Environment
NetIQ Access Manager 4.1
SLES 12 OS
SLES 12 OS
Situation
Trying to install NAM on a vanilla SLES12 OS but hit a couple of problems, mostly related to time and NTP. The NAM Admin liked to keep the SLES servers in runlevel 3, which used to be easily set in /etc/inittab with earlier versions of SLES, but not anymore with SLES 12.
To set your runlevel map the runlevel3.target file to the default.target location via sym link.
ln -sf /usr/lib/systemd/system/runlevel3.target /etc/systemd/system/default.target
The following documentation is good for this, and includes worthwhile information.
https://www.suse.com/documentation/sles-12/book_sle_admin/data/sec_boot_systemd_boot.
The install however would claim not to be able to talk to the NTP server we specified at install time. Using other clients, there were no issues with the NTP server, so it had to be client related in this case ie. SLES 12.
The install however would claim not to be able to talk to the NTP server we specified at install time. Using other clients, there were no issues with the NTP server, so it had to be client related in this case ie. SLES 12.
Resolution
Update the AppArmor /usr/sbin/ntpd profile with
logprof to allow read access to /run/nscd/group and write access to
/var/lib/ntp/var/run/ntp/ntpd.pid. Once the AppArmor ntpd policy has
been saved, you can restart the NTP service.
Login as root on the command line and run:
Login as root on the command line and run:
# logprof
Reading log entries from /var/log/messages.
Updating AppArmor profiles in /etc/apparmor.d.
Enforce-mode changes:
Profile: /usr/sbin/ntpd
Path: /run/nscd/group
Mode: r
Severity: unknown
[1 - /run/nscd/group]
(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /run/nscd/group r to profile.
Profile: /usr/sbin/ntpd
Path: /var/lib/ntp/var/run/ntp/ntpd.pid
Mode: w
Severity: unknown
[1 - /var/lib/ntp/var/run/ntp/ntpd.pid]
(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /var/lib/ntp/var/run/ntp/ntpd.pid w to profile.
= Changed Local Profiles =
The following local profiles were changed. Would you like to save them?
[1 - /usr/sbin/ntpd]
(S)ave Changes / [(V)iew Changes] / Abo(r)t
Writing updated profile for /usr/sbin/ntpd.
# systemctl restart ntpd.service
# systemctl status ntpd.service