Novell Open Enterprise Server Installation Guide
Novell®
www.novell.com
Installation Guide
Open Enterprise Server
novdocx (en) 7 January 2010
AUTHORIZED DOCUMENTATION
2 SP2
March 15, 2010
OES 2 SP2: Installation Guide
Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export
approvals.
novdocx (en) 7 January 2010
Copyright © 2005–2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced,
photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or
more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the online documentation for this and other Novell products, and to get
updates, see the Novell Documentation Web site (www.novell.com/documentation).
Novell Trademarks
For a list of Novell trademarks, see the Novell Trademark List (http://www.novell.com/company/legal/trademarks/
tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
This product includes code licensed from RSA Security, Inc. Some portions licensed from IBM are available at http:/
/oss.software.ibm.com/icu4j/.
This product includes materials licensed under the Apache license, including Apache and Tomcat.
novdocx (en) 7 January 2010
novdocx (en) 7 January 2010
4 OES 2 SP2: Installation Guide
Contents
About This Guide 11
1 What's New in the OES 2 Install 13
1.1 What’s New in the OES 2 SP2 Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.2 What’s New in the OES 2 SP1 Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.3 What’s New in the OES 2 Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2 Preparing to Install OES 2 SP2 15
2.1 Before You Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2 32-Bit vs. 64-Bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.1 64-Bit eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.2 64-Bit NCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.2.3 Matching Software with Server Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.2.4 Don’t Mix 32-Bit and 64-Bit OES and SLES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.3 Meeting All Server Software and Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.3.1 Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.3.2 Server Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.4 eDirectory Rights Needed for Installing OES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.4.1 Rights to Install the First OES Server in a Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.4.2 Rights to Install the First Three Servers in an eDirectory Tree . . . . . . . . . . . . . . . . . 18
2.4.3 Rights to Install the First Three Servers in any eDirectory Partition . . . . . . . . . . . . . 18
2.4.4 Rights to Run Deployment Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.5 Installing and Configuring OES as a Subcontainer Administrator . . . . . . . . . . . . . . . . . . . . . . 18
2.5.1 Rights Required for Subcontainer Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.5.2 Starting a New Installation as a Subcontainer Administrator . . . . . . . . . . . . . . . . . . . 21
2.5.3 Adding/Configuring OES Services as a Different Administrator . . . . . . . . . . . . . . . . 21
2.6 Preparing eDirectory for OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.6.1 If Your Directory Tree Is Earlier than eDirectory 8.6 . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.6.2 If Your LDAP Server Is Running NetWare 6.5 SP2 or Earlier . . . . . . . . . . . . . . . . . . 22
2.6.3 If Your Tree Has Ever Contained an OES 1 Linux Server with LUM and NSS
Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.6.4 Extending the Schema. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.7 Deciding What Patterns to Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.8 Install Only One Server at a Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
2.9 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
novdocx (en) 7 January 2010
3 Installing OES 2 SP2 39
3.1 Obtaining OES 2 Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.2 Setting Up an Installation Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.2.1 Preparing a Network Installation Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.2.2 Preparing Physical Media for a New Server Installation or an Upgrade . . . . . . . . . . 42
3.3 Installing OES 2 SP2 as a New Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.3.1 Starting the OES 2 SP2 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.3.2 Specifying the Installation Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.3.3 Specifying the Add-On Product Installation Information . . . . . . . . . . . . . . . . . . . . . . 47
3.3.4 Setting Up the Clock and Time Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.3.5 Specifying the Installation Settings for the SLES Base and OES Installation . . . . . . 48
Contents 5
3.3.6 Specifying Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.4 Finishing the Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
3.5 Verifying That the Installation Was Successful . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
3.6 Guidelines for Configuring OES 2 SP2 Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
3.6.1 LDAP Configuration for Open Enterprise Services . . . . . . . . . . . . . . . . . . . . . . . . . . 76
3.6.2 Novell AFP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
3.6.3 Novell Archive and Version Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
3.6.4 Novell Backup/Storage Management Services (SMS) . . . . . . . . . . . . . . . . . . . . . . . 78
3.6.5 Novell CIFS for Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
3.6.6 Novell Cluster Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
3.6.7 Novell DHCP Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
3.6.8 Novell DNS Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
3.6.9 Novell Domain Services for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
3.6.10 Novell eDirectory Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
3.6.11 Novell FTP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
3.6.12 Novell iFolder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
3.6.13 Novell iManager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
3.6.14 Novell iPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
3.6.15 Novell Linux User Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
3.6.16 Novell NCP Server / Dynamic Storage Technology . . . . . . . . . . . . . . . . . . . . . . . . . 97
3.6.17 Novell NetStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
3.6.18 Novell Pre-Migration Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
3.6.19 Novell QuickFinder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
3.6.20 Novell Remote Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
3.6.21 Novell Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
3.6.22 Novell Storage Services (NSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
3.7 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
novdocx (en) 7 January 2010
4 Installing or Configuring OES 2 SP2 on an Existing Server 103
4.1 Before You Install OES Services on an Existing Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
4.1.1 Always Use YaST to Install and Initially Configure OES . . . . . . . . . . . . . . . . . . . . . 103
4.1.2 Don’t Install OES While Running the Xen Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . 103
4.2 Installing or Configuring OES Services on an Existing Server . . . . . . . . . . . . . . . . . . . . . . . . 104
4.3 Adding/Configuring OES Services on a Server That Another Administrator Installed . . . . . . 107
4.4 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
5 Upgrading to OES 2 SP2 109
5.1 Supported Upgrade Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
5.2 Planning for the Upgrade to OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
5.2.1 Be Sure to Check the Readme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
5.2.2 Always Upgrade SLES and OES at the same time . . . . . . . . . . . . . . . . . . . . . . . . . 110
5.2.3 Understanding the Implications for Other Products Currently Installed on the
Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
5.3 Meeting the Upgrade Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
5.3.1 Securing Current Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
5.3.2 Ensuring That There Is Adequate Storage Space on the Root Partition . . . . . . . . . 112
5.3.3 Preparing Your Target Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
5.3.4 Checking the Server’s IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
5.3.5 Checking the Server’s DNS Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
5.3.6 Ensuring That the Server Has a Server Certificate . . . . . . . . . . . . . . . . . . . . . . . . . 113
5.3.7 Preparing an Installation Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
5.4 Upgrading to OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
5.4.1 For Servers with EVMS and NSS on the System Device . . . . . . . . . . . . . . . . . . . . 114
5.4.2 To Upgrade Using a Network Installation Source with DHCP (Offline) . . . . . . . . . . 115
5.4.3 Upgrading Using a Network Installation Source without DHCP (Offline) . . . . . . . . . 116
6 OES 2 SP2: Installation Guide
5.4.4 Using Physical Media to Upgrade (Offline) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
5.4.5 Using the Patch Channel to Upgrade (Online) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
5.4.6 Selecting the Installation Mode Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
5.4.7 Specifying the Partition to Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
5.4.8 Specifying the Add-On Product Installation Information . . . . . . . . . . . . . . . . . . . . . 124
5.4.9 Reviewing the Delete Unmaintained Packages Notification . . . . . . . . . . . . . . . . . . 124
5.4.10 Verifying and Customizing the Update Options in Installation Settings . . . . . . . . . . 125
5.4.11 Accepting the Installation Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
5.4.12 Specifying Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
5.5 Finishing the Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
5.6 Post-Migration iManager Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
5.7 Verifying That the Upgrade Was Successful . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
5.8 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
6 Completing OES Installation or Upgrade Tasks 143
6.1 Determining Which Services Need Additional Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 143
6.2 Rebooting the Server after Installing NSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
6.3 Resolving the Certificate Store Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
6.4 Restarting Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
6.5 Launching and Configuring Firefox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
novdocx (en) 7 January 2010
7 Updating (Patching) an OES 2 SP2 Server 147
7.1 Overview of Updating (Patching) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
7.1.1 The Patch Process Briefly Explained. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
7.1.2 Update Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
7.2 Preparing the Server for Updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
7.3 Registering the Server in the Novell Customer Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
7.3.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
7.3.2 Registering the Server in the Novell Customer Center (Command Line) . . . . . . . . 149
7.3.3 Registering the Server in the Novell Customer Center (GUI) . . . . . . . . . . . . . . . . . 150
7.4 Updating the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
7.4.1 Updating the Server by Using the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . 153
7.4.2 Updating the Server from the GNOME or KDE Desktop . . . . . . . . . . . . . . . . . . . . . 158
7.5 Verifying That Your Channel Subscriptions Are Up-to-Date . . . . . . . . . . . . . . . . . . . . . . . . . 159
7.6 Frequently Asked Questions about Updating. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
7.6.1 Do I apply all the patches in the catalogs? How do I know which patches to apply?160
7.6.2 How do I re-add the catalogs for OES 2 in my ZENworks Management Daemon
configuration after removing one or more of them?. . . . . . . . . . . . . . . . . . . . . . . . . 160
7.6.3 What about YaST Online Update? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.7 Patching From Behind a Proxy Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.8 Quick Path Updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.8.1 Do Not Use rug up without the -t Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.8.2 Command Line Quick Path for Updating OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
7.8.3 GUI Quick Path for Updating OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
8 Using AutoYaST to Install and Configure Multiple OES Servers 167
8.1 Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
8.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
8.3 Setting Up a Control File with OES Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
8.3.1 Fixing an Automatically Created Control File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
8.3.2 Using the AutoInstallation Module to Create the Control File . . . . . . . . . . . . . . . . . 169
8.4 Setting Up an Installation Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Contents 7
9 Installing OES as a Xen VM Host Server 175
10 Installing, Upgrading, or Updating OES on a Xen-based VM 177
10.1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
10.1.1 OES 2 SP2 VM Host Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
10.1.2 Novell Storage Services Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
10.1.3 Setup Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
10.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
10.3 Preparing the Installation Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
10.3.1 Downloading the Installation Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
10.3.2 Preparing the Installation Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
10.4 Installing an OES 2 SP2 VM Guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
10.4.1 Specifying Options for Creating an OES 2 SP2 VM Guest . . . . . . . . . . . . . . . . . . . 180
10.4.2 Specifying the Installation Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
10.4.3 Specifying the Add-On Product Installation Information . . . . . . . . . . . . . . . . . . . . . 183
10.4.4 Completing the OES 2 SP2 VM Guest Installation . . . . . . . . . . . . . . . . . . . . . . . . . 184
10.5 Upgrading an OES 2 VM Guest to OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
10.5.1 Upgrading an OES 2 VM Guest by Using the Update Channel. . . . . . . . . . . . . . . . 184
10.5.2 Performing an Offline Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
10.6 Updating an OES 2 SP2 VM Guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
10.7 Managing a Virtual Machine Running OES 2 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
10.8 Setting Up an OES 2 SP2 VM Guest to Use Novell Storage Services (NSS) . . . . . . . . . . . . 189
novdocx (en) 7 January 2010
11 Installing and Managing NetWare on a Xen-based VM 191
11.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
11.2 Support Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
11.2.1 OES 2 Registration Is Required for Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
11.2.2 Supported Configurations and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
11.2.3 Unsupported Configurations and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
11.3 Preparing to Install a NetWare VM Guest Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
11.3.1 Planning for VM Host Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
11.3.2 Planning for NetWare VM Guest Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
11.3.3 You Must Use Timesync for Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . 195
11.3.4 Disabling the Alt+Esc Shortcut on the Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
11.4 Installing Virtualized NetWare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
11.4.1 Preparing the Installation Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
11.4.2 Creating a Response File for an Unattended NetWare Installation . . . . . . . . . . . . . 196
11.4.3 Creating a Xen Virtual Machine and Installing a NetWare VM Guest Server . . . . . 198
11.5 Managing NetWare on a Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
11.5.1 Using the Virtual Machine Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
11.5.2 Using the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
11.6 If VM Manager Doesn’t Launch on a Xen VM Host Server . . . . . . . . . . . . . . . . . . . . . . . . . . 204
12 Upgrading NetWare on a Xen-based VM 205
12.1 Upgrading the VM Host Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
12.2 Upgrading the NetWare VM Guest Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
12.2.1 Downloading the NetWare SP8 Zip File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
12.2.2 Providing Access to a Mounted DVD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
8 OES 2 SP2: Installation Guide
13 Disabling OES 2 Services 207
14 Security Considerations 209
14.1 Password for User Admin Written in Clear Text in control.xml. . . . . . . . . . . . . . . . . . . . . . . . 209
14.2 Access to the Server During an Installation or Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
14.3 Remote Installations Using VNC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
14.4 Improperly Configured LDAP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
A Installing with EVMS as the Volume Manager of the System Device 211
A.1 Using EVMS to Manage the System Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
A.2 Configuring the System Device to Use EVMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
A.2.1 Understanding the EVMS–Based Partitioning Scheme . . . . . . . . . . . . . . . . . . . . . . 212
A.2.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
A.2.3 Modifying the Installation Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
A.3 Using EVMS to Manage Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
A.3.1 NSS File Systems on EVMS-Managed Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
A.3.2 Linux POSIX File Systems on EVMS-Managed Devices . . . . . . . . . . . . . . . . . . . . 218
novdocx (en) 7 January 2010
B OES 2 SP2 File and Data Locations 221
B.1 General Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
B.2 Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
C Setting Up an Installation Source on NetWare 223
C.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
C.2 Copy the Files and Mount Them as NSS Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
C.3 Create the Boot CDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
D Upgrading to OES 2 SP2 Through a ZENworks Linux Management Server 227
D.1 Preparing the Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
D.2 Mirroring the Channels to Your ZENworks Linux Management Server . . . . . . . . . . . . . . . . . 228
D.3 Making Copies of the Downloaded Bundles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
D.4 Creating a Password Answer File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
D.5 Preparing the Bundles for Upgrading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
D.6 Preparing the OES 2 SP1 Servers for Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
D.7 Assigning the Bundles and Scheduling the Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
D.8 Known Issues and Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
D.8.1 Installing Additional OES Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
D.8.2 iFolder Fails to Start. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
D.8.3 SPident Command Reports that SLES Is Not Updated . . . . . . . . . . . . . . . . . . . . . . 241
D.8.4 oes-SPident Command Reports that OES Is Not Updated . . . . . . . . . . . . . . . . . . . 241
E Documentation Updates 243
Contents 9
novdocx (en) 7 January 2010
10 OES 2 SP2: Installation Guide
About This Guide
This guide describes how to install, upgrade, and update Novell® Open Enterprise Server (OES) 2
SP2 Linux. Except where specifically stated, the content of this guide applies to installing OES on a
computer’s physical hardware rather than on a Xen* virtual machine host server.
“What's New in the OES 2 Install” on page 13
“Preparing to Install OES 2 SP2” on page 15
“Installing OES 2 SP2” on page 39
“Installing or Configuring OES 2 SP2 on an Existing Server” on page 103
“Upgrading to OES 2 SP2” on page 109
“Completing OES Installation or Upgrade Tasks” on page 143
“Updating (Patching) an OES 2 SP2 Server” on page 147
“Using AutoYaST to Install and Configure Multiple OES Servers” on page 167
“Installing OES as a Xen VM Host Server” on page 175
novdocx (en) 7 January 2010
“Installing, Upgrading, or Updating OES on a Xen-based VM” on page 177
“Installing and Managing NetWare on a Xen-based VM” on page 191
“Upgrading NetWare on a Xen-based VM” on page 205
“Disabling OES 2 Services” on page 207
“Security Considerations” on page 209
“Installing with EVMS as the Volume Manager of the System Device” on page 211
“OES 2 SP2 File and Data Locations” on page 221
“Setting Up an Installation Source on NetWare” on page 223
“Upgrading to OES 2 SP2 Through a ZENworks Linux Management Server” on page 227
“Documentation Updates” on page 243
Audience
This guide is intended for system administrators.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with this product. Please use the User Comments feature at the bottom of each page of the
online documentation, or go to www.novell.com/documentation/feedback.html and enter your
comments there.
Documentation Updates
The latest version of the OES 2 SP2: Installation Guide is available at the Open Enterprise Server 2
documentation Web site (http://www.novell.com/documentation/oes2/inst_oes_lx/data/front.html).
About This Guide 11
Additional Documentation
For more information about See
Planning and implementing OES 2 SP2 OES 2 SP2: Planning and Implementation Guide
Migration from and coexistence with other products “Different Migration Tools” in the OES 2 SP2:
Migration Tool Administration Guide
Installing OES 2 SP2 on a Xen Virtual Host Server Chapter 10, “Installing, Upgrading, or Updating
OES on a Xen-based VM,” on page 177
SLES 10 Installation and Administration details SUSE
®
LINUX Enterprise Server 10 Installation
and Administration Guide (http://www.novell.com/
documentation/sles10/book_sle_reference/data/
book_sle_reference.html)
Documentation Conventions
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items
within a cross-reference path.
A trademark symbol (
®
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
trademark.
novdocx (en) 7 January 2010
12 OES 2 SP2: Installation Guide
1
What's New in the OES 2 Install
This section summarizes the features that have been updated with each release of Novell® Open
Enterprise Server (OES) 2 Linux.
Section 1.1, “What’s New in the OES 2 SP2 Install,” on page 13
Section 1.2, “What’s New in the OES 2 SP1 Install,” on page 13
Section 1.3, “What’s New in the OES 2 Install,” on page 14
1.1 What’s New in the OES 2 SP2 Install
The following features were added or modified from the SP1 release installation:
Table 1-1 OES 2 SP2 Release
novdocx (en) 7 January 2010
1
Functionality For More Information About
Create an EVMS Based Proposal In the YaSTTM install, an option is available to
automatically create an EVMS based proposal for
the system device. See Section A.2, “Configuring
the System Device to Use EVMS,” on page 212.
Upgrade through the Patch Channel You can now upgrade an OES 2 SP1 server to
OES 2 SP2 through the update (patch) channel.
See Section 5.4.5, “Using the Patch Channel to
Upgrade (Online),” on page 119.
1.2 What’s New in the OES 2 SP1 Install
The following features were added or modified from the initial release installation:
Table 1-2 OES 2 SP1 Release
Functionality For More Information About
Unsupported packages are no longer removed by
default.
Installing OES 2 while installing SLES 10 SP1: See
“Specifying the Add-On Product Installation
Information” on page 47.
Installing OES 2 services on a server that is already
running SLES 10 SP1: See “Installing or
Configuring OES 2 SP2 on an Existing Server” on
page 103.
OES servers are now configured to use
eDirectory
default in every installation/upgrade scenario
except an upgrade from OES 2, where the option
used during the initial server install/upgrade is
retained.
TM
certificates for all HTTPS services by
Certificate management in OES 2: See “Certificate
Management” in the OES 2 SP2: Planning and
Implementation Guide.
What's New in the OES 2 Install
13
Functionality For More Information About
novdocx (en) 7 January 2010
Updating through the Novell patch channels now
requires registering the server with the Novell
Customer Center using either purchased activation
codes or 60-day evaluation codes.
This change is reflected in various instructions
throughout this and other guides.
1.3 What’s New in the OES 2 Install
In the initial release of OES 2, the following features were added to the OES installation:
Table 1-3 OES 2 Initial Release
Functionality For More Information About
Open Enterprise Server 2 Linux is an add-on
product that can be installed with SUSE® Linux
Enterprise Server 10 SP1 or added to a server
running SLES 10 SP1 with updates.
DVD media is now also available to perform the
installation.
Installing OES 2 while installing SLES 10 SP1: See
“Specifying the Add-On Product Installation
Information” on page 47.
Installing OES 2 services on a server that is already
running SLES 10 SP1: See “Installing or
Configuring OES 2 SP2 on an Existing Server” on
page 103.
See “Preparing Physical Media for a New Server
Installation or an Upgrade” on page 42.
OES 2 can be installed on x86-64 bit hardware. See Table 2-1 on page 17.
Configuring OES services is easier to find and
perform on multiple services.
A specific tool for extending the schema is available
in YaST.
You can install OES 2 Linux on a Xen-based virtual
machine host server.
You can install OES 2 Linux as a Xen-based virtual
machine host server.
The method for updating OES matches the method
for updating SLES 10 SP1.
See “Configuring Novell Open Enterprise Server
Services” on page 71 and “Installing or Configuring
OES 2 SP2 on an Existing Server” on page 103.
See “Extending the Schema” on page 26.
See “Chapter 10, “Installing, Upgrading, or
Updating OES on a Xen-based VM,” on page 177.”
See “Chapter 9, “Installing OES as a Xen VM Host
Server,” on page 175.”
“Updating (Patching) an OES 2 SP2 Server” on
page 147.
14 OES 2 SP2: Installation Guide
2
Preparing to Install OES 2 SP2
You should perform the tasks and understand the information outlined in the following sections:
Section 2.1, “Before You Install,” on page 15
Section 2.2, “32-Bit vs. 64-Bit,” on page 15
Section 2.3, “Meeting All Server Software and Hardware Requirements,” on page 16
Section 2.4, “eDirectory Rights Needed for Installing OES,” on page 18
Section 2.5, “Installing and Configuring OES as a Subcontainer Administrator,” on page 18
Section 2.6, “Preparing eDirectory for OES 2 SP2,” on page 22
Section 2.7, “Deciding What Patterns to Install,” on page 28
Section 2.8, “Install Only One Server at a Time,” on page 36
Section 2.9, “What's Next,” on page 36
novdocx (en) 7 January 2010
2
2.1 Before You Install
Before you install Novell® Open Enterprise Server (OES) 2 SP1 Linux, you should review the
information in the following sections:
“Planning Your OES 2 Implementation” in the OES 2 SP2: Planning and Implementation
Guide
“Before You Install or Upgrade” in the OES2 SP2: Readme
2.2 32-Bit vs. 64-Bit
OES 2 and SUSE® Linux Enterprise Server (SLES) 10 are available in both 32-bit (i386) and 64-bit
(x86-64) architectural versions.
Section 2.2.1, “64-Bit eDirectory,” on page 15
Section 2.2.2, “64-Bit NCP Server,” on page 16
Section 2.2.3, “Matching Software with Server Hardware,” on page 16
Section 2.2.4, “Don’t Mix 32-Bit and 64-Bit OES and SLES,” on page 16
2.2.1 64-Bit eDirectory
Selecting Novell eDirectory when using
OES 2 SP2 64-bit media automatically installs 64-bit eDirectory
OES 2 SP2 32-bit media installs 32-bit eDirectory.
TM
.
Preparing to Install OES 2 SP2
15
2.2.2 64-Bit NCP Server
Selecting NCP Server when using
novdocx (en) 7 January 2010
OES 2 SP2 64-bit media, automatically installs 64-bit NCP
OES 2 SP2 32-bit media installs 32-bit NCP server.
TM
server.
2.2.3 Matching Software with Server Hardware
Make sure that you understand which software can be installed on which server hardware.
64-Bit Server Hardware: Supports either the 32-bit versions of OES and SLES or the 64-bit
versions of OES and SLES.
32-Bit Server Hardware: Supports only the 32-bit versions of OES and SLES.
2.2.4 Don’t Mix 32-Bit and 64-Bit OES and SLES
The 32-bit and 64-bit versions of OES and SLES are not compatible with each other. In other words,
you cannot install 32-bit OES with 64-bit SLES on the same server hardware, and the reverse is also
true.
2.3 Meeting All Server Software and Hardware Requirements
Before installing OES 2 SP2, ensure that your system meets the following requirements.
Section 2.3.1, “Server Software,” on page 16
Section 2.3.2, “Server Hardware,” on page 17
2.3.1 Server Software
As part of the OES 2 SP2 installation, you install SUSE Linux Enterprise Server 10 SP3.
IMPORTANT: OES 2 SP2 services were developed and tested on a default SLES 10 SP3 server
base.
As you install OES 2 SP2, do not change any of the SLES 10 Base Technologies package selections,
such as Java* support. Doing so can cause various problems, such as the installation failing or one or
more OES 2 SP2 services not working properly.
If you are installing on an existing SLES 10 SP3 server, be sure to verify that all of the default SLES
10 SP3 components are installed before attempting to install OES 2 SP2 services.
16 OES 2 SP2: Installation Guide
2.3.2 Server Hardware
Table 2-1 Server Hardware Requirements
System Component Minimum Requirements Recommended Requirements
novdocx (en) 7 January 2010
Computer Server-class computer with
Pentium* II or AMD* K7 450
MHz processor
Memory 1 GB of RAM 2 GB of RAM for the base system. Additional
Free Disk Space 7 GB of available,
unpartitioned disk space
CD-ROM or DVD Drive 4X CD-ROM or DVD drive if
installing from physical media
Hard Drive 20 GB
Network Board Ethernet 100 Mbps
IP address
One IP address on a
subnet
Server-class computer with Pentium III,
Pentium III Xeon*, Pentium 4, Intel* Xeon 700
MHz, AMD K8 CPUs (Athlon64 and Opteron*),
Intel EM64T or higher processor.
NOTE: Some OES services run in 32-bit mode
only.
RAM might be required depending on which
OES components are selected and how they
are used.
10 GB of available, unpartitioned disk space.
Additional disk space might be required,
depending on which OES components are
selected and how they are used.
48X CD-ROM or DVD drive if installing from
physical media
Subnet mask
Default gateway
Mouse N/A USB or PS/2
Server computer BIOS Using a CD-ROM or DVD
installation source, prepare
the BIOS on your server
computer so that it boots from
the CD-ROM or DVD drive
first.
Video Card and Monitor 1024 X 768 resolution or
higher with a minimum color
depth of 8 bits (256 colors)
Although it is technically possible to run the
ncurses installation at a lower resolution, some
informational messages aren’t displayed
because text strings don’t wrap to the
constraints of the window.
NOTE: The RAM and disk space amounts shown here are for system components only. The OES
service components you install might require additional RAM and disk space.
Be sure to complete the planning instructions found in the OES 2 SP2: Planning and
Implementation Guide for each component you install.
Preparing to Install OES 2 SP2 17
2.4 eDirectory Rights Needed for Installing OES
The following eDirectoryTM rights are discussed in this section:
Section 2.4.1, “Rights to Install the First OES Server in a Tree,” on page 18
Section 2.4.2, “Rights to Install the First Three Servers in an eDirectory Tree,” on page 18
Section 2.4.3, “Rights to Install the First Three Servers in any eDirectory Partition,” on page 18
Section 2.4.4, “Rights to Run Deployment Manager,” on page 18
2.4.1 Rights to Install the First OES Server in a Tree
To install an OES server in a tree, you must have rights to extend the schema, meaning that you need
Supervisor rights to the [Root] of the tree.
TM
You can extend the schema by using the Novell Schema Tool in YaST
Supervisor rights to the [Root] of the eDirectory tree install the first OES server and the first
instance of each OES service that will be used into the tree. For more information, see Section 2.6.4,
“Extending the Schema,” on page 26.
or by having a user with
novdocx (en) 7 January 2010
2.4.2 Rights to Install the First Three Servers in an eDirectory Tree
If you are installing the server into a new tree, the Admin user that is created during the OES
installation has full rights to the root of the tree. Using the account for user Admin allows the
installer to extend the eDirectory schema for OES as necessary. To install the first OES server in an
eDirectory tree, you must have the Supervisor right at the [Root] of the eDirectory tree.
2.4.3 Rights to Install the First Three Servers in any eDirectory Partition
By default, the first three servers installed in an eDirectory partition automatically receive a replica
of that partition. To install a server into a partition that does not already contain three replica servers,
the user must have either the Supervisor right at the [Root] of the tree or the Supervisor right to the
container in which the server holding the partition resides.
2.4.4 Rights to Run Deployment Manager
If you are installing the first OES server into an existing NetWare® eDirectory tree, you can run
Deployment Manager first to prepare the tree so it is compatible with the new version of eDirectory
that comes with OES 2 SP1 and later. This requires access to a server with a Read/Write replica of
the Root partition.
2.5 Installing and Configuring OES as a Subcontainer Administrator
IMPORTANT: The information explained in Section 2.4, “eDirectory Rights Needed for Installing
OES,” on page 18 is prerequisite to the information contained in this section.
18 OES 2 SP2: Installation Guide
This section outlines the eDirectory rights required and explains how a subcontainer administrator
approaches various installation tasks.
Section 2.5.1, “Rights Required for Subcontainer Administrators,” on page 19
Section 2.5.2, “Starting a New Installation as a Subcontainer Administrator,” on page 21
Section 2.5.3, “Adding/Configuring OES Services as a Different Administrator,” on page 21
2.5.1 Rights Required for Subcontainer Administrators
For security reasons, you might want to create one or more subcontainer administrators
(administrators that are in a container that is subordinate to the container that user Admin is in) with
sufficient rights to install additional OES servers, without granting them full rights to the entire tree.
A subcontainer administrator needs the rights listed in Tabl e 2-2 to install an OES server into the
tree.
These rights are typically granted by placing all administrative users in a Group or Role in
eDirectory, and then assigning the rights to the Group or Role. Sample steps for assigning the rights
to a single subcontainer administrator are provided as a general guide.
novdocx (en) 7 January 2010
Table 2-2 Subcontainer Administrator Rights Needed to Install
Rights Needed Sample Steps to Follow
Supervisor right to itself 1. In iManager > View Objects > the Browse tab, browse to and select
the sub-container administrator.
2. Click the administrator object, then select Modify Trustees.
3. Click the Assigned Rights link for the administrator object.
4. For the [All Attributes Rights] property, select Supervisor, then click
Done > OK.
Supervisor right to the
container where the server
will be installed
Supervisor right to the W0
object located inside the
KAP object in the Security
container
1. Browse to the container where the subcontainer administrator will
install the server.
2. Click the container object and select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [All Attributes Rights] and [Entry rights] properties, select
Supervisor, then click Done > OK > OK.
1. Browse to Security > KAP.
2. In KAP, click W0 and select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [All Attributes Rights] and [Entry rights] properties, select
Supervisor, then click Done > OK > OK.
Preparing to Install OES 2 SP2 19
Rights Needed Sample Steps to Follow
novdocx (en) 7 January 2010
Supervisor right to the
Security container when
installing the NMAS™ login
methods
Create right to its own
container (context)
Create right to the container
where the UNIX Config
object is located.
If the subcontainer administrator will install the NMAS login methods:
1. Browse to and select Security
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [All Attributes Rights] and [Entry rights] properties, select
Supervisor, then click Done > OK > OK.
1. Browse to and select the container where you created the
subcontainer administrator.
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [Entry Rights] property, select Create, then click Done > OK >
OK.
1. Browse to and select the container where the UNIX Config object is
located. By default, this is the Organization object.
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [Entry Rights] property, select Create, then click Done > OK >
OK.
Read right to the Security
container object for the
eDirectory tree
This is not needed if the Supervisor right was assigned because of NMAS.
If the subcontainer administrator won’t install the NMAS login methods, do
the following:
1. Browse to and select Security
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [All Attributes Rights] property, select Read, then click Done >
OK > OK.
20 OES 2 SP2: Installation Guide
Rights Needed Sample Steps to Follow
novdocx (en) 7 January 2010
Read right to the
NDSPKI:Private Key
attribute on the
Organizational CA object
(located in the Security
container)
Read and Write rights to the
UNIX Config object.
1. Browse to Security and select the Organizational CA object.
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. Click the Add Property button.
6. Select NDSPKI:Private Key and click OK.
The Read right should be automatically assigned.
7. Click Done > OK > OK.
1. Browse to and select the UNIX Config object.
2. Select Modify Trustees.
3. Click Add Trustee, browse to and select the subcontainer
administrator, then click OK.
4. Click the Assigned Rights link for the administrator object.
5. For the [All Attributes Rights] property, select Write (Read is already
selected), then click Done > OK > OK.
When you install DNS/DHCP into an existing tree with DNS/DHCP, see the following additional
guidelines:
For DNS, see “eDirectory Permissions ” in the OES 2 SP2: Novell DNS/DHCP Administration
Guide for Linux.
For DHCP, see “eDirectory Permissions ” in the OES 2 SP2: Novell DNS/DHCP
Administration Guide for Linux.
2.5.2 Starting a New Installation as a Subcontainer Administrator
You can install a new OES server into an existing tree as a subcontainer administrator if you have:
The rights described in “Rights Required for Subcontainer Administrators” on page 19
(If applicable) The rights described for the server installations in “eDirectory Rights Needed
for Installing OES” on page 18.
When you reach the eDirectory Configuration - Existing Tree page, enter your fully distinguished
name (FDN) and password. After verifying your credentials, the installation proceeds normally.
2.5.3 Adding/Configuring OES Services as a Different Administrator
To add or configure OES services on an OES server that another administrator installed, see
“Adding/Configuring OES Services on a Server That Another Administrator Installed” on page 107.
Preparing to Install OES 2 SP2 21
2.6 Preparing eDirectory for OES 2 SP2
Section 2.6.1, “If Your Directory Tree Is Earlier than eDirectory 8.6,” on page 22
Section 2.6.2, “If Your LDAP Server Is Running NetWare 6.5 SP2 or Earlier,” on page 22
Section 2.6.3, “If Your Tree Has Ever Contained an OES 1 Linux Server with LUM and NSS
Installed,” on page 23
Section 2.6.4, “Extending the Schema,” on page 26
2.6.1 If Your Directory Tree Is Earlier than eDirectory 8.6
If you are installing an OES 2 server into an eDirectory tree that is earlier than eDirectory 8.6, do the
following before installing your first OES server in an existing NetWare tree:
1 Extend the schema by using Deployment Manager. See “Schema Update” in the NW65 SP8:
Installation Guide.
2 Ensure that the schema is synchronized throughout the tree from [ROOT] by doing the
following:
novdocx (en) 7 January 2010
2a Verify that schema is synchronizing out from [ROOT] by entering the following
commands at the System Console prompt of the NetWare server with the Master of
[ROOT]:
set DSTRACE=on
set DSTRACE=nodebug
set DSTRACE=+Schema
set DSTRACE=*SSD
set DSTRACE=*SSA
2b Toggle to the Directory Services screen and look for the message:
YES
2c On each server that holds a Master of a partition, enter the following commands at the
System Console prompt:
set DSTRACE=off
set DSTRACE=nodebug
set DSTRACE=+Schema
set DSTRACE=*SS
2d Toggle to the Directory Services screen and look for the message:
YES
All Processed =
All Processed =
2.6.2 If Your LDAP Server Is Running NetWare 6.5 SP2 or Earlier
If you are installing into an eDirectory tree that is using a NetWare server to supply LDAP, upgrade
the LDAP server that the OES installation will communicate with to the NetWare 6.5 SP3 or later
software. A server running NetWare 6.5 SP2 or earlier will probably abend.
22 OES 2 SP2: Installation Guide
2.6.3 If Your Tree Has Ever Contained an OES 1 Linux Server with LUM and NSS Installed
Having NSS volumes on OES servers requires certain system-level modifications, most of which are
automatic. For more information, see “System User and Group Management in OES 2 SP2” in the
OES 2 SP2: Planning and Implementation Guide
“NetStorage, X-Tier, and Their System Users” on page 23
“An NSS Complication” on page 23
“eDirectory Solves the Basic Problem” on page 23
“ID Mismatches on OES 1” on page 24
“The OES 1 Solution: the nssid.sh Script” on page 24
“OES 2 SP1 and SP2 Require a New Approach” on page 24
“The OES 2 Solution: Standardizing the UIDs on all OES servers” on page 24
NetStorage, X-Tier, and Their System Users
novdocx (en) 7 January 2010
By default, certain OES services, such as NetStorage, rely on a background Novell service named
X-Tier.
To run on an OES server, X-Tier requires two system-created users (named
novlxregd
) and one system-created group that the users belong to (named
novlxsrvd
novlxtier
and
).
An NSS Complication
The two X-Tier users mentioned above, and their group, are created on the local system when XTier is installed. For example, they are created when you install NetStorage, and their respective
UIDs and GID are used to establish ownership of the service’s directories and files.
For NetStorage to run, these X-Tier users and group must be able to read data on all volume types
that exist on the OES server.
As long as the server has only Linux traditional file systems, such as Ext3 and Reiser, NetStorage
runs well.
However, if the server has NSS volumes, an additional requirement is introduced. NSS data can only
be accessed by eDirectory users. Consequently, the local X-Tier users can’t access NSS data, and
NetStorage can’t run properly.
eDirectory Solves the Basic Problem
When NSS volumes are created on the server, the two X-Tier system users and their group are
moved to eDirectory and enabled for Linux User Management (LUM). (See “Linux User
Management: Access to Linux for eDirectory Users” in the OES 2 SP2: Planning and
Implementation Guide.).
After the move to eDirectory, they can function as both eDirectory and POSIX* users, and they no
longer exist on the local system.
Preparing to Install OES 2 SP2 23
ID Mismatches on OES 1
On OES 1, problems occur when additional OES NetStorage servers with NSS volumes are installed
in the same eDirectory container. Because the UIDs and GID are assigned by the system, unless the
installation process is exactly the same for each OES 1 server, the UIDs and GID don’t match
server-to-server.
When the local X-Tier UIDs and GID on subsequently installed servers don’t match the X-Tier
UIDs and GID in eDirectory, NetStorage can’t access the NSS volumes on the server.
The OES 1 Solution: the nssid.sh Script
To solve the problem of mismatched Ids, the OES 1 installation program looks for X-Tier ID
conflicts, and if the IDs on a newly installed server don’t match the IDs in eDirectory, the program
generates a script file named
check for an
nssid.sh
script synchronizes all of the X-Tier IDs with those in eDirectory.
nssid.sh
file on a newly installed server, and if the file is found, to run it. The
nssid.sh
. The OES 1 documentation instructs installers to always
However, this solution is only viable through the first release of OES 2.
novdocx (en) 7 January 2010
OES 2 SP1 and SP2 Require a New Approach
System-level changes in SUSE Linux Enterprise Server 10 SP2 and later invalidate the
nssid.sh
script solution for mismatched IDs. Synchronizing the X-Tier IDs with an OES 1 installation can
now cause instability in other non-OES components. Therefore, starting with OES 2 SP1, you
should standardize all X-Tier IDs on existing servers before installing a new server with X-Tierdependent services.
The OES 2 Solution: Standardizing the UIDs on all OES servers
If your eDirectory tree has ever contained an OES 1 Linux server with NSS and LUM installed, do
the following on each server (including OES 2) that has NSS and LUM installed:
root
1 Log in as
id novlxregd
id novlxsrvd
The standardized X-Tier IDs are UID 81 for
novlxtier
for
and open a terminal prompt. Then enter the following commands:
novlxregd
, UID 82 for
novlxsrvd
.
, and GID 81
2 If you see the following ID information, the X-Tier IDs are standardized and you can move to
the next server:
uid=81(novlxregd) gid=81(novlxtier) groups=81(novlxtier)
uid=82(novlxsrvd) gid=81(novlxtier) groups=81(novlxtier),8(www)
If you see different IDs than those listed above, such as 101, 102, 103, etc., record the numbers
for both X-Tier users and the novlxtier group. You need these to standardize the IDs on the
server.
3 Download the following script file:
fix_xtier_ids.sh (http://www.novell.com/documentation/oes2/scripts/fix_xtier_ids.sh)
4 Customize the template file by replacing the variables in angle brackets (<>) as follows:
<server_name>: The name of the server object in eDirectory.
Replace this variable with the server name.
24 OES 2 SP2: Installation Guide
For example, if the server name is myserver, replace <server_name> with myserver so that
the line in the settings section of the script reads
server=myserver
<context>: The context of the X-Tier user and group objects.
Replace this variable with the fully distinguished name of the context where the objects
reside.
For example, if the objects are an Organizational Unit object named servers, replace
ou=servers,o=company.
<admin fdn>: The full context of an eDirectory admin user, such as the Tree Admin, who
has rights to modify the X-Tier user and group objects.
Replace this variable with the admin name and context, specified with comma-delimited
syntax.
For example, if the tree admin is in an Organization container named company, the full
context is cn=admin,o=company and the line in settings section of the script reads
admin_fdn=”cn=admin,o=company”
novdocx (en) 7 January 2010
<novlxregd_uid>: The UID that the system assigned to the local
might or might not be the same on each server, depending on whether the
novlxregd
nssid.sh
user. It
ran successfully.
Replace this variable with the UID reported for the novlxregd user on this server as listed
when you ran the commands in Step 1 on page 24.
In the example script, the original UID is 101. It is changed to 81 in the third line of the
script. The sixth line changes the UID on all of the files and directories on the server that
are owned by the novlxregd user from 101 to 81.
<novlxsrvd_uid>: The UID that the system assigned to the local
might not be the same on each server, depending on whether the
novlxsrvd
nssid.sh
user. It
script ran
successfully.
Replace this variable with the UID reported for the novlxsrvd user on this server as listed
when you ran the commands in Step 1 on page 24.
In the example script, the original UID is 103. It is changed to 82 in the fourth line of the
script. The seventh line changes the UID on all of the files and directories on the server
that are owned by the
<novlxtier_gid>: The GID that the system assigned to the local
might not be the same on each server, depending on whether the
novlxsrvd
user from 103 to 82.
novlxtier
nssid.sh
group. It
script ran
successfully.
Replace this variable with the GID reported for the novlxtier group on this server as listed
when you ran the commands in Step 1 on page 24.
script
In the example script, the original GID is 101. It is changed to 81 in the second line of the
script. The six and seventh lines change the GID from 101 to 81 for all of the files and
directories on the server that are owned by the
novlxtier
group.
5 Make the script executable and run it on the server.
IMPORTANT: Changes to the X-Tier files are not reported on the terminal.
Preparing to Install OES 2 SP2 25
Error messages are reported, but you can safely ignore them. The script scans the entire file
system, and some files are locked because the system is running.
6 Repeat from Step 1 for each of the other servers in the same context.
2.6.4 Extending the Schema
An eDirectory tree must have its schema extended to accommodate OES 2 servers and services as
explained in the following sections.
“Who Can Extend the Schema?” on page 26
“Which OES 2 SP2 Services Require a Schema Extension?” on page 26
“Extending the Schema While Installing OES 2” on page 27
“Using the YaST Plug-In to Extend the Schema” on page 27
“Extending the Schema for Novell Cluster Services” on page 28
Who Can Extend the Schema?
novdocx (en) 7 January 2010
Only an administrator with the Supervisor right at the [Root] of an eDirectory tree can extend the
tree’s schema.
Which OES 2 SP2 Services Require a Schema Extension?
The following service schema extensions are included with OES 2 SP2.
A single asterisk (*) indicates a service that is either required for OES 2 servers or for the default
services that are installed on every OES 2 server. They are implemented when the first OES 2 SP1 or
later server is installed in the tree.
Unmarked extensions are implemented the first time their respective services are installed, unless
the schema was previously extended using another method, such as the YaST plug-in (see “Using
the YaST Plug-In to Extend the Schema” on page 27).
CIFS
Directory Services*
iFolder
iPrint
DHCP
DNS
Domain Services for Windows
Linux User Management*
NCP
NCS
Novell Cluster Services
in “Extending the eDirectory Schema to Add Cluster Objects” in the OES 2 SP2: Novell
Cluster Services 1.8.7 for Linux Administration Guide.
NetStorage
26 OES 2 SP2: Installation Guide
TM
requires you to extend the schema manually. Follow the instructions
NMAS*
Novell Storage Services
Storage Management Services*
Extending the Schema While Installing OES 2
The simplest way to extend the schema for OES 2 servers is to have a tree admin install the first
OES 2 server and the first instance of each OES 2 service that you plan to run on your network.
After this initial installation, you can assign subcontainer admins with the required rights to install
additional servers and services. For more information on the required rights for the various OES
services, see “Rights Required for Subcontainer Administrators” on page 19.
Using the YaST Plug-In to Extend the Schema
If you want a subcontainer admin to install the first OES 2 server or the first instance of an OES 2
service in an existing tree, and you don’t want to grant that admin the Supervisor right to the [Root]
of the tree, you can extend the schema by using YaST from any of the following locations:
novdocx (en) 7 January 2010
An OES 2 SP2 server running in another tree
An OES 2 SP2 server that was installed without any OES 2 services added (the YaST plug-in is
a default OES 2 component)
or
A SLES 10 SP3 server with the
yast2-novell-schematool.rpm
installed. The RPM is
available on the OES 2 SP2 installation media and can be launched at a terminal prompt
following installation by entering
yast2 novell-schematool
.
To run the Novell Schema Tool:
1 On the server’s desktop, click Computer and open the YaST Control Center.
2 Click Open Enterprise Server > Novell Schema Tool.
3 Depending on the installation method you used, you might be required to insert your OES 2
installation media.
4 On the Novell eDirectory Extension Utility page, specify the information for an eDirectory
server with a Read/Write replica of the Root partition.
Be sure to provide the correct information to authenticate as an admin user with the Supervisor
right at the [Root] of the target tree. Otherwise, the schema extension fails.
5 If you are preparing the tree so that a subcontainer admin can install the first OES 2 SP1 or later
server, select the services marked with an asterisk (*) in “Which OES 2 SP2 Services Require a
Schema Extension?” on page 26.
Although this step is not required if the tree already has an OES 2 SP1 or later server installed,
selecting the marked services won’t cause any problems.
6 Select all of the other services you plan to run on any of the OES 2 servers in the tree.
7 Click Next.
The schema is extended.
Preparing to Install OES 2 SP2 27
Extending the Schema for Novell Cluster Services
If you want a subcontainer administrator to install the first instance of Novell Cluster Services in a
tree, you can extend the schema by following the instructions in “Extending the eDirectory Schema
to Add Cluster Objects” in the OES 2 SP2: Novell Cluster Services 1.8.7 for Linux Administration
Guide.
2.7 Deciding What Patterns to Install
A default SLES 10 SP3 installation has the following base technology, graphical environment, and
primary function patterns selected for installation. With the exception explained in the two
Important notes below, you can accept or deselect these patterns and install additional patterns as
desired.
Table 2-3 Standard SLES 10 SP3 Installation Patterns
Pattern Description
Server Base System Consists of all packages that are common to all Novell SUSE Linux
Enterprise products. Also provides a Linux Standard Base 3.0
compliant runtime environment.
novdocx (en) 7 January 2010
This pattern is selected for installation by default.
IMPORTANT: You must either install this pattern or the Common
Code Base pattern.
Common Code Base The largest system. It includes all packages available with SUSE
Linux, except those that would result in dependency conflicts.
IMPORTANT: You must either install this pattern or the Server Base
System pattern.
®
Novell AppArmor Novell AppArmor
framework that provides mandatory access control for programs,
protecting against the exploitation of software flaws and compromised
systems. AppArmor includes everything you need to provide effective
containment for programs (including those that run as
attempted exploits and even zero-day attacks. AppArmor offers an
advanced tool set that largely automates the development of perprogram application security so that no new expertise is required.
This pattern is selected for installation by default.
GNOME Desktop Environment The GNOME* desktop environment is an intuitive and attractive
desktop for users. The GNOME development platform is an extensive
framework for building applications that integrate into the rest of the
desktop.
is an open source Linux application security
root
) to thwart
28 OES 2 SP2: Installation Guide
This pattern is selected for installation by default.
Pattern Description
X Window System In continuous use for over 20 years, the X Window System* provides
the only standard platform-independent networked graphical window
system bridging the heterogeneous platforms in today's enterprise:
from network servers to desktops, thin clients, laptops, and
handhelds, independent of operating system and hardware.
This pattern is selected for installation by default.
Print Server Sets up a print server to host print queues so that they can be
accessed by other computers on the same network, including
machines running Microsoft* Windows* operating systems. The print
server can accept print jobs from client computers and direct them to
locally attached printers or to network printers. lpd, cups, and smb
print servers and queues are supported.
This pattern is selected for installation by default.
The OES add-on installation includes the following OES Services patterns.
novdocx (en) 7 January 2010
Table 2-4 OES Services Pattern Descriptions
Pattern Description
Novell AFP Novell AFP server allows Macintosh clients to access data stored on NSS
volumes in the same way they access data on a Mac OS X server.
This pattern selects and installs these services:
Novell Backup / Storage Management Services
TM
(SMS)
Novell eDirectory
Novell Storage Services
TM
(NSS)
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell Archive and
Version Services
Novell Archive and Version Services systematically captures and stores
versions of your network files in an archive database, on a schedule that you
determine. Users can search for a previous version of a file and quickly
restore it.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell eDirectory
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell Storage Services (NSS)
Preparing to Install OES 2 SP2 29
Pattern Description
novdocx (en) 7 January 2010
Novell Backup/Storage
Management Services
(SMS)
The Novell backup infrastructure (called Storage Management ServicesTM or
SMS) provides backup applications with the framework to develop a complete
backup and restore solution.
SMS helps back up file systems (such as NSS) or application data (such as
data from GroupWise®) on NetWare and SUSE Linux Enterprise Server
(SLES) to removable tape media or other media for off-site storage. It provides
a single consistent interface for all file systems and applications across
NetWare and SLES.
This pattern selects and installs these services:
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell CIFS CIFS (Common Internet File System) is a network sharing protocol. Novell
CIFS enables Windows, Linux, and UNIX* client workstations to copy, delete,
move, save, and open files on an OES 2 server. CIFS allows read and write
access from multiple client systems simultaneously.
This pattern selects and installs these services:
Novell Backup / Storage Management Services (SMS)
Novell eDirectory
Novell Storage Services (NSS)
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
Novell Cluster Services
(NCS)
Novell Cluster Services is a server clustering system that ensures high
availability and manageability of critical network resources including data,
applications, and services. It is a multinode clustering product for Linux that is
enabled for Novell eDirectory and supports failover, failback, and migration
(load balancing) of individually managed cluster resources.
Novell Cluster Services lets you add Linux nodes to an existing NetWare 6.5
cluster without bringing down the cluster, or it lets you create an all-Linux
cluster. With a mixed cluster, you can migrate services between OS kernels,
and if services are alike on both platforms (such as NSS), you can set the
services to fail over across platforms.
Using Novell Cluster Services with iSCSI technologies included in OES, you
can build inexpensive clustered SANs on commodity gigabit Ethernet
hardware. You can leverage existing hardware into a high availability solution
supporting Linux and NetWare clusters.
This pattern selects and installs these services:
Novell Backup/Storage Management Services (SMS)
Novell Linux User Management (LUM)
Novell Remote Manager (NRM)
30 OES 2 SP2: Installation Guide
Loading...