Tree Admin Is Not Automatically Granted Rights For Dsfw Administration; Dsfw Services Stop Working If The Concurrent Ldap Bind Limit Is Set To 1; The Provision Utility Succeeds Only With The --Locate-Dc Option; Users Are Not Samified When The Rid Master Role Is Seized - Novell OPEN ENTERPRISE SERVER 2.0 SP2 - DOMAIN SERVICE FOR WINDOWS Manual
Hide thumbs
Also See for OPEN ENTERPRISE SERVER 2.0 SP2 - DOMAIN SERVICE FOR WINDOWS:
- Administration manual (86 pages) ,
- Implementation manual (132 pages) ,
- User manual (27 pages)
Table of Contents
Advertisement
19.1.2 Tree Admin is Not Automatically Granted Rights for
DSfW Administration
When you install DSfW in a child domain or grandchild domain, the tree admin identity is not
automatically added as an administrator of services on the server unless the tree admin is the identity
used during the install. If a different identity is used for installation, the tree admin cannot manage
the DSfW services on that server.
The administrator credentials that you entered during the DSfW install are automatically configured
to allow that user to manage DSfW and related services on the server. After the install, you can add
another administrator by configuring the following for the user:
Give the user the Supervisor right to the Server object
Linux-enable the user with Linux User Management by adding the user to the LUM-enabled
Domain admingroup associated with the server.
This applies to any administrator that you want to manage DSfW on that server.
19.1.3 DSfW Services Stop Working if the Concurrent LDAP
Bind Limit is Set to 1
This is an invalid scenario.
If you set the bind limit to 1, services such as kinit, rpcclient, SASL-BIND, and Samba, stop and you
cannot join a workstation. For the services to function as expected, change the LDAP bind limit to 0,
which is the default.
19.1.4 The Provision Utility Succeeds Only With the --locate-dc
Option
By default, the Provision utility runs with the
with the following message:
Failed to establish LDAP connection with <domain name> : Unknown
authentication method.
To execute other options, export
valid domain username before using Provision utility. All the options will work.
19.1.5 Users Are Not Samified When the RID Master Role is
Seized
When the current RID master is down, the users already added to the servers other than DSfW after
the RID pools are exhausted are not samified.
To resolve this issue, run
provision_samify.pl
--locate-dc
SASL_PATH=/opt/novell/xad/lib/sasl2
/opt/novell/xad/share/dcinit/provision/
on the DSfW server.
option only. For other options, it fails
and
kinit
with a
Troubleshooting 207
Advertisement
Chapters
Table of Contents
Troubleshooting
Related Manuals for Novell OPEN ENTERPRISE SERVER 2.0 SP2 - DOMAIN SERVICE FOR WINDOWS
Related Products for Novell OPEN ENTERPRISE SERVER 2.0 SP2 - DOMAIN SERVICE FOR WINDOWS
- NOVELL APPARMOR 2.0.1
- NOVELL CLIENT FOR LINUX 2.0 SP3
- NOVELL CLIENT FOR LINUX 2.0 SP1 - ADMINISTRATION
- NOVELL GROUPEWISE 8 - SUPPORT PACK 2 05-2010
- NOVELL OPEN WORKGROUP SUITE SMALL BUSINESS EDITION 2.0 - 14-05-2007
- NOVELL OPEN WORKGROUP SUITE SMALL BUSINESS EDITION 2.0 - 02-15-2008
- NOVELL ZENWORKS 7.2 LINUX MANAGEMENT - SCENARIOS 2 03-30-2007
- NOVELL APPARMOR 2.0
Need help?
Do you have a question about the OPEN ENTERPRISE SERVER 2.0 SP2 - DOMAIN SERVICE FOR WINDOWS and is the answer not in the manual?
Questions and answers