Logon-Logoff / Power-on-Shutdown Scripts Execution for Windows Clients of DSfW
A new coolsolution has been released allowing the login and logoff tasks on a workstation. The script can also power down or power on workstations. Administrators and end users can automate these tasks. The scripts can be stored in the netlogon or sysvol on the primary domain controller which will sync it out to the other DCs. The profile tab of user properties, or Logon GPO can be used for integrating these scripts into startups and shutdown cases.
Go to novell.coolsolutions.com to download the script and read more about what you can do with this script.
I/OTest script to check if the disk I/O is causing slow performance
Slow VM Performacne, use IOTest to see if the disk IO is the culprit
This script will test the disk IO by copying 500Mb of data using the same block size as eDir uses and with the same api eDir uses “fdatasync”.
This writes 500 Mb of data each iteration to the iotest.log in the dib directory, usually the /var/opt/novell/eDirectory/data/dib/
It will overwrite the previous data in the iotest.log each time it runs. Anything under 100 MB/s is a concern and will cause slowness for eDirectory and possible memory build up. IO causes a bottleneck for events to be written to disk. A build up of memory by ndsd can cause a ndsd to take all available memory (both virtual and resident) causing ndsd to core.
If slow IO writes are seen with the iotest script begin the process of adding hard drives and reducing the… Continue reading
New DSfW Monitor Script
I previously created two scripts, dsfw_processcheck.sh and dsfw_portchk.sh, one to monitor pids and one to monitor ports. With the two script they are helpful to ensure the DSfW services are up. A new script combines the two and adds additional options. The script not only checks for pids and ports, but it can be used to create a cron job to run the script every 10 minutes by adding the “add” switch. To remove the cron job use the “rm” switch.
If a DSfW server running DNS (or not) has a DSfW specific process stop or crash a quick stop gap measure is to monitor the DSfW processes and restart them if one or more of the DSfW processes stop.
If the DSfW server is an Additional Domain Controller (ADC) DNS might not be configured on the server. If DNS is not running on the… Continue reading
How To Register OES and SLES Servers Using Command Line and a Script
It is important to keep your servers at the current patch level. Usually there are many bugs fixed and if you come across a new issue it helps Novell Support the the Developers.
I like to use the command line to register my servers. It is easy and relatively fast compared to the GUI. Even easier is to use a script. Just copy the script to the server, modify the e-mail account and registration codes and run the script. If something happens to the update services and repositories just run the script to clean up the old and re-register.
Below is a video demonstrating the register.sh script
TID 3030847 goes over the command line process.
Note: do not include < > for email or regcodes in the examples below
The command to register a OES server is
suse_register -a email=<user@email.com> -a regcode-sles=<your sles code>… Continue reading
DSfW: Provisioning using python script
Need to do the DSfW install via a putty session/ no gui. Look at this coolsolution article DSfW: Provisioning using python script. It provides a python script to do the provisioning portion of the install with out the need of X Server. It is also reported to be faster. Great for scripted installs.
Adding displayName to DSfW user accounts
BES10 requires AD authentication so DSfW is being deployed to accomplish this in eDirectory environments.
The displayName attribute is one attribute that must be populated.
displayName
All but two are automatically populated on DSfW users.
displayName and mail are not. Hopefully mail is already populated since this is for an e-mail application. displayName most likely is not.
This video will go over a script that can be used populate displayName with the value used in samAccountName. It will also show you how to modify the script if the value from another attribute is desired to be used for displayName.
The script does the following search to find users and generate a ldif file
ldapsearch -Y EXTERNAL -LLL -Q -b “$DEFAULTNAMINGCONTEXT” -s sub ‘(&(objectclass=user)(samAccountName=*)(!(|(objectClass=Computer)(displayName=*)(cn:dn:=users)(ou:dn:=oessystemobjects))))’ dn: samAccountName |sed s[samAccountName[‘changetype:modify\nadd: displayName\ndisplayname'[g | grep -v ^# >/tmp/add_displayname.ldif
As… Continue reading
NDSD Health Check Script
I’ve received a great deal of feed back on the DSfW Health Check Script and applied some changes. One of the suggestions was to do only a ndsd (eDirectory) script. The DSfW Health Check Script works for both DSfW and eDirectory servers, but if all you want to do is check eDirectory health on a DSfW server or want a script only for ndsd that is smaller and simple this is an option.
I am always looking for suggestions. I’ve created a video for the ndsd_heaclthchk script. Watch to to learn about configuring it for your specific needs.
For for NDSD Health Check in the download section.
The configuration options are as follows
# Set emailsetting to 1 to send e-mail log when finished. Set to 0 or remove the 1 to disable
emailsetting=0
# Set emailonerror to 1 to send e-mail log if an error is returned. Set to… Continue reading
Latest DSfW Health Check Script
I’ve received a great deal of feed back on the DSfW Health Check Script and applied some changes.
I am always looking for suggestions. I’ve created an updated video with the latest script. Watch to to learn about configuring it for your specific needs.
Troubleshooting High Utilization – High Utilization Gstack tool
Some times ndsd or another process can cause a server to go into high utilization or to become unresponsive. A great TID to follow for OES servers is TID 7007332 – Troubleshooting ndsd becoming unresponsive on OES Linux. A TID specific for DSfW servers to start with is TID 7010462- Troubleshooting slow logins and unresponsive DSfW server.
