Thursday 30 March 2017

WAS Federated repositories - Not able to login when any one of the repositories is down


Scenario:
In IBM IIS, when the user registry is configured as Federated repositories, we cannot login to WebSphere and any of the IIS components when any one of the repositories is down.

Cause:
If one or more configured repository is down, we cannot log in (even as admin) or stop WebSphere Application Server, regardless of the repository in which your particular ID is stored. Virtual member manager (VMM) always checks whether all repositories are up before authenticating.

Resolution:
To disable this feature, we must set allowOperationIfReposDown to true in wimconfig.xml file.


Note: After updating wimconfig.xml, the services must be restarted for the changes to take effect.


Reference Links:

http://www.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.wim.doc/UnableToAuthenticateWhenRepositoryIsDown.html
https://developer.ibm.com/answers/questions/242364/why-do-errors-cwwim2009e-and-secj0281e-occur-in-sy.html
​​


--
Regards
Sandeep C
Posted by at No comments:

How to uninstall the Cognos Content Database



Technote (troubleshooting)


Problem(Abstract)

If you configured your IBM Cognos environment to use the Cognos Content Database, otherwise known as Derby, as your Content Store and you would like to uninstall it and use a supported database application for you Content Store.

Resolving the problem

1) - On the computer where you installed Cognos Content Database, go to the cognosroot_location\bin directory, and type the following command:

  • On Windows, type

derby.bat uninstall

This command removes the Cognos Content Database service.

  • On UNIX, type

derby.sh stop

This command stops the Cognos Content Database service.

2) - In the cognosroot_location directory, delete the derby10.* directory.

3) - In the cognosroot_location\bin directory, delete the following files:

  • On Windows, derby.bat
  • On UNIX, derby.sh and derbyenv.sh

4) - On Windows, in the cognosroot_location\logs directory, delete the derby.service file.

5) - In the cognosroot_location directory, open the cmplst.txt file in a text editor.

6) - Remove lines containing Cognos Content Database values. The lines contain CCD and CMDERBY. For example:

C8BISRVRCCD_version=

C8BISRVRCCD_name=

CCD_version=

CCD_name=

CMDERBY_version=

CMDERBY_name=

Tip: You can also comment the lines out by inserting # at the start of each line.

7) - Save the file.

8) - Start IBM Cognos Configuration.

9) - Under Data AccessContent Manager, do the following:

  • Delete the Cognos Content Database.
  • Configure a new database resource to point to a new content store

10) - Restart IBM Cognos BI.

Posted by at No comments:

E4) Cannot connect to admin server at host and post 5498 - ​ Cognos TM1 client not able to connect to TM1 admin server .

Posted by at No comments:

