Perform these tasks to verify that eDirectory and DSfW have been installed and configured correctly. These tasks might require certain environment variable settings to be updated. You must either restart the OES server or logout of the OES server and login again to update the necessary environment variables.
NOTE:After you have installed a child domain or an additional domain controller, the DNS server running at forest root domain (or the DNS server you are pointing to in /etc/resolv.conf file) must be restarted. Execute the following command on the server hosting the OES DNS service:
systemctl-named restart
Check the /etc/hosts file to ensure that it contains only one entry with this server’s primary IP address. For example:
192.168.1.1 oesdc.dsfw.com oesdc
Check the /etc/resolv.conf file to ensure that it contains a name server and domain search entry for server on which DNS is hosted. For example:
nameserver 192.168.1.1 search dsfw.com
If you reconfigure the LAN settings using YaST, ensure that the loopback IP address. .(except 127.0.0.1) is not active in /etc/hosts.
Verify that eDirectory has been properly configured by using the following command:
/opt/novell/eDirectory/bin/ndsstat -h localhost
This command returns information similar to the following:
Tree Name: DSFW_TREE
Server Name:.CN=OESDC.OU=OESSystemObjects.dc=dsfw.dc=com.T=DSFW_TREE
Binary Version: 20217.06
Root Most Entry Depth: 0
Product Version: eDirectory for Linux v8.8 SP5 [DS]
Execute xadcntrl validate at the terminal prompt.
If the services are configured correctly, the result of the command will be similar to the following output:
frd:~ # xadcntrl validate Validating dependent services Checking for novell-xregd daemon running Checking for micasad daemon running Checking for service sshd running Checking for rsync daemon running Validating DSfW Checking for eDirectory Server running Checking for nameserver BIND running Checking for Name Service Cache Daemon running Checking for RPC Endpoint Mapper Service running Checking for Kerberos KDC Service running Checking for Kerberos Password Change Server running Checking for Domain Services Daemon running Checking for Samba NMB daemon running Checking for Samba WINBIND daemon running Checking for Samba SMB daemon running
Execute the following commands:
kinit administrator@domainname
KRB5CCNAME=/tmp/krb5cc_<UID> rpcclient -k <hostname> –c dsroledominfo
Entering KRB5CCNAME=/tmp/krb5cc_<UID> manually ensures that the rpcclient looks for the kerberos credential cache, which is required for the kerberos authentication, in the correct location.
<UID> is the UNIX user ID of the current user in the decimal format. For example, the UID for the root user is 0. The <hostname> is the system hostname and not IP address or localhost.
If your server is configured correctly, you should see information similar to the following:
Machine Role = [5]
Directory Service is running.
Domain is in native mode.