Novell®
www.novell.com
Installation Guide
Open Enterprise Server
novdocx (en) 7 January 2010
AUTHORIZED DOCUMENTATION
2 SP2
March 15, 2010
OES 2 SP2: Installation Guide
Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export
approvals.
novdocx (en) 7 January 2010
Copyright © 2005–2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced,
photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or
more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the online documentation for this and other Novell products, and to get
updates, see the Novell Documentation Web site (www.novell.com/documentation).
Novell Trademarks
For a list of Novell trademarks, see the Novell Trademark List (http://www.novell.com/company/legal/trademarks/
tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
This product includes code licensed from RSA Security, Inc. Some portions licensed from IBM are available at http:/
/oss.software.ibm.com/icu4j/.
This product includes materials licensed under the Apache license, including Apache and Tomcat.
novdocx (en) 7 January 2010
novdocx (en) 7 January 2010
4 OES 2 SP2: Installation Guide
Contents
About This Guide 11
1 What's New in the OES 2 Install 13
1.1 What’s New in the OES 2 SP2 Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.2 What’s New in the OES 2 SP1 Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.3 What’s New in the OES 2 Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2 Preparing to Install OES 2 SP2 15
2.1 Before You Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2 32-Bit vs. 64-Bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.1 64-Bit eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.2 64-Bit NCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.2.3 Matching Software with Server Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.2.4 Don’t Mix 32-Bit and 64-Bit OES and SLES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.3 Meeting All Server Software and Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.3.1 Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.3.2 Server Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.4 eDirectory Rights Needed for Installing OES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.4.1 Rights to Install the First OES Server in a Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.4.2 Rights to Install the First Three Servers in an eDirectory Tree . . . . . . . . . . . . . . . . . 18
2.4.3 Rights to Install the First Three Servers in any eDirectory Partition . . . . . . . . . . . . . 18
2.4.4 Rights to Run Deployment Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.5 Installing and Configuring OES as a Subcontainer Administrator . . . . . . . . . . . . . . . . . . . . . . 18
2.5.1 Rights Required for Subcontainer Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.5.2 Starting a New Installation as a Subcontainer Administrator . . . . . . . . . . . . . . . . . . . 21
2.5.3 Adding/Configuring OES Services as a Different Administrator . . . . . . . . . . . . . . . . 21
2.6 Preparing eDirectory for OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.6.1 If Your Directory Tree Is Earlier than eDirectory 8.6 . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.6.2 If Your LDAP Server Is Running NetWare 6.5 SP2 or Earlier . . . . . . . . . . . . . . . . . . 22
2.6.3 If Your Tree Has Ever Contained an OES 1 Linux Server with LUM and NSS
Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.6.4 Extending the Schema. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.7 Deciding What Patterns to Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.8 Install Only One Server at a Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
2.9 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
novdocx (en) 7 January 2010
3 Installing OES 2 SP2 39
3.1 Obtaining OES 2 Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.2 Setting Up an Installation Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.2.1 Preparing a Network Installation Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.2.2 Preparing Physical Media for a New Server Installation or an Upgrade . . . . . . . . . . 42
3.3 Installing OES 2 SP2 as a New Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.3.1 Starting the OES 2 SP2 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.3.2 Specifying the Installation Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.3.3 Specifying the Add-On Product Installation Information . . . . . . . . . . . . . . . . . . . . . . 47
3.3.4 Setting Up the Clock and Time Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.3.5 Specifying the Installation Settings for the SLES Base and OES Installation . . . . . . 48
Contents 5
3.3.6 Specifying Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.4 Finishing the Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
3.5 Verifying That the Installation Was Successful . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
3.6 Guidelines for Configuring OES 2 SP2 Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
3.6.1 LDAP Configuration for Open Enterprise Services . . . . . . . . . . . . . . . . . . . . . . . . . . 76
3.6.2 Novell AFP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
3.6.3 Novell Archive and Version Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
3.6.4 Novell Backup/Storage Management Services (SMS) . . . . . . . . . . . . . . . . . . . . . . . 78
3.6.5 Novell CIFS for Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
3.6.6 Novell Cluster Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
3.6.7 Novell DHCP Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
3.6.8 Novell DNS Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
3.6.9 Novell Domain Services for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
3.6.10 Novell eDirectory Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
3.6.11 Novell FTP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
3.6.12 Novell iFolder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
3.6.13 Novell iManager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
3.6.14 Novell iPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
3.6.15 Novell Linux User Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
3.6.16 Novell NCP Server / Dynamic Storage Technology . . . . . . . . . . . . . . . . . . . . . . . . . 97
3.6.17 Novell NetStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
3.6.18 Novell Pre-Migration Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
3.6.19 Novell QuickFinder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
3.6.20 Novell Remote Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
3.6.21 Novell Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
3.6.22 Novell Storage Services (NSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
3.7 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
novdocx (en) 7 January 2010
4 Installing or Configuring OES 2 SP2 on an Existing Server 103
4.1 Before You Install OES Services on an Existing Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
4.1.1 Always Use YaST to Install and Initially Configure OES . . . . . . . . . . . . . . . . . . . . . 103
4.1.2 Don’t Install OES While Running the Xen Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . 103
4.2 Installing or Configuring OES Services on an Existing Server . . . . . . . . . . . . . . . . . . . . . . . . 104
4.3 Adding/Configuring OES Services on a Server That Another Administrator Installed . . . . . . 107
4.4 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
5 Upgrading to OES 2 SP2 109
5.1 Supported Upgrade Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
5.2 Planning for the Upgrade to OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
5.2.1 Be Sure to Check the Readme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
5.2.2 Always Upgrade SLES and OES at the same time . . . . . . . . . . . . . . . . . . . . . . . . . 110
5.2.3 Understanding the Implications for Other Products Currently Installed on the
Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
5.3 Meeting the Upgrade Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
5.3.1 Securing Current Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
5.3.2 Ensuring That There Is Adequate Storage Space on the Root Partition . . . . . . . . . 112
5.3.3 Preparing Your Target Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
5.3.4 Checking the Server’s IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
5.3.5 Checking the Server’s DNS Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
5.3.6 Ensuring That the Server Has a Server Certificate . . . . . . . . . . . . . . . . . . . . . . . . . 113
5.3.7 Preparing an Installation Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
5.4 Upgrading to OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
5.4.1 For Servers with EVMS and NSS on the System Device . . . . . . . . . . . . . . . . . . . . 114
5.4.2 To Upgrade Using a Network Installation Source with DHCP (Offline) . . . . . . . . . . 115
5.4.3 Upgrading Using a Network Installation Source without DHCP (Offline) . . . . . . . . . 116
6 OES 2 SP2: Installation Guide
5.4.4 Using Physical Media to Upgrade (Offline) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
5.4.5 Using the Patch Channel to Upgrade (Online) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
5.4.6 Selecting the Installation Mode Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
5.4.7 Specifying the Partition to Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
5.4.8 Specifying the Add-On Product Installation Information . . . . . . . . . . . . . . . . . . . . . 124
5.4.9 Reviewing the Delete Unmaintained Packages Notification . . . . . . . . . . . . . . . . . . 124
5.4.10 Verifying and Customizing the Update Options in Installation Settings . . . . . . . . . . 125
5.4.11 Accepting the Installation Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
5.4.12 Specifying Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
5.5 Finishing the Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
5.6 Post-Migration iManager Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
5.7 Verifying That the Upgrade Was Successful . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
5.8 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
6 Completing OES Installation or Upgrade Tasks 143
6.1 Determining Which Services Need Additional Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 143
6.2 Rebooting the Server after Installing NSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
6.3 Resolving the Certificate Store Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
6.4 Restarting Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
6.5 Launching and Configuring Firefox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
novdocx (en) 7 January 2010
7 Updating (Patching) an OES 2 SP2 Server 147
7.1 Overview of Updating (Patching) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
7.1.1 The Patch Process Briefly Explained. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
7.1.2 Update Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
7.2 Preparing the Server for Updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
7.3 Registering the Server in the Novell Customer Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
7.3.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
7.3.2 Registering the Server in the Novell Customer Center (Command Line) . . . . . . . . 149
7.3.3 Registering the Server in the Novell Customer Center (GUI) . . . . . . . . . . . . . . . . . 150
7.4 Updating the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
7.4.1 Updating the Server by Using the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . 153
7.4.2 Updating the Server from the GNOME or KDE Desktop . . . . . . . . . . . . . . . . . . . . . 158
7.5 Verifying That Your Channel Subscriptions Are Up-to-Date . . . . . . . . . . . . . . . . . . . . . . . . . 159
7.6 Frequently Asked Questions about Updating. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
7.6.1 Do I apply all the patches in the catalogs? How do I know which patches to apply?160
7.6.2 How do I re-add the catalogs for OES 2 in my ZENworks Management Daemon
configuration after removing one or more of them?. . . . . . . . . . . . . . . . . . . . . . . . . 160
7.6.3 What about YaST Online Update? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.7 Patching From Behind a Proxy Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.8 Quick Path Updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.8.1 Do Not Use rug up without the -t Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.8.2 Command Line Quick Path for Updating OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.8.3 GUI Quick Path for Updating OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
8 Using AutoYaST to Install and Configure Multiple OES Servers 167
8.1 Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
8.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
8.3 Setting Up a Control File with OES Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
8.3.1 Fixing an Automatically Created Control File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
8.3.2 Using the AutoInstallation Module to Create the Control File . . . . . . . . . . . . . . . . . 169
8.4 Setting Up an Installation Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Contents 7
9 Installing OES as a Xen VM Host Server 175
10 Installing, Upgrading, or Updating OES on a Xen-based VM 177
10.1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
10.1.1 OES 2 SP2 VM Host Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
10.1.2 Novell Storage Services Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
10.1.3 Setup Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
10.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
10.3 Preparing the Installation Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
10.3.1 Downloading the Installation Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
10.3.2 Preparing the Installation Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
10.4 Installing an OES 2 SP2 VM Guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
10.4.1 Specifying Options for Creating an OES 2 SP2 VM Guest . . . . . . . . . . . . . . . . . . . 180
10.4.2 Specifying the Installation Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
10.4.3 Specifying the Add-On Product Installation Information . . . . . . . . . . . . . . . . . . . . . 183
10.4.4 Completing the OES 2 SP2 VM Guest Installation . . . . . . . . . . . . . . . . . . . . . . . . . 184
10.5 Upgrading an OES 2 VM Guest to OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
10.5.1 Upgrading an OES 2 VM Guest by Using the Update Channel. . . . . . . . . . . . . . . . 184
10.5.2 Performing an Offline Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
10.6 Updating an OES 2 SP2 VM Guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
10.7 Managing a Virtual Machine Running OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
10.8 Setting Up an OES 2 SP2 VM Guest to Use Novell Storage Services (NSS) . . . . . . . . . . . . 189
novdocx (en) 7 January 2010
11 Installing and Managing NetWare on a Xen-based VM 191
11.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
11.2 Support Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
11.2.1 OES 2 Registration Is Required for Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
11.2.2 Supported Configurations and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
11.2.3 Unsupported Configurations and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
11.3 Preparing to Install a NetWare VM Guest Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
11.3.1 Planning for VM Host Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
11.3.2 Planning for NetWare VM Guest Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
11.3.3 You Must Use Timesync for Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . 195
11.3.4 Disabling the Alt+Esc Shortcut on the Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
11.4 Installing Virtualized NetWare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
11.4.1 Preparing the Installation Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
11.4.2 Creating a Response File for an Unattended NetWare Installation . . . . . . . . . . . . . 196
11.4.3 Creating a Xen Virtual Machine and Installing a NetWare VM Guest Server . . . . . 198
11.5 Managing NetWare on a Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
11.5.1 Using the Virtual Machine Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
11.5.2 Using the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
11.6 If VM Manager Doesn’t Launch on a Xen VM Host Server . . . . . . . . . . . . . . . . . . . . . . . . . . 204
12 Upgrading NetWare on a Xen-based VM 205
12.1 Upgrading the VM Host Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
12.2 Upgrading the NetWare VM Guest Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
12.2.1 Downloading the NetWare SP8 Zip File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
12.2.2 Providing Access to a Mounted DVD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
8 OES 2 SP2: Installation Guide
13 Disabling OES 2 Services 207
14 Security Considerations 209
14.1 Password for User Admin Written in Clear Text in control.xml. . . . . . . . . . . . . . . . . . . . . . . . 209
14.2 Access to the Server During an Installation or Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
14.3 Remote Installations Using VNC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
14.4 Improperly Configured LDAP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
A Installing with EVMS as the Volume Manager of the System Device 211
A.1 Using EVMS to Manage the System Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
A.2 Configuring the System Device to Use EVMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
A.2.1 Understanding the EVMS–Based Partitioning Scheme . . . . . . . . . . . . . . . . . . . . . . 212
A.2.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
A.2.3 Modifying the Installation Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
A.3 Using EVMS to Manage Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
A.3.1 NSS File Systems on EVMS-Managed Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
A.3.2 Linux POSIX File Systems on EVMS-Managed Devices . . . . . . . . . . . . . . . . . . . . 218
novdocx (en) 7 January 2010
B OES 2 SP2 File and Data Locations 221
B.1 General Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
B.2 Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
C Setting Up an Installation Source on NetWare 223
C.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
C.2 Copy the Files and Mount Them as NSS Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
C.3 Create the Boot CDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
D Upgrading to OES 2 SP2 Through a ZENworks Linux Management Server 227
D.1 Preparing the Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
D.2 Mirroring the Channels to Your ZENworks Linux Management Server . . . . . . . . . . . . . . . . . 228
D.3 Making Copies of the Downloaded Bundles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
D.4 Creating a Password Answer File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
D.5 Preparing the Bundles for Upgrading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
D.6 Preparing the OES 2 SP1 Servers for Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
D.7 Assigning the Bundles and Scheduling the Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
D.8 Known Issues and Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
D.8.1 Installing Additional OES Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
D.8.2 iFolder Fails to Start. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
D.8.3 SPident Command Reports that SLES Is Not Updated . . . . . . . . . . . . . . . . . . . . . . 241
D.8.4 oes-SPident Command Reports that OES Is Not Updated . . . . . . . . . . . . . . . . . . . 241
E Documentation Updates 243
Contents 9
novdocx (en) 7 January 2010
10 OES 2 SP2: Installation Guide
About This Guide
This guide describes how to install, upgrade, and update Novell® Open Enterprise Server (OES) 2
SP2 Linux. Except where specifically stated, the content of this guide applies to installing OES on a
computer’s physical hardware rather than on a Xen* virtual machine host server.
“What's New in the OES 2 Install” on page 13
“Preparing to Install OES 2 SP2” on page 15
“Installing OES 2 SP2” on page 39
“Installing or Configuring OES 2 SP2 on an Existing Server” on page 103
“Upgrading to OES 2 SP2” on page 109
“Completing OES Installation or Upgrade Tasks” on page 143
“Updating (Patching) an OES 2 SP2 Server” on page 147
“Using AutoYaST to Install and Configure Multiple OES Servers” on page 167
“Installing OES as a Xen VM Host Server” on page 175
novdocx (en) 7 January 2010
“Installing, Upgrading, or Updating OES on a Xen-based VM” on page 177
“Installing and Managing NetWare on a Xen-based VM” on page 191
“Upgrading NetWare on a Xen-based VM” on page 205
“Disabling OES 2 Services” on page 207
“Security Considerations” on page 209
“Installing with EVMS as the Volume Manager of the System Device” on page 211
“OES 2 SP2 File and Data Locations” on page 221
“Setting Up an Installation Source on NetWare” on page 223
“Upgrading to OES 2 SP2 Through a ZENworks Linux Management Server” on page 227
“Documentation Updates” on page 243
Audience
This guide is intended for system administrators.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with this product. Please use the User Comments feature at the bottom of each page of the
online documentation, or go to www.novell.com/documentation/feedback.html and enter your
comments there.
Documentation Updates
The latest version of the OES 2 SP2: Installation Guide is available at the Open Enterprise Server 2
documentation Web site (http://www.novell.com/documentation/oes2/inst_oes_lx/data/front.html).
About This Guide 11
Additional Documentation
For more information about See
Planning and implementing OES 2 SP2 OES 2 SP2: Planning and Implementation Guide
Migration from and coexistence with other products “Different Migration Tools” in the OES 2 SP2:
Migration Tool Administration Guide
Installing OES 2 SP2 on a Xen Virtual Host Server Chapter 10, “Installing, Upgrading, or Updating
OES on a Xen-based VM,” on page 177
SLES 10 Installation and Administration details SUSE
®
LINUX Enterprise Server 10 Installation
and Administration Guide (http://www.novell.com/
documentation/sles10/book_sle_reference/data/
book_sle_reference.html)
Documentation Conventions
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items
within a cross-reference path.
A trademark symbol (
®
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
trademark.
novdocx (en) 7 January 2010
12 OES 2 SP2: Installation Guide
1
What's New in the OES 2 Install
This section summarizes the features that have been updated with each release of Novell® Open
Enterprise Server (OES) 2 Linux.
Section 1.1, “What’s New in the OES 2 SP2 Install,” on page 13
Section 1.2, “What’s New in the OES 2 SP1 Install,” on page 13
Section 1.3, “What’s New in the OES 2 Install,” on page 14
1.1 What’s New in the OES 2 SP2 Install
The following features were added or modified from the SP1 release installation:
Table 1-1 OES 2 SP2 Release
novdocx (en) 7 January 2010
1
Functionality For More Information About
Create an EVMS Based Proposal In the YaSTTM install, an option is available to
automatically create an EVMS based proposal for
the system device. See Section A.2, “Configuring
the System Device to Use EVMS,” on page 212.
Upgrade through the Patch Channel You can now upgrade an OES 2 SP1 server to
OES 2 SP2 through the update (patch) channel.
See Section 5.4.5, “Using the Patch Channel to
Upgrade (Online),” on page 119.
1.2 What’s New in the OES 2 SP1 Install
The following features were added or modified from the initial release installation:
Table 1-2 OES 2 SP1 Release
Functionality For More Information About
Unsupported packages are no longer removed by
default.
Installing OES 2 while installing SLES 10 SP1: See
“Specifying the Add-On Product Installation
Information” on page 47.
Installing OES 2 services on a server that is already
running SLES 10 SP1: See “Installing or
Configuring OES 2 SP2 on an Existing Server” on
page 103.
OES servers are now configured to use
eDirectory
default in every installation/upgrade scenario
except an upgrade from OES 2, where the option
used during the initial server install/upgrade is
retained.
TM
certificates for all HTTPS services by
Certificate management in OES 2: See “Certificate
Management” in the OES 2 SP2: Planning and
Implementation Guide.
What's New in the OES 2 Install
13
Functionality For More Information About
novdocx (en) 7 January 2010
Updating through the Novell patch channels now
requires registering the server with the Novell
Customer Center using either purchased activation
codes or 60-day evaluation codes.
This change is reflected in various instructions
throughout this and other guides.
1.3 What’s New in the OES 2 Install
In the initial release of OES 2, the following features were added to the OES installation:
Table 1-3 OES 2 Initial Release
Functionality For More Information About
Open Enterprise Server 2 Linux is an add-on
product that can be installed with SUSE® Linux
Enterprise Server 10 SP1 or added to a server
running SLES 10 SP1 with updates.
DVD media is now also available to perform the
installation.
Installing OES 2 while installing SLES 10 SP1: See
“Specifying the Add-On Product Installation
Information” on page 47.
Installing OES 2 services on a server that is already
running SLES 10 SP1: See “Installing or
Configuring OES 2 SP2 on an Existing Server” on
page 103.
See “Preparing Physical Media for a New Server
Installation or an Upgrade” on page 42.
OES 2 can be installed on x86-64 bit hardware. See Table 2-1 on page 17.
Configuring OES services is easier to find and
perform on multiple services.
A specific tool for extending the schema is available
in YaST.
You can install OES 2 Linux on a Xen-based virtual
machine host server.
You can install OES 2 Linux as a Xen-based virtual
machine host server.
The method for updating OES matches the method
for updating SLES 10 SP1.
See “Configuring Novell Open Enterprise Server
Services” on page 71 and “Installing or Configuring
OES 2 SP2 on an Existing Server” on page 103.
See “Extending the Schema” on page 26.
See “Chapter 10, “Installing, Upgrading, or
Updating OES on a Xen-based VM,” on page 177.”
See “Chapter 9, “Installing OES as a Xen VM Host
Server,” on page 175.”
“Updating (Patching) an OES 2 SP2 Server” on
page 147.
