10.1 Verifying the Installation

Perform these tasks to verify that eDirectory and DSfW have been installed and configured correctly. These tasks might require certain environment variable settings to be updated. You must either restart the OES server or logout of the OES server and login again to update the necessary environment variables.

NOTE:After you have installed a child domain or an additional domain controller, the DNS server running at forest root domain (or the DNS server you are pointing to in /etc/resolv.conf file) must be restarted. Execute the following command on the server hosting the OES DNS service:

systemctl-named restart

  • Check the /etc/hosts file to ensure that it contains only one entry with this server’s primary IP address. For example:

    192.168.1.1 oesdc.dsfw.com oesdc

  • Check the /etc/resolv.conf file to ensure that it contains a name server and domain search entry for server on which DNS is hosted. For example:

    nameserver 192.168.1.1
    search dsfw.com
  • If you reconfigure the LAN settings using YaST, ensure that the loopback IP address. .(except 127.0.0.1) is not active in /etc/hosts.

  • Verify that eDirectory has been properly configured by using the following command:

    /opt/novell/eDirectory/bin/ndsstat -h localhost

    This command returns information similar to the following:

    Tree Name: DSFW_TREE 
    Server Name:.CN=OESDC.OU=OESSystemObjects.dc=dsfw.dc=com.T=DSFW_TREE
    Binary Version: 20217.06
    Root Most Entry Depth: 0 
    Product Version: eDirectory for Linux v8.8 SP5 [DS]
  • Execute xadcntrl validate at the terminal prompt.

    If the services are configured correctly, the result of the command will be similar to the following output:

    frd:~ # xadcntrl validate
    Validating dependent services
    Checking for novell-xregd daemon                                      running
    Checking for micasad daemon                                           running
    Checking for service sshd                                             running
    Checking for rsync daemon                                             running
    
    Validating DSfW                                                                     
    Checking for eDirectory Server                                        running
    Checking for nameserver BIND                                          running
    Checking for Name Service Cache Daemon                                running
    Checking for RPC Endpoint Mapper Service                              running
    Checking for Kerberos KDC Service                                     running
    Checking for Kerberos Password Change Server                          running
    Checking for Domain Services Daemon                                   running
    Checking for Samba NMB daemon                                         running
    Checking for Samba WINBIND daemon                                     running
    Checking for Samba SMB daemon                                         running
  • Execute the following commands:

    kinit administrator@domainname

    KRB5CCNAME=/tmp/krb5cc_<UID> rpcclient -k <hostname> –c dsroledominfo

    Entering KRB5CCNAME=/tmp/krb5cc_<UID> manually ensures that the rpcclient looks for the kerberos credential cache, which is required for the kerberos authentication, in the correct location.

    <UID> is the UNIX user ID of the current user in the decimal format. For example, the UID for the root user is 0. The <hostname> is the system hostname and not IP address or localhost.

    If your server is configured correctly, you should see information similar to the following:

    Machine Role = [5] 
    Directory Service is running.
    Domain is in native mode.