Novell OPEN ENTERPRISE SERVER 2 SP3 Implementation Manual

Download

Page 1

Novell®

www.novell.com

Planning and Implementation Guide

Open Enterprise Server

2 SP3

December 2010

AUTHORIZED DOCUMENTATION

Page 2

Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export contr ols and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the

Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on

exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2009–2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com

Online Documentation: To access the latest online documentation for this and other Novell products, see

the Novell Documentation Web page (http://www.novell.com/documentation).

Novell Trademarks

For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/

trademarks/tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

Page 3

Contents

About This Guide 13

1 What’s New or Changed 15

1.1 Links to What's New Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1.2 New or Changed in OES 2 SP3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

1.2.1 Common Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.2.2 Linux User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.2.3 Log File Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.2.4 OpenSLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.2.5 QuickFinder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.2.6 New in eDirectory 8.8.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.3 New or Changed in OES 2 SP2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.3.1 Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.3.2 Base Platform Is SLES 10 SP3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.3.3 CIFS DFS Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.3.4 Create EVMS Proposal Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.3.5 Cross-Protocol File Locking Change. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.3.6 Domain Services for Windows Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3.7 Java Console for DNS/DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3.8 Performance Increases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3.9 Pure-FTPd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3.10 Upgrading Online. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3.11 Windows 7 Client Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.4 New in OES 2 SP1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.4.1 YaST Install Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.4.2 Novell AFP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1.4.3 Novell CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1.4.4 Novell Domain Services for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

1.4.5 Migration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

1.5 New in OES 2 (Initial Release). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

1.5.1 Dynamic Storage Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.5.2 OES 2 Migration Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.5.3 Xen Virtualization Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.6 Where’s NetWare?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.6.1 NetWare References in This Guide and Elsewhere . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.6.2 NetWare Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2 Welcome to Open Enterprise Server 2 23

3 Planning Your OES 2 Implementation 25

3.1 What Services Are Included in OES 2? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

3.2 Which Services Do I Need?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.3 Exploring OES 2 services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.4 Plan for eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.5 Prepare Your Existing eDirectory Tree for OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.6 Identify a Purpose for Each Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.7 Understand Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.8 Understand User Restrictions and Linux User Management. . . . . . . . . . . . . . . . . . . . . . . . . . 34

Contents 3

Page 4

3.9 Caveats to Consider Before You Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

3.9.1 Adding a Linux Node to a Cluster Ends Adding More NetWare Nodes. . . . . . . . . . . 34

3.9.2 Always Double-Check Service Configurations Before Installing . . . . . . . . . . . . . . . . 35

3.9.3 Back Button Doesn’t Reset Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.9.4 Common Proxy Password Should Usually Be Reset . . . . . . . . . . . . . . . . . . . . . . . . 35

3.9.5 Cluster Upgrades Must Be Planned Before Installing OES 2 . . . . . . . . . . . . . . . . . . 35

3.9.6 Cross-Protocol File Locking Has Changed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.9.7 Do Not Create Local (POSIX) Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.9.8 Do Not Upgrade to eDirectory 8.8 Separately. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.9.9 Follow the Instructions for Your Chosen Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.9.10 If You’ve Ever Had OES 1 Linux Servers with LUM and NSS Installed. . . . . . . . . . . 37

3.9.11 iFolder 3.8 Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

3.9.12 Incompatible TLS Configurations Give No Warning . . . . . . . . . . . . . . . . . . . . . . . . . 40

3.9.13 Installing into an Existing eDirectory Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

3.9.14 NetWare Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

3.9.15 Novell Distributed Print Services Cannot Migrate to Linux . . . . . . . . . . . . . . . . . . . . 42

3.9.16 NSS Caveats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

3.9.17 Plan eDirectory Before You Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

3.9.18 Samba Enabling Disables SSH Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

3.9.19 Unsupported Service Combinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

3.9.20 VNC Install Fails to Set the IP Address in /etc/hosts. . . . . . . . . . . . . . . . . . . . . . . . . 46

3.10 Consider Coexistence and Migration Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

3.11 Understand Your Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

3.11.1 OES 2 Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

3.11.2 About Your Installation Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

3.11.3 Use Predefined Server Types (Patterns) When Possible . . . . . . . . . . . . . . . . . . . . . 48

3.11.4 If You Want to Install in a Lab First . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

3.11.5 If You Want to Install NSS on a Single-Drive Linux Server . . . . . . . . . . . . . . . . . . . . 49

4 Getting and Preparing OES 2 Software 51

4.1 Do You Have Upgrade Protection? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

4.2 Do You Want 32-Bit or 64-Bit OES? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

4.3 Do You Want to Purchase OES 2 or Evaluate It? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

4.4 Evaluating OES 2 Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

4.4.1 Understanding OES 2 Software Evaluation Basics. . . . . . . . . . . . . . . . . . . . . . . . . . 53

4.4.2 Downloading OES 2 SP3 Software from the Novell Web Site. . . . . . . . . . . . . . . . . . 53

4.4.3 Preparing the Installation Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

4.4.4 Installing OES 2 for Evaluation Purposes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

4.4.5 Evaluating OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

4.4.6 Installing Purchased Activation Codes after the Evaluation Period Expires . . . . . . . 55

4.5 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

4.5.1 The OES 2 Licensing Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

4.5.2 SLES Licensing Entitlements in OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

4.5.3 OES 2 Doesn’t Support NLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

5 Installing OES 2 57

5.1 Installing OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

5.1.1 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

5.2 Installing OES 2 Servers in a Xen VM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

6 Caveats for Implementing OES 2 Services 59

6.1 AFP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

6.1.1 Anti-Virus Solutions and AFP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

4 OES 2 SP3: Planning and Implementation Guide

Page 5

6.2 Avoiding POSIX and eDirectory Duplications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

6.2.1 The Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

6.2.2 Three Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

6.2.3 Avoiding Duplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

6.3 CIFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

6.3.1 Changing the Server IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

6.4 ConsoleOne Can Cause JClient Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

6.5 CUPS on OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

6.6 DSfW: MMC Password Management Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

6.7 eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

6.7.1 Avoid Uninstalling eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

6.7.2 Avoid Renaming Trees and Containers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

6.7.3 Default Static Cache Limit Might Be Inadequate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

6.7.4 eDirectory Not Restarting Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.7.5 One Instance Only. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.7.6 Special Characters in Usernames and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.8 iFolder 3.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.9 iPrint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.9.1 Cluster Failover Between Mixed Platforms Not Supported . . . . . . . . . . . . . . . . . . . . 65

6.9.2 Printer Driver Uploading on OES 2 Might Require a CUPS Administrator Credential 65

6.9.3 Printer Driver Uploading Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

6.9.4 iManager Plug-Ins Are Platform-Specific. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

6.9.5 iPrint Client for Linux Doesn't Install Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . 65

6.9.6 iPrint Disables CUPS Printing on the OES 2 Server . . . . . . . . . . . . . . . . . . . . . . . . . 65

6.10 LDAP—Preventing “Bad XML” Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

6.11 LUM Cache Refresh No Longer Persistent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

6.12 Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

6.12.1 iManager RBS Configuration with OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6.12.2 Storage Error in iManager When Accessing a Virtual Server . . . . . . . . . . . . . . . . . . 67

6.12.3 Truncated DOS-Compatible Short Filenames Are Not Supported at a Terminal Prompt 67

6.13 NCP Doesn’t Equal NSS File Attribute Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

6.14 Novell-tomcat Is for OES Use Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

6.15 NSS (OES 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

6.15.1 Understanding Name Space Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

6.15.2 The Role of EVMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

6.16 OpenLDAP on OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

6.17 Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

6.18 Virtualization Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

6.18.1 Always Close Virtual Machine Manager When Not in Use . . . . . . . . . . . . . . . . . . . . 69

6.18.2 Always Use Timesync Rather Than NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

6.18.3 Backing Up a Xen Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

6.18.4 Time Synchronization and Virtualized OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

6.18.5 NSS Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

7 Upgrading to OES 2 71

7.1 Caveats to Consider Before Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

7.1.1 About Previously Installed Packages (RPMs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

7.1.2 iManager 2.5 Replaced by iManager 2.7 on NetWare. . . . . . . . . . . . . . . . . . . . . . . . 71

7.1.3 OES 1 Linux to OES 2 Service Differences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

7.1.4 Only One eDirectory Instance Is Supported on OES Servers . . . . . . . . . . . . . . . . . . 72

7.2 OES 2 SP3 Upgrade Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

7.3 NetWare 6.5 SP8 Upgrade Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Contents 5

Page 6

8 Migrating and Consolidating Existing Servers and Data 73

8.1 Supported OES 2 SP3 Migration Paths. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

8.2 Migration Tools and Purposes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

8.2.1 OES 2 SP3 Migration Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

8.2.2 Migrate Windows Shares Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

9 Virtualization in OES 2 75

9.1 Graphical Overview of Virtualization in OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

9.2 Why Install OES Services on Your VM Host? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

9.3 Services Supported on VM Hosts and Guests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

10 Clustering and High Availability 79

11 Managing OES 2 81

11.1 Overview of Management Interfaces and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

11.2 Using OES 2 Welcome Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

11.2.1 The Welcome Site Requires JavaScript, Apache, and Tomcat . . . . . . . . . . . . . . . . . 82

11.2.2 Accessing the Welcome Web Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

11.2.3 The Welcome Web Site Is Available to All Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

11.2.4 Administrative Access from the Welcome Web Site . . . . . . . . . . . . . . . . . . . . . . . . . 83

11.3 OES Utilities and Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

11.4 SSH Services on OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

11.4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

11.4.2 Setting Up SSH Access for LUM-enabled eDirectory Users . . . . . . . . . . . . . . . . . . . 93

12 Network Services 97

12.1 TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

12.1.1 Coexistence and Migration Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

12.2 DNS and DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

12.2.1 DNS Differences Between NetWare and OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

12.2.2 DHCP Differences Between NetWare and OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . 99

12.3 Time Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

12.3.1 Overview of Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

12.3.2 Planning for Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

12.3.3 Coexistence and Migration of Time Synchronization Services . . . . . . . . . . . . . . . . 106

12.3.4 Implementing Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

12.3.5 Configuring and Administering Time Synchronizati on . . . . . . . . . . . . . . . . . . . . . . . 109

12.3.6 Daylight Saving Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

12.4 Discovery Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

12.4.1 Novell SLP and OpenSLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

12.4.2 WinSock and Discovery Is NetWare only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

12.4.3 UDDI and Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

12.4.4 CIMOM and Discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

12.5 SLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

12.5.1 Why SLP Is Needed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

12.5.2 Comparing Novell SLP and OpenSLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

12.5.3 Setting Up OpenSLP on OES 2 Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

12.5.4 Using Novell SLP on OES 2 Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

12.5.5 SLP Changes in SP3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

6 OES 2 SP3: Planning and Implementation Guide

Page 7

13 Storage and File Systems 121

13.1 Overview of OES 2 Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

13.1.1 Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

13.1.2 iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

13.1.3 File System Support in OES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

13.1.4 Storage Basics by Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

13.1.5 Storage Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

13.1.6 NetWare Core Protocol Support (Novell Client Support) on Linux . . . . . . . . . . . . . 126

13.2 Planning OES File Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

13.2.1 Directory Structures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

13.2.2 File Service Support Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

13.2.3 General Requirements for Data Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

13.2.4 OES 2 Storage Planning Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

13.2.5 NSS Planning Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

13.3 Coexistence and Migration of Storage Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

13.3.1 MySQL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

13.3.2 OES 2 Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

13.3.3 NetWare 6.5 SP8 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

13.4 Configuring and Maintaining Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

13.4.1 Managing Directories and Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

13.4.2 Managing NSS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

13.4.3 Optimizing Storage Performance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

14 eDirectory, LDAP, and Domain Services for Windows 137

14.1 Overview of Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

14.2 eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

14.2.1 Installing and Managing eDirectory on OES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

14.2.2 Planning Your eDirectory Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

14.2.3 eDirectory Coexistence and Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

14.3 LDAP (eDirectory) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

14.3.1 Overview of eDirectory LDAP Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

14.3.2 Planning eDirectory LDAP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

14.3.3 Migration of eDirectory LDAP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

14.3.4 eDirectory LDAP Implementation Suggestions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

14.4 Domain Services for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

14.4.1 Graphical Overview of DSfW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

14.4.2 Planning Your DSfW Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

14.4.3 Implementing DSfW on Your Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

15 Users and Groups 147

15.1 Creating Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

15.2 Linux User Management: Access to Linux for eDirectory Users . . . . . . . . . . . . . . . . . . . . . . 147

15.2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

15.2.2 Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

15.2.3 LUM Implementation Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

15.3 Identity Management Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

15.4 Using the Identity Manager 3.6.1 Bundle Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

15.4.1 What Am I Entitled to Use? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

15.4.2 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

15.4.3 Installation Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

15.4.4 Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

15.4.5 Activating the Bundle Edition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Contents 7

Page 8

16 Access Control and Authentication 161

16.1 Controlling Access to Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

16.1.1 Overview of Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

16.1.2 Planning for Service Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

16.1.3 Coexistence and Migration of Access Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

16.1.4 Access Implementation Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

16.1.5 Configuring and Administering Access to Services . . . . . . . . . . . . . . . . . . . . . . . . . 170

16.2 Authentication Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

16.2.1 Overview of Authentication Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

16.2.2 Planning for Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

16.2.3 Authentication Coexistence and Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

16.2.4 Configuring and Administering Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

17 File Services 177

17.1 Overview of File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

17.1.1 Using the File Services Overviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

17.1.2 FTP Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

17.1.3 NetWare Core Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

17.1.4 NetStorage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

17.1.5 Novell AFP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

17.1.6 Novell CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

17.1.7 Novell iFolder 3.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

17.1.8 Novell Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

17.2 Planning for File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

17.2.1 Deciding Which Components Match Your Needs . . . . . . . . . . . . . . . . . . . . . . . . . . 187

17.2.2 Comparing Your CIFS File Service Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

17.2.3 Planning Your File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

17.3 Coexistence and Migration of File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

17.3.1 Novell Client (NCP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

17.3.2 NetStorage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

17.3.3 Novell AFP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

17.3.4 Novell CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

17.3.5 Novell iFolder 3.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

17.3.6 Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

17.4 Aligning NCP and POSIX File Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

17.4.1 Managing Access Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

17.4.2 Providing a Private Work Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

17.4.3 Providing a Group Work Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

17.4.4 Providing a Public Work Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

17.4.5 Setting Up Rights Inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

17.5 Novell FTP (Pure-FTPd) and OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

17.5.1 Configuring Pure-FTPd on an OES 2 Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

17.5.2 Administering and Managing Pure-FTPd on an OES 2 Server . . . . . . . . . . . . . . . . 197

17.5.3 Cluster Enabling Pure-FTPd in an OES 2 Environment . . . . . . . . . . . . . . . . . . . . . 201

17.5.4 Troubleshooting PureFTPd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

17.6 NCP Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

17.6.1 The Default NCP Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

17.6.2 Creating NCP Home and Data Volume Pointers. . . . . . . . . . . . . . . . . . . . . . . . . . . 202

17.6.3 Assigning File Trustee Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

17.6.4 NCP Caveats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

17.6.5 NCP Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

17.7 NetStorage Implementation and Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

17.7.1 About Automatic Access and Storage Locations. . . . . . . . . . . . . . . . . . . . . . . . . . . 204

17.7.2 About SSH Storage Locations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

17.7.3 Assigning User and Group Access Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

8 OES 2 SP3: Planning and Implementation Guide

Page 9

17.7.4 Authenticating to Access Other Target Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . 204

17.7.5 NetStorage Authentication Is Not Persistent by Default . . . . . . . . . . . . . . . . . . . . . 205

17.7.6 NetStorage Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

17.8 Novell AFP Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

17.8.1 Implementing Novell AFP File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

17.8.2 Maintaining Novell AFP File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

17.9 Novell CIFS Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

17.9.1 Implementing Novell CIFS File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

17.9.2 Maintaining Novell CIFS File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

17.10 Novell iFolder 3.8 Implementation and Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

17.10.1 Managing Novell iFolder 3.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

17.10.2 Configuring Novell iFolder 3.8 Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

17.10.3 Creating and Enabling Novell iFolder 3.8 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

17.10.4 Novell iFolder 3.8 Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

17.11 Samba Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

17.11.1 Implementing Samba File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

17.11.2 Maintaining Samba File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

18 Search Engine (QuickFinder) 209

19 Print Services 211

19.1 Overview of Print Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

19.1.1 Using This Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

19.1.2 iPrint Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

19.1.3 iPrint Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

19.2 Planning for Print Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

19.3 Coexistence and Migration of Print Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

19.4 Print Services Implementation Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

19.4.1 Initial Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

19.4.2 Implementation Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

19.4.3 Other Implementation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

19.5 Print Services Maintenance Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

20 Web Services 217

21 Security 219

21.1 Overview of OES Security Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

21.1.1 Application Security (AppArmor) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

21.1.2 NSS Auditing Engine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

21.1.3 Encryption (NICI). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

21.1.4 General Security Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

21.2 Planning for Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

21.2.1 Comparing the Linux and the Novell Trustee File Security Models. . . . . . . . . . . . . 221

21.2.2 User Restrictions: Some OES 2 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

21.3 Configuring and Administering Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

21.4 Links to Product Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

21.5 Links to Anti-Virus Partners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

22 Certificate Management 227

22.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

22.1.1 SLES Default Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

22.1.2 OES 2 Certificate Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Contents 9

Page 10

22.1.3 Multiple Trees Sharing a Common Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

22.2 Setting Up Certificate Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 30

22.2.1 Setting Up Automatic Certificate Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

22.2.2 Eliminating Browser Certificate Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

22.3 If You Don’t Want to Use eDirectory Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

A Adding Services to OES 2 Servers 235

B Changing an OES 2 Server’s IP Address 237

B.1 Caveats and Disclaimers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

B.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

B.2.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

B.2.2 iPrint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

B.2.3 Clustering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

B.3 Changin g the Server’s Address Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

B.4 Reconfiguring the OES Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

B.5 Repairing the eDirectory Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

B.6 Completing the Server Reconfig uration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

B.6.1 QuickFinder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

B.6.2 DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

B.6.3 DSfW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

B.6.4 iPrint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

B.6.5 NetStorage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

B.7 Modifying a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

B.8 Checking SLES Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

B.9 Reconfiguring Services on Other Servers That Point to This Server. . . . . . . . . . . . . . . . . . . 243

C Updating/Patching OES 2 Servers 245

D Backup Services 247

D.1 Services for End Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

D.2 System-Wide Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

D.2.1 Links to Backup Partners. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

D.2.2 Novell Storage Management Services (SMS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

D.2.3 SLES 10 Backup Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

E Quick Reference to OES 2 User Services 249

F OES 2 SP3 Browser Support 251

G Client/Workstation OS Support 253

H OES 2 Service Scripts 255

I System User and Group Management in OES 2 SP3 259

I.1 About System Users and Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

I.1.1 Types of OES System Users and Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

I.1.2 OES System Users and Groups by Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

I.2 Understanding Proxy Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

10 OES 2 SP3: Planning and Implementation Guide

Page 11

I.2.1 What Are Proxy Users?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

I.2.2 Why Are Proxy Users Needed on OES? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

I.2.3 Which Services Require Proxy Users and Why?. . . . . . . . . . . . . . . . . . . . . . . . . . . 262

I.2.4 What Rights Do Proxy Users Have? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

I.3 Common Proxy User - New in SP3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

I.3.1 Common Proxy User FAQ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

I.3.2 Managing Common Proxy Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

I.4 Planning Your Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

I.4.1 About Proxy User Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

I.4.2 There Are No Proxy User Impacts on User Connection Licenses. . . . . . . . . . . . . . 274

I.4.3 Limiting the Number of Proxy Users in Your Tree. . . . . . . . . . . . . . . . . . . . . . . . . . 274

I.4.4 Password Management and Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

I.5 Implementing Your Proxy User Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

I.5.1 Tree-Wide Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

I.5.2 Service-Specific Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

I.5.3 Partition-Wide Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

I.5.4 Server-Wide Proxy User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

I.5.5 Individual Proxy User Per-Server-Per-Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

I.6 Proxy Users and Domain Services for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

I.7 System Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

I.8 System Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

I.9 Auditing System Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

J Administrative Users in OES 2 SP3 285

K Coordinating Password Policies Among Multiple File Services 287

K.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

K.2 Concepts and Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

K.2.1 Prerequisites for File Service Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

K.2.2 eDirectory contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

K.2.3 Password Policies and Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

K.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

K.3.1 Example 1: Complex Mixed Tree with a Mix of File Access Services and Users from

across the Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

K.3.2 Example 2: Mutually Exclusive Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

K.4 Deployment Gui delines for Different Servers and Deployment Scenarios. . . . . . . . . . . . . . . 2 91

K.4.1 Deployment Scenario 1: Complex Mixed Scenario with a Mix of File Access Services

291

K.4.2 Deployment Scenario 2: Mutually /Exclusive Users . . . . . . . . . . . . . . . . . . . . . . . . 293

K.4.3 Deployment Scenario 3: Simple deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

K.4.4 Modifying User Password Policies after AFP/CIFS/Samba/DSfW Is Installed . . . . 293

K.4.5 Addi ng New User eDirectory Contexts to AFP/CIFS after AFP/CIFS/Samba/DSfW Is

Installed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

K.4.6 Enabling File Access for DSfW Servers Across Domains. . . . . . . . . . . . . . . . . . . . 293

L Documentation Updates 295

Contents 11

Page 12

12 OES 2 SP3: Planning and Implementation Guide

Page 13

About This Guide

Purpose

This guide provides:

 Planning and implementation instructions  Service overviews  Links to detailed information in other service-specific guides.

Audience

This guide is designed to help network administrators

 Understand Open Enterprise Server 2 services prior to installing them.  Make pre-installation planning decisions.  Understand installation options for each platform.  Implement the services after they are installed.

Feedback

We want to hear your comments and suggestions about this manual and the other documentation included with OES 2. Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.

Documentation Updates

Changes to this guide are summarized in a Documentation Updates appendix at the end of this guide. The lack of such an appendix indicates that no changes have been made since the initial product release.

Additional Documentation

The OES 2 SP3: Getting Started with OES 2 and Vi rtua li zed N etWare is the hands-on coun terpart to this guide and helps network administrators:

 Set up a basic lab with an OES 2 server, a virtualized NetWare server, a test tree, and user

objects that represent the different types of users in OES 2.

 Use the exercises in the guide to explore how OES 2 services work.  Continue exploring to gain a soun d un derstand ing of how O ES 2 can b enefit their o rganization.

Additional documentation is also found on the OES 2 Documentation Web si te (http://

www.novell.com/documentation/oes2).

About This Guide 13

Page 14

Documentation Conventions

The terms OES 2 and OES 2 SP3 are both used in this guide. Generally, OES 2 SP3 is used to differentiate something that is new or changed for the SP3 release of OES 2. Unless otherwise indicated, all statements that refer to OES 2 also apply to OES 2 SP3 unless otherwise indicated.

In this documentation, a greater-than symbol (>) is used to separate actions within a step and items within a cross-reference path.

When a single pathname can be written with a backslash for some platforms, or a forward slash for other platforms, the pathname is presented with a forward slash to reflect the Linux* convention. Users of platforms that require a backslash, such as NetWare, should use backslashes as required by the software.

14 OES 2 SP3: Planning and Implementation Guide

Page 15

What’s New or Changed

This section summarizes the new features for each release of Novell Open Enterprise Server (OES)

 Section 1.1, “Links to What's New Sections,” on page 15  Section 1.2, “New or Changed in OES 2 SP3,” on page 16  Section 1.3, “New or Changed in OES 2 SP2,” on page 17  Section 1.4, “New in OES 2 SP1,” on page 19  Section 1.5, “New in OES 2 (Initial Release),” on page 21  Section 1.6, “Where’s NetWare?,” on page 22

1.1 Links to What's New Sections

The following table provides links to the What’s New sections in the documentation for all OES 2 products.

Table 1-1 What’s New

Product Link to What's New Section

Archive and Version Services 2.1 Linux Administration Guide

User Guide

DHCP Administration Guide Distributed File Services Administration Guide DNS Administration Guide Domain Services for Windows Administration Guide Dynamic Storage Technology Administration Guide File System Management Management Guide FTP (Pure-FTPd) Section 17.5, “Novell FTP (Pure-FTPd) and OES

2,” on page 196

Identity Manager 3.6 Getting Started Guide (http://www.novell.com/

documentation/idm36/idm_install/data/

be1l5dw.html)

iManager 2.7 Administration Guide Installation Installation Guide iPrint Administration Guide Linux User Management Technology Guide Migration Tool Administration Guide

What’s New or Changed

Page 16

Product Link to What's New Section

NCP Server for OES 2 Administration Guide NetStorage Administration Guide Novell AFP Administration Guide Novell CIFS Administration Guide Novell Client Linux

Windows XP/2003 Administration Guide

Windows Vista* Administration Guide

Novell Cluster Services (High Availability) Administration Guide Novell FTP (Pure-FTPd) Section 17.5, “Novell FTP (Pure-FTPd) and OES

2,” on page 196

Novell iFolder 3.8 Administration Guide

User Guide

Novell Remote Manager Administration Guide Novell Storage Services (NSS) Administration Guide NSS Auditing Client What’s New for VLOG OES 2 Installation Guide OpenWBEM Administration Guide QuickFinder 5 Administration Guide Samba (Linux) Administration Guide Server Health Monitoring This is now available in various Novell Remote

Manager dialog boxes on both platforms.

For more information, see “Health Monitoring

Services” on page 84.

Shadow Volumes See “Overview of Dynamic Storage Technology” in

the OES 2 SP3: Dynamic Storage Technology

Administration Guide.

SLP (OpenSLP) Section 12.5.5, “SLP Changes in SP3,” on

page 120

Storage Management Services (SMS) Administration Guide Virtualization (Xen*) Virtualization Overview

1.2 New or Changed in OES 2 SP3

 Section 1.2.1, “Common Proxy,” on page 17  Section 1.2.2, “Linux User Management,” o n page 17  Section 1.2.3, “Log File Location,” on page 17  Section 1.2.4, “OpenSLP,” on page 17

16 OES 2 SP3: Planning and Implementation Guide

Page 17

 Section 1.2.5, “QuickFinder,” on page 17  Section 1.2.6, “New in eDirectory 8.8.6,” on page 17

1.2.1 Common Proxy

 CIFS, DHCP, DNS, iFolder, LUM, NCS, and NetStorage now support OES common proxy.  Automatic password management for proxy users is now supported.

1.2.2 Linux User Management

In reponse to customer requests for improved LDAP performance, persistent searching for new Linux-enabled users and groups has been disabled in OES 2 SP3.

For more information, see Section 6.11, “LUM Cache Refresh No Longer Persistent,” on page 66 and “What’s New” in the OES 2 SP3: Novell Linux User Management Administration Guide.

1.2.3 Log File Location

Novell has added a single location to find all OES-related log files—

/var/opt/novell/log/oes

1.2.4 OpenSLP

OpenSLP now supports persistence of SLP registrations. The OpenSLP implementation is enhanced to achieve communication across multiple directory agents. For more information, see

OpenSLP Implementation in the OES 2 SP3: Planning and Implementation Guide.

1.2.5 QuickFinder

The QuickFinder included with OES 2 SP3 includes various File Reader Updates.

1.2.6 New in eDirectory 8.8.6

The new features included in eDirectory 8.8.6 are listed in the Novell eDirectory 8.8 What's New

Guide (http://www.novell.com/documentation/edir88/edir88new/data/front.html).

1.3 New or Changed in OES 2 SP2

This section summarizes the new features introduced in Novell Open Enterprise Server (OES) 2 SP2 that either involve multiple services or are not covered in service-specific documentation. For information on service-specific new features, see Section 1.1, “Links to What's New Sections,” on

page 15.

 Section 1.3.1, “Auditing,” on page 18  Section 1.3.2, “Base Platform Is SLES 10 SP3,” on page 18  Section 1.3.3, “CIFS DFS Support,” on page 18  Section 1.3.4, “Create EVMS Proposal Option,” on page 18  Section 1.3.5, “Cross-Protocol File Lock ing Change,” on page 18

What’s New or Changed 17

Page 18

 Section 1.3.6, “Domain Services for Windows Installation,” on page 19  Section 1.3.7, “Java Console for DNS/DHCP,” on page 19  Section 1.3.8, “Performance Increases,” on page 19  Section 1.3.9, “Pure-FTPd,” on page 19  Section 1.3.10, “Upgrading Online,” on page 19  Section 1.3.11, “Windows 7 Client Support,” on page 19

1.3.1 Auditing

OES 2 SP2 includes support for third-party developers to create au diting products. For more information, see Section 21.1.2, “NSS Auditing Engine,” on page 219.

1.3.2 Base Platform Is SLES 10 SP3

 With the release of OES 2 SP2, the Linux platform on which OES services run is changed from

SUSE Linux Enterprise Server (SLES) 10 SP2 to SLES 10 SP3 and includes Tomcat 5.5.

1.3.3 CIFS DFS Support

This has been added in OES 2 SP2.

1.3.4 Create EVMS Proposal Option

The Partitioner in the YaST Install offers an option to “Create an EVMS Proposal.” For unpartitioned devices over 20 GB in size, this option creates a bo ot partit ion and a contain er for

swap

the device as unpartitioned free space. The default larger, depending on the amount of RAM the server has.

IMPORTANT: This option applies only if you are installing an NSS volume on the same disk as your Linux root (/) partition.

and / (root) volumes in up to the first 20 GB, and leaves the remainder of the space on the

partition size is 10 GB. The swap size is 1 GB or

1.3.5 Cross-Protocol File Locking Change

Starting with OES 2 SP2, cross-protocol file locking (CPL) is enabled by default as follows:

 All new servers with NCP installed ha ve CPL turned on.  If an upgraded server was not configured for CPL prior to the upgrade, CPL will be turned on.  If an upgraded server was configured for CPL prior to the upgrade, the CPL setting

immediately preceding the upgrade is retained.

If a server is only accessed through NCP (AFP and CIFS are not installed), you can achieve an NCP performance gain of about 10%. However, there is a critical caveat. If you later install AFP or CIFS and you forget to re-enable CPL, data corruption can occur.

18 OES 2 SP3: Planning and Implementation Guide

Page 19

There are also obvious implications for clustering because the CPL settings for clustered nodes must match. For example, if an unmodified OES 2 SP1 node is clustered with an unmodified OES 2 SP2 node, their CPL settings will conflict and one of the nodes must be modified.

For more information about cross-protocol locking, see “Configuring Cross-Protocol File Locks for

NCP Server” in the OES 2 SP3: NCP Server for Linux Administration Guide.

1.3.6 Domain Services for Windows Installation

The DSfW installation has been rearchitected with a focus on usability and simplicity.

1.3.7 Java Console for DNS/DHCP

The Java Console for DNS/DHCP management is now available for Linux.

1.3.8 Performance Increases

AFP, NCP, and Samba all have improved performance in OES 2 SP2.

1.3.9 Pure-FTPd

Gateway parity with NetWare.

1.3.10 Upgrading Online

Support for upgrading through the SP Channel is included. For more information, see “Using the

Patch Channel to Upgrade (Online)” in the OES 2 SP3: Installation Guide.

1.3.11 Windows 7 Client Support

OES 2 SP2 service clients are supported on Windows 7.

1.4 New in OES 2 SP1

 Section 1.4.1, “YaST Install Changes,” on page 19  Section 1.4.2, “Novell AFP,” on page 20  Section 1.4.3, “Novell CIFS,” on page 20  Section 1.4.4, “Novell Domain Services for Windows,” on page 21  Section 1.4.5, “Migration Tool,” on page 21

1.4.1 YaST Install Changes

The default behavior of the option to use eDirectory certificates for HTTPS services changed in OES 2 SP1.

In OES 2, eDirectory certificates were only used by default if you were installing a new server.

What’s New or Changed 19

Page 20

In OES 2 SP1, eDirectory certificates are used by default in all installation and upgrade scenarios, except when you are upgrading to SP1 from OES 2. For an upgrade, the option that you selected for the initial installation is r etained.

For a brief summary of what happens in ea ch scenario, see Table 22-2 on page 232.

1.4.2 Novell AFP

Novell AFP is now available on the Linux platform to provide feature parity with NetWare®.

 Support for AFP v3.1 and AFP v3.2, providing network file services for Mac OS X and classic

Mac OS workstations

 Support for Universal Password greater than 8 characters  Integration with Novell eDirectory  Integration with the Novell Storage Services (NSS) file system  Support for Unicode filenames  Integration with the Novell Trustee Model for file access  Support for regular eDirectory users (no LUM required)  Cross-protocol file locking with NCP

Novell AFP also offers the following features not available for NetWare:

 DHX authentication mechanism: Provides a secure way to transport passwords of up to 64

characters to the server.

 Management: Yo u can use iManager to administer and configure the AFP server on OES 2.

iManager support for AFP on NetWare is unchanged and includes only starting and stopping the server.

 Auditing: You can audit the AFP server to check on the authentication process and any

changes that occur to the configuration parameters of the server.

For more information, see the OES 2 SP3: Novell AFP For Linux Administration Guide.

1.4.3 Novell CIFS

Novell CIFS is now available on Linux to provide feature parity with the existing NetWare release. It offers the following features:

 Support for Windows 2000, XP, 2003, and Windows Vista 32-bit  Support for Universal Password greater than 8 characters  Support for NTLMv1 authentication mode  Integration with Novell eDirectory  Integration with the Novell Storage Services (NSS) file system  Support for Unicode filenames  Integration with the Novell Trustee Model for file access  Support for regular eDirectory users (no LUM required)  Cross-protocol file locking is planned for a future release

20 OES 2 SP3: Planning and Implementation Guide

Page 21

For more information, see the OES 2 SP3: Novell CIFS for Linux Administration Guide.

1.4.4 Novell Domain Services for Windows

This service creates seamless cross-authentication capabilities between Microsoft Active Directory on Windows servers and Novell eDirectory on OES 2 SP2 servers, and offers the following functionality:

 Administrators with Windows networking environments can set up one or more “virtual”

Active Directory domains in an eDirectory tree.

 Administrators can manage users and groups through MMC or iManager.  eDirectory users can authenticate to the virtual domain from a Windows workstation without

the Novell Client™ for Windows being installed.

 eDirectory users can also access file services on

 Novell Storage Services (NSS) volumes on Linux servers by using Samba shares.  NTFS files on Windows servers that use CIFS shares.  Shares in trusted Active Directory forests.

For more information, see the OES 2 SP3: Domain Services for Windows Administration Guide.

1.4.5 Migration Tool

The new OES 2 SP2 Migration Tool uses a plug-in architecture and comprises multiple Linux command line utilities and a GUI wrapper.

