DNS CASA Repair Script

A common reason for  Novell DNS to fail to update records or even fail to load is do to CASA credentials for the DNS proxy user.

When troubleshooting Novell DNS issues start with the /var/opt/novell/log/named/named.run log.
If novell-named fails to start or update records and CASA Error has occured, error:No credential is retrived from CASA is seen in the log, it is almost a guarantee the reason is the dns-ldap key is missing, the password is incorrect for the proxy user, or the user name is incorrect.
Below is a sample of a named.run log demonstrating what is seen when CASA credentials in invalid or missing.
Look for the starting of named and the CASA Error

19-Nov-2013 15:30:13.489 general: main: notice: starting BIND 9.3.2 -u named
19-Nov-2013 15:30:13.490 general: server: info: found 4 CPUs, using 4 worker threads
19-Nov-2013 15:30:13.500 general: dns/message: error: Credential Not found
19-Nov-2013 15:30:13.500 general: dns/db: critical: CASA Error has occured, error:No credential is retrived from CASA
19-Nov-2013 15:30:13.500 general: dns/db: warning: Could not open the credential file
19-Nov-2013 15:30:13.500 general: dns/db: critical: No credential found in the file
19-Nov-2013 15:30:15.554 general: dns/db: critical: Failed to load RRs of rootserver zone with error -109
19-Nov-2013 15:30:15.554 general: dns/hints: warning: Loading Root data from directory Failed
19-Nov-2013 15:30:15.557 general: server: info: loading configuration from ‘/etc/opt/novell/named/named.conf’
19-Nov-2013 15:30:15.558 network: interfacemgr: info: listening on IPv4 interface lo, 127.0.0.1#53
19-Nov-2013 15:30:15.558 network: interfacemgr: info: listening on IPv4 interface lo, 127.0.0.2#53
19-Nov-2013 15:30:15.559 network: interfacemgr: info: listening on IPv4 interface eth1, 151.155.213.221#53
19-Nov-2013 15:30:15.564 general: dns/message: error: Credential Not found
19-Nov-2013 15:30:15.564 general: dns/db: critical: CASA Error has occured, error:No credential is retrived from CASA
19-Nov-2013 15:30:15.564 general: dns/db: warning: Could not open the credential file
19-Nov-2013 15:30:15.564 general: dns/db: critical: No credential found in the file
19-Nov-2013 15:30:15.566 network: interfacemgr: info: dns_edir_get_multival has returned error inside store_dnsserver_ip_address:25
19-Nov-2013 15:30:15.566 network: interfacemgr: error: Error occured while updating the IP list of the DNS server object:25
19-Nov-2013 15:30:15.567 general: control: notice: command channel listening on 127.0.0.1#953
19-Nov-2013 15:30:19.147 general: dns/db: critical: Unable to login Error code:-669

I have a script that can help create the credentials.  It is designed for OES11SP1, but might work with older versions.

Download and run the novell_dns_casa_repair.sh

Make the script executable with chmod +x novell_dns_casa_repair.sh

If the script is opened on a Windows computer be sure to run dos2unix novell_dns_casa_repair.sh to remove windows hidden characters.

The script will let you know the proxy user name set for DNS, if it matches up with the setting in the sysconfig file, retrieve the password of the OESCommonProxy user and populate the dns-ldap password key with the password if the OESCommonProxy user is used for the DNS Proxy user.

If you run  CASAcli -l and only see the common-proxy-casa this script will set the username and password for the dns-ldap.

If the common-proxy-casa is missing, it will also help you set that up as well.

If the proxy user is not the OESCommonProxy user, the script will find the user (from the /etc/opt/novell/proxymgmt/proxy_users.conf)

 

Here is a sample of what it will report if the dns-ldap CASA key is missing:

The DNS Proxy User is cn=OESCommonProxy_dsfw1,ou=OESSystemObjects,o=novell

Checking for common-proxy-casa credentials
CASA User and Password keys for common-proxy-casa credentials are set

Checking for dns-ldap credentials
Credentials do not exist for dns-ldap
Do you want to fix casa credentials for the DNS Proxy User? (y/n): y

The dns-ldap CASA Credentials have been set

Getting dns-ldap

Name: dns-ldap
Key: Password (********)
Key: CN (********)

Shutting down name server BIND done
Starting name server BIND done
No errors reported after restart of novell-named

 

Here is a sample of what the script will report if the credentials are correct in the CASA key:

The DNS Proxy User is cn=OESCommonProxy_dsfw1,ou=OESSystemObjects,o=novell

Checking for common-proxy-casa credentials
CASA User and Password keys for common-proxy-casa credentials are set

Checking for dns-ldap credentials
CASA User and Password keys for dns-ldap match common-proxy-casa, no action needed

If DNS fails to start tail the /var/opt/novell/log/named/named.run and look for errors.

Comments are closed.

Categories