Novell IFOLDER 3.7 - SECURITY ADMINISTRATION Скачать руководство пользователя страница 197 | Manualshive

Страница: 197 / 216

background image

Managing SSL Certificates for Apache

F

197

no

vd

ocx

(e

n)

13

Ma
y 20

09

F

Managing SSL Certificates for
Apache

This section discusses how to acquire and manage SSL certificates for your Novell

®

iFolder

®

3.7

servers.

Section F.1, “Generating an SSL Certificate for the Server,” on page 197

Section F.2, “Generating a Self-Signed SSL Certificate for Testing Purposes,” on page 198

Section F.3, “Configuring Apache to Point to an SSL Certificate on an iFolder Server,” on
page 198

Section F.4, “Configuring Apache to Point to an SSL Certificate on a Shared Volume for an
iFolder Cluster,” on page 199

Section F.5, “Configuring Apache to Point to an SSL Certificate on a NSS Volume for an
iFolder Cluster,” on page 200

F.1 Generating an SSL Certificate for the Server

Using SSL requires that you install an SSL certificate form on each iFolder enterprise server, Web
Admin server and Web Access server in your domain. Users accept the certificates to enable
communications with the servers.

The certificate can be a self-signed certificate or a certificate froma trusted certificate authority. A
self-signed certificate is usually used only for internal iFolder services, where the server’s identity is
not likely to be spoofed. The trusted CA signature on the certificate attests that the public key
contained in the certificate belongs to the person, organization, server, or other entity noted in the
certificate. It assures users that they are accessing a valid, non-spoofed resource. If the information
does not match or the certificate has expired, an error message warns the user.

Browsers are typically preconfigured to trust well-known certificate authorities. If you use a
Certificate Authority that is not configured into browsers by default, it is necessary to load the
Certificate Authority certificate into the browser, enabling the browser to validate server certificates
signed by that Certificate Authority.

To acquire SSL certificates for use in an operational public-key infrastructure (PKI), use one of the
following methods, depending on your network needs:

Use the self-signed certificate that is created and enabled for the server by default during the
server install.

Use the services of a third-party certificate authority to get trusted certificate, then use it instead
of accepting the default certificate during the sever install.

«
...
195
196
197
198
199
...
»

Содержание IFOLDER 3.7 - SECURITY ADMINISTRATION

Страница 1: ...Novell www novell com novdocx en 13 May 2009 AUTHORIZED DOCUMENTATION OES 2 SP1 Novell iFolder 3 7 Administration Guide iFolder 3 7 December 2008 Administration Guide...

Страница 2: ...over Texts A copy of the GFDL can be found at the GNU Free Documentation Licence http www fsf org licenses fdl html THIS DOCUMENT AND MODIFIED VERSIONS OF THIS DOCUMENT ARE PROVIDED UNDER THE TERMS OF...

Страница 3: ...man Street Suite 500 Waltham MA 02451 U S A www novell com Online Documentation To access the online documentation for this and other Novell products and to get updates see The Novell Documentation We...

Страница 4: ...marks For a list of Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the p...

Страница 5: ...1 4 4 The iFolder Client 21 1 4 5 Multi Server Support 21 1 4 6 Encryption 21 1 4 7 Shared iFolders 21 1 4 8 iFolder Access Rights 22 1 4 9 Account Setup for Enterprise Servers 22 1 4 10 Access Authen...

Страница 6: ...sites and Guidelines 47 5 1 File System 47 5 2 Enterprise Server 47 5 2 1 Prerequisites for the Operating System 48 5 2 2 Installation Guidelines for Using an NSS Volume to Store iFolder Data 48 5 2 3...

Страница 7: ...96 6 13 Uninstalling the iFolder 3 7 Enterprise Server 96 6 14 What s Next 96 7 Migrating iFolder Services 99 8 Running Novell iFolder in a Virtualized Environment 101 8 1 What s Next 101 9 Managing...

Страница 8: ...37 10 7 2 Configuring the SSL Cipher Suites for the Apache Server 138 10 7 3 Configuring the Web Admin Server for SSL Communications with the Enterprise Server 138 10 7 4 Configuring the Web Admin Ser...

Страница 9: ...oved from the Server 165 A 9 Samba Connection to the Remote Windows Host Times out 165 A 10 Exception Error while Configuring iFolder on a Samba Volume 165 A 11 Giving Slash at the End of the Default...

Страница 10: ...iFolder Cluster 200 G Frequently Asked Questions 203 G 1 iFolder 3 7 Server 203 G 1 1 Is iFolder 3 7 supported on a 64 bit OS 203 G 1 2 Is iFolder going to support non eDirectory related platforms as...

Страница 11: ...209 H 6 iFolder User Access Support 209 H 7 Management Tools Support 210 I Documentation Updates 211 I 1 October 2008 211 I 1 1 iFolder 3 7 Configuration 211 I 1 2 Installing iFolder Clients Through N...

Страница 12: ...12 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 13: ...via Web Admin on page 121 Chapter 11 Managing iFolder Users on page 141 Chapter 12 Managing iFolders on page 149 Chapter 13 Managing an iFolder Web Access Server on page 157 Appendix A Troubleshootin...

Страница 14: ...rver documentation http www novell com documentation oes index html Novell eDirectoryTM 8 8 documentation http www novell com documentation edir88 Novell iManager 2 7 documentation http www novell com...

