Tools needed to troubleshoot a workstation joining DSfW Domain
This document (7009601) is provided subject to the disclaimer at the end of this document.
Open Enterprise Server 11 SP1 (OES11SP1)
Clear the workstation log if it exist- %windir%\debug\netsetup.log
Workstation IP AddressWorkstation NameDSfW IP AddressUser Name
Use tcpdump or wireshark to take a packet trace from the DSfW server. A packet trace from the workstation might also be neccessary.
tcpdump -n -v -i <interface> -s0 -w /<path>/<name_of_lan_trace>.cap
Press cntrl c to stop the trace.
To find the interface use ifconfig. It will show the interfaces the the ip addresses. Usually the interface is eth0 or eth1.
If there is only one IP address bound on the server another option is -i any. Using any will listen on all interfaces.
When using tcpdump between a server and workstation on the same network a filter can be helpful in filtering traffic.
In this example of using tcpdump the workstations IP is 192.168.100.200,
the servers interface is any and the output is written to/tmp/wk_join_dsfw.cap :
tcpdump -n -v -s0 -i any 'host 192.168.100.200' -w /tmp/wk_join_dsfw.cap
Follow TID 7009602 for the ldap trace for more information on taking LDAP/NMAS traces
Start by setting the screen level to "all" or to "Operation| Connection| Config| Extensions| Error| Critical| DataConnection"
If not use the ldapconfig -s command to set the screen level.
ldapconfig -s "ldap screen level=all" -a admin.novell
Then start ndstrace
ndstrace #brings up the ndstrace utility
set dstrace = nodebug #Clear the filter
dstrace NMAS LDAP TIME TAGS AUTH #Enable the LDAP, NMAS, TIME, TAGS, and AUTH.
Start with the filter options above. They will provide most of the information needed for LDAP and NMAS.
Other flags that might be helpful are VCLN, RSLV, DBG, CBUF, ABUF, RECM, and MISC.
set ndstrace = *r #Clear the log or rename the /var/opt/novell/eDirectory/log/ndstrace.log
ndstrace on #Start the logging and execute your command or task
set ndstrace = off #This will stop logging
quit #Exit ndstrace
You might want to increase the ndstrace.log file max size. The command to set the file max size is:
To configure ndstrace.log log rotation read TID 7010885
To enable smb debug open /etc/samba/smb.conf and at the end of the [global] section add log level =10 or from the terminal type smbcontrol smbd debug "10"
Restart of smbd or the other DSfW services is not needed.
A registry change is required to disable netlogon channel encryption. Change RequireSignOrSeal from 1 to 0.
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters REG_DWORD RequireSignOrSeal = 0 (Channel traffic need not be signed or sealed)
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7009601
- Creation Date:19-OCT-11
- Modified Date:31-JUL-14
- NovellOpen Enterprise Server
Did this document solve your problem? Provide Feedback