Novell OES 11.1 shell commands hang without reason

Novell OES 11 linux shell commands hang for a very long time. It happened to me and I was able to fix it without restarting the whole server.

Server release info:

Novell Open Enterprise Server 11 (x86_64)
VERSION = 11.1
PATCHLEVEL = 1

Symptoms:

# strace -p26881
Process 26881 attached - interrupt to quit
connect(146, {sa_family=AF_FILE, path="/var/run/novell-lum/.nam_nss_sock"}, 35^C <unfinished ...>

All http services that are not using linux authentiction are working - iManager works, iMonitor works, Remote Manager is not working because it is for controlling linux services and require linux authentication.

It seems that something went wrong with namcd service. Most linux commands (like cron, id, ssh...) are trying to check through that socket for a user FDN from eDirectory. Linux User Managment (LUM) maps linux users to eDirectory users and every linux program executed is asking namcd (eDirectory Novell Account Management caching daemon) for information about current user. If namcd is not working it will just use local linux user db for that and if is working correctly you can check every user in eDir like this:

Note: admin is not local linux user but eDir user

Working LUM and namcd:

# id admin
uid=602(admin) gid=602 groups=602,601(sms smdr group)

Not working LUM and/or namcd:

# id admin
id: admin: No such user

The problem is when namcd is working but not returning any data through that socket. Then you get every linux command that checks for current user to hang forever.

# id admin
(hangs forever until you press ctrl+c)

Solution is to kill all hanged processes and then restart namcd

# rcnamcd restart

I was able to login via ssh in a strange way - it asks me for password and then hanged and I left it like this and after an hour I pressed ctrl+c and it showed me the desired shell on the remote server.

If you do this and it still does not work properly and you get messages like this in /var/log/messages

Nov 22 10:19:45 storage /usr/sbin/namcd[720]:  GetGIDsGroupListNumberOfGroupsOfWS: Error [32] in LDAP search while trying to find group FDNs with scope=base for cn=UNIX Workstation - storage,o=servers

You need to recreate nam.conf. For more information look here: http://geroyblog.blogspot.com/2013/04/novell-enterprise-linux-server-install.html

Novell Enterprise Linux Server Install and Migration Notes

Novell NetWare 5.1 to Novell Enterprise Linux (OES2) migration scenario: The idea is to add new OES2 server to the existing NetWare 5.1 tree, add replica of the tree, transfer data files from storage volumes and then remove old NetWare 5.1 server.


Notes are for this version of Novell Linux:
# cat /etc/novell-release
Novell Open Enterprise Server 11 (x86_64)
VERSION = 11.1
PATCHLEVEL = 1

Note #1

Updates - you need your registration codes and email address so you can use online updates and install from online repositories. YAST -> Software Management -> Configuration -> Online Update. This will launch browser and lead you to novell site where you need to enter your registration email/codes so the server can be authenticated as licensed one. If everything is ok the new repositories will be added automatically.

Note #2

Time between all servers in the tree must me synchronized. Use same time server for both servers.

Note #3

If you get error about Secure LDAP connection with Novell NetWare 5.x you need to generate valid certificate for Secure LDAP on NetWare with ConsoleOne app.

Note #4

"This user does not have the correct credentials to authenticate to the CIMOM client."
You get this error when trying to add the new server to existing tree. This is bug in installation process. The Unix Config Object which is needed to map users between eDirectory and linux/unix workstation/servers is not created in installation process. Solution is to remove /etc/nam.conf file and recreate it with namconfig.

# rm -f /etc/nam.conf
# namconfig add -a cn=admin,o=company_ltd -r o=company_ltd -w ou=servers,o=company_ltd -S 192.168.20.5:389 -l 636
Enter the admin(cn=admin,o=company_ltd) password:

namconfig.getSchemaName: schema name = cn=schema
NAM Schema is extended successfully.
NAM Unique id schema is already extended.
uidNumber and gidNumber attribute indices already exist in the LDAP server
Creating the Unix Config object...done.
Creating the Unix Workstation object...done.
Adding the workstation context...done.
Stopping the service 'namcd'...done.
Stopping the service 'nscd'...done.
Starting the service 'namcd'... Done.
Starting the service 'nscd'... Done.
Configure done successfully.

Now you can use iManager to enable users for linux (Linux User Management -> Enable Users for Linux)

Note #5

Removing the tree

# ndsconfig rm -a cn=adminuser.o=admincontext

Now start YAST and use OES Installation and Configuration utility to add it to the existing tree.

Note #6

OES Installation and Configuration utility won't start
This is known bug. Use command line to start what you need:

# yast edirectory

or you can see what options you have with the command:

# yast --list
Available modules:
add-on
add-on-creator
apparmor
arkmanager
audit-laf
autofs
autoyast
backup
bootloader
ca_mgm
checkmedia
common_cert
dhcp-server
dirinstall
disk
dns-server
dsl
edirectory
fingerprint-reader
.....

You can also use yast2 (graphical interface) in the same way.

Note #7

Adding replica to the newly connected server
Open your iManager with a browser, login to old server and then add the replica:

Partitions and Replica Management -> Replica View

Enter tree name: .YourTreeName. and hit OK. Now you can see your servers and replicas. Use the "Add Replica" button. If you get an error try using 'ndsrepair' on all servers and then try again.

Note #8

You can use miggui tool to transfer existing files/services to the new server but if you have files in cyrillic or in some other encoding created in the old days when nobody cared about encodings this tool won't work.