Страница 15: ...Next on page 23 1 1 Benefits of iFolder for the Enterprise Benefits of iFolder to the enterprise include the following Section 1 1 1 Seamless Data Access on page 15 Section 1 1 2 Data Safeguards and...

Страница 16: ...the iFolder server where it immediately becomes available for an organization s regular network backup operations iFolder makes it easier for IT managers to ensure that all of an organization s criti...

Страница 17: ...e most up to date version of their documents from any connected desktop laptop Web browser or handheld device In preparation to travel or work from home users no longer need to copy essential data to...

Страница 18: ...ver and any other workstations that share the iFolder iFolder works seamlessly behind the scenes to ensure that data is protected and synchronized 1 1 12 LDAPGroup Support Provisioning and de provisio...

Страница 19: ...f users and data transfer bandwidth Transparently updates a user s iFolder files to the iFolder enterprise server and multiple member workstations with the iFolder client Tracks and logs changes made...

Страница 20: ...zed at regular intervals with the LDAP directory services Local files are automatically backed up to the server at regular intervals and on demand iFolder data on the server can be backed up to backup...

Страница 21: ...they are logged in to their server accounts or if they are connected to the network or Internet The iFolder client allows users to create and manage their iFolders For information see the OES 2 SP1 N...

Страница 22: ...ed or assigned to a new owner Full Control A member of the shared iFolder with the Full Control access right The user with the Full Control right has Read Write access to the iFolder and manages membe...

Страница 23: ...onize the files at specified intervals or on demand 1 4 12 Synchronization Log The log displays a log of your iFolder background activity 1 4 13 iFolder Client APIs As part of the iFolder project APIs...

Страница 24: ...24 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 25: ...you added another user to the system iFolder 3 7 provides you multi server and multi volume support to enhance the storage capability of it s servers Multi Volume feature is exempt from the single iF...

Страница 26: ...ight differ Table 2 1 Suggested Baseline Configuration for an iFolder Enterprise Server If iFolder server is serving large number of requests it is possible that for some requests you may receive HTTP...

Страница 27: ...idp html a2iiie7 in the Novell eDirectory 8 8 Administration Guide 2 4 Admin User Considerations During the iFolder install iFolder creates two Administrator users the iFolder Admin user and the iFold...

Страница 28: ...user password is stored in reversible encrypted form in the Simias database on the iFolder server After you change the iFolder Proxy user ensure that you restart Apache When you initially configure t...

Страница 29: ...hen the LDAP synchronization occurs New users are added to the list of iFolder users Deleted users are removed from the list of iFolder users This might create orphaned iFolders if the deleted user ow...

Страница 30: ...to the list of iFolder users Deleted LDAPGroups are removed from the list of iFolder users This might create orphaned iFolders if the deleted LDAPGroup owned any iFolders If by mistake LDAPGroup is de...

Страница 31: ...total space consumed by the iFolders the user owns If the user participates in other iFolders the space consumed on the server is billed to the owner of that iFolder You can set quotas at the system...

Страница 32: ...e only key file types used for your business or exclude files that are likely unrelated to business such as mp3 files Operating System Files You should not convert system directories to iFolders Most...

Страница 33: ...Folder Plug In for YaST Purpose Tasks iFolder 3 Use this function to configure the following parameters for the iFolder enterprise server LDAP server name LDAP admin DN and password iFolder system nam...

Страница 34: ...t to a supported language such as English Additional Information For additional information see the Novell iManager 2 7 Administration Guide http www novell com documentation imanager27 2 7 3 Web Acce...

Страница 35: ...a Response file iFolder Merge Improved file conflict management Enhanced Web administration 3 2 What s New in Novell iFolder 3 6 OES 2 0 Linux The following features are new in iFolder 3 6 for OES 2...

Страница 36: ...urity Manager Support for the OES patch channel 3 5 What s New in Novell iFolder 3 0 OES Linux Novell iFolder 3 0 includes several important new features Multiple iFolders A user creates as many iFold...

Страница 37: ...ased Administration Administrators manage iFolder services with the Novell iFolder 3 plug in to Novell iManager which is the central management console for Novell Open Enterprise Server The tool suppo...

Страница 38: ...38 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 39: ...er Admin html You can also access the iFolder Administration tool from iManager by selecting iFolder 2 x from Roles and Tasks Novell iFolder 3 7 Web Admin http serveraddress admin Automatic provisioni...

Страница 40: ...ical maximum file size depends on the server s and clients local file systems Maximum number of directories 32 765 No software restrictions depends on the server s and clients local file systems Multi...

Страница 41: ...count Authenticated access Yes using the Admin username and password for the iFolder Management tool Yes The Admin user logs in to iManager then must use credentials equivalent to the iFolder Admin us...

Страница 42: ...userid ifolder userid Macintosh Not supported home username Connect to server Log in to one account at a time Set up accounts for multiple iFolder servers and log in to one or more as desired Authenti...

Страница 43: ...ined by who has access to the password for that username and its iFolder account Yes as the owner user or a member user with the Full Control right For each iFolder specify a list of users For each me...

Страница 44: ...ch iFolder but the total combined administrative quotas for all owned iFolders cannot exceed the user s quota or the system wide quota if there is no user quota An iFolder member can specify a quota f...

Страница 45: ...3 7 allows management from any location using a standard Web browser Feature or Capability Novell iFolder 2 x Web Access Novell iFolder 3 7 Web Access Web Access method For iFolder 2 1 4 and earlier t...

Страница 46: ...n via your LDAP server Yes with username and password authentication via your LDAP server Encrypted data transfer Yes with the encrypted iFolder option The Blowfish algorithm is applied with a user sp...

Страница 47: ...ise Server IMPORTANT Do not install any of the following service combinations on the same server Although not all of the combinations cause pattern conflict warnings Novell does not support any of the...

Страница 48: ...all and configuration to comply with the following guidelines In YaST on the Installation Settings page reconfigure the Partitioning settings as needed to support using NSS Specify a ReiserFS default...

Страница 49: ...ing a Linux POSIX Volume to Store iFolder Data In YaST specify an Ext3 or ReiserFS partition as your system device Optional Modify the Software components to add the iFolder 3 components to the instal...

Страница 50: ...onent of Novell Open Enterprise Server IMPORTANT Ensure that you select Use eDirectory Certificate for HTTPS services option in the eDirectory configuration for a proper SSL communication between the...

Страница 51: ...en source effort led by Novell and is the foundation for many new applications For information about Mono see the Mono Project Web site http www mono project com Main_Page The required version of Mono...

Страница 52: ...pported The Mono modules you need for this release are included on the iso files for iFolder 3 7 Make sure you have installed the latest critical updates for your operating system or NET 5 8 Web Brows...

Страница 53: ...6 13 Uninstalling the iFolder 3 7 Enterprise Server on page 96 Section 6 14 What s Next on page 96 6 1 Installing iFolder on an Existing OES 2 Linux SP1 Server We recommend that you install iFolder af...

Страница 54: ...ure that you are logged in as the root user before performing the installation and configuration procedure 3 In the left menu select Open Enterprise Server OES Install and Configuration A window displ...

Страница 55: ...m right of the screen 7 When the installation is complete either close YaST or continue with one or all of the following as needed Section 6 2 Deploying iFolder Server on page 55 Section 6 3 Configuri...

Страница 56: ...or open a terminal console enter su then enter the root password 3 Start YaST follow the YaST on screen instruction to finish the installation For more information see Step 1 on page 53 through Step...

Страница 57: ...min to configure iFolder Web Admin server This option lets you create and configure settings for the Administrator user The iFolder Admin user is the primary administrator of the iFolder Enterprise Se...

Страница 58: ...e sensitive address of the location where the iFolder enterprise server stores iFolder application files as well as the users iFolders and files For example var simias data simias This location cannot...

Страница 59: ...st or IP Address Specify the private URL corresponding to the iFolder server to allow communication between the servers within the iFolder domain The Private URL and the Public URL can be the same NOT...

Страница 60: ...r information IMPORTANT You must ensure that the server you install and the current iFolder domain are in the same LDAP tree Private URL of the Master Server Specify the private URL of the Master iFol...

Страница 61: ...r Admin user again LDAP Proxy User Specify the full distinguished name of the LDAP Proxy user For example cn iFolderproxy o acme This user must have the Read right to the LDAP service The LDAP Proxy u...

Страница 62: ...t is not present the iFolder installation fails LDAP Naming Attribute Select which LDAP attribute of the User account to apply when authenticating users Each user enters a Username in this specified f...

Страница 63: ...dmin application The iFolder Web Admin application manages this host Connect to iFolder server using SSL This option is selected by default to establish a secure connection between iFolder enterprise...

Страница 64: ...host or IP address of the iFolder server that will be used by the iFolder Web Admin application Specify the host or IP address of the iFolder Enterprise Server to be used by the iFolder Web Access app...

Страница 65: ...rred error message within the iManager plug in this is a sure sign that you have not set up file system trustee rights within NSS properly 6 2 2 Configuring the iFolder Slave Server To deploy iFolder...

Страница 66: ...onfigure iFolder Web Access server This option lets you configure the Web Access server which is an interface that lets users have remote access to iFolders on the enterprise server The Web Access ser...

Страница 67: ...TPS secure communication channel However all components can also be configured to use HTTP channel iFolder Port to Listen On Specify the port for the iFolder to Listen On Port 80 is the default Instal...

Страница 68: ...ctive Directory is the LDAP source ensure that the iFolder Proxy user is created using Active Directory tools before you specify it here NOTE LDAP Proxy user and LDAP proxy user Password options are d...

Страница 69: ...an Apache alias to point to the iFolder Web Access application This is an admin friendly pointer for the Apache service For example access The host or IP address of the iFolder server that will be us...

Страница 70: ...Apache alias that will point to the iFolder Web Admin Application Specify the Apache alias to point to the iFolder Web Admin Application This is a user friendly pointer for the Apache service For exam...

Страница 71: ...the Web Admin server application opt novell ifolder3 bin ifolder admin setup For more information on this see Section 6 4 Configuring the iFolder Web Admin Server on page 73 3 To change the IP addres...

Страница 72: ...ssing iFolder services on the specified iFolder 3 enterprise server For example ifolder iFolder Server URL Specify the host or IP address of the iFolder Enterprise Server to be used by the iFolder Web...

Страница 73: ...upports and the user friendly URL that users enter in their Web browsers to access it IMPORTANT If you install iFolder with OES 2 0 Linux the same parameters described in this procedure are available...

Страница 74: ...or IP address of the iFolder Enterprise Server to be used by the iFolder Web Admin application This Web Admin application performs all the user specific iFolder operations on the host that runs the i...

Страница 75: ...Novell iManager 2 7 After it is installed this plug in is named Novell iFolder 3 in the iManager Roles and Tasks list Make sure you meet prerequisites then use one of the methods for installing the iF...

Страница 76: ...figured If you do not have Role Based Services RBS configured for Novell eDirectoryTM install the iFolder Manager Module as follows 1 In a Web browser log in to iManager on the iFolder server where yo...

Страница 77: ...ng command at the terminal console etc init d apache2 restart 7 Click the Configure icon 8 Under Role Based Services select RBS Configuration The table on the Collections tabbed page displays modules...

Страница 78: ...the key owner the corresponding public key and the electronic signature of the person or entity issuing the certificate The iFolder Recovery Agents are examples of one kind of CA Public Key Infrastruc...

Страница 79: ...cannot currently offer the background infrastructure that allow continuous update of certificates and CRLs To set up a small PKI you can use the available YaST modules However you should use commerci...

Страница 80: ...ong other things are derived from this name you must use only the characters listed in the help The technical name is also displayed in the overview when the module is started Common Name Enter the na...

Страница 81: ...client certificates the hostname of the server must be entered in the Common Name field The default validity period for certificates is 365 days This section discusses creating self signed certificate...

Страница 82: ...ation for creating the certificates in the dialog boxes The following table summarizes the decisions you make CA Settings Description Common Name Enter the name of the CA E Mail Address You can enter...

Страница 83: ...imum length of five characters To confirm re enter it in the next field Key Length bit Select the key length of minimum value of 512 and a maximum value of 2048 iFolder supports only 512 1024 and 2048...

Страница 84: ...guration If the certificate is expired you need to load the new certificates again to this location For more information on this see Path to the Recovery Agent Certificates optional on page 58 8 Resta...

Страница 85: ...where iFolder is installed 2 Run KeyRecovery or KeyReovery exe based on the platform you use and follow the on screen instructions The following table summarizes the decisions you make 3 Send the dec...

Страница 86: ...e accepted By default the new certificate is accepted in the server side In the front end the browser is updated automatically when the server is updated with the new certificate 6 7 Accessing iManage...

Страница 87: ...select Authenticate Using Current iManager Credentials 6b If you logged in to iManager with a different username than the iFolder Admin user of the Web Admin leave the check box Authenticate Using Cu...

Страница 88: ...ending LDAP User Objects for iFolder 3 7 To enable LDAP attribute based provisioning you must Extend the LDAP user schema with the iFolderUserProvision auxiliary object class with iFolderHomeServer as...

Страница 89: ...in o novell w secret u cn abc o novell s xyz c secret i 10 10 10 10 6 9 Distributing the iFolder Client to Users After you configure iFolder services on the enterprise server users can download the in...

Страница 90: ...exe iFolder 3 7 Windows Client 64 bit Windows Vista NOTE To install Vista right click and select the option Install as Administrator ifolder3 windows x64 exe iFolder 3 7 Macintosh Client Macintosh v1...

Страница 91: ...th little or no user interaction you can use the Auto account creation feature iFolder Auto account creation facility provides you an user friendly XML based response file that helps you create accoun...

Страница 92: ...nt displays with the server name pre populated with the value from the response file The user should give the rest of the information in the iFolder Account Assistant IMPORTANT Regardless of whether a...

Страница 93: ...server user id user id Parameter Possible Values Default Value default user account True false True for the first account and false for the remaining accounts server IP address Mandatory field no defa...

Страница 94: ...an follow the method best suited to your needs 1 Use the ZenWorks deployment manager to distribute and install the iFolder client 2 Depending on the platform used on the client machine that had the iF...

Страница 95: ...sted channel please see documentation for ZENworks Linux Management Updating the Version Configuration Files 1 Copy the filename and version number given in the patch description 2 Open a terminal con...

Страница 96: ...r 3 7 enterprise server rpm file Uninstalling iFolder 3 7 software does not remove the Simias store including the config files available in the etc apache2 conf d When the server is re installed each...

Страница 97: ...13 May 2009 Provisioned iFolder users can install the Novell iFolder 3 6 client on their workstations create iFolders and share iFolders with other authorized Novell iFolder users For information see...

Страница 98: ...98 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 99: ...on OES 1 Linux or on Netware to Novell iFolder 3 7 running on the OES 2 Linux SP1 platform Migration can be done either through the GUI Migration Tool or through the command line utilities To get sta...

Страница 100: ...100 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 101: ...r virtualization_basics data b9km2i6 html in the Getting Started with Virtualization Guide http www novell com documentation vmserver virtualization_basics data front_html html For information on sett...

Страница 102: ...102 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 103: ...om File System Backup on page 114 Section 9 9 Moving iFolder Data from One iFolder Server to Another on page 116 Section 9 10 Changing The IP Address For iFolder Services on page 117 Section 9 11 Secu...

Страница 104: ...ents are recorded at run time Its parameters are based on but not compliant with the Apache Logging Services http logging apache org log4net The following parameters are modifiable Parameters Descript...

Страница 105: ...top the iFolder server etc init d apache2 stop 3 Stop the iFolder mono process if running pkill mono 4 Use your normal file system backup procedures to back up all the Data Stores Level of Simias Serv...

Страница 106: ...ave modified in their iFolders since the time of the last backup After the iFolder server is restored they can copy these files or directories back into their respective iFolders 1 Notify users to sav...

Страница 107: ...ard System Independent Data Format SIDF The TSA for iFolder TSAIF provides an implementation of the SMS API for an iFolder store Backup applications such as nbackup 1 can make use of its features by w...

Страница 108: ...ete it from the server using a client or the iFolder Web Admin console or Web Access console Deleting the iFolder is not necessary to restore any or all of the files in the iFolder the difference is i...

Страница 109: ...user interface The ID would need to be displayed to the backup administrator only when two Collections or two Collection owners have the same name and the backup administrator wants to perform an ope...

Страница 110: ...loaded All long options options that have the format optionname are case insensitive Option Command help Displays the options supported by the TSA ReadBufferSize This is the amount of data Bytes read...

Страница 111: ...witch The default value is 2 CacheMemoryThreshold This is used to specify the percentage of available server memory that the TSA can utilize to store cached data sets This represents a maximum percent...

Страница 112: ...quivalent system user for bothe back up and restore 9 7 8 TSAIF and NBackup Examples The following examples show how to perform typical TSAIF backup and restore operations using NBackup target type ta...

Страница 113: ...ner collection nbackup xvf full sidf U root P password target type ifolder extract dir owner collection If you are restoring an entire iFolder and want to ensure that it is in the exact state it was i...

Страница 114: ...yDir1 MyDir2 MyFile to tmp MyFile IMPORTANT Do not restore the file to its original location or to any location under the Simias store directory 3 Compress and send the entire folder MyiFolder to the...

Страница 115: ...er Only an iFolder user can create iFolder database on the server To upload the recovered files and directories user need to create a database iFolder store on the iFolder server Once a database is cr...

Страница 116: ...ummy files or directories with the restored files or directories 5 Set the permissions for the files or directories to the apache user or the apache group for example wwwrun www 6 Have the iFolder own...

Страница 117: ...service IP address only by reconfiguring the iFolder service either through YaST or command line When you reconfigure the iFolder services you must ensure that the current data Store path is not chang...

Страница 118: ...the cipher suite to use establishes and shares a session key between client and server authenticates the server to the user and authenticates the user to the server The key exchange method defines how...

Страница 119: ...r SSL Communications with the LDAP Server By default the iFolder enterprise server is configured to communicate via SSL with the LDAP Server For most deployments this setting should not be changed If...

Страница 120: ...ed for performance reasons If the iFolder deployment is in larger scale and the Web Access server or Web Admin server are on different machine than the iFolder enterprise server you can reconfigure to...

Страница 121: ...le com with the actual DNS name or IP address such as 192 168 1 1 of the server where iManager is running This might be the same server as your iFolder server IMPORTANT The URL is case sensitive 2 If...

Страница 122: ...for the target server NOTE You cannot manage Novell iFolder 2 x servers with the Novell iFolder 3 Web Admin To connect to the iFolder server you want manage 1 If you are not logged in to iManager log...

Страница 123: ...Admin users page 7 Continue with Section 10 4 Managing Web Admin Console on page 124 When you are done managing the iFolder server click logout located in the upper right corner or close your Web bro...

Страница 124: ...plays the user s type Admin user or user username user s full name if available the server to which the user is provisioned and the user status Enabled or Disabled 2 Use the search functionality to lo...

Страница 125: ...n 10 5 1 Viewing and Modifying iFolder System Information on page 125 Accessing Servers Page 1 In the Web Admin console click the Servers tab 2 Use the search functionality to locate the Server you wa...

Страница 126: ...l the changes made click Cancel Enable SSL Select the check box to enable the SSL communication among the iFolder Servers iFolder client iFolder Web Access console and iFolder Web Admin console Total...

Страница 127: ...s The user s movement can be tracked anywhere in the tree because it is known by the GUID not the user DN The iFolder Admin right can be assigned to other users so that they can also manage iFolder se...

Страница 128: ...ed in the list of users with the iFolder Admin right You can assign the iFolder Admin right to multiple users Removing the iFolder Admin Right for a User You can delete the iFolder Admin right from al...

Страница 129: ...chronize Excluded Files Specifies a list of file types to include or to exclude from synchronization for all iFolders on the system For example to block all mp3 files you need to specify mp3 Synchroni...

Страница 130: ...o enable the Maximum File Size Limit policy then specify the maximum allowed file size in MB Consider the following demands on your system to determine an appropriate file size limit for iFolders in y...

Страница 131: ...em policy default of zero unless there is a user policy set If a user policy is set the user policy overrides the system policy whether the user policy is larger or smaller in value The local machine...

Страница 132: ...nformation Parameter Description Name The name assigned to the iFolder enterprise server Type The host portion of the DNS name of the server For example in if3svr example com if3svr is the host name D...

Страница 133: ...issues Debug Shows the server activities that help Novell support debug the issues Info Shows the basic server activities that help Novell support resolve the issues This option is selected by defaul...

Страница 134: ...ain and all the user iFolders become orphans Disabled users are never deleted automatically after the grace interval period The users continue to exist in a disabled state even after the grace interva...

Страница 135: ...provides privilege separation and is also important because the proxy user password is stored in the file system on the iFolder server Specify the fully distinguished name of an existing user that you...

Страница 136: ...cn dbgroup o acme To edit a value select it make your changes then click OK to apply the changes During LDAP synchronization the iFolder server queries the LDAP server to retrieve a list of users in t...

Страница 137: ...erface to enable reporting and generate reports for iFolder and Directories It generate reports based on the frequency you select 1 Select Enable Reporting to enable reporting 2 Select the frequency f...

Страница 138: ...eNULL 3 Modify the plus to a minus in front of the ciphers you want to disable and make sure there is a not before ADH SSLCipherSuite ALL ADH RC4 RSA HIGH MEDIUM LOW SSLv2 EXP eNULL 4 Save your chang...

Страница 139: ...ers are on different machines If the two servers are running on the same machine and you want to disable SSL rerun the YaST configuration and specify http localhost as the URL for the enterprise serve...

Страница 140: ...write command lines For example LoadModule rewrite_module usr lib apache2 mod_rewrite so RewriteEngine On RewriteCond HTTPS on RewriteRule ifolder https SERVER_NAME ifolder 1 R L 3 Start the iFolder W...

Страница 141: ...r s LDAPGroups If LDAP home server attribute is set user is provisioned based on that If all of the above cases fail to provision the user iFolder automatically select a server in the iFolder system a...

Страница 142: ...he users across different servers in any given iFolder domain 1 Log in to the iFolder Web Admin console and open Users page 2 Perform the following Locate and select the users then click Provision to...

Страница 143: ...me should help you locate the user Type Shows the member type of the user currently logged in If the user is an individual user the interface also display an option for User Groups If the user is a me...

Страница 144: ...lick Enable to enable the iFolder This allows the user to log in and synchronize iFolders 3 Click Disable to disable the iFolder 4 If the user is logged in when you make this change the user s session...

Страница 145: ...the difference between any space restrictions on the account and the space currently in use If no quota is in effect the value is No Limit Effective Effective space allocated on the server File size...

Страница 146: ...er ones Interval If a user policy is set it overrides the system policy whether the user s interval is shorter or longer in value Effective Specifies the current synchronization interval For example i...

Страница 147: ...elect Limit if there is no individual user quota or to accept the system wide quota for the selected user account Select Limit to enforce a user quota then specify the total space quota in MB for the...

Страница 148: ...m On and Enforced On Select On to enable Encryption With this user is allowed to set encryption policy for his or her iFolder files User will have the control over the sharing of his iFolder data Enfo...

Страница 149: ...older on page 151 Section 12 1 6 Managing iFolder Policies on page 153 Section 12 1 7 Enabling and Disabling an iFolder on page 155 12 1 1 Accessing the iFolders Details Page 1 Use the search function...

Страница 150: ...its details change the owner configure its policies share the iFolder or modify members access rights Owner The username of the owner of the selected iFolder For orphaned iFolders the iFolder Admin us...

Страница 151: ...e accepts the iFolder on at least one computer After the user accepts the invitation and sets up the iFolder the user shows up in the member list But with iFolder 3 7 and above versions if you add the...

Страница 152: ...eck box next to the member user s name Capabilities Owner Full Control Read Write Read Only Transfer ownership of an iFolder to another iFolder user Yes No No No Set a quota for the iFolder Yes No No...

Страница 153: ...d iFolder you want to manage 3 Click the iFolder name link to open the iFolder Details page Under the title iFolder details the iFolder details page display the property Orphan Yes 4 Click Adopt to se...

Страница 154: ...ective View only Reports effective space available on the server for the iFolder data File Size Limit Specifies the maximum total file size in MB that an iFolder user is allowed to use across all iFol...

Страница 155: ...minimum synchronization interval specifies the minimum interval in minutes that a user s client can check iFolder data on the server and local iFolders to identify files that need to be downloaded or...

Страница 156: ...iFolder 3 7 Administration Guide novdocx en 13 May 2009 NOTE Disabling synchronization temporarily as opposed to deleting or disabling the entire user account turns off the ability of the selected iF...

Страница 157: ...reboot the system or whenever you start Apache services As a root user enter the following command at the terminal console etc init d apache2 start 13 2 Stopping iFolder Web Access Services iFolder s...

Страница 158: ...th the default settings in the webaccess Web config file for Web Access httpRuntime executionTimeout 720 maxRequestLength 1048576 To modify the httpRuntime parameters 1 Stop iFolder 2 Set the httpRunt...

Страница 159: ...ection 13 5 5 Configuring an SSL Certificate for the Web Access Server on page 161 For information on how to configure SSL traffic on the iFolder enterprise server see Section 9 11 Securing Enterprise...

Страница 160: ...tag add key SimiasUrl value https localhost add key SimiasCert value raw certificate data in base 64 encoding If you disable SSL between Web Access server and the enterprise server and if the two ser...

Страница 161: ...e2 mod_rewrite so RewriteEngine On RewriteCond HTTPS on RewriteRule ifolder https SERVER_NAME ifolder 1 R L To disable the requirement for SSL connections you can comment out these Rewrite command lin...

Страница 162: ...162 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 163: ...Section A 10 Exception Error while Configuring iFolder on a Samba Volume on page 165 Section A 11 Giving Slash at the End of the Default iFolder Path Creates Corrupted iFolder on page 165 Section A 12...

Страница 164: ...older throws a null exception error when you attempt to restore all the backed up iFolder data in debug mode consider the following cause iFolder does not support restoring all the backed up files How...

Страница 165: ...a port to the list of permitted ports in the firewall configuration A 10 Exception Error while Configuring iFolder on a Samba Volume If iFolder server throws an exception when you configure the iFolde...