The Migration Tool supports:

 A single, enhanced GUI interface for migrating all OES services  Service migrations from either a single source server or multiple source servers (consolidat ion)

to a target server.

 Transfer ID (server ID swap) migrations—transferring the services and identity from one

server to another server.

For more information, see the OES 2 SP3: Migration Tool Administration Guide.

1.5 New in OES 2 (Initial Release)

Novell Open Enterprise Server 2 included the following major features and enhancements that were not included in OES 1. All features are retained in SP1 unless otherwise noted in Section 1.4, “New

in OES 2 SP1,” on page 19.

 Section 1.5.1, “Dynamic Storage Technology,” on page 22  Section 1.5.2, “OES 2 Migration Tools,” on page 22  Section 1.5.3, “Xen Virtualization Technology,” on page 22

What’s New or Changed 21

Page 22

1.5.1 Dynamic Storage Technology

OES 2 introduces Novell Dynamic Storage Technology, a unique storage solution that lets you combine a primary file tree and a shadow file tree so that they appear to NCP and Samba/CIFS users as one file tree. The primary and shadow trees can be located on NSS volumes on the same server or on different servers.

This lets you manage storage costs in new and efficient ways that were not previously possible. For more information, see the related sections in Chapter 13, “Storage and File Systems,” on

page 121 and the OES 2 SP3: Dynamic Storage Technology Administration Guide.

1.5.2 OES 2 Migration Tools

In addition to the legacy Server Consolida tion and Migration Toolkit, OES 2 includes new migration tools for migrating data and services from NetWare to OES 2.

For more information, see Chapter 8, “Migrating and Consolidating Existing Servers and Data,” on

page 73.

1.5.3 Xen Virtualization Technology

Both OES 2 and NetWare 6.5 SP8 can run in virtual machines on either an OES 2 or a SUSE® Linux Enterprise Server 10 SP1 or later server. This is especially valuable to those organizations that are deploying new hardware that doesn’t run NetWare as a physical installation.

For more information, see Chapter 9, “Virtualization in OES 2,” on page 75.

1.6 Where’ s NetWare?

Novell Open Enterprise Server SP3 does not include NetWare. Anyone who wants to deploy NetWare in an OES 2 SP3 environment should download NetWare 6.5 SP8 from the Novell

download site (http://download.novell.com/Download?buildid=dpIR3H1ymhk~).

1.6.1 NetWare References in This Guide and Elsewhere

Because many organizations are transitioning their network services from NetWare to OES, information to assist with upgrading from NetWare to OES 2 is included in this guide and in the OES 2 SP3 documentation set—especially in the OES 2 SP3: Upgrading to OES—Best Practices

Guide.

1.6.2 NetWare Documentation

For NetWare documentation, including installation and configuration instructions, see the NetWare

6.5 SP8 Online Documentation Web site (http://www.novell.com/documentation/nw65).

22 OES 2 SP3: Planning and Implementation Guide

Page 23

running

OES

• AFP

• Backup (SMS)

• Clustering (High Availability)

• DNS/DHCP

• Domain Services for Windows

• eDirectory

• CIFS

• FTP

• iFolder 3.x

• NetStorage

• Novell Client Access

• Management Tools

• iPrint

• QuickFinder

• Novell Storage Services (NSS)

SUSE Linux Enterprise ServerSUSE Linux Enterprise Server

Novell ServicesNovell Services

Welcome to Open Enterprise Server 2

Novell Open Enterprise Server 2 (OES 2) includes all the network services that organizations traditionally expect from Novell.

Figure 2-1 OES 2 Overview

NOTE: For a list of OES 2 services, see T able 3-1, “Service Comparison Between NetWare 6.5 SP8

and OES 2 SP3 Linux,” on page 25.

Welcome to Open Enterprise Server 2

Page 24

24 OES 2 SP3: Planning and Implementation Guide

Page 25

Planning Your OES 2 Implementation

As you plan which OES services to install, you probab ly have a number of qu estions. The fo llowing sections are designed to help answer your questions and alert you to the steps you should follow for a successful OES implementation.

 Section 3.1, “What Services Are Included in OES 2?,” on page 25  Section 3.2, “Which Servic es Do I Need?,” on page 32  Section 3.3, “Exploring OES 2 services,” on page 32  Section 3.4, “Plan for eDirectory,” on page 32  Section 3.5, “Prepare Yo ur Existing eDirectory Tree for OES 2,” on page 33  Section 3.6, “Identify a Purpose for Each Server,” on page 33  Section 3.7, “Understand Server Requirements,” on page 33  Section 3.8, “Understand User Restrictions and Linux User Management,” on page 34  Section 3.9, “Caveats to Consider Before You Install,” on page 34  Section 3.10, “Consider Coexistence and Migration Issues,” on page 46  Section 3.11, “Understand Your Installation Options,” on page 46

3.1 What Services Are Included in OES 2?

Table 3-1 summarizes OES services and the differences in the way these services are provided.

Although extensive, this list is not exhaustive. If you are interested in a service or technology not listed, or for documentation for listed services, see the OES Documentation Web site (http://

www.novell.com/documentation/oes2).

Table 3-1 Service Comparison Between NetWare 6.5 SP8 and OES 2 SP3 Linux

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

Access Control Lists Yes Yes In combination with NCP Server, Linux

supports the Novell trustee model for file access on NSS volumes and NCP volumes on Linux.

AFP (Apple* File Protocol)

Yes - NFAP Yes - Novell

AFP

AFP services on NetWare and OES are proprietary and tightly integrated with eDirectory and Novell Storage Services (NSS).

Planning Your OES 2 Implementation

Page 26

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

Apache Web Server Yes - NetWare

port of open source product

Archive and Version Services (Novell)

Backup (SMS)

Yes Yes Setup varies slightly, but there are no

Yes Yes SMS provides backup applications with a

 SMS  NSS-Xattr

CIFS (Windows File Services)

Yes - NFAP Yes - Novell

Yes - Standard Linux

CIFS and Novell Samba

Administration Instance vs. Public Instance on NetWare (http://www .novell.com/ documentation/nw65/web_apache_nw/ data/aipcu6x.html#aipcu6x).

What’s Different about Apache on NetWare (http://www.novell.com/documentation/ nw65/web_apache_nw/data/ail8hvj.html).

functional differences.

framework to develop complete backup and restore solutions. For information, see the

OES 2 SP3: Storage Management Services Administration Guide.

NSS provides extended attribute handling options for NSS on Linux. For information, see “Using Extended Attributes (xAttr)

Commands” in the OES 2 SP3: NSS File

System Administration Guide for Linux.

Both NFAP and Novell CIFS are Novell proprietary and tightly integrated with eDirectory and Novell Storage Services (NSS).

Samba is an open source product distributed with SUSE Linux Enterprise Server (SLES).

Novell Samba is enhanced by Novell with configuration settings for eDirectory LDAP authentication via Linux User Management (LUM). Novell Samba is not tightly integrated with NSS on Linux and works with any of the supported file systems.

Clustering Yes Yes “Product Features” in the OES 2 SP3:

Novell Cluster Services 1.8.8 Administration Guide for Linux.

“Product Features” in the NW6.5 SP8:

Novell Cluster Services 1.8.5 Administration Guide.

DFS (Novell Distributed File Services)

Yes Yes In combination with NCP Server, DFS

supports junctions and junction targets for NSS volumes on Linux and NetWare. DFS also supports junction targets for NCP volumes on non-NSS file systems, such as Reiser, Ext3, and XFS. The VLDB command offers additional options to manage entries in the VLDB for NCP volumes.

26 OES 2 SP3: Planning and Implementation Guide

Page 27

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

DHCP Y es Yes For a comparison between what is available

on OES 2 and NetWare, see Section 12.2.2,

“DHCP Differences Between NetWare and OES 2,” on page 99.

To plan your DHCP implementations, see “Planning a DHCP Strategy” in the OES 2

SP3: Novell DNS/DHCP Administration Guide and “Planning a DHCP Strategy” in

the NW 6.5 SP8: Novell DNS/DHCP

Services Administration Guide.

DNS Y es Yes For a comparison between what is available

on OES 2 and NetWare, see Section 12.2.1,

“DNS Differences Between NetWare and OES 2,” on page 98.

See “Planning a DNS Strategy” in the OES

2 SP3: Novell DNS/DHCP Administration Guide and “Planning a DNS Strategy” in the NW 6.5 SP8: Novell DNS/DHCP Services Administration Guide.

Dynamic Storage Technology

No Yes DST runs on OES 2. An NSS volume on

NetWare is supported only as the secondary volume in a shadow pair. When using DST in a cluster, each of the NSS volumes in a shadow pair must reside on

OES 2. eDirectory 8.8 Yes Yes No functional differences. eDirectory Certificate

Yes Yes No functional differences.

Server eGuide (White Pages) Yes No This functionality is now part of the Identity

Manager 3.6 User Application. For more

information, see the Identity Manager 3.6

Documentation Web Site. (http://

www.novell.com/documentation/idm36/

index.html).

FTP Server Yes Yes FTP file services on OES 2 servers are

provided by Pure-FTPd, a free (BSD),

secure, production-quality and standard-

conformant FTP server. The OES

implementation includes support for

eDirectory LDAP authentication and the

same FTP/SFTP gateway functionality as

on NetWare.

See Section 17.1.2, “FTP Services,” on

page 178.

Planning Your OES 2 Implementation 27

Page 28

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

Health Monitoring Services

Yes Yes The Health Monitoring Server, which was

included in OES 1, has been removed in

OES 2.

This is now available in various Novell

Remote Manager dialog boxes on both

platforms.

For more information, see “Health

Monitoring Services” on page 84.

Identity Manager 3.6.1

No Yes IDM 3.6.1 is not available on NetWare.

Bundle Edition iPrint Yes Yes See “Overview” in the OES 2 SP3: iPrint for

Linux Administration Guide, and “Overview”

in the NW 6.5 SP8: iPrint Administration

Guide.

IPX (Internetwork

Yes No Novell has no plans to port IPX to OES. Packet Exchange) from Novell

iSCSI Yes Yes The iSCSI target for Linux does not support

eDirectory access controls like the NetWare target does. Nor is the iSCSI initiator or target in OES 2 integrated with NetWare Remote Manager management. You use YaST management tools instead.

LDAP Server for

Yes Yes No functional differences. eDirectory

Multipath Device

Yes Yes NetWare uses NSS multipath I/O. Linux Management

MySQL Yes - NetWare

port of open

source product

Yes - Standard Linux

On the other hand, the iSCSI implementation for Linux is newer and performs better.

See Linux-iSCSI Project on the Web (http://

linux-iscsi.sourceforge.net).

See “Overview” in the NW 6.5 SP8: iSCSI

1.1.3 Administration Guide.

uses Device Mapper - Multipath that runs underneath other device management services.

See MySQL.com on the Web (http://

www.mysql.com).

See “Overview: MySQL” in the NW 6.5 SP8:

Novell MySQL Administration Guide.

28 OES 2 SP3: Planning and Implementation Guide

Page 29

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

NCP Volumes No Yes NCP Server on Linux supports creating

NCP volumes on Linux POSIX file systems such as Reiser, Ext3, and XFS.

For information, see “Managing NCP

Volumes” in the OES 2 SP3: NCP Server for

Linux Administration Guide.

NCP Server Yes Yes NCP services are native to NetWare 6.5

and NSS volumes; to have NCP services on OES, the NCP Server must be installed.

See “Benefits of NCP Server” in the OES 2

SP3: NCP Server for Linux Administration Guide.

NetStorage Yes Yes NetStorage on Linux offers connectivity to

storage locations through the CIFS, NCP, and SSH protocols. NetWare uses only NCP.

These and other differences are summarized in “NetStorage” on page 179.

NetWare Traditional File System

NetWare Traditional

Yes No Novell has no plans to port the NetWare

Traditional File System to Linux.

Yes N/A Volumes

NFS Yes - NFAP Yes - native to

Linux

For NetWare, see “Working with UNIX

Machines” in the NW 6.5 SP8: AFP, CIFS,

and NFS (NFAP) Administration Guide.

NICI (Novell

Yes Yes No functional differences. International Cryptography Infrastructure)

NMAS (Novell Modular

Yes Yes No functional differences. Authentication Services)

Novell Audit Yes No Novell Audit is not included with OES.

However, the Novell Audit 2.0 Starter pack is available for download at no cost on

Novell.com (http://www.novell.com/ downloads).

Novell Client for Windows and Linux

Y es Yes Novell Client connectivity to OES 2 requires

that the NCP Server be installed.

support Novell Cluster Services Yes Yes See “Product Features” in the OES 2 SP3:

Novell Cluster Services 1.8.8 Administration Guide for Linux.

See “Product Features” in the NW6.5 SP8:

Novell Cluster Services 1.8.5 Administration Guide.

Planning Your OES 2 Implementation 29

Page 30

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

Novell iFolder 2.x Yes No For migration information, see “Migrating

iFolder 2.x” in the OES 2 SP3: Migration

Tool Administration Guide

Novell iFolder 3.8 No Yes OES 2 SP3 includes Linux, Macintosh, and

Windows clients.

Novell Licensing Services

NSS (Novell Storage Services)

Yes No See Section 4.5.3, “OES 2 Doesn’t Support

NLS,” on page 56.

Yes Yes Most NSS services are available on both

platforms. For a list of NSS features that are not used on Linux, see “Cross-Platform

Issues for NSS” in the OES 2 SP3: NSS File

System Administration Guide for Linux.

NTPv3 Yes Yes The

ntpd.conf

file on NetWare can replace an OES server’s NTP configuration file without modification.

OpenSSH Yes Yes Netware includes a port of the open source

product. Linux includes the open source product itself.

See “Functions Unique to the NetWare

Platform” in the NW 6.5 SP8: OpenSSH

Administration Guide.

PAM (Pluggable Authentication Modules)

No Yes PAM is a Linux service that Novell

leverages to provide eDirectory authentication. eDirectory authentication is native on NetWare.

Pervasive.SQL Yes No Pervasive.SQL is available for Linux from

the Web (http://www.pervasive.com/ support/technical/online_manuals.asp).

PKI (Public Key

Yes Yes No functional differences.

Infrastructure) Printing Yes Yes See iPrint. QuickFinder Yes Yes See Search. RADIUS Yes Yes See the information on forge.novell.com

Samba No Yes Samba is an open source technology

30 OES 2 SP3: Planning and Implementation Guide

(http://forge.novell.com/modules/xfmod/ project/?edirfreeradius).

available on OES. Novell provides automatic configuration for authentication through eDirectory. For more information, see the OES2 SP3: Samba Administration

Guide.

Page 31

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

Search (QuickFinder) Yes Yes When indexing a file system, the

QuickFinder engine indexes only what it has rights to see.

On NetWare, it has full access to all mounted volumes. On Linux, it has rights to only the files that the novlwww user in the www group has rights to see.

For more information, see “Security

Characteristics” and “Generating an Index For a Linux-Mounted NSS Volume” in the

OES 2 SP3: Novell QuickFinder Server 5.0 Administration Guide.

SLP Yes - Novell

SLP

Y e s - OpenSLP For OES 2, see Section 12.5, “SLP,” on

page 111.

NetWare uses Novell SLP, which provides caching of Directory Agent scope information in eDirectory. This provides for sharing of scope information among DAs.

Starting with SP3, OpenSLP on Linux is customized to provide DA synchronization as well.

Software RAIDS (NSS volumes)

Yes (0, 1, 5, 10,

15)

Yes (0, 1, 5, 10, 15)

See “Understanding Software RAID

Devices” in the OES 2 SP3: NSS File

System Administration Guide for Linux.

Storage Management Services (SMS)

Yes Yes No functional differences, except that the

SBCON backup engine is not supported on Linux.

The nbackup engine is available for exploring SMS capabilities, but in a production environment, you should use a third-party, full-featured backup engine.

TCP/IP Yes Yes No functional differences. Timesync NLM Yes No Timesync will not be ported to Linux.

However, NTPv3 is available on both Linux and NetWare.

Tomcat Y e s Yes NetWare includes Tomcat 4 and a Tomcat 5

See “Time Services” on page 99.

servlet container for iManager 2.7. OES 2 includes Tomcat 5. There is no impact to any of the OES 2 administration tools, which are tested and supported on both platforms.

See “Administration Instance vs. Public

Instance on NetWare” (http:// www.novell.com/documentation/oes2/ web_tomcat_nw/data/ ahdyran.html#ahdyran)

Planning Your OES 2 Implementation 31

Page 32

Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues

Virtual Office (Collaboration)

WAN Traffic Manager Yes No Xen Virtualization

Guest

Xen Virtualization Host Server

Yes No Virtual Office has been replaced by Novell

Teaming + Conferencing. A separate purchase is required. For more information, see the Novell Teaming + Conferencing

Web Site (http://www.novell.com/products/ teaming/index.html).

Yes Yes NetWare 6.5 SP8 (and NetWare 6.5 SP 7)

can run on a paravirtualized machine. OES 2 can run on a paravirtualized machine or fully virtualized machine.

N/A Yes

3.2 Which Services Do I Need?

We recommend that you review the brief overviews included at the beginning of each service section in this guide to get a full picture of the solutions that OES 2 offers. It is not uncommon that administrators discover capabilities in OES that they didn’t know existed.

3.3 Exploring OES 2 services

We also recommend that you explore commonly used OES services by following the step-by-step instructions provided in the OES 2 SP3: Getting Started with OES 2 and Virtualized NetWare.

3.4 Plan for eDirectory

eDirectory is the heart of OES network services and security. If you are installing into an existing tree, be sure you understand the information in Section 14.2.3,

“eDirectory Coexistence and Migration,” on page 139.

If you are creating a new eDirectory tree on your network, you must do some additional planning before you install the first server into the tree. The first server is important for two reasons:

 You create the basic eDirectory tree structure during the first installation  The first server permanently hosts the Certificate Authority for your organ iz ati on

To ensure that your eDirectory tree meets your needs, take time to plan the following:

 Structure of the eDirectory tree: A well-designed tree provides containers for servers, users,

printers, etc. It is also optimized for efficient data transfer between geographically dispersed locations. For more information, see “Designing Your Novell eDirectory Network” in the

Novell eDirectory 8.8 Administration Guide.

 Time synchronization: eDirectory requires that all OES 2 servers, both NetWare and Linux,

be time synchronized. For more information, see Chapter 12.3, “Time Services,” on page 99.

32 OES 2 SP3: Planning and Implementation Guide

Page 33

 Partitions and replicas: eDirectory allows the tree to be partitioned for scalability. Replicas

(copies) of the partitions provide fault toleran ce with in the t ree. The first t hree servers inst alled into an eDirectory tree automatically receive replicas of the tree’s root partition. You might want to create additional partitions and replicas. For more information, see “Managing

Partitions and Replicas” in the Novell eDirectory 8.8 Administration Guide.

For information on these and other eDirectory planning tasks, see the Novell eDirectory 8.8

Administration Guide.

The OES 2 SP3: Getting Started with OES 2 and Virtualized NetWare provides a basic introduction to creating container objects as well as Group and User objects in eDirectory.

3.5 Prepare Your Existing eDirectory Tree for OES 2

If you are installing OES 2 into an exi s tin g tree, you must use Deployment Manager (loc ate d on the NetWare 6.5 SP8 DVD) to see whether your tree requires any updates.

For instructions on running Deployment Manager, see “Preparing to Install NetWare 6.5 SP8” in the

NW65 SP8: Installation Guide.

3.6 Identify a Purpose for Each Server

Large networks usually have one or more servers dedicated to providing a single network service. For example, one or more servers might be designated to provide Novell iFolder file services to network users while other servers provide iPrint printing services for the same users.

For smaller organizations, it is often not practical or cost effective to dedicate servers to providing a single service. For example, the same server might provide both file and print services to network users.

Prior to installing a new server on your network, you should identify the service or services that it will provide and see how it will integrate into your overall network service infrastructure.

3.7 Understand Server Requirements

OES 2 and NetWare 6.5 SP8 both have specific hardware and software requirements. Prior to installing OES, make sure your server machine and network environment meet the

requirements outlined in the following sections:

 OES 2 Server (Physical): “Preparing to Install OES 2 SP3” in the OES 2 SP3: Installation

Guide.

 OES 2 Server (Virtual): “System Requirements” in the OES 2 SP3: Installation Guide.  NetWare 6.5 SP8 Server (Physical): “Meeting System Requirements” in the NW65 SP8:

Installation Guide.

 NetWare 6.5 SP8 Server (Virtual): “Planning for NetWare VM Guest Servers” in the OES 2

SP3: Installation Guide.

Planning Your OES 2 Implementation 33

Page 34

3.8 Understand User Restrictions and Linux User Management

If you plan to use Linux User Management, be sure you understand the security implications before you accept the default PAM-enabled service settings. The implications are explained in

Section 21.2.2, “User Restrictions: Some OES 2 Limitations,” on page 223.

3.9 Caveats to Consider Before You Install

IMPORTANT: As support packs are released, there are sometimes new caveats identified. Be sure to always check the OES Readme (http://www.novell.com/documentation/oes2/oes_readme/data/

readme.html) for items specific to each support pack.

This section discusses the following installation/migration caveats:

 Section 3.9.1, “Adding a Linux Node to a Cluster Ends Adding More NetWare Nodes,” on

page 34

 Section 3.9.2, “Always Double-Check Service Configurations Before Installing,” on page 35  Section 3.9.3, “Back Button Doesn’t Reset Configuration Settings,” on page 35  Section 3.9.4, “Common Proxy Password Should Usually Be Reset,” on page 35  Section 3.9.5, “Cluster Upgrades Must Be Planned Before Installing OES 2,” on page 35  Section 3.9.6, “Cross-Protocol File Locking Has Changed,” on page 36  Section 3.9.7, “Do Not Create Local (POSIX) Users,” on page 36  Section 3.9.8, “Do Not Upgrade to eDirectory 8.8 Separately,” on page 37  Section 3.9.9, “Follow the Instructions for Your Chosen Platforms,” on pa ge 37  Section 3.9.10, “If You’ve Ever Had OES 1 Linux Servers with LUM and NSS Installed,” on

page 37

 Section 3.9.11, “iFolder 3.8 Considerations,” on page 40  Section 3.9.12, “Incompatible TLS Configurations Give No Warning,” on page 40  Section 3.9.13, “Installing into an Existing eDirectory Tree,” on page 41  Section 3.9.14, “NetWare Caveats,” on page 41  Section 3.9.15, “Novell Distributed Print Services Cannot Migrate to Linux,” on page 42  Section 3.9.16, “NSS Caveats,” on page 42  Section 3.9.17, “Plan eDirectory Before You Install,” on page 43  Section 3.9.18, “Samba Enabling Disables SSH Access,” on page 43  Section 3.9.19, “Unsupported Service Combinations,” on page 43  Section 3.9.20, “VNC Install Fails to Set the IP Address in /etc/hosts,” on page 46

3.9.1 Adding a Linux Node to a Cluster Ends Adding More NetWare Nodes

After you add a Linux node to a cluster, you cannot add more NetW are nodes. For more in formation, see the OES 2 SP3: Novell Cluster Services Conversion Guide.

34 OES 2 SP3: Planning and Implementation Guide

Page 35

3.9.2 Always Double-Check Service Configurations Before Installing

It is critical and you double-check your service co nfigurations on the Novell Open Enterprise Server Configuration summary page before proceeding wit h an installation. One reason for this is expl ained in Section 3.9.3, “Back Button Doesn’t Reset Configuration Settings,” on page 35.

3.9.3 Back Button Doesn’t Reset Configuration Settings

During an installation, after you configure eDirectory and reach the Novell Open Enterprise Server Configuration summary screen, service configuration settings have been “seeded” from the eDirectory configuration.

If you discover at that point that something in the eDirectory configuration needs to change, you can change the settings by clicking the eDirectory link on the summary page or by clicking the Back button.

In both cases when you return to the summary page, the eDirectory configuration has changed, but the individual service configurations have the same eDirectory settings you originally entered. These must each be changed manually.

For example, if you specified the wrong server context while initially configuring eDirectory, the NSS and LUM configurations still have the wrong context. You must select each service individually and change the server context in them.

Unless you manually change the services affected by changes to eDirectory, your services will at best not work as expected and at worst completely fail.

3.9.4 Common Proxy Password Should Usually Be Reset

If you choose to use the Common Proxy User when performing a new server install, you probably want to reset the Common Proxy User passwor d rather than accepting the system-generated value. If the system-generated password is retained, you won’t be able to specify the proxy user for additional installations because you won’t have the user’s password.

For more information about the Common Proxy User, see Section I.3, “Common Proxy User - New

in SP3,” on page 266.

3.9.5 Cluster Upgrades Must Be Planned Before Installing OES 2

Because of differences between Novell Cluster Services on NetWare 6.5 SP8 and OES 2, there are important issues to consider before combining them into a mixed node cluster, as explained in the following sections.

 “Service Failover in a Mixed Cluster” on page 36  “Working with Mixed Node Clusters” on page 36

Planning Your OES 2 Implementation 35

Page 36

Service Failover in a Mixed Cluster

The only cluster-enabled service that can fail over cross-platform (run on either OES 2 or NetWare

6.5 SP8) is cluster-enabled NSS pools. All other services (iPrint, iFolder, etc.) can only fail over between servers that are the same platform. For example, an iPrint service that is running on an OES 2 server can fail over to another OES 2 server in the cluster, but the service cannot fail over to an NetWare 6.5 SP8 server.

Working with Mixed Node Clusters

The following points apply to working with mix ed NetWare and OES clusters:

 You cannot uses EVMSGUI to create a Linux POSIX file system as a cluster resource until the

entire cluster is migrated to Linux.

 You cannot migrate or fail over a Linux POSIX file system cluster resource to a NetWare

cluster node.

 Only NSS pool cluster resources that are created on a NetWare cluster node can be failed over

between Linux and NetWare nodes.

 NetWare NSS to Linux NSS failover requires that the Linux node be configured for NSS and

that the version of NSS supports the NSS media format and features being used by the NSS pool cluster resource.

 The new NSS media format in OES 2 is not available for OES 1 SP2 Linux and e arlier. After a

volume has been upgraded to the new media format, you cannot fail it over to a node that i s running OES 1 SP2 Linux or earlier.

3.9.6 Cross-Protocol File Locking Has Changed

If you plan to use Novell CIFS, Novell AFP and/or NCP file services in combination with each other, be sure to read Section 1.3.5, “Cross-Protocol File Locking Change,” on page 18.

3.9.7 Do Not Create Local (POSIX) Users

During the OES 2 install you are prompted by the SLES portion of the install to create at least one

root

user besides Creating local users is not recommended on OES 2 servers because user management in OES 2 is

managed entirely in eDirectory. The only local user you need on the server is the other local users can, in fact, cause unnecessary confusion and result in service-access problems that are difficult to troubleshoot.

eDirectory users are enabled for POSIX access through the Linux User Management (LUM) technology installed by default on every OES 2 server.

Also be aware that not all OES services require that users are LUM-enabled. Novell Client users, for example, can access NCP and NSS volumes on OES 2 servers just as they do on NetWare without any additional configuration.

For more information about this topic, see Section 15.2, “Linux User Management: Access to Linux

for eDirectory Users,” on page 147.

and you are warned if you bypass the prompt.

root

user. Crea ting

36 OES 2 SP3: Planning and Implementation Guide

Page 37

3.9.8 Do Not Upgrade to eDirectory 8.8 Separately

If you are running OES 1 SP2, do not upgrade to eDirectory 8.8 independently of upgrading to OES 2 SP3.

For example, do not upgrade from eDirectory 8.7.3 to eDirectory 8.8.2 through the oes-edir88 patch channel prior to upgrading to OES 2 SP3. Doing so causes configurat ion problems that the OES 2 SP3 install is not designed to handle.

3.9.9 Follow the Instructions for Your Chosen Platforms

Although installing OES 2 services on Linux or NetWare is a straightforward process, the installation processes are platform-specific, requiring different sets of media and different installation programs.

3.9.10 If You’ve Ever Had OES 1 Linux Servers with LUM and NSS Installed

Having NSS volumes on OES servers requires certain system-level modifications, most of which are automatic. For more information, see Appendix I, “System User and Group Management in OES 2

SP3,” on page 259.

However, as OES has evolved, some initially defined conventions regarding system Users have needed adjustment. Be sure to read the in formation and follo w the instructions in this sectio n if your network has ever included an OES 1 Linux server with both LUM and NSS installed.

 “NetStorage, XTier, and Their System Users” on page 37  “An NSS Complication” on page 37  “eDirectory Solves the Basic Problem” on page 38  “ID Mismatches on OES 1” on page 38  “The OES 1 Solution: The nssid.sh Script” on page 38  “OES 2 SP1 or Later Requires a New Approach” on page 38  “The OES 2 Solution: Standardizing the UIDs on all OES servers” on page 38

NetStorage, XTier, and Their System Users

By default, certain OES services, such as NetStorage, rely on a background Novell service named XTier.

To run on an OES server, XTier requires two system-created users (named

novlxregd

An NSS Complication

The two system users and their group are created on the local system when XTier is installed. For example, they are created when you install NetS torage , and t heir respe cti ve UIDs and GID are used to establish ownership of the service’s directories and files.

) and one system-created group that the users belong to (named

novlxsrvd

novlxtier

and

For NetStorage to run, these XTier users and group must be able to read data on all volume types that exist on the OES server.

Planning Your OES 2 Implementation 37

Page 38

As long as the server only has Linux traditional file systems, such as Ext3, Reiser, or XFS, NetStorage runs without difficulties.

However, if the server has NSS volumes, an additional requirement is introduced. NSS data can only be accessed by eDirectory users. Consequently, the local XTier users can’t access NSS data, and NetStorage can’t run properly.

eDirectory Solves the Basic Problem

Therefore, when NSS volumes are created on the server, the XT ier users are moved to eDirectory and enabled for Linux User Management (LUM). See Section 15.2, “Linux User Management:

Access to Linux for eDirectory Users,” on page 147.

After the move to eDirectory, they can function as both eDirectory and POSIX users, and they no longer exist on the local system.

ID Mismatches on OES 1

Problems with OES 1 occurred when additional OES NetStorage servers with NSS volumes were installed in the same eDirectory container. Because the UIDs and GID were assigned by the Linux system, unless the installation process was exactly the same for each OES 1 Linux server, the UIDs and GID didn’t match server-to-server.

When the local XTier UIDs and GID on subsequently installed servers didn’ t ma tch the XTier UIDs and GID in eDirectory, NetStorage couldn’t access the NSS volumes on the server.

The OES 1 Solution: The nssid.sh Script

To solve this problem, the OES 1 installation program looked for XTier ID conflicts, and if the IDs on a newly installed server didn’t match the IDs in eDirectory, the program generated a script file named

nssid.sh

a newly installed server, and if the file was found, to run it. The

. The documentation instructed inst allers to always check for an

nssid.sh

script synchronized all of

nssid.sh

file on

the XTier IDs with those that had already been stored in eDirectory. This solution remained viable through the first release of OES 2.

OES 2 SP1 or Later Requires a New Approach

Unfortunately, system-level changes in SUSE Linux Enterprise Serve r 10 SP2 invalidated the

nssid.sh

script solution for OES 2 SP1. Synchronizing the XTier IDs with an OES 1 installation can now cause instability in other non-OES components. Therefore, startin g wi th OES 2 SP1, you should standardize all XTier IDs on existing servers before installing a new OES 2 server with XTier-dependent services.

The OES 2 Solution: Standardizing the UIDs on all OES servers

If your eDirectory tree has ever contained an OES 1 Linux server with NSS and LUM installed, do the following on each server (including OES 2) that has NSS and LUM installed:

root

1 Log in as

id novlxregd

id novlxsrvd

and open a terminal prompt. Then enter the following commands:

38 OES 2 SP3: Planning and Implementation Guide

Page 39

The standardized XTier IDs are UID 81 for

novlxtier

for

novlxregd

, UID 82 for

novlxsrvd

, and GID 81

2 (Conditional) If you see the following ID information, the XTier IDs are standardized and you

can start over with Step 1 for the next server:

uid=81(novlxregd) gid=81(novlxtier) groups=81(novlxtier) uid=82(novlxsrvd) gid=81(novlxtier) groups=81(novlxtier),8(www)

3 (Conditional) If you see different IDs than those listed above, such as 101, 102, 103, etc.,

record the numbers for both XTier users and the novlxtier group, then continue with Step 4. You need these numbers to standardize the IDs on the server.

4 Download the following script file:



fix_xtier_ids.sh

(http://www.novell.com/documentation/oes2/scripts/

fix_xtier_ids.sh)

5 Customize the template file by replacing the variables marked with angle brackets (<>) as

follows:

 <server_name>: The name of the server object in eDirectory.

This variable is listed on line 38 in the file. Replace it with the server name. For example, if the server name is myserver, replace <server_name> with myserver so

that the line in the settings section of the script reads

server=myserver

 <context>: This is the context of the XTier user and group objects.

Replace this variable with the fully distinguished name of the context where the objects reside.

For example, if the objects are an Organizational Unit object named servers, replace ou=servers,o=company with the fully distinguished name.

 <admin fdn>: The full context of an eDirectory admin user , such as the T ree Admin, who

has rights to modify the XTier user and group objects. Replace this variable with the admin name and context, specified with comma-delimited

syntax. For example, if the tree admin is in an Organization container named company, the full

context is cn=admin,o=company and the line in the settings section of the script reads

admin_fdn=”cn=admin,o=company”

 <novlxregd_uid>: This is the UID that the system assigned to the local

It might or might not be the same on each server, depending on whether the

novlxregd

nssid.sh

user.

script ran successfully. Replace this variable with the UID reported for the novlxregd user on this server as listed

in Step 1 on page 38. For example, if the UID for the novlxregd user is 101, change the line to read

novlxregd_uid=101

 <novlxsrvd_uid>: This is the UID that the system assigned to the local novlxsrvd user . It

might or might not be the same on each server , depen ding on whether th e

nssid.sh

script

ran successfully.

Planning Your OES 2 Implementation 39

Page 40

Replace this variable with the UID reported for the novlxsrvd user on this server as listed when you ran the commands in Step 1 on page 38.

For example, if the UID for novlxsrvd_uid is 102, change the line to read

novlxsrvd_uid=102

 <novlxtier_gid>: This is the GID that the system assigned to the local novlxtier group. It

might or might not be the same on each server , depen ding on whether th e ran successfully.

Replace this variable with the GID reported for the novlx tier group on this server as list ed when you ran the commands in Step 1 on page 38.

For example, if the GID for novlxtier_gid is 101, change the line to read

novlxtier_gid=101

6 Make the script executable and then run it on the server.

IMPORTANT: Changes to the XTier files are not reported on the terminal. Error messages are reported, but you can safely ignore them. The script the entire file system,

and some files are locked because the system is running.

7 Repeat from Step 1 for each of the other servers in the same context.

nssid.sh

3.9.11 iFolder 3.8 Considerations

script

For best results, be sure you read and carefully follow the instructions in the Novell iFolder 3.8.4

Administration Guide, and especially “Deploying iFolder Server ”. This is especially critical if you

plan to use NSS for your iFolder 3.8 data volume.

3.9.12 Incompatible TLS Configurations Give No Warning

When you install a new eDirectory tree, the eDirectory Configuration - New or Existing T ree screen has the Require TLS for Simple Binds with Password option selected by default. If you keep this configuration setting, the eDirectory LDAP server requires that all communications come through the secure LDAP port that you specified on the eDirectory Co nfig uration - Local Server Configuration screen. By default, this is port 636.

Unfortunately, the OES install doesn’t display a warning if you subsequently configure OES services to use non-TLS (non-secure) LDAP communications (port 389). The installation proceeds normally but the service configuration fails.

For example, if you accept the TLS default, then configure Novell DHCP to use non-secure communications (by deselecting the Use secure channel for configuration option), the OES instal l doesn't warn that you have created an incompatible configuration.

After eDirectory and the iManager plug-ins install successfully, the Novell DHCP configuration fails. You must then use iManager to change either the LDAP server configuration or the Novell DHCP configuration to support your preferred communication protocol.

Simply enabling non-TLS LDAP communications doesn’t disable TLS. It merely adds support for non-secure communications with the LDAP server.

40 OES 2 SP3: Planning and Implementation Guide

Page 41

3.9.13 Installing into an Existing eDirectory Tree

Novell Support has reported a significant number of installation incidents related to eDirectory health and time synchronization. To avoid such problems, do the following prior to installing OES:

 “Consider Coexistence and Migration Issues” on page 41  “Do Not Add OES to a Server That Is Already Running eDirectory” on page 41  “Be Sure That eDirectory Is Healthy” on page 41  “Be Sure That Network Time Is Synchronized” on page 41  “Be Sure that OpenSLP on OES 2 Is Configured Properly” on page 41

Consider Coexistence and Migration Issues

If you are installing a new OES 2 server into an existing eDirectory tree, be sure to read and follow the instructions in “Preparing eDirectory for OES 2 SP3” in the OES 2 SP3: Installation Guide.

Do Not Add OES to a Server That Is Already Running eDirectory

Although you can add OES to an existing SLES 10 server if needed, you cannot install OES on a SLES 10 server that is already running eDirectory.

eDirectory must be installed in conjunction with the installation of OES services.

Be Sure That eDirectory Is Healthy

Review and follow the guidelines in “Keeping eDirectory Healthy” in the Novell eDirectory 8.8

Administration Guide.

Be Sure That Network Time Is Synchronized

OES2 Linux and NetWare 6.5 SP8 servers can receive network time from either an existing eDirectory server or from an NTP time source. The critical point is that the entire tree must be synchronized to the same time source. For example, do not set your new OES 2 server to receive time from an NTP source unless the whole tree is synchronized to the same NTP source.

For an in-depth explanation of OES time synchronization, see Chapter 12.3, “Time Services,” on

page 99.

Be Sure that OpenSLP on OES 2 Is Configured Properly

Novell SLP (NetWare) and OpenSLP (Linux) can coexist, but there are differences between the services that you should understand before deciding which to use or before changing your existing SLP service configuration. For more information, see Section 12.5, “SLP,” on page 111.

3.9.14 NetWare Caveats

 “NetWare Licenses and OES 2 Trees” on page 42  “NetWare 6.5 Servers Must Be Running SP3 or Later” on page 42

Planning Your OES 2 Implementation 41

Page 42

NetWare Licenses and OES 2 Trees

OES doesn’t use Novell Licensing Services (Sectio n 4.5, “Licensing,” on page 55). As a result, OES servers don’t need a license container in eDirectory as part of the server installati on.

In a mixed OES 2 and NetWare eDirectory tree, at least one NetWare server must hold a replica for each partition where there is a NetWare server object. Without this configuration, It is impossible to install licenses or to service requests from NetWare servers to consume those licenses.

If you need to install a NetWare server in an OES tree, you must do the following after installing the first NetWare server in a partition:

1 Install iManager on the NetWare server, or use iManager Workstation.

You can do this during initial installation or later as described in “Installing iManager” in the

Novell iManager 2.7 Installation Guide.

2 Add a Read/Write replica to the server as described in “Adding a Replica” in the Novell

eDirectory 8.8 Administration Guide.

3 Install the NetWare license as described in “Installing and Removing License Certificates” in

the NW 6.5 SP8: Licensing Services Administration Guide. The iManager Licensing plug-in is not installed on OES servers. If you have configured Role-

Based Services, you need to make sure the licensing plug-in is installed and added to the RBS collection. For more information, see “Upgrading iManager” in the Novell iManager 2.7

Installation Guide.

NetWare 6.5 Servers Must Be Running SP3 or Later

If you are installing OES 2 servers into a tree containing NetWare 6.5 servers, be sure that the following server types have been updated to SP3 or later prior to installing OES 2:

 SLP Directory Agents: If the SLP Directory Agents on your network are not running NetWare

6.5 SP3 or later, installing an OES 2 server into the tree can cause the DA servers to abend.

 LDAP Servers: If the LDAP servers referenced in your installation are not running NetWare

6.5 SP3 or later, the servers might abend during a schema extension operation.

3.9.15 Novell Distributed Print Services Cannot Migrate to Linux

NDPS clients are not supported on OES. You must therefore migrate any NDPS clients to iPrint before you migrate your print services to OES. For more information, see “ Migrating NDPS Printers

to iPrint” in the NW 6.5 SP8: iPrint Administration Guide.

3.9.16 NSS Caveats

 “About New Media Support and Clusters” on page 42  “Removable Media Cannot Be Mounted on OES 2” on page 43

About New Media Support and Clusters

The new media support for hard links on OES 2 NSS volumes was not available for OES 1 SP2 Linux and earlier, but it was available for NetWare 6.5 SP4 and later.

42 OES 2 SP3: Planning and Implementation Guide

Page 43

If you've already upgraded the media format of the volume, you cannot fail over to a node that is running OES 1 SP2 until you have upgraded the node to OES 2.

Removable Media Cannot Be Mounted on OES 2

CD and DVD media and image files cannot be mounted as NSS volumes on OES; instead, they are mounted as Linux POSIX file systems.

For more details about NSS compatibility, see “Cross-Platform Issues for NSS Volumes” in the OES

2 SP3: NSS File System Administration Guide for Linux.

3.9.17 Plan eDirectory Before You Install

Although the default eDirectory settings work for simple trees, they are not usually practical for a production implementation. For example, by default the tree Admin user and the server are installed in the same context.

Some administrators, when they discover that the tree structure doesn't meet their needs, assume they can rectify the situation by uninstalling and then reinstalling eDirectory. This simply cannot be done.

In fact, OES services cannot be uninstalled. For more information, see “Disabling OES 2 Services” in the OES 2 SP3: Installation Guide.

3.9.18 Samba Enabling Disables SSH Access

Enabling users for Samba automatically disables SSH access for them. However, this default configuration can be changed. For more information, see Section 11.4, “SSH Services on OES 2,”

on page 91.

3.9.19 Unsupported Service Combinations

Do not install any of the following service combinations on the same server. Although not all of the combinations shown in Table 3-2 cause pattern conflict warnings, Novell does not support any of them.

Table 3-2 Unsupported Service Combinations

Service Unsupported on the Same Server

Novell AFP  File Server (Samba)

 Netatalk  Novell Domain Services for Windows  Novell Samba  Xen Virtual Machine Host Server

Novell Archive and Version Services

 Novell Domain Services for Windows (DSfW)  Xen Virtual Machine Host Server

Novell Backup / Storage Management Services No restrictions

Planning Your OES 2 Implementation 43

Page 44

Service Unsupported on the Same Server

Novell CIFS  File Server (Samba)

 Novell Domain Services for Windows  Novell Samba  Xen Virtual Machine Host Server

Novell Cluster Services (NCS)

Novell DHCP Novell DNS Novell Domain Services for Windows

 High Availability  Novell Domain Services for Windows

DSfW can actually be installed and run on the same server as NCS, but DSfW cannot run as a clustered service.

 Xen Virtual Machine Host Server  Xen Virtual Machine Host Server  File Server (Samba)

 Novell AFP  Novell Archive and Version Services  Novell CIFS  Novell Cluster Services (NCS)

NCS can actually be installed and run on the

server, but DSfW cannot run as a clustered service.

 Novell FTP  Novell iFolder  Novell NetStorage  Novell Pre-Migration Server  Novell QuickFinder  Novell Samba  Xen Virtual Machine Host Server

Novell eDirectory

Novell FTP

Novell iFolder

Novell iManager Novell iPrint

44 OES 2 SP3: Planning and Implementation Guide

 Directory Server (LDAP)  Xen Virtual Machine Host Server

 Novell Domain Services for Windows  Xen Virtual Machine Host Server

 Xen Virtual Machine Host Server  Print Server (CUPS)

CUPS components are actually installed, but

CUPS printing is disabled. For more information, see Section 6.9.6, “iPrint

Disables CUPS Printing on the OES 2 Server,” on page 65.

 Xen Virtual Machine Host Server

Page 45

Service Unsupported on the Same Server

Novell Linux User Management (LUM) No restricti ons Novell NCP Server / Dynamic Storage Technology Novell NetStorage

Novell Pre-Migration Server

Novell QuickFinder

Novell Remote Manager (NRM) Novell Samba

Novell Storage Services (NSS) Xen Virtual Machine Host Server

 Xen Virtual Machine Host Server  Novell Domain Services for Windows

 Xen Virtual Machine Host Server  Xen Virtual Machine Host Server  File Server (Samba)

 Novell CIFS  Novell Domain Services for Windows  Xen Virtual Machine Host Server

 Xen Virtual Machine Host Server  File Server (Samba)

 Novell AFP  Novell Archive and Version Services  Novell CIFS  Novell DHCP  Novell DNS  Novell Domain Services for Windows  Novell eDirectory  Novell FTP  Novell iFolder  Novell iManager  Novell iPrint  Novell NCP Server / Dynamic Storage

Technology

 Novell NetStorage  Novell Pre-Migration Server  Novell QuickFinder  Novell Remote Manager (NRM)  Novell Samba  Novell Storage Services  Print Server (CUPS)

Planning Your OES 2 Implementation 45

Page 46

3.9.20 VNC Install Fails to Set the IP Address in /etc/hosts

If you install through a VNC connection, the address assigned to the hostname. This can cause problems with services.

Using a text editor, modify address.

/etc/hosts

so that the hostname is associated with its actual IP

file is configured with a loop back

3.10 Consider Coexistence and Migration Issues

You probably have a network that is already providing services to network users. In many cases, the services you are currently running will influence your approach to implementing OES 2. In some cases, there are specific paths to follow so that the OES 2 integration process is as smooth as possible.

Novell has invested considerable effort in identifying service coexistence and migration issue s yo u might face. W e understand, however, that we can’t anticipate every comb ination of services that you might have. Therefore, we intend to continue developing coexistence and migration information.

For information about coexistence of OES 2 servers with existing NetWare and Linux networks, see

Chapter 8, “Migrating and Consolidating Existing Servers and Data,” on page 73.

3.11 Understand Your Installation Options

Before installing OES, you should be aware of the information in the following sections:

 Section 3.11.1, “OES 2 Installation Overview,” on page 46  Section 3.11.2, “About Your Installation Options,” on page 47  Section 3.11.3, “Use Predefined Server Types (Patterns) When Possible,” on page 48  Section 3.11.4, “If You Want to Install in a Lab First,” on page 48  Section 3.11.5, “If You Want to Install NSS on a Single-Drive Linux Server,” on page 49

3.11.1 OES 2 Installation Overview

The software and network preparation processes req uired to in stall OES 2 are outli ned in Fi gure 3-1 .

NOTE: Chapter 4, “Getting and Preparing OES 2 Software,” on page 51 contains instructions for

obtaining the ISO image files referred to in the following illustration.

46 OES 2 SP3: Planning and Implementation Guide

Page 47

Figure 3-1 OES 2 Install Preparation

Image files or

physical media

Download the SLES 10 and OES 2 ISO image files. Or get the ISO files or physical media from a Novell Authorized Reseller.

Decide whether to install from files on the network or directly from physical media.

Network

install path

Physical media

install path

Create physical media from the downloaded ISO files as instructed.

Are you installing into an existing eDirectory tree?

Yes

(existing tree)

(new tree)

Run the Deployment Manager > eDirectory Preparation option.

(Requires access to the [root] partition.)

OES 2 Linux

Prepare an installation source server as instructed in the OES2: Linux Installation Guide.

You can also install OES 2 automatically by using AutoYaST as described in the installation guide.

Install OES 2 Linux.

OES 2 OES 2

OrOr

Novell Authorized Reseller

www.novell.com

For detailed instructions, see “Setting Up a Network Installation Source” in the OES 2 SP3:

Installation Guide.

3.11.2 About Your Installation Options

As illustrated in the previous section, OES 2 lets you install from either physic al media or from files on the network.

 “OES 2 Options” on page 48  “Virtual Machine Installation Options” on page 48

Planning Your OES 2 Implementation 47

Page 48

OES 2 Options

OES 2 includes numerous installation options as documented in the OES 2 SP3: Instal lation Guide.

 CD/DVD Install: Y ou ca n install SLES 10 SP1 by using CDs or a DVD and then insta ll OES 2

from a CD, all of which can be either obtained from a Novell Authorized Reseller or created from downloaded ISO image files.

See “Preparing Physical Media for a New Server Installation or an Upgrade ” in the OES 2

SP3: Installation Guide.

 Network Install: You can install from the network by using the NFS, FTP, or HTTP protocol.

Installing from the network saves you from swapping CDs on the server during the installation. See “Setting Up a Network Installation Source” in the OES 2 SP3: Installation Guide.

 Automated Install: You can install from the network by using an AutoYaST file.

This lets you install without providing input during the installation process. It is especially useful for installing multiple servers with similar configurations.

See “Using AutoYaST to Install and Configure Multiple OES Servers” in the OES 2 SP3:

Installation Guide.

Virtual Machine Installation Options

Virtual machine installations offer additional options. For more information, see

 “Installing, Upgrading, or Updating OES on a Xen-based VM” in the OES 2 SP3: Installation

Guide

 “Installing and Managing NetWare on a Xen-based VM” in the OES 2 SP3: Installation Guide

3.11.3 Use Predefined Server Types (Patterns) When Possible

Both OES 2 and NetWare 6.5 SP8 include predefined server installation options that install only the components required to provide a specific set of network services. In the OES 2, these server types are called patterns.

For example, if you want to install an OES 2 server that provides ente rprise leve l print service s, you should select the Novell iPrint Server pattern during the installation.

You should always choose a predefined server type if one fits the intended purpose of your server. If not, you can choose to install a customized OES 2 server with only the service components you need.

More information about server patterns is available in the installation guides:

 OES 2: “OES Services Pattern Descriptions” in the OES 2 SP3: Installation Guide  NetWare 6.5 SP8: “Choosing a Server Pattern” in the NW65 SP8: Installation Guide

3.11.4 If You Want to Install in a Lab First

Many organizations prefer to install products on smaller servers for testing in a lab prior to full deployment. The OES 2 SP3: Getting Started with OES 2 and Virtualized NetWare walks you through installing and exploring all the basic OES 2 services.

48 OES 2 SP3: Planning and Implementation Guide

Page 49

3.1 1.5 If You Want to Install NSS on a Single-Drive Linux Server

Many are interested in Novell Storage Services (NSS) running on Linux. If you plan to experiment with NSS on a single-drive server , be sure to follow the in structions in “Inst alling with EVMS as the

Volume Manager of the System Device” in the OES 2 SP3: Installation Guide.

Planning Your OES 2 Implementation 49

Page 50

50 OES 2 SP3: Planning and Implementation Guide

Page 51

Getting and Preparing OES 2 Software

This section contains instructions for getting and preparing Open Enterprise Server 2 software and discusses the following topics:

 Section 4.1, “Do You Have Upgrade Protection?,” on page 51  Section 4.2, “Do You Want 32-Bit or 64-Bit OES?,” on page 51  Section 4.3, “Do You Want to Purchase OES 2 or Evaluate It?,” on page 52  Section 4.4, “Evaluating OES 2 Software,” on page 52  Section 4.5, “Licensing,” on pa ge 55

If you have not already done so, we recommend that you review the information in Section 3.11,

“Understand Your Installation Options,” on page 46.

4.1 Do You Have Upgrade Protection?

If you have Novell Upgrade Protection, y ou can up grade to OES 2 and the associated su pport packs, free of charge until your upgrade protection expires. After your protection expires, the OES 2 upgrade link disappears from your account page.

For more information and to start the upgrade process, do the following:

1 Using your Novell account information, log in to the Novell Web Site (http://www.novell.com/

nps).

2 Click Customer Center and log in, using your Novell acco unt username and pa ssword to access

the Novell Customer Center home page.

3 Follow the instructions on the page to obtain the upgrade to Open Enterprise Server 2.

4.2 Do You Want 32-Bit or 64-Bit OES?

Compatibility is the first thing to consider as you start planning which software to download and install.

OES 2 is a set of services or an “add-on product” that runs on SUSE Linux Enterprise Server (SLES

10) and is available in both 32-bit and 64-bit versions. These two versions are required for compatibility with SLES 10 and the server hardware that it runs on. Having two versions of OES introduces a little more complexity into your planning, as illustrated in Table 4-1.

Getting and Preparing OES 2 Software

Page 52

Table 4-1 OES 2, SLES 10, and Server Hardware Compatibility Matrix

OES 2 SP3 Version

32-bit (i386) 32-bit (i386) 32-bit

64-bit (x86_64) 64-bit (x86_64) 64-bit The 64-bit version of OES 2 SP3 requires the 64-

SLES 10 SP3 Server Hardware Note s

The 32-bit version of OES 2 SP3 requires the 32bit version of SLES 10 SP3.

64-bit

If you plan to install 64-big SLES, you should also install 64-bit OES. Attempting to install th e 32 -b i t version of OES as an add-on product to the 64bit version of SLES 10 generates numerous dependency errors and is not supported.

32-bit software (OES and SLES) can be installed on either 32-bit or 64-bit hardware.

bit version of SLES 10 SP3, and they can only be installed on 64-bit hardware.

4.3 Do You Want to Purchase OES 2 or Evaluate It?

If you want to evaluate OES prior to purchasing it, skip to the next section, Evaluating OES 2

Software.

If you have decided to purchase OES 2, visit the Novell How to Buy OES 2 Web page (http://

www.novell.com/products/openenterpriseserver/howtobuy.html).

When you purchase OES 2, you receive two activation codes for OES 2 (one for OES 2 services and one for SUSE Linux Enterprise Server 10). Both codes are required for registering an OES 2 system in the Novell Customer Center. After it is registered, your server can receive online updates, including the latest suppor t pack.

As part of the purchase process, it is important that you understand the OES 2 licensing model. For a brief description, see Section 4.5, “Licensing ,” on page 55.

After completing your purchase, the installation process goes more smoothly if you understand your installation options. If you haven’t alr eady done so, be sure to review the information in

Section 3.11, “Understand Your Installation Options,” on page 46 and then skip to Chapter 5, “Installing OES 2,” on page 57.

4.4 Evaluating OES 2 Software

This section walks you through the OES 2 software evaluation process and discusses the following topics:

 Section 4.4.1, “Understanding OES 2 Software Evaluation Basics,” on page 53  Section 4.4.2, “Downloading OES 2 SP3 Soft ware from the Novell Web Site,” on page 53  Section 4.4.3, “Preparing the Installation Media,” on page 54  Section 4.4.4, “Installing OES 2 for Evaluation Purposes,” on page 54

52 OES 2 SP3: Planning and Implementation Guide

Page 53

 Section 4.4.5, “Evaluating OES 2,” on page 55  Section 4.4.6, “Installing Purchased Activation Codes after the Evaluation Period Ex pires, ” on

page 55

4.4.1 Understanding OES 2 Software Evaluation Basics

You can evaluate the full OES 2 product. The evaluation software is the complete, fully functional OES 2 product.

As you install each server, you are required to accept an end user license agreement (EULA). Your rights to evaluate and use the OES 2 product are limited to the rights set forth in the EULA.

Briefly, the evaluation period for OES 2 servers is 60 days. To receiv e software updates during this time, you must have or create an account with the Customer Center, receive evaluation codes for OES 2 and SLES 10 while downloading th e software, and use these co des to register your serv er . No software updates can be downloaded after the 60-day evaluation period expires until you purchase the product.

4.4.2 Downloading OES 2 SP3 Software from the Novell Web Site

If you already have OES 2 SP3 ISO image files, skip to Section 4.4.3, “Preparing the Installation

Media,” on page 54.

If you have OES 2 SP3 product media (CDs and DVDs), skip to Section 4.4.4, “Installing OES 2 for

Evaluation Purposes,” on page 54.

To download ISO image files from the Web:

1 If you don’t already have a Novell account, register for one on the Web (https://secure-

www.novell.com/selfreg/jsp/createAccount.jsp?).

2 Access the Novell Downloads Web page (http://download.novell.com). 3 Do a keyword search for Open Enterprise Server SP3, then click the Open Enterprise Server

SP3 e-Media Kit link.

4 Click the proceed to download button (upper right corner of the first table). 5 If you are prompted to log in, type your Novell Account > username and password, then click

6 Accept the Export Agreement (required for first downloads only) and answer the survey

questions about your download (optional).

7 Print the download page. You need the listed MD5 verification numbers to verify your

downloads.

8 Scroll down to the Download Instructions section and click the Download Instructions link. 9 Print the Download Instructions page for future reference.

10 Use the information on the Download Instructions page to d eci de which files you need to

download for the platforms you plan to evaluate, then mark them on the MD5 verification list on the page you printed in Step 7.

11 On the download page, start downloading the files you need by cl icking the download button

for each file.

Getting and Preparing OES 2 Software 53

Page 54

12 If you have purchased OES 2 previously and received purchased OES 2 and SLES 10

activation codes, skip to Step 15. Otherwise, in the Evaluating Open Enterprise Server 2 section, click the Get Activation Codes

link in the Novell Open Enterprise Server 2—Linux paragraph. 60-day evaluation codes are sent in separate e-mail messages to the e-mail address associated

with your Novell account.

13 Access your e-mail account and print the messages or write down the activation codes.

Both the OES 2 and the SLES codes are required for product registration and downloading software updates.

14 Click Back to return to the download page. 15 In the download table at the top of the page, click the Install Instructions > View link at the end

of the list of files to download. Although you might have printed this file earlier, the online version is required for the steps

that follow.

16 Scroll past the download decision tables; while yo u wait for the downloads, read through the

brief installation instructions, clicking the links for more information.

17 Verify the integrity of each downloaded file by running an MD5-based checksum utility on it

and comparing the values against the list you printed in Step 15. For example, on a Linux system you can enter the following command:

md5sum filename

where filename is the name of the

.iso

file you are verifying.

For a Windows system, you need to obtain a Windows-compatible MD5-based checksum utility from the Web and follow its usage instructions.

18 (Optional) If you plan to install OES 2 from files on your network, see the instructions in

“Setting Up a Network Installation Source” in the OES 2 SP3: Installation Guide.

4.4.3 Preparing the Installation Media

IMPORTANT: If you have downloaded the integrity of each file as expl ained in S tep 17 on page 54. Failure to verify file integrity can result in failed installations, especially in errors that report missing files.

Instructions for preparing installation media are located in “Setting Up a Network Installatio n

Source” in the OES 2 SP3: Installation Guide.

.iso

image files from the Web, it is critical that you verify

4.4.4 Installing OES 2 for Evaluation Purposes

If you followed the instructions in Section 4.4.2, “Downloading OES 2 SP3 Software from the

Novell Web Site,” on page 53, you now hav e t wo activation/evaluation codes: one for OES 2 and

another for SLES 10. As you install OES 2, you should register with the Novell Customer Center and use these codes to enable your server for online updates from the OES 2 and SLES 10 p at ch channels.

IMPORTANT: Always download the current patches during an installation.

54 OES 2 SP3: Planning and Implementation Guide

Page 55

Instructions for using the activation codes during an installation are found in “On the Novell

Customer Center Configuration configuration page, select all of the following options, then click Next.” in the OES 2 SP3: Installation Guide.

The evaluation period begins when the codes are issued. Use the same activation codes for each OES 2 server you install during the evaluation period.

4.4.5 Evaluating OES 2

During the evaluation period, we recommend that you fully explore the many services available in OES 2.

To help you get started with the process, we have prepared a lab guide for OES 2 that explores both OES 2 and virtualized NetWare on a second OES 2 virtual machine host server. The sections in this guide introduce eDirectory, walk you through server installations, and provide brief exercises you can complete to get started using OES 2 Services. After completing the exercises in the guide, you can use the lab setup to further explore OES 2 and learn about its many powerful services.

For more information, see the OES 2 SP3: Getting Started with OES 2 and Virtualized NetWare. After working through the lab guide, we recommend that you review all of the information in this

guide to gain a comprehensive overview of OES 2 and the pl anning and implementation processes you will follow to fully leverage its network services.

4.4.6 Installing Purchased Activation Codes after the Evaluation Period Expires

After purchasing Open Enterprise Server, use the instructions in “Registering the Server in the

Novell Customer Center (Command Line)” in the OES 2 SP3: Installation Guide to enter the

root

purchased activation codes that you received with your purchase. After logging in as the step where you enter the activation codes, replacing the evaluation codes with the purch ased codes.

, complete

4.5 Licensing

This section explains the following:

 Section 4.5.1, “The OES 2 Licensing Model,” on page 55  Section 4.5.2, “SLES Licensing Entitlements in OES 2,” on page 56  Section 4.5.3, “OES 2 Doesn’t Support NLS,” on page 56

4.5.1 The OES 2 Licensing Model

The only OES 2 licensing restriction is the number of user connections allowed to use OES 2 services on your network. You are authorized to install as many OES 2 servers as you need to provide OES 2 services to those users.

Getting and Preparing OES 2 Software 55

Page 56

For example, if your OES 2 license is for 100 user connections, you can install as many OES 2 servers as desired. Up to 100 users can then connect to and use the services provided by those OES 2 servers. When you install OES 2, you must accept an end user license agreement (EULA). Your rights to use the OES 2 product are limited to the rights set forth in the EULA. Violators of the Novell license agreements and intellectual property are prosecuted to the fullest extent of the law.

To report piracy and infringement violations, please call 1-8 00 -PIRATES (800-747-2837) or send email to pirates@novell.com.

For more information on OES 2 licensing, see the OES 2 Licensing page on the Novell Web site

(http://www.novell.com/licensing/oes_licensing.html).

4.5.2 SLES Licensing Entitlements in OES 2

SUSE Linux Enterprise Server (SLES) entitlements in OES 2 have changed. For more information, refer to the EULA (http://www.novell.com/licensing/eula /o es/o es_2 _e ng lish .p df) on the Web.

After installing OES 2, you can use Novell iManager to install and manage license certificates in your eDirectory tree and to monitor NetWare usage. Y ou can also monitor usage of Novell Licensing Services-enabled products.

4.5.3 OES 2 Doesn’t Support NLS

Novell Licensing Services (NLS) are not available on OES 2, nor does an OES 2 installation require

.nlf

and *

.nfk

a license/key file pair (* tree, at least one NetWare server must hold a replica for each partition where there is a NetWare server object. For more information about licensing for NetWare servers in OES trees, see “NetWare

Licenses and OES 2 Trees” on page 42.

). Therefore, in a mixed OES 2 and NetWare eDirectory

56 OES 2 SP3: Planning and Implementation Guide

Page 57

Installing OES 2

IMPORTANT: Before you install Open Enterprise Server 2, be sure to review the information in

Chapter 3, “Planning Your OES 2 Implementation,” on page 25, especially Section 3.9, “Caveats to Consider Before You Install,” on page 34.

This section briefly covers the following:

 Section 5.1, “Install ing OES 2,” on page 57  Section 5.2, “Installin g OES 2 Servers in a Xen VM,” on page 58

5.1 Installing OES 2

The OES 2 installation leverages the SUSE Linux YaST graphical user interface. You can install OES 2 services on an existing SUSE Linux Enterprise Server 10 server, or you can install both OES 2 and SLES 10 at the same time, making the installation o f SLES 10 an d OES 2 servic es a seamless process.

To ensure a successful installation:

1. Read and follow all instructions in the OES 2 Readme (http://www.novell.com/documentation/

oes2/oes_readme/data/oes_readme.html#bsen7me).

2. Carefully follow the instructions in the OES 2 SP3: Installation Guide, especially those found in

 “Preparing to Install OES 2 SP3”  “Installing OES 2 SP3 as a New Installation”

3. Make sure you always download the latest patches as part of the Customer Center configuration during the install. This ensures the most stable configuration and installation process and prevents some issues that are documented in the product Readme.

4. After updating the server, red text appears under the CA Management section, indicating that the CA must be configured before proceeding.

root

This happens because the server reboots as part of the upgrade process and the is no longer in memory.

Click CA Management, type and confirm the Next. The installation proceeds.

5. During the installation, you have the option to disable each service for later configuration. However, we recommend that you configure all services at install time simply because the process is more streamlined.

For more information on configuring services later, see “Installing or Configur ing OES 2 SP3

on an Existing Server” in the OES 2 SP3: Installation Guide.

root

password in the indicated fields, then click

password

5.1.1 What's Next

After installing OES 2 and before starting to use your new OES 2 server, be sure to review the information in Chapter 6, “Caveats for Implementing OES 2 Services,” on page 59.

Installing OES 2

Page 58

The various service sections in this guide contain information about completing your OES 2 services implementation. See the sections for the services you have installed, beginning with Chapter 11,

“Managing OES 2,” on page 81.

5.2 Installing OES 2 Servers in a Xen VM

Installing OES 2 servers on a Xen virtual machine involves installing an OES 2 SP3 or SUSE Linux Enterprise Server (SLES) 10 SP3 VM host server, creating a VM, and then installing an OES 2 server (NetWare or Linux) in the VM.

To get started with Xen virtualization in OES 2, see the following:

 “Introduction to Xen Virtualization (http://www.novell.com/documentation/sles10/xen_admin/

data/sec_xen_basics.html)” in the Virtualization with Xen (http://www.novell.com/ documentation/sles10/xen_admin/data/bookinfo.html)guide.

 “Installing OES as a Xen VM Host Server” in the OES 2 SP3: Installation Guide.  “Installing, Upgrading, or Updating OES on a Xen-based VM” in the OES 2 SP3: Installation

Guide.

 “Installing and Managing NetWare on a Xen-based VM” in the OES 2 SP3: Installation Guide.

58 OES 2 SP3: Planning and Implementation Guide

Page 59

Caveats for Implementing OES 2 Services

This section presents a few pointers for avoiding common Open Enterprise Server 2 impl ementation problems.

The list that follows is not comprehensive. Rather, it simply outlines some of the more common problems reported by network administrators. To ensure successful service implementations, you should always follow the instructions in the documentation for the services you are implementing.

 Section 6.1, “AFP,” on page 59  Section 6.2, “Avoiding POSIX and eDirectory Duplications,” on page 60  Section 6.3, “CIFS,” on page 62  Section 6.4, “ConsoleOne Can Cause JClient Errors,” on page 62  Section 6.5, “CUPS on OES 2,” on page 62  Section 6.6, “DSfW: MMC Password Management Limitation,” on page 62  Section 6.7, “eDirectory,” on page 63  Section 6.8, “iFolder 3.8,” on page 64  Section 6.9, “iPrint,” on page 64  Section 6.10, “LDAP—Preventing “Bad XML” Errors,” on page 66

 Section 6.11, “LUM Cache Refresh No Longer Persistent,” on page 66  Section 6.12, “Management,” on page 66  Section 6.13, “NCP Doesn’t Equal NSS File Attribute Support,” on page 68  Section 6.14, “Novell-tomcat Is for OES Use Only,” on page 68  Section 6.15, “NSS (OES 2),” on page 68  Section 6.16, “OpenLDAP on OES 2,” on page 69  Section 6.17, “Samba,” on page 69  Section 6.18, “Virtualization Issues,” on page 69

6.1 AFP

 Section 6.1.1, “Anti-Virus Solutions and AFP,” on page 59

6.1.1 Anti-Virus Solutions and AFP

The Apple Filing Protocol (AFP) support for NSS files on OES 2 SP3 is implemented via a technology that bypasses the real-time scanning employed by most anti-virus solutions for OES.

NSS files shared through an AFP connection can be protected by on-d emand scanning on the OES 2 server or by real-time and on-demand scanning on the Appl e client.

Caveats for Implementing OES 2 Services

Page 60

6.2 Avoiding POSIX and eDirectory Duplications

OES 2 servers can be accessed by

 Local (POSIX) users that are created on the server itself.  eDirectory users that are given local access through Linux User Manager (LUM).

However, there are some issues you need to consider:

 Section 6.2.1, “The Problem,” on page 60  Section 6.2.2, “Three Examples,” on page 60  Section 6.2.3, “Avoiding Duplication,” on page 61

6.2.1 The Problem

There is no cross-checking between POSIX and eDirectory to prevent the creation of users or groups with duplicate names.

When duplicate names occur, the resulting problems are very difficult to troubleshoot because everything on both the eDirectory side and the POSIX side appears to be configured correctly. The most common problem is that LUM-enabled users can’t access data and services as expected but other errors could surface as well.

Unless you are aware of the users and groups in both systems, especially those that are systemcreated, you might easily create an invalid configuration on an OES 2 server.

6.2.2 Three Examples

The following examples illustrate the issue.

 “The shadow Group” on page 60  “The users Group” on page 61  “Other Non-System Groups” on page 61

The shadow Group

There is a default system-created group named including the OES 2 QuickFinder server, but it has no relationship with Dynamic Storage Technology (DST) and shadow volumes.

Because enabled second group in eDirectory that is also named choice for many administrators in conjunction with setting up shadow volume access for Samba/ CIFS users.

However, using this group name results in LUM-enabled users being denied access by POSIX, which looks first to the local eDirectory for a group named

shadow

is a local POSIX group, there is nothing to prevent you from creating a LUM-

shadow

group when determining access rights and only checks

shadow

if no local group is found.

shadow

that is used by certain Web-related services,

shadow

. In fact, this could be a logical name

60 OES 2 SP3: Planning and Implementation Guide

Page 61

The users Group

There is another default system-created group named

users

that is not used by OES 2 services but is

nevertheless created on all SLES 10 (and therefore, OES 2) servers.

users

Creating an eDirectory group named

would seem logical to many administrators. And as with

the shadow group, nothing prevents you from using this name.

users

Unfortunately, having a LUM-enabled eDirectory group named

users

for services requiring POSIX access. The local

users

enabled

group in eDirectory won’t be seen by POSIX.

group is always checked first, and the LUM-

is not a viable configuration

NOTE: Do not confuse eDirectory Group objects with Organizational Unit (OU) container obje cts. Creating an OU container in eDirectory named

users

is a valid option and does not create conflicts

with POSIX.

Other Non-System Groups

Conflicts between group and user names also occur when administrators create loc al and eDirectory groups with the same name.

For example, one administrator creates a group named

myusers

on the local system and another creates a LUM-enabled group in eDirectory with the same name. Again, the LUM-enabled users who are members of the eDirectory group won’t have access through POSIX.

This is why we recommend that, as a general rule, administrators should not create local users or groups on OES 2 servers. You should only make exceptions when you have determined that usin g LUM-enabled users and groups is not a viable option and that objects with the same names as the POSIX users and groups will not be created in eDirectory in the future.

6.2.3 Avoiding Duplication

Having duplicate users and groups is easily avoided by following th ese guidelines:

 “Use YaST to List All System-Created Users and Groups” on page 61  “Create Only eDirectory Users and Groups” on page 62

Use YaST to List All System-Created Users and Groups

We recommend that you use the YaST Group Management/User Management module to check for names you might duplicate by mistake.

1. Open the YaST Control Center.

2. Click either Group Management or User Management.

3. Click Set Filter > Customize Filter.

4. Select both options (Local and System), then click OK. All users or groups as displayed, including those that exist only in eDirectory and are LUM-

enabled.

5. To avoid duplication, keep this list in mind as you create eDirectory users and groups.

Caveats for Implementing OES 2 Services 61

Page 62

NOTE: The list of users and groups in Appendix I, “System User and Group Management in OES 2

SP3,” on page 259 is not exhaustive. For example, the

Create Only eDirectory Users and Groups

For OES 2 services, the LUM technology eliminates the need for local users and groups. We recommend, therefore, that you avoid the problems discussed in this section by not creating local users and groups.

users

group is not listed.

6.3 CIFS

 Section 6.3.1, “Changing the Server IP Ad dress,” on page 62

6.3.1 Changing the Server IP Address

Reconfiguring CIFS in YaST might not take effect if the server IP address was changed on the server but not in the OES LDAP server configuration.

To work around this:

1 Reconfigure the LDAP server IP address with the IP address changes. 2 Then change the CIFS IP address configuration.

6.4 ConsoleOne Can Cause JClient Errors

ConsoleOne support is now limited to management of GroupWise and ZENworks for Desktops 7. If you need to use ConsoleOne to manage either of these supported products on OES 2, make sure

you have installed version 1.3.6h or later. Earlier versions of ConsoleOne cause JClient errors in iManager.

6.5 CUPS on OES 2

iPrint is the print solution for OES 2 and offers more robust and scalable print services than a CUPS installation can. iPrint actually uses CUPS to render print jobs prior to sending them to the printer, but for scalability and performance, printing from the server itself is disabled during iPrint installation.

If you plan to use iPrint, deselect Print Server in the Primary Functions category during the install and don’t configure CUPS on the OES 2 server.

6.6 DSfW: MMC Password Management Limitation

After creating a user, you cannot then force a password change through the Microsoft Management Console (MMC) because the User must change password at next logon option is disabled. You can work around this issue while creating the user by selecting the optio n as part of the creation task. For existing users, you can reset the password and select the same option as part of the reset task.

62 OES 2 SP3: Planning and Implementation Guide

Page 63

6.7 eDirectory

 Section 6.7.1, “Avoid Uninstalling eDirectory,” on page 63  Section 6.7.2, “Avoid Renaming Trees and Containers,” on page 63  Section 6.7.3, “Default Static Cache Limit Might Be Inadequate,” on page 63  Section 6.7.4, “eDirectory Not Restarting Automatically,” on page 64  Section 6.7.5, “One Instance Only,” on page 64  Section 6.7.6, “Special Characters in Usernames and Passwords,” on page 64

6.7.1 Avoid Uninstalling eDirectory

OES services are tightly integrated with eDirectory and do not func tio n wi thout it. Although the eDirectory 8.8 documentation describes how to remove and reinstall eDirectory, the

processes described do not cleanly decouple OES services, nor do they restore service connections. As a result, not only does uninst al ling eDi rectory break OES services, reinstalling eDirectory does not restore them.

If you have an issue that you believe can only be resolved by uninstalling eDirectory, make sure you consult with Novell Technical Services before you attempt to do so.

6.7.2 Avoid Renaming Trees and Containers

The configuration files for many OES services point to configuration data stored within eDirectory. Although eDirectory tracks all changes internally, OES services do not. Therefore, if you rename

your eDirectory tree or one of the containers below [Root], you should expect that one or more of your OES services will break.

If you need to rename a container or tree, make sure that you

1. Identify all of the configuration files for your OES services.

2. Assess whether the changes that you are planning impact any of your service configurations.

3. Understand and articulate the changes that are required to restore your services after renamin g.

There are no automated tools in OES for resolving the configuration errors and other problems that are caused by renaming a tree or its containers.

6.7.3 Default Static Cache Limit Might Be Inadequate

The eDirectory install in OES 2 SP3 sets a default static cache of 200 MB if an

dib

not present in the T o improve performance, you can ad just the cache paramet er in the

to meet your eDirectory performance requirements, depending on the database size and available system RAM. We recommend setting the cache to 200 MB on a 2 GB RAM system and 512 MB on 4 GB RAM system.

directory.

_ndsdb.ini

file after the install

file is

Caveats for Implementing OES 2 Services 63

Page 64

6.7.4 eDirectory Not Restarting Automatically

After a system crash or power failure, eDirectory services (ndsd) might not automatically restart in some situations. To start eDirectory again, do the following:

1 Delete the 2 At a terminal prompt, enter

/var/opt/novell/eDirectory/data/ndsd.pid

/etc/init.d/ndsd start.

file.

6.7.5 One Instance Only

OES 2 supports only one instance of eDirectory (meaning one tree instance) per server. If you need two or more instances running on a single server, you must install them on a non-OES

server, such as SLES 10.

6.7.6 Special Characters in Usernames and Passwords

Using special characters in usernames and passwords can create problems when the values are passed during an eDirectory installation or schema extension.

If the username or password contains special characters, such as $, #, and so on, escape the character by preceding it with a backslash (\). For example, an administrator username of

cn=admin$name.o=container

must be passed as

cn=admin\$name.o=container

When entering parameter values at the command line, you can either escape the character or place single quotes around the value. For example:

cn=admin\$name.o=container

'cn=admin$name.o=container'

6.8 iFolder 3.8

Implementation caveats for iFolder 3.8 are documented in “Caveats for Implementing iFolder

Services” in the Novell iFolder 3.8.4 Administration Guide.

6.9 iPrint

iPrint has the following implementation caveats:

 Section 6.9.1, “Cluster Failover Between Mixed Platforms Not Supported,” on page 65  Section 6.9.2, “Printer Driver Uploading on OES 2 Might Require a CUPS Administrator

Credential,” on page 65

 Section 6.9.3, “Printer Driver Uploading Support,” on page 65  Section 6.9.4, “iManager Plug-Ins Are Platform-Specific,” on page 65

64 OES 2 SP3: Planning and Implementation Guide

Page 65

 Section 6.9.5, “iPrint Client for Linux Doesn't Install Automatically,” on page 65  Section 6.9.6, “iPrint Disables CUPS Printing on the OES 2 Server,” on page 65

6.9.1 Cluster Failover Between Mixed Platforms Not Supported

Clustered iPrint services can only fail over to the same platform, either OES 2 or NetWare.

6.9.2 Printer Driver Uploading on OES 2 Might Require a CUPS Administrator Credential

A PPD is the Linux equivalent of a printer driver on Windows. There are two versions of the iPrint Client: high security and low security. By default, end users and

administrators install the high-security client when using the iPrint Printer List Web page. This means that administrators are prompted for a CUPS administrator credential when uploading

PPDs. However, the prompt doesn’t specify that a CUPS administrator credential is needed and the

root

user credential does not work.

6.9.3 Printer Driver Uploading Support

Uploading PPD printer drivers from a Linux workstation requires a Mozilla-based browser. Only the Add From System button works for uploading drivers. Non-Mozilla-based browsers, such as Konqueror, cannot be used to upload drivers.

Uploading PPD printer drivers from a Windows workstation requires Internet Explorer 5.5 or later. Other browsers running on Windows do not work for uploading drivers.

Windows printer drivers cannot be uploaded by using Mozilla-based or other browsers on any platform.

6.9.4 iManager Plug-Ins Are Platform-Specific

The iManager plug-ins are different for each server platform. Therefore, if you have both OES 2 and NetWare 6.5 SP8 servers running iPrint services, you need two instances of iManager to manage iPrint—one on each platform.

6.9.5 iPrint Client for Linux Doesn't Install Automatically

Users who are used to installing the Windows iPrint Client expect to choose an Open option and have the client install automatically. However, installing the client on Linux workstations requires you to save the RPM package and then install it manually if a package manager is not already installed and configured as it is in the Novell Linux Desktop. For more information, see “Linux:

iPrint Client” in the OES 2 SP3: iPrint for Linux Administration Guide.

6.9.6 iPrint Disables CUPS Printing on the OES 2 Server

iPrint uses CUPS to render print jobs before sending the print job to the Print Manager. For performance and scalability, printing from the server itself is disabled during the OES installation of iPrint.

Caveats for Implementing OES 2 Services 65

Page 66

6.10 LDAP—Preventing “Bad XML” Errors

If you are using Novell eDirectory 8.7.3x, time outs are possible when you search from iManager for eDirectory objects, such as NCP Server objects, Volume objects, and Cluster objects. This is because the Object Class attribute is not indexed by default. The LDAP sub-tree search can take over 30 seconds, which causes the query to time out. For example, a Cluster objects search from the Cluster Options page returns the error:

Bad XML found during parsing when accessing cluster options

We recommend that you create a value index on the objects’ Object Class attribute. (Object Class is considered an attribute for indexing purposes.) This helps to reduce the time needed for the subtree search from over 30 seconds to 10 to 50 milliseconds. For instructions, see “Creating an Index” in the Novell eDirectory 8.8 Administration Guide.

Building indexes speeds up the subtree search, even if some partitions being searched do not contain these types of objects. For example, searching for a Cluster object in a context that contains only users is not expected to return results; however, the Object Class search is still performed, and benefits from having an index present.

The subtree search performance issue is resolved in the e Directory 8 .8.x release with th e additio n of the AncestorID feature.

6.11 LUM Cache Refresh No Longer Persistent

In reponse to customer requests for improved LDAP performance, persistent searching for new Linux-enabled users and groups has been disabled in OES 2 SP3. This means that when a user or group is enabled for Linux access, it is not immediately listed in some of the interfaces, such as the GUI file browser.

For most installations this is not an issue. However, persistent searching can be turned on by editing

/etc/nam.conf

the Alternatively , you can shorten the LUM ca che refres h period (default is 8 hours). You can adjust the

refresh period by editing the

nam.conf

You can also refresh the cache immediately by using the For more information, see “What’s New” in the OES 2 SP3: Novell Linux User Management

Administration Guide.

file and restarting LUM using the

file and changing the

persistent-cache-refresh-period

persistent-search

rcnamcd restart

namconfig cache_refresh

parameter from no to

parameter in the

command.

yes

/etc/

command.

6.12 Management

 Section 6.12.1, “iManager RBS Configuration with OES 2,” on page 67  Section 6.12.2, “Storage Error in iManager When Accessing a Virtual Server,” on page 67  Section 6.12.3, “Truncated DOS-Compatible Short Filena mes Are Not Supported at a Terminal

Prompt,” on page 67

66 OES 2 SP3: Planning and Implementation Guide

Page 67

6.12.1 iManager RBS Configuration with OES 2

In “Installing RBS” in the Novell iManager 2.7.4 Administration Guide, you are instructed to run the iManager Configuration Wizard before using iManager.

When iManager is installed in connection with OES 2, various roles and tasks are configured, as shown in Figure 6-1.

These roles and tasks are available to all the users you create until you run the configuration wizard. After that, the roles and tasks are available only to the Admin user and other us ers or groups you specifically designate.

Figure 6-1 iManager Roles and Tasks

For more information on iManager, see the Novell iManager 2.7.4 Administration Guide.

6.12.2 Storage Error in iManager When Accessing a Virtual Server

iManager returns a object. This is working as designed.

Storage Error

6.12.3 Truncated DOS-Compatible Short Filenames Are Not Supported at a Terminal Prompt

Use the actual filenames instead of names such as command prompt.

when you access the Authentication tab for a virtual server

filena~1.txt

during file operations from the

Caveats for Implementing OES 2 Services 67

Page 68

6.13 NCP Doesn’t Equal NSS File Attribute Support

NSS file attributes and NCP services tend to get mixed together in the minds of NetWare administrators. It is important to remember that file and directory attributes are supported and enforced by the file system that underlies an NCP volume, not by the NCP server.

For example, even though the Rename Inhibit attribute appears to be settable in the NCP client interface, if the underlying file system is L inux POSIX (Reiser, Ext3, or XFS) there is no support for the attribute and it cannot be set.

Salvage (undelete) and Purge are other features that are available only on NSS and only where the Salvage attribute has been set (the NSS default). They can be managed in the NCP client and through NetStorage, bu t th ey ar e no t available on NCP volumes where the underlying file syst em is Linux POSIX.

Some administrators assume they can provide NSS attribute support by copying or migrating files, directories, and metadata from an NSS volume to a defined NCP volume on a Linux POSIX partition. However, this doesn’t work, because NSS file attributes are only supported on NSS volumes.

6.14 Novell-tomcat Is for OES Use Only

The

novell-tomcat

Novell services, not a generic application platform.

package is installed for Novell service use only. It is an embedded part of

If you want to deploy a Web application on Tomcat on an OES server, install and use the Tomcat package that comes with SLES 10, not the

novell-tomcat

package.

6.15 NSS (OES 2)

 Section 6.15.1, “Understanding Name Space Support,” on page 68  Section 6.15.2, “The Role of EVMS,” on page 68

6.15.1 Understanding Name Space Support

NSS stores LONG, UNIX, DOS, and AFP name spaces for all files. The default name space sets which name space will be exposed.

In OES 2 the LONG name space was made the default to help performance of NCP, CIFS, and Samba file services. If your primary use is for GroupWise, we recommend changing the default name space to UNIX.

6.15.2 The Role of EVMS

EVMS is the only supported volume manager for NSS volumes on OES 2.

68 OES 2 SP3: Planning and Implementation Guide

Page 69

Although some administrators have successfully created NSS volumes on hard disks managed by non-EVMS volume managers, there are serious management and configuration limitations associated with this unsupported implementation. For more information, see “Using NSS on

Devices Managed by Non-EVMS Volume Man ag ers ” in the OES 2 SP3: NSS File System

Administration Guide for Linux.

NOTE: EVMS support is automatic and requires no manual configuration unless NSS is being

/boot

installed on the device that contains the boot ( that case only you must follow the instructio ns in “ Installi ng with EVMS as th e Volume Manager of

the System Device” in the OES 2 SP3: Installation Guide.

) and root (/) partitions (the system device). In

6.16 OpenLDAP on OES 2

You cannot run OpenLDAP on an OES 2 server with eDirectory installed. eDirectory LDAP is required for OES 2 services and uses the same ports as OpenLDAP.

6.17 Samba

For Samba implementation caveats, see “Samba Caveats” in the OES2 SP3: Samba Administration

Guide.

6.18 Virtualization Issues

The following are caveats for setting up OES 2 server in Xen VMs:

 Section 6.18.1, “Always Close Virtual Machine Manager When Not in Use,” on page 69  Section 6.18.2, “Always Use Timesync Rather Than NTP,” on page 69  Section 6.18.3, “Backing Up a Xen Virtual Machine,” on page 70  Section 6.18.4, “Time Synchronization and Virtualized OES 2,” on page 70  Section 6.18.5, “NSS Considerations,” on page 70

6.18.1 Always Close Virtual Machine Manager When Not in Use

You should always close Virtual Machine Manager (VMM) when you are not actively using it. Virtual Machines are not affected.

Leaving VMM open can affect the system resources available to the VMs.

6.18.2 Always Use Timesync Rather Than NTP

Time synchronization problems have been observed when virtualized NetWare servers are running the XNTPD NLM. Therefore, Novell strongly recommends using Timesync and also configuring the service to communicate through NTP.

Caveats for Implementing OES 2 Services 69

Page 70

6.18.3 Backing Up a Xen Virtual Machine

When backing up a Xen virtual machine running virtualized NetWare, we recommend using a remote backup source rather than a local tape device because of limitations in detecting a local tape device.

6.18.4 Time Synchronization and Virtualized OES 2

eDirectory relies on time being synchronized and connections with eDirec to ry are lost if the system time varies in the host operating system. Be sure you understand and follow the inst ructions in

Virtual Machine Clock Settings (http://www.novell.com/documentation/sles10/ book_virtualization_xen/data/sec_guest_suse.html#sec_xen_time) in the “Virtual Machine Clock Settings” (http://www.novell.com/documentation/sles10/book_virtualization_xen/data/ book_virtualization_xen.html) guide.

6.18.5 NSS Considerations

Make sure you follow these guidelines for using NSS volumes in connection with OES 2 servers running in Xen VMs:

 Both Linux and NetWare Platforms: NSS pools and volumes must be created on only SCSI

or Fibre Channel devices. You cannot use a file-based disk image, LVM-based disk image, or an SATA/IDE disk for the virtual machine.

 OES 2: Data shredding is not supported.

70 OES 2 SP3: Planning and Implementation Guide

Page 71

Upgrading to OES 2

This section provides information and links for up grading to Open Enterprise Server.

 Section 7.1, “Caveats to Consider Before Upgrading,” on page 71  Section 7.2, “OES 2 SP3 Upgrade Paths,” on page 72  Section 7.3, “NetWare 6.5 SP8 Upgrade Paths,” on page 72

7.1 Caveats to Consider Before Upgrading

Be aware of the following caveats when upgrading an OES server:

 Section 7.1.1, “About Previously Installed Packages (RPMs),” on page 71  Section 7.1.2, “iManager 2.5 Replaced by iManager 2.7 on NetWare,” on page 71  Section 7.1.3, “OES 1 Linux to OES 2 Service Differences,” on page 71  Section 7.1.4, “Only One eDirectory Instance Is Supported on OES Servers,” on page 72

7.1.1 About Previously Installed Packages (RPMs)

Other Novell products, such as GroupWise, and third-party applications that you have installed are treated differently by default when you upgrade an OES server, depending on the version of the server you are upgrading:

 OES 1: Applications are deleted by default during an upgrade.  OES 2: Applications installed on an OES 2 server are retained, but might not work after

upgrading.

To learn more and for instructions on manually changing these options, see “Planning for the

Upgrade to OES 2 SP3” in the OES 2 SP3: Installation Guide.

7.1.2 iManager 2.5 Replaced by iManager 2.7 on NetWare

If iManager 2.5 is installed on a NetWare server, and you upgrade it to NetWare 6.5 SP8, iManager and its associated plug-ins are automatically updated to version 2.7. For more information about iManager 2.7, see the Novell iManager 2.7.4 Administration Guide.

If you are using iManager 2.02, iManager is not upgraded.

7.1.3 OES 1 Linux to OES 2 Service Differences

eGuide, Novell iFolder 2, and Virtual Office are not supported on OES 2. If you upgrade an OES 1 Linux server with any of these installed to OES 2 SP3, the services cease to function.

Upgrading to OES 2

Page 72

7.1.4 Only One eDirectory Instance Is Supported on OES Servers

If your OES server has multiple instances of eDirectory running (multiple trees), any attempt to upgrade the server fails.

You must remove all instances, except the one that uses port 524, prior to an upgrade. For more information, see Section 6.7.5, “One Instance Only,” on page 64.

7.2 OES 2 SP3 Upgrade Paths

The following are supported upgrade paths for OES 2 SP3:

Table 7-1 Supported OES 2 SP3 Upgrade Paths

Source Destination

OES 1 SP2 (32-bit) OES 2 SP3 (32-bit) OES 2 SP2 (32-bit) OES 2 SP3 (32-bit) OES 2 SP2 (64-bit) OES 2 SP3 (64-bit)

NOTE: Physical installations cannot be upgr aded to virtual inst allations, and the reve rse is also true. Only physical to physical and virtual to virtual upgrades are supported.

For complete upgrade instructions, see “Upgrading to OES 2 SP3” in the OES 2 SP3: Installation

Guide.

In addition to upgrading the server itself, data and service migration s from OES 1 to OE S 2 are also supported. For more information, see the OES 2 SP3: Migration Tool Administration Guide.

7.3 NetWare 6.5 SP8 Upgrade Paths

For help upgrading from NetWare to OES 2, see the OES 2 SP3: Upgrading to OES—Best Practices

Guide.

72 OES 2 SP3: Planning and Implementation Guide

Page 73

Migrating and Consolidating Existing Servers and Data

This section briefly outlines the following migration topics:

 Section 8.1, “Supported OES 2 SP3 Migration Paths,” on page 73  Section 8.2, “Migration Tools and Purposes,” on page 73

8.1 Supported OES 2 SP3 Migration Paths

For a complete list of Open Enterprise Server SP3 migration scenarios and paths, see “Migration

Scenarios” in the OES 2 SP3: Migration Tool Administration Guide.

8.2 Migration Tools and Purposes

The following sections briefly explain the migration tools included in OES 2 SP3:

 Section 8.2.1, “OES 2 SP3 Migration Tool,” on page 73  Section 8.2.2, “Migrate Windows Shares Utility,” on page 73

8.2.1 OES 2 SP3 Migration Tool

The OES 2 SP3 Migration Tool lets you migrate and/or consolidate data and services from one or more NetWare, OES 1, or OES 2 source servers to an OES 2 SP3 target server. The source servers must each be running the same platform. Cross-platform consolidations are not directly supported, but can be facilitated as explained in “Cross-Platform Data Consolidations” in the OES 2 SP3:

Migration Tool Administration Guide.

You can also transfer a complete server identity, including its IP address, hostname, eDirectory identity, NICI keys, and certificates. For more information, see “Transfer ID ” in the OES 2 SP3:

Migration Tool Administration Guide.

8.2.2 Migrate Windows Shares Utility

OES 2 SP3 includes the Migrate Windows Shares utility to help you migrate data from Windows NT, 2000, or 2003 servers to OES 2 SP3.

For more information, see “Migrating Data from Window s to OES 2 SP3 Linux” in the OES 2 SP3:

Migration Tool Administration Guide.

Migrating and Consolidating Existing Servers and Data

Page 74

74 OES 2 SP3: Planning and Implementation Guide

Page 75

NetWare 6.5 SP7

Guest Server

Virtualization Host Server

(OES 2 or

SLES 10)

OES 2 Linux

Guest Server

Virtual Machine

Virtual MachineVirtual Machine

NetWare 6.5 SP8

Guest Server

Virtual Machine

OES 2 SPX Linux

Guest Server

Virtualization in OES 2

In Open Enterprise Server 2, you can host multiple OES 2 and NetWare servers on Xen virtual machines (VMs) on a single Xen host server.

For information about installing and running OES 2 services on Xen-ba sed virtual machines, see the links on the Virtualization page of the OES 2 Online Documentation.

 Section 9.1, “Graphical Overview of Virtualization in OES 2,” on page 75  Section 9.2, “Why Install OE S Services on Your VM Host?,” on page 75  Section 9.3, “Services Supported on VM Hosts and Guests,” on page 76

IMPORTANT: Support for Xen virtualization of NetWare 6.5 SP7 and later is an OES 2 product feature and is available only to OES 2 registered customers.

9.1 Graphical Overview of Virtualization in OES 2

Figure 9-1 illustrates how a single VM host server can support multiple VM guest servers that in

turn provide OES services.

Figure 9-1 Xen-Based Virtualiza tion in OES 2

9.2 Why Install OES Services on Your VM Host?

Novell supports three OES 2 services running on a Xen VM host server: Novell Linux User

Management, Novell Storage Management Services, and Novell Cluster Services. Additionally, whenever you specify OES 2 as an add-on product, the YaST-based NetWare Response File Utility is automatically installed, whether you install any OES 2 services or not.

Virtualization in OES 2

Page 76

Having these components installed on a Xen VM host server provides t he following benefits:

 Linux User Management (LUM): Lets you SSH into the server for management purposes by

using an eDirectory user account. This functionality requires that you

 Enable SSH communications through any firewalls that are running on the server  Configure LUM to allow SSH as a LUM-enabled service. For more information see

“Section 11.4.2, “Setting Up SSH Access for LUM-enabled eDirectory Users,” on

page 93.”

 Storage Management Services (SMS): Lets you back up the VM host server and all of the

VM guests.

 Novell Cluster Services (NCS): Lets you cluster the VM guests running on the VM host.  NetWare Response File Utility: Lets you pre-answer the same questions as you would d uring

a physical NetWare installation. When the time comes to run the NetWare Install program, the installation reads your responses from the file and proceeds without requiring further intervention.

9.3 Services Supported on VM Hosts and Guests

As you plan your virtualization configurations, you will want to consider which services are supported where Table 9-1 and which combinations o f services are supported (see Section 3.9.19,

“Unsupported Service Combinations,” on page 43).

Table 9-1 Services Supported on VM Hosts and Guests

OES 2 Service Linux VM Host Linux VM Guest NetWare VM Guest

AFP (Novell AFP) Backup/SMS CIFS (Novell CIFS) Cluster Services (non-NSS and Xen

templates only) DHCP DNS Domain Services for

Windows (DSfW) eDirectory FTP Novell iFolder (3.7) (2.1x) iManager iPrint Linux User Management

76 OES 2 SP3: Planning and Implementation Guide

Page 77

OES 2 Service Linux VM Host Linux VM Guest NetWare VM Guest

NCP Server/Dynamic Storage Technology

NetStorage Novell Remote Manager

(NRM) Novell Storage Services

(NSS) QuickFinder Samba

IMPORTANT: Adding OES services to a Xen VM host requires that you boot the server with the regular kernel prior to adding the services. See the instructions in th e Important note in “Install ing or

Configuring OES Services on an Existing Server” in the OES 2 SP3: Installation Guide.

Virtualization in OES 2 77

Page 78

78 OES 2 SP3: Planning and Implementation Guide

Page 79

Clustering and High Availability

Open Enterprise Server 2 includes support for a two-node Novell Cluster Services cluster. The full Novell Cluster Services product (available through a separate purchase) is a multinode

clustering product that

 Can include up to 32 servers.  Is supported for both NetWare and Linux.  Is eDirectory enabled for single-point ease of management.  Supports failover, failback, and migration (load balancing) of individually managed cluster

resources.

 Supports shared SCSI, iSCSI, and Fibre Channel storage area networks.

For more information, see the topics in “clustering (high availability)” in the OES 2 online documentation.

Clustering and High Availability

Page 80

80 OES 2 SP3: Planning and Implementation Guide

Page 81

OES 2

servers

Browser-based tools

(both platforms)

NetWare console

(NetWare only)

nsscon, nssmu, ncpcon,

DFS and NSS utilities, NRM,

YaST, and native

Linux tools

OES 2 Linux

servers

Linux/POSIX

authentication

root userroot user

Users ToolsAuthentication Services and Servers

eDirectory

authentication

Admin user

OES 2 Services

(except eDirectory)

All OES 2 Services

Managing OES 2

This section includes the following topics:

 Section 11.1, “Overview of Management Interfaces and Services,” on page 81  Section 11.2, “Using OES 2 Welcome Pages,” on page 82  Section 11.3, “OES Utilities and Tools,” on page 83  Section 11.4, “SSH Services on OES 2,” on page 91

11 .1 Overview of Management Interfaces and Services

As shown in Figure 11-1, Open Enterprise Server provides a rich set of service-management and server-management tools, including browser-based and server-based interfaces that help you implement and maintain your network. Access t o most of these ma nagement interfaces is control led through eDirectory. However, a few interfaces, such as YaST on SUSE Linux Enterprise Server 10 servers, require local authentication.

For more information, see Section 11.3, “OES Utilities and Tools,” on page 83.

Figure 11-1 Management Interfaces and Services

Managing OES 2

Page 82

11 .2 Using OES 2 Welcome Pages

Run iManager, NRM, etc.

Download applicable client software.

Get Migration help.

192.168.1.45

Start training on Linux.

Go to important OES 2 pages on Novell.com.

After you install an OES 2 server, anyone with browser access to the server can access its Welcome Web site, which is a collection of dynamic Web pages that provides the features illustrated and explained in Figure 11-2.

Figure 11-2 The Default OES Welcome Page

This section explains OES Welcome Web Site features, and discusses:

 Section 11.2.1, “The Welcome Site Requires JavaScript, Apache, and Tomcat,” on page 82  Section 11.2.2, “Accessing the Welcome Web Site,” on page 83  Section 11.2.3, “The Welcome Web Site Is Available to All Users,” on page 83  Section 11.2.4, “Administrative Access from the Welcome Web Site,” on page 83

11.2.1 The Welcome Site Requires JavaScript, Apache, and Tomcat

Browsers accessing the Welcome site must have JavaScript enabled to function correctly. Additionally, it is possible to install OES 2 on either supported platform without including the

Apache Web Server or the Tomcat Servlet Container. For example, the Apache server and Tomcat container are included with many of the OES 2 server patterns, but not all of them.

If you are unable to access the Welcome Web site, your server is probably missing one or both of these required components. To make the site available, you need to add the components to the OES 2 server.

82 OES 2 SP3: Planning and Implementation Guide

Page 83

11.2.2 Accessing the Welcome Web Site

Anyone with browser access to an OES 2 server can access the Welcome site by doing the following:

1 Open a supported Web browser that has a TCP connection to the network where the OES 2

server is installed.

2 Enter the URL to the server, using HTTP.

For example:

http://server.example.com/welcome

http://192.168.1.206/welcome

IMPORTANT: By default, the Welcome site is accessible by entering only the DNS name or IP address without the path to /welcome as the URL. However, this behavior changes as follows:

On NetWare, the

Welcome site page. If the file is changed, then the behavior reflects the changes made.

sys:/apache2/htdocs/index.html

file redirects requests to the

On Linux, the Welcome site displays only when there is no

htdocs

says “It Works!” and the Welcome site is not displayed. If the Welcome page disappears, include /welcome in the access URL. For additional information, see “Verifying That the Installation Was Successful” in the OES 2

SP3: Installation Guide.

. For example, installing the Web and LAMP Server pattern installs a page that

index.html

file in

/srv/www/

11.2.3 The Welcome Web Site Is Available to All Users

Although the Welcome Web site is desi gned primarily for a dministrators, it can also be ac cessed and used by end users. For example, if iPrint is installed on the server, users can install the iPrint Client by clicking the Client Software link and selecting the appropriate client.

11.2.4 Administrative Access from the Welcome Web Site

Administrators can access any of the administrative tools installed on the server by clicking the Management Services link, selecting t he tool they want to use, and entering the required authentication information.

11.3 OES Utilities and Tools

TIP: NetWare administrators who are new to Linux will also be interested in “OES2 SP3: Linux

Tips for NetWare Administrators,” a reference that outlines the OES equivalents for most of the

familiar CLI tools on NetWare.

Novell OES 2 includes several administration utilities that let you manage everything in your network, from configuring and managing eDirectory to setting up network services and open source software. This section lists and briefly explains the most common utilities.

Managing OES 2 83

Page 84

Whenever possible, we recommend that all OES management be performed by using browser -based tools. This ensures that all the system commands required to execute various tasks are performed in proper order and that none of them is skipped by mistake.

Table 11-1 is a quick reference for accessing information about the OES ma nagement tool s. Specific

instructions for the tasks listed are located in the administration guides and other documentation for the services that each tool manages.

Table 11-1 OES Management Tool Quick Reference

Tool Tasks

bash  Manage the Linux

server.

 Manage many

services running on the server.

Health Monitoring Services

 Monitor the health of

OES servers.

Access Method or URL/ Username

Access a command prompt on the Linux server.

1. In a supported Web

browser, access

Novell Remote Manager by entering http:// IP_Address:8008

2. Specify the eDirectory Admin username and password, or on Linux you can use

root

the password if needed.

3. Click Health Monitor under Diagnose Server.

user and

Notes

For more information or help understanding and using bash, search the Web for any of the numerous articles and tutorials on using the shell.

Functionality is limited for

root

non-Admin or nonusers on both platforms.

NRM on Linux doesn't include all the functionality of NRM on NetWare.

For more information, see the

OES 2 SP3: Novell Remote Manager for Linux Administration Guide.

Health Monitoring Services on OES 2 use a Common Information Model (CIM) provided by the Web-Based Enterprise Management (WBEM) Initiative. For more information on WBEM, visit the DMTF Web site (http://

www.dmtf.org/standards/ wbem).

84 OES 2 SP3: Planning and Implementation Guide

Page 85

Tool Tasks

Access Method or URL/ Username

Notes

iManager 2.7  Access various other

management tools and plug-ins.

 Configure OES

network services.

 Create and manage

users, groups, and other objects.

 Delegate

administration through Role-Based Services (RBS).

 Manage eDirectory

objects, schema, partitions, and replicas.

 Manage OES 2

services

 Set up and manage

your Novell eDirectory tree.

iManager Workstation (formerly Mobile iManager)

 Manage eDirectory.  Create and manage

users, groups, and other objects.

 Manage OES 2

services.

 Access various other

management tools and plug-ins.

1. In a supported Web

browser, enter the

following URL:

http://IP_or_DNS/ iManager.html

2. Specify the eDirectory Admin username and password.

On a Linux workstation:

bin

1. At the of the expanded

Novell OPEN ENTERPRISE SERVER 2 SP3 Implementation Manual

Specifications and Main Features

Frequently Asked Questions

User Manual