BSA: After installing the BBSA Bladelogic agent on SLES9, agentinfo for the system reports "I/O Error"

Version 2
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BladeLogic Server Automation - Configuration Module


    APPLIES TO:

    BMC BladeLogic Server Automation - Configuration Module



    PROBLEM:

     

      The RSCD agent for SLES9 was installed on SystemZ 64-bit running on a Z guest. When running the    agentinfo command from the application server, it dumps an error:  
        
    Can't access host "hostname": I/O error
       
    There is no connectivity issue between the application server and RSCD agent (verified using tcpdump and traceroute).  
    The system uses LDAP for resolving user names ("passwd: compat" in /etc/nsswitch.conf). 

     


    SOLUTION:

     

    Legacy ID:KA311246

      
      The root cause is similar to the problem described in Knowledge Base article    000094431
      
        
      
       
       It has to do with a problem with SSL connections in the LDAP implementation in Suse.   
      
    When a connection comes in, the agent checks the following 3 files in order:   
    exports, users and users.local.   
      
    In each of these files, it is going to resolve and verify any hostname and also verify the existence of the user it is going to map the connection as.   
      
    In the exports file, there are 2 parts for each rule:   
      
    1) the left hand side, which contains the list of hosts to validate the connection against   
    2) the right hand side, which contains the mapping information (check the admin guide under "Configuring the Exports File").   
      
    For example, the following entry could be found in an exports file:   
      
       * rw  
      
    which means, for any connection, give read/write permissions to the user "anonymous" (as there is no "root=" or "user=" statement).   
      
    By default, the anonymous user is "nobody" on Linux/Unix and if that user doesn't exist on the system, it is going to be mapped as uid 65534.   
      
    The user resolution code will go ahead and query LDAP for a user with uid 65534.   
      
    That user usually doesn't exist by default in LDAP and the LDAP resolution routines in the shared libraries on the system seem to have some problems with the returned data, which makes the agent crash.   
      
    The fact that the LDAP query makes the agent crash when it cannot find a user might be a problem with the configuration of either the LDAP server, the agent machine or an issue with the LDAP shared libraries on the system.  
      
      
       
          
       
       To work around the problem, there are 5 potential solutions:   
      
    Use the option "anon" in the exports file for each line where there is no "root" or "user" mapping specified to map any anonymous connection to a valid     local uid.   
    For ex:    
    * rw,anon=4567
    or   
      
    Add a user "nobody" with uid "65534" in /etc/passwd   
      
    or   
      
    Add a user "nobody" with uid "65534" in LDAP   
      
    or   
      
    use the option "user" in the exports file to map all the incoming connections to a local user on the machine. For example, use:    
    * rw,user=nobody
    or   
      
    change the configuration of the target to not use SSL to communicate with LDAP. Use the default port 389 with no encryption.  
      
      
      

     


    Article Number:

    000092699


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles