DNS fails to start - CASA Credential Not found

  • 7006446
  • 13-Jul-2010
  • 17-Jul-2018

Environment

Novell Open Enterprise Server 2015 SP1
Novell Open Enterprise Server 11 SP1
Novell Open Enterprise Server 2 SP2
Novell Open Enterprise Server 2 SP3
Domain Services for Windows
DSfW

Situation

Running "xadcntrl validate" shows novell-named as unused
Service "novell-named" (DNS server) fails to start

The /var/opt/novell/log/named/named.run shows the following:

28-Jun-2010 12:02:52.938 general: main: notice: starting BIND 9.3.2 -u named
28-Jun-2010 12:02:52.947 general: dns/message: error: Credential Not found
28-Jun-2010 12:02:52.947 general: dns/db: critical: CASA Error has occurred, error:No credential is retrieved from CASA
28-Jun-2010 12:02:52.947 general: dns/db: warning: Could not open the credential file
28-Jun-2010 12:02:52.947 general: dns/db: critical: No credential found in the file
28-Jun-2010 12:02:54.986 general: dns/db: critical: Failed to load RRs of a zone with error -109
28-Jun-2010 12:02:54.986 general: dns/hints: warning: Loading Root data from directory Failed
28-Jun-2010 12:02:54.988 general: server: info: loading configuration from '/etc/opt/novell/named/named.conf'
28-Jun-2010 12:02:54.988 config: isccfg/parser: error: none:0: open: /etc/opt/novell/named/named.conf: file not found
28-Jun-2010 12:02:54.997 general: server: critical: loading configuration: file not found
28-Jun-2010 12:02:54.997 general: server: critical: exiting (due to fatal error)

Resolution

  1. To create the missing CASA credentials, install the CASAcli client:
# zypper in casa-cli

  1. From the terminal do the following CASAcli commands to create the keys:
  • To store the proxy user and context:
# KEYVALUE=<your-dns-proxy-user's FQDN> CASAcli -s -n dns-ldap -k CN

Example:

# KEYVALUE=cn=OESCommonProxy,o=novell CASAcli -s -n dns-ldap -k CN

  • To store that proxy user's password in CASA:
# KEYVALUE=<proxy user's password> CASAcli -s -n dns-ldap -k Password

Example:

# KEYVALUE=abc123! CASAcli -s -n dns-ldap -k Password

  1. Verify that the "novell-xregd" service is running: rcnovell-xregd status
  1. Restart micasad: rcmicasad stop/start
  1. Start novell-named: rcnovell-named start

Cause

CASA was selected to be used to store the credentials of the dns-proxy user.
The CASA keys for the dns-proxy are missing.
CASA is selected by default and is recommend since it is more secure than using the file option.

Additional Information

Download the novell_dns_casa_repair script from Novell Cool Solutions or dsfwdude.com to fix this issue.