SNMP subagent fails to load when EBA is enabled

  • 7023315
  • 30-Aug-2018
  • 02-Jan-2019

Environment

eDirectory 9.x

Situation

On a server where EBA (Enhanced Background Authentication) is enabled, the snmp agent fails to load. 

The error occurs after entering the command to load it (/etc/init.d/ndssnmpsa start) and providing the credentials. The error returned depends on the value defined for the SERVER parameter in ndssnmp.cfg. 

If the value specified in the SERVER parameter is the IP address of the server or its hostname, the error is:
Unable to login as admin.sa.system.  Error code : -708
Initialization failure. Error code : -255

If the value is "SERVER localhost", then it returns:
Unable to login as admin.sa.system.  Error code : -669
Initialization failure. Error code : -255

Resolution

The problem has been reported to engineering.

A simple workaround is to disable EBA, but this is not recommended as a long term solution.

Another workaround is to disable fips on the server with this command:
ndsconfig set n4u.server.fips_tls=0

It is necessary to restart the ndsd process for this to take effect. For this option to work, the SERVER parameter must point to the server's hostname or IP address. The SERVER parameter is located in the ndssnmp.cfg file, which is normally found in the /etc/opt/novell/eDirectory/conf/ndssnmp directory. By default it is set to 'localhost', but it should be changed to either the IP address or hostname of the server.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.