CIFS service was running but won't start after reboot.

  • 7016426
  • 15-Apr-2015
  • 15-Apr-2015

Environment

Novell Open Enterprise Server 11 (OES 11) Linux

Situation

After restarting CIFS, it was identifed that CIFS was no longer running.  In checking the cifs log entries, the following messages were seen:

Apr 15 06:53:24 svr02 CIFS: EVENT: ENTRY: ********** CIFS server started ************
Apr 15 06:53:24 svr02 CIFS: EVENT: ENTRY: Max file descriptors set to 600000
Apr 15 06:53:24 svr02 CIFS[32718]: WARNING: ENTRY: Auditing interface not initialized.
Apr 15 06:53:24 svr02 CIFS[32718]: WARNING: RPC: requestNumber: fadebad1 events: 3ff domainpath /tmp/.ncp2cifs
Apr 15 06:53:24 svr02 CIFS[32718]: ERROR: CODIR: Trustee file handle is not setup for volume  1
Apr 15 06:53:32 svr02 CIFS[32718]: ERROR: ENTRY: DDCLogin() failed Error: -222
Apr 15 06:53:41 svr02 CIFS[32718]: ERROR: ENTRY: DDCLogin() failed Error: -222
Apr 15 06:53:51 svr02 CIFS[32718]: ERROR: ENTRY: DDCLogin() failed Error: -222
Apr 15 06:54:01 svr02 CIFS[32718]: ERROR: ENTRY: DDCLogin() failed Error: -222
Apr 15 06:54:10 svr02 CIFS[32718]: ERROR: ENTRY: DDCLogin() failed Error: -222
Apr 15 06:54:20 svr02 CIFS[32718]: ERROR: ENTRY: DDCLogin() failed Error: -222
Apr 15 06:54:20 svr02 CIFS[32718]: ERROR: ENTRY: CIFSNDSResolveName failed with error = -222
Apr 15 06:54:20 svr02 CIFS[32718]: ERROR: ENTRY: Bad password for CIFS Proxy user. ErrCode: -222
Apr 15 06:54:20 svr02 CIFS[32718]: EVENT: RPC: SHUTDOWN: IPCListener thread exited
Apr 15 06:54:20 svr02 CIFS[32718]: EVENT: CODIR: SHUTDOWN: ScanBasicDirectoryEvent threads exited
Apr 15 06:54:20 svr02 CIFS[32718]: EVENT: CODIR: SHUTDOWN: AsyncTrusteeWorkEvent threads exited
Apr 15 06:54:21 svr02 CIFS[32718]: EVENT: CODIR: SHUTDOWN: dirCacheMaintenanceEvent thread exited
Apr 15 06:54:21 svr02 CIFS[32718]: EVENT: CODIR: Removing volume "_ADMIN" (ID: 1) and it's file objects from cache


Additionally, in looking at the /var/opt/novell/log/proxymgmt/pxy_mgmt.log file, the following messages were seen:

Wed Apr 15 00:00:01 CDT 2015: [Status] Starting Change Password Task
[Status] ENTRY =========>>> cn=OESCommonProxy_svr02,ou=SERVERS,o=MYORG
[Status] Current user is common proxy user
Executing command: /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password
Retrieving the current common proxy password from CASA returned: 0
Verifying ndslogin with the existing common proxy credentials.
Ldapsearch command to be executed to verify the common proxy credentials is /opt/novell/eDirectory/bin/ldapsearch -E -b  -s base -D cn=cn=OESCommonProxy_svr02,ou=SERVERS,o=MYORG -w -h 127.0.0.1 -p 636
Ldapsearch command executed to verify the common proxy credentials returned: 0
NDS login successful. Calling change_pwd script to change the password in eDirectory
Executing command: /opt/novell/proxymgmt/bin/change_pwd.sh cn=OESCommonProxy_svr02,ou=SERVERS,o=MYORG 127.0.0.1 636
ldapmodify command going to be executed is /opt/novell/eDirectory/bin/ldapmodify -E -f /tmp/change_pwd.ldif -D cn=OESCommonProxy_svr02,ou=SERVERS,o=MYORG -w -h 127.0.0.1 -p 636
ldap_bind: Invalid credentials
    additional info: NDS error: bad password (-222)

Resolution

The passwords in CASA & eDirectory need to be the same, the easiest way to do this is to:
  1. Have an eDirectory admin manually change the password of proxy user (in eDirectory) to a known password.
  2. login as 'root' on the linux server and update common proxy password in CASA.
    • first, document the common proxy object in ldap notation (i.e. cn=OESCommonProxy_svr02,ou=SERVERS,o=MYORG)
    • next, document or know the password the eDir admin assigned to the common proxy.
    • finally, run /opt/novell/proxymgmt/bin/cp_update_proxy_cred.sh using the id & password from above.
  3. Run /opt/novell/proxymgmt/bin/change_proxy_pwd.sh -A yes.
    This will automatically change the common proxy password in eDirectory, as well as update the credentials of all services (on the system) using common proxy.

Cause

CIFS was configured to use the OESCommonProxy id for proxying purposes.  The password stored in the eDirectory object did not match the password stored in CASA on the local server.  Hence the -222 errors.