Environment
Novell Open Enterprise Server (Linux based)
Situation
When visiting the NetStorage tool for drive mappings, the following issues appear :
- NetStorage does not authenticate, but responds with an "Error 500" page
- Other web tools successfully authenticate (e.g. iManager)
- In the apache error log, the present error reads :
[Wed Jul 26 21:25:17 2006] [crit] [client 192.168.0.229] configuration error: couldn't check user. No user file?: /oneNet/NetStorage, referer: https://85.37.17.247/NetStorage/contentframe.html
- Owner permissions of /var/opt/novell/xtier/xregd do not belong to novlxregd .
- In the /var/log/messages file the error is present after trying to start novell-xregd :
Jul 26 21:08:16 jlewis-test novell-xregd[4504]: XTRegEng -RegInitialize- Open database failure, error = 81052101
Jul 26 21:08:16 jlewis-test novell-xregd[4504]: XRegD -InitDbObjHolders- Exception caught instantiating DbObjHolder
Jul 26 21:08:16 jlewis-test novell-xregd[4504]: XTRegEng -RegInitialize- Open database failure, error = 00000000
Resolution
- Change to the /var/opt/novell/xtier directory ("cd /var/opt/novell/xtier").
- Ensure that LUM contains the novlxregd user by running :
jlewis-test:/var/opt/novell/xtier/xregd/db # namuserlist novlxregd
novlxregd:x:100:101:Novell XRegD System User:/var/opt/novell/xtier/xregd:/bin/false
Rebuild the NSS ID's if necessary (running the nssid.sh utility - if a "command not found" error is received, try running the script using the full path : "/opt/novell/nss/bin/nssid.sh").
- Change the ownership of the xregd directory :
chown -R novlxregd xregd
- Start the novell-xregd process ("/etc/init.d/novell-xregd start").
- Stop the novell-xsrvd process ("/etc/init.d/novell-xsrvd stop").
- Start the novell-xsrvd process again ("/etc/init.d/novell-xsrvd start").
NOTE: Due to Apache version changes on OES2018, it may be necessary to modify some of the directives being uses to get apache to work with NetStorage, see here: http://httpd.apache.org/docs/2.4/upgrading.html for more information
Cause
Other causes of the same error could be:
A) The SSL private key file used by Apache (see SSLCertificateKeyFile directive in Apache2 configuration (by default in /etc/apache2/vhosts.d/vhost-ssl.conf) does not have the correct RSA format. It should start with the line "-----BEGIN RSA PRIVATE KEY-----", followed by the RSA private key itself and end with the line "-----END RSA PRIVATE KEY-----". To convert a private key file to proper RSA format, you can use 'openssl rsa -in input_file -out output_file'. For example, if the file /etc/ssl/servercerts/serverkey.pem is referenced by the directive SSLCertificateKeyFile in the Apache2 configuration, but is not of proper RSA format, you can convert it to proper RSA format per...:
# openssl rsa -in /etc/ssl/servercerts/serverkey.pem -out /etc/ssl/servercerts/serverkey-new.pem
...and change the SSLCertificateKeyFile directive in the Apache2 configuration to refer to /etc/ssl/servercerts/serverkey-new.pem instead.
B) Apache2 is secured with NSS (see https://www.suse.com/documentation/sles11/book_sle_admin/data/sec_apache2_nss.html) instead of SSL (see https://www.suse.com/documentation/sles11/book_sle_admin/data/sec_apache2_ssl.html).
NetStorage does not support Apache2 NSS security configuration. It only supports SSL security configuration. Please change your Apache2 configuration from NSS security to SSL security to take out this cause.
Additional Information
There are two processes required for xTier authentication, novell-xsrvd and novell-xregd. These can be checked for operation by running :
Ownerships from the /var/opt/novell/xtier directory:
jlewis-test:~ # ps awx | grep reg
jlewis-test:~ # ps awx | grep srv
If the processes are present, there will be responses back after each one, similar to :
28927 ? S 0:00 /opt/novell/xtier/bin/novell-xsrvd -dThen, attempt at restarting the missing service :
28928 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28929 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28930 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28937 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28956 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28968 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28978 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28987 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
28998 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
29007 ? Sl 0:00 /opt/novell/xtier/bin/novell-xsrvd -d
/etc/init.d/novell-xregd startIt will state that the package successfully started. This is not always the case. Check again for the xregd processes and the xsrvd processes. If they exist, NetStorage should be authenticating. If not, immediately tail /var/log/messages to check the error.
Ownerships from the /var/opt/novell/xtier directory:
oes2-linux:/var/opt/novell/xtier # ls -la
total 1
drwxrwx--- 4 novlxregd novlxtier 352 Feb 17 14:22 .
drwxr-xr-x 15 root root 384 Jan 29 13:45 ..
drwxrwx--- 3 novlxregd novlxtier 104 Feb 18 15:47 xregd
drwxrwx--- 3 novlxsrvd novlxtier 1192 Feb 18 15:47 xsrvd
...
Change Log
23 February 2010 - Nefi Munoz - Corrected "Ownerships from the /var/opt/novell/xtier directory" in "Additional Information" section