After installing ZCM 11 agent on a DSfW server, kerberos fails to start

  • 7008805
  • 14-Jun-2011
  • 17-Jul-2013

Environment

Novell Open Enterprise Server 2 SP1 (OES2SP1)
Novell Open Enterprise Server 2 SP2 (OES2SP2)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
DSFW
Novell ZENworks 11 Configuration Management

Situation

The ZCM 11 agent is installed on a DSfW (Domain Services for Windows) server.
After restarting the server, the Domain Services for Windows KDC will not start.

Looking the the environmental variable for LD_LIBRARY_PATH shows it is set to
/usr/lib:/opt/novell/zenworks/lib

e.g.,
env | grep LD_LIBRARY_PATH
LD_LIBRARY_PATH=/usr/lib:/opt/novell/zenworks/lib

Resolution

This is fixed in version 11.1 - see KB 7008746 "ZENworks Configuration Management 11.1 - update information and list of fixes" which can be found at https://www.novell.com/support

Workaround:
edit the /etc/profile.d/novell-zenworks.sh and /etc/profile.d/novell-zenworks.csh to remove the setting for LD_LIBRARY_PATH.

Additional Information

The novell-zenworks.sh file in /etc/profile.d/ directory defines the LD_LIBRARY_PATH as follows

if test -z "$LD_LIBRARY_PATH" ; then
    export LD_LIBRARY_PATH="/usr/lib:/opt/novell/zenworks/lib"
else
    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/lib:/opt/novell/zenworks/lib"
fi

ndsd also depends on the library path and this is where DSfW is supposed to get its library path from.  However ndsd does not set the LD_LIBRARY_PATH, instead it uses RPATH for the binaries and libraries.

example of ndsdconfig
objdump -x /opt/novell/eDirectory/bin/ndsconfig | grep PATH
  RPATH       $ORIGIN/../lib64:$ORIGIN/../lib64/nds-modules:$ORIGIN/../../lib64:/opt/novell/lib64:/usr/lib64/gcc/x86_64-suse-linux/4.1.2
  RUNPATH     $ORIGIN/../lib64:$ORIGIN/../lib64/nds-modules:$ORIGIN/../../lib64:/opt/novell/lib64:/usr/lib64/gcc/x86_64-suse-linux/4.1.2

The /etc/init.d/ndsd start up script has the following:
LD_LIBRARY_PATH=$libdir:$libdir/nds-modules:$libdir/apr:/$NDSHOME/opt/novell/$libfldr:/opt/novell/$libfldr:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH

LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/nds-modules:/opt/novell/xad/$libfldr/nds-modules:/opt/novell/xad/$libfldr:$default_prefix/lib/nds-modules/jre/lib/i386
export LD_LIBRARY_PATH


What is happening is the LD_LIBRARY_PATH is set by the ZENworks specific setting will be in effect and takes precedence.  This causes the path in ndsd to fail.