Novell OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010 Скачать руководство пользователя страница 230 | Manualshive

Страница: 230 / 296

background image

230

OES 2 SP3: Planning and Implementation Guide

22.1.3 Multiple Trees Sharing a Common Root

The Organizational CA can be configured to act as a sub-CA. This lets multiple trees share a
common root certificate. The root certificate can be stored in a physically protected tree. It can also
integrate with a third-party PKI. For more information, see “

Subordinate Certificate Authority

” in

the

Novell Certificate Server 3.3.4 Administration Guide

.

22.2 Setting Up Certificate Management

Use the information in the following sections to help you set up certificate management as you
install OES 2.



Section 22.2.1, “Setting Up Automatic Certificate Maintenance,” on page 230



Section 22.2.2, “Eliminating Browser Certificate Errors,” on page 230

22.2.1 Setting Up Automatic Certificate Maintenance

To set up your server so that HTTPS services use eDirectory certificates, you must specify the

Use

eDirectory Certificates for HTTP Services

option while installing or upgrading eDirectory.

This installs eDirectory keys and certificates on the server, but it does not configure the server to
automatically replace the certificates when they expire. Automatic maintenance requires that Server
Self-Provisioning be enabled as follows:

1

On the server you are configuring, in iManager > Roles and Tasks, click the

Novell Certificate

Access > Configure Certificate Authority

option.

2

Click

Enable server self-provisioning

.

This causes automatic certificate replacement for the conditions described in

“PKI Health

Check” on page 229

.

IMPORTANT:

If you enable Server Self-Provisioning in an OES 2 tree and you have created a

CRL configuration object but not yet configured any CRL distribution points, the PKI Health
Check might replace the default certificates every time it runs.

To avoid this, you can either



Finish configuring the CA's CRL capability by creating one or more CRL Distribution Points

by using iManager's

Configure Certificate Authority

task.

or



Delete any CRL Configuration objects, for example CN=One - Configuration.CN=CRL

Container.CN=Security.

3

If you also want the CA certificate to be replaced if it changes or expires, click the

Health

Check - Force default certificate creation/update on CA change

option.

22.2.2 Eliminating Browser Certificate Errors

Because the Internet Explorer and Mozilla Firefox browsers don’t trust eDirectory certificate
authorities by default, attempts to establish a secure connection with OES 2 servers often generate
certificate errors or warnings.

These are eliminated by importing the eDirectory tree CA’s self-signed certificate into the browsers.

«
...
228
229
230
231
232
...
»

Содержание OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010

Страница 1: ...Novell www novell com AUTHORIZED DOCUMENTATION Open Enterprise Server 2 SP3 December 2010 Planning and Implementation Guide...

Страница 2: ...classification to export re export or import deliverables You agree not to export or re export to entities on the current U S export exclusion lists or to any embargoed or terrorist countries as spec...

Страница 3: ...Windows 7 Client Support 19 1 4 New in OES 2 SP1 19 1 4 1 YaST Install Changes 19 1 4 2 Novell AFP 20 1 4 3 Novell CIFS 20 1 4 4 Novell Domain Services for Windows 21 1 4 5 Migration Tool 21 1 5 New...

Страница 4: ...s 43 3 9 20 VNC Install Fails to Set the IP Address in etc hosts 46 3 10 Consider Coexistence and Migration Issues 46 3 11 Understand Your Installation Options 46 3 11 1 OES 2 Installation Overview 46...

Страница 5: ...ES 2 Server 65 6 10 LDAP Preventing Bad XML Errors 66 6 11 LUM Cache Refresh No Longer Persistent 66 6 12 Management 66 6 12 1 iManager RBS Configuration with OES 2 67 6 12 2 Storage Error in iManager...

Страница 6: ...ools 83 11 4 SSH Services on OES 2 91 11 4 1 Overview 91 11 4 2 Setting Up SSH Access for LUM enabled eDirectory Users 93 12 Network Services 97 12 1 TCP IP 97 12 1 1 Coexistence and Migration Issues...

Страница 7: ...ows 137 14 1 Overview of Directory Services 137 14 2 eDirectory 138 14 2 1 Installing and Managing eDirectory on OES 138 14 2 2 Planning Your eDirectory Tree 139 14 2 3 eDirectory Coexistence and Migr...

Страница 8: ...File Service Options 188 17 2 3 Planning Your File Services 190 17 3 Coexistence and Migration of File Services 191 17 3 1 Novell Client NCP 191 17 3 2 NetStorage 191 17 3 3 Novell AFP 192 17 3 4 Nov...

Страница 9: ...Finder 209 19 Print Services 211 19 1 Overview of Print Services 211 19 1 1 Using This Overview 211 19 1 2 iPrint Components 212 19 1 3 iPrint Functionality 212 19 2 Planning for Print Services 213 19...

Страница 10: ...he Server Reconfiguration 239 B 6 1 QuickFinder 240 B 6 2 DHCP 240 B 6 3 DSfW 240 B 6 4 iPrint 242 B 6 5 NetStorage 243 B 7 Modifying a Cluster 243 B 8 Checking SLES Services 243 B 9 Reconfiguring Ser...

Страница 11: ...I 8 System Groups 281 I 9 Auditing System Users 282 J Administrative Users in OES 2 SP3 285 K Coordinating Password Policies Among Multiple File Services 287 K 1 Overview 287 K 2 Concepts and Prerequi...

Страница 12: ...12 OES 2 SP3 Planning and Implementation Guide...

Страница 13: ...w novell com documentation feedback html and enter your comments there Documentation Updates Changes to this guide are summarized in a Documentation Updates appendix at the end of this guide The lack...

Страница 14: ...to OES 2 also apply to OES 2 SP3 unless otherwise indicated In this documentation a greater than symbol is used to separate actions within a step and items within a cross reference path When a single...

Страница 15: ...ation for all OES 2 products Table 1 1 What s New Product Link to What s New Section Archive and Version Services 2 1 Linux Administration Guide User Guide DHCP Administration Guide Distributed File S...

Страница 16: ...page 196 Novell iFolder 3 8 Administration Guide User Guide Novell Remote Manager Administration Guide Novell Storage Services NSS Administration Guide NSS Auditing Client What s New for VLOG OES 2 I...

Страница 17: ...is enhanced to achieve communication across multiple directory agents For more information see OpenSLP Implementation in the OES 2 SP3 Planning and Implementation Guide 1 2 5 QuickFinder The QuickFind...

Страница 18: ...d devices over 20 GB in size this option creates a boot partition and a container for the swap and root volumes in up to the first 20 GB and leaves the remainder of the space on the device as unpartit...

Страница 19: ...e for Linux 1 3 8 Performance Increases AFP NCP and Samba all have improved performance in OES 2 SP2 1 3 9 Pure FTPd Gateway parity with NetWare 1 3 10 Upgrading Online Support for upgrading through t...

Страница 20: ...not available for NetWare DHX authentication mechanism Provides a secure way to transport passwords of up to 64 characters to the server Management You can use iManager to administer and configure th...

Страница 21: ...trusted Active Directory forests For more information see the OES 2 SP3 Domain Services for Windows Administration Guide 1 4 5 Migration Tool The new OES 2 SP2 Migration Tool uses a plug in architectu...

Страница 22: ...lization Technology Both OES 2 and NetWare 6 5 SP8 can run in virtual machines on either an OES 2 or a SUSE Linux Enterprise Server 10 SP1 or later server This is especially valuable to those organiza...