Configure a Netezza connection using ODBC on UNIX


  1. Install the Netezza ODBC driver, and Netezza client libraries.
    Note
    If you are running a PowerCenter 32-bit Integration Service, make sure the Netezza 32-bit ODBC driver and client are installed and accessible.
    If you are running a PowerCenter 64-bit Integration Service, make sure the Netezza 64-bit ODBC driver and client are installed and accessible.
  2. Set the following environment variables:
    • NZ_ODBC_INI_PATH
      Set NZ_ODBC_INI_PATH to $INFA_HOME/ODBCn.n/
    • Add $INFA_HOME/ODBCn.n/lib:{NetezzaInstallationDir}/lib64 to the shared library environment variable.
      • Solaris
        LD_LIBRARY_PATH
      • Linux
        LD_LIBRARY_PATH
      • AIX
        LIBPATH
      • HP-UX
        SHLIB_PATH
      For instance, use the following syntax for Solaris:
      LD_LIBRARY_PATH
      Add $INFA_HOME/ODBCn.n/lib:{your Netezza path}/lib64 to the library path
    • ODBCINI
      Set ODBCINI to ${NZ_ODBC_INI_PATH}/odbc.ini
      Set the ODBCINI environment variable so that it points to the location of the odbc.ini file.
      Note
      If this variable is not set it will look for .odbc.ini in the user's home directory.
    • PATH
      Using a Bourne shell:
      PATH="${PATH}:$ODBCHOME/bin
      Using a C shell:
      $ setenv PATH ${PATH}:$ODBCHOME/bin:
  3. Copy the Netezza ODBC sections from the odbc.ini.sample and odbcinst.ini.sample to their respective files used by PowerCenter which can both be found under $INFA_HOME/ODBCn.n.
    Example
    A typical entry in the odbc.ini is as follows:
    [NZSQL]
    Driver=/home/sganesh1/nz/nz/lib/libnzodbc.so
    Description=Netezza
    Servername=putah
    Port=5480
    Database=nzwide
    Username=username
    Password=password
    Debuglogging=true
    StripCRLF=false
    PreFetch=256
    Protocol=7.0
    ReadOnly=false
    ShowSystemTables=false
    Socket=16384
    DateFormat=1
    TranslationDLL =
    TranslationName =
    TranslationOption =
    NumericAsChar=false
  4. Copy the Netezza ODBC section from the odbcinst.ini.sample to odbcinst.ini file used by PowerCenter under $INFA_HOME/ODBCn.n.
    Example
    A typical entry in the odbc.ini is as follows:
    [NetezzaSQL]
    Driver                     = /usr/local/nz/lib/libnzodbc.so or libnzsqlodbc3.so
    Setup                      = /usr/local/nz/lib/libnzodbc.so or libnzsqlodbc3.so
    APILevel                   = 1
    ConnectFunctions           = YYN
    Description                = Netezza ODBC driver
    DriverODBCVer              = 03.51
    DebugLogging               = false
    LogPath                    = /tmp
    UnicodeTranslationOption   = utf8
    CharacterTranslationOption = all or latin9
    PreFetch                   = 256
    Socket                     = 16384
  5. Ensure that if you are using 64-bit PowerCenter that the Driver=/..../libnzodbc.so file is pointing to Netezza's lib64 directory in both odbc.ini and odbcinst.ini
  6. Test using ssgodbc utility found in $INFA_HOME/tools/debugtools/ssgodbc (on version 9.5.0 and higher).
    Otherwise, this can be downloaded from MySupport from the Debugging Tools Section in the lower left of the home page.


​Env Variable​





Testing the connection:



--
Regards
Sandeep C
Posted by at No comments:

Add Ubuntu 14.04 LTS Server to a Windows Active Directory Domain – Fullest Integration


If you are like me and work in a mixed environment then the above topic is probably quite important to you. Especially if you also happen to be a security person for your organization and centralized account administration is a big deal.

In this tutorial, I will be walking through how to join an Ubuntu 14.04 LTS Server to a Windows Active Directory Domain. Furthermore, we will be adding a new domain group to the "sudoers" group on the box so that our Domain Admins will automatically have the ability to use sudo to administer your Ubuntu Servers as needed.

Additionally, we will also be making it easy for them to login (no appending of the domain onto their user account name) and giving them the more user-friendly BASH shell, rather than the default SH.

All commands reference the fictional domain "CONTOSO.COM" to make the syntax easier to understand. The Domain Controller (DC) for the domain will be at "192.168.0.100". The domain controller is assumed to be running DNS services as this is tightly integrated with Active Directory. The name of the domain admin in the Windows domain is "admin"

This guide assumes the following:

1. You have a Server 2003 or newer domain environment
2. You are running Ubuntu 13.10 or above on your server (I am working on a 14.04 LTS release). This may work on older versions.
3. You are at least a domain admin or can instruct someone who is to make some domain changes.
4. You have full root privileges on the Ubuntu server

Ahead of time….
1. Install Ubuntu Server and name it appropriately. If you want your server to ultimately be found at linuxserver05.contoso.com then you would edit your /etc/hostname file to read "linuxserver05″ (without the quotes).

2. Set a static IP address on your Linux server. As part of the config be sure to specify the following lines (in etc/network/interfaces):

dns-search contoso.com
dns-nameservers 192.168.0.100 ##the IP address of your domain controller

Okay, let's go!

