My Favorites

Close

Please to see your favorites.

  • Bookmark
  • Email Document
  • Printer Friendly
  • Favorite
  • Rating:

Can not extend Radius schema: Connect Error

This document (7014640) is provided subject to the disclaimer at the end of this document.

Environment

Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms
iManager 2.7.6
iManager 2.7.7
iManager 3.1.x
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Novell Open Enterprise Server 2018  (OES 2018) Linux Support Pack 1
Novell Open Enterprise Server 2015 (OES 2015) Linux Support Pack 1
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 2
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 1
FreeRADIUS

Situation

The Radius plug-in for iManager requires a secure LDAP connection.

When extending free radius schema in iManager the error returned is:
  Created LDAP context failed: 
  Connect Error
  java.lan.Exception\n at com.novell.nps.radius.ExtendRadiusSchema.showInitialForm(ExtendRadiusSchema.java:185)\n

When creating a Radius Profile or Radius User the following error is returned:
java.lang.NullPointerException at com.novell.nps.radius.RadiusSchema.isSchemaValid(RadisuSchema.java:2511)

Resolution

Check that the keystore (cacerts file) is valid and has the correct permissions. (For OES 2018.1 servers, see the OES 2018.1 sub-section below)

First find the JAVA_HOME path 
export |grep -i JAVA_HOME
usually returns something like this:
 /usr/lib64/jvm/jre

The keytool binary will usually be located in
/usr/lib64/jvm/jre/bin/keytool
And the keystore will usually be in the following location with the name of
/usr/lib64/jvm/jre/lib/security/cacerts

Next check the permissions on the cacerts
ls -al /usr/lib64/jvm/jre/lib/security/cacerts
-rwxr-xr-x 1 root root  cacerts*
If the permissions are incorrect change the permissions with command:
chmod 755 /usr/lib64/jvm/jre/lib/security/cacerts

If the cacerts is missing expired because the CA was expired or recreated use the keytool command to generate a new cacerts file.
To verify that the CA is valid see TID 7013047

Once the CA if validated export a certificate from the tree via iManager.  If there is a OES server in the tree use the /etc/opt/novell/certs/SSCert.der
To export a cert with iManager, login to iManager | Novell Certificate Server | Configure Certificate Authority | Select the Certificates tab | Select the Self Signed Certificate tab | Export | Uncheck the "Export private key" option | Verify the Export format is "Der" | Next | Click "Save the exported certificate" link and save to the desired location.

Next, run the keytool command:
keytool -import -alias Alias_Name -file /path_to_exported_cert.der -keystore /path_to_cacerts file
 keytool -import -alias Alias_Name -file /etc/opt/novell/certs/SSCert.der /usr/lib64/jvm/jre/lib/security/cacerts
When prompted for password, type "changeit" and to the question "Trust this certificate?"answer "yes"


OES 2018.1:
Certificate path on OES server: /etc/opt/novell/certs/SSCert.der
keytool path: /usr/lib64/jvm/java-1_8_0-ibm-1.8.0/jre/bin/keytool
java keystore path: /var/lib/ca-certificates/java-cacerts

e.g.
/usr/lib64/jvm/java-1_8_0-ibm-1.8.0/jre/bin/keytool -import -file /etc/opt/novell/certs/SSCert.der -keystore /var/lib/ca-certificates/java-cacerts
rcnovell-tomcat restart

Additional Information

See TID 7002490 for creating the keystore for a workstation version of iManager
or copy a valid keystore (the cacerts file) from a server or another workstation.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7014640
  • Creation Date:26-FEB-14
  • Modified Date:12-JUN-19
    • NovellOpen Enterprise Server
    • SUSESUSE Linux Enterprise Server
    • NetIQeDirectory
< Back to Support Search

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center