-
Title
pmjoin_plugin fails to generate ssh keys for pmclient -
Description
When trying to join client to join to a policy group receive an error when trying to generate ssh keys for pmclient.
Join Command /opt/quest/sbin/pmjoin_plugin
Error
- failed to generate ssh key -
Cause
CAUSE 1: DNS issue un-resolvable shortname
CAUSE 2: Sudo version not support
CAUSE 3: wrong permissions on the pmpolicy user's home directory
CAUSE 4: passwd for the pmpolicy user account is unknown or incorrect
-
Resolution
RESOLUTION 1:
1 - Edit the /etc/resolv.conf and add the domain name to the search line.
2 - Ensure the host shortname and FQDN is resolvable by doing ping and nslookup commands
RESOLUTION 2:
1 - Upgrade Sudo to version 1.8 or higher.
To download go to https://www.sudo.ws/download.html
RESOLUTION 3:
1 - Ensure the permission on the account are correct. Below are the correct permissions that should be set.
# cd /var/opt/quest/qpm4u
# ls -latotal 20drwxr-xr-x. 5 root root 4096 Nov 9 16:16 .drwxr-xr-x. 6 root root 4096 Feb 22 11:10 ..drwxrwx---. 4 root root 4096 Nov 23 2016 evcachedrwxr-xr-x. 5 pmpolicy pmpolicy 4096 Nov 23 2016 pmpolicydrwxr-xr-x. 3 root root 4096 Nov 23 2016 .qpm4u# cd pmpolicy# ls -latotal 32drwxr-xr-x. 5 pmpolicy pmpolicy 4096 Nov 23 2016 .drwxr-xr-x. 5 root root 4096 Nov 9 16:16 ..-rw-r--r--. 1 pmpolicy pmpolicy 18 Sep 26 2014 .bash_logout-rw-r--r--. 1 pmpolicy pmpolicy 176 Sep 26 2014 .bash_profile-rw-r--r--. 1 pmpolicy pmpolicy 124 Sep 26 2014 .bashrcdrwx------. 2 pmpolicy pmpolicy 4096 Nov 23 2016 .scratchdrwx------. 2 pmpolicy pmpolicy 4096 Nov 23 2016 .sshdrwxrwxr-x. 3 pmpolicy pmpolicy 4096 Nov 23 2016 .subversionRESOLUTION 4:
The password for the pmpolicy user account is not known or has changed.
1 - As root reset the pmpolicy local user's password on the primary policy server: passwd pmpolicy
2 - Then re-run the /opt/quest/sbin/pmjoin_plugin command.
To test password for the pmpolicy user you can do the following:
ssh -l pmpolicypmpolicy@ipaddress's password:Last login: Thu Apr 16 13:34:06 2020 from mypolicyserver@example.comIf this is still occurring, please open up a Service Request with Technical Support and include the following data:
1 - To ensure there is just one copy of sudo on the machine and not two versions run: "which sudo" and "sudo -V"
2 - Trace of the pmjoin command. Here are the instructions:
1 - Turn on tracing of the join by doing the following: /opt/quest/sbin/pmpoljoin_plugin -z on
2 - Then run the following command again: #/opt/quest/sbin/pmjoin_plugin NAME-OF-POLICY-SERVER
3 - Attach a copy of the following files to the Service Request: /opt/quest/qpm4u/install/pmjoin_plugin_output_2020XXXX.log and /tmp/pmpoljoin_plugin.trc