Страница 23: ...For a list of OES 2 services see Table 3 1 Service Comparison Between NetWare 6 5 SP8 and OES 2 SP3 Linux on page 25 is running on OES AFP Backup SMS Clustering High Availability DNS DHCP Domain Servi...

Страница 24: ...24 OES 2 SP3 Planning and Implementation Guide...

Страница 25: ...o Consider Before You Install on page 34 Section 3 10 Consider Coexistence and Migration Issues on page 46 Section 3 11 Understand Your Installation Options on page 46 3 1 What Services Are Included i...

Страница 26: ...rvices Yes NFAP Yes Novell CIFS and Novell Samba Both NFAP and Novell CIFS are Novell proprietary and tightly integrated with eDirectory and Novell Storage Services NSS Samba is an open source product...

Страница 27: ...ology No Yes DST runs on OES 2 An NSS volume on NetWare is supported only as the secondary volume in a shadow pair When using DST in a cluster each of the NSS volumes in a shadow pair must reside on O...

Страница 28: ...t support eDirectory access controls like the NetWare target does Nor is the iSCSI initiator or target in OES 2 integrated with NetWare Remote Manager management You use YaST management tools instead...

Страница 29: ...Traditional File System to Linux NetWare Traditional Volumes Yes N A NFS Yes NFAP Yes native to Linux For NetWare see Working with UNIX Machines in the NW 6 5 SP8 AFP CIFS and NFS NFAP Administration...

Страница 30: ...roduct Linux includes the open source product itself See Functions Unique to the NetWare Platform in the NW 6 5 SP8 OpenSSH Administration Guide PAM Pluggable Authentication Modules No Yes PAM is a Li...

Страница 31: ...es 0 1 5 10 15 Yes 0 1 5 10 15 See Understanding Software RAID Devices in the OES 2 SP3 NSS File System Administration Guide for Linux Storage Management Services SMS Yes Yes No functional differences...

Страница 32: ...the first installation The first server permanently hosts the Certificate Authority for your organization To ensure that your eDirectory tree meets your needs take time to plan the following Structur...

Страница 33: ...a Purpose for Each Server Large networks usually have one or more servers dedicated to providing a single network service For example one or more servers might be designated to provide Novell iFolder...

Страница 34: ...t Be Planned Before Installing OES 2 on page 35 Section 3 9 6 Cross Protocol File Locking Has Changed on page 36 Section 3 9 7 Do Not Create Local POSIX Users on page 36 Section 3 9 8 Do Not Upgrade t...

Страница 35: ...d manually For example if you specified the wrong server context while initially configuring eDirectory the NSS and LUM configurations still have the wrong context You must select each service individ...

Страница 36: ...vailable for OES 1 SP2 Linux and earlier After a volume has been upgraded to the new media format you cannot fail it over to a node that is running OES 1 SP2 Linux or earlier 3 9 6 Cross Protocol File...

Страница 37: ...ers have needed adjustment Be sure to read the information and follow the instructions in this section if your network has ever included an OES 1 Linux server with both LUM and NSS installed NetStorag...

Страница 38: ...nd GID in eDirectory NetStorage couldn t access the NSS volumes on the server The OES 1 Solution The nssid sh Script To solve this problem the OES 1 installation program looked for XTier ID conflicts...

Страница 39: ...server context This is the context of the XTier user and group objects Replace this variable with the fully distinguished name of the context where the objects reside For example if the objects are an...

Страница 40: ...r Server This is especially critical if you plan to use NSS for your iFolder 3 8 data volume 3 9 12 Incompatible TLS Configurations Give No Warning When you install a new eDirectory tree the eDirector...

Страница 41: ...nning eDirectory eDirectory must be installed in conjunction with the installation of OES services Be Sure That eDirectory Is Healthy Review and follow the guidelines in Keeping eDirectory Healthy in...

Страница 42: ...If you have configured Role Based Services you need to make sure the licensing plug in is installed and added to the RBS collection For more information see Upgrading iManager in the Novell iManager 2...

Страница 43: ...y can rectify the situation by uninstalling and then reinstalling eDirectory This simply cannot be done In fact OES services cannot be uninstalled For more information see Disabling OES 2 Services in...

Страница 44: ...an actually be installed and run on the server but DSfW cannot run as a clustered service Novell FTP Novell iFolder Novell NetStorage Novell Pre Migration Server Novell QuickFinder Novell Samba Xen Vi...

Страница 45: ...ual Machine Host Server Novell Samba File Server Samba Novell CIFS Novell Domain Services for Windows Xen Virtual Machine Host Server Novell Storage Services NSS Xen Virtual Machine Host Server Xen Vi...

Страница 46: ...e every combination of services that you might have Therefore we intend to continue developing coexistence and migration information For information about coexistence of OES 2 servers with existing Ne...

Страница 47: ...or physical media from a Novell Authorized Reseller Decide whether to install from files on the network or directly from physical media Network install path Physical media install path Create physical...

Страница 48: ...r more information see Installing Upgrading or Updating OES on a Xen based VM in the OES 2 SP3 Installation Guide Installing and Managing NetWare on a Xen based VM in the OES 2 SP3 Installation Guide...

Страница 49: ...Drive Linux Server Many are interested in Novell Storage Services NSS running on Linux If you plan to experiment with NSS on a single drive server be sure to follow the instructions in Installing with...

Страница 50: ...50 OES 2 SP3 Planning and Implementation Guide...

Страница 51: ...n expires After your protection expires the OES 2 upgrade link disappears from your account page For more information and to start the upgrade process do the following 1 Using your Novell account info...

Страница 52: ...ready done so be sure to review the information in Section 3 11 Understand Your Installation Options on page 46 and then skip to Chapter 5 Installing OES 2 on page 57 4 4 Evaluating OES 2 Software Thi...

Страница 53: ...SP3 product media CDs and DVDs skip to Section 4 4 4 Installing OES 2 for Evaluation Purposes on page 54 To download ISO image files from the Web 1 If you don t already have a Novell account register...

Страница 54: ...st you printed in Step 15 For example on a Linux system you can enter the following command md5sum filename where filename is the name of the iso file you are verifying For a Windows system you need t...

Страница 55: ...n see the OES 2 SP3 Getting Started with OES 2 and Virtualized NetWare After working through the lab guide we recommend that you review all of the information in this guide to gain a comprehensive ove...

Страница 56: ...te http www novell com licensing oes_licensing html 4 5 2 SLES Licensing Entitlements in OES 2 SUSE Linux Enterprise Server SLES entitlements in OES 2 have changed For more information refer to the EU...

Страница 57: ...3 Installing OES 2 SP3 as a New Installation 3 Make sure you always download the latest patches as part of the Customer Center configuration during the install This ensures the most stable configurati...

Страница 58: ...SP3 VM host server creating a VM and then installing an OES 2 server NetWare or Linux in the VM To get started with Xen virtualization in OES 2 see the following Introduction to Xen Virtualization htt...

Страница 59: ...n 6 7 eDirectory on page 63 Section 6 8 iFolder 3 8 on page 64 Section 6 9 iPrint on page 64 Section 6 10 LDAP Preventing Bad XML Errors on page 66 Section 6 11 LUM Cache Refresh No Longer Persistent...

Страница 60: ...ess you are aware of the users and groups in both systems especially those that are system created you might easily create an invalid configuration on an OES 2 server 6 2 2 Three Examples The followin...

Страница 61: ...s a LUM enabled group in eDirectory with the same name Again the LUM enabled users who are members of the eDirectory group won t have access through POSIX This is why we recommend that as a general ru...

Страница 62: ...ise and ZENworks for Desktops 7 If you need to use ConsoleOne to manage either of these supported products on OES 2 make sure you have installed version 1 3 6h or later Earlier versions of ConsoleOne...

Страница 63: ...The configuration files for many OES services point to configuration data stored within eDirectory Although eDirectory tracks all changes internally OES services do not Therefore if you rename your eD...

Страница 64: ...ema extension If the username or password contains special characters such as and so on escape the character by preceding it with a backslash For example an administrator username of cn admin name o c...

Страница 65: ...queror cannot be used to upload drivers Uploading PPD printer drivers from a Windows workstation requires Internet Explorer 5 5 or later Other browsers running on Windows do not work for uploading dri...

Страница 66: ...efits from having an index present The subtree search performance issue is resolved in the eDirectory 8 8 x release with the addition of the AncestorID feature 6 11 LUM Cache Refresh No Longer Persist...

Страница 67: ...tion wizard After that the roles and tasks are available only to the Admin user and other users or groups you specifically designate Figure 6 1 iManager Roles and Tasks For more information on iManage...

Страница 68: ...tribute support by copying or migrating files directories and metadata from an NSS volume to a defined NCP volume on a Linux POSIX partition However this doesn t work because NSS file attributes are o...

Страница 69: ...2 services and uses the same ports as OpenLDAP 6 17 Samba For Samba implementation caveats see Samba Caveats in the OES2 SP3 Samba Administration Guide 6 18 Virtualization Issues The following are ca...

Страница 70: ...and follow the instructions in Virtual Machine Clock Settings http www novell com documentation sles10 book_virtualization_xen data sec_guest_suse html sec_xen_time in the Virtual Machine Clock Settin...

Страница 71: ...are treated differently by default when you upgrade an OES server depending on the version of the server you are upgrading OES 1 Applications are deleted by default during an upgrade OES 2 Applicatio...

Страница 72: ...NOTE Physical installations cannot be upgraded to virtual installations and the reverse is also true Only physical to physical and virtual to virtual upgrades are supported For complete upgrade instr...

Страница 73: ...n Tool The OES 2 SP3 Migration Tool lets you migrate and or consolidate data and services from one or more NetWare OES 1 or OES 2 source servers to an OES 2 SP3 target server The source servers must e...

Страница 74: ...74 OES 2 SP3 Planning and Implementation Guide...

Страница 75: ...ble only to OES 2 registered customers 9 1 Graphical Overview of Virtualization in OES 2 Figure 9 1 illustrates how a single VM host server can support multiple VM guest servers that in turn provide O...

Страница 76: ...the VM host NetWare Response File Utility Lets you pre answer the same questions as you would during a physical NetWare installation When the time comes to run the NetWare Install program the installa...

Страница 77: ...dding the services See the instructions in the Important note in Installing or Configuring OES Services on an Existing Server in the OES 2 SP3 Installation Guide NCP Server Dynamic Storage Technology...

Страница 78: ...78 OES 2 SP3 Planning and Implementation Guide...

Страница 79: ...hase is a multinode clustering product that Can include up to 32 servers Is supported for both NetWare and Linux Is eDirectory enabled for single point ease of management Supports failover failback an...

Страница 80: ...80 OES 2 SP3 Planning and Implementation Guide...

Страница 81: ...s that help you implement and maintain your network Access to most of these management interfaces is controlled through eDirectory However a few interfaces such as YaST on SUSE Linux Enterprise Server...

Страница 82: ...dministrative Access from the Welcome Web Site on page 83 11 2 1 The Welcome Site Requires JavaScript Apache and Tomcat Browsers accessing the Welcome site must have JavaScript enabled to function cor...

Страница 83: ...nal information see Verifying That the Installation Was Successful in the OES 2 SP3 Installation Guide 11 2 3 The Welcome Web Site Is Available to All Users Although the Welcome Web site is designed p...

Страница 84: ...the Linux server For more information or help understanding and using bash search the Web for any of the numerous articles and tutorials on using the shell Health Monitoring Services Monitor the healt...

Страница 85: ...tion iManager Workstation formerly Mobile iManager Manage eDirectory Create and manage users groups and other objects Manage OES 2 services Access various other management tools and plug ins On a Linu...

Страница 86: ...e Novell eDirectory 8 8 Administration Guide iPrint Map Designer Create a printer map to aid in printer selection installation Edit an existing printer map 1 In a supported Web browser enter the follo...

Страница 87: ...you can salvage and purge deleted files For more information see Managing File Security and Passwords in the Novell Client 4 91 SP5 for Windows XP 2003 Installation and Administration Guide Novell iFo...

Страница 88: ...a Linux POSIX username and password Functionality is limited for non Admin or non root users on both platforms NRM on Linux doesn t include all the functionality of NRM on NetWare For more informatio...

Страница 89: ...st allow for SSH access eDirectory users must be enabled for SSH access For more information see Section 11 4 SSH Services on OES 2 on page 91 OpenWBEM Perform tasks instrumented by specific providers...

Страница 90: ...ote Manager See Novell Remote Manager SNMP for eDirectory Lets you use standard SNMP tools to Monitor an eDirectory server Track the status of eDirectory to verify normal operations Spot and react to...

Страница 91: ...Manage the Linux server and standard Linux services from the command prompt Enter the desired command at the command prompt For more information see System Monitoring Utilities http www novell com do...

Страница 92: ...eb access to directories and files on other servers or on itself Typically either an NCP or a CIFS connection is used for connecting the NetStorage server with storage targets However an SSH connectio...

Страница 93: ...Users for LUM on page 94 Restricting SSH Access to Only Certain LUM Enabled Users on page 94 Providing SSH Access for Samba Users on page 95 Allowing SSH Access Through the Firewall 1 On the OES 2 se...

Страница 94: ...server On the other hand if you have installed Samba on the server or if you install Samba in the future the users who are configured for Samba access will have SSH access disabled To restore access f...

Страница 95: ...ding SSH access to users who have been enabled for Samba access You can remove the user from the server_name W SambaUserGroup IMPORTANT This presupposes that the user is a member of a different LUM en...

Страница 96: ...96 OES 2 SP3 Planning and Implementation Guide...

Страница 97: ...oint to point connections so that nodes can send messages to each other and have the packets arrive intact and in the correct order The transport protocol also specifies how nodes are identified with...

Страница 98: ...No Fault Tolerance Yes Yes Filenames and paths Server binary sys system named nlm opt novell named bin novell named db jnl file sys etc dns etc opt novell named named conf Stat file info file var opt...

Страница 99: ...4 Implementing Time Synchronization on page 108 Feature or Command NetWare 6 5 SP8 OES 2 Auditing Yes No Filenames and paths Conf file N A etc dhcpd conf Leases Stored in eDirectory var lib dhcp db dh...

Страница 100: ...les that each operating system uses and how these modules can interact with each other OES 2 vs NetWare 6 5 on page 100 OES 2 Servers Use the Network Time Protocol NTP to Communicate on page 100 Compa...

