Environment
Novell Open Enterprise Server 2 (OES 2)
Novell Open Enterprise Server (Linux based)
Novell Open Enterprise Server (Linux based)
Situation
This TID contains troubleshooting steps for common miggui migration
issues.
Resolution
Miggui is a data and service GUI migration utility introduced in OES2 SP1.
Section 1: Prerequisites
Section 2: Supported Services
Section 3: Source and Target OS support / Supported file
systems
Section 4: Logs
Section 5: Miggui CLI tools
Section 6: Authentication issues
Section 7: Data Migration issues
Section 8: Service Migration issues
Section 9: Transfer ID issues
Section 9: Transfer ID issues
Section 1: Prerequisites
Review and fix any issues in KB 7001767, "Troubleshooting data migrations with migfiles from NetWare 6.5 to OES 2 Linux": https://support.microfocus.com/kb/doc.php?id=7001767&sliceId=1&docTypeID=DT_TID_1_1&dialogID=51371089&stateId=0%200%2051369286Section 2: Supported Services
The migration tool supports these service migrations:AFP, CIFS, DHCP, File System, FTP, iFolder, iPrint, NTP, Archive Version, and server Identity Migration.
Section 3: Source and Target OS support / Supported file systems.
Sources supported:NetWare: 5.1 SP8, 6.0 SP5, 6.5 SP6 or later
Linux: OES 1, OES 2
Windows: NT, 2000 and 2K3
Target supported:
OES2 SP1
File Systems:
Target: NSS, NCP and POSIX
NetWare Source: Traditional, NSS
OES2 Source: NSS, NCP and POSIX
OES1 Source: NSS, NCP
Section 4: Logs
Miggui project debug logs are available at the user specified project directory. The default project location is /var/opt/novell/migration/<PROJECT NAME>/log/. Please review these logs when there are errors or failures. The failing CLI command seen in the debug.log can often be executed manually from a terminal shell with additional debug enabled. For example, if the failure was on a migfiles command it could be executed manually from a bash shell with an additional --debug switch. It is best practice to review the man page and help screen information of the failing CLI command to determine what additional debug options are available and where it writes the log file by default.Section 5: Miggui CLI tools
Any of the migfiles command line troubleshooting steps are applicable because miggui is a GUI wrapper for CLI tools like the migfiles utility.CLI tools used by miggui:
- mls
Lists files with associated trustees
and rights, directory and user quotas from the NetWare or OES 1/2
Linux source server. mls output is used as input
for both maprights& maptrustees.
The mls utility in
turn, uses the SMS nbackup utility to get this
information. It uses ldapsearch to get mount
point details of source OES 1.0 Linux and OES 2.0 Linux
volumes.
- maptrustees
It takes the output of mls as its
input and use OpenLDAP command “ldapsearch†to get the eDir
attribute information of the user which are trustees on the file
system. It outputs the users and their properties. The output can
be modified to achieve greater control on the
migration.
- migtrustees
Takes as input the output of
maptrustees and uses OpenLDAP commands “ldapadd†and “ldapmodify†to create the
users on the destination tree.
- migmatchup
Uses input from mls to produce
a mapping of users and groups from the source server to those on
the destination server. It uses 'ldapsearch' to retrieve the
user and group data from the source and destination LDAP
server.
- migfiles
Uses SMS tool “nbackup†to migrate data
from source servers to the destination. If the source is a Windows
workstation, it mounts the shared volume to /tmp/migrate and then uses
Linux command “rsyncâ€
to copy the data.
- maprights
Takes the output of mls as its input and maps
the source file system rights to destination file system
rights.
- migrights
Takes the output of maprights as it
input and uses NCP command “ncpcon†to set the trustee
rights if the destination is NSS, or NCP on POSIX volumes. It use
Linux commands “chmod†and “chown†to change the rights
if the destination is POSIX.
- ntfsmls
Uses SAMBA commands “smbcacls†and “smbcquotas†to get user
rights and quotas under a given Windows share path.
- ntuserls
Uses SAMBA command “smbclient†to lists all the
users and groups from Windows Active Directory Domain.
- ntfsmap
Takes the output of ntuserls as its
input and use OpenLDAP commands to map the Windows NTFS rights and
ACLs to OES NSS, NCP or POSIX rights and permissions.