Страница 166: ...ons You must enable the SSL for iFolder Web Admin server For more informations see Require Server SSL on page 74 You must also provide the correct IP address instead of specifying localhost in the iFo...

Страница 167: ...imias config file The default location is var lib wwwrun local share Simias config Ensure that you know the iFolder Proxy user password 2 Open a terminal console and enter opt novell ifolder3 bin simi...

Страница 168: ...168 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 169: ...page 170 Section B 6 LDAP SSL Certificate on page 170 Section B 7 Novell iFolder Admin User on page 170 Section B 8 Novell iFolder with iChain and the Access Gateway on page 171 B 1 Loading Certifica...

Страница 170: ...mation during the YaST configuration B 4 Using a Single Proxy User for a Multi Server Setup By default each server creates its own Proxy user for role separation However you can use single Proxy user...

Страница 171: ...h of these products are not configured by default You must use CLI to update the logout URL for both iFolder 3 7 Web Admin and iFolder 3 7 Web Access configuration work successfully with iChain or the...

Страница 172: ...172 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 173: ...ring iFolder 3 7 Services Each node in your iFolder 3 7 cluster must satisfy the following requirements Prerequisites and Guidelines on page 47 for iFolder 3 7 Prerequisites and requirements for Novel...

Страница 174: ...iven below 2a Ensure that the shared resource is mounted on the Master node For example media nss NSSVOL Mounting will not be done if the resource is on a different node Migrate that resource to the M...

Страница 175: ...lias on all nodes when you configure them later For the iFolder Server URL specify SSL by using https in the URL and specify a URL that points to the IP address used for the cluster resource or a DNS...

Страница 176: ...the iFolder 3 7 Cluster Resource In iManager Roles and Tasks expand the Clusters role then click Cluster Manager to manage the iFolder 3 7 resource and bring it online For information see Managing Clu...

Страница 177: ...e uses the NSS file system use the following load script as a guide NSS File System Sample Load Script mount the file system MYPOOL is the name of your NSS pool MYVOL is the name of your NSS volume ns...

Страница 178: ...int MOUNT_POINT mnt ifolder stop iFolder ignore_error mod mono server filename tmp mod_mono_server_simias10 terminate ignore_error mod mono server filename tmp mod_mono_server_admin terminate ignore_e...

Страница 179: ...NSS volume umount media nss MYVOL nss pooldeactivate MYVOL return status exit 0 C 7 3 Troubleshooting Linux does not allow you to umount a volume if any file is currently open If your system is going...

Страница 180: ...e System If your shared volume uses a Linux POSIX file system use the following monitor script as a guide bin bash opt novell ncs lib ncsfuncs function check_ifolder result ps f U wwwrun awk mod mono...

Страница 181: ...tor script as a guide define the IP address RESOURCE_IP a b c d check the file system MYPOOL is the name of your NSS pool exit_on_error status_fs dev evms MYPOOL opt novell nss mnt pools MYPOOL nsspoo...

Страница 182: ...182 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 183: ...at has users provisioned to it from an iFolder domain 1 Reprovision all the users on the slave server to a different server 2 In the slave server open a terminal prompt 3 Enter rcapache2 stop to bring...

Страница 184: ...184 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 185: ...ection section name Server setting name Name value npsdt val 3 setting name PublicAddress value https 192 168 1 1 443 simias10 setting name PrivateAddress value https 192 168 1 1 443 simias10 setting...

Страница 186: ...cation setting name LdapUri value ldaps 192 168 1 1 setting name ProxyDN value cn iFolderProxy o novell section section name LdapProvider setting name NamingAttribute value cn setting name Search Cont...

Страница 187: ...ntil we need it webServices soapExtensionTypes add type DumpExtension extensions priority 0 group 0 add type EncryptExtension extensions priority 1 group 0 soapExtensionTypes webServices authenticatio...

Страница 188: ...Settings configuration E 3 Web config File for the Web Admin Server By default the Web config file for Web Admin server is in the opt novell ifolder3 lib simias admin The following is an example of a...

Страница 189: ...s so that you do not display application detail information to remote clients customErrors defaultRedirect Error aspx mode On AUTHENTICATION This section sets the authentication policies of the applic...

Страница 190: ...r every page within an application Set trace enabled true to enable application trace logging If pageOutput true the trace information will be displayed at the bottom of each page Otherwise you can vi...

Страница 191: ...rAdmin httpHandlers GLOBALIZATION This section sets the globalization settings of the application globalization requestEncoding utf 8 responseEncoding utf 8 system web appSettings add key SimiasUrl va...

Страница 192: ...this creates a larger file that executes more slowly you should set this value to true only when debugging and to false at all other times For more information refer to the documentation about debugg...

Страница 193: ...ralized authentication service provided by Microsoft that offers a single logon and core profile services for member sites authentication mode Forms forms name iFolderWeb loginUrl Login aspx timeout 2...

Страница 194: ...ilable a session can be tracked by adding a session identifier to the URL To disable cookies set sessionState cookieless true sessionState mode InProc cookieless false timeout 30 GLOBALIZATION This se...

Страница 195: ...Configuration Files 195 novdocx en 13 May 2009 location location path ICLogout aspx system web authorization allow users authorization system web location configuration...

Страница 196: ...196 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 197: ...hority A self signed certificate is usually used only for internal iFolder services where the server s identity is not likely to be spoofed The trusted CA signature on the certificate attests that the...

