDirectory using ICE, ensure that you have provided the error log option (-e) of ICE as follows:...

  • Page 57: Step 3: Import The Ldif File

    Section 8.3.1, “Prerequisites,” on page 58 Section 8.3.2, “Migrating the OpenLDAP Schema to eDirectory,” on page 58 Section 8.3.3, “Migrating the Open LDAP Data to Novell eDirectory,” on page 59 Section 8.3.4, “Making PAM Work with Novell eDirectory After Migration,” on page 59...

  • Page 58: Prerequisites

    The data that is migrated from an OpenLDAP server can have MD5 passwords, which may cause the applications to break if the appropriate NMAS methods are not installed. The NMAS method, SimplePassword, needs to be installed for the Novell eDirectory using the command as below: nmasinst -addmethod admin_context treename configfile -h Hostname:port-w password Example: nmasinst -addmethod admin.novell eDir-Tree /Linux/eDirectory/nmas/NmasMethods/...

  • Page 59: Migrating The Open Ldap Data To Novell Edirectory

    8.3.3 Migrating the Open LDAP Data to Novell eDirectory Execute the following command to migrate the data: ice -e error_data.ldif -SLDAP -s OpenLDAP_server -p OpenLDAP_port admin_context -w password -t -b dc=blr,dc=novell,dc=com -F objectclass=* -DLDAP -d admin_context -w password For example: ice -e err_data.ldif -SLDAP -s open_srv1 -p open_port1...
  • Page 60 Value: Simple Password Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 61: Replication

    Section 9.1, “Recovering from eDirectory Replica Problems,” on page 61 9.1 Recovering from eDirectory Replica Problems eDirectory offers the Novell robust directory service and the fault tolerance inherent in replication. Replication allows you to keep copies of the eDirectory database, or portions of it, on multiple servers at once.
  • Page 62 Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 63: Novell Public Key Infrastructure Services

    64 10.1 PKI Operations Not Working If PKI operations in ConsoleOne or iManager are not working, it could be because Novell PKI Services are not running on the Linux, Solaris, AIX, or HP-UX host. Start the PKI Services by entering npki -1.

  • Page 64: While Uninstalling The Edirectory Server Holding The Ca, The Kmos Created On That Server Will Be Moved To Another Server In The Tree And Become Invalid

    “Creating an Organizational Certificate Authority Object” and “Creating a Server Certificate Object” in the Novell eDirectory 8.8 Administration Guide for more information. We recommend that you do not uninstall the eDirectory server where the CA for the tree has been created.

  • Page 65: Troubleshooting Utilities On Linux And Unix

    Section 11.6, “Using ndstrace,” on page 73 11.1 Novell Import Convert Export Utility If an LDAP server is refreshed or unloaded, while a Novell Import Conversion Export operation is running, the LBURP operation is timed out message is displayed on the Novell Import Conversion Export screen.

  • Page 66: Using Ndsrepair

    -R [-l yes|no [-u yes|no] [-m yes|no] [-i yes|no] [-f yes|no] [-d yes|no] [-t yes|no] [-o yes|no] [-r yes|no] [-v yes|no] [-c yes|no] [-A yes|no] [-O yes|no] [-F filename] IMPORTANT: The -Ad option should not be used without prior direction from Novell Support personnel. Ndsrepair Options...
  • Page 67 Option Description Replica and Partition Operations option. Lists the partitions that have replicas stored in the current server’s eDirectory database files. The Replica options menu provides options to repair replicas, cancel a partition operation, schedule synchronization, and designate the local replica as the master replica. For more information, see “Replica and Partition Operations Option”...
  • Page 68 Extends and modifies the schema for compatibility with post-NetWare 5 DS changes. This option requires that the server where ndsrepair is run contains a replica of the Tree partition, and that the state of the replica is On. Novell eDirectory 8.8 Troubleshooting Guide...
  • Page 69 Option Description Optional Schema Enhancements Extends and modifies the schema for containment and other schema enhancements. This option requires this server to contain a replica of the Tree partition, and the replica state must be On. In addition, all NetWare 4 servers in the tree must have the following versions of eDirectory: NetWare 4.10 servers must have NDS 5.17 or later...
  • Page 70 Synchronize the Replica on the Selected Server Determines the complete synchronization status on the selected server that has a replica of the selected partition. This helps you determine the health of a partition. If the server with Novell eDirectory 8.8 Troubleshooting Guide...
  • Page 71 WARNING: Misuse of this operation can cause irrevocable damage to the eDirectory database. You should not use this option unless directed by Novell Support personnel. View Entire Partition Name Determines the complete distinguished partition name when the width of the partition is too great to view from within the replica table.

  • Page 72: Troubleshooting Ndsrepair

    11.5.2 Troubleshooting ndsrepair Error -786 While Running Ndsrepair While doing ndsrepair you need to have three times the size of DIB free in that specific partition of your machine. Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 73: Using Ndstrace

    View the status of the ndstrace screen in Linux, Solaris, AIX, or HP-UX. Initiate limited synchronization processes. To start the ndstrace screen, enter the following command at the server prompt: /opt/novell/eDirectory/bin/ndstrace To initiate the basic ndstrace functions, enter commands at the server prompt using the following syntax: ndstrace command_option The following table lists the command options that you can enter.
  • Page 74 Messages about the eDirectory-integrated DNS server processes. DRLK Distributed reference link messages. ® DVRS Messages to show DirXML driver-specific areas that eDirectory might be working on. DXML Messages to show details of DirXML events. Novell eDirectory 8.8 Troubleshooting Guide...
  • Page 75 Trace Flag Description FRAG Messages from the NCP fragger which breaks eDirectory messages into NCP-sized messages. Messages related to inbound requests and processes. INIT Messages related to the initialization of eDirectory. INSP Messages related to the integrity of objects in the source server’s local database.

  • Page 76: Background Processes

    As you use the debugging messages in ndstrace, you will find that some of the trace flags are more useful than others. One of the favorite ndstrace settings of Novell Support is actually a shortcut: set ndstrace = A81164B91 This setting enables a group of debugging messages.
  • Page 77 Trace Flag Parameters Description Time Sets the interval (in minutes) for the backlink process. Default=1500 minutes (25 hours) Range=2 to 10080 minutes (168 hours) None Displays the source server’s outbound connection table and the current statistical information for the table. These statistics do not give any information about the inbound connections from other servers or clients to the source server.
  • Page 78 None Reports the maximum memory used by eDirectory. Sets the name form. 0=hex only 1=full dot form None Displays the tunable parameters and their default settings. Novell eDirectory 8.8 Troubleshooting Guide...
  • Page 79 Trace Flag Parameters Description None Resets the TTF file, which is the sys:system\ndstrace.dbg file by default. This command is the same as the SET parameter NDS Trace File Length Set to Zero. None Schedules the Skulker process, which checks whether any of the replicas on the server need to be synchronized.
  • Page 80 A list Lists the restricted eDirectory versions. If no versions are listed, there are no restrictions. Each version is separated by a comma. None Displays the currently scheduled tasks. Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 81: Nmas On Linux And Unix

    NDS Server. 12.2 The User Added Using the ICE Utility Is Unable to Log In Using Simple Password While adding users with simple passwords through the Novell Import Conversion Export utility, use the -l option. NMAS on Linux and UNIX...
  • Page 82 Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 83: Troubleshooting On Windows

    Troubleshooting on Windows Section 13.1, “The eDirectory for Windows Server Won’t Start,” on page 83 Section 13.2, “The Windows Server Can’t Open the eDirectory Database Files,” on page 83 Section 13.3, “Restoring eDirectory on Windows after an Emergency Repair,” on page 84 13.1 The eDirectory for Windows Server Won’t Start If the eDirectory server fails to start when you boot the Windows server, a message will notify you...

