Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

DNS fails to start - CASA Credential Not found

This document (7006446) is provided subject to the disclaimer at the end of this document.

Environment

Novell Open Enterprise Server 2015 SP1
Novell Open Enterprise Server 11 SP1
Novell Open Enterprise Server 2 SP2
Novell Open Enterprise Server 2 SP3
Domain Services for Windows
DSfW

Situation

Running "xadcntrl validate" shows novell-named as unused
Service "novell-named" (DNS server) fails to start

The /var/opt/novell/log/named/named.run shows the following:

28-Jun-2010 12:02:52.938 general: main: notice: starting BIND 9.3.2 -u named
28-Jun-2010 12:02:52.947 general: dns/message: error: Credential Not found
28-Jun-2010 12:02:52.947 general: dns/db: critical: CASA Error has occurred, error:No credential is retrieved from CASA
28-Jun-2010 12:02:52.947 general: dns/db: warning: Could not open the credential file
28-Jun-2010 12:02:52.947 general: dns/db: critical: No credential found in the file
28-Jun-2010 12:02:54.986 general: dns/db: critical: Failed to load RRs of a zone with error -109
28-Jun-2010 12:02:54.986 general: dns/hints: warning: Loading Root data from directory Failed
28-Jun-2010 12:02:54.988 general: server: info: loading configuration from '/etc/opt/novell/named/named.conf'
28-Jun-2010 12:02:54.988 config: isccfg/parser: error: none:0: open: /etc/opt/novell/named/named.conf: file not found
28-Jun-2010 12:02:54.997 general: server: critical: loading configuration: file not found
28-Jun-2010 12:02:54.997 general: server: critical: exiting (due to fatal error)

Resolution

  1. To create the missing CASA credentials, install the CASAcli client:
# zypper in casa-cli

  1. From the terminal do the following CASAcli commands to create the keys:
  • To store the proxy user and context:
# KEYVALUE=<your-dns-proxy-user's FQDN> CASAcli -s -n dns-ldap -k CN

Example:

# KEYVALUE=cn=OESCommonProxy,o=novell CASAcli -s -n dns-ldap -k CN

  • To store that proxy user's password in CASA:
# KEYVALUE=<proxy user's password> CASAcli -s -n dns-ldap -k Password

Example:

# KEYVALUE=abc123! CASAcli -s -n dns-ldap -k Password

  1. Verify that the "novell-xregd" service is running: rcnovell-xregd status
  1. Restart micasad: rcmicasad stop/start
  1. Start novell-named: rcnovell-named start

Cause

CASA was selected to be used to store the credentials of the dns-proxy user.
The CASA keys for the dns-proxy are missing.
CASA is selected by default and is recommend since it is more secure than using the file option.

Additional Information

Download the novell_dns_casa_repair script from Novell Cool Solutions or dsfwdude.com to fix this issue.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7006446
  • Creation Date:13-JUL-10
  • Modified Date:17-JUL-18
    • NovellOpen Enterprise Server
    • NetIQeDirectory

Did this document solve your problem? Provide Feedback