Workaround for TLS Port Not Listening in Linux OES SP2
Novell Cool Solutions: Tip
By Hema Joshi
Digg This -
Slashdot This
Posted: 16 Nov 2006 |
Troubleshooting SSL port not listening issue when eDirectory is configured through ndsconfig after completing the installation of Linux OES-SP2
Intended Audience:
Test engineers of eDirectory and help desk engineers who will be installing only the OS in all the systems as part of lab setup and configuring eDirectory at the later stages.
Problem:
Install Linux OES-SP2 completely by choosing the configure later option and then configure eDirectory. The message "TLS port is not listening" is displayed, hence could not perform TLS/SSL operations.
The following is the description of the issue:
- Start Installing Linux OES-SP2
- Select Configure Later option and complete the installation.
- Configure eDirectory with ndsconfig
st-fc-lnx-26:~ # ndsconfig new -t test-tree -n o=novell -a cn=admin.o=novell Enter the password for cn=admin.o=novell: Re-enter the password for cn=admin.o=novell: HTTP Port 8008 already in use... Please enter another HTTP port ( > 1023 ): 8028 Starting the service 'ndsd'... Done. Configuring Novell eDirectory server with following parameters Admin name = cn=admin.o=novell Tree name = test-tree Server Context = o=novell dibdir path = /var/nds/dib Searching for Duplicate Tree Name in the network. Please wait... Configuring Novell eDirectory Server ... Novell eDirectory Server successfully configured on this system. Extending schema... For more details view schema extension logfile: /var/nds/schema.log Schema extended successfully. Configuring SAS service ... Successfully configured SAS service Configuring NMAS service ... Successfully configured NMAS service Configuring LDAP Server with default SSL CertificateDNS certificate Done Checking the status of LDAP services... Novell eDirectory LDAP Server TCP port is listening. Novell eDirectory LDAP Server TLS port is not listening. st-fc-lnx-26:~ #
- No SSL/TLS operations can be perfomed.
The root cause of this problem being NICI getting installed in client mode. Where as NICI to be installed in server mode in order to carry out SSL/TLS operations.
Solution:
- Mount eDirectory 873 or 88 builds folder and run nici_test_mode to confirm NICI is installed in client mode:
st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup # ./nici_mode_test
WARNING!! NICI is installed in CLIENT mode.
eDirectory will not be completely functional with NICI installed in CLIENT mode.
You may want to provide proper license file to get NICI installed in SERVER mode.
st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup #
- Look to see if the nicifk file under /var/novell/nici is missing:
st-fc-lnx-26:/ # ls /var/novell/nici . .. 0 nicimud primenici xmgrcfg.nif xmgrcfg.wks st-fc-lnx-26:/ #
- Copy the nicifk file from any other eDirectory server:
st-fc-lnx-26:/var/novell/nici # ftp 164.99.156.7 Connected to 164.99.156.7. 220 st-fc-sol-7.blr.novell.com FTP server ready. Name (164.99.156.7:root): root 331 Password required for root. Password: 230 User root logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> bin 257 "/var/novell/nici" is current directory. ftp> ls 229 Entering Extended Passive Mode (|||43117|) 150 Opening ASCII mode data connection for /bin/ls. total 522Look out whether nicifk file under /var/novell/nici is missing. drwx------ 2 root other 512 Oct 18 17:20 0 -rw-r--r-- 1 root other 13440 Oct 19 09:56 nicifk -r--r--r-- 1 root bin 13440 Sep 25 23:35 nicifk.new -rwsr-xr-x 1 root bin 11004 Sep 25 23:34 nicimud -rwx------ 1 root bin 194340 Sep 25 23:35 primenici -r-x------ 1 root bin 2661 Oct 31 12:14 set_server_mode -rw-r--r-- 1 root other 1222 Oct 19 09:56 xarchive.000 -rw-r--r-- 1 root other 12016 Oct 19 09:56 xmgrcfg.nif -r--r--r-- 1 root bin 3853 Sep 25 23:35 xmgrcfg.wks 226 Transfer complete. ftp> ftp> mget ./nicifk . mget ./nicifk [anpqy?]? y 229 Entering Extended Passive Mode (|||49320|) 150 Opening BINARY mode data connection for ./nicifk (13440 bytes). 100% |*********************************| 13440 1.28 MB/s 00:00 ETA 226 Transfer complete. 13440 bytes received in 00:00 (325.37 KB/s) mget 0 [anpqy?]? q mget aborted. ftp>
- Confirm the nicifk is copied to /var/novell/nici:
st-fc-lnx-26:/var/novell/nici # ls . .. 0 nicifk nicimud primenici xmgrcfg.nif xmgrcfg.wks
- Run primenici to change nici to server mode:
st-fc-lnx-26:/var/novell/nici # ./primenici Initializing NICI ... done. st-fc-lnx-26:/var/novell/nici #
- Now check the mode of nici:
st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup # ./nici_mode_test Count = 1 NICI is installed in SERVER mode. st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup #
- Deconfigure the old tree:
st-fc-lnx-26:/ # ndsconfig rm -a cn=admin.o=novell Enter the password for cn=admin.o=novell: dibdir path = /var/nds/dib Deconfiguring Novell eDirectory might cause problems in the operation of modules dependent on eDirectory. Do you wish to continue? (y/n) : y Logging into the tree as "cn=admin.o=novell". Please Wait ... Novell eDirectory Server was successfully deconfigured. Stopping the service 'ndsd'... Done. st-fc-lnx-26:/ #
- Now configure the new tree:
st-fc-lnx-26:/ # ndsconfig new -t test-tree1 -n o=novell -a cn=admin.o=novell Enter the password for cn=admin.o=novell: Re-enter the password for cn=admin.o=novell: HTTP Port 8008 already in use... Please enter another HTTP port ( > 1023 ): 8028 Starting the service 'ndsd'... Done. Configuring Novell eDirectory server with following parameters Admin name = cn=admin.o=novell Tree name = test-tree1 Server Context = o=novell dibdir path = /var/nds/dib Searching for Duplicate Tree Name in the network. Please wait... Configuring Novell eDirectory Server ... Novell eDirectory Server successfully configured on this system. Extending schema... For more details view schema extension logfile: /var/nds/schema.log Schema extended successfully. Configuring SAS service ... Successfully configured SAS service Configuring NMAS service ... Successfully configured NMAS service Configuring LDAP Server with default SSL CertificateDNS certificate Done Checking the status of LDAP services... Novell eDirectory LDAP Server TCP port is listening. Novell eDirectory LDAP Server TLS port is listening. st-fc-lnx-26:/ #
Conclusion:
This work around will avoid reinstalling of OES just because of not configuring eDirectory during OS installation which made SSL/TLS operations impossible.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com