  • Page 84: Restoring Edirectory On Windows After An Emergency Repair

    1 Start Novell iManager from an administrative workstation. 2 Remove the corrupted replica from the replica ring. “Deleting a Replica” in the Novell eDirectory 8.8 Administration Guide for more information. 3 Run the sammig.exe utility in the system directory (usually c:\winnt\system32) on the NT server or from the Start menu (Start >...

  • Page 85: Accessing Httpstk When Ds Is Not Loaded

    Accessing HTTPSTK When DS Is Not Loaded You can set up a preconfigured admin user that allows access to the HTTP Protocol Stack (HTTPSTK) when DS is not loaded. The preconfigured admin user, SAdmin, has rights that are equivalent to the eDirectory Admin User object. If the server is in a state where eDirectory is not functioning correctly, you can log in to the server as this user and perform all the diagnostic and debugging tasks necessary that do not require eDirectory.

  • Page 86: Setting The Sadmin Password On Linux, Solaris, Aix, And Hp-Ux

    Use the DHOST remote manager page (accessible through the /dhost URL or from the root page) to set the SAdmin password. Novell eDirectory server must be running on the eDirectory server in order for you to set or change the SAdmin password.

  • Page 87: Encrypting Data In Edirectory

    8.8 and later. For more information on encrypted attributes and replication, refer to Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/ index.html). For information on other error messages in eDirectory, refer to NDS or Novell eDirectory Error Codes (http://www.novell.com/documentation/nwec/index.html)

  • Page 88: 666 Fffffd66 Incompatible Nds Version

    8.8 server. With ER enabled only between eDirectory 8.8 servers, on merging, sensitive data is exposed when replicating to pre-eDirectory 8.8 servers. Action 1. Upgrade the server to a compatible version of eDirectory. Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 89: Problem With Duplicate Encryption Algorithms

    2. Disable ER at the parent or child partition. NOTE: On disabling ER, replication will happen in the clear text form. 15.2 Problem With Duplicate Encryption Algorithms If you add an attribute for encryption using LDIF, do not associate duplicate algorithms with one attribute.
  • Page 90 Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 91: The Edirectory Management Toolbox

    Management Toolbox (eMBox) lets you access all of the eDirectory backend utilities remotely as well as on the server. eMBox works with Novell iManager to provide Web-based access to eDirectory utilities such as DSRepair, DSMerge, Backup and Restore, and Service Manager.
  • Page 92 Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 93: Sasl-Gssapi

    SASL-GSSAPI This section discusses the error messages logged by the SASL-GSSAPI authentication mechanism. Section 17.1, “Log File Locations,” on page 93 Section 17.2, “Error Messages,” on page 93 17.1 Log File Locations The error messages are logged as follows: Linux and UNIX: ndsd.log NetWare: logger screen Windows: c:\temp\saslgss.log 17.2 Error Messages...
  • Page 94 1 Update the key in eDirectory server so that the version numbers are in sync. 2 Destroy the tickets at the client. 3 Get the TGT again for the principal. 4 Perform the ldap sasl bind operation. Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 95: Miscellaneous

    Miscellaneous Section 18.1, “Backing Up a Container,” on page 95 Section 18.2, “Repeated eDirectory Logins,” on page 95 Section 18.3, “TCP Connection not Terminating after Abnormal Logout,” on page 95 Section 18.4, “NDS Error, System Failure (-632) Occurs When Doing ldapsearch for the User Objects,”...

  • Page 96: Nds Error, System Failure (-632) Occurs When Doing Ldapsearch For The User Objects

    NDS password when you imported them, then the NDS sequence will not work. If you enable universal password, then the simple password will be synchronized with the NDS password and universal password when the user logs in with the simple password. Novell eDirectory 8.8 Troubleshooting Guide...

  • Page 97: Disabling Secretstore

    2 Restart the server Alternatively, you can also comment out the line in the autoexec.ncf file that loads ssncp. 18.5.3 On Windows 1 Go to the novell\nds directory and rename or move the following SecretStore modules: lsss.dll sss.dlm ssncp.dlm ssldp.dlm...

Table of Contents