Novell DNS CASA Repair Tool is a bash script to check and repair if necessary the Novell DNS CASA credentials.
Repair Novell DNS CASA Credentials
Novell DNS fails to start.
The /var/opt/novell/log/named/named.run shows the following:
19-Nov-2013 12:02:52.938 general: main: notice: starting BIND 9.3.2 -u named 19-Nov-2013 12:02:52.947 general: dns/message: error: Credential Not found 19-Nov-2013 12:02:52.947 general: dns/db: critical: CASA Error has occured, error:No credential is retrived from CASA 19-Nov-2013 12:02:52.947 general: dns/db: warning: Could not open the credential file 19-Nov-2013 12:02:52.947 general: dns/db: critical: No credential found in the file 19-Nov-2013 12:02:54.986 general: dns/db: critical: Failed to load RRs of a zone with error -109 19-Nov-2013 12:02:54.986 general: dns/hints: warning: Loading Root data from directory Failed 19-Nov-2013 12:02:54.988 general: server: info: loading configuration from '/etc/opt/novell/named/named.conf' 19-Nov-2013 12:02:54.988 config: isccfg/parser: error: none:0: open: /etc/opt/novell/named/named.conf: file not found 19-Nov-2013 12:02:54.997 general: server: critical: loading configuration: file not found 19-Nov-2013 12:02:54.997 general: server: critical: exiting (due to fatal error)
The reason for the start up failure is the credentials for the proxy user Novell DNS is using are incorrect.
Either the password is incorrect or the CASA keys are missing altogether.
TID 7006446 describes the process to create the CASA credentials for Novell DNS.
This script will do the steps listed and more.
The script must be ran as root.
It is designed for OES11SP1 and OES11SP2 server, but should work with other versions of OES.
The script Determines if novell-dns is installed and set to start or not.
The script will:
- Determine if DNS Proxy user listed in proxy_users.conf is the same as in the sysconfig file
- Determine if CASA is set to store the proxy user’s credentials or if the credentials are stored in a file
- Display the DNS Proxy User listed in the proxy_users.conf
- Determine if proxy user is the OES Common Proxy User or a user defined proxy user
- If the proxy user is the OES Common Proxy User then retrieve the username and password
- If the proxy user is not the OES Common Proxy User then it will display the proxy user and prompt for the user’s password
- Check for the existence of the common-proxy-casa keys and if credential are in CASA
- Check for the existence of the dns-ldap keys and if credential are in CASA
- It will verify that the DNS Proxy User is correct by attempting a ndslogin
- If the DNS Proxy User’s password is correct the following message will be returned:
“CASA User and Password keys for dns-ldap MATCH common-proxy-casa, no action needed
Novell DNS is running”
- If not the message will be
“Do you want to fix casa credentials for the DNS Proxy User?”
- Selecting yes will attempt to fix the CASA credentials, no will exit.
- After fixing the credentials, Novell DNS will be restarted and the log checked for errors.
- If the credentials are correct and the DNS Proxy User can login, but DNS fails to start it will grep for the errors and list some possible TIDs to help resolve the issue with Novell DNS failing to start.
Common named errors seen in the named.run are:
“critical: Failed to load RRs of a zone with error -1 TID 7000177”
“critical: Failed to load RRs of rootserver zone with error -10 TID 7012947”
“critical: Failed to load RRs of a zone with error -109 TID 7006446”
“critical: Failed to load RRs of a zone with error 34826 TID 7007793”
Download the script to the Novell DNS server
Make the script executable using the command chmod +x
Untar the script using the command: tar -xzvf novell_dns_casa_repair.tgz
Copy the script the ~/bin/ to run the script with out the full path other wise either ./novell_dns_casa_repair.sh or enter the full path to the script.
Example of fixing the CASA Credentials:
The DNS Proxy User is cn=OESCommonProxy_dns-beta,ou=OESSystemObjects,o=novell
Checking for common-proxy-casa credentials
CASA User and Password keys for common-proxy-casa credentials are set
Checking for dns-ldap credentials
Do you want to fix casa credentials for the DNS Proxy User? (y/n): y
The dns-ldap CASA Credentials have been set
Key: Password (********)
Key: CN (********)
Shutting down name server BIND waiting for novell-named to shu(28s) done
Starting name server BIND done
No errors reported after restart of novell-named