I thought I had better reply again as I just got it working. I followed instructions in https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-52-01/installing/install-agents/web-agent-for-apache/install-and-configure-apache-based-agents-on-unix-linux/how-to-configure-apache-based-agents-on-unix-or-linux.html in the "On RHEL 8, perform the following steps" section, although I dont think the advice to run chmod 777 on the file /etc/sysconfig/httpd is required (works fine with chmod 644).
Contents of /etc/sysconfig/httpd are :-
NETE_WA_ROOT=/opt/ca/webagent
NETE_WA_PATH=/opt/ca/webagent
CAPKIHOME=/opt/ca/webagent/CAPKI
LD_LIBRARY_PATH=/opt/ca/webagent/bin:/opt/ca/webagent/bin/thirdparty
PATH=/opt/ca/webagent/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
output from running systemctl cat httpd.service
# /usr/lib/systemd/system/httpd.service
# See httpd.service(8) for more information on using the httpd service.
# Modifying this file in-place is not recommended, because changes
# will be overwritten during package upgrades. To customize the
# behaviour, run "systemctl edit httpd" to create an override unit.
# For example, to pass additional options (such as -D definitions) to
# the httpd binary at startup, create an override unit (as is done by
# systemctl edit) and enter the following:
# [Service]
# Environment=OPTIONS=-DMY_DEFINE
[Unit]
Description=The Apache HTTP Server
Wants=httpd-init.service
After=network.target remote-fs.target nss-lookup.target httpd-init.service
Documentation=man:httpd.service(8)
[Service]
Type=notify
Environment=LANG=C
ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
# Send SIGWINCH for graceful stop
KillSignal=SIGWINCH
KillMode=mixed
PrivateTmp=true
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/httpd.service.d/override.conf
[Service]
EnvironmentFile=/etc/sysconfig/httpd
Thanks
Rod
Original Message:
Sent: Aug 15, 2023 05:54 AM
From: Rod Allen
Subject: Re: WebAgent Configuration: Incorrect Path
Hi Mark,
I have experienced this same issue on an RHEL 8 based Linux server using Siteminder 12.8.0.7 policy server and the 12.52 SP01 CR 11 Web Agent (ca-wa-12.52-sp01-cr11-linux-x86-64.bin) . This worked fine on a RHEL 7 based system with the same software, but I cant get the WebAgent itself to start. I get this :-
[14/Aug/2023:21:28:11] [Error] SiteMinder Agent
Failed to Start the LLAWP process.
LowLevelAgent.LLAWPExec.Failed (Invalid argument)
nm: /etc/httpd/bin/httpd: no symbols
[Mon Aug 14 21:28:16.862402 2023] [sm:warn] [pid 76227:tid 140598314965312] Siteminder Web Agent: restart not supported.
[Mon Aug 14 21:28:16.863529 2023] [lbmethod_heartbeat:notice] [pid 76227:tid 140598314965312] AH02282: No slotmem from mod_heartmonitor
[Mon Aug 14 21:28:16.865993 2023] [mpm_event:notice] [pid 76227:tid 140598314965312] AH00489: Apache/2.4.37 (rocky) OpenSSL/1.1.1k configured -- resuming normal operations
[Mon Aug 14 21:28:16.866012 2023] [core:notice] [pid 76227:tid 140598314965312] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Separately I found this link (Article ID: 205981) https://knowledge.broadcom.com/external/article/205981/webagent-does-not-support-restart-with-a.html which suggests that something might be fixed in a CR12 release of the WebAgent. Do you know when a new version of the 12.52 Web Agent will be released please or do you know any other way to make it work with the dnf installed Redhat Apache (Apache/2.4.37) please?
Thanks
Rod
Original Message:
Sent: May 14, 2019 12:31 AM
From: Mark ODonohue
Subject: Re: WebAgent Configuration: Incorrect Path
The "nm" command was run on startup on the httpd binary as part of a fix so the agent could determine if the restart opiton could be used for apache/webagent (there was some bug when restart was performed, and this nm test was added to detect that condition).
In the first installed version with that fix if it failed to run the nm command the agent would give the error and then fail. Later versions (R12.52 Sp1 CR9 at least) when it does not find the binary it will give a different message - not a failure just a warning :
[14/May/2019:00:17:56] [Error] SiteMinder Agent
Failed to initialize the configuration manager.
LLAWP unable to get configuration, exiting.
nm: '/etc/httpd/bin/httpd': No such file
[Tue May 14 00:18:01.059561 2019] [sm:warn] [pid 2991] Siteminder Web Agent: restart not supported.
So if you encounter this error, and it is failing, then latter version of the agent is probably what you need.
Cheers - Mark