Environment
Products
Novell Open Enterprise Server 2 (OES 2)
McAfee LinuxShield
Configuration Information
LinuxShield is configured to run on-access scanning of files and folders
Novell Open Enterprise Server 2 (OES 2)
McAfee LinuxShield
Configuration Information
LinuxShield is configured to run on-access scanning of files and folders
Situation
Symptoms
Unable to access NCP Volume after cluster resource is migrated.
When migrating cluster resource to another cluster node the NCP volume is no longer successfully mounted.
After migration of cluster resource, NCP volume is not shown in output of the ncpcon volumes command.
Cluster load script does contain the NCP mount line e.g.exit_on_error ncpcon mount=254
Unable to access NCP Volume after cluster resource is migrated.
When migrating cluster resource to another cluster node the NCP volume is no longer successfully mounted.
After migration of cluster resource, NCP volume is not shown in output of the ncpcon volumes command.
Cluster load script does contain the NCP mount line e.g.exit_on_error ncpcon mount
Resolution
McAfee Linuxshield requires that certain rights are set on the root
of the NSS volume mount point.
As per Mcafee LinuxShield documentation : "You need to provide administrative privileges to the "nails” user, every time a new NSS volume is created."
An example command to add these required rights:
As per Mcafee LinuxShield documentation : "You need to provide administrative privileges to the "nails” user, every time a new NSS volume is created."
An example command to add these required rights:
rights -f
/media/nss/ -r s trustee
nails..
Additional Information
The cause the ncp volume not successfully mounting is that
LinuxShield is preventing the system from accessing the volume
trustee file .
If ncpserv logging is set to debug the following entry is observed:
[i 2008-01-25 11:25:05] AddVolumeToDirCache Mounting volume/media/nss/XXXXX - flags: 1
[! 2008-01-25 11:25:05] AddVolumeToDirCache opening volume trustee filefailed rc=13
[i 2008-01-25 11:25:05] ChangeVolumeStatus volume XXXXX not mounteddircache rc=-5
[D 2008-01-25 11:25:05] MountClusterVolume: XXXXX nss cluster mountFINISHED OK
If ncpserv logging is set to debug the following entry is observed:
[i 2008-01-25 11:25:05] AddVolumeToDirCache Mounting volume/media/nss/XXXXX - flags: 1
[! 2008-01-25 11:25:05] AddVolumeToDirCache opening volume trustee filefailed rc=13
[i 2008-01-25 11:25:05] ChangeVolumeStatus volume XXXXX not mounteddircache rc=-5
[D 2008-01-25 11:25:05] MountClusterVolume: XXXXX nss cluster mountFINISHED OK