14 OES 2 SP2: Installation Guide
2
Preparing to Install OES 2 SP2
You should perform the tasks and understand the information outlined in the following sections:
Section 2.1, “Before You Install,” on page 15
Section 2.2, “32-Bit vs. 64-Bit,” on page 15
Section 2.3, “Meeting All Server Software and Hardware Requirements,” on page 16
Section 2.4, “eDirectory Rights Needed for Installing OES,” on page 18
Section 2.5, “Installing and Configuring OES as a Subcontainer Administrator,” on page 18
Section 2.6, “Preparing eDirectory for OES 2 SP2,” on page 22
Section 2.7, “Deciding What Patterns to Install,” on page 28
Section 2.8, “Install Only One Server at a Time,” on page 36
Section 2.9, “What's Next,” on page 36
novdocx (en) 7 January 2010
2
2.1 Before You Install
Before you install Novell® Open Enterprise Server (OES) 2 SP1 Linux, you should review the
information in the following sections:
“Planning Your OES 2 Implementation” in the OES 2 SP2: Planning and Implementation
Guide
“Before You Install or Upgrade” in the OES2 SP2: Readme
2.2 32-Bit vs. 64-Bit
OES 2 and SUSE® Linux Enterprise Server (SLES) 10 are available in both 32-bit (i386) and 64-bit
(x86-64) architectural versions.
Section 2.2.1, “64-Bit eDirectory,” on page 15
Section 2.2.2, “64-Bit NCP Server,” on page 16
Section 2.2.3, “Matching Software with Server Hardware,” on page 16
Section 2.2.4, “Don’t Mix 32-Bit and 64-Bit OES and SLES,” on page 16
2.2.1 64-Bit eDirectory
Selecting Novell eDirectory when using
OES 2 SP2 64-bit media automatically installs 64-bit eDirectory
OES 2 SP2 32-bit media installs 32-bit eDirectory.
TM
.
Preparing to Install OES 2 SP2
15
2.2.2 64-Bit NCP Server
Selecting NCP Server when using
novdocx (en) 7 January 2010
OES 2 SP2 64-bit media, automatically installs 64-bit NCP
OES 2 SP2 32-bit media installs 32-bit NCP server.
TM
server.
2.2.3 Matching Software with Server Hardware
Make sure that you understand which software can be installed on which server hardware.
64-Bit Server Hardware: Supports either the 32-bit versions of OES and SLES or the 64-bit
versions of OES and SLES.
32-Bit Server Hardware: Supports only the 32-bit versions of OES and SLES.
2.2.4 Don’t Mix 32-Bit and 64-Bit OES and SLES
The 32-bit and 64-bit versions of OES and SLES are not compatible with each other. In other words,
you cannot install 32-bit OES with 64-bit SLES on the same server hardware, and the reverse is also
true.
2.3 Meeting All Server Software and Hardware Requirements
Before installing OES 2 SP2, ensure that your system meets the following requirements.
Section 2.3.1, “Server Software,” on page 16
Section 2.3.2, “Server Hardware,” on page 17
2.3.1 Server Software
As part of the OES 2 SP2 installation, you install SUSE Linux Enterprise Server 10 SP3.
IMPORTANT: OES 2 SP2 services were developed and tested on a default SLES 10 SP3 server
base.
As you install OES 2 SP2, do not change any of the SLES 10 Base Technologies package selections,
such as Java* support. Doing so can cause various problems, such as the installation failing or one or
more OES 2 SP2 services not working properly.
If you are installing on an existing SLES 10 SP3 server, be sure to verify that all of the default SLES
10 SP3 components are installed before attempting to install OES 2 SP2 services.
16 OES 2 SP2: Installation Guide
2.3.2 Server Hardware
Table 2-1 Server Hardware Requirements
System Component Minimum Requirements Recommended Requirements
novdocx (en) 7 January 2010
Computer Server-class computer with
Pentium* II or AMD* K7 450
MHz processor
Memory 1 GB of RAM 2 GB of RAM for the base system. Additional
Free Disk Space 7 GB of available,
unpartitioned disk space
CD-ROM or DVD Drive 4X CD-ROM or DVD drive if
installing from physical media
Hard Drive 20 GB
Network Board Ethernet 100 Mbps
IP address
One IP address on a
subnet
Server-class computer with Pentium III,
Pentium III Xeon*, Pentium 4, Intel* Xeon 700
MHz, AMD K8 CPUs (Athlon64 and Opteron*),
Intel EM64T or higher processor.
NOTE: Some OES services run in 32-bit mode
only.
RAM might be required depending on which
OES components are selected and how they
are used.
10 GB of available, unpartitioned disk space.
Additional disk space might be required,
depending on which OES components are
selected and how they are used.
48X CD-ROM or DVD drive if installing from
physical media
Subnet mask
Default gateway
Mouse N/A USB or PS/2
Server computer BIOS Using a CD-ROM or DVD
installation source, prepare
the BIOS on your server
computer so that it boots from
the CD-ROM or DVD drive
first.
Video Card and Monitor 1024 X 768 resolution or
higher with a minimum color
depth of 8 bits (256 colors)
Although it is technically possible to run the
ncurses installation at a lower resolution, some
informational messages aren’t displayed
because text strings don’t wrap to the
constraints of the window.
NOTE: The RAM and disk space amounts shown here are for system components only. The OES
service components you install might require additional RAM and disk space.
Be sure to complete the planning instructions found in the OES 2 SP2: Planning and
Implementation Guide for each component you install.
Preparing to Install OES 2 SP2 17
2.4 eDirectory Rights Needed for Installing OES
The following eDirectoryTM rights are discussed in this section:
Section 2.4.1, “Rights to Install the First OES Server in a Tree,” on page 18
Section 2.4.2, “Rights to Install the First Three Servers in an eDirectory Tree,” on page 18
Section 2.4.3, “Rights to Install the First Three Servers in any eDirectory Partition,” on page 18
Section 2.4.4, “Rights to Run Deployment Manager,” on page 18
2.4.1 Rights to Install the First OES Server in a Tree
To install an OES server in a tree, you must have rights to extend the schema, meaning that you need
Supervisor rights to the [Root] of the tree.
TM
You can extend the schema by using the Novell Schema Tool in YaST
Supervisor rights to the [Root] of the eDirectory tree install the first OES server and the first
instance of each OES service that will be used into the tree. For more information, see Section 2.6.4,
“Extending the Schema,” on page 26.
or by having a user with
novdocx (en) 7 January 2010
2.4.2 Rights to Install the First Three Servers in an eDirectory Tree
If you are installing the server into a new tree, the Admin user that is created during the OES
installation has full rights to the root of the tree. Using the account for user Admin allows the
installer to extend the eDirectory schema for OES as necessary. To install the first OES server in an
eDirectory tree, you must have the Supervisor right at the [Root] of the eDirectory tree.
2.4.3 Rights to Install the First Three Servers in any eDirectory Partition
By default, the first three servers installed in an eDirectory partition automatically receive a replica
of that partition. To install a server into a partition that does not already contain three replica servers,
the user must have either the Supervisor right at the [Root] of the tree or the Supervisor right to the
container in which the server holding the partition resides.
2.4.4 Rights to Run Deployment Manager
If you are installing the first OES server into an existing NetWare® eDirectory tree, you can run
Deployment Manager first to prepare the tree so it is compatible with the new version of eDirectory
that comes with OES 2 SP1 and later. This requires access to a server with a Read/Write replica of
the Root partition.
2.5 Installing and Configuring OES as a Subcontainer Administrator
IMPORTANT: The information explained in Section 2.4, “eDirectory Rights Needed for Installing
OES,” on page 18 is prerequisite to the information contained in this section.
18 OES 2 SP2: Installation Guide
This section outlines the eDirectory rights required and explains how a subcontainer administrator
approaches various installation tasks.
Section 2.5.1, “Rights Required for Subcontainer Administrators,” on page 19
Section 2.5.2, “Starting a New Installation as a Subcontainer Administrator,” on page 21
Section 2.5.3, “Adding/Configuring OES Services as a Different Administrator,” on page 21
2.5.1 Rights Required for Subcontainer Administrators
For security reasons, you might want to create one or more subcontainer administrators
(administrators that are in a container that is subordinate to the container that user Admin is in) with
sufficient rights to install additional OES servers, without granting them full rights to the entire tree.
A subcontainer administrator needs the rights listed in Tabl e 2-2 to install an OES server into the
tree.
These rights are typically granted by placing all administrative users in a Group or Role in
eDirectory, and then assigning the rights to the Group or Role. Sample steps for assigning the rights
to a single subcontainer administrator are provided as a general guide.
novdocx (en) 7 January 2010
Table 2-2 Subcontainer Administrator Rights Needed to Install
Rights Needed Sample Steps to Follow
Supervisor right to itself 1. In iManager > View Objects > the Browse tab, browse to and select
the sub-container administrator.
2. Click the administrator object, then select Modify Trustees.
3. Click the Assigned Rights link for the administrator object.
4. For the [All Attributes Rights] property, select Supervisor, then click
Done > OK.
Supervisor right to the
container where the server
will be installed
Supervisor right to the W0
object located inside the
KAP object in the Security
container
1. Browse to the container where the subcontainer administrator will
install the server.
2. Click the container object and select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [All Attributes Rights] and [Entry rights] properties, select
Supervisor, then click Done > OK > OK.
1. Browse to Security > KAP.
2. In KAP, click W0 and select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [All Attributes Rights] and [Entry rights] properties, select
Supervisor, then click Done > OK > OK.
Preparing to Install OES 2 SP2 19
Rights Needed Sample Steps to Follow
novdocx (en) 7 January 2010
Supervisor right to the
Security container when
installing the NMAS™ login
methods
Create right to its own
container (context)
Create right to the container
where the UNIX Config
object is located.
If the subcontainer administrator will install the NMAS login methods:
1. Browse to and select Security
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [All Attributes Rights] and [Entry rights] properties, select
Supervisor, then click Done > OK > OK.
1. Browse to and select the container where you created the
subcontainer administrator.
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [Entry Rights] property, select Create, then click Done > OK >
OK.
1. Browse to and select the container where the UNIX Config object is
located. By default, this is the Organization object.
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [Entry Rights] property, select Create, then click Done > OK >
OK.
Read right to the Security
container object for the
eDirectory tree
This is not needed if the Supervisor right was assigned because of NMAS.
If the subcontainer administrator won’t install the NMAS login methods, do
the following:
1. Browse to and select Security
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [All Attributes Rights] property, select Read, then click Done >
OK > OK.
20 OES 2 SP2: Installation Guide
Rights Needed Sample Steps to Follow
novdocx (en) 7 January 2010
Read right to the
NDSPKI:Private Key
attribute on the
Organizational CA object
(located in the Security
container)
Read and Write rights to the
UNIX Config object.
1. Browse to Security and select the Organizational CA object.
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. Click the Add Property button.
6. Select NDSPKI:Private Key and click OK.
The Read right should be automatically assigned.
7. Click Done > OK > OK.
1. Browse to and select the UNIX Config object.
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [All Attributes Rights] property, select Write (Read is already
selected), then click Done > OK > OK.
When you install DNS/DHCP into an existing tree with DNS/DHCP, see the following additional
guidelines:
For DNS, see “eDirectory Permissions ” in the OES 2 SP2: Novell DNS/DHCP Administration
Guide for Linux.
For DHCP, see “eDirectory Permissions ” in the OES 2 SP2: Novell DNS/DHCP
Administration Guide for Linux.
2.5.2 Starting a New Installation as a Subcontainer Administrator
You can install a new OES server into an existing tree as a subcontainer administrator if you have:
The rights described in “Rights Required for Subcontainer Administrators” on page 19
(If applicable) The rights described for the server installations in “eDirectory Rights Needed
for Installing OES” on page 18.
When you reach the eDirectory Configuration - Existing Tree page, enter your fully distinguished
name (FDN) and password. After verifying your credentials, the installation proceeds normally.
2.5.3 Adding/Configuring OES Services as a Different Administrator
To add or configure OES services on an OES server that another administrator installed, see
“Adding/Configuring OES Services on a Server That Another Administrator Installed” on page 107.
Preparing to Install OES 2 SP2 21
2.6 Preparing eDirectory for OES 2 SP2
Section 2.6.1, “If Your Directory Tree Is Earlier than eDirectory 8.6,” on page 22
Section 2.6.2, “If Your LDAP Server Is Running NetWare 6.5 SP2 or Earlier,” on page 22
Section 2.6.3, “If Your Tree Has Ever Contained an OES 1 Linux Server with LUM and NSS
Installed,” on page 23
Section 2.6.4, “Extending the Schema,” on page 26
2.6.1 If Your Directory Tree Is Earlier than eDirectory 8.6
If you are installing an OES 2 server into an eDirectory tree that is earlier than eDirectory 8.6, do the
following before installing your first OES server in an existing NetWare tree:
1 Extend the schema by using Deployment Manager. See “Schema Update” in the NW65 SP8:
Installation Guide.
2 Ensure that the schema is synchronized throughout the tree from [ROOT] by doing the
following:
novdocx (en) 7 January 2010
2a Verify that schema is synchronizing out from [ROOT] by entering the following
commands at the System Console prompt of the NetWare server with the Master of
[ROOT]:
set DSTRACE=on
set DSTRACE=nodebug
set DSTRACE=+Schema
set DSTRACE=*SSD
set DSTRACE=*SSA
2b Toggle to the Directory Services screen and look for the message:
YES
2c On each server that holds a Master of a partition, enter the following commands at the
System Console prompt:
set DSTRACE=off
set DSTRACE=nodebug
set DSTRACE=+Schema
set DSTRACE=*SS
2d Toggle to the Directory Services screen and look for the message:
YES
All Processed =
All Processed =
2.6.2 If Your LDAP Server Is Running NetWare 6.5 SP2 or Earlier
If you are installing into an eDirectory tree that is using a NetWare server to supply LDAP, upgrade
the LDAP server that the OES installation will communicate with to the NetWare 6.5 SP3 or later
software. A server running NetWare 6.5 SP2 or earlier will probably abend.
22 OES 2 SP2: Installation Guide
2.6.3 If Your Tree Has Ever Contained an OES 1 Linux Server with LUM and NSS Installed
Having NSS volumes on OES servers requires certain system-level modifications, most of which are
automatic. For more information, see “System User and Group Management in OES 2 SP2” in the
OES 2 SP2: Planning and Implementation Guide
“NetStorage, X-Tier, and Their System Users” on page 23
“An NSS Complication” on page 23
“eDirectory Solves the Basic Problem” on page 23
“ID Mismatches on OES 1” on page 24
“The OES 1 Solution: the nssid.sh Script” on page 24
“OES 2 SP1 and SP2 Require a New Approach” on page 24
“The OES 2 Solution: Standardizing the UIDs on all OES servers” on page 24
NetStorage, X-Tier, and Their System Users
novdocx (en) 7 January 2010
By default, certain OES services, such as NetStorage, rely on a background Novell service named
X-Tier.
To run on an OES server, X-Tier requires two system-created users (named
novlxregd
) and one system-created group that the users belong to (named
novlxsrvd
novlxtier
and
).
An NSS Complication
The two X-Tier users mentioned above, and their group, are created on the local system when XTier is installed. For example, they are created when you install NetStorage, and their respective
UIDs and GID are used to establish ownership of the service’s directories and files.
For NetStorage to run, these X-Tier users and group must be able to read data on all volume types
that exist on the OES server.
As long as the server has only Linux traditional file systems, such as Ext3 and Reiser, NetStorage
runs well.
However, if the server has NSS volumes, an additional requirement is introduced. NSS data can only
be accessed by eDirectory users. Consequently, the local X-Tier users can’t access NSS data, and
NetStorage can’t run properly.
eDirectory Solves the Basic Problem
When NSS volumes are created on the server, the two X-Tier system users and their group are
moved to eDirectory and enabled for Linux User Management (LUM). (See “Linux User
Management: Access to Linux for eDirectory Users” in the OES 2 SP2: Planning and
Implementation Guide.).
After the move to eDirectory, they can function as both eDirectory and POSIX* users, and they no
longer exist on the local system.
Preparing to Install OES 2 SP2 23
ID Mismatches on OES 1
On OES 1, problems occur when additional OES NetStorage servers with NSS volumes are installed
in the same eDirectory container. Because the UIDs and GID are assigned by the system, unless the
installation process is exactly the same for each OES 1 server, the UIDs and GID don’t match
server-to-server.
When the local X-Tier UIDs and GID on subsequently installed servers don’t match the X-Tier
UIDs and GID in eDirectory, NetStorage can’t access the NSS volumes on the server.
The OES 1 Solution: the nssid.sh Script
To solve the problem of mismatched Ids, the OES 1 installation program looks for X-Tier ID
conflicts, and if the IDs on a newly installed server don’t match the IDs in eDirectory, the program
generates a script file named
check for an
nssid.sh
script synchronizes all of the X-Tier IDs with those in eDirectory.
nssid.sh
file on a newly installed server, and if the file is found, to run it. The
nssid.sh
. The OES 1 documentation instructs installers to always
However, this solution is only viable through the first release of OES 2.
novdocx (en) 7 January 2010
OES 2 SP1 and SP2 Require a New Approach
System-level changes in SUSE Linux Enterprise Server 10 SP2 and later invalidate the
nssid.sh
script solution for mismatched IDs. Synchronizing the X-Tier IDs with an OES 1 installation can
now cause instability in other non-OES components. Therefore, starting with OES 2 SP1, you
should standardize all X-Tier IDs on existing servers before installing a new server with X-Tierdependent services.
The OES 2 Solution: Standardizing the UIDs on all OES servers
If your eDirectory tree has ever contained an OES 1 Linux server with NSS and LUM installed, do
the following on each server (including OES 2) that has NSS and LUM installed:
root
1 Log in as
id novlxregd
id novlxsrvd
The standardized X-Tier IDs are UID 81 for
novlxtier
for
and open a terminal prompt. Then enter the following commands:
novlxregd
, UID 82 for
novlxsrvd
.
, and GID 81
2 If you see the following ID information, the X-Tier IDs are standardized and you can move to
the next server:
uid=81(novlxregd) gid=81(novlxtier) groups=81(novlxtier)
uid=82(novlxsrvd) gid=81(novlxtier) groups=81(novlxtier),8(www)
If you see different IDs than those listed above, such as 101, 102, 103, etc., record the numbers
for both X-Tier users and the novlxtier group. You need these to standardize the IDs on the
server.
3 Download the following script file:
fix_xtier_ids.sh (http://www.novell.com/documentation/oes2/scripts/fix_xtier_ids.sh)
4 Customize the template file by replacing the variables in angle brackets (<>) as follows:
<server_name>: The name of the server object in eDirectory.
Replace this variable with the server name.
24 OES 2 SP2: Installation Guide
For example, if the server name is myserver, replace <server_name> with myserver so that
the line in the settings section of the script reads
server=myserver
<context>: The context of the X-Tier user and group objects.
Replace this variable with the fully distinguished name of the context where the objects
reside.
For example, if the objects are an Organizational Unit object named servers, replace
ou=servers,o=company.
<admin fdn>: The full context of an eDirectory admin user, such as the Tree Admin, who
has rights to modify the X-Tier user and group objects.
Replace this variable with the admin name and context, specified with comma-delimited
syntax.
For example, if the tree admin is in an Organization container named company, the full
context is cn=admin,o=company and the line in settings section of the script reads
admin_fdn=”cn=admin,o=company”
novdocx (en) 7 January 2010
<novlxregd_uid>: The UID that the system assigned to the local
might or might not be the same on each server, depending on whether the
novlxregd
nssid.sh
user. It
ran successfully.
Replace this variable with the UID reported for the novlxregd user on this server as listed
when you ran the commands in Step 1 on page 24.
In the example script, the original UID is 101. It is changed to 81 in the third line of the
script. The sixth line changes the UID on all of the files and directories on the server that
are owned by the novlxregd user from 101 to 81.
<novlxsrvd_uid>: The UID that the system assigned to the local
might not be the same on each server, depending on whether the
novlxsrvd
nssid.sh
user. It
script ran
successfully.
Replace this variable with the UID reported for the novlxsrvd user on this server as listed
when you ran the commands in Step 1 on page 24.
In the example script, the original UID is 103. It is changed to 82 in the fourth line of the
script. The seventh line changes the UID on all of the files and directories on the server
that are owned by the
<novlxtier_gid>: The GID that the system assigned to the local
might not be the same on each server, depending on whether the
novlxsrvd
user from 103 to 82.
novlxtier
nssid.sh
group. It
script ran
successfully.
Replace this variable with the GID reported for the novlxtier group on this server as listed
when you ran the commands in Step 1 on page 24.
script
In the example script, the original GID is 101. It is changed to 81 in the second line of the
script. The six and seventh lines change the GID from 101 to 81 for all of the files and
directories on the server that are owned by the
novlxtier
group.