When trouble shooting a process stuck in high utilization or causing a server to slow down or become unresponsive looking at a top output for a daemon like ndsd with individual threads shown and a correlating gstack can show us which thread is in high utilization and what that thread is doing. In most cases it is best to take a number of gstacks every 10 seconds to 60 seconds depending on the situation. We can see not only what that thread is doing but if the… Continue reading
DSfW and eDirectory Health Check
It is a good idea to periodically check the health of DSfW and eDirectory servers.
This video concentrates on a script I wrote that can be ran on both eDirectory and DSfW servers.
The script demonstrated in this video is called dsfw_edir_healthchk.sh. To get the latest version of the script click on the DSfW Health Check link in the download section on DSfWDude.com.
A great TID to start off with for a eDirectory health check is TID 3564075.
On a DSfW server start off with an eDirectory health check as well as TID 7001884 which has DSfW specific commands to check the health and overall operation of a DSfW server.
The script does most of the suggestions in both TIDs mentioned above plus a few more checks.
For eDirectory there are 8 checks the script does and… Continue reading
Diagnostic tool for DNS Records
The DSfW team has a great tool called check-dns.pl to help diagnose DNS issue with DSfW.
The tool validates essential records for forward and reverse lookups. This tool can be found at Novell Coolsolutions.
The tool might incorrectly report PDC and DC records if there is more than one Domain Controller. The Coolsolutions article will be updated with a new check-dns.pl to address this issue.
Until the Coolsolutions article is updated you can download it from dsfwdude.com.
Download
Updated dsfw_processchk script 2.1.5
I updated the dsfw_processchk script to not only check all essential DSfW processes, but to handle multiple pids for the xadsd process. The script is great to use if you are worried that a DSfW process will stop and you don’t want to receive several phone calls alerting you to the problem or the DSfW server has been unstable you you need to time track down the invalid requests hitting the DSfW server.
The script will report which processes are running or have stopped. It works by validating that a PID exists for each process. If a process is not running the script has the option to restart the services, send an e-mail that a process has stopped, and update the syslog.
Key configuration
# Set RESTART_DSFW to 1 to reload DSfW services if one or service is not running,
# Set RESTART_DSFW to 0 to leave the services… Continue reading
Script to check if ports are listening
If you are concerned about a DSfW service going down and or the port is not accessible, this script will help keep the services up or notify you of a service going down. The script will check if each DSfW service is listening, then telnet to each port. If it can not telnet, the script will log which port is not accessable in the /var/opt/novell/xad/log/dsfw_portchk.log.
The dsfw_portchk.sh script can be ran on PDC or ADC, running Novell DNS or not running Novell DNS.
The script can also e-mail and restart the services if desired.
It will detect if the server has IPv6 enabled so to properly detect the correct port Samba and NetBios is listening on.
The script detects if Novell DNS is configured to start. Some times on ADC servers DNS is not configured or is not set to run. The original script… Continue reading
Script to check DSfW Processes
I have a updated script to check all essential DSfW processes. The name of the script is dsfw_processchk. The script is great to use if you are worried that a DSfW process will stop and you don’t want to receive several phone calls alerting you to the problem or the DSfW server has been unstable you you need to time track down the invalid requests hitting the DSfW server.
The script will report which processes are running or have stopped. It works by validating that a PID exists for each process. If a process is not running the script has the option to restart the services, send an e-mail that a process has stopped, and update the syslog.
Key configuration
# Set RESTART_DSFW to 1 to reload DSfW services if one or service is not running,
# Set RESTART_DSFW to 0 to leave the services… Continue reading
Delete an attribute on all users with a script
Here is the bases of a script to delete an attribute on a user.
I come across issues where an attribute was populated on several users that shouldn’t be there or you want to create new objectsids or just remove the existing objectsids and replace them with a back up.
Most DSfW installs are a name mapped install meaning the install is mapped to an existing container in the tree. If this is the case the domain name most likely will not patch to context in the tree and most likely the objectclass wit not be domain. An example of a domain with the name of novell.com mapped to a container with an objectclass of Organization (o=novell) and not domain (dc=novell). Even it if is a dc most likely the fdn does not match the domain name. Continuing with our example of novell.com that would… Continue reading
Script to monitor DSfW processes and restart services
If a DSfW server running DNS has a DSfW specific process stop or crash a quick stop gap mesure is to monitor the DSfW processes and restart them if one or more of the DSfW processes stop. I created a simple script that will check that a pid exists for each process. The script is called dsfw_monitor.sh. While it does not restart DSfW in every condition like if a process continues to run but is not responding or say a process crashes but the pid is never cleaned up, it does work for most situations.
Create a cron job to run the script every hour, 30 minutes, 10 minutes, what ever you desire. My recomendation is to not go below 5 minutes since eDirectory might take several minutes to stop and start again.
To create a cronjob use the crontab command with the -e… Continue reading
Backup ObjectSid
For a disaster recovery issue it might be necessary to have a backup of all objectsSids for users and computers.
Here is a simple script to create a ldif file that is ready to import and replace existing objectsids.
Since computers have an objectclass of user setting the filter to “(&(objectclass=user)(objectsid=*))” will return all users and computers with an objectsid. The base can be set to the domain name context (ex: dc=domain,dc=com) if this is ran from a DSfW server other wise use the standard context in eDir (ex: o=novell) assuming this is a name mapped install and the context does not use dc objectclass.
#!/bin/bash
ldapsearch -x -LLL -H ldaps://localhost:636 -D cn=admin,o=novell -W -b “o=novell” -s sub “(&(objectclass=user)(objectsid=*))” dn objectsid|sed s[objectsid[‘changetype:modify\nreplace:objectsid\nobjectsid'[g | grep -v ^# > Objectsids_restore.ldif
exit 0