Home

Results 1 to 4 of 4

Thread: Adding additional DC

Threaded View

  1. #1
    Join Date
    Jul 2009
    Posts
    27

    Adding additional DC

    Hi Folks,

    I'm running into a roadblock while trying to setup an additional domain controller for my DSfW domain. I have tried both SLES 10 SP4 with OES2 SP3 and SLES 11 SP1 with OES11. Both hang in the same spot: Configuring and starting eDirectory (at 43%). Only two objects are created in my directory: the server object, and the server-PS object.

    The DSfW domain seems to be working as it should (I've posted some info on that below). I can join workstations to it and have no trouble authenticating or accessing resources. The various eDir health checks don't show any obvious issues either.

    The y2log doesn't show much, though there is a warning. These are the last few lines:

    2011-12-29 09:33:07 <3> dsfw(6760) [bash] ShellCommand.cc(shellcommand):78 WARNING: Unable to check the duplicate server context
    dsfw2.ou=OESSystemObjects.o=dsfw.MY-TREE.
    2011-12-29 09:33:07 <3> dsfw2(6760) [bash] ShellCommand.cc(shellcommand):78 Configuring the NDAP interfaces... Done
    2011-12-29 09:33:07 <3> dsfw2(6760) [bash] ShellCommand.cc(shellcommand):78 Configuring the HTTP interfaces... Done
    2011-12-29 09:33:07 <3> dsfw2(6760) [bash] ShellCommand.cc(shellcommand):78 Configuring the LDAP interfaces... Done
    2011-12-29 09:33:12 <3> dsfw2(6760) [bash] ShellCommand.cc(shellcommand):78 Starting the service 'ndsd'... Done.
    2011-12-29 09:33:14 <3> dsfw2(6760) [bash] ShellCommand.cc(shellcommand):78 Done

    I did find these errors:

    This while sniffing packets:
    5489.147431 192.168.0.201 -> 192.168.0.188 NDS C NDS Resolve Name -> \MY-TREE\ou=OESSystemObjects.o=myorg\dsfw2
    5489.147618 192.168.0.188 -> 192.168.0.201 NDS R (-610) Illegal DS Name

    And this while doing an LDAP trace:
    Cannot resolve NDS name 'T=MY-TREE' in ResolveAndAuthNDSName, err = no such entry (-601)

    Info:
    On the original DSfW server:

    /opt/novell/eDirectory/bin/ndsstat -h localhost
    Tree Name: MY-TREE
    Server Name: .CN=dsfw1.OU=OESSystemObjects.O=myorg.T=MY-TREE.
    Binary Version: 20605.00
    Root Most Entry Depth: 1
    Product Version: eDirectory for Linux i586 v8.8 SP6 [DS]

    xadcntrl validate
    Tree Name: MY-TREE
    Server Name: .CN=dsfw1.OU=OESSystemObjects.O=myorg.T=MY-TREE.
    Binary Version: 20605.00
    Root Most Entry Depth: 1
    Product Version: eDirectory for Linux i586 v8.8 SP6 [DS]

    Checking for nameserver BIND
    number of zones: 9
    debug level: 0
    xfers running: 0
    xfers deferred: 0
    soa queries in progress: 0
    query logging is OFF
    recursive clients: 0/1000
    tcp clients: 0/100
    server is up and running
    zone details are dumped at /var/opt/novell/log/named/named_zones.info
    running
    Checking for Name Service Cache Daemon: running
    Checking for RPC Endpoint Mapper Service running
    Checking for Kerberos KDC Service running
    Checking for Kerberos Password Change Server running
    Checking for Domain Services Daemon running
    Checking for Samba NMB daemon running
    Checking for Samba WINBIND daemon running
    Checking for Samba SMB daemon running
    Checking for service sshd running
    Checking for rsync daemon: running

    Also:

    kinit administrator@mydomain.org
    Password for administrator@mydomain.org:
    thebert@dsfw1:~> rpcclient -k localhost -c dsroledominfo
    Machine Role = [5]
    Directory Service is running.
    Domain is in native mode.

    nslookup mydomain.org
    Server: 192.168.0.188
    Address: 192.168.0.188#53

    Name: mydomain.org
    Address: 192.168.0.188

    dig -t SRV _ldap._tcp.pdc._msdcs.mydomain.org +short
    0 100 389 dsfw1.mydomain.org.

    Please let me know if I should post any additional info.

    Thanks,
    Tom
    Last edited by thebert0; 29-Dec-2011 at 04:50 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •