This document (10093471) is provided subject to the disclaimer at the end of this document.
fact
Novell NetWare 5.1
Novell NetWare 6.0
Novell NetWare 6.5
Novell Cluster Services
Novell NetWare NFS Services 3.0
Novell Native File Access Pack
Novell Native File Access Protocols
Novell Native File Access for UNIX
Novell Directory Enabled Network Information Services (DENIS)
Yellow Pages (yp)
symptom
Cannot cluster-enable NetWare NIS Master Server.
Error: "Permission Denied" when trying to set NIS password with yppasswd on Solaris client.
Error: "yppasswd: yppasswdd not running on NIS Master host" when trying to set NIS password on Red Hat Linux client.
"Error:376:<date> <time> : Failed to update local password NIS DB" in SYS:\ETC\NIS\NISSWDD.LOG
"Error:371:<date> <Time>: Failed to update password. Error Code = 1936943470." in SYS:\ETC\NIS\NISSERV.LOG
Error: "Error while changing the NIS password.
The NIS password has not been changed on <IP address assigned to Native File Access for UNIX cluster resource>." when trying to change NIS password with yppasswd on RedHat Linux.
Error: "Permission Denied" when trying to change NIS password with yppasswd on Sun Solaris.
cause
The data of a Network Information Services (Yellow Pages) domain is stored in NIS maps. The NIS maps are served by one NIS Master server and optionally one or more NIS Slave servers. NIS maps are administered on the NIS Master server only. NIS Slave Servers hold a read-only copy of the NIS maps. Synchronization of NIS maps is done from the NIS Master server per 'yppush' or a NIS Slave server per 'ypxfr' every user defined interval (often done per cron), if the Master server has a more recent version of a NIS map than the Slave server.
Once you have created the NISSERV objects with SPINST.NLM, you can make a NetWare server a NIS Master server with MAKENIS.NLM or the 'Migration' button in ConsoleOne. When you click the 'Migration' button in ConsoleOne, a 'Migration' dialogue window pops up, where you can specify the following details to make a NetWare server a NIS Master server:
- 'NetWare Host Name/IP Address'
- NIS 'Domain Name'
- 'Domain Context'
- A check box to 'Set the specified Host as Master Server'
- Check boxes to instruct MAKENIS.NLM what to do with the current NIS Maps, in case a NIS Domain Container with the given 'Domain Name' is already present in the given Domain Context.
In case you want to cluster-enable the NIS Master server, you would enter the IP address of the Cluster Resource, which you gave with SPINST.NLM to configure the IP address (ipHostNumber attribute) of the cluster-enabled NISSERV object, i.e., the IP address, where NISSERV.NLM should bind to for high availability, with the 'NetWare Host Name/IP Address' and make sure the check box 'Set the specified Host as Master Server' is ticked.
When you click the 'Migrate' button, a nisDomain container object gets created in the 'Domain Context'. The nisDomain container holds 'nisMap' objects. Each 'nisMap' object has a property 'nisMapMaster'. The value of the 'nisMapMaster' attribute is returned to NIS Clients and Slave servers when they request for the Master of the NIS map in a given Domain. The Migration process populates the 'nisMapMaster' property with the first bound IP address of the server that currently hosts the cluster resource with the IP address that you entered with 'NetWare Host Name/IP Address'. This primary bound IP address does not necessarily fall into the same subnet as the secondary IP address of the cluster resource.
When you cluster-enabled your installation of Native File Access for UNIX, you will bind NIS clients to the IP address of the Native File Access for UNIX cluster resource that you gave with SPINST.NLM to configure the IP address (ipHostNumber attribute) of the cluster-enabled NISSERV object, i.e., the IP address, where NISSERV.NLM should bind to for high availability.
If a user at a NIS client wants to change his NIS password with 'yppasswd', the NIS client will request the NetWare NIS server for the Master of the map 'passwd.byname' in the given NIS domain and connect to the NIS Password Daemon (NISSWDD.NLM) at the returned NIS Master server to do the password administration (changes to NIS map entries can only be done at the NIS Master).
In return to the client's request for the Master of the map passwd.byname, the NetWare NIS server will give the IP address or host name stored in the 'nisMapMaster' property of the 'passwd' nisMap object under the nisDomain container. Since this property contains the first bound IP address of a cluster node, the client can only successfully connect to NISSWDD.NLM and change the user's NIS password if the concerning cluster node is up and hosts the cluster resource for Native File Access for UNIX and if the fist bound IP address of that cluster node can be reached from the NIS client. If the concerning cluster node is down, does not host the cluster resource for Native File Access for UNIX, or if the first bound IP address on that node is not reachable for the NIS client, the client will not be able to connect to the NIS Password Daemon on the NIS Master server and yppasswd will return an error to the user.
When you change the attribute nisMapMaster of the 'passwd' nisMap object to the IP address or host name of the Native File Access for UNIX cluster resource in order to make the NIS Master server highly available for the passwd map, NISSWDD.NLM cannot update the passwd NIS map successfully anymore and updates the SYS:\ETC\NIS\NISSWDD.LOG file with the error "Error:376:<date> <time> : Failed to update local password NIS DB" every time a user wants to change his/her NIS password and returns error code 0x09 to the NIS client's request to change the NIS password. Consequentially, yppasswd will return an appropriate error message, like "Permission Denied" or "Error while changing the NIS password..." to the user..
fix
Engineering fixed this defect with a field test patch. You can obtain this field test patch with Novell Technical Services. At this moment it is not certain when a public release of this patch will become available.
With the field test patch, you can successfully cluster-enable the NIS Master Server, by changing the nisMapMaster of each nisMap object to the IP address or host name of the Native File Access for UNIX cluster resource in ConsoleOne the following way:
1) Make a NetWare cluster node a NIS Master server with the Migration snapin in ConsoleOne or MAKENIS.NLM.
2) Open to the resulting NIS Domain Container in the context that you specified with the Migration snapin or MAKENIS.NLM.
3) Right click on each nisMap object under the NIS Domain Container and select 'properties...'.
4) On the 'General' > 'Identification' page of each nisMap object, change the 'Map Master' to the IP address of the Native File Access for UNIX cluster resource and click 'OK' to save your changes.
Work-around:
To keep the NIS Master server available after migration or fail over of the Native File Access for UNIX cluster resource to another cluster node, you can change the Map Master of each NIS map to the first bound IP address of the cluster node, where the Native File Access for UNIX cluster resource failed over/migrated to the following way:
1) Right click on each nisMap object under the NIS Domain Container and select 'properties...'.
2) On the 'General' > 'Identification' page of each nisMap object, change the 'Map Master' to the first bound IP address of cluster node hosting the Native File Access for UNIX cluster resource and click 'OK' to save your changes.
document
| Document Title: | Cannot cluster-enable NetWare NIS Master Server. |
| Document ID: | 10093471 |
| Solution ID: | NOVL97650 |
| Creation Date: | 02Jul2004 |
| Modified Date: | 06Jun2006 |
| Novell Product Class: | Connectivity Products |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.