Novell Open Enterprise Server Lab Guide for Linux

Download

Novell®

www.novell.com

AUTHORIZED DOCUMENTATION

novdocx (en) 22 June 2009

Lab Guide for Linux* and Virtualized NetWare

Open Enterprise Server

2 SP2

January 19, 2010

OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Legal Notices

Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the

Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on

exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

novdocx (en) 22 June 2009

Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or more additional patents or pending patent applications in the U.S. and in other countries.

Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com

Online Documentation: To access the latest online documentation for this and other Novell products, see

the Novell Documentation Web page (http://www.novell.com/documentation).

Novell Trademarks

For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/

trademarks/tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

novdocx (en) 22 June 2009

4 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Contents

About This Guide 9

1 Installing the OES 2 SP2 Server in Your Lab 11

1.1 Lab Setup Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

1.2 Obtaining Installation Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

1.2.1 Identifying the Files to Download. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

1.2.2 Downloading the Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

1.2.3 Creating the Installation Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

1.3 Installing the Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

1.3.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

1.3.2 Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

1.4 Setting the Root Password, Configuring the Network, and Updating the Server . . . . . . . . . . . 17

1.5 Configuring eDirectory and OES Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1.6 Setting Up the Graphical User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.7 Completing the EVMS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.8 Setting Up the Server as an SLP Directory Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

1.9 Accessing iManager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

1.10 Configuring the Browser for the eDirectory CA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

1.10.1 Exporting the CA’s Self-Signed Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

1.10.2 Importing the CA Certificate into Mozilla Firefox on Windows . . . . . . . . . . . . . . . . . . 26

1.11 Enabling Pop-Ups for iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

novdocx (en) 22 June 2009

2 Installing a NetWare Virtual Machine 27

2.1 Virtualization Host Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.2 Installing the Virtualization Host Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.2.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.2.2 Starting the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.2.3 Setting the Root Password, Configuring the Network, and Updating the Server. . . . 31

2.2.4 Configuring LDAP and OES Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

2.2.5 Setting Up the Graphical User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

2.2.6 Booting with the Xen Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

2.3 Installing the NetWare 6.5 SP8 Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

2.3.1 Disabling the Alt+Esc Shortcut on the VM Host Server. . . . . . . . . . . . . . . . . . . . . . . 36

2.3.2 Downloading the NetWare ISO File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

2.3.3 Creating a Virtual Machine and Installing NetWare . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3 eDirectory, Users and Groups, and Identity Services 45

3.1 Using the eDirectory Information in This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.2 An Introduction to eDirectory Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

3.2.1 Your Lab’s eDirectory Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

3.2.2 Your Current Lab Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

3.2.3 Expanding Your Lab Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

3.3 Setting Up Role-Based Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

3.4 Updating the iManager Plug-in Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

3.5 Creating a Context for Your Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

3.6 Setting Up Universal Password for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

3.6.1 Creating a Universal Password Policy to Support Both AFP and CIFS. . . . . . . . . . . 51

Contents 5

3.6.2 Assigning the Universal Password Policy to the USERS Container . . . . . . . . . . . . . 52

3.7 Creating NCP and NSS Volumes for Home Directories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

3.7.1 Home Directories on OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

3.7.2 Home Directories on NetWare 6.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

3.7.3 Summary of Lab Home Directories and Purposes . . . . . . . . . . . . . . . . . . . . . . . . . . 55

3.8 Creating Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

3.9 A Note about Identity Manager 3.6 Bundle Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

4 eDirectory Linux Access (LUM) 59

4.1 Overview of Linux User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

4.2 Creating Group Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

4.3 Enabling the LUMUsers Group for Linux User Management (LUM) . . . . . . . . . . . . . . . . . . . . 61

4.4 Allowing SSH Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

4.4.1 Allowing SSH Access Through the Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

4.4.2 Adding SSH as an Allowed Service in LUM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

4.4.3 Verifying SSH Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

4.5 Creating a Home Directory for the linux* Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

5 Novell CIFS on OES 2 65

novdocx (en) 22 June 2009

5.1 Overview of Novell CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

5.2 Setting the Search Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

5.3 Making Novell CIFS Shares Available to CIFS Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

5.4 Novell CIFS Users Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

6 NetWare CIFS and AFP on OES 2 67

6.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6.2 Enabling NFAP Services on the LAB_NW Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

6.2.1 Creating a Share for the HOME_NW Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

6.2.2 Specifying a Search Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

7Novell AFP 71

7.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

7.2 Setting the Search Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

7.3 Making NSS Volumes Available to AFP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

7.4 Novell AFP Users Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

8 iFolder 3.8 73

8.1 Overview of iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

8.2 Installing the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

8.3 Creating Corresponding Windows Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

8.4 Refreshing the List of iFolder Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

8.5 Configuring iFolder Accounts and Creating iFolders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

9iPrint 79

9.1 Overview of iPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

9.2 Creating an eDirectory Context for Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

9.3 Creating a Print Driver Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

9.4 Creating a Print Manager Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

6 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

9.5 Adding Printer Drivers to the Driver Store from the Windows Platforms . . . . . . . . . . . . . . . . . 82

9.6 Creating iPrint Printer Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

10 NetStorage 85

10.1 Overview of NetStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

10.2 Making Directories Accessible Through NetStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

10.2.1 NCP Users Have Automatic Access to Their Home Directories . . . . . . . . . . . . . . . . 86

10.2.2 Creating a Storage Location Object in iManager. . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

10.2.3 Adding the Object to a Storage Location List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

10.2.4 SSH and NetStorage Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

11 Getting Acquainted with OES 89

11.1 Preparing Files for the Lab Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

11.2 Exercises for linux1_lum-edir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

11.2.1 What linux1_lum-edir Can Do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

11.2.2 Using NetStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

11.3 Exercises for linux2_lum-edir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

11.3.1 What linux2_lum-edir Can Do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

11.3.2 Using NetStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

11.3.3 Using iPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

11.4 Exercises for ncp_lum-edir. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

11.4.1 What ncp_lum-edir Can Do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

11.4.2 Using NetStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

11.5 Exercises for ncp_edir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

11.5.1 What ncp_edir Can Do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

11.5.2 Using iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

11.5.3 Using NetStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

11.6 Exercises for nss_edir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

11.6.1 What nss_edir Can Do. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

11.6.2 Using NetStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

11.7 Administrative Tasks Available in NetStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

11.7.1 Recovering the junk.txt File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

11.7.2 Setting Rights to TeamProjectReadOnly.txt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

11.7.3 Setting Rights to TeamProjectWrite.txt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

11.8 Exercises for nss_lum-edir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

11.8.1 What nss_lum-edir Can Do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

11.8.2 Using Novell CIFS File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

11.9 Exercises for nw_edir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

11.9.1 What nw_edir Can Do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

11.9.2 Using NetWare CIFS File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

11.10 Macintosh Exercises and Novell AFP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

11.11 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

novdocx (en) 22 June 2009

A Supplementary Information 107

A.1 NSS Partitions, Pools, and Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

A.2 iManager Tomcat Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

B Documentation Updates 111

Contents 7

novdocx (en) 22 June 2009

8 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

About This Guide

Most organizations test new products in a lab setting prior to making them available for general use.

This guide is designed to help you set up a Novell® Open Enterprise Server 2 SP2 server in a lab environment, using a specific and simplified configuration. The configuration is limited in scope and is meant only to acquaint you with OES 2 and provide exposure to the Novell products it contains.

To help you with your transition from NetWare guide also includes instructions for setting up a NetWare 6.5 SP8 virtual machine running on an OES 2 SP2 host server.

 Chapter 1, “Installing the OES 2 SP2 Server in Your Lab,” on page 11

 Chapter 2, “Installing a NetWare Virtual Machine,” on page 27

 Chapter 3, “eDirectory, Users and Groups, and Identity Services,” on page 45

to Open Enterprise Server 2 SP2 (OES 2 SP2), this

novdocx (en) 22 June 2009

 Chapter 4, “eDirectory Linux Access (LUM),” on page 59

 Chapter 5, “Novell CIFS on OES 2,” on page 65

 Chapter 7, “Novell AFP,” on page 71

 Chapter 6, “NetWare CIFS and AFP on OES 2,” on page 67

 Chapter 8, “iFolder 3.8,” on page 73

 Chapter 9, “iPrint,” on page 79

 Chapter 10, “NetStorage,” on page 85

 Chapter 11, “Getting Acquainted with OES,” on page 89

 Appendix A, “Supplementary Information,” on page 107

Guide Purposes

The instructions in this guide will help you do the following:

 Install an OES 2 SP2 server into a new eDirectory™ tree named EXAMPLE_TREE

 Install selected OES 2 components on the server

 Install an OES 2 SP2 virtual machine host server, create a virtual machine (VM) on the server,

and install NetWare 6.5 SP8 on the VM

 Create seven different user types, at least one of which should closely align with the users on

your network

 Perform simple tasks to get acquainted with basic OES 2 services on a Windows* 2000/XP

workstation

About the Information Flow in This Guide

The sections in this guide are designed to be accessed sequentially, guiding you through the main tasks of setting up an OES 2 exploration lab:

1. Installing OES 2 and virtualized NetWare servers in the lab.

About This Guide 9

2. Setting up the eDirectory infrastructure: User objects, Group objects, passwords, etc.

3. Reviewing the services featured in the guide and performing all additional setup tasks required for testing and exploring the features.

4. Testing and exploring the features.

Using This Guide as a Reference

If you want to install additional OES 2 servers, create a different tree structure than the one specified in this guide, or diverge from the instructions presented, you can still use these instructions as a basic outline for setting up OES 2 services in a lab environment. However, be aware that any divergence from the instructions presented or the order they are presented in, can cause ripple effects through the rest of the guide. If you need to diverge, refer to the information found in the following guides for assistance:

 OES 2 SP1: Planning and Implementation Guide

 OES 2 SP2: Installation Guide

 OES2 SP1: Linux Tips for NetWare Administrators

 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

novdocx (en) 22 June 2009

Where is Novell Samba?

The Novell Samba service available in previous versions of OES is still available. However, because it cannot run on the same server as Novell CIFS, instructions for installing and configuring a Samba service have been removed from this guide.

If you are interested in experimenting with the Novell Samba, refer to the Lab Guide distributed with the initial release of OES 2 and available from the Previous Releases page on the OES 2

documentation Web site (http://www.novell.com/documentation/oes2/previousreleases.html#previous-releases).

Feedback

We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.

Documentation Conventions

In this documentation, a greater-than symbol (>) is used to separate actions within a step and items within a cross-reference path.

A trademark symbol (®, ™, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark.

10 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Installing the OES 2 SP2 Server in

novdocx (en) 22 June 2009

Your Lab

Use the instructions in this section to install Novell® Open Enterprise Server 2 SP2 (OES 2 SP2) in your lab.

 Section 1.1, “Lab Setup Requirements,” on page 11

 Section 1.2, “Obtaining Installation Media,” on page 12

 Section 1.3, “Installing the Server Software,” on page 14

 Section 1.4, “Setting the Root Password, Configuring the Network, and Updating the Server,”

on page 17

 Section 1.5, “Configuring eDirectory and OES Services,” on page 20

 Section 1.6, “Setting Up the Graphical User Interface,” on page 22

 Section 1.7, “Completing the EVMS Configuration,” on page 22

 Section 1.8, “Setting Up the Server as an SLP Directory Agent,” on page 23

 Section 1.9, “Accessing iManager,” on page 24

 Section 1.10, “Configuring the Browser for the eDirectory CA,” on page 25

 Section 1.11, “Enabling Pop-Ups for iManager,” on page 26

1.1 Lab Setup Requirements

For the tasks and exercises described in this guide, you need the following:

 A server-class computer with the following:

Component Minimum Recommended

Processor Pentium* II or AMD* K7 450 MHz Pentium III, Pentium III Xeon*,

Pentium 4, Intel* Xeon 700 MHz, AMD K8 CPUs (Athlon64 and Opteron*), Intel EM64T or higher processor

RAM 1 GB 2 GB

Display adapter Super VGA VESA 1.2-compliant, high

resolution

Display monitor Compatible with adapter

CD drive Support for the ElTorito

specification

Hard drive

(All data will be erased)

20 GB

Network card Ethernet 100 Mbps

Installing the OES 2 SP2 Server in Your Lab

Component Minimum Recommended

IP address  IP address on the lab

subnet. For example,

192.168.1.100.

 Subnet mask. For example,

255.255.255.0.

 Default gateway. For

example, 192.168.1.1.

Mouse Not required USB or PS/2

 A network printer with an assigned static IP address and a connection to your lab network.

 A Windows workstation with

 One of the following platforms installed:

 Windows XP

 Windows 2000

 An Ethernet 100 Mbps adapter

novdocx (en) 22 June 2009

 An IP address on the same subnet as the server

 Mozilla

Firefox* browser installed. (This is optional, but Firefox is the assumed browser

for most of the instructions in this guide)

 A print driver installed on the workstation for the network printer listed above.

 (Optional for exploring Novell AFP and iPrint) An Apple* Macintosh* workstation with

 Mac OS* 10.4 or later installed

Novell AFP supports earlier versions of Mac OS, but iPrint doesn’t.

 An Ethernet adapter

 An IP address on the same subnet as the server

 A print driver installed on the workstation for the network printer listed above.

1.2 Obtaining Installation Media

To complete the instructions in this guide, you need to download various ISO files, depending on your hardware.

 Section 1.2.1, “Identifying the Files to Download,” on page 12

 Section 1.2.2, “Downloading the Files,” on page 13

 Section 1.2.3, “Creating the Installation Media,” on page 13

1.2.1 Identifying the Files to Download

You need to download the set of files in Ta ble 1-1 that matches the architecture (32-bit or 64-bit) of your server computers:

12 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Table 1-1 Files to Download

Platform Files needed

novdocx (en) 22 June 2009

32-bit server with CD drive 

32-bit server with CD/DVD drive 

64-bit server with CD drive 

64-bit server with CD/DVD drive 

SLES-10-SP3-CD-i386-GM-CD1.iso



SLES-10-SP3-CD-i386-GM-CD2.iso



SLES-10-SP3-CD-i386-GM-CD3.iso



SLES-10-SP3-CD-i386-GM-CD4.iso



OES2-SP2a-i386-CD1.iso

SLES-10-SP3-DVD-i386-GM-DVD1.iso



OES2-SP2a-i386-CD1.iso

SLES-10-SP3-CD-x86_64-GM-CD1.iso



SLES-10-SP3-CD-x86_64-GM-CD2.iso



SLES-10-SP3-CD-x86_64-GM-CD3.iso



SLES-10-SP3-CD-x86_64-GM-CD4.iso



OES2-SP2a-x86_64-CD1.iso

SLES-10-SP3-DVD-x86_64-GM-DVD1.iso



OES2-SP2a-x86_64-CD1.iso

NOTE: The SUSE® Linux Enterprise Server (SLES) 10 SP3 CD images are only available on the

SLES 10 SP3 download site (http://download.novell.com/Download?buildid=Z4ysu62Q4gw~).

1.2.2 Downloading the Files

After identifying which files you need to download:

1 Go to “Downloading OES 2 SP1 Software from the Novell Web Site” in the OES 2 SP1:

Planning and Implementation Guide.

2 Complete all the steps in the section, except the instructions on deciding which files to

download. You should have already identified the files you need, using the list in Section 1.2.1,

“Identifying the Files to Download,” on page 12.

3 Be sure to print the pages as instructed, record the two activation codes, print and check the

MD5 verification checksums, and so on.

4 After you have downloaded all of the files you need, continue with Creating the Installation

Media.

1.2.3 Creating the Installation Media

To prepare physical installation media:

1 Go to “Preparing Physical Media for a New Server Installation or an Upgrade ” in the OES 2

SP2: Installation Guide and use the instructions there to create media for installing your OES 2

server.

Continue with Installing the Server Software.

Installing the OES 2 SP2 Server in Your Lab 13

1.3 Installing the Server Software

Complete the instructions in the following sections.

 Section 1.3.1, “Prerequisites,” on page 14

 Section 1.3.2, “Procedure,” on page 14

1.3.1 Prerequisites

Before installing OES 2 on your server, you must complete the following tasks:

 Ensure that the server computer meets the requirements outlined in Section 1.1, “Lab Setup

Requirements,” on page 11.

 Prepare the software for installation as explained in Section 1.2, “Obtaining Installation

Media,” on page 12.

1.3.2 Procedure

novdocx (en) 22 June 2009

WARNING: This procedure permanently erases any data currently on your server’s hard drive.

1 Prepare the BIOS on your server machine so that it will boot from the CD-ROM drive first.

2 Insert the SLES 10 SP3 CD1 or DVD1 into your server and reboot the machine.

3 When the boot selection page appears, immediately press the Down-arrow key to select the

Installation option, then press Enter.

If you don’t respond before the machine starts booting from the hard disk, reboot the server and repeat this step.

4 After the boot process finishes, select an installation language, then click Next.

5 Read and agree to the software license agreement, then click Next.

6 Select New Installation, select the Include Add-On Products from Separate Menu option, then

click Next.

7 On the Add-on Product Installation page, click Add.

8 Select CD, then click Next.

9 Insert the OES 2 SP2 CD as prompted, then click Continue.

10 After the catalog is added, read and agree to the OES 2 license agreement, then click Next >

Next.

11 Select the time zone for the server, then click Next.

12 On the Installation Settings page, click Partitioning.

If your server has existing partitions, the OES install tries to add new SLES partitions to them.

13 To ensure a clean install, use the following table to navigate the partitioning pages and prepare

your system disk.

IMPORTANT: The steps in the following table prepare the system disk for management by the EVMS volume manager. This is only required if you want to have NSS volumes on the system disk, and is not the default use case. We have included the process in the lab guide to provide exposure to installing NSS volumes on a single-drive server.

14 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

For more information, see “Installing with EVMS as the Volume Manager of the System

Device” in the OES 2 SP2: Installation Guide.

Page Name Action

Suggested Partitioning 1. Select Create Custom Partition Setup.

2. Click Next.

Preparing Hard Disk—Step 1 1. Select Custom Partitioning (for experts).

2. Click Next.

Expert Partitioner 1. Click Expert > Delete partition table and disk label.

2. When you are prompted to select a new partition table type, click OK.

Caution! 1. Click Yes.

Expert Partitioner 1. Click Create.

novdocx (en) 22 June 2009

Which type of partition do you want to create?

Create a Primary Partition 1. In the End field, type

Expert Partitioner 1. Click Create.

Which type of partition do you want to create?

Create a Primary Partition 1. Select Do not format.

Expert Partitioner 1. Click EVMS.

EVMS Configuration 1. Click Create Container.

Create EVMS Container 1. Select the 10 GB partition you just created.

