Can't login with Novell Client due to SLP problems

  • 7012387
  • 08-May-2013
  • 24-Nov-2015

Environment

Novell Client 2 SP3 for Windows 7
Novell Client 4.91 SP5 for Windows XP
OES 11 on Linux

Situation

Unable to login from Windows workstation.
Can't find the tree or server when clicking "Trees" or "Servers" buttons.
Error: "Tree or server not found".
Typing the server's IP address in the "Tree" or "Server" fields allows for successful login.

Resolution

General Notes:
SLP consists of three components:
  • User Agent (UA): This is the entity that needs to look up services (generally, the workstation).
  • Service Agent (SA): This is the entity that the UA wants to find (generally, a file server).
  • Directory Agent (DA): This is the entity that maintains a listing of the SAs.
To make a server a SA (By default a server is an SA. However, the following steps must be completed on each server in order to be registered on a DA):
1. Edit its /etc/slp.conf file
vi \etc\slp.conf

2. Uncomment the following line:
;net.slp.DAAddresses = myDa1,myDa2,myDa3
and replace myDa1, etc., with the IP addresses of your DAs (including the server where you are editing this file, if it is also a DA).

3. Restart SLP
rcslpd restart

To make a server a DA (Best practice is to have a DA on each LAN segment):
Note: In a multi subnetted environment you must have SLP configured with a DA.
1. Edit the server's /etc/slp.conf file
vi \etc\slp.conf

2. Uncomment the following line:
;net.slp.DAAddresses = myDa1,myDa2,myDa3
and replace myDa1, etc., with the IP addresses of your DAs (including the server where you are editing this file).

3. Uncomment the following line:
;net.slp.isDA = true

4. Restart SLP
rcslpd restart

The server is now a DA servicing the default scope.

To make a workstation a UA
Note: It is also possible to deliver the SLP configuration via DHCP (options 78 and  79).
By default, the Novell Client uses SLP to locate services without any configuration. It does this by multicasting to find a DA, then communicating with the first working DA that responds. However, you can force the Client to unicast directly to a DA of your choice by configuring the Client, as follows:

1. Open the Novell Client Properties and complete the configuration on the "Service Location" tab.
System Tray > Red N icon > Novell Client Properties > Service Location tab
2. Enter the IP address of the DA(s) in the "Directory Agent List" section
3. Enter the scope (if you are defining scopes) in the "Scope List" section (see Possible Cause #5, below)

The above steps comprise the basic setup of SLP. If SLP is not working properly after completing these steps, troubleshoot as follows:

Determine whether the SLP protocol on the workstation can "see" the tree or server:

On the workstation (at a command prompt):
slpinfo /a

The Tree you are trying to find should be listed under the section:
======== Trees ========

The server (SA) you are trying to find should be listed under the section:
======== Servers ========

The Directory Agent (DA) should be listed under the section
========Directory Agents ========

On the server: (in a console terminal session or via Putty), use slptool:
To display all the partitions, including the tree:
slptool findsrvs service:ndap.novell
To display all the servers:
slptool findsrvs service:bindery.novell
 
If the service you are looking for is not found:

Possible Cause 1: The SLP service is stopped or not working properly on the server

Restart SLP
rcslpd restart

If this does not resolve the problem:

Possible Cause 2: SLP is not properly configured on the server

Configure SLP on the OES server serving as a DA.
1. Edit the /etc/slp.conf file
vi \etc\slp.conf

Define the Directory Agents
2. Uncomment the following line:
;net.slp.DAAddresses = myDa1,myDa2,myDa3
and replace myDa1, etc., with the DAs (including the server where you are editing this file)

3. Uncomment the following line:
;net.slp.isDA = true

4. Restart SLP
rcslpd restart
 
If this does not resolve the problem:

Possible Cause 3: The SLES Firewall is blocking SLP traffic

Disable the firewall
rcSuSEfirewall2 stop
 
If this resolves the problem, instead of disabling the firewall entirely, you can fine-tune the firewall to pass UDP and TCP traffic on port 427.