5 Make the script executable and run it on the server.
IMPORTANT: Changes to the X-Tier files are not reported on the terminal.
Preparing to Install OES 2 SP2 25
Error messages are reported, but you can safely ignore them. The script scans the entire file
system, and some files are locked because the system is running.
6 Repeat from Step 1 for each of the other servers in the same context.
2.6.4 Extending the Schema
An eDirectory tree must have its schema extended to accommodate OES 2 servers and services as
explained in the following sections.
“Who Can Extend the Schema?” on page 26
“Which OES 2 SP2 Services Require a Schema Extension?” on page 26
“Extending the Schema While Installing OES 2” on page 27
“Using the YaST Plug-In to Extend the Schema” on page 27
“Extending the Schema for Novell Cluster Services” on page 28
Who Can Extend the Schema?
novdocx (en) 7 January 2010
Only an administrator with the Supervisor right at the [Root] of an eDirectory tree can extend the
tree’s schema.
Which OES 2 SP2 Services Require a Schema Extension?
The following service schema extensions are included with OES 2 SP2.
A single asterisk (*) indicates a service that is either required for OES 2 servers or for the default
services that are installed on every OES 2 server. They are implemented when the first OES 2 SP1 or
later server is installed in the tree.
Unmarked extensions are implemented the first time their respective services are installed, unless
the schema was previously extended using another method, such as the YaST plug-in (see “Using
the YaST Plug-In to Extend the Schema” on page 27).
CIFS
Directory Services*
iFolder
iPrint
DHCP
DNS
Domain Services for Windows
Linux User Management*
NCP
NCS
Novell Cluster Services
in “Extending the eDirectory Schema to Add Cluster Objects” in the OES 2 SP2: Novell
Cluster Services 1.8.7 for Linux Administration Guide.
NetStorage
26 OES 2 SP2: Installation Guide
TM
requires you to extend the schema manually. Follow the instructions
NMAS*
Novell Storage Services
Storage Management Services*
Extending the Schema While Installing OES 2
The simplest way to extend the schema for OES 2 servers is to have a tree admin install the first
OES 2 server and the first instance of each OES 2 service that you plan to run on your network.
After this initial installation, you can assign subcontainer admins with the required rights to install
additional servers and services. For more information on the required rights for the various OES
services, see “Rights Required for Subcontainer Administrators” on page 19.
Using the YaST Plug-In to Extend the Schema
If you want a subcontainer admin to install the first OES 2 server or the first instance of an OES 2
service in an existing tree, and you don’t want to grant that admin the Supervisor right to the [Root]
of the tree, you can extend the schema by using YaST from any of the following locations:
novdocx (en) 7 January 2010
An OES 2 SP2 server running in another tree
An OES 2 SP2 server that was installed without any OES 2 services added (the YaST plug-in is
a default OES 2 component)
or
A SLES 10 SP3 server with the
yast2-novell-schematool.rpm
installed. The RPM is
available on the OES 2 SP2 installation media and can be launched at a terminal prompt
following installation by entering
yast2 novell-schematool
.
To run the Novell Schema Tool:
1 On the server’s desktop, click Computer and open the YaST Control Center.
2 Click Open Enterprise Server > Novell Schema Tool.
3 Depending on the installation method you used, you might be required to insert your OES 2
installation media.
4 On the Novell eDirectory Extension Utility page, specify the information for an eDirectory
server with a Read/Write replica of the Root partition.
Be sure to provide the correct information to authenticate as an admin user with the Supervisor
right at the [Root] of the target tree. Otherwise, the schema extension fails.
5 If you are preparing the tree so that a subcontainer admin can install the first OES 2 SP1 or later
server, select the services marked with an asterisk (*) in “Which OES 2 SP2 Services Require a
Schema Extension?” on page 26.
Although this step is not required if the tree already has an OES 2 SP1 or later server installed,
selecting the marked services won’t cause any problems.
6 Select all of the other services you plan to run on any of the OES 2 servers in the tree.
7 Click Next.
The schema is extended.
Preparing to Install OES 2 SP2 27
Extending the Schema for Novell Cluster Services
If you want a subcontainer administrator to install the first instance of Novell Cluster Services in a
tree, you can extend the schema by following the instructions in “Extending the eDirectory Schema
to Add Cluster Objects” in the OES 2 SP2: Novell Cluster Services 1.8.7 for Linux Administration
Guide.
2.7 Deciding What Patterns to Install
A default SLES 10 SP3 installation has the following base technology, graphical environment, and
primary function patterns selected for installation. With the exception explained in the two
Important notes below, you can accept or deselect these patterns and install additional patterns as
desired.
Table 2-3 Standard SLES 10 SP3 Installation Patterns
Pattern Description
Server Base System Consists of all packages that are common to all Novell SUSE Linux
Enterprise products. Also provides a Linux Standard Base 3.0
compliant runtime environment.
novdocx (en) 7 January 2010
This pattern is selected for installation by default.
IMPORTANT: You must either install this pattern or the Common
Code Base pattern.
Common Code Base The largest system. It includes all packages available with SUSE
Linux, except those that would result in dependency conflicts.
IMPORTANT: You must either install this pattern or the Server Base
System pattern.
®
Novell AppArmor Novell AppArmor
framework that provides mandatory access control for programs,
protecting against the exploitation of software flaws and compromised
systems. AppArmor includes everything you need to provide effective
containment for programs (including those that run as
attempted exploits and even zero-day attacks. AppArmor offers an
advanced tool set that largely automates the development of perprogram application security so that no new expertise is required.
This pattern is selected for installation by default.
GNOME Desktop Environment The GNOME* desktop environment is an intuitive and attractive
desktop for users. The GNOME development platform is an extensive
framework for building applications that integrate into the rest of the
desktop.
is an open source Linux application security
root
) to thwart
28 OES 2 SP2: Installation Guide
This pattern is selected for installation by default.
Pattern Description
X Window System In continuous use for over 20 years, the X Window System* provides
the only standard platform-independent networked graphical window
system bridging the heterogeneous platforms in today's enterprise:
from network servers to desktops, thin clients, laptops, and
handhelds, independent of operating system and hardware.
This pattern is selected for installation by default.
Print Server Sets up a print server to host print queues so that they can be
accessed by other computers on the same network, including
machines running Microsoft* Windows* operating systems. The print
server can accept print jobs from client computers and direct them to
locally attached printers or to network printers. lpd, cups, and smb
print servers and queues are supported.
This pattern is selected for installation by default.
The OES add-on installation includes the following OES Services patterns.
novdocx (en) 7 January 2010
Table 2-4 OES Services Pattern Descriptions
Pattern Description
Novell AFP Novell AFP server allows Macintosh clients to access data stored on NSS
volumes in the same way they access data on a Mac OS X server.
This pattern selects and installs these services:
Novell Backup / Storage Management Services
TM
(SMS)
Novell eDirectory
Novell Storage Services
TM
(NSS)
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell Archive and
Version Services
Novell Archive and Version Services systematically captures and stores
versions of your network files in an archive database, on a schedule that you
determine. Users can search for a previous version of a file and quickly
restore it.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell eDirectory
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell Storage Services (NSS)
Preparing to Install OES 2 SP2 29
Pattern Description
novdocx (en) 7 January 2010
Novell Backup/Storage
Management Services
(SMS)
The Novell backup infrastructure (called Storage Management ServicesTM or
SMS) provides backup applications with the framework to develop a complete
backup and restore solution.
SMS helps back up file systems (such as NSS) or application data (such as
data from GroupWise®) on NetWare and SUSE Linux Enterprise Server
(SLES) to removable tape media or other media for off-site storage. It provides
a single consistent interface for all file systems and applications across
NetWare and SLES.
This pattern selects and installs these services:
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell CIFS CIFS (Common Internet File System) is a network sharing protocol. Novell
CIFS enables Windows, Linux, and UNIX* client workstations to copy, delete,
move, save, and open files on an OES 2 server. CIFS allows read and write
access from multiple client systems simultaneously.
This pattern selects and installs these services:
Novell Backup / Storage Management Services (SMS)
Novell eDirectory
Novell Storage Services (NSS)
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell Cluster Services
(NCS)
Novell Cluster Services is a server clustering system that ensures high
availability and manageability of critical network resources including data,
applications, and services. It is a multinode clustering product for Linux that is
enabled for Novell eDirectory and supports failover, failback, and migration
(load balancing) of individually managed cluster resources.
Novell Cluster Services lets you add Linux nodes to an existing NetWare 6.5
cluster without bringing down the cluster, or it lets you create an all-Linux
cluster. With a mixed cluster, you can migrate services between OS kernels,
and if services are alike on both platforms (such as NSS), you can set the
services to fail over across platforms.
Using Novell Cluster Services with iSCSI technologies included in OES, you
can build inexpensive clustered SANs on commodity gigabit Ethernet
hardware. You can leverage existing hardware into a high availability solution
supporting Linux and NetWare clusters.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
30 OES 2 SP2: Installation Guide
Pattern Description
Novell DHCP Novell DHCP (Dynamic Host Configuration Protocol) uses eDirectory to
provide configuration parameters to client computers and integrate them into a
network.
The eDirectory integration lets you have centralized administration and
management of DHCP servers across the enterprise and lets you set up
DHCP subnet replication via Novell eDirectory.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell eDirectory
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell DNS Novell DNS uses Novell eDirectory to deliver information associated with
domain names, in particular the IP address.
This eDirectory integration lets you have centralized administration and
management of DNS servers across the enterprise and lets you set up a DNS
zone via Novell eDirectory.
novdocx (en) 7 January 2010
Novell Domain Services
for Windows
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell eDirectory
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell Domain Services for Windows provides seamless cross-authentication
capabilities between Windows/Active Directory* and Novell OES 2 servers. It
is a suite of integrated technologies that removes the need for the Novell
ClientTM when logging on and accessing data from Windows workstations in
eDirectory trees. This technology simplifies the management of users and
workstations in mixed Novell-Microsoft environments.
This pattern selects and installs these services:
Novell Backup / Storage Management Services (SMS)
Novell eDirectory
Novell DNS
Novell iManager
Novell iPrint
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell Storage Services (NSS)
Novell NCP Server
Preparing to Install OES 2 SP2 31
Pattern Description
Novell eDirectory Novell eDirectory services are the foundation for the world's largest identity
management, high-end directory service that allows businesses to manage
identities and security access for employees, customers, and partners. More
than just an LDAP data store, eDirectory is the identity foundation for
managing the relationships that link your users and their access rights with
corporate resources, devices, and security policies.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell FTP Novell FTP (File Transfer Protocol) is integrated with Novell eDirectory so that
users can securely transfer files to and from OES volumes.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell eDirectory
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
novdocx (en) 7 January 2010
Novell iFolder Novell iFolder 3.8 is a simple and secure storage solution that increases user
productivity by enabling users to back up, access, and manage their personal
files from anywhere, at any time.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell eDirectory
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell iManager Novell iManager is a Web-based administration console that provides secure,
customized access to network administration utilities and content from virtually
anywhere you have access to the Internet and a Web browser.
iManager provides the following benefits:
Single point of administration for Novell eDirectory objects, schema,
partitions, and replicas
Single point of administration for many other network resources
Management of many Novell products by using iManager plug-ins
Role-Based Services (RBS) for delegated administration
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
32 OES 2 SP2: Installation Guide
Pattern Description
Novell iPrint Novell iPrint lets employees, partners, and customers access printers from a
variety of locations across the network and the Internet. From a Web browser,
users can easily install any printer on the network from any location.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell eDirectory
Novell iManager
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
novdocx (en) 7 January 2010
Novell Linux User
Management (LUM)
Novell NCP Server /
Dynamic Storage
Technology
Linux User Management (LUM) enables eDirectory users to function as local
POSIX users on Linux servers. This functionality lets administrators use
eDirectory to centrally manage remote users for access to one or more OES
servers.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell Remote Manager (NRM)
Novell NCP
drives to OES servers, and other services commonly associated with Novell
Client access. This means that Windows users with the Novell Client installed
can be seamlessly transitioned to file services on OES.
NCP Server includes Novell Dynamic Storage Technology, which allows
seldom-accessed files on NCP volumes to be automatically moved, according
to policies set by the administrator, from faster-access storage to lower-cost
storage media where the files can be more easily managed and backed up.
Services included with NCP (NetWare Core Protocol
locking, security, tracking of resource allocation, event notification,
synchronization with other servers, connection and communication, print
services and queue management, and network management.
This pattern selects and installs these services:
TM
Server for Linux enables support for login scripts, mapping
TM
) are file access, file
Novell Backup/Storage Management Services (SMS)
Novell eDirectory
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Preparing to Install OES 2 SP2 33
Pattern Description
Novell NetStorage Novell NetStorage provides the solution for simple, Internet-based access to
file storage. NetStorage is a bridge between a company's protected Novell
storage network and the Internet. It lets users access files securely from any
Internet location, with nothing to download or install on the user's workstation.
With Novell NetStorage, a user can securely access files from any Internetenabled machine. Users can copy, move, rename, delete, read, write, recover,
and set trustee assignments (based on their privilege level) on files between a
local workstation and a Novell storage network. Access is available from any
Internet-attached workstation, anywhere in the world. There is no need to email or copy data from one machine to another.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell iManager
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
novdocx (en) 7 January 2010
Novell Pre-Migration
Server
A Novell Pre-Migration Server is not actually a service. Rather, it is a specialpurpose server—the target of a Server ID Transfer Migration.
Selecting this option causes this server to be installed without an eDirectory
replica, thus preparing it to assume the identity of another server that you plan
to decommission. For more information, see the OES 2 SP2: Migration Tool
Administration Guide.
You should also select and install all the services that you plan to migrate from
the other server. Services that are not installed on this server prior to the
migration cannot be migrated.
This pattern selects and installs these services:
Novell Backup / Storage Management Services (SMS)
Novell eDirectory (without a replica)
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
34 OES 2 SP2: Installation Guide
Pattern Description
Novell QuickFinder QuickFinderTM lets your users find the information they're looking for on any of
your public and private Web sites, your partners' sites, and any number of
additional Web sites across the Internet or internal file servers, all from a
single search form on your Web page.
You can easily modify the look and feel of any of the sample search results
pages to match your corporate design.
You can create full-text indexes of HTML, XML, PDF, Word, OpenOffice.org*,
and many other document formats in almost any language with the
QuickFinder Unicode* indexing engine.
You can configure and maintain your indexes remotely from anywhere on the
network with the QuickFinder Web-based administration module.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
novdocx (en) 7 January 2010
Novell Remote Manager
(NRM)
Novell Remote Manager lets you securely access and manage one or more
servers from any location through a standard Web browser. You can use
Novell Remote Manager to monitor your server's health, change the
configuration of your server, or perform diagnostic and debugging tasks.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell Linux User Management (LUM)
Novell Samba Novell Samba provides Windows (CIFS and HTTP-WebDAV) access to files
stored on an OES server's file system using an eDirectory username and
password.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Preparing to Install OES 2 SP2 35
Pattern Description
novdocx (en) 7 January 2010
Novell Storage Services
(NSS)
The Novell Storage Services (NSS) file system provides many unique and
powerful file system capabilities. It is especially suited for managing file
services for thousands of users in an organization. It also includes Novell
Distributed File Services for NSS volumes.
Unique features include visibility, trustee access control model, multiple
simultaneous namespace support, native Unicode, user and directory quotas,
rich file attributes, multiple data stream support, event file lists, and a file
salvage subsystem.
NSS volumes are cross-compatible between kernels. You can mount a nonencrypted NSS data volume on either the Linux or NetWare kernel and move
it between them. In a clustered SAN, volumes can fail over between kernels,
allowing for full data and file system feature preservation when migrating data
to Linux.
IMPORTANT: If you select this service, you might need to reconsider the disk
partition setup you have chosen. For information, see Appendix A, “Installing
with EVMS as the Volume Manager of the System Device,” on page 211.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell eDirectory
Novell NCP Server
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
If you want to install these services, you can select them to install with most other patterns during
the initial server installation by customizing the installation or you can install them after installing
your initial Open Enterprise Server. For more information, see “Customizing the Software
Selections” on page 52 and “Installing or Configuring OES 2 SP2 on an Existing Server” on
page 103.
2.8 Install Only One Server at a Time
You should install one server at a time into a tree, then wait for the installation program to complete
before installing an additional server into the same tree.
2.9 What's Next
Proceed to one of the following sections, depending on the task that you want to perform:
“Installing OES 2 SP2” on page 39
“Upgrading to OES 2 SP2” on page 109
“Updating (Patching) an OES 2 SP2 Server” on page 147
“Using AutoYaST to Install and Configure Multiple OES Servers” on page 167
“Installing, Upgrading, or Updating OES on a Xen-based VM” on page 177
36 OES 2 SP2: Installation Guide
“Installing and Managing NetWare on a Xen-based VM” on page 191
“Installing with EVMS as the Volume Manager of the System Device” on page 211
novdocx (en) 7 January 2010
Preparing to Install OES 2 SP2 37
novdocx (en) 7 January 2010
38 OES 2 SP2: Installation Guide
3
Installing OES 2 SP2
Novell® Open Enterprise Server (OES) 2 SP2 Linux is an add-on product to SUSE® Linux
Enterprise Server (SLES) 10 SP3. When you install and configure OES, you can also install and
configure SLES 10 SP3. Therefore, it is helpful to understand how to perform a SLES 10 SP3
installation.
For detailed information on performing a SLES installation, see the SLES 10 SP3 Installation and
Administration Guide (http://www.novell.com/documentation/sles10/book_sle_reference/data/
book_sle_reference.html).
This section includes brief steps for performing a full installation of OES and provides information
on the following topics:
“Obtaining OES 2 Software” on page 39
“Setting Up an Installation Source” on page 39
“Installing OES 2 SP2 as a New Installation” on page 43
novdocx (en) 7 January 2010
3
3.1 Obtaining OES 2 Software
For information on obtaining OES software, see “Getting and Preparing OES 2 Software” in the
OES 2 SP2: Planning and Implementation Guide.
3.2 Setting Up an Installation Source
This section covers how to get the media you need for an installation and how to set up installation
sources for installing OES:
Section 3.2.1, “Preparing a Network Installation Source,” on page 39
Section 3.2.2, “Preparing Physical Media for a New Server Installation or an Upgrade,” on
page 42
3.2.1 Preparing a Network Installation Source
This section contains the following information:
“Requirements” on page 39
“Procedure” on page 40
Requirements
To set up a network installation source, you need the following:
A server to act as the YaST
This server can be SLES 9, SLES 10, SUSE Linux 9.3 or later, OES 1 or OES 2, Windows, or
NetWare
A computer to become the new OES server
®
6.5.
TM
Network Installation server:
Installing OES 2 SP2
39
Both servers need to be connected to the network and able to communicate with each other.
If you have DHCP on your network, using DHCP works well to begin the initial network
installation. During the installation, you are prompted to configure your OES server with a static IP
address. The static IP address is required for the configuring OES network services on your server.
If you don't have DHCP on your network, you need to do a manual installation and configure your
OES server with a static IP address, subnet mask, a default gateway, and a name server. You do not
need to redo this network configuration later in the installation because it is already set up. The
instructions for this come later in the installation procedure. (See “Installing OES 2 SP2 as a New
Installation” on page 43.)
Procedure
To prepare a network installation source on a NetWare server, see Appendix C, “Setting Up an
Installation Source on NetWare,” on page 223.
To prepare a network installation source on a Linux or Windows server, see “Setting Up the Server
Holding the Installation Sources” (http://www.novell.com/documentation/sles10/sles_admin/data/
sec_deployment_remoteinst_instserver.html) in the SLES 10 SP3 Installation and Administration
Guide (http://www.novell.com/documentation/sles10/sles_admin/data/book_sle_reference.html)
and the following instructions.
novdocx (en) 7 January 2010
1 Download or copy the ISO image files to a directory of your choice. See “Getting and
Preparing OES 2 Software” in the OES 2 SP2: Planning and Implementation Guide.
2 Configure your Linux server to be a YaST installation server and select the location for the root
of the network installation.
The three protocol options to choose from for configuring the YaST installation server are
NFS, FTP, and HTTP. For the protocol configuration procedures, see the following:
“NFS Protocol Configuration” on page 40
“FTP Protocol Configuration” on page 41
“HTTP Protocol Configuration” on page 41
FTP and HTTP do not allow you to serve the files without possible modifications to
.conf
files. NFS is the simplest protocol to configure and is recommended.
