Novell Home

My Favorites

Close

Please to see your favorites.

DSFW: NTP daemon dies

This document (7011476) is provided subject to the disclaimer at the end of this document.

Environment

Novell Open Enterprise Server 2 SP3 (OES2SP3)
November 2012 Maintenance Patch
Domain Services for Windows
DSfW

Situation

NTP daemon in the DSFW server goes to dead state when the time provider on a Windows XP SP3 workstation lists the DSfW Domain Controller.

DSfW domain controller and has either /var/opt or /var/opt/novell or/var/opt/novell/xad/ directory in a separate partition.

Steps to reproduce:
  1. Joined Windows XP SP3 client to the domain
  2. From GPMC, Configure Windows NTP Client policy in "Computer Configuration -> Administrative Templates -> System -> Windows Time Service -> Time Providers
  3. Provide the server FDN as DC name
  4. Do a "gpupdate /force" from windows WS
  5. Do a gposync in the DSFW server
  6. From Windows WS run the below command:
  7. C:\w32tm /resync /rediscover
rpm : novell-xad-framework-2.2.6214-0.7
      novell-xad-dcerpc-1.3.6172-0.7

Resolution

Change the apparmor NTP profile from 'enforce' mode to 'complain' mode in order to allow the ntpd daemon to process
signed NTP requests coming from the windows workstations that are joined to the DSfW domain.

The workaround is to change the NTP apparmor profile from
'enforce' to 'complain' mode
  1. rcapparmor stop
  2. rcntp stop
  3. open a terminal
  4. in a terminal enter aa-complain /etc/apparmor.d/usr.sbin.ntpd /usr/sbin/ntpd
  5. rcapparmor start
  6. rcntp start

Cause

Apparmor abstraction currently has recorded the static information related to ntp in the /var/lib/ntp/var/opt/novell/xad/rpc/xadsd.
The information in the static file is valid for a basic setup meaning the entire root system is mounted on a single partition.
With Multiple filesystem partitions this static file is incorrect.
Along with the static information a new dynamic information (if needed) has to be set in the Apparmor abstraction.

Additional Information

Please note, this change is needed only on an OES2SP3 server that is acting as a DSfW domain controller. 

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011476
  • Creation Date:10-DEC-12
  • Modified Date:10-DEC-12
    • NovellOpen Enterprise Server
    • SUSESUSE Linux Enterprise Server
    • NetIQeDirectory

Did this document solve your problem? Provide Feedback