- migcred
Used to persist credentials for the
migration utilities.
- mignotify
Takes the output of maptrustees as its input
and sends e-mail notifications to the migrated users.
Man pages are available for manual CLI usage.
Section 6: Authentication issues
- The shipping version of miggui has a bug that causes failures if the server name entered, while authenticating to the source, is a different case from the entry in the /etc/hosts file. Use the same case as seen in the hosts file.
- Login via IP address if troubleshooting DNS related issues.
- nldap.nlm should be loaded on a source NetWare server. Ldap should be configured correctly and listening on ports 389 or 636.
- The path on the target server must be correct.
Run this command from a terminal
shell to validate the path:
echo $PATH [ENTER]
echo $PATH [ENTER]
Confirm the following entries exist
in the path on the target server where miggui will be loaded:
/opt/novell/eDirectory/sbin:/opt/novell/eDirectory/bin:/opt/novell/migration/sbin
The entries can be appended to the
existing path if they don't exist by running this command from a
terminal shell:
(Note: Command case is
relevant. It is possible to destroy the current path if this
command is not executed properly.)
echo PATH=$PATH:/opt/novell/eDirectory/sbin:/opt/novell/eDirectory/bin:/opt/novell/migration/sbin
echo PATH=$PATH:/opt/novell/eDirectory/sbin:/opt/novell/eDirectory/bin:/opt/novell/migration/sbin
- Authentication may fail if there are incorrect entries in the/etc/pam.d/tsafs file.
- Verify the novell-sms package to see if there have been changes to this file:
rpm -V novell-sms
- The Certificate Authority (CA) must be up and running and certificates must be valid and not expired.
- Review KB 7003251, "Miggui fails to authenticate to the target
Linux OES server":
https://support.microfocus.com/kb/doc.php?id=7003251&sliceId=1&docTypeID=DT_TID_1_1&dialogID=87156225&stateId=0%200%2087154351
Section 7: Data Migration issues
Review and fix any issues in KB 7001767, "Troubleshooting data migrations with migfiles from NetWare 6.5 to OES 2 Linux": https://support.microfocus.com/kb/doc.php?id=7001767&sliceId=1&docTypeID=DT_TID_1_1&dialogID=51371089&stateId=0%200%2051369286There is a bug in the shipping version of novell-ncpserv code that prevents visibility of source NSS volumes in miggui that are larger than 1 terabyte in size. Update to the current novell-ncpserv code from the update channel.
The current patch code in the update channel must be used to be able to properly see cluster enabled volumes and migrate data from Cluster source servers.
OES1 iFolder data migration:
OES 1 source data on native Linux partitions can not be migrated with miggui. Miggui only recognizes NSS and NCP volumes on OES1 source servers. If IFolder data resides on native Linux partitions on OES 1 servers, either create an NCP mount point where the data resides and then use miggui, or manually migrate the data directly from the native linux partition with the migfiles CLI. Ncpcon can be used to create NCP volumes.
Here is an example of how to migrate OES 1 ifolder data on native Linux partitions to OES2 with migfiles:
migfiles --debug -s<source IP> -iPX /source/path -px /target/path
miggui and migfiles will fail in nbackup code if smszapi is not loaded on OES1 and zapi is not loaded on OES2.
Use lsmod to confirm these modules are loaded in the kernel.
Section 8: Service Migration issues
ndsimon.nlm is required if migrating NetWare eDir / serverid to OES2 Linux. Confirm this NLM is loaded on the source NetWare server.During the process of the eDirectory PreCheck, it will give errors regarding the admingroup object not being found or the unix workstation object not being found if there is not sufficient rights for the LDAP anonymous bind it does to the local target box. Make sure that Public account has the default rights needed to search the eDirectory Tree. If Public's rights have been limited, make sure to use a LDAP proxy user on the target server's LDAP group object, that has sufficient rights to browse the tree.
If using a SSL connection does not work, make sure that the default certificates on the Target server are not expired. If they are expired, you can use iManager to repair the default certificates for all servers with expired certificates.
Section 9: Transfer ID issues
Review KB 7000347,"Migration fails with error, "secure copy from NetWare failed rc=35327":https://support.microfocus.com/kb/doc.php?id=7000347&sliceId=1&docTypeID=DT_TID_1_1&dialogID=92389696&stateId=1%200%2054094418