3 Create a boot CD using the
.iso
image file for SUSE Linux Enterprise Server SP3 CD 1 and
label it with that name.
For information on creating this CD, see “Preparing Physical Media for a New Server
Installation or an Upgrade” on page 42.
This CD will be the network installation boot CD.
With these steps completed, you are ready to perform a new installation or upgrade using a network
installation source. See “Installing OES 2 SP2 as a New Installation” on page 43 or “Upgrading to
OES 2 SP2” on page 109.
NFS Protocol Configuration
An NFS share can be shared easily from almost any location on your file system. Use the following
procedure if you choose to use this protocol:
1 At your network installation server, launch YaST.
40 OES 2 SP2: Installation Guide
2 Select Network Services, then click NFS Server.
You might be prompted to install the NFS server.
3 On the NFS Server configuration screen, select Start in the NFS Server section, select Open
Port in Firewall in the Firewall section, then click Next.
4 In the Directories section, click Add Directory and specify or browse to the directory where you
have created the install root (source directory), then click OK.
5 Accept the defaults in the pop-up window for adding a Host.
If you are experienced with NFS configurations, you can customize the configuration.
6 Click Finish.
FTP Protocol Configuration
These instructions use pure ftpd and can be installed through YaST. Depending on the FTP server
you use, the configuration might be different.
If you have created your install root (source directory) within your FTP root, you can forego the
following procedure and simply start pure ftpd.
novdocx (en) 7 January 2010
The default configuration of pure ftpd runs in chroot jail, so symlinks cannot be followed. In order to
allow FTP access to the install root created outside of the FTP root, you must mount the install root
directory inside of the FTP root.
If you have not created your install root within your FTP root and you choose to use this protocol:
1 Create a directory inside of your FTP root.
2 Run the following command:
mount --bind /path_to_install_root /path_to_directory_in_ftp_root
For example,
mount --bind /tmp/OES /srv/ftp/OES
3 (Optional) If you want to make this install root permanent, add this command to the
file.
fstab
/etc/
4 Start pure ftpd.
HTTP Protocol Configuration
These instructions use Apache2 as provided by SLES 10.
If you choose to use this protocol:
1 Modify the
default-server.conf
file of your HTTP server to allow it to follow symlinks
and create directory indexes.
default-server.conf
The
tag of the
Indexes
default-server.conf
to the
Options
file is located in the
file, remove
/etc/apache2
None
if it is there, add
directive, then save the changes.
directory. In the
FollowSymLinks
Directory
and
2 (Conditional) If the install root is outside of the HTTP root, create a symbolic link to the install
root with the following command:
ln -s /path_to_install_root /path_to_link
For example,
Installing OES 2 SP2 41
ln -s /tmp/OES /srv/www/htdocs/OES
3 Restart Apache.
3.2.2 Preparing Physical Media for a New Server Installation or an Upgrade
To prepare physical media for an installation or upgrade, you must first download ISO image files
and then burn the CDs or DVDs that you need for your server. Detailed download instructions are
available in “Getting and Preparing OES 2 Software” in the OES 2 SP2: Planning and
Implementation Guide.
Table 3 - 1 lists the image files you need, depending on whether your server has a CD drive or a CD/
DVD combo drive.
Table 3-1 Files to Download
Platform Files needed
novdocx (en) 7 January 2010
32-bit server with CD drive
32-bit server with CD/DVD drive
64-bit server with CD drive
64-bit server with CD/DVD drive
32-bit server with CD drive
SLES-10-SP3-CD-i386-GM-CD1.iso
SLES-10-SP3-CD-i386-GM-CD2.iso
SLES-10-SP3-CD-i386-GM-CD3.iso
SLES-10-SP3-CD-i386-GM-CD4.iso
OES2-SP2-i386-CD1.iso
SLES-10-SP3-DVD-i386-GM-DVD1.iso
OES2-SP2-i386-CD1.iso
SLES-10-SP3-CD-x86_64-GM-CD1.iso
SLES-10-SP3-CD-x86_64-GM-CD2.iso
SLES-10-SP3-CD-x86_64-GM-CD3.iso
SLES-10-SP3-CD-x86_64-GM-CD4.iso
OES2-SP2-x86_64-CD1.iso
SLES-10-SP3-DVD-x86_64-GM-DVD1.iso
OES2-SP2-x86_64-CD1.iso
SLES-10-SP3-CD-i386-GM-CD1.iso
SLES-10-SP3-CD-i386-GM-CD2.iso
SLES-10-SP3-CD-i386-GM-CD3.iso
SLES-10-SP3-CD-i386-GM-CD4.iso
OES2-SP2-i386-CD1.iso
IMPORTANT: You can download the OES 2 CD and the SLES 10 DVD ISO files listed in Ta ble
3-1 from the OES 2 SP2 download page (http://download.novell.com/Download?buildid=eE531TUqlg~).
42 OES 2 SP2: Installation Guide
The SLES 10 SP3 CD ISO files listed in Table 3-1 are only available on the SLES 10 SP3 download
page (http://download.novell.com/Download?buildid=Z4ysu62Q4gw~).
1 Download the ISO files you need for your hardware capabilities.
2 Insert a blank, writable CD or DVD into your CD or DVD burner.
3 Select the option to create a CD or DVD from an image file.
4 Select ISO as the file type.
5 Select the first image file (see Table 3-1) from the location you downloaded it to.
6 Complete the CD or DVD creation process.
7 Label the disk.
8 Repeat this process for each of the ISO image files you downloaded.
3.3 Installing OES 2 SP2 as a New Installation
This section does not provide step-by-step installation instructions because the installation interface
is mostly self-explanatory. It does, however, provide information about important steps in the
process that you might need help with.
novdocx (en) 7 January 2010
Section 3.3.1, “Starting the OES 2 SP2 Installation,” on page 43
Section 3.3.2, “Specifying the Installation Mode,” on page 46
Section 3.3.3, “Specifying the Add-On Product Installation Information,” on page 47
Section 3.3.4, “Setting Up the Clock and Time Zone,” on page 48
Section 3.3.5, “Specifying the Installation Settings for the SLES Base and OES Installation,”
on page 48
Section 3.3.6, “Specifying Configuration Information,” on page 54
3.3.1 Starting the OES 2 SP2 Installation
Insert the first disc of the SUSE Linux Enterprise Server 10 SP3 installation media that you created
into the CD-ROM or DVD drive of the computer that you want to be your OES server, then boot the
machine. Then continue with one of the following procedures:
“Installation Using a Network Installation Source with DHCP” on page 43
“Installation Using a Network Installation Source without DHCP” on page 44
“New Server Installation Using Physical Media or ISO” on page 46
Installation Using a Network Installation Source with DHCP
1 From the CD boot menu, select one of the following Installation options that matches your
environment, but do not press Enter.
Installation: The normal installation mode. All modern hardware functions are enabled.
Installation—ACPI Disabled: If the normal installation fails, it might be because the
system hardware does not support ACPI (advanced configuration and power interface). If
this seems to be the case, use this option to install without ACPI support.
Installing OES 2 SP2 43
Installation—Local APIC Disabled: If the normal installation fails, it might be because
the system hardware does not support local APIC (advanced programmable interrupt
controllers). If this seems to be the case, use this option to install without local APIC
support.
If you are not sure, try Installation—ACPI Disabled or Installation—Safe Settings first.
Installation—Safe Settings: Boots the system with the DMA mode (for CD-ROM
drives) and power management functions disabled. Experts can also use the command line
to enter or change kernel parameters.
At this point you can either
Skip to with Step 4 and input everything as the install prompts you.
or
Pre-specify the IP address information and/or the boot options parameters on the Boot
Options line (see “Using Custom Boot Options” in the SUSE Linux Enterprise Server
Installation and Administration Guide (http://www.novell.com/documentation/sles10/
book_sle_reference/data/
sec_deployment_remoteinst_bootinst.html#sec_deployment_remoteinst_bootinst_custom
)),
2 (Optional) If you want to specify the IP address information, do it now.
novdocx (en) 7 January 2010
Otherwise, continue with Step 3.
3 (Optional) If you want to specify boot options parameters, do it now. Then press Enter and
continue with Step 7.
Otherwise, continue with Step 4.
4 Press F4, and then select the network installation type (SLP, FTP, HTTP, NFS, SMB/CIFS) that
you set up on your network installation server.
See Step 2 on page 40 of the Preparing a Network Installation Source procedure.
5 Specify the required information (server name and installation path), then select OK.
6 Press Enter to begin the installation.
7 Follow the screen prompts, referring to the information in the following sections as needed
(remember that not all required selections are documented):
7a “Specifying the Installation Mode” on page 46.
7b “Specifying the Add-On Product Installation Information” on page 47.
7c “Setting Up the Clock and Time Zone” on page 48.
7d “Specifying the Installation Settings for the SLES Base and OES Installation” on page 48.
7e “Specifying Configuration Information” on page 54.
7f “Finishing the Installation” on page 71.
8 Complete the server setup by following the procedures in “Completing OES Installation or
Upgrade Tasks” on page 143.
Installation Using a Network Installation Source without DHCP
1 From the CD boot menu, select one of the following Installation options that matches your
environment.
Installation: The normal installation mode. All modern hardware functions are enabled.
44 OES 2 SP2: Installation Guide
Installation—ACPI Disabled: If the normal installation fails, this might be because of
the system hardware not supporting ACPI (advanced configuration and power interface).
If this seems to be the case, use this option to install without ACPI support.
Installation—Local APIC Disabled: If the normal installation fails, this might be
because of the system hardware not supporting local APIC (advanced programmable
interrupt controllers). If this seems to be the case, use this option to install without local
APIC support.
If you are not sure, try Installation—ACPI Disabled or Installation—Safe Settings first.
Installation—Safe Settings: Boots the system with the DMA mode (for CD-ROM
drives) and power management functions disabled. Experts can also use the command line
to enter or change kernel parameters.
2 At this point you can pre-specify the IP address information, etc. on the Boot Options line (see
“Using Custom Boot Options” in the SUSE Linux Enterprise Server Installation and
Administration Guide (http://www.novell.com/documentation/sles10/book_sle_reference/data/
sec_deployment_remoteinst_bootinst.html#sec_deployment_remoteinst_bootinst_custom)),
If you want to specify the IP address information, etc., do it now. Then press Enter and continue
with Step 19 on page 46.
Otherwise, press Enter, continue with Step 3, and input everything as the install prompts you.
novdocx (en) 7 January 2010
3 When you receive the following error, select OK and press Enter:
Could not find the SUSE Linux Enterprise Server 10 Installation source.
Activating manual set up program
.
4 Select the language, then select OK and press Enter.
5 Select a keyboard map, then select OK and press Enter.
6 Select Start Installation or System, then select OK and press Enter.
7 Select Start Installation or Update, then select OK and press Enter.
8 Select Network, press Enter, then select OK and press Enter.
9 Select the network protocol that matches the configured protocol on your network installation
server, then press Enter.
10 (Conditional) If you have more than one network interface card, select one of the cards, then
press Enter.
We recommend eth0.
11 When prompted whether you want to use DHCP, select No, then press Enter.
12 Specify the IP address for the server, then press Enter.
13 Specify the subnet mask, then press Enter.
14 Specify the gateway, then press Enter.
15 Specify the IP address of a name server, then press Enter.
16 Specify the IP address of the network installation server, then press Enter.
17 (Conditional) Depending on the protocol you specified, you might see additional screens for
FTP or HTTP. Select the options that are appropriate for your network, then continue with
Step 18.
18 Specify the path to your installation source on the network installation server, then press Enter.
Installing OES 2 SP2 45
19 Follow the prompts, using the information contained in the following sections:
19a “Specifying the Installation Mode” on page 46.
19b “Specifying the Add-On Product Installation Information” on page 47.
19c “Setting Up the Clock and Time Zone” on page 48.
19d “Specifying the Installation Settings for the SLES Base and OES Installation” on page 48.
19e “Specifying Configuration Information” on page 54.
19f “Finishing the Installation” on page 71.
20 Complete the server setup by following the procedures in “Completing OES Installation or
Upgrade Tasks” on page 143.
New Server Installation Using Physical Media or ISO
1 From the CD boot menu, select the second option (Installation), then press Enter.
2 Select the language that you want to use, then click Next.
3 Read and accept the license agreement, then click Next.
4 (Conditional) If you haven’t already verified that the media you burned is valid, you can check
it by using the Media Check option; otherwise, click Next to continue with the installation.
The installation process prompts you for each CD at the appropriate time. The progress status
at the bottom of the screen indicates which CD will be requested next.
novdocx (en) 7 January 2010
5 Follow the prompts, using the information contained in the following sections:
5a “Specifying the Installation Mode” on page 46.
5b “Specifying the Add-On Product Installation Information” on page 47.
5c “Setting Up the Clock and Time Zone” on page 48.
5d “Specifying the Installation Settings for the SLES Base and OES Installation” on page 48.
5e “Specifying Configuration Information” on page 54.
5f “Finishing the Installation” on page 71.
6 Complete the server setup by following the procedures in “Completing OES Installation or
Upgrade Tasks” on page 143.
3.3.2 Specifying the Installation Mode
When selecting the type of installation, select New Installation.
1 When the Installation Mode page displays, select the following two menu options, then click
Next:
1. New Installation
46 OES 2 SP2: Installation Guide
2. Include Add-On Products from Separate Media
novdocx (en) 7 January 2010
2 Continue with Section 3.3.3, “Specifying the Add-On Product Installation Information,” on
page 47.
3.3.3 Specifying the Add-On Product Installation Information
When the Add-On Product Installation page displays:
1 Click Add.
2 If you are installing OES 2 from a CD, do the following:
2a On the Add-On Product Media page, click CD, then click Next.
2b On the Insert the Add-On Product CD page, select the appropriate drive where you want to
insert the OES CD.
2c Click Eject.
2d Insert the CD labeled Novell Open Enterprise Server 2 SP2 CD 1, then click Continue.
3 If you are using an alternate installation source, such as a network installation source, click the
appropriate option for your situation, then click Next and supply the required information.
4 Read and accept the Novell Open Enterprise Server 2 license agreement, then click Next.
5 Confirm that the Add-On Product Installation page shows the correct path to the OES media,
then click Next.
6 Continue with Section 3.3.4, “Setting Up the Clock and Time Zone,” on page 48.
Installing OES 2 SP2 47
3.3.4 Setting Up the Clock and Time Zone
1 Make sure the Clock, Region, Timezo ne, and Time and Date settings are what you want, then
click Next.
You can configure this information after the installation is complete, but it is easier to do it
during the installation.
2 Continue with Section 3.3.5, “Specifying the Installation Settings for the SLES Base and OES
Installation,” on page 48.
3.3.5 Specifying the Installation Settings for the SLES Base and OES Installation
The Installation Settings page lets you specify which software and services are installed on your
server.
Overview tab: This lets you specify everything that is normally required for an OES
installation.
Expert tab: This lets you fully customize your SLES installation settings. For detailed
information, see “Deployment” (http://www.novell.com/documentation/sles10/
book_sle_reference/data/part_setup.html) in the SLES 10 SP3 Installation and Administration
Guide (http://www.novell.com/documentation/sles10/book_sle_reference/data/
book_sle_reference.html). Keep in mind, however, that the SLES guide does not contain
instructions for OES-specific components or configurations.
novdocx (en) 7 January 2010
IMPORTANT: If you accept the defaults at this point in the installation process, only the base OES
components are installed.
You can add OES services later, but you should at least read the guidelines and follow the applicable
procedures in the following sections:
“Setting Up Disk Partitions” on page 48
“Customizing the Software Selections” on page 52
“Accepting the Installation Settings” on page 54
Setting Up Disk Partitions
In most cases, YaST proposes a reasonable partitioning scheme that can be accepted without
change. You can also use YaST to customize the partitioning.
“Guidelines” on page 49
“NSS on the System Disk” on page 50
“Security Flag Recommendations” on page 50
“Partitioning X86 Machines” on page 51
“Disk Partition Statistics” on page 51
“Combining Hard Disk Partitions” on page 52
48 OES 2 SP2: Installation Guide
Guidelines
Table 3 - 2 presents guidelines for setting up disk partitions on your OES server. For more
information, see “Installation Settings” (http://www.novell.com/documentation/sles10/
book_sle_reference/data/sec_i_yast2_proposal.html) in the SLES 10 SP3 Installation and
Administration Guide (http://www.novell.com/documentation/sles10/book_sle_reference/data/
book_sle_reference.html)
Table 3-2 Partition Guidelines
novdocx (en) 7 January 2010
Partition
to Create
/boot
swap
/
/var
Other Considerations
Depending on the hardware, it might be useful to create a boot partition (
boot mechanism and the Linux kernel.
You should create this partition at the start of the disk and make it at least 8 MB or 1 cylinder.
As a rule of thumb, always create such a partition if it was included in the YaST original
proposal. If you are unsure about this, create a boot partition to be on the safe side.
IMPORTANT: In a Xen VM installation, format the
system. For a technical explanation of why this is necessary, see “Paravirtual Mode and
Journaling File Systems (http://www.novell.com/documentation/sles10/xen_admin/data/
sec_xen_filesystem.html)” in the Virtualization with Xen (http://www.novell.com/
documentation/sles10/xen_admin/data/bookinfo.html) guide.
This should normally be twice the size of the RAM installed on your server, up to 1 GB. If you
create a
partition first.
Define this partition as 3 GB or more. In all cases, create this partition after you create the
swap
that you don’t specifically create.
This contains system logs and should therefore be a separate partition to avoid impacting
system and service stability because of a disk-full condition.
Define this partition as 4 GB or more.
/boot
partition, create the
partition. Keep in mind that this root (/) partition contains all of the partitions listed below
swap
partition second. Otherwise, create the
/boot
partition using Ext2 as the file
/boot
) to hold the
swap
/opt
/usr
/srv
/home
Some (mostly commercial) programs install their data in
Define this partition as 4 GB or more.
Creating this as a separate partition makes updating the server easier if you need to reinstall
the system from the beginning.
Define this partition as 4 GB or more.
This contains the Web and FTP servers.
Consider making this a separate partition to avoid having someone flood the disk by accident
or on purpose, which impacts system and service stability.
User Home directories go here.
Consider making this a separate partition to avoid having someone flood the disk by accident
or on purpose, which impacts system and service stability.
You can allocate the rest of the disk space to this partition.
/opt
.
Installing OES 2 SP2 49
novdocx (en) 7 January 2010
Partition
to Create
/tmp
Other Considerations
Creating this as a separate partition is optional. However, because it is writable by everyone,
best practices suggest creating a separate partition to avoid having someone flood the disk by
accident or on purpose, which impacts system and service stability.
Place application specific files on a separate partition.
If you are building a mail server, note where the mail spools reside because they can grow
quite large, and you need to anticipate this when you are defining partition sizes.
NSS on the System Disk
For OES, Novell Storage Services™ (NSS) volumes can be used only as data volumes, not as
system volumes.
Additionally, they cannot be created as part of the install process.
However, you must consider whether you will be creating them in the future on the storage device
where you are installing Linux. (Creating NSS volumes on storage devices that don’t contain Linux
system partitions requires no special handling.)
The default volume manager for Linux POSIX volumes on SUSE Linux is LVM (Linux Volume
Manager). However, NSS volumes cannot be created on devices managed by LVM; they require
EVMS (Enterprise Volume Management System) instead.
IMPORTANT: If you have only a single storage device on the server (such as a single physical disk
or a hardware RAID 1 or RAID 5 device) and you plan to use NSS volumes for storing data, you
must follow the instructions in “Installing with EVMS as the Volume Manager of the System
Device” on page 211 to partition that storage device before proceeding.
You must also follow the EVMS setup instructions if you are creating Linux system partitions on
other storage devices that you also want to contain NSS volumes.
Security Flag Recommendations
The following table indicates the recommended security flags for each partition. A question mark
indicates that some software might not work if this flag is set.
Mount Point Mount Options
/
/var nosuid
/tmp nosuid
/home nosuid
/srv nosuid
installation)
,
nodev, noexec
?,
nodev
?,
noexec
?
?, ro? (after
50 OES 2 SP2: Installation Guide
Mount Point Mount Options
novdocx (en) 7 January 2010
/usr/local nosuid
IMPORTANT: Proprietary software installs might
fail if executables in
owner (suid), and devices might not work in
local
temporarily with security deactivated.
?,
nodev
?, ro? (after installation)
/tmp
cannot run as the file
/usr/
, etc. In such cases, remount those partitions
Partitioning X86 Machines
There can be a maximum of four primary partitions or three primary partitions and one
extended partition (an extended partition can hold 15 (SCSI) or 63 (IDE) logical partitions).
Each partition is assigned a partition type, depending on the file system planned for the
partition.
Each partition holds its own file system.
Partitions are mounted into the file system tree at mount points. The content of the partition is
visible to users with sufficient access privileges below the mount point.
One of the partitions must hold the root (
/
) file system (other partitions can be integrated into
the root file system by using the mount command).
The
/etc/fstab
file holds partition and mount point information to allow automatic mounting
at boot time.
Device files in the “device” (
/dev
) partition are used to represent and address partitions; for
example:
/dev/hda
/dev/hda1
/dev/hda5
/dev/sdb
/dev/sdb3
Master disk on the first IDE channel
First primary partition on that disk
First logical partition with an extended partition on that disk
Second SCSI disk
Third primary partition on that disk
Disk Partition Statistics
Use the following to get information about system storage usage:
df
df -h
du
du /dirA
du -sh
Displays information about partitions
Displays information in megabytes or gigabytes as applicable (human readable
format)
Displays disk usage
Displays the size of each file and directory in dirA
Prints a summary of information in megabytes or gigabytes
Installing OES 2 SP2 51
Combining Hard Disk Partitions
Partitions from two or more hard disks can be combined by using the logical volume manager
(LVM).
Partitions (physical volumes) can be combined into a volume group, which in turn can be
divided into logical volumes that contain their own file systems.
Doing this increases flexibility because physical volumes can be easily added to the volume group if
more storage space is needed. Logical volumes can be added while the machine is up and running.
Customizing the Software Selections
IMPORTANT: To install any of the OES patterns, you must customize the software selections. If
you don’t make any selections, only the base SLES 10 and base OES packages are installed.
However, you can install any of the patterns after the base SLES installation is complete. See
“Installing or Configuring OES 2 SP2 on an Existing Server” on page 103.
To customize which software packages are installed on the server:
novdocx (en) 7 January 2010
1 On the Installation Settings page, click Software.
The Open Enterprise Server add-on adds the OES Services category of patterns to the base
software selection categories offered by the SLES 10 installation. OES Services include
patterns that contain Novell services or products such as Novell DNS and DHCP services,
iPrint, or iManager.
None of the OES Services is selected by default. This lets you fully customize your OES server.
2 At this point, you can do the following to customize your software selections:
Select any number of the OES Services patterns.
52 OES 2 SP2: Installation Guide
A description of each pattern displays to the right of the pattern when it is selected. For a
description of OES Services patterns and the components selected with each pattern, see
Table 2-4 on page 29.
You can manually change the default SLES selections by changing the install status and
selecting the patterns offered in each category.
IMPORTANT: If you deselect a pattern after selecting it, you are instructing the
installation program to not install that pattern and all of it dependent patterns. Rather than
deselecting a pattern, click Cancel to cancel your software selections, then click the
Software heading again to choose your selections again.
Selecting only the patterns that you want to install ensures that the patterns and their
dependent patterns and packages are installed.
If you click Accept, then return to software pattern selection page, the selections that you
made become your base selections and must be deselected if you want to remove them
from the installation proposal.
You must install at least one of the SLES Base Technologies patterns.
Selecting a pattern automatically selects the other patterns that it depends on to complete
the installation.
You can view the details of your selection and add or remove specific packages for the
installation by clicking Details.
novdocx (en) 7 January 2010
3 When you have selected the software components that you want to install, click Accept.
4 If you are prompted with the license agreement for Professional TrueType Fonts, click Accept.
Installing OES 2 SP2 53
5 (Conditional) If the prompt for Automatic Changes displays, click Continue.
6 (Conditional) If prompted, resolve any dependency conflicts.
Accepting the Installation Settings
1 Review the final Installation Summary page to ensure that you have all the Installation settings
you desire.
2 After you have changed all the Installation Settings as desired, click Accept.
3 On the Confirm Installation page, click Install.
The base installation settings are applied and the packages are installed.
4 For installations using a network installation source, you can remove the network boot CD
(SLES 10 SP3 CD 1) from the CD drive.
5 For installations using a CD or DVD installation source, leave the CD or DVD in the CD-ROM
or DVD drive.
6 After the server reboot, proceed with “Specifying Configuration Information” on page 54.
novdocx (en) 7 January 2010
3.3.6 Specifying Configuration Information
When the server reboots, you are required to complete the following configuration information:
1. “Specifying the Password for the System Administrator “root”” on page 54
2. “Specifying Network Configuration Settings” on page 55
3. “Testing the Connection to the Internet” on page 57
4. “Specifying Novell Customer Center Configuration Settings” on page 57
5. “Updating the Server Software During the Installation” on page 60
6. “Specifying Service Configuration Settings” on page 63
7. “Specifying LDAP Configuration Settings” on page 64
8. “Specifying eDirectory Configuration Settings” on page 66
9. “Configuring Novell Open Enterprise Server Services” on page 71
Specifying the Password for the System Administrator “root”
In the Password for the System Administrator root page:
1 Specify the password for the
For security reasons, the
long and should contain a mixture of both uppercase and lowercase letters and numbers. The
maximum length for passwords is 72 characters, and passwords are case sensitive. If you have
a password longer than eight characters, click Expert Options > Blowfish > OK.
2 Confirm the password.
root
administrator.
root
user’s password should be between five and eight characters
3 Click Next.
54 OES 2 SP2: Installation Guide
Specifying the Hostname and Domain Name
On the Hostname and Domain Name page:
1 Specify the DNS hostname associated with the IP address you have or will assign to the server.
2 Specify the DNS domain name for the server.
3 Deselect Change Hostname via DHCP.
4 Click Next.
Specifying Network Configuration Settings
On the Network Configuration page, you can change the configuration for the components listed
below. In this section, we only give details for the Network Interfaces and Firewall settings.
“Network Interface” on page 55
“Firewall” on page 55
Network Interface
novdocx (en) 7 January 2010
Configuration success is directly tied to specific networking configuration requirements. Make sure
that the settings covered in the steps that follow are configured exactly as specified.
Specify the setting for each network board on the server:
1 On the Network Configuration page, click Network Interfaces.
2 On the Network Card Configuration Overview page, select the network card you want to
configure, then click Edit.
3 Select Static Address Setup, then specify the IP address and the subnet mask for the interface.
By default, the OES installation requires you to configure the network card to use a static IP
address.
4 In the Detailed Settings list, select Hostname and Name Server.
4a In the Name Servers and Domain Search List panel, specify from one to three DNS server
IP addresses.
4b Click OK to return to the Detailed Settings list.
5 In the Detailed Settings list, select Routing.
5a Specify the IP address of the default gateway on the subnet where you are installing the
OES server.
5b Click OK to return to the Detailed Settings list.
6 Click Next to return to the Network Card Configuration Overview page.
7 Complete Step 2 through Step 6 for each network board, then click Next to return to the main
Network Configuration page.
Firewall
For security reasons, a firewall is started automatically on each configured interface. The
configuration proposal for the firewall is updated automatically every time the configuration of the
interfaces or services is modified.
Installing OES 2 SP2 55
Many of the OES services require an open port in the firewall. Tab le 3-3 shows the ports that are
automatically opened when each listed OES service is configured.
Table 3-3 Open Enterprise Server Services and Ports
Service Default Ports
Domain Services for Windows 1636
eDirectory
TM
389 (ldap)
636 (secure ldap)
8028 (http for iMonitor)
8030 (secure http for iMonitor)
524 (ncp)
novdocx (en) 7 January 2010
iManager
iPrint
Novell AFP
Novell Archive and Version Services
Novell CIFS
Novell DHCP
Novell DNS
Novell FTP
Novell Information Portal
Novell NetWare Core Protocol
Novell Remote Manager
TM
(NCPTM) 524
80 http
443 secure http
80 http
443 secure http
631 ipp
548
26029
636 (secure ldap)
67
53 http
953 secure http
21
80 http
443 secure http
8008 http
8009 secure http
OpenWBEM
QuickFinder
Samba
Secure Shell
Storage Management Services (Backup)
TM
56 OES 2 SP2: Installation Guide
5988 http
5989 secure http
80 http
443 secure http
139 (netbios)
445 microsoft-ds
22
40193 smdr daemon
Service Default Ports
UDP 524
To adapt the automatic settings to your own preferences:
1 Click Change > Firewall.
2 In the left panel, select the settings you want to change, then make the changes in the right
panel.
3 When you are finished, click Accept.
For more information about the firewall, see Section 44.4.1, “Configuring the Firewall with YaST”
in the SUSE Linux Enterprise Server Installation and Administration Guide (http://
www.novell.com/documentation/sles10/book_sle_reference/data/
sec_fire_suse.html#sec_fire_suse_yast).
To disable the firewall:
1 On the Network Configuration page, under the Firewall heading, click enabled on the Firewall
is enabled status line.
novdocx (en) 7 January 2010
When the firewall is disabled, the status for Firewall should read Firewall is disabled.
2 When all settings in the Network Configuration page are set as desired, click Next to save the
configuration, then continue with “Testing the Connection to the Internet” on page 57.
Testing the Connection to the Internet
On the Test Internet Connection page:
1 Select Yes , Test Connection to the Internet, then click Next.
Obtaining the latest SUSE release notes might fail at this point. If it does, view the log to verify
that the network configuration is correct, then, click Next.
If the network configuration is not correct, click Back > Back and fix your network
configuration. See “Network Interface” on page 55.
Skipping this test also skips downloading release notes, configuring the Novell Customer
Center, and updating online.
2 Continue with “Specifying Novell Customer Center Configuration Settings” on page 57. If you
skip this test, continue with “Specifying Service Configuration Settings” on page 63.
Specifying Novell Customer Center Configuration Settings
To receive support and updates for your OES 2 SP2 server, you must register it in the Novell
Customer Center. When the Novell Customer Center Configuration page is displayed, you have two
options. You can choose to register the server during the installation or register it later.
To register the server and get online updates after the installation is complete:
1 Click Configure Later.
2 Continue with “Specifying Service Configuration Settings” on page 63.
3 Register the server after the installation is complete by using the procedures in Section 7.3,
“Registering the Server in the Novell Customer Center,” on page 149.
Installing OES 2 SP2 57
To register the server during the installation:
1 On the Novell Customer Center Configuration configuration page, select all of the following
options, then click Next.
Option What it Does
Configure Now Proceeds with registering this server and the SLES 10 SP3 and OES 2
SP2 product in the Novell Customer center.
Hardware Profile Sends the information to the Novell Customer Center about the hardware
that you are installing SLES 10 SP3 and OES 2 SP2 on.
Optional Information Sends optional information to the Novell Customer Center for your
registration. For this release, this option doesn’t send any additional
information.
Registration Code Makes the registration with activation codes mandatory.
novdocx (en) 7 January 2010
Regularly Synchronize
with the Customer
Center
Keeps the installation sources for this server valid. It does not remove any
installation sources that were manually added.
2 After you click Next, the following message is displayed.
Wait until this message disappears and the Manual Interaction Required page displays.
3 On the Manual Interaction Required page, note the information that you will be required to
specify, then click Continue.
4 On the Novell Customer Center Registration page, specify the required information in the
following fields, then click Submit:
Field Information to Specify
Email Address The e-mail address for your Novell Login account.
Confirm Email Address The same e-mail address for your Novell Login account
Activation Code for
SLES Components
(optional):
Specify your purchased or 60-day evaluation registration code for the
SLES 10 product.
If you don’t specify a code, the server cannot receive any updates or
patches.
Activation Code for
OES Components
(optional):
System Name or
Description (optional):
58 OES 2 SP2: Installation Guide
Specify your purchased or 60-day evaluation registration code for the
OES 2 product.
If you don’t specify a code, the server cannot receive any updates or
patches.
Specify a description to identify this server.
5 When the message to complete the registration displays, click Continue.
novdocx (en) 7 January 2010
6 After you click Continue, the following message is displayed with the Manual Interaction
Required screen.
Wait until this message disappears and Novell Customer Center Configuration page displays.
7 When you see the message
Your configuration was successful
on the Novell Customer
Center Configuration page, click OK.
8 Continue with “Updating the Server Software During the Installation” on page 60.
Installing OES 2 SP2 59
Updating the Server Software During the Installation
If you have a successful connection to the Internet and have registered the server in the Novell
Customer Center, the server displays the Online Update page. You can run the online update now or
skip it and get updates later.
To skip getting updates during the installation:
1 On the Online Update page, click Skip Update.
2 Continue with “Specifying Service Configuration Settings” on page 63.
To get updates during the installation:
1 On the Online Updates page, click Run Update.
novdocx (en) 7 January 2010
2 On the page that shows that updates are available, select the updates that you want to install,
then click Accept. The check marks that are shown on the summary portion of the page are
patches that have already been installed on your system.
60 OES 2 SP2: Installation Guide
novdocx (en) 7 January 2010
3 When you see the message
page, click Next.
Installation finished
on the Patch Download and Installation
Installing OES 2 SP2 61
novdocx (en) 7 January 2010
4 If the update makes changes to YaST, the following message displays. Click OK to restart
Ya ST.
5 Because the installation was interrupted, the following message displays. Click Ye s to continue
with the installation.
6 The online update displays again with additional updates. If a patch has changes to the kernel,
you might want to deselect it and install it later after the installation is complete. For
procedures, see “Updating (Patching) an OES 2 SP2 Server” on page 147.
or
If you do install patches that have changes to the kernel, click OK when you see the following
message.
62 OES 2 SP2: Installation Guide
7 Because the installation was interrupted again, the following message displays. Click Yes to
continue with the installation.
8 After all the patches are installed, continue with “Specifying Service Configuration Settings”
on page 63.
novdocx (en) 7 January 2010
Specifying Service Configuration Settings
1 In the Installation Settings page, select or deselect the following options:
CA Management: You can accept the default settings or change the settings to increase the
security level.
The certificate that is created is used by the Apache* Web server. If you disable this
configuration, the services that use Apache do not work. The option to run the CA Management
configuration is selected by default.
For more information about Certificate Authority Management, see in the “Managing X.509
Certification” in the SUSE LINUX Enterprise Server 10 Installation and Administration Guide
(http://www.novell.com/documentation/sles10/book_sle_reference/data/cha_yast_ca.html).
Do Not Enable OpenLDAP Server: Because the Novell eDirectory LDAP server replaces the
SLES 10 OpenLDAP server, you must not enable this option. It is disabled by default.
2 If you updated the server during the installation, the default settings for CA management lose
root
the root password. You need to reset the password for
on this page.
Installing OES 2 SP2 63
novdocx (en) 7 January 2010
2a On the Installation Settings page, click the CA Management link.
2b On the Managing CA and Certificates page, click Edit Default Settings.
2c On the Edit Default Settings page, specify the password for
root
in the Password and
Confirm Password fields, then click Next.
3 When the setting are as desired, click Next and continue with one of the applicable procedures
as follows:
“Specifying LDAP Configuration Settings” on page 64.
“Specifying eDirectory Configuration Settings” on page 66.
Specifying LDAP Configuration Settings
Many of the OES services require eDirectory. If eDirectory was not selected as a product to install
on this server but other OES services that do require LDAP services were installed, the LDAP
Configuration service displays, so that you can complete the required information.
To specify the required information on the Configured LDAP Server page:
1 In the eDirectory Tree Name field, specify the name for the existing eDirectory tree that you are
installing this server into.
2 In the Admin Name and Context field, specify the name and context for user Admin in the
existing tree.
3 In the Admin Password Name field, specify a password for user for user Admin in the existing
tree.
64 OES 2 SP2: Installation Guide
4 Add the LDAP servers that you want the services on this server to use. The servers that you add
should hold the master or a read/write replica of eDirectory. Do the following for each server
you want to add:
4a Click Add.
4b On the next page, specify the following information for the server to add, then click Add.
IP address
LDAP port and secure LDAP port
novdocx (en) 7 January 2010
5 When all the LDAP servers that you want to specify are listed, click Next.
6 Verify that the Novell Open Enterprise Server Configuration page displays the settings that you
expected, then click Next.
Installing OES 2 SP2 65
novdocx (en) 7 January 2010
7 Continue with “Configuring Novell Open Enterprise Server Services” on page 71.
Specifying eDirectory Configuration Settings
When you specify the eDirectory configuration settings, you can specify information to create a new
tree and install the server in that new tree or you can install the server into an existing tree by
specifying the information for it. Use the following instructions as applicable:
“Creating a New eDirectory Tree and Installing the Server in It” on page 66
“Installing the Server into an Existing eDirectory Tree” on page 67
Creating a New eDirectory Tree and Installing the Server in It
1 On the eDirectory Configuration - New or Existing Tree page, select New Tree.
2 In the eDirectory Tree Name field, specify a name for the eDirectory tree that you want to
create.
On OES servers, services that provide HTTPS connectivity are configured to use either
An eDirectory certificate issued by the Novell International Cryptographic Infrastructure
(NICI)
or
The YaST self-signed common server certificate created in Step 1 on page 63.
Self-signed certificates provide minimal security and limited trust, we recommend that
you use the eDirectory certificates instead.
66 OES 2 SP2: Installation Guide
By default, the Use eDirectory Certificates for HTTPS Services check box is selected. This
means that the existing YaST server certificate and key files will be replaced with eDirectory
server certificate and key files.
The default YaST server certificate and key files are:
novdocx (en) 7 January 2010
Key file:
Certificate file:
/etc/ssl/servercerts/serverkey.pem
/etc/ssl/servercerts/servercert.pem
The eDirectory server certificate and key files are:
Key file:
Certificate file:
/etc/ssl/servercerts/eDirkey.pem
/etc/ssl/servercerts/eDircert.pem
For more information on certificate management, see “Certificate Management” in the OES 2
SP2: Planning and Implementation Guide.
3 In the following fields on the eDirectory Configuration - New Tree Information page, specify
the required information:
The fully distinguished name and context for the user Admin on the existing server
The password for user Admin on the existing server.
4 Click Next.
5 On the eDirectory Configuration - Local Server Configuration page, specify the following
information:
The context for the server object in the eDirectory tree.
A location for the eDirectory database.
The default path is
/var/opt/novell/eDirectory/data/dib
, but you can use this
option to change the location if you expect to have a large number of objects in your tree
and if the current file system does not have sufficient space.
The ports to use for servicing LDAP requests.
The default ports are 389 (non-secure) and 636 (secure).
The ports to use for providing access to the iMonitor application.
The default ports are 8028 (non-secure) and 8030 (secure).
6 Click Next and continue with “Specifying Synchronizing Server Time Options” on page 68.
Installing the Server into an Existing eDirectory Tree
1 On the eDirectory Configuration - New or Existing Tree page, select Existing Tree.
2 In the eDirectory Tree Name field, specify a name for the eDirectory tree you want to join.
On OES servers, services that provide HTTPS connectivity are configured to use either
An eDirectory certificate issued by the Novell International Cryptographic Infrastructure
(NICI)
or
The YaST self-signed common server certificate created in Step 1 on page 63.
Self-signed certificates provide minimal security and limited trust, we recommend that
you use the eDirectory certificates instead.
Installing OES 2 SP2 67
By default, the Use eDirectory Certificates for HTTPS Services check box is selected. This
means that the existing YaST server certificate and key files will be replaced with eDirectory
server certificate and key files.
The default YaST server certificate and key files are:
novdocx (en) 7 January 2010
Key file:
Certificate file:
/etc/ssl/servercerts/serverkey.pem
/etc/ssl/servercerts/servercert.pem
The eDirectory server certificate and key files are:
Key file:
Certificate file:
/etc/ssl/servercerts/eDirkey.pem
/etc/ssl/servercerts/eDircert.pem
For more information on certificate management, see “Certificate Management” in the OES 2
SP2: Planning and Implementation Guide.
3 In the following fields on the eDirectory Configuration - Existing Tree Information page,
specify the required information:
The IP address of an existing eDirectory server with a replica
The NCP port on the existing server
The LDAP and secure LDAP port on the existing server.
The fully distinguished name and context for the user Admin on the existing server
The password for user Admin on the existing server.
4 Click Next.
5 On the eDirectory Configuration - Local Server Configuration page, specify the following
information:
The context for the server object in the eDirectory tree.
A location for the eDirectory database.
The default path is
/var/opt/novell/eDirectory/data/dib
, but you can use this
option to change the location if you expect to have a large number of objects in your tree
and if the current file system does not have sufficient space.
The ports to use for servicing LDAP requests.
The default ports are 389 (non-secure) and 636 (secure).
The ports to use for providing access to the iMonitor application.
The default ports are 8028 (non-secure) and 8030 (secure).
6 Click Next and continue with “Specifying Synchronizing Server Time Options” on page 68.
Specifying Synchronizing Server Time Options
eDirectory requires that all OES servers, both NetWare and Linux, are time-synchronized.
1 In the eDirectory Configuration - NTP & SLP page, use the Network Time Protocol (NTP)
Server field to specify the time source that you want all the servers in the tree to use.
2 Specify the IP address or DNS hostname of an NTP server.
For the first server in a tree, we recommend specifying a reliable external time source.
When you install multiple servers into the same eDirectory tree, make sure that all servers point
to the same time source and not to server holding the master replica. For example,
time.novell.com or some other time source.
68 OES 2 SP2: Installation Guide
For servers joining a tree, specify the same external NTP time source that the tree is using, or
specify the IP address of a configured time source in the tree. A time source in the tree should
be running time services for 15 minutes or more before connecting to it, or the time
synchronization request for the installation fails.
If the time source server is NetWare 5.0 or earlier, you must specify an alternate NTP time
source, or the time synchronization request fails.
3 If you want to use the server’s hardware clock, select Use Local Clock.
For servers joining a tree, the installation does not let you proceed if you select this option. You
must specify the same external NTP time source that the tree is using, or specify the IP address
of a configured time source in the tree. A time source in the tree should be running time
services for 15 minutes or more before connecting to it, or the time synchronization request for
the installation fails.
4 Continue with “Specifying SLP Configuration Options” on page 69.
For more information on time synchronization, see Implementing Time Synchronization in the OES
2 SP2: Planning and Implementation Guide.
Specifying SLP Configuration Options
novdocx (en) 7 January 2010
1 On the eDirectory Configuration - NTP & SLP page, specify the SLP options as desired.
You have the following options for configuring SLP:
Do Not Configure SLP: This option is good for eDirectory trees with three or fewer
eDirectory servers.
Without SLP, users can’t see a tree list, but they should still be able to attach to a tree by
name. Users can configure the Novell ClientTM to use DNS, or they can configure the local
host file (
%SystemDrive%\windows\system32\drivers\etc\hosts
on WinXP) to
resolve tree and server names. Users can also specify preferred tree and context
information in the DHCP Settings page of the Novell Client.
Use Multicast to Access SLP: This option allows the server to request SLP information
by using multicast packets. Use this in environments that have not established SLP DAs
(Directory Agents).
IMPORTANT: If you select this option, you must disable the firewall for it to work
correctly. Multicast creates a significant amount of network traffic and can reduce network
throughput.
Configure SLP to use an existing Directory Agent: This option configures SLP to use
an existing Directory Agent (DA) in your network. Use this in environments that have
established SLP DAs. When selecting this option, you configure the servers to use by
adding or removing them from the SLP Directory Agent list.
Configure as Directory Agent: This option configures this server as a Directory Agent
(DA). This is useful if you plan to have more than three servers in the tree and want to set
up SLP during the installation.
Service Location Protocols and Scope: This option configures the scopes that a user
agent (UA) or service agent (SA) is allowed when making requests or when registering
services, or specifies the scopes a directory agent (DA) must support. The default value is
DEFAULT. Use commas to separate each scope. For example, net.slp.useScopes =
myScope1,myScope2,myScope3.
Installing OES 2 SP2 69
Configured SLP Directory Agents: This option lets you manage the list of hostname or
IP addresses of one or more external servers on which a SLP Directory Agent is running.
2 Click Next and confirm your selection if necessary, then continue with Selecting the Novell
Modular Authentication Services (NMAS) Login Method.
Selecting the Novell Modular Authentication Services (NMAS) Login Method
1 On the Novell Modular Authentication Services page, select all the login methods you want to
install.
IMPORTANT: The NMASTM client software must be installed on each client workstation
where you want to use the NMAS login methods. The NMAS client software is included with
the Novell Client software.
The following methods are available:
CertMutual: The Certificate Mutual login method implements the Simple Authentication
and Security Layer (SASL) EXTERNAL mechanism, which uses SSL certificates to
provide client authentication to eDirectory through LDAP.
Challenge Response: The Challenge-Response login method works with the Identity
Manager password self-service process. This method allows either an administrator or a
user to define a password challenge question and a response, which are saved in the
password policy. Then, when users forget their passwords, they can reset their own
passwords by providing the correct response to the challenge question.
DIGEST-MD5: The Digest MD5 login method implements the Simple Authentication
and Security Layer (SASL) DIGEST-MD5 mechanism as a means of authenticating the
user to eDirectory through LDAP.
NDS: The NDS
®
login method provides secure password challenge-response user
authentication to eDirectory. This method supports the traditional NDS password when
the NMAS client is in use and is installed by default. Reinstallation is necessary only if the
NDS login method object has been removed from the directory.
novdocx (en) 7 January 2010
Simple Password: The Simple Password NMAS login method provides password
authentication to eDirectory. The Simple Password is a more flexible but less secure
alternative to the NDS password. Simple Passwords are stored in a secret store on the user
object.
SASL GSSAPI: The SASL GSSAPI login method implements the Generic Security
Services Application Program Interface (GSSAPI) authentication. It uses the Simple
Authentication and Security Layer (SASL), which enables users to authenticate to
eDirectory through LDAP by using a Kerberos* ticket.
For more information about installing and configuring eDirectory, see “Installing or Upgrading
Novell eDirectory on Linux in Novell eDirectory 8.8 Installation Guide.
For more information on these login methods, see the online help and “Managing Login and
Post-Login Methods and Sequences” in the Novell Modular Authentication Services 3.3.1
Administration Guide.
2 Click Next, then continue with “Configuring Novell Open Enterprise Server Services” on
page 71.
70 OES 2 SP2: Installation Guide
Configuring Novell Open Enterprise Server Services
1 After you complete the LDAP configuration or the eDirectory configuration, the Novell Open
Enterprise Server Configuration summary page is displayed, showing all the OES components
you installed and their configuration settings. Review the setting for each component and click
the component heading to change any settings.
When you specify the configuration information for OES services, see the information in
“Guidelines for Configuring OES 2 SP2 Components” on page 73.
2 When you are satisfied with the settings for each component, click Next.
3 When you confirm the OES component configurations, you might receive the following error:
The proposal contains an error that must be resolved before continuing.
If this error is displayed, check the summary list of configured products for a message
immediately below each product heading. The list indicates the product or service needs to be
configured. If you are running the YaST graphical interface, the text appears red. If you are
installing through the YaST text-based interface, it is not red.
For example, if you have selected Linux User Management in connection with other OES
products or services, you might see a message similar to the following:
novdocx (en) 7 January 2010
Linux User Management needs to be configured before you can continue or
disable the configuration
If you see a message like this, do the following:
3a On the summary page, click the heading for the component.
3b Supply the missing information in each configuration page.
When you specify the configuration information for OES services, see the information in
“Guidelines for Configuring OES 2 SP2 Components” on page 73.
When you have finished the configuration of that component, you are returned to the
Novell Open Enterprise Server Configuration summary page.
3c If you want to skip the configuration of a specific component and configure it later, click
Enabled in the Configuration is enabled status to change the status to Configuration is
disabled.
If you change the status to Configuration is disabled, you will configure the OES
components after the installation is complete. See “Installing or Configuring OES 2 SP2
on an Existing Server” on page 103.
4 After resolving all product configuration problems, click Next to proceed with the
configuration of all components.
5 When the configuration has completed, continue with Section 3.4, “Finishing the Installation,”
on page 71.
.
3.4 Finishing the Installation
The installation concludes with the following steps:
1. User Authentication Method
2. Clean Up
3. Release Notes
4. Hardware Configuration
Installing OES 2 SP2 71
After a successful configuration, YaST shows the Installation Completed dialog. In this dialog, do
the following:
1 (Optional) Select whether to clone your newly installed system for AutoYaST. To clone your
system, select Clone This System for AutoYaST. The profile of the current system is stored in
root/autoinst.xml
AutoYaST is a system for automatically installing one or more SUSE Linux Enterprise systems
without user intervention. AutoYaST installations are performed by using a control file with
installation and configuration data. For detailed information, see Chapter 8, “Using AutoYaST
to Install and Configure Multiple OES Servers,” on page 167.
2 Finish the installation by clicking Finish in the Installation Completed page.
3 After the server reboots, continue with Section 3.5, “Verifying That the Installation Was
Successful,” on page 72.
. Cloning is selected by default.
3.5 Verifying That the Installation Was Successful
One way to verify that your OES server installation was successful and that the components are
loading properly is to watch the server reboot. As each component is loaded, the boot logger
provides a status next to it indicating if the component is loading properly.
novdocx (en) 7 January 2010
/
You can also quickly verify a successful installation by accessing the server from your Web
browser.
1 In the Address field of your Web browser, enter the following URLs:
http://IP_or_DNS
Replace IP_or_DNS with the IP address or DNS name of your OES server.
You should see a Web page similar to the following:
72 OES 2 SP2: Installation Guide
novdocx (en) 7 January 2010
IMPORTANT: If you see the statement “It Works!” instead of the OES Welcome Page, that
means that the Web and LAMP Server option was selected and installed as a SLES component
on the server. The default OES behavior can be restored by deleting the
index.html
You can also view the OES Welcome Page by using http://IP_or_DNS/welcome to access the
server.
2 (Optional) If you want to look at the eDirectory tree and begin to see how iManager works, go
to the OES Information and Management Web page, click Management Tools > iManager,
then log in as user Admin (the user you created during product installation).
You can also access iManager by typing the following URL in a browser window and logging
in as user Admin:
http://IP_or_DNS_name/nps/iManager.html
3 Continue with “What's Next” on page 101.
file from the server.
/srv/www/htdocs/
3.6 Guidelines for Configuring OES 2 SP2 Components
Keep the following in mind as you configure the OES 2 SP2 components:
Installing OES 2 SP2 73
Table 3-4 Guidelines for Configuring OES Components
Issue Guideline
novdocx (en) 7 January 2010
Software
Selections When
Using Text-Based
YaS T
Specifying a State
identifier for a
Locality Class
object
Specifying Typeful
Admin Names
*
Some older machines, such as Dell
1300, use the text mode install by default when
the video card does not meet SLES 10 specifications. When you go into the
Software Selection, and then to the details of the OES software selections, YaST
doesn’t bring up the OES selections like it does when you use the graphical YaST
(YaST2).
To view the Software Selection and System Task screen, select Filter > Pattern (or
press Alt+F > Alt+I).
If you to specify a state identifier, for example California, Utah, or Karnataka, as a
Locality Class object in your eDirectory tree hierarchy, you must make sure to use
the correct abbreviation in your LDAP (comma-delimited) or NDAP (perioddelimited) syntax.
When using LDAP syntax, use “st” to specify a state. For example
ou=example_organization,o=example_company,st=utah,c=us
When using NDAP syntax, use “s” to specify a state. For example
ou=example_organization.o=example_company.s=utah.c=us
When installing OES, you must specify a fully distinguished admin name by using
the typeful, LDAP syntax that includes object type abbreviations (cn=, ou=, o=,
etc.). For example, you might specify the following:
cn=admin,ou=example_organization,o=example_company
74 OES 2 SP2: Installation Guide
Issue Guideline
novdocx (en) 7 January 2010
Using DotDelimited or
Comma-Delimited
Input for All
Products
For all parameters requiring full contexts, you can separate the names by using
comma-delimited syntax; you must be consistent in your usage within the field.
The OES installation routine displays all input in the comma-delimited (LDAP)
format. However, it converts the name separators to dots when this is required by
individual product components.
IMPORTANT: After the OES components are installed, be sure to follow the
conventions specified in the documentation for each product. Some contexts must
be specified using periods (.) and others using commas (,). However, eDirectory
supports names like cn=juan\.garcia.ou=users.o=novell. The period (.) inside a
name component must be escaped.
When using NDAP format (dot), you must escape all embedded dots. For
example:
When using LDAP format (commas), you must escape all embedded commas. For
example:
The installation disallows a backslash and period (\.) in the CN portion of the admin
name.
For example, these names are supported:
cn=admin.o=novell\.provo
cn=admin,o=novell\,provo
cn=admin.o=novell
cn=admin.o=novell\.provo
cn=admin.ou=deployment\.linux.o=novell\.provo
These names are not supported:
cn=admin\.first.o=novell
cn=admin\.root.o=novell
Before LUM-enabling users whose cn contains a period (.), you must remove the
backslash (\) from the unique_id field of the User object container.
For example, cn=juan.garcia has a unique_id attribute = juan\.garcia. Before such a
user can be LUM-enabled, the backslash (\) must be removed from the unique_id
attribute.
Each OES component and the configurable fields associated with it are listed in the following
sections. These components also include the default or previously entered values, where applicable.
Some components might require some additional configuration as part of the OES installation; this
information is also included in the tables.
The following sections list the specific configuration information required for each component:
Section 3.6.1, “LDAP Configuration for Open Enterprise Services,” on page 76
Section 3.6.2, “Novell AFP Services,” on page 77
Section 3.6.3, “Novell Archive and Version Services,” on page 78
Section 3.6.4, “Novell Backup/Storage Management Services (SMS),” on page 78
Section 3.6.5, “Novell CIFS for Linux,” on page 79
Section 3.6.6, “Novell Cluster Services,” on page 80
Section 3.6.7, “Novell DHCP Services,” on page 81
Installing OES 2 SP2 75
Section 3.6.8, “Novell DNS Services,” on page 84
Section 3.6.9, “Novell Domain Services for Windows,” on page 85
Section 3.6.10, “Novell eDirectory Services,” on page 85
Section 3.6.11, “Novell FTP Services,” on page 89
Section 3.6.12, “Novell iFolder,” on page 90
Section 3.6.13, “Novell iManager,” on page 95
Section 3.6.14, “Novell iPrint,” on page 95
Section 3.6.15, “Novell Linux User Management,” on page 96
Section 3.6.16, “Novell NCP Server / Dynamic Storage Technology,” on page 97
Section 3.6.17, “Novell NetStorage,” on page 98
Section 3.6.18, “Novell Pre-Migration Server,” on page 98
Section 3.6.19, “Novell QuickFinder,” on page 99
Section 3.6.20, “Novell Remote Manager,” on page 99
Section 3.6.21, “Novell Samba,” on page 100
Section 3.6.22, “Novell Storage Services (NSS),” on page 100
novdocx (en) 7 January 2010
3.6.1 LDAP Configuration for Open Enterprise Services
Table 3-5 LDAP Configuration for Open Enterprise Services Values
Page Parameter
Configured LDAP Servers
eDirectory Tree Name: The eDirectory tree name that you specified when configuring
eDirectory. The tree you are installing this server into.
Admin Name and Context: The eDirectory Admin name you specified when configuring
eDirectory.
Admin Password: The password of the eDirectory Admin user.
Configured LDAP Servers: You can specify a list of servers that can be used to configure
other OES services on this server.
Each added server must have either the master or a read/write replica of the eDirectory tree.
The first server added to the list becomes the default server for the installed and configured
OES services to use.
For each server you must specify an IP Address, LDAP Port, Secure LDAP Port, and Server
Type.
For information about specifying multiple LDAP servers for Linux User Management (LUM),
see “Configuring a Failover Mechanism” in the OES 2 SP2: Novell Linux User Management
Technology Guide.
Default: The eDirectory server you specified when configuring eDirectory.
76 OES 2 SP2: Installation Guide
3.6.2 Novell AFP Services
Table 3-6 Novell Apple Filing Protocol Parameters and Values
Page Parameter
AFP Configuration - Mac Client Access to NSS Volumes
eDirectory Server Address or Host Name: The IP address shown is the default LDAP
server for this service. If you do not want to use the default, select a different LDAP server in
the list.
If you are installing into an existing tree, ensure that the server you select has a master
replica or read/write replica of eDirectory. If you need to add another LDAP server to the list,
add it using the LDAP Configuration for Open Enterprise Services dialog box.
AFP Proxy User
Use existing user as AFP Proxy User: Select this option to use an existing proxy
user for the AFP service.
Create a new AFP Proxy User: Select this option to create a new proxy user for the
AFP service.
AFP Proxy User Name: Specify the FQDN (fully qualified distinguished name) of the
AFP proxy user.
For example: cn=user, o=novell
novdocx (en) 7 January 2010
NOTE: This user is granted rights to read the passwords of any users, including nonAFP users, that are governed by any of the password policies you select in the Novell
AFP Service Configuration page.
AFP Proxy User Password: Specify a password for the AFP proxy user to use for
authenticating to the AFP server, and verify the password if you are specifying an
existing proxy user.
For more information on proxy user and password management, see “Planning Your
Proxy Users” in the OES 2 SP2: Planning and Implementation Guide.
Novell AFP Service Configuration
Select the Password Policies Assigned to AFP Users: The specified AFP Proxy User is
granted rights to read the passwords of all users assigned to the password policies you
select.
If you are installing in a new tree, the list is blank. The install creates a policy named AFP
Default Policy for you.
For more information about proxy users and password policies, see “System User and
Group Management in OES 2 SP2” and “Coordinating Password Policies Among Multiple
File Services” in the OES 2 SP2: Planning and Implementation Guide.
For additional configuration instructions, see “Installing and Setting Up AFP” in the OES 2 SP2:
Novell AFP For Linux Administration Guide
Installing OES 2 SP2 77
3.6.3 Novell Archive and Version Services
Table 3-7 Novell Archive and Version Services Parameters and Values
Page Parameter
Archive and Version Services Configuration
Database Port Number: Specify a port number to use for the archive database
communications.
Default: 5432
Database Username: Specify a username for the administrator of the archive database
(the PostgreSQL database for the archived data).
IMPORTANT: The Postgres user must be an unprivileged user, not the root user.
Default: arkuser
Database Password: Specify and validate a password for the database user.
novdocx (en) 7 January 2010
Default: The password for the eDirectory Admin user.
For additional configuration instructions, see “Setting Up Archive and Version Services ” in the
OES 2 SP2: Novell Archive and Version Services 2.1 for Linux Administration Guide.
3.6.4 Novell Backup/Storage Management Services (SMS)
Table 3-8 Novell Backup / Storage Management Services Parameters and Values
Page Parameter
SMS Configuration
Directory Server Address: If you do not want to use the default shown, select a different
LDAP server in the list.
If you are installing into an existing tree, ensure that the server you select has a master
replica or read/write replica of eDirectory. If you need to add another LDAP server to the list,
add it by using the LDAP Configuration for Open Enterprise Services dialog box.
Default: The first server selected in the LDAP Configuration list of servers.
For additional configuration instructions, see “Installing and Configuring SMS” in the Installing and
Configuring SMS.
78 OES 2 SP2: Installation Guide
3.6.5 Novell CIFS for Linux
Table 3-9 Novell CIFS Parameters and Values
Page Parameter
Novell CIFS Service Configuration
eDirectory server address or host name: Leave the default or select from the drop-down
list to change to a different server.
Use secure channel for configuration: Leave this option as is (preferred), or deselect if
desired.
Default: Selected.
LDAP port for CIFS Server: Do not change the default port value during a new tree
installation.
NOTE: If the OES 2 server is attached to an existing tree, you can change this to another
LDAP port.
novdocx (en) 7 January 2010
Default: 636
Local NCP Server context: Displays the NCP
TM
Server context.
CIFS Proxy User
Use existing user as CIFS Proxy User: Select this option to use an existing proxy
user for the CIFS service.
Create a new CIFS Proxy User: Select this option to create a new proxy user for the
CIFS service.
CIFS Proxy User Name: Specify the FQDN (fully qualified distinguished name) of the
CIFS proxy user.
For example: cn=user, o=novell
NOTE: This user is granted rights to read the passwords of any users, including nonCIFS users, that are governed by any of the password policies you select in the Novell
CIFS Service Configuration page.
CIFS Proxy User Password: Specify a password for the CIFS proxy user to use when
authenticating to the CIFS server, and verify the password if you are specifying an
existing proxy user.
For more information on proxy user and password management, see “Planning Your
Proxy Users” in the OES 2 SP2: Planning and Implementation Guide.
Credential Storage Location: Accept CASA or specify the Local File option.
The CIFS proxy user password is encrypted and encoded in the credential storage location.
Default: CASA
Novell CIFS Service Configuration (2)
eDirectory Contexts: Provide a list of contexts that are searched when the CIFS User
enters a username. The server searches each context in the list until it finds the correct user
object.
Installing OES 2 SP2 79
Page Parameter
Novell CIFS Service Configuration (3)
Select the Password Policies Assigned to CIFS Users: The specified CIFS Proxy User
is granted rights to read the passwords of all users assigned to the password policies you
select.
If you are installing in a new tree, the list is blank. The install creates a policy named CIFS
Default Policy for you.
For more information about proxy users and password policies, see “System User and
Group Management in OES 2 SP2” and “Coordinating Password Policies Among Multiple
File Services” in the OES 2 SP2: Planning and Implementation Guide.
For additional configuration instructions, see “Installing and Setting Up CIFS” in the OES 2 SP2:
Novell CIFS for Linux Administration Guide OES 2 SP2: Novell AFP For Linux Administration
Guide
3.6.6 Novell Cluster Services
novdocx (en) 7 January 2010
Table 3-10 Novell Cluster Services Parameters and Values
Page Parameter
Novell Cluster Services (NCS) Configuration
New or Existing Cluster: Specify whether the server is part of a new cluster or is joining an
existing cluster.
Default: New Cluster
Directory Server Address: The IP address shown is the default LDAP server for this
service. If you do not want to use the default, select a different LDAP server in the list.
If you are installing into an existing tree, ensure that the server you select has a master
replica or read/write replica of eDirectory. If you need to add another LDAP server to the list,
add it by using the LDAP Configuration for Open Enterprise Services dialog box.
Default: The first server selected in the LDAP Configuration list of servers.
Cluster FDN: Specify the fully distinguished name (FDN) of the cluster. Use the comma
format illustrated in the example. Do not use dots.
If you are creating a new cluster, this is the name you will give the new cluster and the
eDirectory context where the new cluster object will reside. You must specify an existing
context. Specifying a new context does not create a new context.
If you are adding a server to an existing cluster, this is the name and eDirectory context of
the cluster that you are adding this server to.
Cluster names must be unique. You cannot create two clusters with the same name in the
same eDirectory tree. Cluster names are case sensitive on Linux.
80 OES 2 SP2: Installation Guide
Page Parameter
Cluster IP Address: If you are creating a new cluster, specify a unique IP address for the
cluster.
The cluster IP address is separate from the server IP address and is required to be on the
same IP subnet as the other servers in the cluster.
Storage Device With Shared Media: If you are creating a new cluster, select the device
where the Split Brain Detector (SBD) partition will be created.
If you have a shared disk system attached to your cluster servers, Novell Cluster Services
creates a small cluster partition on that shared disk system. This small cluster partition is
referred to as the Split Brain Detector (SBD) partition. Specify the drive or device where you
want the small cluster partition created.
You must have at least 20 MB of free space on one of the shared disk drives to create the
cluster partition. If no free space is available, the shared disk drives cannot be used by
Novell Cluster Services.
If you do not have a shared disk system connected to your cluster servers, accept the default
(none). You must create the SBD manually before adding a second server to the cluster.
TM
novdocx (en) 7 January 2010
Default: none
Optional Device for Mirrored Partitions: If you want to mirror the SBD partition for greater
fault tolerance, select the device where you want to mirror to.
You can also mirror SBD partitions after installing Novell Cluster Services.
Novell Cluster Services (NCS) Configuration (2)
IP Address of this Node: This field contains the IP address of this node. If this server has
multiple IP addresses, you can change the default address to another value if desired.
Start Cluster Services Now: Select this box if you want clustering to start now. If you want
clustering to start after rebooting, or if you want to manually start it later, deselect this box.
This option applies only to installing Novell Cluster Services after the OES installation
because it starts automatically when the server initializes during the installation.
If you choose to not start Novell Cluster Services software, you need to either manually start
it after the installation, or reboot the cluster server to automatically start it.
You can manually start Novell Cluster Services by going to the
entering
Default: Selected
./novell-ncs start
at the server console of the cluster server.
/etc/init.d
directory and
For additional instructions, see the OES 2 SP2: Novell Cluster Services 1.8.7 for Linux
Administration Guide.
3.6.7 Novell DHCP Services
Table 3-11 Novell DHCP Services Parameters and Values
Page Parameter
Novell DHCP Services Configuration
Installing OES 2 SP2 81
Page Parameter
DHCP Server Context: Specify a context for the DHCP Server object.
Default: o=example
DHCP Server Object Name: Specify the name of the Server object that these DHCP
services will be running on.
This is the DHCP server object that contains a list of DHCP Services (configuration) served
by the DHCP Server.
Default: DHCP_example_server
Common DHCP Configuration Object Contexts
DHCP Locator Object: Specify the context for the DHCP Locator object.
Group Context: Specify the context for the DHCP Group object.
novdocx (en) 7 January 2010
The DHCP Locator object has references to dhcpServer and dhcpService objects.
This object is used to grant the necessary rights to the eDirectory user used by the
DHCP server to access the DHCP objects.
Default: o=example
Log File Location: Specify the path and filename for the DHCP Services log file. You can
type the path manually or click Browse to locate the log.
Default: Usually
/var/log/
LDAP Method
Static: Select this option if you do not want the DHCP server to query the LDAP server
for host details.
Dynamic: Select this option if you want the DHCP server to query the LDAP server on
every request for host details.
Selecting the dynamic LDAP method ensures that the responses you receive to queries
are accurate, but the server takes a longer time to respond.
Default: Static
Referrals
A referral is a message that the LDAP server sends to the LDAP client informing it that the
server cannot provide complete results and that more data might be on another LDAP server.
Chase Referral: Select this option if you want the DHCP server to follow referrals.
Do Not Chase Referral: Select this option to ignore LDAP referrals.
Novell DHCP LDAP and Secure Channel Configuration
eDirectory Server Address or Host Name: The IP address shown is the default LDAP
server for this service. If you do not want to use the default, select a different LDAP server in
the list.
If you are installing into an existing tree, ensure that the server you select has a master
replica or read/write replica of eDirectory. If you need to add another LDAP server to the list,
add it by using the LDAP Configuration for Open Enterprise Services dialog box.
Default: The first server selected in the LDAP Configuration list of servers.
82 OES 2 SP2: Installation Guide
Page Parameter
Use Secure Channel for Configuration: Leaving this option selected causes DHCP
configuration information to be transferred over a secure channel.
Deselecting the option lets a user with fewer privileges configure LDAP services and allows
configuration information to be transferred over a non-secure channel.
Default: Selected
LDAP User Name with Context: Specify a typeful, distinguished name and context for an
LDAP user.
This user should be an eDirectory user that can access the DHCP server.
Default: The eDirectory Admin name and context that you specified when configuring
eDirectory.
LDAP User Password: Type a password for the LDAP user.
LDAP Port for DHCP Server: Select a port for the LDAP operations to use.
Default: 636
novdocx (en) 7 January 2010
Use Secure LDAP Channel: When selected, this option ensures that the data transferred
between the DHCP server and the LDAP server is secure and private.
If you deselect this option, the data transferred is in clear text format.
Default: Selected
Certificates (optional)
Request Certificate: Specifies what checks to perform on a server certificate in a SSL/
TLS session. Select one of the following options:
Never: The server does not ask the client for a certificate. This is the default
Allow: The server requests a client certificate, but if a certificate is not provided or
a wrong certificate is provided, the session still proceeds normally.
Try : The server requests the certificate. If none is provided, the session proceeds
normally. If a certificate is provided and it cannot be verified, the session is
immediately terminated
Hard: The server requests a certificate. A valid certificate must be provided, or the
session is immediately terminated.
Paths to Certificate Files: Specify or browse the path for the certificate files.
The LDAP CA file contains CA certificates
The LDAP client certificate contains the client certificate.
The LDAP client key file contains the key file for the client certificate.
Novell DHCP Services Interface Selection
Network Boards for the Novell DHCP Server: From the available interfaces, select the
network interfaces that the Novell DHCP server should listen to.
For additional configuration instructions, see “Installing and Configuring DHCP ” in the OES 2
SP2: Novell DNS/DHCP Administration Guide for Linux.
Installing OES 2 SP2 83
3.6.8 Novell DNS Services
Table 3-12 Novell DNS Services Parameters and Values
Page Parameter
Novell DNS Configuration
Directory server address: If you have specified multiple LDAP servers by using the LDAP
Configuration for Open Enterprise Services dialog box, you can select a different LDAP
server than the first one in the list.
If you are installing into an existing tree, you must ensure that the selected server has a
master or read/write replica of eDirectory.
Default: The first LDAP server in the LDAP Server Configuration dialog box.
Common DNS Configuration Object and User Contexts:
Get Context and Proxy User Information from Existing DNS Server: Select this
option if you are configuring DNS in an existing tree where DNS is already configured,
and you want to use the existing Locator, Root Server Info, Group and Proxy User
contexts.
Existing Novell DNS Server Address: If you have enabled the previous option, you
an type the IP address of an NCP server (must be up and running) that is hosting the
existing DNS server.
To automatically retrieve the contexts of the objects that follow, click Retrieve.
If you do not want to use the retrieved contexts, you can change them manually.
Novell DNS Services Locator Object Context: Specify the context for the DNS
Locator object.
The Locator object contains global defaults, DHCP options, and a list of all DNS and
DHCP servers, subnets, and zones in the tree.
Default: The context you specified for the OES server you are installing.
Novell DNS Services Root Server Info Context: Specify the context for the DNS
Services root server.
The RootSrvrInfo Zone is an eDirectory container object that contains resource records
for the DNS root servers.
Default: The context you specified for the OES server you are installing.
Novell DNS Services Group Object Context: Specify the context for the DNS Group
object.
This object is used to grant DNS servers the necessary rights to other data within the
eDirectory tree.
Default: The context you specified for the OES server you are installing.
Proxy User for DNS Management: Specify the FDN of the DNS proxy user.
An existing user must have eDirectory read, write, and browse rights under the
specified context. If the user doesn’t exist, it is created in the context specified.
Default: The eDirectory Admin user that you specified while configuring eDirectory.
Specify Password for eDirectory User: Type the password for the DNS proxy user.
For more information on proxy user and password management, see “Planning Your
Proxy Users” in the OES 2 SP2: Planning and Implementation Guide.
Default: The password that you specified for the OES server you are installing.
novdocx (en) 7 January 2010
84 OES 2 SP2: Installation Guide
Page Parameter
Local NCP Server Context: Specify a context for the local NCP Server object.
Default: The eDirectory context specified for this OES server.
Use Secure LDAP Port: When selected, this option ensures that the data transferred by this
service is secure and private.
If you deselect this option, the transferred data is in clear text format.
Default: Selected
Credential Storage Location: Specify where the DNS proxy user’s credentials are to be
stored.
Default: For security reasons, the default and recommended method of credential storage is
CASA.
For additional configuration instructions, see “Installing and Configuring DNS ” in the OES 2 SP2:
Novell DNS/DHCP Administration Guide for Linux.
novdocx (en) 7 January 2010
3.6.9 Novell Domain Services for Windows
There are multiple configuration scenarios, depending on your deployment. For information, see
“Installing Domain Services for Windows” in the OES 2 SP2: Domain Services for Windows
Administration Guide.
3.6.10 Novell eDirectory Services
WARNING: You specified the eDirectory configuration for this server in either “Specifying LDAP
Configuration Settings” on page 64 or “Specifying eDirectory Configuration Settings” on page 66,
and the settings you specified were extended to your OES service configurations by the OES install.
If you change the eDirectory configuration at this point in the install, your modifications might or
might not extend to the other OES services. For example, if you change the server context from
o=example to ou=servers.o=example, the other service configurations might or might not reflect the
change.
Be sure to carefully check all of the service configuration summaries on the Novell Open Enterprise
Server Configuration summary screen. If any of the services don’t show the eDirectory change you
made, click the service link and modify the configuration manually. Otherwise your installation will
fail.
Table 3-13 Novell eDirectory Parameters and Values
Page Parameter
eDirectory Configuration - New or Existing Tree
Installing OES 2 SP2 85
Page Parameter
New or Existing Tree
New Tree: Creates a new tree.
Existing Tree: Incorporates this server into an existing eDirectory tree.
Default: New Tree
eDirectory Tree Name: Specify a unique name for the eDirectory tree you want to create or
the name of the tree you want to install this server into.
Use eDirectory Certificates for HTTPS Services: Selecting this option causes
Require TLS for Simple Binds with Password: Select this option to make
Install SecretStore: Select this option to install Novell SecretStore
Use this option if this is the first server to go into the tree or if this server requires a
separate tree. Keep in mind that this server will have the master replica for the new
tree, and that users must log into this new tree to access its resources.
This server might not have a replica copied to it, depending on the tree configuration.
For details, see the “Guidelines for Replicating Your Tree” in the Novell eDirectory 8.8
Administration Guide.
eDirectory to automatically back up the currently installed certificate and key files and
replace them with files created by the eDirectory Organizational CA (or Tree CA).
Most OES services that provide HTTPS connectivity are configured by default to use
the self-signed common server certificate created by YaST. Self-signed certificates
provide minimal security and limited trust, so you should consider using eDirectory
certificates instead.
For all server installations, this option is enabled by default and is recommended for
the increased security it provides.
To prevent third-party CA certificates from being accidentally backed up and
overwritten, deselect this option.
For more information on certificate management and this option, see “Security” in the
OES 2 SP2: Planning and Implementation Guide.
connections encrypted in the Session layer.
®
(SS), an
eDirectory-based security product.
novdocx (en) 7 January 2010
eDirectory Configuration - New/Existing Tree Information
IP Address of an Existing eDirectory Server with a Replica: Type the IP address of a
server with an eDirectory replica.
This option appears only if you are joining an existing tree.
NCP Port on the Existing Server: Type the NCP port used by the eDirectory server you
specified.
This option appears only if you are joining an existing tree.
Default: 524.
LDAP and Secure LDAP Ports on the Existing Server: Type the LDAP ports used by the
eDirectory server you specified.
This option appears only if you are joining an existing tree.
Default: 389 (LDAP), 636 (Secure LDAP)
86 OES 2 SP2: Installation Guide
Page Parameter
FDN Admin Name with Context: Specify the name of the administrative user for the new
tree.
This is the fully distinguished name of a User object that will be created with full
administrative rights in the new directory.
Default: The eDirectory Admin name and context that you specified when initially
configuring eDirectory.
Admin Password: Specify the eDirectory administrator's password.
This is the password of the user specified in the prior field.
Verify Admin Password: Retype the password to verify it.
This option only appears if creating a new tree.
eDirectory Configuration - Local Server Configuration
Enter Server Context: Specify the location of the new server object in the eDirectory tree.
Enter Directory Information Base (DIB) Location: Specify a location for the eDirectory
database.
novdocx (en) 7 January 2010
Default: The default path is
use this option to change the location if you expect the number of objects in your tree to be
large and the current file system does not have sufficient space.
/var/opt/novell/eDirectory/data/dib
Enter LDAP Port: Specify the LDAP port number this server will use to service LDAP
requests.
Default: 389
Enter Secure LDAP Port: Specify secure LDAP port number this server will use to service
LDAP requests.
Default: 636
Enter iMonitor Port: Specify the port this server will use to provide access to the iMonitor
application.
iMonitor lets you monitor and diagnose all servers in your eDirectory tree from any location
on your network where a Web browser is available.
Default: 8028
Enter Secure iMonitor Port: Specify the secure port this server will use to provide access
to the iMonitor application.
Default: 8030
eDirectory Configuration - NTP and SLP
, but you can
Installing OES 2 SP2 87
Page Parameter
Network Time Protocol (NTP) Server: Specify the IP address or DNS hostname of an
NTP server.
For the first server in a tree, we recommend specifying a reliable external time source.
For servers joining a tree, specify the same external NTP time source that the tree is
Use Local Clock: Alternatively, you can select Use Local Clock to designate the server’s
hardware clock as the time source for your eDirectory tree.
This is not recommended if there is a reliable external time source available.
(SLP Options)
Do Not Configure SLP: This option is good for eDirectory trees with three or fewer
using, or specify the IP address of a configured time source in the tree. A time source
in the tree should be running time services for 15 minutes or more before connecting to
it, or the time synchronization request for the installation fails.
If the time source server is NetWare 5.0 or earlier, you must specify an alternate NTP
time source, or the time synchronization request fails. For more information, see “Time
Services” in the OES 2 SP2: Planning and Implementation Guide.
eDirectory servers.
Without SLP, users can’t see a tree list, but they should still be able to attach to a tree
by name. Users can configure the Novell Client to use DNS, or they can configure the
local host file (
WinXP) to resolve tree and server names. Users can also specify preferred tree and
context information in the DHCP Settings page of the Novell Client.
%SystemDrive%\windows\system32\drivers\etc\hosts
on
novdocx (en) 7 January 2010
IMPORTANT: If the tree where you are installing this server has or will have more than
three servers, you must configure SLP.
Use Multicast to Access SLP: This option allows the server to request SLP
information by using multicast packets. Use this in environments that have not
established SLP DAs (Directory Agents).
IMPORTANT: If you select this option, you must disable the firewall for it to work
correctly. Multicast creates a significant amount of network traffic and can reduce
network throughput.
Configure as Directory Agent: This option configures this server as a Directory
Agent (DA). This is useful if you plan to have more than three servers in the tree and
want to set up SLP during the installation.
Configure SLP to use an existing Directory Agent: This option configures SLP to
use an existing Directory Agent (DA) in your network. Use this in environments that
have established SLP DAs. When you select this option, you configure the servers to
use by adding or removing them from the SLP Directory Agent list.
Service Location Protocols and Scope: This option configures the scopes that a user
agent (UA) or service agent (SA) is allowed when making requests or when registering
services, or specifies the scopes a directory agent (DA) must support. The default value is
DEFAULT. Use commas to separate each scope. For example, net.slp.useScopes =
myScope1,myScope2,myScope3.
This information is required when selecting the Use Multicast to Access SLP or Configure
SLP to Use an Existing Directory Agent option is selected.
Default: Default
88 OES 2 SP2: Installation Guide
Page Parameter
Configured SLP Directory Agents: This option lets you manage the list of hostname or IP
addresses of one or more external servers on which a SLP Directory Agent is running.
It is enabled for input only when you configure SLP to use an existing Directory Agent.
Novell Modular Authentication Services
IMPORTANT: NMAS client software (included with Novell Client software) must be installed on
each client workstation where you want to use the NMAS login methods.
CertMutual: The Certificate Mutual login method implements the Simple Authentication and
Security Layer (SASL) EXTERNAL mechanism, which uses SSL certificates to provide client
authentication to eDirectory through LDAP.
Challenge Response: The Challenge-Response login method works with the Identity
Manager password self-service process. This method allows either an administrator or a
user to define a password challenge question and a response, which are saved in the
password policy. Then, when users forget their passwords, they can reset their own
passwords by providing the correct response to the challenge question.
DIGEST-MD5: The Digest MD5 login method implements the Simple Authentication and
Security Layer (SASL) DIGEST-MD5 mechanism as a means of authenticating the user to
eDirectory through LDAP.
NDS: The NDS login method provides secure password challenge-response user
authentication to eDirectory. This method supports the traditional NDS password when the
NMAS client is in use. Reinstallation is necessary only if the NDS login method object has
been removed from the directory.
Simple Password: The Simple Password NMAS login method provides password
authentication to eDirectory. The Simple Password is a more flexible but less secure
alternative to the NDS password. Simple Passwords are stored in a secret store on the user
object.
SASL GSSAPI The SASL GSSAPI login method implements the Generic Security Services
Application Program Interface (GSSAPI) authentication by using the Simple Authentication
and Security Layer (SASL) that enables users to authenticate to eDirectory through LDAP
by using a Kerberos ticket.
novdocx (en) 7 January 2010
If you want to install all of the login methods into eDirectory, click Select All.
If you want to clear all selections, click Deselect All.
For more information on these login methods, see “Managing Login and Post-Login Methods and
Sequences” in the Novell Modular Authentication Services 3.3.1 Administration Guide.
Defaults: Challenge Response and NDS
For additional configuration instructions, see “Installing or Upgrading Novell eDirectory on Linux”
in the Novell eDirectory 8.8 Installation Guide.
3.6.11 Novell FTP Services
No additional configuration is required.
Installing OES 2 SP2 89
3.6.12 Novell iFolder
When you configure iFolder as part of the OES install and configuration, you can specify only an
EXT3 or ReiserFS volume location for the System Store Path, which is where you are storing
iFolder data for all your users. You cannot create NSS volumes during the system install.
If you want to use an NSS volume to store iFolder data, you must reconfigure iFolder after the initial
OES installation. To reconfigure, use Novell iManager to create an NSS volume, then go to YaST >
Open Enterprise Server > Install and Configure Open Enterprise Services and select iFolder 3.6 to
enter new information. All previous configuration information is removed and replaced.
Table 3-14 Novell iFolder 3.6 Parameters and Values
Page Parameter
Novell iFolder System Configuration Options
iFolder Component to Be Configured
iFolder Server: This option lets you configure the settings for the iFolder server that is
the central repository for storing user iFolders and synchronizing files for enterprise
users.
iFolder Web Admin: This option lets you create and configure settings for the
administrator user.
The iFolder Admin user is the primary administrator of the iFolder Enterprise Server.
The Web Admin server does not need to be configured on the iFolder Enterprise
Server. Devoting a separate server to the Web Admin application improves the
performance of the iFolder Enterprise Server by reducing the admin traffic.
iFolder Web Access: This option lets you configure the Web Access server, which is
an interface that lets users have remote access to iFolders on the enterprise server.
The Web Access server lets users perform all the operations equivalent to those of the
iFolder client through using a standard Web browser.
The Web Access server does not need to be configured in the same iFolder Enterprise
Server. Directing the user tasks to a separate server and thereby reducing the HTTP
requests helps to improve the performance of the iFolder Enterprise Server.
novdocx (en) 7 January 2010
Default: All three items are selected
Novell iFolder System Configuration
Name Used to Identify the iFolder System to Users: Specify a unique name to identify
your iFolder Enterprise Server.
Default: iFolder
System Description (optional): Specify a descriptive label for your iFolder Enterprise
Server to identify it to the users.
Default: iFolder Enterprise System
90 OES 2 SP2: Installation Guide
Page Parameter
Path to Server's Data Files: Specify the case-sensitive address of the location where the
iFolder Enterprise Server stores iFolder application files as well as the user iFolders and
files.
IMPORTANT: This location cannot be modified after iFolder is installed.
novdocx (en) 7 January 2010
Default:
/var/simias/data/
Path to the Recovery Agent Certificates (optional): Specify the path to the recovery
agent certificates that are used for recovering the encryption key.
Default:
Novell iFolder System Configuration (2)
/var/simias/data/simias
Name of iFolder Server: Specify a unique name to identify your iFolder Enterprise Server.
For example: Host1.
Default: The name of the OES server.
iFolder Public URL: Specify the public URL for users to reach the iFolder Enterprise
Server.
Default: The OES server’s IP address
iFolder Private URL: Specify the private URL corresponding to the iFolder Enterprise
Server to allow communication between the servers within the iFolder domain. The private
URL and the public URL can be the same.
Default: The OES server’s IP address
Select SSL Option for iFolder: Select the SSL option you want to set up a secure
connection between the iFolder server and the iFolder clients.
There are three options for the channel for data transfer: SSL, Non SSL, and Both. However,
authentication is always over SSL (not optional).
Both: (default) This option lets you select a secure or a non-secure channel for
communication among the iFolder server, Web Admin server, Web Access server and
the clients. By default, these components use the HTTPS (secure) communication
channel. However, all components can also be configured to use HTTP.
Non SSL: Select this option to enable non-secure communication between the iFolder
server, Web Admin server, Web Access server and the clients. The iFolder uses the
HTTP channel for communication.
SSL: Select this option to enable a secure connection among the iFolder server,
iFolder Web Admin server, iFolder Web Access server, and the iFolder clients. The
iFolder uses the HTTPS channel for communication.
Default: Both
iFolder Port to Listen On: Specify the port for the iFolder to listen on.
Default: 80
Installing OES 2 SP2 91
Page Parameter
Install into Existing iFolder Domain: Select this option when you want to attach to an
existing iFolder domain.
If this option is not selected, this server becomes the Master iFolder server.
Default: Deselected
Private URL of the Master Server: Specify the private URL of the Master iFolder server
that holds the master iFolder data for synchronization to the current iFolder Enterprise
Server.
Configure LDAP Groups Plugin: Select this option to configure the LDAP Groups plug-in.
If this option is left unselected, iFolder does not have LDAP Group support enabled.
Novell iFolder LDAP Configuration
Directory server address: The IP address shown is the default LDAP server for this
service. If you do not want to use the default, select a different LDAP server in the list.
If you need to add another eDirectory LDAP server to the list, use the LDAP Configuration
for Open Enterprise Services dialog.
novdocx (en) 7 January 2010
If you are installing into an existing tree, ensure that the server you select has a master
replica or read/write replica of eDirectory.
If you are installing into an existing tree, you must enter the password of an admin user in
the tree.
Default: The first server selected in the LDAP Configuration list of servers
Use Alternate LDAP server: If you need to add another LDAP server to the list, select this
option and enter the following information:
Alternate Directory Server Address: Specify the host or IP address of the alternate
LDAP server that iFolder will use.
LDAP Port: Specify the LDAP port to use for this alternate server.
LDAP Secure Port: Specify the LDAP secure port to use for this alternate server.
Admin Name and Context: Specify the administrator name and context for the
alternate LDAP server.
Admin Password: Type the specified administrator’s password.
Novell iFolder System Configuration
The iFolder Default Administrator: Specify the username for the default iFolder
administrative user. Use the full distinguished name of the iFolder administrative user.
Default: The eDirectory Admin user you specified while configuring eDirectory.
iFolder Admin Password: Specify a password for the iFolder administrative user.
Verify iFolder Admin Password: Type the password for the iFolder administrative user
again.
92 OES 2 SP2: Installation Guide
Page Parameter
LDAP Proxy User: Specify the full distinguished name of the LDAP Proxy user.
This user must have the Read right to the LDAP service. This user is used to provision the
users between iFolder Enterprise Server and the LDAP server. If it does not already exist,
this user is created and granted the Read right to the root of the tree. The LDAP proxy user's
domain name (DN) and password are stored by iFolder.
Default: A user object created in the server context you specified and named iFolderProxy.
LDAP Proxy User Password: Specify a password for the LDAP Proxy user.
For more information on proxy user and password management, see “Planning Your Proxy
Users” in the OES 2 SP2: Planning and Implementation Guide.
Default: A system-generated password.
Verify LDAP Proxy User Password: Type the password for the LDAP Proxy user again.
LDAP Search Context: Click Add, then specify an LDAP tree context to be searched for
users to provision them in iFolder. For example, o=acme, o=acme2, or o=acme3
novdocx (en) 7 January 2010
If no context is specified, only the iFolder administrative user is provisioned for services
during the install.
Default: The server context you specified while configuring eDirectory.
LDAP Naming Attribute: Select which LDAP attribute of the User account to apply when
authenticating users. This setting cannot be changed after the install.
Each user enters a username in this specified format at login time. Common Name (CN) is
the default, and an e-mail address (email) is the other option.
For example, if a user named John Smith has a common name of jsmith and e-mail of
john.smith@example.com, this field determines whether the user enters jsmith or
john.smith@example.com as the username when logging in to the iFolder Enterprise
Server.
Default: Common Name (CN)
Require a Secure Connection Between the LDAP server and the iFolder Server: If the
LDAP server co-exists on the same computer as the iFolder Enterprise Server, you can
deselect this option, which increases the performance of LDAP authentications.
Default: Selected
Novell iFolder Web Access Configuration
Apache Alias: Specify the Apache alias to point to the iFolder Web Access Application.
This is a user-friendly pointer for the Apache service.
Default: /ifolder
Host or IP Address of the iFolder Server: Specify the host or IP address of the iFolder
Enterprise Server to be used by the iFolder Web Access application. This Web Access
application performs all the user-specific iFolder operations on the host that runs the iFolder
Enterprise Server.
Default: The IP address of the OES server you are installing
Installing OES 2 SP2 93
Page Parameter
novdocx (en) 7 January 2010
Redirect URL for iChain/Access Gateway (optional): Specify the redirect URL for
®
iChain
is used for the proper logout of iChain/AccessGateway sessions along with the iFolder
session.
/AccessGateway that will be used by the iFolder Web Access application. This URL
Connect to the iFolder Server Using SSL: Select the check box to establish a secure
connection between the iFolder enterprise server and the iFolder Web Admin application.
Default: Selected
iFolder Server Port to Connect on: Specify the port for the iFolder server to connect to the
Web Acess application.
Default: 443 (SSL communications), 80 (non-SSL communication)
Require a secure connection between the Web browser and the iFolder Web Access
application: Select the check box to establish a secure connection between the Web
browser and the iFolder Web Access application.
Default: Selected
Novell iFolder Web Admin Configuration
Apache Alias: Specify an Apache alias to point to the iFolder Web Admin application. This
is an admin-friendly pointer for the Apache service.
Default: /admin
Host or IP Address of the iFolder Server: Specify the hostname or IP address of the
iFolder Enterprise Server to be managed by the iFolder Web Admin application. The iFolder
Web admin application manages this host.
Default: The IP address of the OES server you are installing
Redirect URL for iChain/Access Gateway (optional): Specify the redirect URL for iChain/
AccessGateway that will be used by the iFolder Web Admin application. This URL is used
for the proper logout of iChain/AccessGateway sessions along with the iFolder session.
Connect to the iFolder Server Using SSL: Select the check box to establish a secure
connection between the iFolder enterprise server and the iFolder Web Admin application.
iFolder Server Port to Connect on: Specify the port for the iFolder server to connect to the
Web Admin application. Port 443 is the default. Port 80 is the default value for non-SSL
communication.
Require a secure connection between the Web browser and the iFolder Web Access
application: Select the check box to establish a secure connection between the Web
browser and the iFolder Web Admin application.
For additional configuration instructions, see “Installing and Configuring iFolder Services” in the
Novell iFolder 3.8 Administration Guide.
94 OES 2 SP2: Installation Guide
3.6.13 Novell iManager
Table 3-15 Novell iManager Parameters and Values
Page Parameter
iManager Configuration
eDirectory Tree: Shows the name of a valid eDirectory tree that you specified when
configuring eDirectory.
To change this configuration, you must change the eDirectory configuration.
FDN Admin Name with Contextt: Shows the eDirectory Admin name and context that
you specified when configuring eDirectory. This is the user that has full administrative rights
to perform operations in iManager.
To change this configuration, you must change the eDirectory configuration.
For additional configuration instructions, see “Installing iManager” in the Novell iManager 2.7
Installation Guide.
novdocx (en) 7 January 2010
3.6.14 Novell iPrint
Table 3-16 Novell iPrint Parameters and Values
Page Parameter
iPrint Configuration
Directory server address: The IP address shown is the default LDAP server for this
service. If you do not want to use the default, select a different LDAP server in the list.
If you are installing into an existing tree, ensure that the server you select has a master
replica or read/write replica of eDirectory. If you need to add another LDAP server to the
list, add it by using the LDAP Configuration for Open Enterprise Services dialog.
Top-Most Container of eDirectory Tree: iPrint uses LDAP to verify rights to perform
various iPrint operations, including authenticating users for printing and performing
management tasks such as uploading drivers.
During the installation of the iPrint software, iPrint attempts to identify the topmost
container of the eDirectory tree and sets the base dn to this container for the
AuthLDAPURL entry in
iprint_ssl.conf
For most installations, this is adequate because users are often distributed across
containers.
/etc/opt/novell/iprint/httpd/conf/
.
IMPORTANT: If you have mutliple peer containers at the top of your eDirectory tree, leave
this field blank so that the LDAP search begins at the root of the tree.
For additional configuration instructions, see “Installing and Setting Up iPrint on Your Server” in
the OES 2 SP2: iPrint for Linux Administration Guide.
Installing OES 2 SP2 95
3.6.15 Novell Linux User Management
Table 3-17 Novell Linux User Management Parameters and Values
Page Parameter
Linux User Management Configuration
Directory Server Address: The IP address shown is the default LDAP server for this
service. If you do not want to use the default, select a different LDAP server in the list.
If you are installing into an existing tree, ensure that the server you select has a master
replica or read/write replica of eDirectory. If you need to add another LDAP server to the
list, add it by using the LDAP Configuration for Open Enterprise Services dialog.
For information about specifying multiple LDAP servers for Linux User Management
(LUM), see “Configuring a Failover Mechanism” in the OES 2 SP2: Novell Linux User
Management Technology Guide.
Default: The first server selected in the LDAP Configuration list of servers
novdocx (en) 7 January 2010
Unix Config Context: The Unix Config object holds a list of the locations (contexts) of
Unix Workstation objects in eDirectory. It also controls the range of numbers to be
assigned as UIDs and GIDs when User objects and Group objects are created.
Specify the eDirectory context (existing or created here) where the Unix Config object will
be created. An LDAP search for a LUM User, a LUM Group, or a LUM Workstation object
begins here, so the context must be at the same level or higher than the LUM objects
searched for.
If the Unix Config Object is placed below the location of the User objects, the
nam.conf
parameter.
Geographically dispersed networks might require multiple Unix Config objects in a single
tree, but most networks need only one Unix Config object in eDirectory.
Default: The Organization object you specified in the eDirectory configuration
file on the target computer must include the support-outside-base-context=yes
/etc/
Unix Workstation Context: Computers running Linux User Management (LUM) are
represented by Unix Workstation objects in eDirectory. The object holds the set of
properties and information associated with the target computer, such as the target
workstation name or a list of eDirectory groups that have access to the target workstation.
Specify the eDirectory context (existing or created here) for the Unix Workstation object
created by the install for this server. The context should be the same as or below the Unix
Config Context specified above.
Default: The context you specified for this OES server in the eDirectory configuration
Proxy User Name with Context (Optional): Specify a user (existing or created here) with
rights to search the LDAP tree for LUM objects.
Proxy User Password: Specify a password (existing or created here) for the Proxy user.
For more information on proxy user and password management, see “Planning Your Proxy
Users” in the OES 2 SP2: Planning and Implementation Guide.
96 OES 2 SP2: Installation Guide
Page Parameter
Restrict Access to the Home Directories of Other Users: This option is selected by
default to restrict read and write access for users other than the owner to home directories.
novdocx (en) 7 January 2010
Using the default selection changes the umask setting in
077.
Default: Selected
Linux User Management Configuration (2)
IMPORTANT: Before you change the PAM-enabled service settings, be sure you understand
the security implications explained in “User Restrictions: Some OES 2 Limitations” in the OES 2
SP2: Planning and Implementation Guide.
Services to LUM-enable for authentication via eDirectory: Select the services to LUM-
enable on this server. The services marked yes are available to authenticated LUM users.
login: no
ftp: no
sshd: no
If you want to use the SSH protocol to define a NetStorage storage location object,
you must select SSHD as a LUM-enabled service.
If do not select SSHD, users cannot to log in to NetStorage through SSH to access
their files.
su: no
rsh: no
rlogin: no
xdm: no
openwbem: yes
This is selected by default because it is used by many of the OES services such as
iPrint, NSS, SMS, Novell Remote Manager, and Samba. To get access to iManager,
you must enable OpenWBEM.
gdm: no
gdm-autologin: no
gnome-passwd: no
gnome-screensaver: no
gnomesu-pam: no
/etc/login.defs
from 022 to
For additional configuration instructions, see “Setting Up Linux User Management” in the OES 2
SP2: Novell Linux User Management Technology Guide.
3.6.16 Novell NCP Server / Dynamic Storage Technology
Table 3-18 Novell NCP Server Parameters and Values
Page Parameter
NCP Server Configuration
Installing OES 2 SP2 97
Page Parameter
Admin Name with Context: This is the eDirectory Admin user you specified in the
eDirectory configuration.
For additional configuration instructions, see “Installing and Configuring NCP Server for Linux” in
the OES 2 SP2: NCP Server for Linux Administration Guide.
3.6.17 Novell NetStorage
Table 3-19 Novell NetStorage Parameters and Values
Page Parameter
NetStorage Configuration
Authentication Domain Host: The IP address shown is the default LDAP server for this
service. If you do not want to use the default, select a different LDAP server in the list.
novdocx (en) 7 January 2010
If you are installing into an existing tree, ensure that the server you select has a master
replica or read/write replica of eDirectory. If you need to add another LDAP server to the list,
add it by using the LDAP Configuration for Open Enterprise Services page.
Default: The first server selected in the LDAP Configuration list of servers.
Proxy User Name with Context: Specify the Proxy User Name including the context, or
accept the default.
This user performs LDAP searches for users logging into NetStorage.
Default: The eDirectory Admin user you specified while configuring eDirectory.
Proxy User Password: Specify a password for the proxy user.
For more information on proxy user and password management, see “Planning Your Proxy
Users” in the OES 2 SP2: Planning and Implementation Guide.
User Context: Specify the NetStorage users’ context, or accept the default.
This is the eDirectory context for the users that will use NetStorage. NetStorage searches
the eDirectory tree down from the specified context for User objects. If you want NetStorage
to search the entire eDirectory tree, specify the root context.
Default: The Organization object you specified while configuring eDirectory.
For additional configuration instructions, see “Installing NetStorage” in the OES 2 SP2: NetStorage
for Linux Administration Guide.
3.6.18 Novell Pre-Migration Server
No additional configuration is required. For information, see “Preparing the Source Server for
Migration” the OES 2 SP2: Migration Tool Administration Guide.
98 OES 2 SP2: Installation Guide
3.6.19 Novell QuickFinder
Table 3-20 Novell QuickFinder Parameters and Values
Page Parameter
Novell QuickFinder Admin User
Novell QuickFinder Admin User Type: Make the QuickFinder administrator a LUM-
enabled eDirectory user or a local Linux user.
Local: Select this option to give QuickFinder Server administration rights to a local
Linux user (the default is the
Directory LUM Enabled: Gives QuickFinder Server administration rights to an
eDirectory user.
Default: Directory LUM enabled
QuickFinder Admin Name: Specify the QuickFinder administrator name.
If you selected Directory LUM enabled as the user type, include the full context (such as
cn=admin,o=novell).
root
novdocx (en) 7 January 2010
user if no other local users exist).
If you selected Local as the user type, specify only the admin name (such as root). If the user
does not already exist, it will be created.
Default: The eDirectory Admin user you specified while configuring eDirectory.
Add novlwww User to the Shadow Group: If only LUM-enabled eDirectory users will use
QuickFinder, this option does not need to be set.
QuickFinder uses Pluggable Authentication Modules (PAM) to authenticate users for both
administration and rights-based searching. Because QuickFinder is a servlet under Tomcat,
it has the same rights to the system as the Tomcat user (wwwrun).
For QuickFinder to verify user credentials for local users (including root), the wwwrun user
must be added to the local shadow group.
Default: Yes
Novell QuickFinder Admin Password
eDirectory Admin Name: Specified on the previous page.
Novell QuickFinder Admin User Type: If a different admin user was created, specify a
password.
For additional configuration instructions, see “Installing QuickFinder Server” in the OES 2: Novell
QuickFinder Server 5.0 Administration Guide.
3.6.20 Novell Remote Manager
No additional configuration for the installation is required. To change the configuration after the
installation, see “Changing the Configuration” in the OES 2 SP2: Novell Remote Manager for Linux
Administration Guide.
Installing OES 2 SP2 99
3.6.21 Novell Samba
Table 3-21 Novell Samba Parameters and Values
Page Field or Selection
Novell Samba Configuration
Directory server address: The IP address shown is the default LDAP server for this
service. If you do not want to use the default, select a different LDAP server in the list.
If you are installing into an existing tree, ensure that the server you select has a master
replica or read/write replica of eDirectory. If you need to add another LDAP server to the list,
add it by using the LDAP Configuration for Open Enterprise Services dialog box.
This is the primary IP address of the LDAP server to which CIFS client users (such as
Windows users) authenticate, to use LDAP for access to the directories and files on this OES
server.
Default The first server selected in the LDAP Configuration list of servers.
novdocx (en) 7 January 2010
Base Context for Samba Users: The eDirectory context (existing or created here) where
the default Samba group is created.
Default: The Organization object you specified for your tree. Do not change the default
unless you are altering the standard Samba configuration.
Proxy User Name with Context: A user on the specified LDAP server that has rights to
search the LDAP tree for Samba users.
The name and context must be specified by using typeful syntax.
(cn=name,ou=organizational_unit,o=organization)
Default: cn=servername-sambaProxy.o=organization
Proxy User Password: The password of the Proxy User specified above.
For more information on proxy user and password management, see “Planning Your Proxy
Users” in the OES 2 SP2: Planning and Implementation Guide.
For additional configuration instructions, see “Installing the Novell Samba Components” in the
OES2 SP2: Samba Administration Guide.
3.6.22 Novell Storage Services (NSS)
Table 3-22 Novell Storage Services Parameters and Values
Pag
Parameter
e
NSS Unique Admin Object
100 OES 2 SP2: Installation Guide
Loading...