Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Enterprise directory

Anders Dilen
Occasional Visitor

Enterprise directory

Hallo
I am trying to configure cifs/samba on a alpha running 8,3 and use ldap for password backend. However it seems like the enterprise directory will not work correctly. Does any one have any suggestions what to do.
$> TY DKA0:[DXD$SERVERDXD$DSA_STARTUP_OUTPUT.LOG

$ Set NoOn
$ VERIFY = F$VERIFY(F$TRNLNM("SYLOGIN_VERIFY"))
3-APR-2008 09:03:26
(C) Copyright 1992-2007 Hewlett-Packard Development Company, L.P.
Version V5.6-3
Thu Apr 3 09:03:27 2008
2:bind_to_dsa_socket: FAILED to bind to DSA socket because no DECnet
2:NclDaemon: FAILED to bind to DSA socket

I am not using decnet but that should not be a problem.
7 REPLIES
Hoff
Honored Contributor

Re: Enterprise directory

There is a potentially similar condition that can arise elsewhere within the enterprise directory software package, and -- if this trigger is analogous to that trigger, and you have no DECnet in use here -- I may have a kernel-mode patch available.

I'm working on an article for the HoffmanLabs web site that is related to the Enterprise Directory case I've encountered, and it would be interesting to know if a similar underlying trigger (also) causes this case.

If you are interested in testing the patch, please contact me off-line. (User info at the domain below.)

Alternatively (or better?), ring up HP and let them look at it.

Stephen Hoffman
HoffmanLabs.com

JohnDite
Frequent Advisor

Re: Enterprise directory

Hej Anders,

have you checked whether the NCL DSA characteristic attribute LDAP Port has a value such as 389?

John

JohnDite
Frequent Advisor

Re: Enterprise directory

Sorry I should have mentioned this in first post.

You should have a utility called DXD$NCL that should basically give you the same info of the Enterprise Directory as you would have if you had DECnet installed.

Could you provide the output of the following commands:

NCL>show dsa all
NCL>show dsa naming context * all
NCL>show dsa subordinate reference * all

If the last two commands give you the
"no such object instance" result then you have not set up your namespace (=naming context in X.500 speak).

I don't know the details of CIFS but what pre-requisite actions have you carried out so far (ie. where can I find pointers to the relevant documents/steplist etc.)?
Anders Dilen
Occasional Visitor

Re: Enterprise directory

Hallo John

This is the out com of the commands.

I am following "HP Open VNS Common Internet File System Based on Samba" Installation and Configuration Guide.

regards Anders




sh dsa all

Node 0 DSA

Status

State = On
Entry Count = 1
Attribute Count = 23
Unique Value Count = 24
Entry Limit = 4294967295
DIT Memory Occupancy = 23352

Characteristics

Presentation Address = '"DSA"/"DSA"/"DSA"/RFC1006+secv84,RFC100
6'
AE Title = "/CN=SECV84"
LDAP Port = 389
SSL LDAP Port = 0
LDAP Security Protocol = SSLv23
SSL LDAP Security Protocol = SSLv23
SSL State = Off
LDAP Cipher Suites = ""
SSL LDAP Cipher Suites = ""
Version = V5.5.5
Accounting Facility = Off
Password = "**** Password Not Present ****"
Private Key Passphrase = "**** Passphrase Not Present ****"
Archived Update Log Number = 1
Volatile Modifications = False
Schema Check on Modify = True
Dereference Aliases on Modify = False
Prohibit Chaining = False
Prohibit DECnet Transport = False
Accounting Options =
{
}
DIT Check Interval = +0-12:00:00.000I0.000
DIT Check Window = +0-01:00:00.000I0.000
DIT Check Start Time = 1970-01-01-00:00:00.000-01:00Iinf
DIT Check Unscheduled Time = 1970-01-01-00:00:00.000-01:00Iinf
DIT Check Last Time = 2008-04-14-00:00:01.000-01:00Iinf
Accounting Rollover Interval = +0-12:00:00.000I0.000
Accounting Rollover Window = +0-01:00:00.000I0.000
Accounting Rollover Last Time = 2008-04-11-11:44:43.000-01:00Iinf
Accounting Rollover Unscheduled Time = 1970-01-01-00:00:00.000-01:00Iinf
Accounting Rollover Start Time = 1970-01-01-00:00:00.000-01:00Iinf
Time Limit = 0
Size Limit = 0
Idle Disconnect Timer = 300
LDAP Idle Disconnect Timer = 0
Writer Names =
{
}
Reader Names =
{
}
Trusted DSA Names =
{
}
Read Only Names =
{
}
Writer NSAPs =
{
}
Reader NSAPs =
{
}
Trusted DSA NSAPs =
{
}
Read Only NSAPs =
{
}

Counters

Creation Time = 2008-04-11-12:44:43.773-01:00Iinf
DUA Binds Accepted = 0
DUA Binds Rejected = 0
Read Operations = 5
Compare Operations = 16
Abandon Operations = 0
List Operations = 0
Search Operations = 46
Add Entry Operations = 2
Remove Entry Operations = 0
Modify Entry Operations = 1
Modify RDN Operations = 0
Chained Binds Accepted = 0
Chained Binds Rejected = 0
Chained Read Operations = 0
Chained Compare Operations = 0
Chained Abandon Operations = 0
Chained List Operations = 0
Chained Search Operations = 0
Chained Add Entry Operations = 0
Chained Remove Entry Operations = 0
Chained Modify Entry Operations = 0
Chained Modify RDN Operations = 0
Abandon Failures = 0
Attribute Errors = 1
Name Errors = 22
Referrals = 0
Security Errors = 0
Service Errors = 0
Update Errors = 0
Chained Operation Referrals = 0
Results = 46
Exhausted Resource = 0
Internal Errors = 0
Shadow Agreement Update Failures = 0
Shadow Agreement Updates Completed = 0
DOP Binds Accepted = 0
DOP Binds Rejected = 0
DISP Binds Accepted = 0
DISP Binds Rejected = 0
LDAP Binds Accepted = 13
LDAP Binds Rejected = 0
Authentication Failures = 0
Distributed Operation Failures = 0
Listen Failures = 0
Shadow Update Failures = 0
Shadow Updates Completed = 0
Changes of State = 4
Create Failures = 0
Accounting Start Failures = 0
Accounting File Access Failures = 0
Accounting Enabled = 0
Accounting Disabled = 0
Accounting File Rollover = 0
Accounting Records Discarded = 0
Communication Failures = 0

NCL> show dsa naming context * all
NCL> show dsa naming context * all
NCL> show dsa subordinate reference * all
NCL>
JohnDite
Frequent Advisor

Re: Enterprise directory

Hej Anders,

you seemed to have got over your initial problems because from the data you supplied one can see that the Directory is in state = ON, and one can also see that you have actually had LDAP connections:

LDAP Binds Accepted = 13

But from the entry count and the results from your other NCL commands one can see that you have seemingly not set up a naming context. [see Section 3.14 How to Configure LDAP HP OpenVMS Common Internet File System (CIFS) Based on Samba Installation and Configuration Guide].

Please do this section and report back your findings.

John
Anders Dilen
Occasional Visitor

Re: Enterprise directory

Hallo John
This is the outcome of the command

NCL> CREATE DSA NAMING CONTEXT "/SAMBADOMAIN=xxxxxxxx"

DSA database is not loaded

DSA is unwilling to perform
NCL>


What have i missed or don done wrong?
JohnDite
Frequent Advisor

Re: Enterprise directory

Hej Anders,

in your initial entry the DXD$DSA_STARTUP_OUTPUT.LOG pointed to the DSA Version V5.6-3.

In a more recent entry it showed that you were running Version V5.5.5.
(NCL> SHOW DSA VERSION)

Has there been a change ?

Now I'm not sure which is the oldest version that supports the Schema changes for CIFS (this is not noted in the CIFS manual). Maybe you can check in the Release Notes (SYS$HELP).

One should also be able to ascertain this by checking the Schema files:
$ dir dxd$directory:*.sc
(on the Node where the DSA is installed)

Is there a reference to SAMBADOMAIN ?

I assume you can create a Naming Context of the more traditional type eg:

NCL> create dsa naming context "/dc=test"
NCL> show dsa naming context "/dc=test"

Have you got the latest(?) copy of HP OpenVMS Enterprise Directory Management. If so what version / print date does it have? Maybe that will also have a few pointers.

I have had lots of experience with the DSA but in a DECnet environment. I also did the tests using LDAP ACME a few years ago. I'm still at DSA version 5.5.4 and have not had a chance to play around with CIFS to date.