Wikis - Page

Novell DNS CASA Repair Tool

0 Likes
Novell DNS CASA Repair Tool is a bash script to check and repair if necessary the Novell DNS CASA credentials.

Overview:
Repair Novell DNS CASA Credentials

Symptom:
Novell DNS fails to start.
The /var/opt/novell/log/named/named.run shows the following:
19-Nov-2013 12:02:52.938 general: main: notice: starting BIND 9.3.2 -u named
19-Nov-2013 12:02:52.947 general: dns/message: error: Credential Not found
19-Nov-2013 12:02:52.947 general: dns/db: critical: CASA Error has occured, error:No credential is retrived from CASA
19-Nov-2013 12:02:52.947 general: dns/db: warning: Could not open the credential file
19-Nov-2013 12:02:52.947 general: dns/db: critical: No credential found in the file
19-Nov-2013 12:02:54.986 general: dns/db: critical: Failed to load RRs of a zone with error -109
19-Nov-2013 12:02:54.986 general: dns/hints: warning: Loading Root data from directory Failed
19-Nov-2013 12:02:54.988 general: server: info: loading configuration from '/etc/opt/novell/named/named.conf'
19-Nov-2013 12:02:54.988 config: isccfg/parser: error: none:0: open: /etc/opt/novell/named/named.conf: file not found
19-Nov-2013 12:02:54.997 general: server: critical: loading configuration: file not found
19-Nov-2013 12:02:54.997 general: server: critical: exiting (due to fatal error)

The reason for the start up failure is the credentials for the proxy user Novell DNS is using are incorrect.

Either the password is incorrect or the CASA keys are missing altogether.

Details:
TID 7006446 describes the process to create the CASA credentials for Novell DNS.

This script will do the steps listed and more.

The script must be ran as root.
It is designed for OES11SP1 and OES11SP2 server, but should work with other versions of OES.

The script Determines if novell-dns is installed and set to start or not.

The script will:

  • Determine if DNS Proxy user listed in proxy_users.conf is the same as in the sysconfig file

  • Determine if CASA is set to store the proxy user's credentials or if the credentials are stored in a file

  • Display the DNS Proxy User listed in the proxy_users.conf

  • Determine if proxy user is the OES Common Proxy User or a user defined proxy user

  • If the proxy user is the OES Common Proxy User then retrieve the username and password

  • If the proxy user is not the OES Common Proxy User then it will display the proxy user and prompt for the user's password

  • Check for the existence of the common-proxy-casa keys and if credential are in CASA

  • Check for the existence of the dns-ldap keys and if credential are in CASA

  • It will verify that the DNS Proxy User is correct by attempting a ndslogin

  • If the DNS Proxy User's password is correct the following message will be returned:
    "CASA User and Password keys for dns-ldap MATCH common-proxy-casa, no action needed
    Novell DNS is running"

  • If not the message will be
    "Do you want to fix casa credentials for the DNS Proxy User?"

  • Selecting yes will attempt to fix the CASA credentials, no will exit.

  • After fixing the credentials, Novell DNS will be restarted and the log checked for errors.

  • If the credentials are correct and the DNS Proxy User can login, but DNS fails to start it will grep for the errors and list some possible TIDs to help resolve the issue with Novell DNS failing to start.


Common named errors seen in the named.run are:
"critical: Failed to load RRs of a zone with error -1 TID 7000177"
"critical: Failed to load RRs of rootserver zone with error -10 TID 7012947"
"critical: Failed to load RRs of a zone with error -109 TID 7006446"
"critical: Failed to load RRs of a zone with error 34826 TID 7007793"

Install:
Download the script to the Novell DNS server
Make the script executable using the command chmod x

USAGE:
Untar the script using the command: tar -xzvf novell_dns_casa_repair.tgz
Copy the script the ~/bin/ to run the script with out the full path other wise either ./novell_dns_casa_repair.sh or enter the full path to the script.

Example of fixing the CASA Credentials:

The DNS Proxy User is cn=OESCommonProxy_dns-beta,ou=OESSystemObjects,o=novell

Checking for common-proxy-casa credentials
CASA User and Password keys for common-proxy-casa credentials are set

Checking for dns-ldap credentials
Do you want to fix casa credentials for the DNS Proxy User? (y/n): y

The dns-ldap CASA Credentials have been set

Getting dns-ldap

Name: dns-ldap
Key: Password (********)
Key: CN (********)

Shutting down name server BIND waiting for novell-named to shu(28s) done
Starting name server BIND done
No errors reported after restart of novell-named

Labels:

Collateral
How To-Best Practice
Comment List
Related
Recommended