Dear all

Sorry for this post, I know its an oldie, unfortunately its also a
goodie that I'm not getting past despite the TID mountain.

The error is: "File Protocol error occurred: cannot open the NCS
version file on the selected cluster. The Cluster software may not
currently be running on this server."

Ok - now for the list of things that have been checked:
pam.d settings from numerous tids - none of these have had any effect.
LUM - working ok for all users.

id admin
returns values and doing it the other way to find the users also shows
admin with the same uid and gid. No admin in local passwd files.

owcimomd debug and iManager debug show an "authentication failure"

iManager debug parts:

11/06/08 [13:31:07.901] AuthenticatorServl..176
>>>102-------------------------------------------------------------------------
11/06/08 [13:31:07.901] AuthenticatorServl..731
/nps/servlet/frameservice
?ncsClusterName=EDUDATA.Education.Kings_Lynn.Norfolk_College
&nextState=CfgSelectServer
&nssAction=
&nssCleanup=
&nssConnect=true
&nssLastAction=
&nssPoolName=
&nssServerName=
&nssViewName=
&objectName=EDUDATA.Education.Kings_Lynn.Norfolk_College
&selectedObjs=
&sortCfgColumn=
&sortCfgDirection=
&taskId=ncs.Configuration
11/06/08 [13:31:07.902] Task................444 Starting task
'ncs.Configuration':
11/06/08 [13:31:07.945] NSSClient.............-1
NSSClient.getServerIPAddress() - IP Address = 172.16.0.133
11/06/08 [13:31:07.948] VirtualFile...........-1 Trying CIM/XML
protocol
11/06/08 [13:31:14.363] NSSAdminPluginClie....-1 NSSAdminPluginClient
constructor - CIM Exception: CIM_ERR_ACCESS_DENIED
11/06/08 [13:31:14.363] VirtualFile...........-1 Exception caught
trying CIMOM protocol: 30602
11/06/08 [13:31:14.363] NSSServer.............-1 *** NSSServer -
NSSClientException caught in
GetFile(Novell/Cluster/NCS.xml):com.novell.nss.pluginClient.NSSClientException
11/06/08 [13:31:14.364] NCSMainMgmt........1261 Caught an exception
in NCSMainMgmt::execute
11/06/08 [13:31:14.364] NCSMainMgmt........1262 java.lang.Exception:
File Protocol error occurred: cannot open the NCS version file on the
selected cluster. The Cluster software may not currently be running on
this server.
at
com.novell.ncs.gadgets.NCSMgmt.NCSCfgMgmt.buildMainPageXML(NCSCfgMgmt.java:142)
etc etc

owcimomd debug relevant parts seem to be below:

[135909[46982688141696] Received connection on 172.16.0.133:5989 from
172.16.0.133:60493
2032] HTTPServer::authenticate: processing Basic
[1359092032] NovellAuthenticator: Didn't get cache entry for user
Admin. Doing PAM authentication
[1350699328] Polling Manager: No work after 1 sec. I'm not waiting any
longer
[1342306624] HTTPServer: No work after 1 sec. I'm not waiting any
longer
[1090525504] Polling Manager: Thread 0 is finished. Cleaning up it's
remains.
[1090525504] Polling Manager: Work has been added to the queue
[1090525504] Polling Manager: About to start a new thread
[1090525504] Polling Manager: New thread started
[1350699328] Polling Manager: A thread got some work to do
[46982688141696] Received connection on
/tmp/OW@LCL@APIIPC_72859_Xq47Bf_P9r761-5_J-7_Q from
/tmp/OW@LCL@APIIPC_72859_Xq47Bf_P9r761-5_J-7_Q
[46982688141696] HTTPServer: Thread 1 is finished. Cleaning up it's
remains.
[46982688141696] HTTPServer: Work has been added to the queue
[46982688141696] HTTPServer: About to start a new thread
[46982688141696] HTTPServer: New thread started
[1342306624] HTTPServer: A thread got some work to do
[1350699328] Polling Manager: No work after 1 sec. I'm not waiting any
longer
[1359092032] HTTPServer::authenticate: failed:
[1342306624] HTTPServer::authenticate: processing OWLocal
[1342306624] HTTPServer::authenticate: authentication failed for: root
[46982688141696] Received connection on
/tmp/OW@LCL@APIIPC_72859_Xq47Bf_P9r761-5_J-7_Q from
/tmp/OW@LCL@APIIPC_72859_Xq47Bf_P9r761-5_J-7_Q
[46982688141696] HTTPServer: Work has been added to the queue
[1359092032] HTTPServer: A thread got some work to do
[1359092032] HTTPServer::authenticate: processing OWLocal
[1359092032] HTTPServer::authenticate: authenticated root


An LDAP trace shows an authentication failure.

