Novell Home

Workaround for TLS Port Not Listening in Linux OES SP2

Novell Cool Solutions: Tip
By Hema Joshi

Digg This - Slashdot This

Posted: 16 Nov 2006
 

Troubleshooting SSL port not listening issue when eDirectory is configured through ndsconfig after completing the installation of Linux OES-SP2

Intended Audience:

Test engineers of eDirectory and help desk engineers who will be installing only the OS in all the systems as part of lab setup and configuring eDirectory at the later stages.

Problem:

Install Linux OES-SP2 completely by choosing the configure later option and then configure eDirectory. The message "TLS port is not listening" is displayed, hence could not perform TLS/SSL operations.

The following is the description of the issue:

  1. Start Installing Linux OES-SP2
  2. Select Configure Later option and complete the installation.
  3. Configure eDirectory with ndsconfig
    st-fc-lnx-26:~ # ndsconfig new -t test-tree -n o=novell -a cn=admin.o=novell
    	Enter the password for cn=admin.o=novell:
    	Re-enter the password for cn=admin.o=novell:
    	HTTP Port 8008 already in use...
    	Please enter another HTTP port ( > 1023 ): 8028
    	Starting the service 'ndsd'... Done.
    	Configuring Novell eDirectory server with following parameters
            		Admin name      = cn=admin.o=novell
            		Tree name       = test-tree
            		Server Context  = o=novell
            		dibdir path     = /var/nds/dib
    
    	Searching for Duplicate Tree Name in the network.  Please wait...
     	Configuring Novell eDirectory Server ...
    
    	Novell eDirectory Server successfully configured on this system.
    	Extending schema...
    	For more details view schema extension logfile: /var/nds/schema.log
    	Schema extended successfully.
    	Configuring SAS service ...
    	Successfully configured SAS service
    	Configuring NMAS service ...
    	Successfully configured NMAS service
    	Configuring LDAP Server with default SSL CertificateDNS certificate
    	Done
    	Checking the status of LDAP services...
    	Novell eDirectory LDAP Server TCP port is listening.
    	Novell eDirectory LDAP Server TLS port is not listening.
    	st-fc-lnx-26:~ #
  4. No SSL/TLS operations can be perfomed.

The root cause of this problem being NICI getting installed in client mode. Where as NICI to be installed in server mode in order to carry out SSL/TLS operations.

Solution:

  1. Mount eDirectory 873 or 88 builds folder and run nici_test_mode to confirm NICI is installed in client mode:
    st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup # ./nici_mode_test

    WARNING!! NICI is installed in CLIENT mode.

    eDirectory will not be completely functional with NICI installed in CLIENT mode.

    You may want to provide proper license file to get NICI installed in SERVER mode.

    st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup #
  2. Look to see if the nicifk file under /var/novell/nici is missing:
    st-fc-lnx-26:/ # ls /var/novell/nici
    	.  ..  0  nicimud  primenici  xmgrcfg.nif  xmgrcfg.wks
    	st-fc-lnx-26:/ #
  3. Copy the nicifk file from any other eDirectory server:
    st-fc-lnx-26:/var/novell/nici # ftp 164.99.156.7
    	Connected to 164.99.156.7.
    	220 st-fc-sol-7.blr.novell.com FTP server ready.
    	Name (164.99.156.7:root): root
    	331 Password required for root.
    	Password:
    	230 User root logged in.
    	Remote system type is UNIX.
    	Using binary mode to transfer files.
    	ftp> bin
    	257 "/var/novell/nici" is current directory.
    	ftp> ls
    	229 Entering Extended Passive Mode (|||43117|)
    	150 Opening ASCII mode data connection for /bin/ls.
    	total 522Look out whether  nicifk  file under  /var/novell/nici is missing.
    	drwx------   2 root     other        512 Oct 18 17:20 0
    	-rw-r--r--   1 root     other      13440 Oct 19 09:56 nicifk
    	-r--r--r--   1 root     bin        13440 Sep 25 23:35 nicifk.new
    	-rwsr-xr-x   1 root     bin        11004 Sep 25 23:34 nicimud
    	-rwx------   1 root     bin       194340 Sep 25 23:35 primenici
    	-r-x------   1 root     bin         2661 Oct 31 12:14 set_server_mode
    	-rw-r--r--   1 root     other       1222 Oct 19 09:56 xarchive.000
    	-rw-r--r--   1 root     other      12016 Oct 19 09:56 xmgrcfg.nif
    	-r--r--r--   1 root     bin         3853 Sep 25 23:35 xmgrcfg.wks
    	226 Transfer complete.
    	ftp> 
    
    	ftp> mget ./nicifk .
    	mget ./nicifk [anpqy?]? y
    	229 Entering Extended Passive Mode (|||49320|)
    	150 Opening BINARY mode data connection for ./nicifk (13440 bytes).
    	100% |*********************************| 13440       1.28 MB/s    00:00 ETA
    	226 Transfer complete.
    	13440 bytes received in 00:00 (325.37 KB/s)
    	mget 0 [anpqy?]? q
    	mget aborted.
    	ftp>
  4. Confirm the nicifk is copied to /var/novell/nici:
    st-fc-lnx-26:/var/novell/nici # ls
    	.  ..  0  nicifk  nicimud  primenici  xmgrcfg.nif  xmgrcfg.wks
  5. Run primenici to change nici to server mode:
    st-fc-lnx-26:/var/novell/nici # ./primenici
    	Initializing NICI ... done.
    	st-fc-lnx-26:/var/novell/nici #
  6. Now check the mode of nici:
    st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup # ./nici_mode_test
    	Count = 1
    	NICI is installed in SERVER mode.
    	st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup #
  7. Deconfigure the old tree:
    st-fc-lnx-26:/ # ndsconfig rm -a cn=admin.o=novell
    	Enter the password for cn=admin.o=novell:
            		dibdir path = /var/nds/dib
    	Deconfiguring Novell eDirectory might cause problems in the operation of 
    	modules dependent on eDirectory.  Do you wish to continue? (y/n) : y
    	Logging into the tree as "cn=admin.o=novell". Please Wait ...
    	Novell eDirectory Server was successfully deconfigured.
    	Stopping the service 'ndsd'... Done.	
    	st-fc-lnx-26:/ #
  8. Now configure the new tree:
    st-fc-lnx-26:/ # ndsconfig new -t test-tree1 -n o=novell -a cn=admin.o=novell
    	Enter the password for cn=admin.o=novell:
    	Re-enter the password for cn=admin.o=novell:
    	HTTP Port 8008 already in use...
    	Please enter another HTTP port ( > 1023 ): 8028
    	Starting the service 'ndsd'... Done.
    	Configuring Novell eDirectory server with following parameters
            		Admin name      = cn=admin.o=novell
            		Tree name       = test-tree1
            		Server Context  = o=novell
    		dibdir path     = /var/nds/dib
    
    	Searching for Duplicate Tree Name in the network.  Please wait...
    	Configuring Novell eDirectory Server ...
    
    	Novell eDirectory Server successfully configured on this system.
    	Extending schema...
    	For more details view schema extension logfile: /var/nds/schema.log
    	Schema extended successfully.
    	Configuring SAS service ...
    	Successfully configured SAS service
    	Configuring NMAS service ...
    	Successfully configured NMAS service
    	Configuring LDAP Server with default SSL CertificateDNS certificate
    	Done
    	Checking the status of LDAP services...
    	Novell eDirectory LDAP Server TCP port is listening.
    	Novell eDirectory LDAP Server TLS port is listening.
    	st-fc-lnx-26:/ #
  9. Conclusion:

    This work around will avoid reinstalling of OES just because of not configuring eDirectory during OS installation which made SSL/TLS operations impossible.


    Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell