NAM Admin Console Install issues on SLES 12 with NTP

  • 7016490
  • 12-May-2015
  • 12-May-2015


NetIQ Access Manager 4.1


Trying to install NAM on a vanilla SLES12 OS but hit a couple of problems, mostly related to time and NTP. The NAM Admin liked to keep the SLES servers in runlevel 3, which used to be easily set in /etc/inittab with earlier versions of SLES, but not anymore with SLES 12.
To set your runlevel map the file to the location via sym link.
ln -sf /usr/lib/systemd/system/ /etc/systemd/system/
The following documentation is good for this, and includes worthwhile information.

The install however would claim not to be able to talk to the NTP server we specified at install time. Using other clients, there were no issues with the NTP server, so it had to be client related in this case ie. SLES 12.


Update the AppArmor /usr/sbin/ntpd profile with logprof to allow read access to /run/nscd/group and write access to /var/lib/ntp/var/run/ntp/ Once the AppArmor ntpd policy has been saved, you can restart the NTP service.

Login as root on the command line and run:
# logprof
Reading log entries from /var/log/messages.
Updating AppArmor profiles in /etc/apparmor.d.
Enforce-mode changes:

Profile:  /usr/sbin/ntpd
Path:     /run/nscd/group
Mode:     r
Severity: unknown

 [1 - /run/nscd/group]

(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /run/nscd/group r to profile.

Profile:  /usr/sbin/ntpd
Path:     /var/lib/ntp/var/run/ntp/
Mode:     w
Severity: unknown

 [1 - /var/lib/ntp/var/run/ntp/]

(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /var/lib/ntp/var/run/ntp/ w to profile.

= Changed Local Profiles =

The following local profiles were changed.  Would you like to save them?

 [1 - /usr/sbin/ntpd]

(S)ave Changes / [(V)iew Changes] / Abo(r)t
Writing updated profile for /usr/sbin/ntpd.

# systemctl restart ntpd.service
# systemctl status ntpd.service