Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

DNS fails to start - CASA Credential Not found

This document (7006446) is provided subject to the disclaimer at the end of this document.

Environment

Novell Open Enterprise Server 11SP1
Novell Open Enterprise Server 2SP2
Novell Open Enterprise Server 2SP3
Domain Services for Windows
DSFW

Situation

xadcntrl validate show novell-named is not unused
DNS fails to start
novell-named fails to start

The /var/opt/novell/log/named/named.run shows the following:

28-Jun-2010 12:02:52.938 general: main: notice: starting BIND 9.3.2 -u named
28-Jun-2010 12:02:52.947 general: dns/message: error: Credential Not found
28-Jun-2010 12:02:52.947 general: dns/db: critical: CASA Error has occured, error:No credential is retrived from CASA
28-Jun-2010 12:02:52.947 general: dns/db: warning: Could not open the credential file
28-Jun-2010 12:02:52.947 general: dns/db: critical: No credential found in the file
28-Jun-2010 12:02:54.986 general: dns/db: critical: Failed to load RRs of a zone with error -109
28-Jun-2010 12:02:54.986 general: dns/hints: warning: Loading Root data from directory Failed
28-Jun-2010 12:02:54.988 general: server: info: loading configuration from '/etc/opt/novell/named/named.conf'
28-Jun-2010 12:02:54.988 config: isccfg/parser: error: none:0: open: /etc/opt/novell/named/named.conf: file not found
28-Jun-2010 12:02:54.997 general: server: critical: loading configuration: file not found
28-Jun-2010 12:02:54.997 general: server: critical: exiting (due to fatal error)

Resolution

CASA was selected to be used to store the credentials of the dns-proxy user.
The CASA keys for the dns-proxy are missing.
CASA is selected by default and is recommend since it is more secure than using the file option.

To create the CASA credentials install the CASAcli client.
Do a search in YaST or zypper for casa-cli.

From the terminal do the following casacli commands to list your keys and create the keys.
In the last KEYVALUE listed the "-k Password" is exactly what you enter.
Do not enter the actual password of the dns-proxy user as that was done at the beginning just after "KEYVALUE=".
For the <dns-proxyuser and context> put your fully qualified/distinguished dns-proxy user.  Do not include the <>.

EXAMPLE: If the proxy user is admin.novell put cn=admin,o=novell

Here are the relevant CASAcli commands:
CASAcli -l (this will list your current CASA keys)
CASAcli -h (this will give you help to delete/recreate keys)

To store the proxy user and context:
KEYVALUE=<your-dns-proxy-user and context - see the example above> CASAcli -s -n dns-ldap -k CN
KEYVALUE= cn=admin,o=novell CASAcli -s -n dns-ldap -k CN

To store that proxy users password in CASA:
KEYVALUE=<the proxy user's password> CASAcli -s -n dns-ldap -k Password
KEYVALUE= adminpassword CASAcli -s -n dns-ldap -k Password

Be sure novell-xregd is running before starting novell-named.
After creating or resetting the keys, try starting novell-named. 
Also might need to restart micasad (rcmicasad stop/start)

Additional Information

Download the novell_dns_casa_repair script from Novell Cool Solutions or dsfwdude.com to fix this issue.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.