Troubleshooting Linux User Management ( LUM )

Installed LUM on several servers, and it is not working.

This document uses Novell iManager to browse the tree and verify that objects are Present. You can browse the tree in Novell iManager by selecting the View Objects button at the top of iManager. You can modify (or view the objects properties) by right clicking on the object and selecting Modify Object.

When you want to go back to Roles and Tasks view, for Linux User Managment, select the button just to the left. If you do not have the Linux User Management option in iManager, it will be necessary to get the plugin from https://download.novell.com by searching on the product Linux User Management. Then install it into iManager.

1. Verify the Unix Workstation object exists for the Linux Server. It should be at the same context where the Server object resides, with the name Unix Workstation - Server Name. Verify that it has at least the admingroup in it's membership list.

2. In Novell iManager verify the Unix Config object exisits in the tree. This location is specified during install but is typically uner the organization object. Verify that Linux Workstation Contexts, lists the context(s) where your Unix Workstation object(s) reside. If the context of the Linux Workstation Contexts does not specify the corret Unix Workstation object location for your Unix Workstations, you can modify this under the General tab and Editing the uamPosixWorkstationContexts attribute.

3. Go the the admingroup object specified in step1, and view its membership. It should at least show the user object you installed LUM with as a member of that group. If it does not, then LUM enable the user, or if it gives an error that it is already LUM enabled, then just add the user as a member of the admingroup.

4. On the Linux server edit the /etc/nam.conf file. Verify the admin-fdn, specifies an admin user in eDirectory (in ldap format). Verify that the preferred-server is an LDAP server, holding a replica of where the admin user specified exists in the tree, is working and running. You should test this using an authenticated login with an ldapbrowser, such as browser282, available off the web. If you cannot, then you can point the server to another ldap server by changing the IP address information for the preferred-server.

5. Restart namcd with "rcnamcd restart". Once it restarts, if there are no errors, type "id admin" (or the user that was a member of the admingroup above)(NOTE: The username IS case sensative. This should return uid=600(admin) gid=600(admingroup) groups=600(admingroup),8(www). You should then be able to login as admin.

If id admin does not return the above information, or if the namcd did not start up properly, look at the var/log/messages file for information. (tail /var/log/messages) A proper startup of namcd should list the following in the /var/log/messages file.

A common error you may see in the messages file is the following.

dstrace ERROR: 08:50:10 966C2400 LDAP: (192.168.108.27:51691)(0x0000:0x00) TLS accept
failure 5 on connection 0xa29f02a0, setting err = ‑5875. Error stack:
08:50:10 966C2400 LDAP: (192.168.108.27:51691)(0x0000:0x00) TLS handshake
failed on connection 0xa29f02a0, err = ‑5875

This is a problem with the certificates on the linux box. You can typically fix this by re-copying the certificates local. This can be done with the following command "namconfig -k". You will then need to restart namcd (rcnamcd restart) and check the messages file file for a successful startup.

Once the startup is correct and you can do an id admin, seeing the above information, then try logging in as that admin user. You should be able to.

6. To lum enable users you to this through Linux User Management. You can Lum enable individual users or groups of users. To LUM enable a Group and the users in that group automatically, you currently need to be launching iManager from your OES box, have the Linux User Managment plugin version 2.0.120050824 installed and select " Linux-enable all users in these Groups " while you LUM enable the group. (FYI: The Linux User Managment plugin version 2.0.120050824 is available with OES, and is not currently available for direct download)