Error 500 accessing NetStorage after NSS install on OES linux

  • 3595588
  • 20-Sep-2006
  • 08-Nov-2012

Environment

Novell Open Enterprise Server (Linux based)
Novell Open Enterprise Server (OES)
Novell NetStorage

Situation

When NSS is installed on OES Linux, certain system users and groups are imported into LUM. (wwwrun, novlxregd, novlxsrvd, novlxtier) In a multi-server tree, the UID's and GID's may not be the same on each server resulting in incorrect ownership of the xtier directories.
The following error occurs in the /var/log/messages log file:
httpd2-worker: XSrvCChannel::connectSocket- Connection creation failed, error = 13
httpd2-worker: XSrvCChannel::init- Connection creation failed, error = 13
httpd2-worker: IPCCLNT -getCChannel- Channel Initialization failed for socket /var/opt/novell/xtier/xsrvd/srv-socket-3
httpd2-worker: IPCCLNT -SubmitReq- Channel unavailable
httpd2-worker: IPCCLNT -SubmitReq- Will attempt to retry RPC, count = 2

Resolution

Change these directory owners as follows:
chown -R novlxregd:novlxtier /var/opt/novell/xtier/xregd
chown -R novlxsrvd:novlxtier /var/opt/novell/xtier/xsrvd
Permissions should look like this:
drwxrwx--- 4 novlxregd novlxtier 216 Aug 2 14:24 .
drwxr-xr-x 14 root root 352 May 9 11:15 ..
drwxrwx--- 3 novlxregd novlxtier 104 Jun 27 12:52 xregd
drwxrwx--- 3 novlxsrvd novlxtier 1192 Jun 27 12:52 xsrvd
Now make sure the wwwrun user (Apache system user) is a member of the novlxtier group with the following command:
getent group | grep novlxtier
This should return the group name, GID and membership. ie. novlxtier:!:101:wwwrun
If the Apache system user (wwwrun) is not a member of the novlxtier group, Apache will not have rights to the xtier sockets and RPC calls to xtier from apache will fail.
Restart xtier and apache.
rcnovell-xregd restart
rcnovell-xsrvd restart
rcapache2 restart

Another possible cause could be that the user wwwrun is not (correct) member of all needed groups. In a correct situation you should see the following when doing a "id wwwrun"
uid=30(wwwrun) gid=8(www) groups=8(www),81(novlxtier)
When the problem is present, the group novlxtier is missing. Checking NDS shows that the in the membership of novlxtier the user wwwrun is a member. But when checking the user wwwrun, you will not see his membership to the group novlxtier. After adding the group to the user and restarting the server, the problem is solved.

Additional Information

Another possible issue that could occur is duplicate UID or GID's. If a user in LUM has the same UID as a user in the etc/passwd file or a LUM group has the same GID as a group in the etc/group file, file permissions may be affected. If this is the case, changing the UID/GID to an unused value in the passwd/group file will resolve the conflict. Be careful to use a unique ID and remember that when a user or groups ID changes, any file/directory ownerships will need to be changed via CHOWN to reflect the new value.