Netcool Notes

Subject Description
install winbind patch cp authpam.so.1 to every server replacing
/opt/ibm/tivoli/netcool/omnibus/platform/linux2x86/module/authentication/authpam.so.1
  1. sudo su
  2. /etc/init.d/winbind restart
  3. exit
  4. sudo /etc/init.d/nco restart
Then ensure warn_pwd_expire = 14
(the default value) is in /etc/security/pam_winbind.conf
To enable TIP to authenticate with ObjectServer through winbind. run
$TIP_HOME/bin/confvmm4ncos.sh root password server_FQDN (Fully Qualified Domain Name) Port Number normally 4111
in tip server then restart tips so tip authenticates with objectserver and winbind works
To Test Winbind authentication is being trusted between servers run 'wbinfo -t'.
If you see RPC fails messages, then you can sudo to root and restart the winbind service.
TIP Start/Stop Commands When Precision is installed. Start =>>
  1. cd /opt/IBM/tivoli/netcool/precision/bin
  2. itnm_start tip
Stop =>>
  1. cd /opt/IBM/tivoli/netcool/precision/bin
  2. itnm_stop tip
ncoevent: unable to write to socket error You need DSD and Core Objectserver's configured to communicate as per IBM documentation i.e. set up MasterSerial in DSD to point to Master Objectserver and setup properties in Master ObjectServer, and ip addresses must resolve. That means entries for the ip addresses for the Master and DSD objectserver should be in the Domain Name Server and firewalls must be configured so the Master can access the DSD and DSD access Master objectservers.
SELinux Issues I’ve found the problem - SELinux was causing problems with some of the OMNIbus libraries. Disabled it and it all works. http://www.ittvis.com/services/techtip.asp?ttid=3092
Tech Tips

Seems that NGF installs java 1.4.2 and Precision 1.5.0.
If the JAVA_HOME variable is set to Precision's version
there can be problems with the NGF.
Setting it to the 1.4.2 settings seems to fix Webtop and
not cause an problems with Precision...

[10:52:54 AM] With the env-var at 1.5.0
we were seeing some problems with Java applets.
Possibly related was a lot of 403's and the occasional 500.
More confirmation is required, but it looks reasonable so far.

Printable Version
Article Title:
Error: cannot restore segment prot after reloc: Permission denied
Article ID: 3092
Article Name: INSTALL88
Last Updated: 5/10/2006 12:06:24 PM
Products: IDL; ENVI
OS Platforms: Linux-Intel

Topic:

Some Linux distributions with SELinux enabled may prevent IDL
from running under the default security context.
This TechTip is a workaround for CR#41937

Discussion:

Newer Linux distributions have enabled new kernel security
extensions from the SELinux project at the NSA.
These extensions allow finer-grained control over system security.
However, SELinux also changes some default system behaviors,
such as shared library loading, that can be problematic to
third party programs.

If you receive the error message "cannot restore segment prot
after reloc: Permission denied" when launching IDL,
then your SELinux configuration is preventing IDL from launching.
To rectify this issue, you can either:

* Change the default security context for IDL by issuing the command:

chcon -t texrel_shlib_t /usr/local/rsi/idl_6.1/bin/bin.linux.x86/*.so

* Disabling SELinux altogether by setting the line

SELINUX=disabled

in your /etc/sysconfig/selinux file.

For more information about SELinux,
please consult your Linux distribution vendor.

Email me here simon@simonsaysbiz.com

Note: Please fill out the fields marked with an asterisk.