Dear all

Sorry for this post, I know its an oldie, unfortunately its also a goodie that I'm not getting past despite the TID mountain.

The error is: "File Protocol error occurred: cannot open the NCS version file on the selected cluster. The Cluster software may not currently be running on this server."

Ok - now for the list of things that have been checked:
pam.d settings from numerous tids - none of these have had any effect.
LUM - working ok for all users.

id admin
returns values and doing it the other way to find the users also shows admin with the same uid and gid. No admin in local passwd files.

owcimomd debug and iManager debug show an "authentication failure"

iManager debug parts:

11/06/08 [13:31:07.901] AuthenticatorServl..176 >>>102-------------------------------------------------------------------------
11/06/08 [13:31:07.901] AuthenticatorServl..731 /nps/servlet/frameservice
?ncsClusterName=EDUDATA.Education.Kings_Lynn.Norfo lk_College
&nextState=CfgSelectServer
&nssAction=
&nssCleanup=
&nssConnect=true
&nssLastAction=
&nssPoolName=
&nssServerName=
&nssViewName=
&objectName=EDUDATA.Education.Kings_Lynn.Norfolk_C ollege
&selectedObjs=
&sortCfgColumn=
&sortCfgDirection=
&taskId=ncs.Configuration
11/06/08 [13:31:07.902] Task................444 Starting task 'ncs.Configuration':
11/06/08 [13:31:07.945] NSSClient.............-1 NSSClient.getServerIPAddress() - IP Address = 172.16.0.133
11/06/08 [13:31:07.948] VirtualFile...........-1 Trying CIM/XML protocol
11/06/08 [13:31:14.363] NSSAdminPluginClie....-1 NSSAdminPluginClient constructor - CIM Exception: CIM_ERR_ACCESS_DENIED
11/06/08 [13:31:14.363] VirtualFile...........-1 Exception caught trying CIMOM protocol: 30602
11/06/08 [13:31:14.363] NSSServer.............-1 *** NSSServer - NSSClientException caught in GetFile(Novell/Cluster/NCS.xml):com.novell.nss.pluginClient.NSSClientExce ption
11/06/08 [13:31:14.364] NCSMainMgmt........1261 Caught an exception in NCSMainMgmt::execute
11/06/08 [13:31:14.364] NCSMainMgmt........1262 java.lang.Exception: File Protocol error occurred: cannot open the NCS version file on the selected cluster. The Cluster software may not currently be running on this server.
at com.novell.ncs.gadgets.NCSMgmt.NCSCfgMgmt.buildMai nPageXML(NCSCfgMgmt.java:142)
etc etc

owcimomd debug relevant parts seem to be below:

[135909[46982688141696] Received connection on 172.16.0.133:5989 from 172.16.0.133:60493
2032] HTTPServer::authenticate: processing Basic
[1359092032] NovellAuthenticator: Didn't get cache entry for user Admin. Doing PAM authentication
[1350699328] Polling Manager: No work after 1 sec. I'm not waiting any longer
[1342306624] HTTPServer: No work after 1 sec. I'm not waiting any longer
[1090525504] Polling Manager: Thread 0 is finished. Cleaning up it's remains.
[1090525504] Polling Manager: Work has been added to the queue
[1090525504] Polling Manager: About to start a new thread
[1090525504] Polling Manager: New thread started
[1350699328] Polling Manager: A thread got some work to do
[46982688141696] Received connection on /tmp/OW@LCL@APIIPC_72859_Xq47Bf_P9r761-5_J-7_Q from /tmp/OW@LCL@APIIPC_72859_Xq47Bf_P9r761-5_J-7_Q
[46982688141696] HTTPServer: Thread 1 is finished. Cleaning up it's remains.
[46982688141696] HTTPServer: Work has been added to the queue
[46982688141696] HTTPServer: About to start a new thread
[46982688141696] HTTPServer: New thread started
[1342306624] HTTPServer: A thread got some work to do
[1350699328] Polling Manager: No work after 1 sec. I'm not waiting any longer
[1359092032] HTTPServer::authenticate: failed:
[1342306624] HTTPServer::authenticate: processing OWLocal
[1342306624] HTTPServer::authenticate: authentication failed for: root
[46982688141696] Received connection on /tmp/OW@LCL@APIIPC_72859_Xq47Bf_P9r761-5_J-7_Q from /tmp/OW@LCL@APIIPC_72859_Xq47Bf_P9r761-5_J-7_Q
[46982688141696] HTTPServer: Work has been added to the queue
[1359092032] HTTPServer: A thread got some work to do
[1359092032] HTTPServer::authenticate: processing OWLocal
[1359092032] HTTPServer::authenticate: authenticated root


An LDAP trace shows an authentication failure.

New TLS connection 0x8276b40 from 172.16.1.221:52818, monitor = 0xeb5dcba0, index = 2
Monitor 0xeb5dcba0 initiating TLS handshake on connection 0x8276b40
(172.16.1.221:52818)(0x0000:0x00) DoTLSHandshake on connection 0x8276b40
BIO ctrl called with unknown cmd 7
(172.16.1.221:52818)(0x0000:0x00) Completed TLS handshake on connection 0x8276b40
(172.16.1.221:52818)(0x0001:0x60) DoBind on connection 0x8276b40
(172.16.1.221:52818)(0x0001:0x60) Bind name:cn=Admin,o=Norfolk_College, version:3, authentication:simple
(172.16.1.221:52818)(0x0001:0x60) Failed to authenticate full context on connection 0x8276b40, err = failed authentication (-669)
(172.16.1.221:52818)(0x0001:0x60) Sending operation result 49:"":"NDS error: failed authentication (-669)" to connection 0x8276b40
(172.16.1.221:52818)(0x0002:0x63) Implied anonymous bind by operation 0x2:0x63 on connection 0x8276b40
(172.16.1.221:52818)(0x0002:0x63) DoSearch on connection 0x8276b40
(172.16.1.221:52818)(0x0002:0x63) Search request:
base: "cn=Admin,o=Norfolk_College"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=*)"
attribute: "uamPosixSalt"
(172.16.1.221:52818)(0x0002:0x63) Sending search result entry "cn=Admin,o=Norfolk_College" to connection 0x8276b40
(172.16.1.221:52818)(0x0002:0x63) Sending operation result 0:"":"" to connection 0x8276b40
(172.16.1.221:52818)(0x0003:0x6e) DoCompare on connection 0x8276b40
(172.16.1.221:52818)(0x0003:0x6e) compare: dn (cn=Admin,o=Norfolk_College) attr (userPassword)
(172.16.1.221:52818)(0x0003:0x6e) Sending operation result 5:"":"" to connection 0x8276b40
(172.16.1.221:52818)(0x0004:0x42) DoUnbind on connection 0x8276b40
Monitor 0xeb5dcba0 found connection 0x8276b40 ending TLS session
Connection 0x8276b40 closed


The same username and password connects fine to iManager in the first instance and only fails when using the Cluster plugin. In fact, other pam enabled service like ssh work ok as well - it just seems to be openwbem based requests that fail.

Looking at it I'd be looking at the pam authentication plugin being used or the config for openwbem but I don't seem to be getting very far with it. Has anyone any ideas?

Thanks