Troubleshooting Guide › Installing CA ControlMinder Endpoints and Server Components › Cannot Connect to selang After Installation

Cannot Connect to selang After Installation

Symptom:

After I install CA ControlMinder, I receive the following error when I try to start selang or connect to the CA ControlMinder database:

ERROR: Initialization failed, EXITING!
(localhost)
ERROR: Login procedure failed
ERROR: You are not allowed to administer this site from terminal example.com

Solution:

Terminal rules are not correctly defined. Troubleshoot the terminal rules to determine the problem.

To troubleshoot terminal rules

1. Stop CA ControlMinder:

   secons -s
   

2. Start selang in local mode:

   selang -l
   

   Note: You must be the root user to run selang in local mode on a UNIX computer.

3. Check that you have created a TERMINAL record for the local terminal (terminal_name), and that the terminal access authorities are correctly defined:

   showres TERMINAL terminal_name
   

   • If a record does not exist, create a TERMINAL record for the local terminal:

     editres TERMINAL terminal_name owner(name) defaccess(accessAuthority)
     

     Note: The owner can be either a user or a group. Because the default access for a TERMINAL record is none, we recommend that you specify a default access when you create the record to avoid locking users out of the terminal.

   • If the terminal access authorities are incorrect, define the correct access authorities for the terminal:

     authorize TERMINAL terminal_name uid(name) access(accessType)
     

4. (UNIX) Check the value of the terminal_default_ignore configuration setting in the [seosd] section.

   This configuration setting determines if CA ControlMinder considers the defaccess value of the _default TERMINAL and of the specific TERMINAL records when authorizing administrative access.

   Note: For more information about the terminal_default_ignore configuration setting, see the Reference Guide.

5. (UNIX) Check that the lookaside database reflects the terminal, as follows:
   1. Build a hostname-specific lookaside database:

      sebuilda -h
      

   2. Check that the terminal entry and the hostname are the same in the lookaside database:

      sebuilda -H | grep hostname
      

      The contents of the hosts lookaside database files are listed.

6. Start CA ControlMinder:
   • (UNIX) seload
   • (Windows) seosd -start

Note: If you still cannot start selang or connect to the CA ControlMinder database, you may have to modify the hosts file for your OS. Contact your system or network administrator for assistance.

More information:

showres Command—Display Resource Properties

authorize Command—Set Access Authorities on a Resource

sebuildla Utility—Create a Lookaside Database

Defining User Authority to Use Terminals