1. Select Primary partition.

2. Click OK.

200M

2. In the Mount Point drop-down list, select /boot.

3. Click OK.

1. Select Primary partition.

2. Click OK.

2. In the File system ID drop-down list, select 0x8E Linux LVM.

10GB

3. In the End field, type

4. Click OK.

2. Click Add Volume.

3. Click OK.

EVMS Configuration 1. Click Add.

Create Logical Volume 1. In the Volume Name field, type

2. In the Size field, type

3. In the File System drop-down list, select Swap.

4. Click OK.

EVMS Configuration 1. Click Add.

512M

Installing the OES 2 SP2 Server in Your Lab 15

swap

Page Name Action

novdocx (en) 22 June 2009

Create Logical Volume 1. In the Volume Name field, type

2. Click Max.

3. Make sure the Mount Point is set to /.

4. Click OK.

EVMS Configuration 1. Click Next.

Expert Partitioner 1. Click Finish.

14 On the Installation Settings page, click Software.

Use the following table to navigate and configure the software pages:

Page Name Action

Software Selection and System Tasks

1. Under Primary Functions, deselect Print Server by clicking it twice.

2. Under OES Services, select (or confirm the selection of) the following:

 Novell AFP

 Novell CIFS

 Novell eDirectory*

 Novell iFolder

 Novell iManager

 Novell iPrint

 Novell NCP Server/Dynamic Storage Technology*

 Novell NetStorage

 Novell Storage Services*

Services marked with an asterisk (*) are selected with AFP and CIFS.

Novell Backup/Storage Management Services (SMS), Novell Linux User Management, and Novell Remote Manager are all selected by default when any other

selections are made, and they are installed on every OES 2 server.

3. Click Accept.

sys_linux

agfa fonts 1. Click Accept.

Installation Settings 1. Click Accept.

Confirm Installation 1. Click Install.

15 When prompted, insert the SLES 10 media and click Retry.

If you are installing from DVD, insert DVD 1 when you are prompted for any SLES 10 media. If you are installing from CDs, insert them in order as instructed.

After the files are copied, the system configuration takes a few minutes to complete.

16 Continue with Setting the Root Password, Configuring the Network, and Updating the Server.

16 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

1.4 Setting the Root Password, Configuring the Network, and Updating the Server

After the initial system configuration and system reboot, the installation needs more information

root

about the

1 Use the following table to navigate and complete the various configuration pages.

user and the network.

novdocx (en) 22 June 2009

Installing the OES 2 SP2 Server in Your Lab 17

Page Name Action

novdocx (en) 22 June 2009

Password for the System Administrator “root”

Hostname and Domain Name 1. In the Host Name field, type the DNS hostname for the IP

Network Configuration 1. Click Network Interfaces.

Network Card Configuration Overview

Host Name and Name Server Configuration

1. Enter and confirm the Next.

address you are assigning to the server. For example, myserver.

2. In the Domain Name field, type the DNS Domain Name for your network. For example, mysite.company.example.com.

3. Deselect Change Hostname via DHCP.

4. Click Next.

1. If your server has multiple network cards, select the card the server will use.

2. Click Edit.

3. Select Static Address Setup.

4. In the IP Address field, type the IP address for the server. For example, 192.168.1.100

5. Change the Subnet Mask if needed. For example,

255.255.255.0.

6. Click Host Name and Name Server.

1. Type the IP address of at least one name server and type your DNS domain name in the Domain Search field. For example, company.example.com.

2. Click OK.

root

user password, then click

Network Address Setup 1. Click Routing.

Routing Configuration 1. Type the IP address of the default gateway for your lab

subnet. For example, 192.168.1.1.

2. Click OK.

Network Address Setup 1. Click Next.

Network Card Configuration Overview

Network Configuration 1. Click Next.

Test Internet Connection You will need to register your server on the Internet to

1. Click Next.

download the latest patches, so you should test the Internet connection at this point to make sure everything is configured correctly.

1. Select Yes, Test Connection to the Internet.

2. Click Next.

18 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Page Name Action

Running Internet Connection Test After a few moments, the Test Status should indicate Success.

If it does not, you need to click Back and fix your network configuration and the connection to the Internet. It is essential that OES 2 servers always have the latest security and other critical patches downloaded and installed.

1. Click Next.

novdocx (en) 22 June 2009

Novell Customer Center Configuration

Manual Interaction Required 1. Click Continue.

Novell Customer Center System Registration

1. Click Next.

The server establishes a connection with the Novell Customer Center.

1. In the fields indicated, type and confirm the e-mail address to which you want administrative notifications sent.

2. In the Activation code for SLES components field, type the SLES activation code you noted or printed while downloading the image files.

If this code is not entered, the server can’t download updates and patches through the Novell patch channels.

3. In the Activation code for OES components field, type the OES 2 activation code you noted or printed while downloading the image files.

If this code is not entered, the same patch channel restriction applies as for SLES.

4. Click Submit.

Your registration information is sent to the Customer Center. This might take a couple of minutes to complete.

5. Click Continue.

The update server is added to your system configuration. Again, this might take a few minutes.

Novell Customer Center Configuration pop-up

1. Click OK.

Installing the OES 2 SP2 Server in Your Lab 19

Page Name Action

Online Update Depending on the patches that are in the Update channels, you

might need to run the update process more than once.

1. Select Run Update, then click Next.

Although you might need to scroll down to see them, the correct patches are automatically selected. Do not change the selections.

2. Click Accept.

The update patches are downloaded and installed.

3. When both status bars indicate 100%, click Next > OK.

The system refreshes or restarts, depending on the patches in the channel.

4. If the patch dialog box reappears with additional patches selected, click Accept and repeat Step 3.

If the Installation Settings page appears, continue with the next row.

novdocx (en) 22 June 2009

Installation Settings 1. If there is no red text under the CA Management link, click

Next > Next and skip to Section 1.5, “Configuring

eDirectory and OES Services,” on page 20.

If the system restarted, there is red text under CA Management. This is because the installation no longer

root

has the

2. Click CA Management.

Managing CAs and Certificates 1. Click Edit Default Settings.

Edit Default Settings 1. Type the

Password fields, then click Next.

There is no need to fill in the other fields because the default CA will be replaced with a secure eDirectory Organizational CA later in the installation process.

Managing CAs and Certificates 1. Click Next.

Installation Settings 1. Click Next.

password in memory.

root

password in the Password and Confirm

2 Continue with Configuring eDirectory and OES Services.

1.5 Configuring eDirectory and OES Services

For the exercises in this guide, you need specific eDirectory, NTP, and SLP configurations.

1 Use the following table to navigate and complete the eDirectory pages:

20 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Page Name Action

novdocx (en) 22 June 2009

eDirectory Configuration - New or Existing Tree

eDirectory Configuration - New Tree Information

1. In the Tre e Na me field, type

Notice that the Use eDirectory Certificates for HTTPS Services option is selected. This option configures all of the HTTPS services (OES 2 and SLES 10) to use the new eDirectory tree’s Organizational CA for certificate management and encryption of HTTPS communications.

For more information on the value this adds to your network, see “Certificate Management” in the OES 2 SP1:

Planning and Implementation Guide.

2. Click Next.

1. In the FDN Admin Name with Context field, type

CN=admin.O=COMPANY

In this guide, the Admin User object is named admin (all lowercase) to differentiate the name from the object itself (Admin User), which is a standard eDirectory object and is always capitalized in the documentation by convention.

The eDirectory Admin User object can have any name you choose, although most administrators use “admin.”

In this guide, all container objects, such as COMPANY, are created in uppercase so they are more easily distinguished in the illustrations and procedures.

2. In the Admin Password and Verify Admin Password fields, specify the password for the eDirectory Admin User.

3. Click Next.

EXAMPLE_TREE

eDirectory Configuration - Local Server Configuration

eDirectory Configuration - NTP and SLP

SLP Configuration 1. Click Yes to confirm that SLP is not being configured at

Novell Modular Authentication Services

Novell Open Enterprise Server Configuration

1. Change the server context to

OU=SERVERS.OU=LAB.O=COMPANY

2. Click Next.

Time synchronization is required for eDirectory.

1. Type the IP address or DNS name of the reliable, external Network Time Protocol (NTP) server you want the servers in your tree to use for time synchronization.

2. Click Next.

this time.

Later in this guide you will configure this server as the SLP Directory Agent. For more information on SLP, see “SLP” in the OES 2 SP1: Planning and Implementation Guide.

1. Click Next.

The eDirectory and iManager configuration processes can take a few minutes or much longer depending on the server processor speed, etc. The other OES services should self-configure fairly quickly.

Installing the OES 2 SP2 Server in Your Lab 21

Page Name Action

User Authentication Method 1. Click Next.

novdocx (en) 22 June 2009

New Local User The local

OES 2 servers, we recommend that all users except defined in eDirectory. Therefore, you don’t create additional local users.

1. Click Next.

Empty User Login 1. Click Yes.

Release Notes 1. Click Next.

root

user was created during the SLES install. On

root

The official OES 2 Release Notes (http://www.novell.com/

documentation/oes2/oes_readme/data/readme.html) are

published with the OES 2 Online Documentation (http://

www.novell.com/documentation/oes2).

2 Continue with Setting Up the Graphical User Interface.

1.6 Setting Up the Graphical User Interface

Although most Linux servers don’t have a graphical user interface loaded, the lab server you are installing has the GNOME* interface loaded by default.

When the Hardware Configuration page appears:

1 Review the Graphics Cards configuration to make sure your monitor was detected and that

your color and resolution settings are the way you want them.

If the settings are correct, skip to Step 3.

2 If the configuration is incomplete or wrong, click the blue links to configure your monitor,

color, resolution, etc.

3 Click Next.

4 When the Installation Completed page appears, deselect Clone This System for Autoyast, then

click Finish.

5 When the login splash page appears, continue with Completing the EVMS Configuration.

1.7 Completing the EVMS Configuration

Because the lab exercises involve an NSS partition on the system hard disk, and because NSS requires EVMS for full functionality on the system hard disk, the instructions in Section 1.3,

“Installing the Server Software,” on page 14 led you through setting up your lab server’s hard disk

to be managed by EVMS.

Now it’s time to finish the EVMS configuration:

root

1 Log in to the server as the

2 When the desktop loads, click Computer > YaST Administrator Settings.

3 In the YaST Control Center, click System > System Services (Runlevel).

4 Select Expert Mode.

user.

22 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

5 In the Service list, select boot.evms, click the Set/Reset drop-down list, then select Enable the

service.

6 In the Service list, select boot.lvm, click the Set/Reset drop-down list, then select Disable the

service.

7 In the Service list, select boot.md, click the Set/Reset drop-down list, then select Disable the

service.

8 Click Finish > Yes.

9 Close the YaST Control Center.

10 Restart the computer by clicking Computer > Log out > Log out.

root

11 At the bottom of the Login splash screen, click Reboot, then type the

Enter.

12 After the server restarts, continue with Setting Up the Server as an SLP Directory Agent.

password and press

1.8 Setting Up the Server as an SLP Directory Agent

novdocx (en) 22 June 2009

For OES 2 services to work, the OES 2 server must have one of the following:

 An eDirectory replica installed on the server. This is not automatic after the third server

installed in a tree because it is not recommended to have more than three to five replicas in the tree.

This means that in a large network with many servers, most of the servers won’t have replicas, which leaves only the OpenSLP option.

 OpenSLP running on the server with eDirectory as a registered service. This requires that

you configure a network server (for example, the first server in the tree) as an SLP Directory Agent (DA), and then configure the other network servers that don’t have an eDirectory replica to point to the DA server.

For the lab setup, you don’t actually need SLP services set up because each of the two lab servers (this server and the NetWare the basics of setting up SLP on OES 2. For more information, see “SLP” in the OES 2 SP1:

Planning and Implementation Guide.

1 Log in to the server as

2 Click Computer > Home Folder.

3 In the left panel, double-click File System, then double-click the

4 Scroll down to the

5 In

slp.conf

;net.slp.useScopes = myScope1, myScope2, myScope3

, find the following line:

VM) has an eDirectory replica. However, it’s important to understand

root

etc

directory.

slp.conf

file, right-click the file, and select Open with gedit.

6 Remove the semicolon (;) and change the line as follows:

net.slp.useScopes = Directory

7 Find:

;net.slp.isDA = true

8 Remove the semicolon (;) so that it reads:

Installing the OES 2 SP2 Server in Your Lab 23

net.slp.isDA = true

9 Save and close the file and the file browser.

10 Configure the firewall on the DA server to allow SLP daemon traffic:

10a Click Computer > YaST Administrator Settings, then click Security and Users > Firewall.

10b In the left navigation frame, click Allowed Services.

10c Click the Services to Allow drop-down list and select SLP Daemon.

10d Click Add > Next.

10e Click Accept.

11 Click Computer > Gnome Terminal.

12 At the command prompt, enter the following command to restart the SLP daemon with the

changed configuration:

rcslpd restart

13 Restart eDirectory by entering the following command:

rcndsd restart

novdocx (en) 22 June 2009

This registers eDirectory as an SLP service.

14 After eDirectory restarts, enter the following command:

slptool findsrvs service:ndap.novell

After a moment or two, the system should respond with a line that indicates EXAMPLE_TREE is being advertised as a service in SLP.

15 Close the terminal by entering the following command:

exit

16 Continue with Accessing iManager.

1.9 Accessing iManager

IMPORTANT: You must access iManager multiple times in this guide. If you get a Tomcat error in response to any launch requests, see Section A.2, “iManager Tomcat Error,” on page 109.

Novell iManager is the main browser-based tool you use to manage eDirectory and your OES 2 services.

To start iManager and prepare your browser for future sessions:

1 On your lab workstation, in your Web browser, open the OES 2 Welcome page by entering the

following URL:

http://IP_or_DNS

where IP_or_DNS is the IP address or DNS name of your OES 2 server.

2 In the left navigation bar, click Management Services.

3 Under Available Services, click iManager.

You can also start iManager directly by including For example, enter

24 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

http://192.168.1.100/nps

/nps

after

IP_or_DNS

in the access URL.

4 You should receive a certificate security alert. Accept the certificate temporarily.

You eliminate this error in the next section.

5 Log in as the eDirectory Admin user:

5a In the Username field, type

5b In the Password field, type the eDirectory Admin user password.

5c In the Tree field, type

If SLP services are not working properly, you need to enter the IP address instead of the tree name.

5d Click Login.

6 Do not close iManager. Continue with the next section, Configuring the Browser for the

eDirectory CA.

admin

example_tree

1.10 Configuring the Browser for the eDirectory CA

The certificate error you received in the previous section was generated because Web browsers don’t trust eDirectory-based certificate authorities by default.

novdocx (en) 22 June 2009

To eliminate the errors, you must import the eDirectory CA certificate into your browser.

 Section 1.10.1, “Exporting the CA’s Self-Signed Certificate,” on page 25

 Section 1.10.2, “Importing the CA Certificate into Mozilla Firefox on Windows,” on page 26

1.10.1 Exporting the CA’s Self-Signed Certificate

1 In iManager, click the Roles and Tasks icon Description: Roles and Tasks icon .

2 Click Novell Certificate Server > Configure Certificate Authority.

3 Click the Certificates tab, then select the check box for the self-signed certificate.

4 Click the Export sub-tab.

5 Deselect Export Private Key.

The Export Format changes to DER.

6 Click Next.

7 Click Save the Exported Certificate and save the file to disk, noting the filename and location if

indicated.

8 Click Close > OK.

9 Find the file you just saved. By default it is usually on the desktop.

10 To configure Mozilla Firefox on Windows, continue with Importing the CA Certificate into

Mozilla Firefox on Windows.

Instructions for configuring other browsers are in “Eliminating Browser Certificate Errors” in the OES 2 SP1: Planning and Implementation Guide.

Installing the OES 2 SP2 Server in Your Lab 25

1.10.2 Importing the CA Certificate into Mozilla Firefox on Windows

1 In Firefox, click Tools > Options > Advanced.

2 Select the Encryption tab.

3 Click View Certificates.

4 Select the Authorities tab, then click Import.

5 Browse to the certificate file you downloaded in “Exporting the CA’s Self-Signed Certificate”

on page 25 and click Open.

6 Select Trust this CA to identify Web sites, then click OK > OK > OK.

Firefox now trusts certificates from the servers in your lab’s tree.

7 To verify success, close all instances of Firefox, then restart the browser and log in to iManager

again.

The certificate warning doesn’t appear.

novdocx (en) 22 June 2009

1.11 Enabling Pop-Ups for iManager

Some iManager plug-ins use pop-up dialog boxes that are blocked by most browsers. To use iManager, you must enable pop-ups that originate from the servers where iManager is running.

Because there are as many ways to enable pop-ups as there are browser versions, we are only including instructions for Firefox 3.5.x. If you are using a different browser, see the help included with your browser for instructions.

1 On the Firefox menu bar, click Tools > Options > Content.

2 Disable all pop-up blocking by deselecting the Block Popup Windows option and clicking OK.

Add the lab server to the list of exceptions by doing the following:

2a Click the Exceptions button.

2b In the Address of Web Site field, type the OES 2 lab server’s IP address.

2c Click Allow > Close.

Continue with Chapter 2, “Installing a NetWare Virtual Machine,” on page 27.

26 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Installing a NetWare Virtual

novdocx (en) 22 June 2009

Machine

Use the instructions in this section to install an Open Enterprise Server 2 (OES 2) virtual machine host server in your lab, create a virtual machine on the server, and install NetWare virtual machine.

This section describes the following:

 Section 2.1, “Virtualization Host Server Requirements,” on page 27

 Section 2.2, “Installing the Virtualization Host Server,” on page 28

 Section 2.3, “Installing the NetWare 6.5 SP8 Virtual Machine,” on page 36

2.1 Virtualization Host Server Requirements

For the tasks and exercises described in this section, you need the following in addition to those listed in Section 1.1, “Lab Setup Requirements,” on page 11.

 A server-class computer with the following:

Component Minimum Recommended

6.5 SP8 on the

Processor Pentium II or AMD K7 450 MHz Pentium III, Pentium III Xeon,

Pentium 4, Intel Xeon 700 MHz, AMD K8 CPUs (Athlon64 and Opteron), Intel EM64T or higher processor

RAM 1 GB 2 GB

Display adapter Super VGA VESA 1.2-compliant, high

resolution

CD drive Supports the ElTorito

Specification

Hard drive

(All data will be erased)

Network card Ethernet 100 Mbps

IP address

40 GB

 Two IP addresses on the lab

subnet (one for the OES 2 VM host and one for the NetWare VM). For example,

192.168.1.120 and

192.168.1.130.

 Subnet mask. For example,

255.255.255.0.

 Default gateway. For

example, 192.168.1.1.

Installing a NetWare Virtual Machine

Component Minimum Recommended

Mouse Not required USB or PS/2

 Installation software to match the processor type and removable media support of your VM

host server.

If you need to download and prepare different media than you used for the first server, go to

Section 1.2, “Obtaining Installation Media,” on page 12.

IMPORTANT: For installing the virtualized NetWare 6.5 SP8 guest server, you download the NetWare DVD ISO file to the VM host server desktop after the host server is installed and running.

2.2 Installing the Virtualization Host Server

Although it is possible to install NetWare 6.5 SP8 on a SUSE® Linux Enterprise Server (SLES) 10 SP3 server that has no OES 2 services installed, we recommend that you install the basic OES 2 services on the host server to provide backup services through SMS and management services through Novell

Remote Manager.

novdocx (en) 22 June 2009

IMPORTANT: Virtualized NetWare in Xen* is an OES 2 product feature. Support of NetWare in a Xen virtual machine is available to only OES 2 registered customers.

Complete the instructions in the following sections.

 Section 2.2.1, “Prerequisites,” on page 28

 Section 2.2.2, “Starting the Installation,” on page 28

 Section 2.2.3, “Setting the Root Password, Configuring the Network, and Updating the

Server,” on page 31

 Section 2.2.4, “Configuring LDAP and OES Services,” on page 34

 Section 2.2.5, “Setting Up the Graphical User Interface,” on page 35

 Section 2.2.6, “Booting with the Xen Kernel,” on page 36

2.2.1 Prerequisites

Before installing OES 2 on your server, you must complete the following task:

 Ensure that the server computer meets the requirements outlined in Section 2.1, “Virtualization

Host Server Requirements,” on page 27.

2.2.2 Starting the Installation

WARNING: This procedure permanently erases any data currently on your server’s hard drive.

1 Prepare the BIOS on your server machine so that it will boot from the CD-ROM drive first.

2 Insert the first SLES 10 SP3 CD (or DVD) into your server and reboot the machine.

28 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

3 When the boot selection page appears, immediately press the Down-arrow key to select the

Installation option, then press Enter.

If you don’t respond before the machine starts booting from the hard disk, reboot and repeat this step.

4 After the boot process finishes, select an installation language, then click Next.

5 Read and agree to the software license agreement, then click Next.

6 Select New Installation, select the Include add-on product from separate menu option, then

click Next.

7 On the Add-on Product Installation page, click Add.

8 Select CD, then click Next.

9 Insert the OES 2 SP2 CD as prompted.

10 After the catalog is added, read and agree to the OES 2 license agreement, then click Next >

Next.

11 Select the time zone for the server, then click Next.

12 On the Installation Settings page, scroll down the list and click Partitioning.

novdocx (en) 22 June 2009

If your server has existing partitions, the OES install tries to add new SLES partitions to them.

13 To ensure a clean install, use the following table to navigate and configure the partitioning

pages:

Page Name Action

Suggested Partitioning 1. Select Create Custom Partition Setup.

2. Click Next.

Preparing Hard Disk—Step 1 1. Select Custom Partitioning (for experts).

2. Click Next.

Expert Partitioner 1. Click Expert > Delete partition table and disk label.

2. When prompted to select a new partition table type, click OK.

Caution! 1. Click Yes.

Expert Partitioner First, you specify the

1. Click Create.

Which type of partition do you want to create?

Create a Primary Partition 1. In the File System drop-down list, select Swap.

1. Select Primary partition.

2. Click OK.

2. In the End field, type

3. Click OK.

swap

partition information.

512M

Expert Partitioner Next, you specify information for the partition for installing the

VM host server.

1. Click Create.

Which type of partition do you want to create?

1. Select Primary partition.

2. Click OK.

Installing a NetWare Virtual Machine 29

Page Name Action

novdocx (en) 22 June 2009

Create a Primary Partition 1. In the End field, type

2. Click OK.

Expert Partitioner 1. Click Create.

Which type of partition do you want to create?

Create a Primary Partition And finally, you specify information for the partition where the

Expert Partitioner 1. Click Finish.

1. Select Primary partition.

2. Click OK.

NetWare virtual machine runs.

1. In the File System drop-down list, select Ext2.

Operating systems running in paravirtual mode should run their kernels on non-journaling file systems, such as Ext2. For more information, see “Paravirtual Mode and

Journaling File Systems (http://www.novell.com/ documentation/sles10/xen_admin/data/ sec_xen_filesystem.html)” in the Virtualization with XEN

(http://www.novell.com/documentation/sles10/xen_admin/ data/bookinfo.html) guide.

2. In the End field, type

3. In the Mount Point field, type

4. Click OK.

10GB

25GB

/vm

14 On the Installation Settings page, scroll down and click Software.

Use the following table to navigate and configure the software pages.

Page Name Action

Software Selection and System Tasks

agfa fonts 1. Click Accept.

Installation Settings 1. Click Accept.

1. Under OES Services, select Novell Backup / Storage Management Services (SMS).

Notice that Novell Linux User Management and Novell Remote Manager are also selected by default.

These three are the only OES 2 services that are supported to run directly on a Xen virtualization host server.

All OES 2 services are supported to run on Xen guest servers.

2. Under Primary Functions, deselect Print Server by clicking it twice.

3. Under Primary Functions, select Xen Virtual Machine Host Server.

4. Click Accept.

Confirm Installation 1. Click Install.

30 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

15 When prompted, insert the SLES media and click Retry.

If you are installing SLES from DVD, insert the DVD when you are prompted for CD1.

Insert additional media as instructed.

16 After the files are copied, the system configuration takes a few minutes to complete.

17 If you are prompted for additional input during the configuration, accept the default actions.

18 Continue with Setting the Root Password, Configuring the Network, and Updating the Server.

2.2.3 Setting the Root Password, Configuring the Network, and Updating the Server

After the initial system configuration and system reboot, the installation needs more information

root

about the

1 Use the following table to navigate and complete the various configuration pages.

user and the network.

novdocx (en) 22 June 2009

Installing a NetWare Virtual Machine 31

Page Name Action

novdocx (en) 22 June 2009

Password for the System Administrator “root”

Hostname and Domain Name 1. In the Host Name field, type the DNS hostname for the IP

Network Configuration 1. Click Network Interfaces.

Network Card Configuration Overview

Host Name and Name Server Configuration

1. Enter and confirm the Next.

address you are assigning to the server. For example, myserver.

2. In the Domain Name field, type the DNS Domain Name for your network. For example, mysite.company.example.com.

3. Deselect Change Hostname via DHCP.

4. Click Next.

1. If your server has multiple network cards, select the card the server will use.

2. Click Edit.

3. Select Static Address Setup.

4. In the IP Address field, type the IP address for the server. For example, 192.168.1.120

5. Change the Subnet Mask if needed. For example,

255.255.255.0.

6. Click Host Name and Name Server.

1. Type the IP address of at least one name server and type your DNS domain name in the Domain Search field.

2. Click OK.

root

user password, then click

Network Address Setup 1. Click Routing.

Routing Configuration 1. Type the IP address of the default gateway for your lab

subnet. For example, 192.168.1.1.

2. Click OK.

Network Address Setup 1. Click Next.

Network Card Configuration Overview

Network Configuration 1. Click Next.

Test Internet Connection You will need to register your server on the Internet to download

1. Click Next.

the latest patches, so you should test the Internet connection at this point to make sure everything is configured correctly.

1. Select Yes, Test Connection to the Internet.

2. Click Next.

32 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Page Name Action

Running Internet Connection Test After a few moments, the Test Status should indicate Success.

1. Click Next.

novdocx (en) 22 June 2009

Novell Customer Center Configuration

Manual Interaction Required 1. Click Continue.

Novell Customer Center System Registration

1. Click Next.

The server establishes a connection with the Novell Customer Center.

1. In the fields indicated, type and confirm the e-mail address to which you want administrative notifications sent.

2. In the Activation code for SLES components field, type the SLES activation code you noted or printed while downloading the image files.

If you don’t enter this code, the server cannot receive software updates from the Novell patch channels.

3. In the Activation code for OES components field, type the OES 2 activation code you noted or printed while downloading the image files.

If you don’t enter this code, the same patch channel restriction applies.

4. Click Submit.

Your registration information is sent to the Customer Center. This might take a couple of minutes to complete.

5. Click Continue.

The update server is added to your system configuration.

Novell Customer Center Configuration pop-up

1. Click OK.

Installing a NetWare Virtual Machine 33

Page Name Action

Online Update You must run the update process twice. During the first run,

patches to the update-related RPMs are downloaded and installed. The second run installs all critical and important patches.

1. Select Run Update, then click Next.

Although you might need to scroll down to see them, the correct patches are automatically selected. Do not change the selections.

2. Click Accept.

The update patches are downloaded and installed.

3. When both status bars indicate 100%, click Next > OK.

The system refreshes and the patch dialog box reappears with additional patches selected.

4. Click Accept.

5. If one or more notification dialog boxes appear, accept or continue through each one.

Insert additional installation media as instructed.

The security and other critical patches and updates are downloaded and installed.

6. When both status bars indicate 100%, click Next > OK.

The system restarts.

novdocx (en) 22 June 2009

Installation Settings Notice the red text under CA Management. This is because the

root

system restarted and the installation no longer has the password in memory.

1. Click CA Management.

Managing CAs and Certificates 1. Click Edit Default Settings.

root

Edit Default Settings 1. Type the

Password fields, then click Next.

Managing CAs and Certificates 1. Click Next.

Installation Settings 1. Click Next.

password in the Password and Confirm

2 Continue with Configuring LDAP and OES Services

2.2.4 Configuring LDAP and OES Services

The VM host server is not created as an object in eDirectoryTM, but it uses eDirectory LDAP for the OES 2 services installed on it.

1 Use the following table to navigate and complete the eDirectory pages:

34 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Page Name Action

Configured LDAP Servers 1. In the eDirectory Tree Name field, type

EXAMPLE_TREE

2. In the Admin User and Context field, type cn=admin.o=company.

3. In the Admin Password field, type the admin password.

4. Under the Configured LDAP Servers list, click Add.

5. Specify the IP address of the first lab server.

6. Click Add > Next.

7. Click Next.

novdocx (en) 22 June 2009

Novell Open Enterprise Server Configuration

User Authentication Method 1. Click Next.

New Local User The

Empty User Login 1. Click Yes.

Release Notes 1. Click Next.

1. Click Next.

The configuration settings are saved for the OES services you’ve installed.

root

user was created during the SLES install. On OES 2 servers (including virtualization host servers), we recommend that all users except defined in eDirectory. Therefore, you don’t create additional local users.

1. Click Next.

The official OES 2 Release Notes (http://

www.novell.com/documentation/oes2/ oes_readme/data/readme.html) are published

with the OES 2 Online Documentation (http://

www.novell.com/documentation/oes2).

2 Continue with Setting Up the Graphical User Interface.

2.2.5 Setting Up the Graphical User Interface

root

When the Hardware Configuration page appears:

1 Review the Graphics Cards configuration to make sure your monitor was detected and that

your color and resolution settings are the way you want them.

If the settings are correct, skip to Step 3.

2 (Conditional) If the configuration is incomplete or wrong, click the blue links to configure your

monitor, color, resolution, etc.

3 Click Next.

Installing a NetWare Virtual Machine 35

4 When the Installation Completed page appears, deselect Clone This System for Autoyast and

click Finish.

5 Continue with Booting with the Xen Kernel.

2.2.6 Booting with the Xen Kernel

By default, the OES 2 server doesn’t load the Xen kernel required for hosting virtual machines. To configure the server to boot the Xen kernel by default:

root

1 Log in to the server as

2 On the desktop, click Computer > YaST.

3 Click System > Boot Loader.

4 Select the XEN option and click Set as Default.

5 Click Finish.

6 Restart the server by clicking Computer > Log Out > Log Out. Then click Reboot and enter the

root

password.

7 Continue with Installing the NetWare 6.5 SP8 Virtual Machine.

novdocx (en) 22 June 2009

2.3 Installing the NetWare 6.5 SP8 Virtual Machine

After preparing the virtualization host server, complete the following instructions. For complete information and instructions, see the Novell Virtualization Technology documentation Web site

(http://www.novell.com/documentation/vmserver/index.html).

 Section 2.3.1, “Disabling the Alt+Esc Shortcut on the VM Host Server,” on page 36

 Section 2.3.2, “Downloading the NetWare ISO File,” on page 37

 Section 2.3.3, “Creating a Virtual Machine and Installing NetWare,” on page 37

2.3.1 Disabling the Alt+Esc Shortcut on the VM Host Server

Alt+Esc is used on a NetWare server to switch between console screens, but on SLES 10 it moves between open windows. To provide the expected behavior for the virtualized NetWare server, you must disable the shortcut for SLES 10.

root

1 On the host server as the

2 Click Personal > Shortcuts.

3 Under the Window Management category, click Move between windows immediately, then

press the Backspace key to disable the shortcut.

4 Click Close.

user, click Computer > Control Center.

5 Close the Control Center.

6 Continue with Downloading the NetWare ISO File.

36 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

2.3.2 Downloading the NetWare ISO File

novdocx (en) 22 June 2009

You install NetWare from the DVD

.iso

file copied to the server’s hard drive.

1 On the host server, click Computer > Firefox and access the NetWare 6.5 SP8 e Media Kit on

the Novell Download Web site (http://download.novell.com/ Download?buildid=dpIR3H1ymhk~).

2 On the evaluation page, click Proceed to Download.

3 Log in using your Novell Account information.

4 Click the Download button for the

NW65SP8_OVL_DVD.iso

file.

5 Select Save to Disk and click OK.

The file is saved to the desktop.

6 After the file downloads, verify its integrity.

6a Click Computer > Gnome Terminal.

6b At the command prompt, enter

The terminal opens in the

/root

in a subfolder of

named

cd Desktop

root

user’s home directory (

Desktop

/root

). The desktop is contained

6c Check the MD5 checksum value of the downloaded image file by entering:

md5sum NW65SP8_OVL_DVD.iso

6d Compare the displayed value against the value listed on the evaluation download page.

If the values don’t match, you must download the file again until you get a matching checksum.

exit

6e Close the terminal by entering

6f You can also close the browser and the download dialog box.

7 Continue with Creating a Virtual Machine and Installing NetWare.

2.3.3 Creating a Virtual Machine and Installing NetWare

1 On the desktop, click Computer > YaST.

2 Select Virtualization > Virtual Machine Manager.

Notice that one virtual machine, Domain-0 (the OES 2 virtual machine host server) is already running.

3 Use the information in the following table to create a second virtual machine and start the

NetWare installation.

Page Name Action

Virtual Machine Manager 1. In the list of virtual machines, select the localhost entry.

2. Click New.

The Create a Virtual Machine Wizard launches.

Create a Virtual Machine 1. Click Forward.

Install an Operating System? 1. Click Forward.

Installing a NetWare Virtual Machine 37

Page Name Action

Type of Operating System 1. Click the expand icon next to NetWare, then select Novell

Open Enterprise Server 2 (NetWare).

2. Click Forward.

Summary 1. Click Name of Virtual Machine.

novdocx (en) 22 June 2009

Name of Virtual Machine 1. In the Name field, type

It is easier to know which VM you are managing if it reflects the name of the server it contains.

2. Click Apply.

Summary 1. Click Hardware.

Hardware 1. If your server has more than 1 GB memory installed,

increase the initial memory allocated to the VM by clicking the arrows.

For example, if your server has 2 GB memory installed, you can easily increase the initial memory amount to 1024 MB.

2. Click Apply.

Summary 1. Click Disks.

LAB_NW_VM

38 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Page Name Action

Disks Initially, a 10 GB file is specified for the partitions/volumes on

the virtual server. By default, this is a sparse file, meaning that although 10 GB is allocated, the size of the file on the disk will only be as large as the actual data it contains. Sparse files conserve disk space, but they have a negative impact on performance.

The NetWare install allocates 500 MB for a DOS partition and 8 GB for the SYS: volume. The default disk size of 10 GB leaves about 1.5 GB for other partitions, which isn’t very much, although it is sufficient for the exercises in this guide.

However, you allocated 25 GB for the /vm mount point on the server, so let’s allocate all of that to this virtual machine.

1. With the default Hard Disk selected, click Edit.

2. Modify the path in the Server field to be

file:/vm/LAB_NW_VM/disk0

This creates the virtual machine files on the Ext2 partition you created during the installation.

3. In the Size field, replace 10.0 with 25.

4. Deselect Create Sparse Image File.

This dedicates 25 GB of physical disk space on the file system to the VM file and improves performance of the Virtual NetWare server.

5. Click OK.

6. Click CD-ROM.

7. Click Browse, then navigate to and select the

NW65SP8_OVL_DVD.iso

desktop.

8. Click Open.

9. Click OK.

10. Click Apply.

file you downloaded to the

/vm

novdocx (en) 22 June 2009

Summary 1. Click OK.

The virtual machine is created and the NetWare installation starts.

This can take a few minutes or longer, depending on processor speed, memory, etc. Most of the time is required to prepare the 25 GB VM file. However, after the file is prepared, the VM will run much more efficiently than if it were using a sparse file.

4 After the NetWare installation starts, use the following table to navigate the pages listed in the

left column:

IMPORTANT: Some of the instructions that follow assume you have a mouse attached to the server. If not, as you install, use the Tab key to select the options indicated, then press Enter to continue.

Installing a NetWare Virtual Machine 39

Page Name Action

NetWare Installation 1. Click inside the installation window to set the mouse

pointer.

The mouse is not used on the first few screens, but you must set it now. Otherwise, the mouse and the keyboard might not work as expected when the GUI pages appear.

2. Use the arrow keys to select a language, then press Enter.

3. Modify the Regional Settings if desired, then select Continue and press Enter.

4. Press F10 twice to accept the license agreements.

5. Press the Down-arrow key to select Continue, then press Enter.

6. Press Enter to

 Create an 8 GB SYS: volume.

 Begin copying files for the installation.

As the files copy, notice the Run, Pause, and Shutdown options above the window displaying the installation. After the server is installed, they are activated, and you can then use them to manage the state of the virtual machine.

novdocx (en) 22 June 2009

Choose a Pattern 1. Click Next.

At the start of the installation you set the mouse pointer inside the window boundary. To free the mouse to move outside the window, press Ctrl+Alt. To start working in the window again, click inside it to set the pointer.

Components 1. Select

 Apache 2 Web Server and Tomcat 4 Servlet

Container

 Tomcat 5 Servlet Container

 Novell iManager 2.7.2

2. Click Next.

Novell iManager 2.7.2 1. Click Yes.

Summary 1. Click Copy Files.

Server Properties 1. Type

2. Click Next.

Protocols 1. Click IP.

2. Click the first IP Address field, then type the IP address of

3. Type the subnet mask for the address. For example,

4. Type the router (gateway) address for the subnet. For

5. Click Advanced.

LAB_NW

The installation process accesses the server.

the server. For example, 192.168.1.130.

255.255.255.0.

example, 192.168.1.1.

for the server name.

40 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Page Name Action

Advanced 1. Click the SLP tab.

2. In the DA Server 1 field, type the IP address of the SLP Directory Agent (DA), which is the first OES 2 server you installed in the lab. For example, 192.168.1.100.

3. In the SLP Scope List field, type

4. Click OK.

Protocols 1. Click Next.

Domain Name Service 1. Type the DNS hostname associated with the IP address

you just entered.

In contrast to OES 2 servers, this can be different than the name used in eDirectory. Of course, you can choose to use the DNS name for NetWare servers in eDirectory in your production network. In this guide, however, the eDirectory server name is assumed to be LAB_NW.

2. Type the domain name.

3. Type at least one DNS name server IP address. For example, 192.168.1.50.

4. Click Next

3.1 Using the eDirectory Information in This Guide

Before you install OES 2 in a production environment, it is critical that you and your organization take time to plan and design your tree.

However, the instructions in this guide require no planning on your part. In fact, most of the eDirectory objects needed for the exercises in this guide were created in Chapter 1, “Installing the

OES 2 SP2 Server in Your Lab,” on page 11.

The information that follows introduces eDirectory.

If you are already familiar with eDirectory and want to skip the planning introduction, we recommend that you do the following:

1. View the eDirectory tree structure used in this guide (Figure 3-1 on page 46).

2. Skip to Section 3.5, “Creating a Context for Your Users and Groups,” on page 50.

eDirectory, Users and Groups, and Identity Services

3.2 An Introduction to eDirectory Planning

COMPANY

SERVERS PRINTERS

LAB IS

admin

USERS

EXAMPLE_TREE

If you want an efficient and intuitive eDirectory design, you and your organization need to base it on two things:

 The layout of your network

 The structure of your organization

You and your team should carefully think through the issues and design considerations discussed in “Designing Your Novell eDirectory Network” in the Novell eDirectory 8.8 Administration Guide.

 Section 3.2.1, “Your Lab’s eDirectory Tree,” on page 46

 Section 3.2.2, “Your Current Lab Tree,” on page 47

 Section 3.2.3, “Expanding Your Lab Tree,” on page 48

3.2.1 Your Lab’s eDirectory Tree

Figure 3-1 illustrates an eDirectory tree like the one you will use in the lab exercises found in this

guide. It also illustrates and explains the basic elements you should consider when designing an eDirectory tree.

novdocx (en) 22 June 2009

NOTE: The IS Organizational Unit object is included for explanatory purposes and is not created in this guide.

Figure 3-1 Your Lab’s eDirectory Tree

Reference Letter Explanation

The Tree object is the top container object in the tree. It usually contains an Organization object (specified in the install by using o=company) that represents your company or organization.

46 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Reference Letter Explanation

COMPANY

SERVERS

PRINTERS

admin

EXAMPLE_TREE

LAB_NW

(DNS hostname)

The Organization object is normally the first (and often the only) container object under the Tree object. It is typically named after your organization.

Small organizations keep object management simple by having all other objects, such as users, printers, and servers, directly under the Organization object.

Organizations that are large enough to have departments or other organizational units usually decide to have their tree structure reflect their organizational structure.

As shown in this lab example, these organizations create Organizational Unit objects (specified during the install by using ou=name) that reflect their departments, divisions, geographical locations, etc., as is logical for their organization.

Sometimes large organizations create multiple Organization objects below the Tree object to represent separate business units or subsidiaries.

Every tree requires an Admin User object. You will log in as Admin to create or import other User objects and to create the rest of your tree structure.

This example shows two Organizational Unit objects at the department level (LAB and IS).

novdocx (en) 22 June 2009

This example also illustrates how Organizational Unit objects can be nested to provide a complex hierarchy if it is necessary to manage the organization.

3.2.2 Your Current Lab Tree

The eDirectory tree you have created by installing OES 2 in your lab is illustrated by the darker objects in Figure 3-2. The objects that are dimmed are for explanatory purposes and do not exist in your current tree. When you finish with this guide, the upper level organization of your tree will look more like Figure 3-1, except that the IS Organizational Unit shown in that illustration will not be created.

Figure 3-2 Your Current Lab Tree

ERVER

DNS hostname

eDirectory, Users and Groups, and Identity Services 47

Reference Letter Explanation

SERVERS

)

IS_NW

(DNS hostname)

The OES installation process requires that you specify names for the following objects:

 A1: A Tree object

 A2: An Organization object

One of the first objects you specify during an initial installation is the Admin user.

The OES installation process can also create Organizational Unit (OU) objects to define a context for the OES 2 Server object.

All other OU objects that you have planned for your tree must be created after the installation finishes. For example, you will create the PRINTERS and USERS OU objects later in this guide.

The exception to D is that subsequent installations can create additional contexts to contain other OES servers that you install into the tree. For example, you could create a SERVERS OU under the IS OU as illustrated.

novdocx (en) 22 June 2009

3.2.3 Expanding Your Lab Tree

The instructions in this guide cover only the installation of an OES 2 and a virtualized NetWare® 6.5 SP8 server in the tree.

If you were to decide to install additional servers in the tree, the processes you would follow could involve some additional planning tasks, as illustrated in Figure 3-3.

Figure 3-3 An Expanded Tree

MPAN

dmin

ERVER

RINTER

USERS

admin2

DNS hostname

LAB_NW

48 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Reference Letter Explanation

During subsequent installations into the same tree, you can create new Organizational Unit objects to provide a context for other OES 2 servers being installed.

If you want to specify other Admin users in the OES 2 installation parameters, you can do this during the installation. Note, however, that such an Admin would probably not be granted rights to the entire tree, only to the objects under the IS OU. Admin objects like this are often referred to as sub-container admins.

3.3 Setting Up Role-Based Services

When iManager is installed in connection with OES 2, the administrative tasks available through the Roles and Tasks icon are available to all users until you run the configuration wizard. In this exercise, you create a Role-Based Services (RBS) collection that contains all of the management roles in the tree.

When the installation process finishes as outlined below, the eDirectory Admin user is the only user configured to perform the administrative tasks available through the Roles and Tasks icon. If you want to create other administrative users and assign them a subset of administrative roles, you need to create additional collections with subsets of roles and assign the other administrative users to them. For more information, see “Configuring and Customizing iManager” in the Novell iManager

2.7.3 Administration Guide.

novdocx (en) 22 June 2009

1 At your Windows workstation, log in to iManager on the OES 2 lab server, using the

eDirectory Admin user account and password. For more information, see the steps in

Section 1.9, “Accessing iManager,” on page 24.

If you receive a Tomcat error, see Section A.2, “iManager Tomcat Error,” on page 109.

2 Click the Configure icon Description: Configure icon .

3 Select Role Based Services > RBS Configuration.

4 Click iManager 2.x collections > New > Collection and Setup.

5 If you are prompted to extend the schema, click Next.

6 In the Name field, type the following:

Tree Admin Role

7 Click the Browse icon Description: Browse icon next to the Container field.

8 Click COMPANY, then click Next.

9 Click the Browse icon Description: Browse icon next to the Scope field.

10 Click EXAMPLE_TREE.

11 Click Start.

12 Do not close iManager. After the operation finishes, continue with the next section, Updating

the iManager Plug-in Modules.

3.4 Updating the iManager Plug-in Modules

1 In the Configure pane, click Plug-in Installation > Available Novell Plug-in Modules.

eDirectory, Users and Groups, and Identity Services 49

A list shows the plug-ins on novell.com that have been updated or created since OES 2 was initially released.

2 Click the check box in the header row.

All of the available plug-in modules are selected.

3 Click Install.

4 Agree to the license agreement and click OK.

5 When all plug-ins are installed, click Close.

6 Do not close iManager. Continue with the next section, Creating a Context for Your Users and

Groups.

3.5 Creating a Context for Your Users and Groups

All OES 2 services require that you create User objects to represent the users on your system. The Linux User Management component for OES 2 servers requires that you also create a Group object that you can assign the users to.

novdocx (en) 22 June 2009

If you reviewed Section 3.2, “An Introduction to eDirectory Planning,” on page 46, you might have noticed an Organizational Unit object named USERS in Figure 3-2 and Figure 3-3. It is helpful to have at least one Organization Unit object to contain user-related objects, such as User objects and Group objects.

To create an Organizational Unit container object named USERS in the LAB Organizational Unit object:

1 In iManager, click the View Objec ts icon Description: View Objects icon .

2 In the left pane, click the Browse tab.

3 Click the down-arrow Description: Down Arrow icon next to the COMPANY Organization

object Description: Organization icon .

4 Click LAB, then select Create Object from the drop-down list.

5 From the Available Object Classes list, select Organizational Unit, then click OK.

USERS

6 In the Organizational Unit name field, type

7 Click OK > OK.

8 Do not close iManager. Continue with the next section, Setting Up Universal Password for

Users.

3.6 Setting Up Universal Password for Users

On networks where administrators plan to provide native Windows (CIFS) and native Macintosh (AFP) access to file services on an OES 2 server, Universal Password policies must be assigned to eDirectory users needing such access.

When you install Novell AFP and Novell CIFS, the OES installation creates Universal Password policies for each of these services, named AFP Default Policy and CIFS Default Policy, respectively.

50 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

eDirectory allows one Universal Password policy assignment per container. This means that if all of your users reside in the same container, their passwords can be governed by either the AFP or the CIFS policy, but not both.

Many organizations prefer to manage their users in a single container like the USERS container you just created, and they need one Universal Password policy that supports all of the services their users need.

3.6.1 Creating a Universal Password Policy to Support Both AFP and CIFS

The AFP and CIFS default policies are almost identical, except that the AFP and CIFS proxy users are allowed to retrieve passwords only in their respective policies.

You will now create a single password policy named File Services Policy that is based on the AFP policy, and you’ll grant the CIFS proxy user the ability to retrieve passwords along with the AFP proxy user.

NOTE: Larger organizations often prefer to limit the number of proxy users to either a single user or to one per service type, but that discussion is outside the scope of this document. For more information, see “Understanding Proxy Users” in the OES 2 SP1: Planning and Implementation

Guide.

novdocx (en) 22 June 2009

1 In iManager, click the up-arrow Description: Up Arrow icon , click the down-arrow

Description: Down Arrow icon next to Security, then click the Description: Down Arrow icon next to Password Policies.

2 Click AFP Default Policy, then in the pop-up list click Copy Object.

3 In the Object Name field, type

Description: Browse icon next to the Object Location field.

4 Click the down-arrow Description: Down Arrow icon next to Security, then click Password

Policies.

5 Click OK > OK.

6 Click the Roles and Tasks icon Description: Roles and Tasks icon

7 Click Passwords > Password Policies.

8 Click File Services Policy.

9 In the Password Policies pop-up window, click the Universal Password tab, then click the

Configuration Options sub-tab.

10 Scroll down to the Universal Password Retrieval section.

11 Under Allow the Following to Retrieve Passwords, click Insert.

12 In the Object Selector, browse to the COMPANY > LAB > SERVERS container, click the

cifsProxyUser - server_name object, then click OK > OK > Close.

13 Do not close iManager. Continue with the next section, Assigning the Universal Password

Policy to the USERS Container.

File Services Policy

, then click the Browse icon

eDirectory, Users and Groups, and Identity Services 51

3.6.2 Assigning the Universal Password Policy to the USERS Container

For the users you create to be assigned the File Services Policy password policy, you must associate the policy with the USERS container created in Section 3.5, “Creating a Context for Your Users and

Groups,” on page 50.

1 In iManager, click the Roles and Tasks icon Description: Roles and Tasks icon .

2 Click Passwords > Password Policies.

3 Click the File Services Policy link.

4 Click the Policy Assignment tab.

5 Click the Browse icon Description: Browse icon next to the Assign To field.

6 In the Contents pane, browse to the LAB Organizational Unit.

7 Select the USERS Organizational Unit object, then click OK.

8 Click Apply > OK.

9 Do not close iManager. Continue with the next section, Creating NCP and NSS Volumes for

Home Directories.

novdocx (en) 22 June 2009

3.7 Creating NCP and NSS Volumes for Home Directories

For the exercises in the guide, you need home directories for the users you create.

When you create NCPTM and NSS volumes before creating users, you can then create home directories at the same time as you create the user objects. For that reason, it makes sense to set up the volumes prior to user object creation.

 Section 3.7.1, “Home Directories on OES 2,” on page 52

 Section 3.7.2, “Home Directories on NetWare 6.5,” on page 54

 Section 3.7.3, “Summary of Lab Home Directories and Purposes,” on page 55

3.7.1 Home Directories on OES 2

On OES 2, home and other data directories can reside in three possible volume types, each of which is presented in this guide. The locations are:

 Linux POSIX volumes: Your OES 2 lab server already contains a

/home

empty

 NCP volumes that point to Linux POSIX volumes: Your OES 2 server has NCP Server

installed so you can create NCP volumes that point to the Linux POSIX* file systems.

 Novell Storage Services (NSS) volumes: Your OES 2 server is prepared with EVMS to

support NSS volumes. (NSS is the native file system on NetWare.)

directory (the default location for home directories on Linux servers).

(root) partition with an

There are important differences between the home directories in each of these locations and in the configuration steps required to create them and set the needed file/directory trustee assignments, etc.

 “The Linux POSIX /home Directory” on page 53

52 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

 “Creating an NCP Volume on the OES 2 Server” on page 53

 “Creating an NSS Pool and Volume on the OES 2 Server” on page 53

The Linux POSIX /home Directory

For the exercises in this guide, you create POSIX home directories for two users. This lets you easily see the differences between directories created through POSIX and directories created through NCP. Both directory types exist on the same physical disk space and are displayed as POSIX home directories, but only the NCP directories appear in NCP interfaces.

Creating an NCP Volume on the OES 2 Server

OES 2 lets you create NCP volumes that point to directories on the Linux POSIX partitions of your

/home

server. For the exercises in this guide, you create an NCP volume that points to the

directory on your server. NCP volumes support the Novell File and Directory Trustee Rights model when files are accessed through an NCP client.

NCP volumes on Linux POSIX file systems differ from NSS volumes; NCP volumes do not support NSS file attributes, such as Delete Inhibit. For more information, see “Directory and File Attributes” in the OES 2 SP1: NCP Server for Linux Administration Guide.

novdocx (en) 22 June 2009

root

1 Log into your server as

and click Computer > Gnome Terminal.

2 Create an NCP volume in NCPCON that points to the /home directory by entering the

following commands:

ncpcon create volume home_ncp /home

exit

Creating an NSS Pool and Volume on the OES 2 Server

OES 2 supports NSS volumes. NSS is a fast-mounting, journaled file system for OES 2 and NetWare. It is the only file system in the industry that is integrated with identity management. NSS volumes support the Novell File and Directory Trustee Rights model and also NSS file attributes. For more information, see “The Traditional Novell Access Control Model” in the OES 2 SP1:

Planning and Implementation Guide.

NSS volumes can span partitions and even hard disks. For a graphical overview of NSS volumes, see Section A.1, “NSS Partitions, Pools, and Volumes,” on page 107.

1 On your lab workstation in iManager, click the Roles and Tasks icon Description: Roles and

Tasks icon .

2 Click Storage > Pools.

3 Click the Browse icon Description: Browse icon next to the Server field,

4 Browse to and select your OES 2 lab server object (in COMPANY > LAB > SERVERS).

5 Click New.

6 Name the pool

pool_lx

and click Next.

7 Click the box next to the system disk in your server (sda, hda, etc.).

8 By default, all of the free space on the disk should be automatically entered in the Used Size

field, and the amount should match the Free Size (MB) displayed to the right of the system disk. If the Used Size field is blank, type the free space amount.

eDirectory, Users and Groups, and Identity Services 53

9 Click Finish.

POOL_LX is listed as an available pool. Notice that the NSS pool name is uppercase, even though you typed lowercase. All NCP and NSS volumes, are created and displayed in uppercase to give a visual distinction from the Linux POSIX lowercase norm, to prevent visual confusion of letters and numbers (vol1 vs. VOL1), and because names are case insensitive on NSS.

10 After the pool appears in the list, continue in the Storage task by clicking Vo l u me s .

11 Click New.

12 In the Name field, type

home_nss

, then click Next.

13 Click the box next to POOL_LX, then click Next.

14 Scroll down to File Information > Lookup Namespace

Long should be selected by default.

This setting avoids having the NCP server spend cycles doing Long namespace lookups.

15 Click Finish.

HOME_NSS is listed as an available volume.

novdocx (en) 22 June 2009

16 Continue with the next section, Home Directories on NetWare 6.5.

3.7.2 Home Directories on NetWare 6.5

The default file system for NetWare 6.5 is NSS, which is an NCP volume by definition.

NetWare servers don’t contain a HOME volume (partition) by default, but it is standard practice among NetWare administrators to create a HOME volume for their network users’ private directories.

Creating a HOME_NW Volume on the NetWare 6.5 SP8 Server

Your NetWare virtual machine has approximately 16.5 GB of disk space still available for another NSS pool and volume on disk 0, which is the 25 GB file you created for the VM in Section 2.3.3,

“Creating a Virtual Machine and Installing NetWare,” on page 37.

1 In iManager, click the Roles and Tasks icon Description: Roles and Tasks icon .

You can manage storage on the NetWare LAB_NW_VM server even though you are running iManager on your OES 2 lab server. This demonstrates one advantage of the tight integration of OES 2 services with eDirectory.

2 Click Storage > Pools.

3 Click the Browse icon Description: Browse icon next to the Server field,

4 Browse to and select the LAB_NW_VM server object (in COMPANY > LAB > SERVERS).

Notice that a pool named SYS already exists. This pool contains the default volumes and files

SYS

created with the NetWare server, including a volume that is also named

5 Click New.

6 Name the pool

pool_nw

and click Next.

7 Click the box next to the XenHD device in your virtual machine.

This “device” is the 25 GB file that you created for the virtual machine. The file currently contains all the virtualized NetWare server’s partitions and files.

54 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

8 By default, all of the free space on the disk should be automatically entered in the Used Size

field, and the amount should match the Free Size (MB) displayed to the right of the system disk. If the Used Size field is blank, type in the free space amount.

9 Click Finish.

POOL_NW is listed as an available pool.

10 In the left frame, click Vo lum e s .

11 Click New.

12 In the Name field, type

home_nw

, then click Next.

13 Click the box next to POOL_NW, then click Next.

14 Click Finish.

3.7.3 Summary of Lab Home Directories and Purposes

Your lab servers now have four home directory access points in three physical locations (the first two share the same physical partition):

 /home: This is the default home directory on SLES 10 servers. The underlying file system is

/home

Reiser. On SLES 10 servers, home directories are normally created on in to the server for the first time.

by users logging

novdocx (en) 22 June 2009

Home directories on OES 2 servers are normally created on NCP or NSS volumes. However,

/home

they can be created manually on because the directories belong initially to the

 HOME_NCP: This is an NCP volume mount point that points to and shares disk space with

/home

the

directory mentioned above. In this guide, it illustrates the functionality of the NCP

server, the Novell File and Directory Trustee Model, and Novell Client

. User and Group ownership must be manually adjusted

root

user that creates them.

access to a Linux POSIX volume. (The underlying file system is Reiser.) Home directories on NCP volumes are easily created when users are created in iManager. POSIX permissions to home directories created in iManager must be adjusted before users can access the directories through non-NCP applications. This is because when the directories are created, the directory owner in POSIX is initially the eDirectory Admin User who created the users in eDirectory and their home directories on the Linux file system (NCP volume).

 HOME_NSS: This is an NSS volume on the OES 2 server. It illustrates the functionality of the

NCP server, the Novell File and Directory Trustee Model, and NSS file attributes. Because NSS volumes are also NCP volumes by default, home directories are easily created at usercreation time in iManager. POSIX permissions do not apply to NSS volumes. However, NSS can interface with POSIX permissions for applications and access methods that require them. Trustee assignments (ownership) are automatically assigned to the eDirectory username or user when the home directory is created.

 HOME_NW: This is an NSS volume on your virtualized NetWare server. It illustrates the

functionality of the NCP server, the Novell File and Directory Trustee Model, and NSS file attributes on a NetWare server. Trustee assignments (ownership) are automatically assigned to the eDirectory username or user when the home directory is created.

3.8 Creating Users

For the lab exercises, you need to create the users shown in Table 3-1.

eDirectory, Users and Groups, and Identity Services 55

IMPORTANT: There are seven users, each representing a different user type you might need on your network.

Although the user names are unusual, they should help you track home directory locations and service access at a glance.

Each name includes “edir” to indicate that eDirectory users have access to the traditional Novell services highlighted in this guide:

 Novell AFP (Macintosh networking)

 Novell CIFS (Windows networking)

 Novell iFolder

3.8

 NetStorage

The steps for creating users begin after Table 3-1.

Table 3-1 Users to Create

novdocx (en) 22 June 2009

Username

linux1_lumedir

linux2_lumedir

ncp_edir Ncp Edir DNSname_HOME_NCP This user’s home directory is

First Name

Linux1 Lum-edir

Linux2 Lum-edir

Last Name

Home Directory Volume What This User Demonstrates

/home

You manually create this user’s home directory in the server’s

home

directory.

If LUM is configured to allow login or sshd access, this user can access the OES 2 server as though it is a local user.

You manually create this user’s home directory in the server’s

home

directory.

If LUM is configured to allow login or sshd access, this user can access the OES 2 server as though it is a local user.

The difference between this user and the linux1 user is that its home directory is not adjusted for privacy but has the default POSIX permissions.

created by specifying the HOME_NCP volume at usercreation time in iManager.

56 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

When the instructions in this section are complete, the user has access to only the traditional Novell services: AFP, CIFS, iFolder, and NetStorage.

novdocx (en) 22 June 2009

Username

ncp_lum-edir Ncp Lum-edir DNSname_HOME_NCP This user’s home directory is

nss_edir Nss Edir DNSname_HOME_NSS This user’s home directory is

nss_lum-edir Nss Lum-edir DNSname_HOME_NSS This user’s home directory is

First Name

Last Name

Home Directory Volume What This User Demonstrates

created by specifying the HOME_NCP volume at usercreation time in iManager.

When the instructions in this section are complete, the user has potential access to the server as a local user, in addition to traditional Novell service access.

created by specifying the HOME_NSS volume at usercreation time in iManager.

The user has access to only the traditional Novell services: AFP, CIFS, iFolder, and NetStorage.

created by specifying the HOME_NSS volume at usercreation time in iManager.

In additional to traditional Novell services access, the user has access to the server as a local user.

nw_edir Nw Edir LAB_NW_HOME_NW This user represents the traditional

NetWare user in eDirectory.

This user’s home directory is created by specifying the HOME_NW (NSS) volume at usercreation time in iManager.

The user has access to only the traditional Novell services: AFP, CIFS, iFolder, and NetStorage. However, you could also LUMenable the user (and the other non-LUM users as well) to verify that full OES 2 services are potentially available to all eDirectory users.

1 In iManager, in the left pane, click Users > Create User.

2 In the Username field, type a username from Table 3-1.

For the first user, this is linux1_lum-edir.

3 Type the first name and last name for the user as shown in Table 3 -1.

4 Click the Browse icon Description: Browse icon next to the Context field.

eDirectory, Users and Groups, and Identity Services 57

5 For the first user, browse to the USERS object (COMPANY > LAB > USERS), then click the

object.

For subsequent users, click the Object History icon and select the USERS object’s fully distinguished name (FDN).

6 Type the same password in both the Password and Retype Password fields.

7 Do not select Set Simple Password.

This is not required for OES because Universal Password is used.

8 If the Home Directory Volume cell in the table shows

For the other users, select the Create Home Directory option and browse Description: Browse

icon to the NCP volume indicated. (Volumes are in the SERVERS OU.)

The home directories for the linux* users are created later.

9 Click OK.

10 Click Repeat Task to repeat the process until the other users listed in Table 3-1 on page 56 are

created.

11 Do not close iManager. Continue with the next section, A Note about Identity Manager 3.6

Bundle Edition.

/home

, skip to Step 9.

novdocx (en) 22 June 2009

3.9 A Note about Identity Manager 3.6 Bundle Edition

If your organization has more than one directory service that stores user information, you should consider implementing the Novell Identity Manager 3.6 Bundle Edition included with Novell Open Enterprise Server.

The Identity Manager 3.6 Bundle Edition provides licensed synchronization of information (including passwords) held in NT Domains, Active Directory

Not only can you import User objects into eDirectory rather than creating them as you have in this section, but you can use Identity Manager to keep all the user data (including passwords that are stored in your different databases) synchronized.

When data from one system changes, Identity Manager detects and propagates these changes to other connected systems based on the business policies you define.

For more information, see “Using the Identity Manager 3.6.1 Bundle Edition ” in the OES 2 SP1:

Planning and Implementation Guide.

Continue with Chapter 4, “eDirectory Linux Access (LUM),” on page 59.

Domains, and eDirectory trees.

58 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

eDirectory

LDAP server

eDirectory users

that are

enabled for Linux

(LUM)

gdm, gnomesu-pam

OES Linux

server

Valid POSIX Users Authentication Services

PAM-Enabled

Services

Novell Remote

Manager

Locally defined users

(such as root)

Local

POSIX-based

authentication

eDirectory Linux Access (LUM)

Novell® Linux User Management (LUM) is a key component of Novell Open Enterprise Server (OES) and lets you require users who are accessing PAM-enabled services, such as FTP or SSH, on the OES 2 server to authenticate through eDirectory

This section discusses the following:

 Section 4.1, “Overview of Linux User Management,” on page 59

 Section 4.2, “Creating Group Objects,” on page 60

 Section 4.3, “Enabling the LUMUsers Group for Linux User Management (LUM),” on page 61

 Section 4.4, “Allowing SSH Access,” on page 61

 Section 4.5, “Creating a Home Directory for the linux* Users,” on page 63

4.1 Overview of Linux User Management

novdocx (en) 22 June 2009

Figure 4-1 illustrates how LUM works with PAM-enabled services. For more detailed information,

see “Linux User Management: Access to Linux for eDirectory Users” in the OES 2 SP1: Planning

and Implementation Guide. As illustrated, OpenWBEM is the only PAM-enabled service that is

active by default.

Figure 4-1 Linux User Management on OES

The user-creation steps you completed earlier in this guide (Section 3.8, “Creating Users,” on

page 55) created three LUM users with limited rights as local users on the OES 2 server.

eDirectory Linux Access (LUM)

4.2 Creating Group Objects

To simplify user management, you should create one or more groups and associate users with those groups. Groups let you manage multiple users at the same time.

Some actions can only be performed at the group level. For example, enabling users for LUM requires making them members of a group that is enabled for LUM.

For the exercises in this guide, you will create two groups:

 LUMUsers: This group is used to LUM-enable some of the users you have created. Having the

group lets us explore how LUM works and directly experience the SSH security precautions that are built into OES 2.

 AllUsers: This group is for all of the eDirectory user objects, including those that are LUM-

enabled and those that have only traditional Novell services access.

IMPORTANT: Creating a group named users seems logical to many eDirectory administrators.

Unfortunately, all SLES 10 servers already have a system-created local group named users, and creating a duplicate group in eDirectory causes problems.

novdocx (en) 22 June 2009

For more information, see “Avoid POSIX and eDirectory Duplications” in the OES 2 SP1: Planning

and Implementation Guide.

To create the required group objects:

1 In iManager > Roles and Tasks, click Groups > Create Group.

2 In the Group Name field, type

The name contains uppercase and lowercase letters simply to illustrate that case is preserved in object names. Some administrators use mixed case to improve readability.

3 Click the Browse Description: Browse icon icon next to the Context field.

4 Browse to the USERS container object.

5 Click OK > Modify.

6 Click the Members tab.

7 Click the Browse icon Description: Browse icon next to the Members field.

8 Browse to the USERS group and click the down-arrow Description: Down Arrow icon next

to the group.

9 Select the following User objects:

 linux1_lum-edir

 linux2_lum-edir

 ncp_lum-edir

 nss_lum-edir

LUMUsers

10 Click OK > Apply > OK.

11 Click Create Group.

12 In the Group Name field, type

13 Click the Object History icon and select the USERS object’s fully distinguished name

(FDN).

60 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

AllUsers

14 Click OK > Modify.

15 Click the Members tab.

16 Click the Browse icon Description: Browse icon next to the Members field.

17 Shift-click linux1_lum-edir, drag the mouse down to select all the users, then click nw_edir.

All of the users are added to the list.

18 Click OK > Apply > OK.

19 Do not close iManager. Continue with the next section, Enabling the LUMUsers Group for

Linux User Management (LUM).

4.3 Enabling the LUMUsers Group for Linux User Management (LUM)

IMPORTANT: LUM-enabling users is an important part of these lab exercises. However, in a production environment you should avoid LUM-enabling users until you fully understand the potential security issues. For more information, see “SSH Services on OES 2 Linux” in the OES 2

SP1: Planning and Implementation Guide.

novdocx (en) 22 June 2009

If you want eDirectory users to access PAM-enabled services such as login or sshd (SSH), on an OES 2 server, you must LUM-enable the users.

1 In the Roles and Tasks list, click Linux User Management > Enable Groups for Linux.

2 Click the Browse icon Description: Browse icon next to the Group Name field.

3 Click LUMUsers > OK.

4 Make sure the Linux-Enable All Users in These Groups option is selected, then click Next

twice.

5 Click the Browse icon Description: Browse icon next to the Linux Workstation Name field.

6 Click the up-arrow Description: Up arrow Icon .

7 Click the down-arrow Description: Down Arrow icon next to SERVERS.

8 Click the UNIX Workstation object for the OES 2 lab server, then click OK.

LUM-enabled access to OES 2 servers is enabled on an individual server basis. If you install additional OES 2 servers that require LUM access, they must also be added to a LUM-enabled group.

The LUMUsers group and its users are now recognized by the OES 2 server as local users.

9 Click Next > Finish > OK.

10 Do not close iManager. Continue with the next section, Allowing SSH Access.

4.4 Allowing SSH Access

To illustrate how LUM-enabled services work, we will briefly experiment with SSH access for eDirectory LUM-enabled users. In Section 10.2.4, “SSH and NetStorage Administration,” on

page 88, you will see that SSH access is required for a key NetStorage administration feature.

Complete the steps in the following sections:

 Section 4.4.1, “Allowing SSH Access Through the Firewall,” on page 62

eDirectory Linux Access (LUM) 61

 Section 4.4.2, “Adding SSH as an Allowed Service in LUM,” on page 62

 Section 4.4.3, “Verifying SSH Access,” on page 62

4.4.1 Allowing SSH Access Through the Firewall

1 On the OES 2 lab server, click Computer > YaST Administrator Settings, then click Security

and Users > Firewall.

2 In the left navigation frame, click Allowed Services.

3 In the Services to Allow drop-down list, select SSH.

4 Click Add > Next > Accept.

The firewall is now configured to allow SSH connections with the server.

5 Continue with Adding SSH as an Allowed Service in LUM.

4.4.2 Adding SSH as an Allowed Service in LUM

1 In YaST in the Open Enterprise Server group, click OES Install and Configuration.

2 Click Accept.

novdocx (en) 22 June 2009

3 When the Novell Open Enterprise Server Configuration page has loaded, click the Disabled

link under Linux User Management.

The option changes to Enabled and the configuration settings appear.

4 Click Linux User Management.

5 Type the eDirectory Admin password in the appropriate field, then click OK > Next.

6 In the list of allowed services, click sshd.

7 Click Next > Next > Finish, then close YaST.

8 Continue with Verifying SSH Access.

4.4.3 Verifying SSH Access

The LUMUsers group in eDirectory now has SSH as an allowed service. To verify this:

1 On the lab workstation, in the iManager Roles and Tasks list, click Directory Administration >

Modify Object.

2 Click the Browse icon Description: Browse icon next to the Object Name field.

3 Browse to and select the LUMUsers group object (in COMPANY > LAB > USERS), then click

OK.

4 Click the Linux Profile tab, then click the Linux Services sub-tab.

5 Notice that sshd (the SSH daemon) is listed as a LUM-Enabled service, then click OK.

6 (Optional) If you want to verify that SSH access works, install an SSH client on the

workstation and attach to the lab server through one of the LUM-enabled users. Be aware,

/home

however, that this creates a POSIX home directory for the user in adjustments to procedures in the next section, Creating a Home Directory for the linux* Users.

7 Continue with Creating a Home Directory for the linux* Users.

and might require

62 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

4.5 Creating a Home Directory for the linux* Users

The NetStorage exercises in this guide involve users’ home directories and specific files they will copy to those directories. However, neither of the linux* users currently has a home directory.

There are two standard ways to create home directories on Linux servers. The first way is for a user to log in to the server as a local user (or for OES 2, as a LUM-enabled user). For example, opening an SSH session creates a home directory.

Because it is unlikely that you want your users to have direct physical access to a production server, we will use the second way, which is to create the directory manually, assign the user and group to the directory, and then modify access permissions.

root

1 As the

2 In the left panel, double-click File System, then double-click the

3 If you see home directories for only the ncp_* users that were created in iManager on the

HOME_NCP

user on the server’s desktop, click Computer > Home Folder.

home

volume, continue with Step 4.

folder.

novdocx (en) 22 June 2009

If you see a home directory for one of the linux* users, that means you used it to experiment with SSH access in Step 6 on page 62, thus creating a home directory for the user. In that case, adjust the steps that follow as required.

4 Right-click the white space in the right panel and select Create Folder.

5 Type

6 Click the Permissions tab.

7 Click the File Owner drop-down list, then use the Up-arrow and Down-arrow keys to navigate

8 Click the File Group drop-down list, navigate to and select LUMUsers, then press Enter.

9 Make this directory private by deselecting all of the access permissions for Group and Others.

linux1_lum-edir

to and select the linux1_lum-edir user.

Notice that the users that you created who are not enabled for LUM are not listed.

Neither this group nor the user you selected exist locally. However, because they are LUMenabled, the server recognizes them as though they do.

The next three lines (Owner, Group, Others) indicate access permissions for the directory owner (linux1_lum-edir), the assigned group (LUMUsers), and everyone else (others).

Notice that both Group and Others have permission to Read (open) the contents of the folder and Execute (browse its contents). This is not what NetWare because home directories are private on NetWare servers.

For more information about directory privacy and aligning access on Linux servers to match what NetWare administrators are accustomed to, see “Aligning NCP and POSIX File Access

Rights” in the OES 2 SP1: Planning and Implementation Guide.

as the folder name, then right-click the folder and select Properties.

administrators and users expect

10 Click Close.

11 Right-click the white space in the right panel and select Create Folder.

12 Type

13 Click the Permissions tab.

14 Change the file owner to linux2_lum-edir and the file group to LUMUsers by using the drop-

linux2_lum-edir

down lists.

as the folder name, then right-click the folder and select Properties.

eDirectory Linux Access (LUM) 63

15 Adjust the permissions for this directory by enabling the Write right for the group. This gives

full rights to the user’s home directory for anyone in the LUMUsers group, which is obviously not something you would normally do.

Later in the guide we will use this to contrast default POSIX file permissions with the Novell File and Directory Security Model.

16 Click Close.

17 Continue with Novell CIFS on OES 2.

novdocx (en) 22 June 2009

64 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

eDirectory

LDAP server

eDirectory users have automatic access to the Novell CIFS server.

Any CIFS/SMB Client

(such as Windows Explorer)

Novell

CIFS server

Web Folders

(Windows Explorer or

Internet Explorer browser)

Access Methods Authentication

File Storage Services

OES 2 server

WebDAV

CIFS

Novell CIFS on OES 2

Novell® CIFS lets Windows users access NSS volumes on Novell Open Enterprise Server 2 servers exactly as they would access a Windows file server. For a comparison to Novell Samba, see “Comparing Your CIFS File Service Options” in the OES 2 SP1: Planning and Implementation

Guide.

This section discusses the following:

 Section 5.1, “Overview of Novell CIFS,” on page 65

 Section 5.2, “Setting the Search Context,” on page 66

 Section 5.3, “Making Novell CIFS Shares Available to CIFS Users,” on page 66

 Section 5.4, “Novell CIFS Users Access Rights,” on page 66

5.1 Overview of Novell CIFS

novdocx (en) 22 June 2009

Figure 5-1 illustrates the file services available through Novell CIFS in OES 2.

More Information on Novell CIFS file services in OES 2 is found in “Novell CIFS Implementation

and Maintenance” in the OES 2 SP1: Planning and Implementation Guide.

Figure 5-1 Novell CIFS

Novell CIFS on OES 2

IMPORTANT: If you plan to use Novell CIFS in conjunction with Novell AFP and/or NCP file services, be sure to read “Cross-Protocol File Locking Change” in the OES 2 SP1: Planning and

Implementation Guide.

5.2 Setting the Search Context

By default, the search context for CIFS users is set to the container where the OES 2 server is installed. The CIFS proxy user searches in this context for users seeking access to the CIFS file service. You must set a context that points to the USERS container where your User objects are located.

1 In iManager > Roles and Tasks, click File Protocols > CIFS.

2 Click the Browse icon next to the Server field, then browse to and select the OES 2 lab server.

3 Click the Context tab.

4 Select the entry that points to the SERVERS container, then click Delete.

5 Click New.

6 Browse to and select the USERS container, then click OK.

7 Continue with Making Novell CIFS Shares Available to CIFS Users.

novdocx (en) 22 June 2009

5.3 Making Novell CIFS Shares Available to CIFS Users

By default, all NSS volumes hosted on an OES 2 server have shares associated with them. If you need a share to point to a subdirectory on an NSS volume, then you must create a new share. See “Adding a New CIFS Share” in the OES 2 SP1: Novell CIFS for Linux Administration Guide.

If a volume is created while the Novell CIFS service is running, the service must be restarted to discover the volume.

1 Click the Shares tab.

2 If the HOME_NSS share is listed, skip to Novell CIFS Users Access Rights.

If not, continue with Step 3.

3 Click the General tab, then click Stop. The service status changes to Stopped.

4 Click the Start sub-tab. The service status changes to Running.

5 Click the Shares tab.

The HOME_NSS share is listed.

5.4 Novell CIFS Users Access Rights

As illustrated in Figure 5-1, all eDirectory users have automatic access to the Novell CIFS file service, assuming that the service is configured correctly.

However, access to the CIFS file service does not equate to access to the NSS file system and the folders and files it contains. The Novell File and Directory Trustee Rights model ensures that users can see only those files and folders to which they have access rights.

66 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

eDirectory

LDAP server

NetWare 6.5 SP8

server

Access Points Authentication NFAP Services

Linux or UNIX

Windows

MAC

NFAP server

processes

AFP

NFS

CIFS

NetWare CIFS and AFP on OES 2

NetWare® 6.5 SP8 supports native file access methods from Linux, Macintosh, UNIX*, and Windows workstations to NSS volumes on NetWare servers. (Access to NetWare Traditional File System volumes is not supported.)

This section discusses the following:

 Section 6.1, “Overview,” on page 67

 Section 6.2, “Enabling NFAP Services on the LAB_NW Server,” on page 68

6.1 Overview

Figure 5-1 illustrates the native File Access Protocol (NFAP) support services that are enabled by

installing NetWare 6.5. A more detailed overview of NFAP file services on OES is found in “Native

File Access Protocols” in the NW 6.5 SP8: Planning and Implementation Guide.

novdocx (en) 22 June 2009

Figure 6-1 Native File Access Support on NetWare 6.5

The exercises in this guide have you access the NetWare server by using native Windows functionality.

NetWare CIFS and AFP on OES 2

If you want to also experiment with Linux, UNIX, or Macintosh workstations, refer to the information in “Native File Access Protocols Implementation and Maintenance” in the NW 6.5 SP8:

Planning and Implementation Guide after completing all the sections in this guide.

6.2 Enabling NFAP Services on the LAB_NW Server

When you created the nw_edir user in iManager, you also created a home directory for the user on the HOME_NW NSS volume on the virtualized NetWare server LAB_NW.

By default, all NSS volumes on NetWare servers are available for CIFS and AFP access. To configure CIFS access, you must complete two tasks:

 Section 6.2.1, “Creating a Share for the HOME_NW Volume,” on page 68

 Section 6.2.2, “Specifying a Search Context,” on page 68

6.2.1 Creating a Share for the HOME_NW Volume

novdocx (en) 22 June 2009

NetWare CIFS requires that you specify the shares that users can access.

1 In iManager > Roles and Tasks, click File Protocols > CIFS.

2 Click the Browse icon next to the Server field, then browse to and select the LAB_NW server.

3 Click the Shares tab, then click the New sub-tab.

4 In the Share Name field, type

This is the name used to attach to the share.

5 Click the Browse icon Description: Browse icon next to the Vo lu me field.

6 In the Object Selector, click the down-arrow Description: Down Arrow icon next to the

LAB_NW_HOME_NW volume, then click the link to the volume.

7 Click OK > OK.

home_nw

6.2.2 Specifying a Search Context

You must specify a search context that NetWare can use to find users needing CIFS access.

1 Log into your VM host server as

Machine Manager.

2 Double-click the LAB_NW_VM virtual machine.

3 On the NetWare GUI, click the File Browser (folder) icon once to activate the mouse pointer

and once to select the browser.

root

and click Computer > YaST > Virtualization > Virtual

SYS:

ETC

volume.

folder.

SERVERS

cifsctxs.cfg

with

USERS

, so that the line reads

4 Double-click the

5 Double-click the

6 Scroll down and double-click the

Notice that the search context is set to the SERVERS container. User searches occur only in the contexts specified in this file. Subcontainers are not searched.

7 Edit the file, replacing

OU=USERS.OU=LAB.O=COMPANY

68 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

file.

8 Save the file, close the editor, and close the file browser.

9 Click the Server Console (computer) icon.

10 Stop and then start the CIFS service by entering the following commands:

CIFSSTOP

CIFSSTRT

11 Press Ctrl+Alt to release the mouse, then close both of the Virtual Machine Manager windows.

12 Continue with Chapter 8, “iFolder 3.8,” on page 73.

novdocx (en) 22 June 2009

NetWare CIFS and AFP on OES 2 69

novdocx (en) 22 June 2009

70 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

eDirectory

LDAP server

OES 2 server

Access Points Authentication AFP Services

Macintosh

Novell

AFP server

AFP

Novell AFP

Novell® AFP lets Macintosh users access NSS volumes on Novell Open Enterprise Server 2 servers using AFP networking, exactly as they would Macintosh file servers.

This section discusses the following:

 Section 7.1, “Overview,” on page 71

 Section 7.2, “Setting the Search Context,” on page 72

 Section 7.3, “Making NSS Volumes Available to AFP Users,” on page 72

 Section 7.4, “Novell AFP Users Access Rights,” on page 72

7.1 Overview

Figure 7-1 illustrates the file services available through Novell AFP in OES 2.

novdocx (en) 22 June 2009

More Information on Novell AFP file services in OES 2 is found in “Novell AFP Implementation

and Maintenance” in the OES 2 SP1: Planning and Implementation Guide.

Figure 7-1 AFP File Access Support on OES 2

The exercises in this guide have you access the OES 2 server by using native Macintosh functionality.

IMPORTANT: If you plan to use Novell AFP in conjunction with Novell CIFS and/or NCP file services, be sure to read “Cross-Protocol File Locking Change” in the OES 2 SP1: Planning and

Implementation Guide.

Novell AFP

7.2 Setting the Search Context

By default, the search context for AFP users is set to the container where the OES 2 server is installed. The AFP proxy user searches in this context for users seeking access to the AFP file service. You must set a context that points to the USERS container where your User objects are located.

1 In iManager > Roles and Tasks, click File Protocols > AFP.

2 Click the Browse icon next to the Server field, then browse to and select the OES 2 lab server.

3 Click the Contexts tab.

4 Select the entry that points to the SERVERS container and click Remove.

5 Click Add.

6 Browse to and select the USERS container, then click OK.

7 Continue with Making NSS Volumes Available to AFP Users.

7.3 Making NSS Volumes Available to AFP Users

novdocx (en) 22 June 2009

1 Click the Vo lum e s tab, then click Add.

2 Click the Browse icon Description: Browse icon next to the Vo lu me field.

3 In the Object Selector, click the down-arrow Description: Down Arrow icon next to the

HOME_NSS volume, then click the link to the volume.

4 In the Shared Volume Name field, type

AFP_Home_NSS

and click OK.

7.4 Novell AFP Users Access Rights

As illustrated in Figure 7-1, eDirectory users can access any NSS volume where they are granted Novell trustee rights. For example, if they have a system-created home directory on the HOME_NSS volume, they can see that directory.

However, if they don’t have Novell trustee rights, they cannot access the volume. This is different than for CIFS users.

As with CIFS users, the Novell File and Directory Trustee Rights model ensures that users can see only those files and folders to which they have access rights.

72 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

iFolder 3.8

As a key file service component of Novell® Open Enterprise Server (OES), Novell iFolder® 3.8 provides a repository on one or more OES 2 servers that stores master copies of locally accessible files.

This section discusses the following:

 Section 8.1, “Overview of iFolder,” on page 73

 Section 8.2, “Installing the iFolder Client,” on page 74

 Section 8.3, “Creating Corresponding Windows Users,” on page 75

 Section 8.4, “Refreshing the List of iFolder Users,” on page 75

 Section 8.5, “Configuring iFolder Accounts and Creating iFolders,” on page 76

8.1 Overview of iFolder

novdocx (en) 22 June 2009

Figure 8-1 illustrates the file services that are enabled by completing the steps in the sections that

follow.

More detailed information on iFolder file services on OES 2 is found in “Novell iFolder 3.7” in the

OES 2 SP1: Planning and Implementation Guide.

iFolder 3.8

Figure 8-1 iFolder File Services on OES

iFolder 3.8

Web Access Server

Can run on an

iFolder 3.8 Enterprise server

or a different OES 2 server

eDirectory

LDAP server

iFolder Client for SLED

iFolder Client for Windows

Access Methods

Authentication/File Encryption

iFolder 3.8 Services

iFolder Client for Macintosh

iFolder 3.8

Enterprise servers

iFolder 3.8 Web Access via a Web browser

HTTP(S

)

Sync

Upload or Download

HTTP(S

)

HTTP(S

)

HTTP(S

)

eDirectory LDAP

server on the

same or different

OES 2 server

Master server

provides

access

Slave servers

provide

scalability

HTTP(S

)

novdocx (en) 22 June 2009

74 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

8.2 Installing the iFolder Client

NOTE: Although the exercises in this guide focus on Windows, the iFolder client is also available for Linux and Macintosh. For more information, see “Getting Started” the Novell iFolder 3.8 Cross-

Platform User Guide.

The iFolder client is required for two tasks:

 Automatically synchronizing local iFolder files with the files on the iFolder 3.8 enterprise

server.

 Sharing iFolders with other users.

IMPORTANT: To install the client, the workstation must have an active Internet connection.

To install the iFolder client:

1 Log in to the workstation as a Windows administrative user.

2 In your browser, access your OES 2 server’s welcome pages by entering the following URL:

http://IP_or_DNS

where IP_or_DNS is the IP address of full DNS name of your lab server.

novdocx (en) 22 June 2009

For example:

3 On the OES 2 Welcome Page in the left panel, click the Client Software link.

4 Under Available Downloads, click the iFolder Client for Windows link appropriate for your

workstation (32-bit or 64-bit).

5 Save the file.

6 Open the downloaded file and install the client.

The installation process includes several steps. For the installation to succeed, you must agree, accept, and answer Yes to the various prompts, including the Microsoft .NET installation if prompted. Accept all the defaults.

7 If you install Microsoft .NET, you might be prompted to restart the workstation. If prompted,

click the Restart button, then after the workstation restarts, log in as the Windows administrative user.

8 Click through the dialog boxes, accepting the defaults until the process is finished. Then click

Finish > Yes to restart the workstation.

9 After the workstation restarts, log in as an administrative user.

10 Cancel the iFolder Account Creation Wizard, then continue with Creating Corresponding

Windows Users.

myserver.company.example.com

8.3 Creating Corresponding Windows Users

Some OES services, such as Novell iFolder, interact seamlessly with Windows users that have the same username and password as the eDirectory

For the exercises in this guide, you must now create Windows user accounts for the users listed in

Table 3-1 on page 56 and assign each user the same password you specified for the corresponding

eDirectory account.

1 On the Windows workstation, log in as an Administrator user.

2 Access the Control Panel and select User Accounts (Windows XP) or Users and Passwords

(Windows 2000).

On Windows 2000, you specify the password before the account type.

3 Create a user account for each user in Table 3-1 on page 56, specifying that the account is a

computer administrator.

4 On Windows XP, select the user after creating it, and then create the same password for the user

that you specified in Step 6 on page 58.

5 Repeat from Step 3 for each additional user, then continue with Refreshing the List of iFolder

Users.

users.

8.4 Refreshing the List of iFolder Users

All eDirectory users are enabled for access to iFolder 3.8 by default. However, the iFolder 3.8 Administration utility must be synchronized with eDirectory. By default this happens every 24 hours.

1 Open your browser and log in to iManager as admin.

iFolder 3.8 75

If you receive a Tomcat error, see Section A.2, “iManager Tomcat Error,” on page 109.

2 Click iFolder 3.8 > Launch iFolder Admin Console.

3 In the iFolder Server field, type the IP address of the OES 2 lab server.

4 Select the Authenticate Using Current iManager Credentials option.

5 Click OK.

The Users tab shows the users that are recognized by the iFolder server as having iFolder service access. Because the LDAP search context doesn’t include the USERS container, the eDirectory users you have added don’t appear in the list.

6 Click the Servers tab.

7 Click the blue link for the OES 2 lab server.

8 In the LDAP Details section, click the Edit button.

9 In the LDAP Admin DN field, type cn=admin,o=company.

10 In the LDAP Admin Password field, type the Admin user password.

11 In the LDAP Contexts field, change

This changes the search context to the USERS directory.

SERVERS

USERS

, then click OK.

novdocx (en) 22 June 2009

12 In the LDAP Details section, click the Sync Now button.

Notice that the default synchronization interval is 1440 minutes (24 hours).

13 Click the Users tab.

Notice that the users you have created are added to the list.

14 Close the iFolder Administration console, then continue with Configuring iFolder Accounts

and Creating iFolders.

8.5 Configuring iFolder Accounts and Creating iFolders

Before users can create iFolders, they must set up an iFolder account on the workstation.

You should have already created a Windows user account for each eDirectory user as instructed in

Section 8.3, “Creating Corresponding Windows Users,” on page 75. You will now configure an

iFolder for linux1_lum-edir and invite the ncp_edir and nw_edir users to share the iFolder. Although you can create accounts for the other users, there are no exercises in this guide that involve them having iFolder accounts.

1 Log off as the administrative user, then log in to the Windows workstation as the linux1_lum-

edir user that you created in Section 8.3, “Creating Corresponding Windows Users,” on

page 75.

2 After the login process finishes, you should be prompted to set up an iFolder account. Click

Next.

If you are not prompted to set up an account, right-click the iFolder icon on the toolbar, select Accounts, then click New.

3 In the Server Address field, type the IP address or DNS hostname of your OES 2 server, then

click Next.

4 Type the linux1_lum-edir for the username, then type the password you assigned to the user.

76 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

5 Select Remember Password, then click Next > Connect.

6 If prompted, accept the certificate by clicking Yes .

7 When prompted to create a default iFolder, deselect Create Default Folder, click OK, click

Finish, and then close the iFolder information window.

novdocx (en) 22 June 2009

8 Right-click the desktop, then click New and create a new folder named

edir_IF3

linux1_lum-

9 After creating the folder, right-click it, then click Convert to an iFolder.

10 Click OK.

11 In the message that points out how iFolder folder icons look different, select Do Not Show This

Message Again, then click Close.

12 Right-click the iFolder, then select iFolder > Share with.

13 In the iFolder Properties dialog box, click Add.

14 In the iFolder Users column, click Ncp Edir, then click Add>>.

Ncp Edir is added to the Selected Users column.

15 Add Nw Edir to the Selected Users column as well.

16 Click OK.

17 Change the access rights for Nw Edir from Read/Write to Read Only by doing the following:

17a Click Nw Edir.

17b Click Access.

17c Select Read Only.

17d Click OK.

18 Click Apply > OK.

The two users are configured to access linux1_lum-edir’s iFolder.

19 Log out of the workstation.

20 Continue with Chapter 9, “iPrint,” on page 79.

iFolder 3.8 77

novdocx (en) 22 June 2009

78 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

iPrint

As the print services component of Novell® Open Enterprise Server (OES), Novell iPrint provides a powerful and easy-to-implement printing solution that lets your network users print from any Linux, Macintosh, or Windows workstation to any network printer.

This section discusses the following:

 Section 9.1, “Overview of iPrint,” on page 79

 Section 9.2, “Creating an eDirectory Context for Printers,” on page 80

 Section 9.3, “Creating a Print Driver Store,” on page 81

 Section 9.4, “Creating a Print Manager Object,” on page 81

 Section 9.5, “Adding Printer Drivers to the Driver Store from the Windows Platforms,” on

page 82

 Section 9.6, “Creating iPrint Printer Objects,” on page 83

novdocx (en) 22 June 2009

9.1 Overview of iPrint

Figure 9-1 illustrates the printing services that are enabled by completing the steps in the sections

that follow.

More detailed information on iPrint services in OES 2 is found in “iPrint Functionality” in the OES

2 SP1: Planning and Implementation Guide.

iPrint

Figure 9-1 iPrint on OES

Linux, Macintosh,

or Windows workstation

eDirectory

LDAP server

iPrint server (OES server)

Driver Store (Linux)

Broker (NetWare)

Linux, Macintosh,

or Windows

application

Browser on Linux,

Macintosh, or Windows

Install

Network

printer

Print page (browser)

Access

Authentication

(Windows only)

Printing Services

Install a printer, using the native

printer installation

method for the

platform.

Prin t

Print spooler

Print Manager

HTTP

IPP

novdocx (en) 22 June 2009

9.2 Creating an eDirectory Context for Printers

System administrators often create one or more container objects just for network printers. Obviously, this is an optional organizational preference issue. The printers themselves can be placed in the most convenient and accessible locations for your network users.

1 Log in to the lab Windows workstation as a Windows user with Administrator privileges.

2 Cancel the iFolder wizard.

3 Start iManager and log in as the Admin user.

If you receive a Tomcat error, see Section A.2, “iManager Tomcat Error,” on page 109.

4 Click the View Objects icon Description: View Objects icon .

5 Click the Browse tab.

6 In the left pane, click the down-arrow Description: Down Arrow icon next to the

COMPANY Organization object.

10 Click OK twice.

7 Click LAB, then select Create Object from the drop-down list.

8 From the Available Object Classes list, select Organizational Unit, then click OK.

9 In the Organizational Unit Name field, type

80 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

PRINTERS

9.3 Creating a Print Driver Store

iPrint stores print driver files by workstation type for each of your network printers in a driver store in eDirectory™.

1 In iManager, click the Roles and Tasks icon Description: Roles and Tasks icon .

2 Click iPrint > Create Driver Store.

novdocx (en) 22 June 2009

3 In the Driver Store Name field, type

4 Click the Browse icon Description: Browse icon next to the Container Name field.

5 Click the down-arrow Description: Down Arrow icon next to LAB, then click the

PRINTERS Organizational Unit object.

6 Click the Browse icon Description: Browse icon next to the eDir Server field.

7 Click the down-arrow Description: Down Arrow icon next to LAB, click the down-arrow

Description: Down Arrow icon next to SERVERS, then click your OES 2 lab server.

8 Click OK twice.

9 Continue with Section 9.4, “Creating a Print Manager Object,” on page 81.

Print_Drivers

9.4 Creating a Print Manager Object

The iPrint Manager is represented by and managed through a Print Manager object in eDirectory. It is a daemon that runs on the OES 2 server, and it must be running when you create Print objects. After printing is set up, the iPrint Manager receives print job requests and forwards them to printers when the printers are ready.

1 Continuing from Step 8 in the previous section, click iPrint > Create Print Manager.

2 In the Manager Name field, type the following:

iPrint_Manager

3 Click the Browse icon Description: Browse icon next to the Container Name field.

4 Click the down-arrow Description: Down Arrow icon next to LAB, then click PRINTERS.

5 Click the Browse icon Description: Browse icon next to the eDir Server field.

6 Click the down-arrow Description: Down Arrow icon next to LAB, click the down-arrow

Description: Down Arrow icon next to SERVERS, then click your OES 2 lab server.

7 Click the Browse icon Description: Browse icon next to the Driver Store field.

8 Click the down-arrow Description: Down Arrow icon next to LAB, click the down-arrow

Description: Down Arrow icon next to PRINTERS, then click Print_Drivers.

9 In one of the iPrint Service fields, type either the full DNS name of your lab server or its IP

address, depending on the option you select.

10 Click OK twice.

iPrint 81

9.5 Adding Printer Drivers to the Driver Store from the Windows Platforms

You can load printer drivers to the Driver Store by using driver files. However, because most Windows workstations have an extensive list of printer drivers available on the system, the simplest way to add drivers for a Windows workstation is to upload them directly.

You can upload Windows XP drivers from a Windows XP workstation, Windows 2000 drivers from a Windows 2000 workstation, etc.

Complete the following steps once for each of the Windows platforms (XP, 2000, etc.) that you have in your lab:

IMPORTANT: This procedure requires Internet Explorer 6 or later.

1 Open Internet Explorer 6 or later on the workstation and enter the following URL in the

Address field:

http://IP_or_DNS/ipp

novdocx (en) 22 June 2009

where IP_or_DNS is the IP address or DNS name of your OES 2 server.

2 Click the Install iPrint Client link just below the banner.

3 Click either Open (Windows 2000) or Run (Windows XP).

4 Click Next and follow any prompts.

5 After the client installs, click Finish.

6 Close the browser, then open it again.

7 Start iManager (http://server/nps) and log in as the Admin user.

If you receive a Tomcat error, see Section A.2, “iManager Tomcat Error,” on page 109.

8 If you are running Internet Explorer 6, skip to Step 12.

For Internet Explorer 7, you must configure the pop-up blocker. Continue with Step 9.

9 Right-click above the iManager panel and make sure the Menu Bar option is selected.

10 In the Menu Bar, click Tools > Pop-Up Blocker > Pop-Up Blocker Settings.

11 In the Address of Website to Allow field, type the IP address of the OES 2 lab server, then click

Add > Close.

12 Click iPrint > Manage Driver Store.

13 Click the Browse icon Description: Browse icon next to the iPrint Driver Store Name field.

14 Browse to the Printers container (COMPANY > LAB > PRINTERS), then click the

Print_Drivers object.

15 Click OK.

16 Click the Drivers tab.

17 If you are running Internet Explorer 6, skip to Step 21.

If you are running Internet Explorer 7 and have not previously approved the iPrint ActiveX* plug-in to run, an Information Bar appears directly above the iManager pane.

82 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

18 If no Information Bar appears directly above the iManager pane, skip to Step 21.

19 Click the Information Bar and select Run ActiveX Control, then click Run > Retry.

20 Repeat from Step 12.

21 Select the sub-tab for the workstation type you are running.

You can add drivers from the system only for the workstation type you are running.

22 Click Add from System.

23 In the Add Resource dialog box, select the correct driver for the printer you plan to use for the

lab test.

24 Click OK.

25 (Optional) To test multiple printers, repeat Step 22 through Step 24 for each printer you want to

test.

26 When you are finished, click Apply > OK.

9.6 Creating iPrint Printer Objects

You can create iPrint Printer objects for all your printers that have drivers in the Driver Store and an IP address or DNS name.

novdocx (en) 22 June 2009

1 In iManager, click the Roles and Tasks icon Description: Roles and Tasks icon .

2 Click iPrint > Create Printer.

3 In the Printer Name field, type a name for your printer.

4 Click the Browse icon Description: Browse icon next to the Container Name field.

5 Click the down-arrow Description: Down Arrow icon next to LAB, then click PRINTERS.

6 Click the Browse icon Description: Browse icon next to the Print Manager Name field.

7 Click the down-arrow Description: Down Arrow icon next to LAB, click the down-arrow

Description: Down Arrow icon next to PRINTERS, then click iPrint_Manager.

8 Type the DNS name or IP address of the printer in the field indicated.

9 Type a location so users know where to find the printer.

10 (Optional) Type a description.

11 Click Next.

12 Select the printer driver by using the drop-down list for the Windows platform of your lab

workstation.

13 Click Next > OK.

14 Close iManager.

15 Continue with Chapter 10, “NetStorage,” on page 85.

iPrint 83

novdocx (en) 22 June 2009

84 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Windows Explorer

Browser

PDA

Access Methods Authentication NetStorage Server

eDirectory/LDAP

(OES 2)

NetStorage

OES 2

NSS

volume

NCP

volume

NetWare

Traditional

volume

CIFS share

(NFAP)

CIFS share

(Samba)

Linux

traditional

volume

Windows

servers

Target Servers

NCP

WebD AV

HTTP

SSH

CIFS

to manage

NetStorage

As a versatile file services component of Novell® Open Enterprise Server (OES), NetStorage provides Web-based access to and management of any files on OES 2 servers, except the iFolder 3 files, which are accessed through the iFolder Web Access Server instead.

This section discusses the following:

 Section 10.1, “Overview of NetStorage,” on page 85

 Section 10.2, “Making Directories Accessible Through NetStorage,” on page 86

10.1 Overview of NetStorage

Figure 10-1 on page 85 illustrates the NetStorage file services that are enabled by default.

More detailed information on NetStorage file services on OES is found in “NetStorage” in the OES

2 SP1: Planning and Implementation Guide.

novdocx (en) 22 June 2009

Figure 10-1 NetStorage on OES

NetStorage

10.2 Making Directories Accessible Through NetStorage

NetStorage makes files on OES 2 servers available on the Internet. Directories can be made available as organizational needs dictate. For the exercises in this guide, we will focus on user home directories.

 Section 10.2.1, “NCP Users Have Automatic Access to Their Home Directories,” on page 86

 Section 10.2.2, “Creating a Storage Location Object in iManager,” on page 86

 Section 10.2.3, “Adding the Object to a Storage Location List,” on page 87

 Section 10.2.4, “SSH and NetStorage Administration,” on page 88

10.2.1 NCP Users Have Automatic Access to Their Home Directories

For users who have a home directory specified in eDirectoryTM (on an NCPTM or NSS volume), access to that home directory is automatic.

novdocx (en) 22 June 2009

By default, when users log in to NetStorage, they see a storage location named Home@TREE_NAME. This means that the ncp_*, the nss_* users, and the nw_edir user each see their home directories when they log into NetStorage.

The label that users see is configurable in the File Access (NetStorage) iManager plug-in by using the NetWare Storage Provider task. You can also specify home directories in additional trees if users log in to multiple trees. For more information, see “NetWare Storage Provider” in the OES 2 SP1:

NetStorage for Linux Administration Guide.

TIP: The first time you access the NetWare Storage Provider task in iManager, the configuration is blank and the column headings are collapsed. To display the configuration, click Set Defaults, click another task, then click NetWare Storage Provider again. All of the columns are then displayed.

To make other directories on an OES 2 server available through NetStorage, including non-NCP/ NSS home directories, you must create a Storage Location Object that points to the directory and then add the object to a Storage Location List as explained in the following sections.

10.2.2 Creating a Storage Location Object in iManager

A Storage Location object specifies an access protocol and points to a directory on either the NetStorage server itself or another accessible server. After object creation, users with rights to the directory can access storage location objects through NetStorage.

For connections to Storage Location objects, NetStorage supports both CIFS and SSH as alternatives to NCP (the default NetStorage protocol). Although they are used in this guide, SSH storage locations should only be used after certain security issues are understood and dealt with. (For more information, see “SSH Security Considerations” in the OES 2 SP1: Planning and

Implementation Guide.)

Because the linux*_lum-edir users’ home directories are on a Linux traditional volume, there is no default access and you must create a Storage Location object for them to use.

86 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Because the CIFS protocol on your lab server uses Novell CIFS, and because Novell CIFS provides access to only NSS volumes, the Storage Location object must use SSH.

To create an SSH Storage Location object:

1 Start iManager by entering the following URL in a browser Address field:

http://IP_or_DNS/nps

where IP_or_DNS is the IP address or DNS name of your OES 2 server.

If you receive a Tomcat error, see Section A.2, “iManager Tomcat Error,” on page 109.

2 Log in to iManager as the Admin user.

3 Click the Roles and Tasks icon Description: Roles and Tasks icon .

4 Click File Access (NetStorage) > New Storage Location.

5 In the Object Name field, type

StorLoc_hostname

where hostname is the name of your lab server. This is the name of the Storage Location object in eDirectory (for example, StorLoc_myserver).

6 In the Display Name field, type

novdocx (en) 22 June 2009

Linux_Home_Directories

This is the name that users see in the NetStorage directory access list.

7 In the Directory Location field, type

ssh://IP_or_DNS_Name/users

where IP_or_DNS_Name is the IP address or full DNS name of your lab server (for example, cifs://myserver.mysite.company.example.com/users).

IMPORTANT: Protocol designators, such as ssh and cifs, are case-sensitive on OES 2 servers. Make sure you don’t type the common uppercase (SSH or CIFS) out of habit.

8 Click the Browse icon Description: Browse icon next to the Context field.

9 Browse to and select the SERVERS Organizational Unit object.

The new Storage Location object will be created in the SERVERS organizational unit object.

10 Click Create > OK.

10.2.3 Adding the Object to a Storage Location List

Storage Location Lists are required for granting access for users, groups, or containers (Organizational Unit objects) to Storage Location objects.

1 In the list of tasks below File Access (NetStorage), click Assign Storage Location to Object.

2 Click the Browse icon Description: Browse icon next to the Object field.

This field contains the user, group, or OU object that is granted access to the Storage Location object.

3 Click USERS > OK.

4 Click the Browse icon Description: Browse icon next to the Storage Location Objects field.

5 Click the down-arrow Description: Down Arrow icon next to SERVERS.

NetStorage 87

6 Click the StorLoc_hostname object for your lab server, then click OK.

You could add multiple Storage Location objects to the list if needed, but we are only adding one.

7 Click OK twice.

10.2.4 SSH and NetStorage Administration

Many network administrators prefer to use SSH for remote server administration. NetStorage includes a special SSH-based Storage Location object named NSS_Volumes that lets eDirectory Admin users administer NSS volumes on OES 2 through NetStorage. Admin users can assign trustees, administer NSS file and directory attributes, restrict directory size, and so on.

As a general security precaution, SSH services are not enabled by default on OES 2 servers. However, you enabled SSH services in Section 4.4, “Allowing SSH Access,” on page 61, and then you enabled SSH as a LUM-enabled service, thus giving SSH access to LUM-enabled users.

The eDirectory Admin user has SSH access because it is a LUM-enabled user by default. This means that the Admin user can use SSH for remote server administration and it can administer the server’s NSS volumes through NetStorage.

novdocx (en) 22 June 2009

NOTE: Unlike home directory access, which automatically connects all users in the tree with their NCP or NSS home directories no matter which server the directories are on, default administrative access is limited to the nssvolumes Storage Location object located in COMPANY. To provide administrative access to the HOME_NW volume on the LAB_NW NetWare need to create an NCP Storage Location object that points to that volume.

Continue with Chapter 11, “Getting Acquainted with OES,” on page 89.

server, you would

88 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Getting Acquainted with OES

After you have installed Novell® Open Enterprise Server (OES) and completed the configuration instructions located in the preceding sections, your OES 2 server is ready for lab use.

The instructions and information in this section acquaint you with the basic services available in OES. More detailed service overviews are available in the OES 2 SP1: Planning and

Implementation Guide. For comprehensive documentation for each service, see the administration

guides and other documentation listed on the OES documentation Web site (http://www.novell.com/

documentation/oes).

This section guides you through the following tasks:

 Section 11.1, “Preparing Files for the Lab Exercises,” on page 89

 Section 11.2, “Exercises for linux1_lum-edir,” on page 90

 Section 11.3, “Exercises for linux2_lum-edir,” on page 92

novdocx (en) 22 June 2009

 Section 11.4, “Exercises for ncp_lum-edir,” on page 94

 Section 11.5, “Exercises for ncp_edir,” on page 95

 Section 11.6, “Exercises for nss_edir,” on page 99

 Section 11.7, “Administrative Tasks Available in NetStorage,” on page 100

 Section 11.8, “Exercises for nss_lum-edir,” on page 102

 Section 11.9, “Exercises for nw_edir,” on page 103

 Section 11.10, “Macintosh Exercises and Novell AFP,” on page 104

 Section 11.11, “What’s Next,” on page 105

11.1 Preparing Files for the Lab Exercises

You will use four small text files in the exercises that follow.

1 Log in to the Windows workstation as a Windows user with Administrator privileges.

2 Access this page in the online documentation.

3 Right-click each of the following links, select Save Link As, and save the file to the desktop.

 MyPrivateFile.txt (http://www.novell.com/documentation/oes2/download/

MyPrivateFile.txt)

 PublicInformation.txt (http://www.novell.com/documentation/oes2/download/

PublicInformation.txt)

 TeamProjectReadOnly.txt (http://www.novell.com/documentation/oes2/download/

TeamProjectReadOnly.txt)

 TeamProjectWrite.txt (http://www.novell.com/documentation/oes2/download/

TeamProjectWrite.txt)

4 If you are working on Windows XP, move the downloaded files to the My Computer > Shared

Documents folder on the workstation.

Getting Acquainted with OES

If you are working on Windows 2000, do the following:

4a On the desktop, right-click the My Documents folder, then select Properties.

4b Click the Sharing tab.

4c Select Share This Folder.

4d Change My Documents to Shared Documents.

4e Click OK.

4f Move the downloaded files to the My Documents folder.

5 Log out of Windows.

6 Continue with the next section, Exercises for linux1_lum-edir.

11.2 Exercises for linux1_lum-edir

 Section 11.2.1, “What linux1_lum-edir Can Do,” on page 90

 Section 11.2.2, “Using NetStorage,” on page 91

novdocx (en) 22 June 2009

11.2.1 What linux1_lum-edir Can Do

This user has the following service access:

Table 11-1 linux1_lum-edir Service Access

Service Details Explored for This User in This Guide

Novell iFolder® 3.8

Novell AFP Can access any NSS directories to which it

Novell CIFS Can access any NSS directories to which it

NetStorage Can access NetStorage because of the

Can create and share its own iFolders and accept invitations from others to share their iFolders.

has rights.

Access rights to directories are governed by the NSS file system, allowing the user to only see and do what it has rights for.

has rights.

Access rights to directories are governed by the NSS file system, allowing the user to only see and do what it has rights for.

Storage Location Object created in

Section 10.2.2, “Creating a Storage Location Object in iManager,” on page 86.

NetStorage provides this user with access to its home directory, which it would otherwise not have.

Yes. This was done previously in

Section 8.5, “Configuring iFolder Accounts and Creating iFolders,” on page 76.

See Section 11.10, “Macintosh Exercises

and Novell AFP,” on page 104.

Yes, to demonstrate file copying and deleting.

Also to show that the directory is publicly available, and not private as a NetWare expect it to be. In fact, the directory can also be written to by any member of the LUMUsers group because of the action you took in Step 14 on page 63.

linux2_lum-edir

administrator would

90 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Service Details Explored for This User in This Guide

novdocx (en) 22 June 2009

iPrint Can install and use the printer made

available in Chapter 9, “iPrint,” on page 79.

11.2.2 Using NetStorage

1 Log in to the Windows workstation as the linux1_lum-edir user.

2 Close the iFolder window.

3 Open your browser and log into NetStorage by using the following URL:

http://IP or DNS/netstorage

where IP or DNS is your OES 2 server’s IP address or DNS name.

4 Type

5 Select the

6 Select the

7 Click File > Upload.

8 If prompted, disable the pop-up blocker and click File > Upload again if necessary to open the

9 Click the Browse button, browse to the

linux1_lum-edir

as the User Name, type the associated password in the Password

field, then click OK.

Linux_Home_Directories

storage location you created in Section 10.2.2,

“Creating a Storage Location Object in iManager,” on page 86.

linux1_lum-edir

directory.

NetStorage doesn’t support dragging and copying files. Instead you upload files you want to store from the workstation to the server, and you download files you want to work with from the server to the workstation.

Upload File dialog box.

Shared Documents

folder where you copied the four

files in Step 3 on page 89, select the first file and click Open.

10 Click the plus (+) sign next to Browse, then repeat the same process to select and open the other

three files.

11 Click the Upload button.

All four files should now be copied to the

12 Select the

linux2_lum-edir, ncp_edir

linux1_lum-edir

, and

ncp_lum-edir

directory.

folders in turn and attempt to

copy the first file to each folder.

Because you assigned the Write right the LUMUsers group in Step 14 on page 63, the first copy attempt succeeds, but the other attempts fail because the linux1_lum-edir user doesn’t have the necessary rights to the ncp* user folders.

13 Open the

linux1_lum-edir

folder, then select

MyPrivateFile.txt

14 Click File > Delete > OK.

The file is deleted.

15 Click View > Show Deleted Files.

The deleted file is not listed because this feature relies on the Salvage and Purge functionality that is available only on NSS volumes, but the underlying file system for the

/home

11.3 Exercises for linux2_lum-edir

 Section 11.3.1, “What linux2_lum-edir Can Do,” on page 92

 Section 11.3.2, “Using NetStorage,” on page 92

 Section 11.3.3, “Using iPrint,” on page 93

11.3.1 What linux2_lum-edir Can Do

This user has the following service access:

Table 11-2 linux2_lum-edir Service Access

Service Details Explored for This User in This Guide

novdocx (en) 22 June 2009

iFolder 3.8 Can create and share its own iFolders and

accept invitations from others to share their iFolders.

Novell AFP Can access any NSS directories to which

it has rights.

Access rights to directories are governed by the NSS file system, allowing the user to only see and do what it has rights for.

Novell CIFS Can access any NSS directories to which

it has rights.

Access rights to directories are governed by the NSS file system, allowing the user to only see and do what it has rights for.

NetStorage Can access NetStorage because of the

Storage Location Object created in

Section 10.2.2, “Creating a Storage Location Object in iManager,” on page 86.

Otherwise, this user would not have access to its home directory because it was created manually as a POSIX directory rather than being specified in iManager.

See Section 11.10, “Macintosh Exercises

and Novell AFP,” on page 104.

Yes

iPrint Can install and use the printer made

available in Chapter 9, “iPrint,” on

page 79.

11.3.2 Using NetStorage

1 Log in to the Windows workstation as the linux2_lum-edir user.

92 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Yes

2 When the iFolder wizard launches, click Cancel.

3 Open your browser and log into NetStorage by using the following URL:

http://IP or DNS/netstorage

where IP or DNS is your OES 2 server’s IP address or DNS name.

novdocx (en) 22 June 2009

4 Type

linux2_lum-edir

as the User Name, type the associated password in the Password

field, then click OK.

5 Click the

Linux_Home_Directories

storage location you created in Section 10.2.2, “Creating

a Storage Location Object in iManager,” on page 86.

6 In the left navigation frame, click linux2_lum-edir.

7 Right-click the file in the right frame and notice that you can move, copy, download, delete,

and rename the file through the NetStorage interface.

8 Select Delete.

9 Click OK.

The file is deleted.

Although the file was actually owned by the linux1_lum-edir user who copied it to the folder, linux2_lum-edir can delete the file because the LUMUsers group has the Write right on the folder.

For a brief overview of what the different POSIX rights allow on directories and files, see “Linux (POSIX) File System Access Rights” in the OES 2 SP1: Planning and Implementation

Guide.

10 Click View > Show Deleted Files.

The deleted file is not listed because this feature relies on the Salvage and Purge functionality that is available only on NSS volumes, and the underlying file system for the

/home

11.3.3 Using iPrint

1 In the browser, access the iPrint page by using the following URL:

http://IP or DNS/ipp

where IP or DNS is your OES 2 server’s IP address or DNS name.

2 (Conditional) If you have not previously installed the iPrint client on the workstation, click the

Install iPrint Client link and install the client now.

Getting Acquainted with OES 93

3 Click the link for the printer you created in Section 9.6, “Creating iPrint Printer Objects,” on

page 83.

You might need to click the Refresh button to see the printers.

4 Answer the prompts to install the printer on the workstation.

5 Access the Printers property page by clicking Start > Settings > Printers.

6 Right-click the printer, then click Properties.

7 Click Print Test Page > OK > OK.

A test page should print at your printer.

For more information on various iPrint capabilities, see “Customizing iPrint” in the OES 2:

iPrint for Linux Administration Guide.

8 Continue with the next section, Exercises for ncp_lum-edir.

11.4 Exercises for ncp_lum-edir

 Section 11.4.1, “What ncp_lum-edir Can Do,” on page 94

 Section 11.4.2, “Using NetStorage,” on page 95

novdocx (en) 22 June 2009

11.4.1 What ncp_lum-edir Can Do

This user has the following service access:

Table 11-3 ncp_lum-edir Service Access

Service Details Explored for This User in This Guide

iFolder 3.8 Can create and share its own iFolders and

accept invitations from others to share their iFolders.

Novell AFP Can access any NSS directories to which

it has rights.

Access rights to directories are governed by the NSS file system, allowing the user to only see and do what it has rights for.

Novell CIFS Can access any NSS directories to which

it has rights.

Access rights to directories are governed by the NSS file system, allowing the user to only see and do what it has rights for.

NetStorage Can access its home directory through

NetStorage because all home directories created through iManager and stored as attributes in eDirectory through the HOME@EXAMPLE_TREE default storage location.

are exposed

See Section 11.10, “Macintosh Exercises

and Novell AFP,” on page 104.

Yes

94 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Service Details Explored for This User in This Guide

novdocx (en) 22 June 2009

iPrint Can install and use the printer made

available in Chapter 9, “iPrint,” on

page 79.

11.4.2 Using NetStorage

1 Log in to the Windows workstation as the ncp_lum-edir user.

2 When the iFolder wizard launches, click Cancel.

3 Open your browser and log into NetStorage by using the following URL:

http://IP or DNS/netstorage

where IP or DNS is your OES 2 server’s IP address or DNS name.

4 Type

ncp_lum-edir

then click OK.

5 Click the

Unlike the

HOME@EXAMPLE_TREE

Linux_Home_Directories

itself.

6 Click File > Upload, browse to the

The file appears in the folder.

7 Click the

ncp_lum-edir

Notice that the folder appears to be empty.

as the User Name, type the associated password in the Password field,

storage location.

storage location, this directly opens the home directory

Shared Documents

folder in the

Linux_Home_Directories

folder, and upload one of the text files.

storage location.

This is because the ncp_lum-edir home directory was created when the user object was created in iManager by the eDirectory Admin user. The ncp_lum-edir user can see that the directory

/home

exists because it is a member of the LUMUsers group and has SSH access to the directory on the OES 2 server, but it has no POSIX rights to view the directory’s contents. From a POSIX perspective, the Admin user owns the directory.

8 Click the

linux2_lum-edir

folder in the

Linux_Home_Directories

storage location.

Notice that the four files uploaded by the user in Step 11 on page 93 are listed.

This is because the ncp_lum-edir user is a member of the LUMUsers group, and that group has all rights to linux2_lum-edir’s home directory as assigned in Step 15 on page 64.

For more information on using NetStorage, see the OES 2 SP1: NetStorage for Linux Administration

Guide.

11.5 Exercises for ncp_edir

 Section 11.5.1, “What ncp_edir Can Do,” on page 95

 Section 11.5.2, “Using iFolder,” on page 96

 Section 11.5.3, “Using NetStorage,” on page 98

11.5.1 What ncp_edir Can Do

This user has the following service access:

Getting Acquainted with OES 95

Table 11-4 ncp_edir Service Access

Service Details Explored for This User in This Guide

novdocx (en) 22 June 2009

iFolder 3.8 Can create and share its own iFolders and

accept invitations from others to share their iFolders.

Novell AFP Can access any NSS directories to which

it has rights.

Access rights to directories are governed by the NSS file system, allowing the user to only see and do what it has rights for.

Novell CIFS Can access any NSS directories to which

it has rights.

Access rights to directories are governed by the NSS file system, allowing the user to only see and do what it has rights for.

NetStorage Can access its home directory through

NetStorage because all home directories created through iManager and stored as attributes in eDirectory are exposed through the HOME@EXAMPLE_TREE default storage location.

iPrint Can install and use the printer made

available in Chapter 9, “iPrint,” on

page 79.

Yes

See Section 11.10, “Macintosh Exercises

and Novell AFP,” on page 104.

Yes

11.5.2 Using iFolder

 “Setting Up iFolder” on page 96

 “Observing File Synchronization” on page 97

 “Using iFolder Web Access” on page 97

Setting Up iFolder

linux2_lum-edir has full access to all iFolder user functionality, but for the purposes of this guide we will accept only the invitation that was extended by linux1_lum-edir and briefly explore what is available through that invitation.

1 At the Windows workstation, log in as ncp_edir.

2 After the iFolder Account Creation Wizard launches, click Next.

3 In the Server Address field, type the IP address or DNS name of the OES 2 lab server, then

click Next.

4 Type the username and password for ncp_edir, select Remember password on This Computer,

then click Next.

5 Click Connect.

6 If prompted, accept the certificate by clicking Yes .

96 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

7 Deselect Create Default iFolder, then click Next.

8 Click Finish.

9 In the iFolder dialog box, click View > Refresh, then click linux1_lum-edir_IF3.

Remember that this is the iFolder that linux1_lum-edir shared with the ncp_edir user.

10 On the left under iFolder Actions, click Download.

11 Click OK.

The iFolder is created on the desktop.

12 Double-click the iFolder to open it in Windows Explorer.

13 Navigate to the

files to the

Shared Documents

linux1_lum-edir_IF3

folder, then drag and copy (using the Ctrl key) the four

folder.

You can do this because ncp_edir has default Read/Write permissions to the shared iFolder.

Make sure you copy (by pressing the Ctrl key) rather than moving the files from the Shared Documents folder. Otherwise, the files won’t be available to other users who log in.

14 Continue with the next section, “Observing File Synchronization.”

novdocx (en) 22 June 2009

Observing File Synchronization

To understand more about how iFolder works, it is helpful to observe the file synchronization processes in action.

1 On the desktop in the taskbar, right-click the iFolder icon and select Synchronization Log.

The iFolder Synchronization Log opens.

2 Right-click the iFolder icon again and select Preferences.

3 Change the Synchronization interval to 1 minute.

Normally you would not want to synchronize this often, but for our current purposes it helps to expedite log activity.

4 Delete the

MyPrivateFile.txt

file.

Within a couple of minutes the change is synchronized with the iFolder server. Notice that there are various synchronization operations involved to ensure that all changes are tracked in order and coordinated among the various iFolders on the server and affected workstations.

5 Continue with the next section, “Using iFolder Web Access.”

Using iFolder Web Access

NOTE: By default, interaction with an iFolder 3.8 server is encrypted through SSL 3.0.

Users can access their iFolders through most browsers that support SSL 3.0.

1 Open your browser and enter the following URL:

https://IP_or_DNS_name/ifolder

where IP_or_DNS_name is the IP address or complete DNS name of your OES 2 server.

2 If prompted, accept the certificate.

3 Log in as ncp_edir.

Getting Acquainted with OES 97

4 Click the linux1_lum-edir_IF3 link and observe the following:

 The files you copied to the iFolder are available in the browser.

 By clicking a file link, you can automatically download and open the file, or you can save

it to your desktop. After downloading and modifying a file, you can upload it and replace the original on the iFolder server.

 Using the links above the files, you can create new folders, upload files, and delete a

selected file from the server.

Changes made to iFolders on the server through browser connections are synchronized with the corresponding iFolders on workstation desktops the next time users log in.

5 Close the browser.

6 Continue with the next section, “Using NetStorage.”

11.5.3 Using NetStorage

1 Using your browser, log into NetStorage by using the following URL:

http://IP or DNS/netstorage

where IP or DNS is your OES 2 server’s IP address or DNS name.

novdocx (en) 22 June 2009

2 Type

ncp_edir

as the User Name and the associated password in the Password field, then

click OK.

3 In the left navigation frame, click Home@EXAMPLE_TREE.

4 Click File > Upload.

If you are prompted, enable pop-ups and repeat this step.

5 Click the Browse button and navigate to the Shared Documents folder, then select the first file

and click Open.

6 Click the Plus sign (+) by the Browse button to add another field. Then click Browse, select the

next file, and repeat this step until all four files are selected.

7 Click Upload.

8 Log in to the OES 2 server as the

root

user and click Computer > Home Folder.

9 Double-click File System > home > ncp_edir.

10 Verify that the files you copied in NetStorage are on the server.

11 Right-click a file, select Properties, then click the Permissions tab and observe the following:

 The File Owner is

 The File Group is

 Group and Others have no rights, reflecting the fact that the file is on an NCP

root

volume.

Generally speaking, these POSIX permissions do not cause any problems. They do not affect NetStorage functionality for the user in this configuration because

Home@EXAMPLE_TREE

is an

NCP storage location object; NCP file and directory trustee assignments govern access, not

POSIX permissions. If the user accesses the files through a Novell Client

, NCP assignments

govern.

12 On the lab workstation, in NetStorage, click the Linux_Home_Directories storage location.

98 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

After a few moments, a message displays indicating that NetStorage cannot access the location. This is because the ncp_edir user is not LUM-enabled and therefore has no SSH access to the server.

13 Continue with the next section, Exercises for nss_lum-edir.

11.6 Exercises for nss_edir

 Section 11.6.1, “What nss_edir Can Do,” on page 99

 Section 11.6.2, “Using NetStorage,” on page 99

11.6.1 What nss_edir Can Do

This user has the following service access:

Table 11-5 nss_edir Service Access

Service Details Explored for This User in This Guide

novdocx (en) 22 June 2009

iFolder 3.8 Can create and share its own iFolders and

accept invitations from others to share their iFolders.

Novell AFP Can access any NSS directories to which it

has rights.

Access rights to directories are governed by the NSS file system, allowing the user to only see and do what it has rights for.

Novell CIFS Can access any NSS directory to which it

has rights.

Access rights to directories are governed by the NSS file system, allowing the user to only see and do what it has rights for.

NetStorage Can access its home directory through

NetStorage because all home directories created through iManager and stored as attributes in eDirectory are exposed through the HOME@EXAMPLE_TREE default storage location.

iPrint Can install and use the printer made

available in Chapter 9, “iPrint,” on page 79.

See Section 11.10, “Macintosh Exercises

and Novell AFP,” on page 104.

Yes

11.6.2 Using NetStorage

1 Log in to the Windows workstation as the nss_edir user.

2 When the iFolder wizard launches, click Cancel.

3 On the Windows workstation in your browser, log into NetStorage by using the following

URL:

http://IP or DNS/netstorage

Getting Acquainted with OES 99

where IP or DNS is your OES 2 server’s IP address or DNS name.

novdocx (en) 22 June 2009

4 Type

5 In the left navigation frame, click Home@EXAMPLE_TREE.

6 Click File > Upload.

7 Click the Browse button and navigate to the Shared Documents folder, then select the first file

8 Click the Plus sign (+) by the Browse button to add another field. Then click Browse, select the

9 Click Upload.

10 Select

11 Upload

12 Right-click

13 Click View > Show Deleted Files.

14 Select

15 Click OK.

nss_edir

click OK.

This share point links directly to the NSS home directory for the user that is specified in eDirectory.

If needed, allow the pop-up and repeat this step.

and click OK.

next file, and repeat this step until all four files are selected.

MyPrivateFile.txt

The file is removed from the list, but because this is an NSS volume with Salvage enabled, the file is not gone from the NSS file system.

junk.txt

as the User Name, type the associated password in the Password field, then

, then click File > Rename and rename the file to

again.

junk.txt

and select Delete, then click OK.

, then click File > Undelete.

junk.txt

Notice that the file is still displayed as a deleted file and an error is indicated in the lower left frame.

This is because NSS cannot track POSIX ownership of files for users that are not LUMenabled. For more information, see “Services That Do Not Require LUM-Enabled Access But

Have Some LUM Requirements” in the OES 2 SP1: Planning and Implementation Guide.

If nss_edir were using the Novell Client, the file could be salvaged through the client, but because we are not exploring the Novell Client in this version of the Lab Guide, this is a good place to look at a few of the administrative features for NSS volumes that are available to eDirectory Admin users through NetStorage.

16 Continue with the next section, Administrative Tasks Available in NetStorage.

11.7 Administrative Tasks Available in NetStorage

 Section 11.7.1, “Recovering the junk.txt File,” on page 100

 Section 11.7.2, “Setting Rights to TeamProjectReadOnly.txt,” on page 101

 Section 11.7.3, “Setting Rights to TeamProjectWrite.txt,” on page 101

11.7.1 Recovering the junk.txt File

1 Log in to NetStorage as the eDirectory Admin user and browse to the

directory.

nss_edir

home

100 OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

Novell Open Enterprise Server Lab Guide for Linux

Specifications and Main Features

Frequently Asked Questions

User Manual

OES 2 SP2: Lab Guide for Linux and Virtualized NetWare

1 Installing the OES 2 SP2 Server in Your Lab 11

2 Installing a NetWare Virtual Machine 27

3 eDirectory, Users and Groups, and Identity Services 45

4 eDirectory Linux Access (LUM) 59

5 Novell CIFS on OES 2 65

6 NetWare CIFS and AFP on OES 2 67

7Novell AFP 71

8 iFolder 3.8 73

9iPrint 79

10 NetStorage 85

11 Getting Acquainted with OES 89

A Supplementary Information 107

B Documentation Updates 111

About This Guide

1.1 Lab Setup Requirements

Installing the OES 2 SP2 Server in Your Lab

1.2 Obtaining Installation Media

1.2.1 Identifying the Files to Download

1.2.2 Downloading the Files

1.2.3 Creating the Installation Media

1.3 Installing the Server Software

1.3.1 Prerequisites

1.3.2 Procedure

1.4 Setting the Root Password, Configuring the Network, and Updating the Server

1.5 Configuring eDirectory and OES Services

1.6 Setting Up the Graphical User Interface

1.7 Completing the EVMS Configuration

1.8 Setting Up the Server as an SLP Directory Agent

1.9 Accessing iManager

1.10 Configuring the Browser for the eDirectory CA

1.10.1 Exporting the CA’s Self-Signed Certificate

1.10.2 Importing the CA Certificate into Mozilla Firefox on Windows

1.11 Enabling Pop-Ups for iManager

2.1 Virtualization Host Server Requirements

Installing a NetWare Virtual Machine

2.2 Installing the Virtualization Host Server

2.2.1 Prerequisites

2.2.2 Starting the Installation

2.2.3 Setting the Root Password, Configuring the Network, and Updating the Server

2.2.4 Configuring LDAP and OES Services

2.2.5 Setting Up the Graphical User Interface

2.2.6 Booting with the Xen Kernel

2.3 Installing the NetWare 6.5 SP8 Virtual Machine

2.3.1 Disabling the Alt+Esc Shortcut on the VM Host Server

2.3.2 Downloading the NetWare ISO File

2.3.3 Creating a Virtual Machine and Installing NetWare

3.1 Using the eDirectory Information in This Guide

eDirectory, Users and Groups, and Identity Services

3.2 An Introduction to eDirectory Planning

3.2.1 Your Lab’s eDirectory Tree

3.2.2 Your Current Lab Tree

3.2.3 Expanding Your Lab Tree

3.3 Setting Up Role-Based Services

3.4 Updating the iManager Plug-in Modules

3.5 Creating a Context for Your Users and Groups

3.6 Setting Up Universal Password for Users

3.6.1 Creating a Universal Password Policy to Support Both AFP and CIFS

3.6.2 Assigning the Universal Password Policy to the USERS Container

3.7 Creating NCP and NSS Volumes for Home Directories

3.7.1 Home Directories on OES 2

3.7.2 Home Directories on NetWare 6.5

3.7.3 Summary of Lab Home Directories and Purposes

3.8 Creating Users

3.9 A Note about Identity Manager 3.6 Bundle Edition

eDirectory Linux Access (LUM)

4.1 Overview of Linux User Management

4.2 Creating Group Objects

4.3 Enabling the LUMUsers Group for Linux User Management (LUM)

4.4 Allowing SSH Access

4.4.1 Allowing SSH Access Through the Firewall

4.4.2 Adding SSH as an Allowed Service in LUM

4.4.3 Verifying SSH Access

4.5 Creating a Home Directory for the linux* Users

Novell CIFS on OES 2

5.1 Overview of Novell CIFS