Страница 198: ...formation about how to manage and update certificates see Managing X 509 Certification http www novell com documentation sles10 sles_admin data cha_yast_ca html in the SUSE Linux Enterprise Server 10...

Страница 199: ...the Apache server F 4 Configuring Apache to Point to an SSL Certificate on a Shared Volume for an iFolder Cluster 1 Mount the shared volume At a terminal console enter mnt dev sda1 mnt ifolder3 Repla...

Страница 200: ...ey key file and the certificate cert file or the pem file to a location on the mounted NSS volume At a terminal console enter cp filename key media nss VOL1 ifolder3 sharedkey filename key cp filename...

Страница 201: ...x en 13 May 2009 SSLCertificateFile media nss VOL1 ifolder3 sharedkey filename pem WARNING Ensure that there are no duplicate entries for SSLCertificateKeyFile and SSLCertificateFile in the Apache SSL...

Страница 202: ...202 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Страница 203: ...iFolder 3 7 supported on a 64 bit OS on page 203 Section G 1 2 Is iFolder going to support non eDirectory related platforms as an identity source on page 203 Section G 1 3 Because iFolder is developed...

Страница 204: ...more information see Section 6 9 2 Downloading the iFolder Client on page 89 G 2 3 Can I use the iFolder 2 x client to connect to an iFolder 3 7 server No However iFolder 3 7 supports client side mig...

Страница 205: ...nt console for iFolder 3 7 on page 205 Section G 3 2 What are the new features in the Web Admin console on page 205 Section G 3 3 Can the administrator control the ability to encrypt iFolder files on...

Страница 206: ...tion see Section 2 5 iFolder User Account Considerations on page 29 G 3 5 Can the administrator control the ability to share files No A future version of iFolder will support this feature G 3 6 How ca...

Страница 207: ...Version Type Description 3 0 Bundled A new code base in this next generation version supports multiple iFolders and member based sharing For information see Section 3 5 What s New in Novell iFolder 3...

Страница 208: ...ut it does not support NSS volumes because of a kernel defect Requires a Mono update Yes but it does not support NSS volumes because of a kernel defect Requires a Mono update No No OES SP1 Linux No Ye...

Страница 209: ...Web Server 3 0 3 1 3 2 3 6 3 7 Apache 2 worker mode 2 worker mode 2 worker mode 2 worker mode 2 worker mode iFolder User Access Method 3 0 3 1 3 2 3 6 3 7 iFolder client Yes Yes Yes Yes Yes iFolder cl...

Страница 210: ...2 3 6 3 7 iFolder 3 plug in to iManager 2 5 Yes Yes Yes Yes to iManager 2 7 Yes to iManager 2 7 iFolder 3 plug in to YaST Yes Yes Yes Yes Yes iFolder 3 Web Access plug in to YaST Yes Yes Yes Yes Yes i...

Страница 211: ...pear in the document itself Each change entry provides a link to the related topic and a brief description of the change This document was updated on the following dates Section I 1 October 2008 on pa...

Страница 212: ...to connect on on page 64 Connect to iFolder server using SSL on page 63 iFolder server port to connect on on page 63 Redirect URL for iChain AccessGateway optional on page 69 Location Change Section 2...

Страница 213: ...cation Change Section 6 10 Using a Response File to Automatically Create iFolder Accounts on page 91 Added description about using response file to distribute iFolder clients Location Change Migration...

Страница 214: ...Change Section 9 11 5 Configuring the Enterprise Server for SSL Communications with the Web Access Server and Web Admin Server on page 120 Added a new section on configuring iFolder server for SSL co...

Страница 215: ...r the Web Admin Server on page 188 Added a new section for Web config files for the Web Admin server Location Change Section C 6 Sample Load Scripts for iFolder 3 7 Clusters on page 176 Updated the sa...

Страница 216: ...216 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Отзывы:

Нет отзывов

Похожие инструкции для IFOLDER 3.7 - SECURITY ADMINISTRATION

Бренд: Canon Страницы: 8

3508B001 - PowerShot D10 Digital Camera

Бренд: Canon Страницы: 64

3508B001 - PowerShot D10 Digital Camera

Бренд: Canon Страницы: 47

3211B001 - PowerShot E1 Digital Camera

Бренд: Canon Страницы: 83

3211B001 - PowerShot E1 Digital Camera

Бренд: Canon Страницы: 50

Бренд: 3M Страницы: 3

ZENworks 7.2 Linux Management

Бренд: Novell Страницы: 10

Quality Monitoring

Бренд: Nortel Страницы: 22

ANTI-VIRUS 5.5 - FOR NOVELL NETWARE

Бренд: KAPERSKY Страницы: 134

Бренд: Olympus Страницы: 2

Membrain Software

Бренд: SanDisk Страницы: 14

BJ0NJML - Service And Asset Management

Бренд: IBM Страницы: 330

Advanced Calculator 2.2

Бренд: CDML Страницы: 48

ST905003BPA1E1-RK - Maxtor BlackArmor 500 GB External Hard Drive

Бренд: Seagate Страницы: 2

Бренд: National Instruments Страницы: 63

Бренд: 3Com Страницы: 44

3C16120 - SuperStack 3 Server Load Balancer

Бренд: 3Com Страницы: 99

Network HotSync

Бренд: 3Com Страницы: 38

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды