Novell Home

My Favorites

Close

Please to see your favorites.

Various authentication problems with iManager, openwbem, CIMOM, LUM or LDAP, etc

This document (7011790) is provided subject to the disclaimer at the end of this document.

Environment

Novell Open Enterprise Server 11 (OES 11) Linux
Novell Open Enterprise Server 2 (OES 2) Linux
NetIQ eDirectory
NetIQ iManager

Situation

Storage, Archive Versioning, File Protocols and Clustering Plug-Ins for iManager fail

Errors may occur in one or more of the following places
  • iManager
    • This user does not have the correct credentials to authenticate to the CIMOM client
    • Error: File Protocol error occurred: cannot open the NCS version file on the selected cluster. The Cluster software may not currently be running on this server.
    • Error: File Protocol error occurred: cannot open the NSS version file on the selected server. The NSS software may not currently be running on this server.
  • iManager debug log
    • NSSAdminPluginClient constructor - CIM Exception: CIM_ERR_ACCESS_DENIED
    • Exception caught trying CIMOM protocol: 30602
    • *** NSSServer - NSSClientException caught in GetFile(Manage_NSS/Module/NSS.xml):com.novell.ns
  • openwbem/owicimomd debug log
    • /usr/sbin/namcd[00000]:  cert_callback: ldapssl_get_cert_attribute status 10
    • /usr/sbin/namcd[00000]:  param_errmsg: Unknown error returned reading configuration parameter: alternative-ldap-server-list
The troubleshooting steps in the following, and similar, TIDs have been tried without success:
Server certificates (KMO) had recently expired or become corrupt and been recreated

Resolution

Ensure that LDAP is using the correct certificate:
  1. iManager -> LDAP -> LDAP Options -> View LDAP Servers -> MyServer -> Connections -> Server Certificate
  2. iManager -> LDAP -> LDAP Options -> View LDAP Servers -> MyServer -> Information - > Refresh
It may be necessary to force LDAP to recognise the new certificates.  If the dialogue in Step 1, above, is already populated (e.g. SSL CertificateDNS) then select an alternative certificate (e.g. SSL CertificateIP), Apply and Refresh (Step 2) and then change it back.

Cause

LDAP had not picked up a recently recreated certificate.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011790
  • Creation Date:15-FEB-13
  • Modified Date:15-FEB-13
    • NovellOpen Enterprise Server
    • NetIQeDirectory
      iManager

Did this document solve your problem? Provide Feedback