Страница 101: ...ation Modules Compatibility with Earlier Versions of NetWare Earlier versions of NetWare version 4 2 through version 6 0 do not include an NTP time module Their time synchronization options are theref...

Страница 102: ...5 server IMPORTANT As shown in Figure 12 4 we recommend that NetWare 4 2 servers not be used as a time source OES 2 Servers as Time Providers Figure 12 5 shows how OES 2 servers can function as time...

Страница 103: ...planning information refer to the following resources How Timesync Works in the NW 6 5 SP8 Network Time Synchronization Administration Guide Network Time Protocol in the NW 6 5 SP8 NTP Administration...

Страница 104: ...ith other servers in peer to peer relationships to ensure that they are synchronized Basic planning steps are summarized in Planning a Time Synchronization Hierarchy before Installing OES on page 105...

Страница 105: ...imately obtain time from a public NTP server If your network doesn t currently employ time synchronization refer to the list of public NTP servers published on the ntp org Web site http ntp isc org bi...

Страница 106: ...s can be introduced into an existing network environment without disrupting any of the products and services that are in place This section discusses the issues involved in the coexistence and migrati...

Страница 107: ...e 101 Upgrading from NetWare to OES 2 The OES 2 SP3 Migration Tool can migrate time synchronization services from NetWare to Linux For more information see Migrating Timesync NTP from NetWare to NTP o...

Страница 108: ...ompts you for the IP address or DNS name of an NTP v3 compatible time server If you are installing the first server in a new eDirectory tree you have two choices You can enter the IP address or DNS na...

Страница 109: ...ces to ensure fault tolerance For more information see Changing Time Synchronization Settings on a SLES 10 Server on page 110 NetWare 6 5 SP8 If you are installing into an existing tree the NetWare 6...

Страница 110: ...t daylight saving time DST see the DST Master TID on the Novell Support site http www novell com support php search do cmd displayKC docType kc externalId 3094409 12 4 Discovery Services Various disco...

Страница 111: ...SP3 the UDDI server component was removed from the list of products that could be installed The Novell UDDI server has been released as open source software and is available for download on the Novell...

Страница 112: ...5 2 Comparing Novell SLP and OpenSLP Table 12 4 SLP Solutions Platform NetWare OES 2 SLP Solution Novell SLP OpenSLP About the Solution The Novell version of SLP adapted portions of the SLP standard t...

Страница 113: ...their SLP scope in eDirectory As a new service registration is stored in eDirectory other DAs assigned to the same scope are notified so that they can refresh their caches with the latest service info...

Страница 114: ...one might expect them to be Therefore the scope names created or configured by the statement after the first comma actually have leading spaces in them For example the first scope name is myScope1 bu...

Страница 115: ...5 Configuring for DA Access Before or After Installing the OES 2 Server on page 116 Configuring for DA Access During the OES 2 Installation As you install OES 2 by using the instructions in the Novell...

Страница 116: ...the spaces between the entries 3 Modify the line by removing the semicolon and typing the name or names of the scopes you want this server to have access to Be sure to include the scope you defined i...

Страница 117: ...istry and restart the SLP service set slp scope list scope1 scope2 flush cdbe set slp reset on 4 Verify that SLP is functioning correctly by entering the following command display slp services 12 5 4...

Страница 118: ...k Manage Applications SLP You can list multiple scopes separated by commas no spaces For example you might type Directory in the field 3 In the Configured SLP Directory Agent field type the IP address...

Страница 119: ...to verify that the DA and scopes you configured are recognized slptool findsrvs service The DA server should be listed slptool findscopes The scopes should be listed 9 If you did this after installing...

Страница 120: ...P Directory Agents get the service URL information This is achieved by NetWare SLP Directory Agent listening to the modified events from eDirectory and using the same eDirectory Backup registrations a...

Страница 121: ...torage services in OES Section 13 1 Overview of OES 2 Storage on page 121 Section 13 2 Planning OES File Storage on page 126 Section 13 3 Coexistence and Migration of Storage Services on page 132 Sect...

Страница 122: ...More Information Linux POSIX File Systems SLES 10 includes a number of different file systems the most common of which are Ext3 Reiser and XFS OES 2 services are supported on Ext3 Reiser and XFS For...

Страница 123: ...Comparison of NSS on NetWare and NSS on Linux NSS Linux vs Linux POSIX Comparison of NSS on Linux and NCP Volumes on Linux POSIX File Systems NSS and Storage Devices NSS supports both physical devices...

Страница 124: ...e NSS File System in the OES 2 SP3 File Systems Management Guide NetWare Storage Devices NetWare lets you use many different kinds of storage devices including server disks single storage devices arra...

Страница 125: ...File Services Overview Advanced Storage Options NSS volumes support the following advanced storage solutions as documented in the OES 2 SP3 Storage and File Services Overview Network Attached Storage...

Страница 126: ...olumes The main difference in access control between NSS volumes and Linux POSIX volumes that are defined as NCP volumes is that NSS extended file and directory attributes are not available on Linux P...

Страница 127: ...OES 2 Workloads on page 130 The Workgroup Environment When selecting a file system it is important to understand the environment in which it operates For OES 2 the primary target environment is the wo...

Страница 128: ...xt2 on page 129 Ext3 on page 129 Reiser on page 129 XFS on page 129 Novell Storage Services NSS Supported only through EVMS not currently supported through LVM Best for shared LAN file serving excelle...

Страница 129: ...and quick although it does not scale well to large volumes or a great number of files A scalability feature has been added called H trees which significantly improved Ext3 s scalability However it is...

Страница 130: ...of files HTTP The Hypertext Transfer Protocol HTTP is the dominant protocol on the World Wide Web today and is the one spoken by Web browser clients and Web servers It is like FTP in being designed st...

Страница 131: ...access Network Printing iPrint iPrint is file system agnostic There is no noticeable difference in performance or reliability on any of the file systems iFolder Novell iFolder does not depend on a pa...

Страница 132: ...n NSS volume the secondary volume must also be NSS 13 2 5 NSS Planning Considerations Consider the following when planning for NSS Device Size Limit on page 132 Other NSS Planning Topics on page 132 D...

Страница 133: ...and create an NSS volume see Installing with EVMS as the Volume Manager of the System Device in the OES 2 SP3 Installation Guide On OES 2 you can use NSS volumes only as data volumes Configure NSS poo...

Страница 134: ...originally created on a NetWare server can fail over between kernels allowing for full data and file system feature preservation when migrating data to Linux Supporting NSS volumes in a mixed environm...

Страница 135: ...cessible to software that circumvents normal access control Managing Encrypted NSS Volumes in the OES 2 SP3 NSS File System Administration Guide for Linux EVMS Use EVMS which is required for NSS to ma...

Страница 136: ...rious tools available to manage NSS volumes the tool capabilities and how to use them Management Tools for NSS in the OES 2 SP3 NSS File System Administration Guide for Linux Troubleshooting Troublesh...

Страница 137: ...ctory services is a fundamental expectation for networking In the simplest terms Novell eDirectory is a tree structure containing a list of objects or identities that represent network resources such...

Страница 138: ...tory Coexistence and Migration on page 139 14 2 1 Installing and Managing eDirectory on OES The tools you can use to install and manage eDirectory on OES are outlined in the following sections OES Ins...

Страница 139: ...ing started using eDirectory see Designing Your Novell eDirectory Network in the Novell eDirectory 8 8 Installation Guide To learn what s new in eDirectory 8 8 see the Novell eDirectory 8 8 What apos...

Страница 140: ...ory Management Utilities in the Novell eDirectory 8 8 Administration Guide 14 3 4 eDirectory LDAP Implementation Suggestions For help with setting up and using LDAP for eDirectory refer to Configuring...

Страница 141: ...143 File Access Figure 14 2 DSfW File Access Overview Could be on a seperate OES 2 server in or out of the domain Could be on a separate Windows server eDirectory DSfW server eDirectory User Windows...

Страница 142: ...lso access files through a normal NCP connection For eDirectory users file service access is controlled by authentication through the eDirectory server using common Windows authentication protocols in...

Страница 143: ...sers like other eDirectory users MMC manages both AD users and DSfW users as though they were AD users DSfW users must have the Default Domain Password policy assigned and a valid Universal Password D...

Страница 144: ...icy assigned they won t be able to log in without the Novell Client until the Universal Password has been set Therefore you should consider implementing Universal Password and giving users an opportun...

Страница 145: ...tainer is Partitioned in the OES 2 SP3 Domain Services for Windows Administration Guide Install DSfW on a New OES 2 Server When Possible Because of the service limitations mentioned in OES 2 Service L...

Страница 146: ...146 OES 2 SP3 Planning and Implementation Guide...

Страница 147: ...sources you can manage through eDirectory The Lab Guide for OES 2 provides basic instructions for creating container objects as well as Group and User objects in eDirectory For more information about...

Страница 148: ...Require LUM Enabled Access on page 150 Services That Do Not Require LUM Enabled Access But Have Some LUM Requirements on page 151 Services That Do Not Require LUM enabled Access on page 152 LUM Enabl...

Страница 149: ...rvices Remote user access is enabled through the Pluggable Authentication Module PAM architecture on Linux The Linux POSIX compliant interfaces can authenticate both kinds of users independent of wher...

Страница 150: ...ho are configured to access the server This is because Samba requires POSIX identification for access By extension NetStorage users who need access to Samba CIFS Storage Location objects that point to...

Страница 151: ...purging files through NetStorage on an NSS volume can only be done by users who are enabled for Linux IMPORTANT Files that are uploaded by non LUM users via NetStorage are owned from a POSIX perspecti...

Страница 152: ...file system Samba users must be LUM enabled to access an NSS volume Services That Do Not Require LUM enabled Access The following end user services do not require LUM enabled access iFolder 3 8 iPrin...

Страница 153: ...rvices mentioned 3 On your planning sheets note the users and groups that you need to enable and the servers you need to enable them to access Be Aware of System Created Users and Groups You should al...

Страница 154: ...and Linux Workstation refer to the same eDirectory objects Enabling Users to Access Multiple OES 2 Servers IMPORTANT Users gain server access through their LUM enabled group assignment rather than thr...

Страница 155: ...the Command Prompt on page 155 Using iManager The following steps assume that the eDirectory User objects already exist 1 Log in to iManager as the eDirectory Admin user or equivalent 2 Click Linux Us...

Страница 156: ...mentation and Maintenance on page 202 and Chapter 19 Print Services on page 211 If you want eDirectory users to have access to OES 2 services that require POSIX authentication you can enable the users...

Страница 157: ...ules on these platforms you must purchase Identity Manager 15 4 3 Installation Considerations Novell Identity Manager Bundle Edition contains components that can be installed within your environment o...

Страница 158: ...tasks 1 Browse to the Identity Manager Bundle Edition Registration http download novell com delivery reg idm_bundled jsp Web site 2 Enter your OES activation code then click Submit 3 Do one of the fol...

Страница 159: ...Manager on a Solaris or AIX Server Not with the Bundle Edition However you can still synchronize data held on these platforms by using the Identity Manager Remote Loader service The Remote Loader ena...

Страница 160: ...ng and Implementation Guide How do I know what s activated For information about how to view currently activated products see Viewing Product Activations http www novell com documentation idm36 instal...

Страница 161: ...offer and the ways your configure those services This section can help you understand access control at a high level so that you can plan implement and control access to services More detail about the...

Страница 162: ...he HTTP protocol Each workstation type has file access protocols associated with it Linux uses NFS as its native protocol for file services access Macintosh workstations communicate using AFP or CIFS...

Страница 163: ...and POSIX access rights How to approximate the NCP or NetWare access control model on POSIX file systems Section 17 4 Aligning NCP and POSIX File Access Rights on page 192 Directory and file attribut...

Страница 164: ...access rights illustrated in Figure 16 2 Overview of SVN Help Development and Localization Writers CM Help development related checkins and checkouts happen only in the documentation SVN repository T...

Страница 165: ...can be set by any trustee that has the Modify trustee right to the directory or file The possible actions by the eDirectory users and group shown in this example are as follows Nancy has the Superviso...

Страница 166: ...ight for Your Network Although Novell offers services that don t require Novell Client such as NetStorage Novell iFolder 3 8 and iPrint many network administrators continue to prefer the Novell Client...

Страница 167: ...t of this on you as the network administrator is that these users and groups must be enabled for eDirectory LDAP authentication to the local server For more information see Linux User Management Acces...

Страница 168: ...nting resources You can also use iPrint to set up print services that don t require authentication NOTE Access control for printers is supported only on the Windows iPrint Client For more information...

Страница 169: ...ach interface supports 3 In the right column view the services available to the interfaces via the protocols Figure 16 3 Access Interfaces and Services and the Protocols That Connect Them Access Inter...

Страница 170: ...s instructions to your network users For a summary of access methods see Appendix E Quick Reference to OES 2 User Services on page 249 16 1 5 Configuring and Administering Access to Services The follo...

Страница 171: ...Novell Client to Change File and Directory Attributes and Trustee Rights You can use the Novell Client to change NSS file and directory attributes and to grant trustee rights to an NSS volume on an OE...

Страница 172: ...ection briefly discusses the following topics Section 16 2 1 Overview of Authentication Services on page 172 Section 16 2 2 Planning for Authentication on page 175 Section 16 2 3 Authentication Coexis...

Страница 173: ...You can have users log in through a combination of methods to provide a higher level of security Some login methods require additional hardware and software You must have all of the necessary hardware...

Страница 174: ...FS In OES 2 AFP and CIFS users have Universal Password policies assigned by default More information about password policy planning is available in Appendix K Coordinating Password Policies Among Mult...

Страница 175: ...the Secure Password Manager SPM a component of the NMAS module installed on OES 2 servers All password restrictions and policies expiration minimum length etc are supported All the existing managemen...

Страница 176: ...176 OES 2 SP3 Planning and Implementation Guide...

Страница 177: ...s to and from OES 2 servers NetWare Core Protocol page 178 Provides NetWare Core Protocol NCP access to NCP volumes including NSS volumes that you define on OES 2 server partitions NetStorage page 179...

Страница 178: ...also migrate an existing FTP server configuration from a NetWare server to OES 2 For migration instructions and a brief FAQ see Migrating FTP from NetWare to OES 2 Linux in the OES 2 SP3 Migration Too...

Страница 179: ...ile access is often confusing and frustrating to users as illustrated in Figure 17 2 Access Methods Authentication NCP Services Access is through an NCP client specifically the Novell Client All file...

Страница 180: ...ical to those who must travel However access method support varies widely among file service providers Authentication helps protect information assets but having diverse authentication methods leads t...

