Service Fails To Start After Patching To OES 2 SP 3: Empty Proxy User Credentials

  • 7008568
  • 12-May-2011
  • 27-Apr-2012

Environment

Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Novell CIFS
Novell AFP

Situation

Previous to support pack (SP) 3, each service (such as AFP, CIFS, DHCP, DNS, and so on) each stored CASA credentials (with the default OES setup) in CASA stores.  Each service had its own proxy user.  SP 3 combined the users into a common proxy user for simplified management.
 
After patching to OES 2 SP 3 some services have failed to start, such as CIFS.  Upon further investigation of the log files the following errors (or similar) may be encountered:
 
CRITICAL: ENTRY: Empty Proxy User Credentials

Resolution

/opt/novell/proxymgmt/bin provides a set of scripts that allows the administrator to manipulate the proxy user. To resolve this issue utilize the move_to_common_proxy.sh script. This script will create a brand new user and move the existing credentials of other services over to the new common proxy user.
 
1. cd /opt/novell/proxymgmt/bin
 
2. ./move_to_common_proxy.sh
 
Usage: move_to_common_proxy.sh [options]
-h Prints this summary
-d LDAP Admin FDN
-w LDAP Admin Password
-i LDAP Server IP address
-p LDAP Port
-s Service Name (Multiple service names should be separated by comma.'all' should be used to move all the services)
Valid Services: novell-cifs,novell-dns,novell-dhcp,novell-iFolder,novell-netstorage,novell-lum ,novell-ncs and 'all'
 
3. ./move_to_common_proxy.sh -d cn=admin,o=novell -w 'SomeSecret' -i 10.0.20.189 -p 636 -s all
NOTE:  To prevent the history from recording the above statement, start the command with a space.  There is currently no options, as with LDAP, to pass a -W and be prompted for the admin's password.
 
4. After executing a modified version of step #3 above, the admin will be prompted for a Common Proxy Username and password to create:
Common Proxy user not exists.Create a new proxy user.
Enter common proxy user name (eg:cn=OESCommonProxy_<hostname>,o=novell)
eg: cn=GlobalProxyUser_myhost,o=novell
After entering the password (only prompted once for the password), the script will attempt to move over all configured services. It may take up to a minute or two to complete.
 
After the script has completed the move, attempt to start the service. It should no longer fail due to the error specified toward the beginning of this document.