We are going to be using a software package called "Power Broker Identity Services, Open Edition" to simplify life. The download packages for this service can be found here: http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True

So the first thing to do is to log in, elevate your privileges, and use wget to pull the latest package file down:

sudo -s
wget http://download.beyondtrust.com/PBISO/8.0.0.2016/linux.deb.x64/pbis-open-8.0.0.2016.linux.x86_64.deb.sh

Next, we need to install the package

chmod a+x pbis-open-8.0.0.2016.linux.x86_64.deb.sh
bash pbis-open-8.0.0.2016.linux.x86_64.deb.sh
shutdown now -r

"No" you do not need "legacy links"

The last command reboots your box. Once it comes back up, login and elevate your privileges, then we are going to join the domain and reboot again…


sudo -s
/opt/pbis/bin/domainjoin-cli join magur.com admin@magur.com
shutdown now -r

Once the box comes back up again, elevate your privileges and then configure several more things…

sudo -s
/opt/pbis/bin/config UserDomainPrefix magur
/opt/pbis/bin/config AssumeDefaultDomain true
/opt/pbis/bin/config LoginShellTemplate /bin/bash
/opt/pbis/bin/update-dns
/opt/pbis/bin/ad-cache --delete-all

Now, there is also a small bug in PAM (an authentication module used by PBIS). We need to modify a config file. You can do this via the following:

vim /etc/pam.d/common-session

Find the line that says "session sufficient pam_lsass.so" and change it to read this:

session [success=ok default=ignore] pam_lsass.so

————–OKAY – JUMP OVER TO YOUR WINDOWS DOMAIN CONTROLLER AND LOGIN AS A DOMAIN ADMIN——–
Do the following:
1. Create a new global security group called "LinuxAdmins" (without the quotes)
2. Add the built-in "Domain Admins" group to the newly created "LinuxAdmins" group
—————BACK TO YOUR UBUNTU BOX——————

We need to edit the "sudoers" file which is done via VISUDO. NANO is the default text editor. If you want to change to something else (I prefer "vim") use the following command:

sudo update-alternatives --config editor

Once you have chosen a text editor you prefer, launch VISUDO

visudo

Append this new line to the bottom of the file:

%linuxadmins ALL=(ALL:ALL) ALL

Save and close… reboot the box one more time and then attempt a login with your domain admin credentials.

EDIT: I had some trouble with the syntax on the very last step for adding the AD group to the sudoers file. Here is what helped. Log in as a domain user in the Linuxadmins group. Then run this command and examine the output:

id

You should see that your user is a member of the "LinuxAdmins" group or a member of the "contoso\linuxadmins" group. If you followed the above tutorial it should be the former and the syntax now provided in the tutorial for adding the group to the sudoers file should work.

This is because we ran this command earlier:

/opt/pbis/bin/config UserDomainPrefix contoso

Which means the system assumes the "contoso\" in front of all usernames and group names. If when you run the "id" command it is showing your domain name in front of the group name. Your sudoer line will need to look like this:

%magur\\linuxadmins ALL=(ALL:ALL) ALL

Notice the double "\\" – it is necessary (not a typo) however I am not going to go into why.

REFERENCES:
http://notesonit.blogspot.com/2013/03/howto-powerbroker-identity-services.html
http://askubuntu.com/questions/452904/likewise-open-14-04-other-easy-way-to-connect-ad
http://askubuntu.com/questions/363869/powerbroker-likewise-open-ubuntu-13-04-13-10-upgrade?rq=1
http://ubuntuforums.org/showthread.php?t=766763
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto
http://www.cyberciti.biz/faq/ubuntu-add-user-to-group/

http://www.kiloroot.com/add-ubuntu-14-04-lts-server-to-a-windows-active-directory-domain-fullest-integration/


--
Regards
Sandeep C
Posted by at No comments:
Subscribe to: Posts (Atom)