Environment
Novell Open Enterprise Server (Linux based)
Situation
Files and folders related to Linux User Management (LUM), which needs to be examined while troubleshooting LUM
Resolution
1. Configuration Files
1.1 /etc/nam.conf
2.1 /var/lib/novell-lum
3.1 /var/lib/novell-lum/nam.log
1.1 /etc/nam.conf
- NAMCD daemon configuration file
- Display NAMCD daemon configuration parameters: namconfig get
- Change parameters: namconfig set <Parameter=<Value> (Use the command "namconfig get" to find out syntax of all parameters)
- Find out more details about different parameters using this link
- Configuration file which SHOULD be examined if LUM was reconfigured with modifications to parameters like Preferred-LDAP-Server, Unix Config Object Context and Unix Workstation Object Context.
- Conflicts in values of above mentioned parameters w.r.to same in the file nam.conf, will causes issues like command "id <User_Name> or "getent group <Group_Name> not displaying details.
- Running YaST LUM configuration wizard renames the file to "lum1" and so on
- Modify different parameters using text editor like VI
- Unix Config Object Context: "base-name" in nam.conf and "CONFIG_LUM_PARTITION_ROOT" in lum
- Preferred-LDAP-Server: "preferred-server" in nam.conf and "CONFIG_LUM_LDAP_SERVER" in lum
- In an OES1 Linux server, the file corresponding to /etc/sysconfig/novell/lum is /etc/sysconfig/linuxUserMgmt
- Name Service Switch (NSS) database file which is used by a Linux system for authentication request redirection
- Default LUM installation and configuration adds the entry "nam" in this file
- The file can be manually modified and the entry "nam" can be added using editor like VI, if the entry is missing
- Check this file if the command id <User_Name> does not display details even though NAMCD daemon is running and all other configurations looks correct
- Find additional details about the file using this link
- An OES Linux server can be also configured as an LDAP client
- Configuring an OES Linux server as an LDAP client by pointing to a different LDAP server than the one defined for LUM can cause undesired results
- Either edit the file using the text editor like vi and correct the file or run the YaST module LDAP Client available under the section Network Services and select the option "Do not use LDAP"
2.1 /var/lib/novell-lum
- LUM by default do SSL authentication to the Preferred-LDAP-Server on port 636 (Secure LDAP)
- NAMCD daemon uses the server certificate present in this folder
- The server certificate will be present in the format ".<IP_Address_Of_The_Preferred_LDAP_Server.der>
- Display the current Preferred-LDAP-Server by the command: namconfig get | grep pref and then make sure that a server certificate for the Preferred-LDAP-Server is present in this folder
- Execute the command "namconfig -k " to import the server certificate if the Preferred-LDAP-Server is changed or if the SSL certificate of current Preferred-LDAP-Server is corrupt or expired
- Display the folder content by the command "ll" after switched to the folder using the command "cd /var/lib/novell-lum" and verify the time stamp (If the certificate was imported)
- Find additional details using this link
- In an OES1 Linux server the corresponding folder is /var/nam
- Linux-PAM configuration directory
- Find more details about the directory using this link
3.1 /var/lib/novell-lum/nam.log
- NAMCD daemon log file
- Display the file in real time by the command: tail -f /var/lib/novell-lum/nam.log
- Examine the file along with other log files during stop and restart of the NAMCD daemon
- An OES1 Linux server has the file in the folder /var/nam
- Log file with system boot events
- Analyze the file along with other log files if the NAMCD daemon fails to load during system boot
- Make sure that NAMCD daemon is set to start with system boot using the command: chkconfig namcd -l
- Set the NAMCD Daemon to start with system boot using the command: chkconfig namcd on
- Real-Time log file in a Linux system
- Events related to LUM will be written to this file rather than in to the nam.log once the NAMCD daemon is up and running
- During troubleshooting open a second shell prompt and display the real time events using the command: tail -f /var/log/messages
- Log file with information on how namconfig is called by the installation program
- Find more details about namconfig using this link