Страница 181: ...ed in Figure 17 3 Windows Explorer Browser PDA Access Methods Authentication NetStorage Server eDirectory LDAP OES 2 NetStorage on OES 2 NSS volume NCP volume NetWare Traditional volume CIFS share NFA...

Страница 182: ...login script drive mapping NCP server required or through Storage Location Objects File service access is controlled by LDAP based authentication through the eDirectory LDAP server Although shown sep...

Страница 183: ...OES 2 server All file service access is controlled by LDAP based authentication through the eDirectory LDAP server Although shown separately eDirectory could be installed on the OES 2 server Of course...

Страница 184: ...S Client Access Windows Explorer users can access and modify files on the OES 2 server just as they would on any workgroup server share Web Folder Users can create Web Folders in Windows Explorer or I...

Страница 185: ...ntication through the eDirectory LDAP server Although shown separately eDirectory could be installed on the OES 2 server Files can be encrypted for transport using SSL connections HTTPS Slave servers...

Страница 186: ...7 Figure 17 7 How Samba on OES Works The following table explains the information illustrated in Figure 17 7 eDirectory LDAP server Samba users are enabled for Linux User Management LUM Any CIFS SMB C...

Страница 187: ...Methods Authentication File Storage Services eDirectory users on Windows workstations have two native Windows file access options if their eDirectory accounts have been enabled for LUM and Samba CIFS...

Страница 188: ...SS volumes Secure LDAP Authentication Novell CIFS Any CIFS client Remote access Web Folders in the Internet Explorer browser Windows Explorer NSS volumes Secure LDAP Authentication Novell iFolder 3 8...

Страница 189: ...r the nssmu utility to create an NSS volume on an OES 2 server For instructions on how to set up an NSS volume see Managing NSS Volumes in the OES 2 SP3 File Systems Management Guide LUM and Samba ena...

Страница 190: ...to other file storage services Novell AFP Allocate enough disk space for the partition containing the home directories to meet your users file storage needs Novell CIFS Allocate enough disk space for...

Страница 191: ...s It supports traditional Novell protocols such as NCP RSA and NDAP and it interoperates with open protocols such as LDAP For more information on the Novell Client for Windows see the Novell Client 4...

Страница 192: ...it Users can also participate in iFolder folders that others share with them Novell iFolder 3 8 is available only on OES 2 For information on migrating from iFolder 2 to iFolder 3 8 see Migrating iFo...

Страница 193: ...ports access control lists ACLs to expand this capability However ACLs are outside the scope of this discussion For more information on ACLs see Access Control Lists http www novell com documentation...

Страница 194: ...ubdirectories and files 2 Grant only the user read write and execute rights rwx to the directory For example you could use the chmod command as follows chmod R 700 path user_dir where path is the file...

Страница 195: ...a trustee and then granting the required trustee rights to the directory For the work area itself you would set permissions for the owner group and all others to read write and execute rights rwx rwx...

Страница 196: ...page 197 Section 17 5 3 Cluster Enabling Pure FTPd in an OES 2 Environment on page 201 Section 17 5 4 Troubleshooting PureFTPd on page 202 17 5 1 Configuring Pure FTPd on an OES 2 Server Edit the etc...

Страница 197: ...t location Rename the file to pure ftpd1 conf and move it to etc opt novell pure ftpd1 conf 2 Modify the following settings in the configuration file to avoid IP address or port conflicts between the...

Страница 198: ...o the server over the IP address being used by the pure ftpd instance must be created Unloading Specific Instances A new script pure ftp stop pl is added to unload an instance of pure ftpd and all its...

Страница 199: ...file etc pure ftpd pure ftpd conf The configuration parameters for remote server navigation are as follows The following configuration parameters needs to be set for remote server navigation Entry Va...

Страница 200: ...7 12 Linux FTP SITE command NOTE All the FTP users needs to be LUM enabled on the FTP server Entry Value Reason Why ChrootEveryone no Option yes restricts users to login only to his home directory and...

Страница 201: ...S pool The PID file must be unique for each FTP instance running on the cluster 4 Copy the configuration file to the shared volume to etc opt novell on the shared volume Copying the configuration file...

Страница 202: ...tions can help you get started with NCP on OES 2 servers Section 17 6 1 The Default NCP Volume on page 202 Section 17 6 2 Creating NCP Home and Data Volume Pointers on page 202 Section 17 6 3 Assignin...

Страница 203: ...Trustees Trustee Rights and Attributes on NCP Volumes in the OES 2 SP3 NCP Server for Linux Administration Guide The ncpcon rights command is related to but not the same as the rights utility used to...

Страница 204: ...a and SSH For more information see Section 11 4 SSH Services on OES 2 on page 91 17 7 3 Assigning User and Group Access Rights Because NetStorage provides access to other file storage systems the user...

Страница 205: ...thenticate each time they access NetStorage in a browser This is true even if another browser window is open and authenticated on the same workstation The reason for this is that persistent cookies ar...

Страница 206: ...ES 2 SP3 Novell CIFS for Linux Administration Guide Section 17 9 1 Implementing Novell CIFS File Services on page 206 Section 17 9 2 Maintaining Novell CIFS File Services on page 206 17 9 1 Implementi...

Страница 207: ...Enable the User Account Policies for iFolder access 3 Optional Enable Account Quotas space limits for the user accounts 4 Create iFolders for users 5 Distribute the iFolder Client to users For more in...

Страница 208: ...or Samba access can access the OES 2 server as they would any Windows server For instructions on implementing Samba see Installing Samba for OES 2 in the OES2 SP3 Samba Administration Guide 17 11 2 Ma...

Страница 209: ...in NetWare 6 5 SP3 and earlier When you upgrade a NetWare server running NetWare Web Search Server to NetWare 6 5 Web Search Server is automatically upgraded to QuickFinder The upgrade identifies all...

Страница 210: ...210 OES 2 SP3 Planning and Implementation Guide...

Страница 211: ...Novell iPrint lets Linux Macintosh and Windows users Quickly locate network printers through a Web browser Easily install and configure a located printer through a native printer installation method P...

Страница 212: ...tore and Broker and are not represented by objects in eDirectory Printer Objects These are eDirectory objects you create that store information about the printers available through iPrint The informat...

Страница 213: ...for Windows users if needed The option to require authentication is not available for Linux and Macintosh users Although shown separately eDirectory could be installed on the OES 2 server Users with...

Страница 214: ...Print on Your Server in the OES 2 SP3 iPrint for Linux Administration Guide In OES SP2 migrating iPrint services from a NetWare server to an OES 2 server is supported by the OES 2 Migration Tool For m...

Страница 215: ...Printer in the OES 2 SP3 iPrint for Linux Administration Guide 5 Optional Create location based customized printing Web pages By default each iPrint installation includes the creation of a Default Pri...

Страница 216: ...Print installation to reflect these changes After your installation is completed and users are printing you can monitor print performance by using the information located in Using the Print Manager He...

Страница 217: ...f the hundreds of free Web applications that can be downloaded from the Internet Web and application services make it easy to build your own dynamic Web content and create customized Web database appl...

Страница 218: ...218 OES 2 SP3 Planning and Implementation Guide...

Страница 219: ...AppArmor Novell AppArmor provides easy to use application security for both servers and workstations You specify which files a program can read write and execute AppArmor enforces good application be...

Страница 220: ...includes the following key features Industry standards It implements the recognized industry standards Certified It is FIPS 140 1 certified on selected platforms Cross platform support It is availabl...

Страница 221: ...e OES online documentation Section 21 2 1 Comparing the Linux and the Novell Trustee File Security Models on page 221 Section 21 2 2 User Restrictions Some OES 2 Limitations on page 223 21 2 1 Compari...

Страница 222: ...irectory are secure If users want to share files with others they can grant trustee assignments to the individual files or they can create a shared subdirectory and assign trustees to it Inheritance f...

Страница 223: ...e no concurrent connection or address restrictions imposed For this reason you probably want to consider not enabling services such as SSH and FTP for LUM when setting up Linux User Management For mor...

Страница 224: ...nagement Administration Guide Novell AFP Security Guidelines for AFP in the OES 2 SP3 Novell AFP For Linux Administration Guide Novell CIFS Security Guidelines for CIFS in the OES 2 SP3 Novell CIFS fo...

Страница 225: ...rations for QuickFinder Server in the QuickFinder Server 5 0 Administration Guide SuSEfirewall2 Masquerading and Firewalls http www novell com documentation sles10 book_sle_reference data cha_fire htm...

Страница 226: ...226 OES 2 SP3 Planning and Implementation Guide...

Страница 227: ...prise Server 2 includes solutions that address each of these issues at no additional expense This section discusses the certificate management enhancements available in OES 2 and how simple and straig...

Страница 228: ...alled Where Key and certificate files are installed in the following locations Table 22 1 File Locations Location Details etc ssl certs This is the default location of trusted root certificates for cl...

Страница 229: ...f Provisioning in the Novell Certificate Server 3 3 4 Administration Guide PKI Health Check The PKI health check runs whenever the certificate server starts If you have enabled Server Self Provisionin...

Страница 230: ...isioning be enabled as follows 1 On the server you are configuring in iManager Roles and Tasks click the Novell Certificate Access Configure Certificate Authority option 2 Click Enable server self pro...

Страница 231: ...t 8 Click Save the Exported Certificate and save the file to the local disk noting the filename and location if they are indicated 9 Click Close OK 10 Find the file you just saved By default it is usu...

Страница 232: ...cates from the servers in the tree 22 3 If You Don t Want to Use eDirectory Certificates For most organizations the eDirectory certificate solution in OES 2 is an ideal way to eliminate the security v...

Страница 233: ...ices are configured to use eDirectory certificates The current service certificates and configurations are retained Upgrade from OES 2 or OES 2 SP1 The same option is used as when OES 2 was installed...

Страница 234: ...234 OES 2 SP3 Planning and Implementation Guide...

Страница 235: ...set of services that can be either added to an existing server or installed at the same time as SUSE Linux Enterprise Server 10 SP1 After OES 2 services are added we refer to the server as an OES 2 se...

Страница 236: ...236 OES 2 SP3 Planning and Implementation Guide...

Страница 237: ...is section assume that only the IP address of the server is changing They do not cover changing the DNS hostname of the server B 2 Prerequisites Section B 2 1 General on page 237 Section B 2 2 iPrint...

Страница 238: ...ion of the server you are reconfiguring 3 Open the YaST Control Center 4 In Network Devices select Network Card 5 Confirm that the Old IP address you listed in Section B 2 1 General on page 237 is in...

Страница 239: ...ces 3 Type the Admin password when prompted You might need to wait a few minutes for the LDAP server to restart 4 When the script finishes restart the server by entering the following command at the t...

Страница 240: ...egenerate the QuickFinder index by completing the instructions in see Creating Indexes in the OES 2 SP3 Novell QuickFinder Server 5 0 Administration Guide B 6 2 DHCP 1 Make sure the DHCP configuration...

Страница 241: ...the domain name whose IP address is to be changed In this example it is the A record 2a Specify the Host Name using the search feature 2b Select the record and click Modify to change the IP address wi...

Страница 242: ...name of the Reverse Lookup object will be 136_103_92_100_in addr_arpa OESSystemObjects nmfrd 3c Click iManager Directory Administration Modify Object Search and select the Reverse Lookup object from...

Страница 243: ...newip c AuthenticationContext where newip is the new IP address used throughout this section and AuthenticationContext is the eDirectory context for NetStorage users NetStorage searches the eDirectory...

Страница 244: ...244 OES 2 SP3 Planning and Implementation Guide...

Страница 245: ...to date on all servers and workstations You can install product updates as they are made available through the ZENworks Linux Management update channel For instructions on setting up the ZENworks Linu...

Страница 246: ...246 OES 2 SP3 Planning and Implementation Guide...

Страница 247: ...users Users control who can participate in an iFolder and their access rights to the files in it Users can also participate in iFolders that others share with them Salvage and Purge By default all NSS...

Страница 248: ...lity for OES Most of the SMS coexistence and migration issues are of concern only to backup application developers However administrators should be aware that SMS based applications must be used to ba...

Страница 249: ...bDAV URL is case sensitive Novell Client 1 Install the Novell Client on a supported Windows workstation 2 Log in to eDirectory 3 Access NCP volumes on NetWare or Linux that you have the appropriate fi...

Страница 250: ...250 OES 2 SP3 Planning and Implementation Guide...

Страница 251: ...in Firefox Also iManager plug ins might not work properly if the highest priority Language setting for your Web browser is set to a language other than one of iManager s support languages To avoid pro...

Страница 252: ...252 OES 2 SP3 Planning and Implementation Guide Tomcat Manager Managing Tomcat with Tomcat Admin in the NW 6 5 SP8 Tomcat Administration Guide Management Tool Supported Browser Information Link...

Страница 253: ...crosoft Windows Vista Business 64 bit SP1 Microsoft Windows Vista Ultimate SP1 Microsoft Windows Vista Ultimate 64 bit SP1 Microsoft Windows Vista Enterprise SP1 Microsoft Windows Vista Enterprise 64...

Страница 254: ...254 OES 2 SP3 Planning and Implementation Guide...

Страница 255: ...he Apache Web Server rather than referencing the init script directly Archive and Version Services novell ark This lets you to start stop restart and display the status of the Archive and Version Serv...

Страница 256: ...de the novell xsrvd XTier Web Services daemon and also utilizes Tomcat services for certain other functions novell xregd is the init script for starting and stopping XTier s registry daemon It is part...

Страница 257: ...configured NTP ntp This is the SLES 10 Network Time Protocol daemon OpenWBEM CIMOM owcimomd This is used to start the OpenWBEM CIMOM daemon which is an integral part of the iManager plug ins for LUM S...

Страница 258: ...258 OES 2 SP3 Planning and Implementation Guide...

Страница 259: ...7 System Users on page 280 Section I 8 System Groups on page 281 Section I 9 Auditing System Users on page 282 I 1 About System Users and Groups Regular network users rely on network services System...

Страница 260: ...ername LUM_Proxy_user System Group Facilitate the management of system users Provide access rights to service data on the server or in the eDirectory tree DHCP DNSDHCP System User The daemons associat...

Страница 261: ...ection I 2 4 What Rights Do Proxy Users Have on page 264 Iprint POSIX iprintgrp eDirectory System Group iPrint LUM proxy optional Proxy User Linux User Management named System User DNS ncsclient Syste...

