8.1 Troubleshooting Linux User Management

The following sections provide information about troubleshooting Linux User Management:

8.1.1 Updating OES 2 SP3 Base Platform to SLES 10 SP4 Requires LUM Reconfiguration for sshd to Work

If the OES 2 SP3 base platform is updated to SLES 10 SP4, the /etc/pam.d/sshd file is overwritten. This will cause ssh logins for LUM users to fail. Therefore, you must ensure that after you update to SLES 10 SP4 you reconfigure LUM.To reconfigure LUM, follow the steps given below:

  1. Open YaST.

  2. Click Open Enterprise Server > OES Install and Configuration.

  3. On the Software selection page, select Novell Linux User Management (LUM) and click Accept. The status of the Linux User Management is displayed as Reconfigure is Disabled.

  4. To reconfigure LUM, click disabled to change the status to enabled.

  5. Click the Linux User Management heading link and enter the admin password to access the configuration dialog box.

  6. Continue with Step 4 to complete the reconfiguration of LUM.

8.1.2 LUM Users and Groups Are Not Displayed in the Permissions Tab of the File Browser

Newly created LUM users and groups are not displayed immediately in the Permissions tab of the file browser. This is because namcd, the Linux User Management caching daemon, has persistent search disabled by default. If you add any user or group, the file browser does not display the newly added users or groups until the next cache refresh period, which is by default set to 8 hours.

To display the newly created LUM users and groups in the file browser, refresh the LUM cache by running the following command:

namconfig cache_refresh

NOTE:You can enable or disable persistent search by setting the persistent-search parameter in the /etc/nam.conf file.

8.1.3 The Restrict access to the home directory of other users Option During LUM Configuration Does not Work

During LUM configuration, if you select the Restrict access to the home directory of other users check box , the umask value in /etc/login.defs is changed to 077. This setting is only used by the local useradd tool and not the namuseradd utility.

8.1.4 Linux User Management Returns an Invalid UID and GID for Users and Groups

Linux User Management returns an invalid UID and GID for user and groups because of an incorrect schema mapping in LDAP Group Object.

To resolve this problem:

  1. Log in to iManager.

  2. In Roles and Tasks, click LDAP > LDAP Options.

  3. Click the Attribute Map tab.

  4. Change the mapping of the UID (eDirectory attribute) to UniqueID (LDAP attribute).

  5. Change the mapping of the UID NDS attribute to the UniqueID LDAP attribute.

    Remove any mapping for LDAP attribute uidNumber and gidNumber.

  6. Click Apply to save the changes.

  7. Click OK to exit.

8.1.5 namconfig Fails

When Linux User Management is configured on a workstation, the base name is specified in the nam.conf file. If Linux User Management is reconfigured with a new partition root without removing the existing configuration, the namconfig command fails with an error indicating Specified partition root and Partition root in the NDS configuration files doesn't match.

To resolve this issue, delete nam.conf and rerun namconfig.

8.1.6 namcd Indicates That a Certificate Is Not Found

When you start Linux User Management, in some scenarios namcd displays an error indicating that a certificate is not found.

Linux User Management requires a server certificate to do SSL authentication to the LDAP server. A server certificate file for SSL authentication must be present in the /var/lib/novell-lum/.preferred_server-name.filetype directory where .preferred_server-name.filetype is the certificate file of the preferred server. If this file is deleted or is corrupt, import it by using namconfig -k.

8.1.7 Duplication of UIDs and GIDs

In a name-mapped Domain Services for Windows (DSfW) tree, if the tree is already enabled for Linux User Management and the UNIX Config object is placed in a custom location other than the admin user context, YaST might not be able to find the UNIX

Config object. When this happens, it adds a new UNIX Config object under ou=novell, $domain, which causes duplication of UIDs and GIDs.

To avoid this, change the range of the UIDs and GIDs in one of the UNIX config objects in the tree.

8.1.8 A User Cannot Log In

  • If it takes more than 60 seconds to log in, the login utility times out. This is a limitation of Linux operating systems.

8.1.9 Password Expiration Information for the User Is Not Available

The pam_nam account management module should always be stacked only after the pam_nam authentication module. If it is stacked directly after any other module, the behavior of pam_nam might be unpredictable. You might not be able to extract the user's password and account expiration, or other authentication details.

8.1.10 ID Command Not Giving the Desired Results

If the ID command or the getent command is not displaying the desired result, one of the reasons might be that the entries are cached by nscd (name service caching daemon).

If you have changed the /etc/nsswitch.conf file, the /etc/passwd file, or the /etc/group file stop and restart nscd by using the following commands.

/etc/init.d/nscd stop
/etc/init.d/nscd start

8.1.11 namcd Not Coming Up after a System Reboot

If Linux User Management is configured against eDirectory in the same system, and the system is rebooted, namcd tries to bind to the LDAP server while the system is coming up. If the LDAP server (eDirectory) takes more than one minute to come up, namcd tries to contact the alternative LDAP servers, if any.

If replica servers do not exist or do not respond, namcd does not come up and must be restarted manually. This is also applicable for scenarios where eDirectory and namcd are started simultaneously or within a very short time.

The LDAP server startup status is logged into the ndsd.log file in the server’s var directory.

8.1.12 Log Files for Linux User Management

See the /var/lib/novell-lum/nam.log file for more details on the functioning of the corresponding components.

See the /var/log/YaST/y2log file for information on how namconfig is called by the installation program.

See the /var/log/messages file for runtime log information.

8.1.13 Missing Mandatory Attribute Error When Adding a User to a Linux User Management Group

If you are installing OES into an existing NDS8 tree and the new OES server doesn't contain an eDirectory replica, you might get a Missing Mandatory Attribute error when enabling an existing user for Linux User Management existing user in iManager.

In most cases you can modify the user at the command line by using the nameusermod command. If the command line utility doesn't work, you need to add a replica to the server. For more information, see Adding Replicas in the Managing Partitions and Replicas section of the Novell eDirectory 8.8 Administration Guide.

8.1.14 SUSE Linux Enterprise Desktops Configured as UNIX Workstation Objects

Although computers running SUSE Linux Enterprise Desktop 10 can be configured as Workstation objects, their Linux User Management services might not appear when viewed in iManager. The services do not appear because the software infrastructure required for server management (OpenWBEM) is not automatically installed as part of SUSE Linux Enterprise Desktop.