If this does not resolve the problem:

Possible Cause 4: eDirectory is not registering services with SLP

Either A) Wait for eDirectory to register the services or B) Restart eDirectory to re-register the services immediately.

A) Wait for eDirectory to register the services
The default registration timeout for OES is 60 minutes. This timeout can be changed. For example, to make eDirectory register every 10 minutes instead of the default 60 minutes (the eDirectory registration default on NetWare was 10 minutes), execute the following command (a restart of the ndsd service is required for the change to become active):

ndsconfig set n4u.nds.advertise-life-time=600

Verify the setting by typing:

ndsconfig get | grep -i n4u.nds.advertise-life-time

Observe the RNRadvertise value to see when eDir will attempt to register its Bindery and NDAP services again.

iMonitor > Agent Activity > Background Processes Schedule
(https://<ipaddress>:8030/nds/activity/background)

See TID 7001449 for more information about the eDirectory one hour timer and how to adjust it to register in a shorter interval.  This TID also describes how to use iMonitor to watch eDirectory count down to the next registration of services.

B) Restart eDirectory to re-register the services immediately
Any users will be disconnected!
rcndsd restart

Note: DA backup and synchronization can be configured. If the DA has been designated as a backup server, the known services at the time of the last backup will be read from the backup file immediately upon the start/restart of the DA. The backup file can also be useful in troubleshooting SLP. If DA synchronization has been enabled, services will be synchronized between configured DAs. To enable DA backup and synchronization:

1. Edit the /etc/slp.conf file
vi \etc\slp.conf

2. Uncomment the following lines:
;net.slp.isDABackup = true
;net.slp.DASyncReg =true


3. Restart SLP
rcslpd restart

See TID 7001449 for more information about these options.

Possible Cause 5: SLP scopes are not correctly configured

A scope is always used in SLP name resolution. If no scope is specified, the "default" scope is used. The Novell Client will only find services which are advertised within the scope specified in the Client's SLP configuration. A Novell server will only advertise itself as being available within the scopes for which it is configured.

Novell Client Configuration:
Navigate to: System Tray > Red N > Novell Client Properties > Service Location tab > Scope List
If using a scope other than the default scope, enter it here.

Novell OES Server Configuration:
In a terminal session, edit the slp.conf file. For example:
vi /etc/slp.conf

Uncomment the line:
;net.slp.useScopes = myScope1,myScope2,myScope3
Edit this line to reflect the scopes for which this server is to be included. Ensure that there are no spaces between the scope names. i.e. "myScope1,myScope2" instead of "myScope1, myScope2".
Then restart SLP, using the command:
rcslpd restart

Possible Cause 6: Hosts file is mis-configured
Examine the /etc/hosts file. If present, remove the 127.0.0.2 line. See TID 7005104 or TID 7005394


Cause

Possible causes addressed in this TID:
1: The SLP service is stopped or not working properly on the server
2: SLP is not properly configured on the server
3: The SLES Firewall is blocking SLP traffic
4: eDirectory is not registering services with SLP
5: SLP scopes are not correctly configured
6: Hosts file is misconfigured

Additional Information

To further debug SLP, capture a LAN trace and/or enable SLP logging

Capture a LAN trace

To capture the LAN traffic associated with the startup/registration of SLP services on the OES server for analysis:

Start a LAN trace on the server, then restart SLP again.

tcpdump -i any -s 0 -w <filename.cap>

rcslpd restart
Press <CTRL><C> to stop the tcpdump

Transfer the LAN trace to a workstation

a) Run WinSCP on the Windows workstation
b) Email the trace using Linux command line:
mail -a <filename> <email_address>
)
<ctrl><d> to send.

Examine the trace using Wireshark or other protocol analyzer (Wireshark filter = "srvloc").

Enable SLP Logging

1. Edit the /etc/slp.conf file
vi \etc\slp.conf

2. Uncomment the following lines in the "Tracing and Logging" section:
;net.slp.traceDATraffic = true
;net.slptraceReg = true
;net.slp.traceDrop = true
;net.slp.traceMsg = true

Feedback service temporarily unavailable. For content questions or problems, please contact Support.