New TLS connection 0x8276b40 from 172.16.1.221:52818, monitor =
0xeb5dcba0, index = 2
Monitor 0xeb5dcba0 initiating TLS handshake on connection
0x8276b40
(172.16.1.221:52818)(0x0000:0x00) DoTLSHandshake on connection
0x8276b40
BIO ctrl called with unknown cmd 7
(172.16.1.221:52818)(0x0000:0x00) Completed TLS handshake on
connection 0x8276b40
(172.16.1.221:52818)(0x0001:0x60) DoBind on connection
0x8276b40
(172.16.1.221:52818)(0x0001:0x60) Bind
name:cn=Admin,o=Norfolk_College, version:3, authentication:simple
(172.16.1.221:52818)(0x0001:0x60) Failed to authenticate full
context on connection 0x8276b40, err = failed authentication
(-669)
(172.16.1.221:52818)(0x0001:0x60) Sending operation result
49:"":"NDS error: failed authentication (-669)" to
connection 0x8276b40
(172.16.1.221:52818)(0x0002:0x63) Implied anonymous bind by
operation 0x2:0x63 on connection 0x8276b40
(172.16.1.221:52818)(0x0002:0x63) DoSearch on connection
0x8276b40
(172.16.1.221:52818)(0x0002:0x63) Search request:
base: "cn=Admin,o=Norfolk_College"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "uamPosixSalt"
(172.16.1.221:52818)(0x0002:0x63) Sending search result entry
"cn=Admin,o=Norfolk_College" to connection 0x8276b40
(172.16.1.221:52818)(0x0002:0x63) Sending operation result
0:"":"" to connection 0x8276b40
(172.16.1.221:52818)(0x0003:0x6e) DoCompare on connection
0x8276b40
(172.16.1.221:52818)(0x0003:0x6e) compare: dn
(cn=Admin,o=Norfolk_College) attr (userPassword)
(172.16.1.221:52818)(0x0003:0x6e) Sending operation result
5:"":"" to connection 0x8276b40
(172.16.1.221:52818)(0x0004:0x42) DoUnbind on connection
0x8276b40
Monitor 0xeb5dcba0 found connection 0x8276b40 ending TLS
session
Connection 0x8276b40 closed


The same username and password connects fine to iManager in the first
instance and only fails when using the Cluster plugin. In fact, other
pam enabled service like ssh work ok as well - it just seems to be
openwbem based requests that fail.

Looking at it I'd be looking at the pam authentication plugin being
used or the config for openwbem but I don't seem to be getting very far
with it. Has anyone any ideas?

Thanks


--
Martyn Smith
IT Network Coordinator
The College of West Anglia
------------------------------------------------------------------------
msmith's Profile: http://forums.novell.com/member.php?userid=3560
View this thread: http://forums.novell.com/showthread.php?t=350305

I've also tested ldap connectivity using ldapsearch (both the novell
version in /opt/novell/eDirectory/bin and the openldap client).

ldapsearch -LLL "(cn=admin)" sn uid uidnumber gidnumber -D <iManager
user DN> -w <iManager user password> -x -h ldaps://<owcimom server
address>:636

which works without issue. This appears to be due to the way the data
is being passed to ldap. Anyone know what modules are doing the passing
and if I can reinstall without impacting service as I suspect a duff
module.


--
Martyn Smith
IT Network Coordinator
The College of West Anglia
------------------------------------------------------------------------
msmith's Profile: http://forums.novell.com/member.php?userid=3560
View this thread: http://forums.novell.com/showthread.php?t=350305