Страница 262: ...provides the Novell services that were previously only available on NetWare To make its services available on Linux Novell had to accommodate a fundamental difference between the way services run on...

Страница 263: ...access DHCP objects in eDirectory DNS OESCommonProxy_hostname Or DNS_Proxy Lets the service access DNS objects in eDirectory iFolder 3 OESCommonProxy_hostname Or iFolderProxy IMPORTANT The Common Pro...

Страница 264: ...ssage Server Read Not inheritable Root Group Membership Read Not inheritable Network Address Read Not inheritable In addition each proxy user is granted additional rights as summarized in Table I 4 NS...

Страница 265: ...rship in the NCS_Management group to communicate with eDirectory on behalf of the clustering service DHCP DHCP_LDAP_Proxy No rights are assigned directly but membership in the DHCPGroup which does hav...

Страница 266: ...Using a Common Proxy on page 268 Are There Important Limitations to Keep in Mind on page 269 NetStorage NetStorage_Proxy Additional eDirectory rights Entry Rights Browse LDAP ACL representation 1 sub...

Страница 267: ...anual intervention required Prevent Password Expiration When proxy user passwords expire OES 2 services are interrupted leading to network user frustration and administrator headaches Automatic passwo...

Страница 268: ...same as for the server for which the common proxy is created IMPORTANT If you specify a different context from the server the Organizational Unit that you specify must already exist in eDirectory Oth...

Страница 269: ...Assigning the Common Proxy to Existing Services You can assign the common proxy user to any of the services listed in Services That Can Leverage the Common Proxy User on page 267 using the move_to_com...

Страница 270: ...he following commands cd opt novell proxymgmt bin change_proxy_pwd sh A Yes By default the crontab job will run every 30 days I 4 Planning Your Proxy Users Because of the prominent role played by the...

Страница 271: ...ding on which option you select Alternatively you can modify any of the defaults including the password Or if you have already created a proxy user you can specify that as well Clustering NCS OESCommo...

Страница 272: ...as well The user must have the Read right to the LDAP service iFolder 3 OESCommonProxy_host name Or iFolderProxy IMPORTANT The Common Proxy user cannot be used if iFolder is running on a cluster node...

Страница 273: ...ent proxy user you can specify that as well The user must have the Read right to the LDAP service NSS server_nameadmin This admin account must have full rights to administer NSS and must be unique to...

Страница 274: ...hen admin users are assigned as proxy users Novell Support received a call from an administrator who was getting locked out due to intruder detection after changing the administrator password The lock...

Страница 275: ...at a proxy user for the server is created before the server is installed If the Common Proxy User is not leveraged then for the first server in the tree eDirectory and iManager must be installed with...

Страница 276: ...User As a Proxy User on page 274 Passwords Are Stored on the Server Of course all proxy user passwords are stored in eDirectory Table I 7 explains where they are stored on the server and how they can...

Страница 277: ...mmon Proxy User passwords DHCP If the service specific proxy user is used the service specific password is stored in CASA if it is available If CASA is not available it is stored in the etc dhcpd conf...

Страница 278: ...of when each password expires Before passwords expire change them in eDirectory and reset them on the server See the information in Table I 7 Changing Proxy Passwords Automatically You can configure...

Страница 279: ...nd password while configuring the services on all of the OES servers in that tree I 5 2 Service Specific Proxy Users Do the following 1 Create a proxy user in the eDirectory tree for each type of OES...

Страница 280: ...he user whenever the password is changed for that user However the DNS Proxy User is closely associated with DSfW and can leverage the Common Proxy User available in SP3 I 7 System Users SLES and OES...

Страница 281: ...me and so the user has to be created in eDirectory as well named is used by default but any local user can be used ncsclient NCS Used by NCS to access the adminfs file system novell_nobody CIMOM This...

Страница 282: ...NSS is installed on the Linux server this group is removed from the local system and created in eDirectory This is required because members of this group must have access to NSS data and all NSS acces...

Страница 283: ...NMAS Events http www novell com documentation nmas33 admin data bwmt40o html Then refer to the Novell Sentinel Documentation http www novell com documentation sentinel6 for further instructions Privil...

Страница 284: ...284 OES 2 SP3 Planning and Implementation Guide...

Страница 285: ...default is Admin Container Admin eDirectory Admin User These administrators are usually responsible for administering within a partition or subtree They might be assigned only enough rights to instal...

Страница 286: ...286 OES 2 SP3 Planning and Implementation Guide...

Страница 287: ...ies that govern the users to ensure that they can access the different file services K 2 Concepts and Prerequisites Prerequisites for AFP CIFS and Samba access are explained in the following sections...

Страница 288: ...s will be searched for during an authentication In a name mapped existing tree install if the context resides in a DSfW domain the context can be specified either in the domain name format Active Dire...

Страница 289: ...ee but not a partition It is a container under the ou prv o widget partition OES NetWare Servers S1 S6 and S9 are OES servers S7 and S8 are NetWare servers File Services S1 S2 S3 and S4 are DSfW serve...

Страница 290: ...ere the server is being installed This need not be the tree administrator K 3 2 Example 2 Mutually Exclusive Users File Services on page 290 Users on page 290 In this scenario the setup of the tree an...

Страница 291: ...lation is the same as for the Forest Root Domain FRD The tree is named as per domain naming standards Samba is installed as part of DSFW installation Neither AFP nor Novell CIFS can be installed confi...

Страница 292: ...decide whether these servers should be installed on a new domain or as additional domain controllers during capacity planning and deployment design Follow the OES 2 SP3 Domain Services for Windows Ad...

Страница 293: ...4 4 Modifying User Password Policies after AFP CIFS Samba DSfW Is Installed After a new password policy is assigned to an AFP CIFS Samba or DSfW user rerun the YaST based configuration and select the...

Страница 294: ...294 OES 2 SP3 Planning and Implementation Guide...

Страница 295: ...is supported on NCP and POSIX volumes Although that functionality was initially planned and Novell hopes to add support for additional volume and file system types in a future release DST is currentl...

Страница 296: ...two SLP services see Table 12 4 on page 112 they are completely compatible regarding the sharing of service information Chapter or Section Changed Summary of Changes Changing the Server s Address Conf...

Отзывы:

Нет отзывов

Похожие инструкции для OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010

Бренд: NEC Страницы: 3

Бренд: Drobo Страницы: 6

DIRECTOR MX 2004-USING DIRECTOR

Бренд: MACROMEDIA Страницы: 500

PROLIANT 56976839

Бренд: HP Страницы: 16

ProLiant Power Interface Control Utility

Бренд: HP Страницы: 10

Бренд: HP Страницы: 181

ProLiant SL160s

Бренд: HP Страницы: 8

Бренд: HP Страницы: 245

ProBook 6445b - Notebook PC

Бренд: HP Страницы: 183

ProLiant Lights Out-100

Бренд: HP Страницы: 60

StorageWorks 2/64 - Core Switch

Бренд: HP Страницы: 830

StorageWorks 2/64 - Core Switch

Бренд: HP Страницы: 166

Бренд: HP Страницы: 157

ProBook 6445b - Notebook PC

Бренд: HP Страницы: 230

Бренд: Steinberg Страницы: 1

LINUX ENTERPRISE DESKTOP 10 SP1 -

Бренд: Linux Страницы: 76

Telephony Modem Simulator

Бренд: Intrinsyc Страницы: 2

Бренд: Emagic Страницы: 256

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды