Novell OPEN ENTERPRISE SERVER 2 SP3 Implementation Manual
Novell®
www.novell.com
Planning and Implementation Guide
Open Enterprise Server
2 SP3
December 2010
AUTHORIZED DOCUMENTATION
Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export contr ols and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export
approvals.
Copyright © 2009–2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced,
photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web page (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
Contents
About This Guide 13
1 What’s New or Changed 15
1.1 Links to What's New Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.2 New or Changed in OES 2 SP3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.2.1 Common Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.2.2 Linux User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.2.3 Log File Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.2.4 OpenSLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.2.5 QuickFinder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.2.6 New in eDirectory 8.8.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.3 New or Changed in OES 2 SP2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.3.1 Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.3.2 Base Platform Is SLES 10 SP3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.3.3 CIFS DFS Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.3.4 Create EVMS Proposal Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.3.5 Cross-Protocol File Locking Change. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.3.6 Domain Services for Windows Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.3.7 Java Console for DNS/DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.3.8 Performance Increases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.3.9 Pure-FTPd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.3.10 Upgrading Online. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.3.11 Windows 7 Client Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.4 New in OES 2 SP1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.4.1 YaST Install Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.4.2 Novell AFP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.4.3 Novell CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.4.4 Novell Domain Services for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.5 Migration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.5 New in OES 2 (Initial Release). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.5.1 Dynamic Storage Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.5.2 OES 2 Migration Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.5.3 Xen Virtualization Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.6 Where’s NetWare?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.6.1 NetWare References in This Guide and Elsewhere . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.6.2 NetWare Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2 Welcome to Open Enterprise Server 2 23
3 Planning Your OES 2 Implementation 25
3.1 What Services Are Included in OES 2? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.2 Which Services Do I Need?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.3 Exploring OES 2 services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.4 Plan for eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.5 Prepare Your Existing eDirectory Tree for OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.6 Identify a Purpose for Each Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.7 Understand Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.8 Understand User Restrictions and Linux User Management. . . . . . . . . . . . . . . . . . . . . . . . . . 34
Contents 3
3.9 Caveats to Consider Before You Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.9.1 Adding a Linux Node to a Cluster Ends Adding More NetWare Nodes. . . . . . . . . . . 34
3.9.2 Always Double-Check Service Configurations Before Installing . . . . . . . . . . . . . . . . 35
3.9.3 Back Button Doesn’t Reset Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.9.4 Common Proxy Password Should Usually Be Reset . . . . . . . . . . . . . . . . . . . . . . . . 35
3.9.5 Cluster Upgrades Must Be Planned Before Installing OES 2 . . . . . . . . . . . . . . . . . . 35
3.9.6 Cross-Protocol File Locking Has Changed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.9.7 Do Not Create Local (POSIX) Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.9.8 Do Not Upgrade to eDirectory 8.8 Separately. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.9.9 Follow the Instructions for Your Chosen Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.9.10 If You’ve Ever Had OES 1 Linux Servers with LUM and NSS Installed. . . . . . . . . . . 37
3.9.11 iFolder 3.8 Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.9.12 Incompatible TLS Configurations Give No Warning . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.9.13 Installing into an Existing eDirectory Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.9.14 NetWare Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.9.15 Novell Distributed Print Services Cannot Migrate to Linux . . . . . . . . . . . . . . . . . . . . 42
3.9.16 NSS Caveats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.9.17 Plan eDirectory Before You Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.9.18 Samba Enabling Disables SSH Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.9.19 Unsupported Service Combinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.9.20 VNC Install Fails to Set the IP Address in /etc/hosts. . . . . . . . . . . . . . . . . . . . . . . . . 46
3.10 Consider Coexistence and Migration Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.11 Understand Your Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.11.1 OES 2 Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.11.2 About Your Installation Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3.11.3 Use Predefined Server Types (Patterns) When Possible . . . . . . . . . . . . . . . . . . . . . 48
3.11.4 If You Want to Install in a Lab First . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.11.5 If You Want to Install NSS on a Single-Drive Linux Server . . . . . . . . . . . . . . . . . . . . 49
4 Getting and Preparing OES 2 Software 51
4.1 Do You Have Upgrade Protection? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
4.2 Do You Want 32-Bit or 64-Bit OES? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
4.3 Do You Want to Purchase OES 2 or Evaluate It? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
4.4 Evaluating OES 2 Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
4.4.1 Understanding OES 2 Software Evaluation Basics. . . . . . . . . . . . . . . . . . . . . . . . . . 53
4.4.2 Downloading OES 2 SP3 Software from the Novell Web Site. . . . . . . . . . . . . . . . . . 53
4.4.3 Preparing the Installation Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
4.4.4 Installing OES 2 for Evaluation Purposes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
4.4.5 Evaluating OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.4.6 Installing Purchased Activation Codes after the Evaluation Period Expires . . . . . . . 55
4.5 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.5.1 The OES 2 Licensing Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.5.2 SLES Licensing Entitlements in OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
4.5.3 OES 2 Doesn’t Support NLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
5 Installing OES 2 57
5.1 Installing OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.1.1 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.2 Installing OES 2 Servers in a Xen VM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
6 Caveats for Implementing OES 2 Services 59
6.1 AFP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.1.1 Anti-Virus Solutions and AFP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
4 OES 2 SP3: Planning and Implementation Guide
6.2 Avoiding POSIX and eDirectory Duplications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6.2.1 The Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6.2.2 Three Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6.2.3 Avoiding Duplication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
6.3 CIFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
6.3.1 Changing the Server IP Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
6.4 ConsoleOne Can Cause JClient Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
6.5 CUPS on OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
6.6 DSfW: MMC Password Management Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
6.7 eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
6.7.1 Avoid Uninstalling eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
6.7.2 Avoid Renaming Trees and Containers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
6.7.3 Default Static Cache Limit Might Be Inadequate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
6.7.4 eDirectory Not Restarting Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.7.5 One Instance Only. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.7.6 Special Characters in Usernames and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.8 iFolder 3.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.9 iPrint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.9.1 Cluster Failover Between Mixed Platforms Not Supported . . . . . . . . . . . . . . . . . . . . 65
6.9.2 Printer Driver Uploading on OES 2 Might Require a CUPS Administrator Credential 65
6.9.3 Printer Driver Uploading Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.9.4 iManager Plug-Ins Are Platform-Specific. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.9.5 iPrint Client for Linux Doesn't Install Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.9.6 iPrint Disables CUPS Printing on the OES 2 Server . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.10 LDAP—Preventing “Bad XML” Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
6.11 LUM Cache Refresh No Longer Persistent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
6.12 Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
6.12.1 iManager RBS Configuration with OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.12.2 Storage Error in iManager When Accessing a Virtual Server . . . . . . . . . . . . . . . . . . 67
6.12.3 Truncated DOS-Compatible Short Filenames Are Not Supported at a Terminal Prompt
67
6.13 NCP Doesn’t Equal NSS File Attribute Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
6.14 Novell-tomcat Is for OES Use Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
6.15 NSS (OES 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
6.15.1 Understanding Name Space Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
6.15.2 The Role of EVMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
6.16 OpenLDAP on OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
6.17 Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
6.18 Virtualization Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
6.18.1 Always Close Virtual Machine Manager When Not in Use . . . . . . . . . . . . . . . . . . . . 69
6.18.2 Always Use Timesync Rather Than NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
6.18.3 Backing Up a Xen Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
6.18.4 Time Synchronization and Virtualized OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
6.18.5 NSS Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
7 Upgrading to OES 2 71
7.1 Caveats to Consider Before Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
7.1.1 About Previously Installed Packages (RPMs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
7.1.2 iManager 2.5 Replaced by iManager 2.7 on NetWare. . . . . . . . . . . . . . . . . . . . . . . . 71
7.1.3 OES 1 Linux to OES 2 Service Differences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
7.1.4 Only One eDirectory Instance Is Supported on OES Servers . . . . . . . . . . . . . . . . . . 72
7.2 OES 2 SP3 Upgrade Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7.3 NetWare 6.5 SP8 Upgrade Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Contents 5
8 Migrating and Consolidating Existing Servers and Data 73
8.1 Supported OES 2 SP3 Migration Paths. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
8.2 Migration Tools and Purposes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
8.2.1 OES 2 SP3 Migration Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
8.2.2 Migrate Windows Shares Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
9 Virtualization in OES 2 75
9.1 Graphical Overview of Virtualization in OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
9.2 Why Install OES Services on Your VM Host? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
9.3 Services Supported on VM Hosts and Guests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
10 Clustering and High Availability 79
11 Managing OES 2 81
11.1 Overview of Management Interfaces and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
11.2 Using OES 2 Welcome Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
11.2.1 The Welcome Site Requires JavaScript, Apache, and Tomcat . . . . . . . . . . . . . . . . . 82
11.2.2 Accessing the Welcome Web Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
11.2.3 The Welcome Web Site Is Available to All Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
11.2.4 Administrative Access from the Welcome Web Site . . . . . . . . . . . . . . . . . . . . . . . . . 83
11.3 OES Utilities and Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
11.4 SSH Services on OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
11.4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
11.4.2 Setting Up SSH Access for LUM-enabled eDirectory Users . . . . . . . . . . . . . . . . . . . 93
12 Network Services 97
12.1 TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
12.1.1 Coexistence and Migration Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
12.2 DNS and DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
12.2.1 DNS Differences Between NetWare and OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
12.2.2 DHCP Differences Between NetWare and OES 2. . . . . . . . . . . . . . . . . . . . . . . . . . . 99
12.3 Time Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
12.3.1 Overview of Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
12.3.2 Planning for Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
12.3.3 Coexistence and Migration of Time Synchronization Services . . . . . . . . . . . . . . . . 106
12.3.4 Implementing Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
12.3.5 Configuring and Administering Time Synchronizati on . . . . . . . . . . . . . . . . . . . . . . . 109
12.3.6 Daylight Saving Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
12.4 Discovery Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
12.4.1 Novell SLP and OpenSLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
12.4.2 WinSock and Discovery Is NetWare only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
12.4.3 UDDI and Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
12.4.4 CIMOM and Discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
12.5 SLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
12.5.1 Why SLP Is Needed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
12.5.2 Comparing Novell SLP and OpenSLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
12.5.3 Setting Up OpenSLP on OES 2 Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
12.5.4 Using Novell SLP on OES 2 Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
12.5.5 SLP Changes in SP3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
6 OES 2 SP3: Planning and Implementation Guide
13 Storage and File Systems 121
13.1 Overview of OES 2 Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
13.1.1 Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
13.1.2 iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
13.1.3 File System Support in OES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
13.1.4 Storage Basics by Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
13.1.5 Storage Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
13.1.6 NetWare Core Protocol Support (Novell Client Support) on Linux . . . . . . . . . . . . . 126
13.2 Planning OES File Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
13.2.1 Directory Structures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
13.2.2 File Service Support Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
13.2.3 General Requirements for Data Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
13.2.4 OES 2 Storage Planning Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
13.2.5 NSS Planning Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
13.3 Coexistence and Migration of Storage Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
13.3.1 MySQL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
13.3.2 OES 2 Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
13.3.3 NetWare 6.5 SP8 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
13.4 Configuring and Maintaining Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
13.4.1 Managing Directories and Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
13.4.2 Managing NSS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
13.4.3 Optimizing Storage Performance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
14 eDirectory, LDAP, and Domain Services for Windows 137
14.1 Overview of Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
14.2 eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
14.2.1 Installing and Managing eDirectory on OES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
14.2.2 Planning Your eDirectory Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
14.2.3 eDirectory Coexistence and Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
14.3 LDAP (eDirectory) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
14.3.1 Overview of eDirectory LDAP Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
14.3.2 Planning eDirectory LDAP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
14.3.3 Migration of eDirectory LDAP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
14.3.4 eDirectory LDAP Implementation Suggestions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
14.4 Domain Services for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
14.4.1 Graphical Overview of DSfW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
14.4.2 Planning Your DSfW Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
14.4.3 Implementing DSfW on Your Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
15 Users and Groups 147
15.1 Creating Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
15.2 Linux User Management: Access to Linux for eDirectory Users . . . . . . . . . . . . . . . . . . . . . . 147
15.2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
15.2.2 Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
15.2.3 LUM Implementation Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
15.3 Identity Management Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
15.4 Using the Identity Manager 3.6.1 Bundle Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
15.4.1 What Am I Entitled to Use? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
15.4.2 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
15.4.3 Installation Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
15.4.4 Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
15.4.5 Activating the Bundle Edition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Contents 7
16 Access Control and Authentication 161
16.1 Controlling Access to Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
16.1.1 Overview of Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
16.1.2 Planning for Service Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
16.1.3 Coexistence and Migration of Access Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
16.1.4 Access Implementation Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
16.1.5 Configuring and Administering Access to Services . . . . . . . . . . . . . . . . . . . . . . . . . 170
16.2 Authentication Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
16.2.1 Overview of Authentication Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
16.2.2 Planning for Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
16.2.3 Authentication Coexistence and Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
16.2.4 Configuring and Administering Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
17 File Services 177
17.1 Overview of File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
17.1.1 Using the File Services Overviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
17.1.2 FTP Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
17.1.3 NetWare Core Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
17.1.4 NetStorage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
17.1.5 Novell AFP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
17.1.6 Novell CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
17.1.7 Novell iFolder 3.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
17.1.8 Novell Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
17.2 Planning for File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
17.2.1 Deciding Which Components Match Your Needs . . . . . . . . . . . . . . . . . . . . . . . . . . 187
17.2.2 Comparing Your CIFS File Service Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
17.2.3 Planning Your File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
17.3 Coexistence and Migration of File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
17.3.1 Novell Client (NCP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
17.3.2 NetStorage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
17.3.3 Novell AFP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
17.3.4 Novell CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
17.3.5 Novell iFolder 3.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
17.3.6 Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
17.4 Aligning NCP and POSIX File Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
17.4.1 Managing Access Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
17.4.2 Providing a Private Work Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
17.4.3 Providing a Group Work Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
17.4.4 Providing a Public Work Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
17.4.5 Setting Up Rights Inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
17.5 Novell FTP (Pure-FTPd) and OES 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
17.5.1 Configuring Pure-FTPd on an OES 2 Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
17.5.2 Administering and Managing Pure-FTPd on an OES 2 Server . . . . . . . . . . . . . . . . 197
17.5.3 Cluster Enabling Pure-FTPd in an OES 2 Environment . . . . . . . . . . . . . . . . . . . . . 201
17.5.4 Troubleshooting PureFTPd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
17.6 NCP Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
17.6.1 The Default NCP Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
17.6.2 Creating NCP Home and Data Volume Pointers. . . . . . . . . . . . . . . . . . . . . . . . . . . 202
17.6.3 Assigning File Trustee Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
17.6.4 NCP Caveats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
17.6.5 NCP Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
17.7 NetStorage Implementation and Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
17.7.1 About Automatic Access and Storage Locations. . . . . . . . . . . . . . . . . . . . . . . . . . . 204
17.7.2 About SSH Storage Locations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
17.7.3 Assigning User and Group Access Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
8 OES 2 SP3: Planning and Implementation Guide
17.7.4 Authenticating to Access Other Target Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . 204
17.7.5 NetStorage Authentication Is Not Persistent by Default . . . . . . . . . . . . . . . . . . . . . 205
17.7.6 NetStorage Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
17.8 Novell AFP Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
17.8.1 Implementing Novell AFP File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
17.8.2 Maintaining Novell AFP File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
17.9 Novell CIFS Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
17.9.1 Implementing Novell CIFS File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
17.9.2 Maintaining Novell CIFS File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
17.10 Novell iFolder 3.8 Implementation and Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
17.10.1 Managing Novell iFolder 3.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
17.10.2 Configuring Novell iFolder 3.8 Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
17.10.3 Creating and Enabling Novell iFolder 3.8 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
17.10.4 Novell iFolder 3.8 Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
17.11 Samba Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
17.11.1 Implementing Samba File Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
17.11.2 Maintaining Samba File Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
18 Search Engine (QuickFinder) 209
19 Print Services 211
19.1 Overview of Print Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
19.1.1 Using This Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
19.1.2 iPrint Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
19.1.3 iPrint Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
19.2 Planning for Print Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
19.3 Coexistence and Migration of Print Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
19.4 Print Services Implementation Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
19.4.1 Initial Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
19.4.2 Implementation Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
19.4.3 Other Implementation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
19.5 Print Services Maintenance Suggestions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
20 Web Services 217
21 Security 219
21.1 Overview of OES Security Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
21.1.1 Application Security (AppArmor) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
21.1.2 NSS Auditing Engine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
21.1.3 Encryption (NICI). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
21.1.4 General Security Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
21.2 Planning for Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
21.2.1 Comparing the Linux and the Novell Trustee File Security Models. . . . . . . . . . . . . 221
21.2.2 User Restrictions: Some OES 2 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
21.3 Configuring and Administering Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
21.4 Links to Product Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
21.5 Links to Anti-Virus Partners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
22 Certificate Management 227
22.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
22.1.1 SLES Default Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
22.1.2 OES 2 Certificate Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Contents 9
22.1.3 Multiple Trees Sharing a Common Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
22.2 Setting Up Certificate Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 30
22.2.1 Setting Up Automatic Certificate Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
22.2.2 Eliminating Browser Certificate Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
22.3 If You Don’t Want to Use eDirectory Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
A Adding Services to OES 2 Servers 235
B Changing an OES 2 Server’s IP Address 237
B.1 Caveats and Disclaimers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
B.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
B.2.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
B.2.2 iPrint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
B.2.3 Clustering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
B.3 Changin g the Server’s Address Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
B.4 Reconfiguring the OES Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
B.5 Repairing the eDirectory Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
B.6 Completing the Server Reconfig uration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
B.6.1 QuickFinder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
B.6.2 DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
B.6.3 DSfW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
B.6.4 iPrint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
B.6.5 NetStorage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
B.7 Modifying a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
B.8 Checking SLES Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
B.9 Reconfiguring Services on Other Servers That Point to This Server. . . . . . . . . . . . . . . . . . . 243
C Updating/Patching OES 2 Servers 245
D Backup Services 247
D.1 Services for End Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
D.2 System-Wide Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
D.2.1 Links to Backup Partners. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
D.2.2 Novell Storage Management Services (SMS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
D.2.3 SLES 10 Backup Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
E Quick Reference to OES 2 User Services 249
F OES 2 SP3 Browser Support 251
G Client/Workstation OS Support 253
H OES 2 Service Scripts 255
I System User and Group Management in OES 2 SP3 259
I.1 About System Users and Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
I.1.1 Types of OES System Users and Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
I.1.2 OES System Users and Groups by Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
I.2 Understanding Proxy Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
10 OES 2 SP3: Planning and Implementation Guide
I.2.1 What Are Proxy Users?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
I.2.2 Why Are Proxy Users Needed on OES? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
I.2.3 Which Services Require Proxy Users and Why?. . . . . . . . . . . . . . . . . . . . . . . . . . . 262
I.2.4 What Rights Do Proxy Users Have? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
I.3 Common Proxy User - New in SP3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
I.3.1 Common Proxy User FAQ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
I.3.2 Managing Common Proxy Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
I.4 Planning Your Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
I.4.1 About Proxy User Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
I.4.2 There Are No Proxy User Impacts on User Connection Licenses. . . . . . . . . . . . . . 274
I.4.3 Limiting the Number of Proxy Users in Your Tree. . . . . . . . . . . . . . . . . . . . . . . . . . 274
I.4.4 Password Management and Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
I.5 Implementing Your Proxy User Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
I.5.1 Tree-Wide Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
I.5.2 Service-Specific Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
I.5.3 Partition-Wide Proxy Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
I.5.4 Server-Wide Proxy User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
I.5.5 Individual Proxy User Per-Server-Per-Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
I.6 Proxy Users and Domain Services for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
I.7 System Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
I.8 System Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
I.9 Auditing System Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
J Administrative Users in OES 2 SP3 285
K Coordinating Password Policies Among Multiple File Services 287
K.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
K.2 Concepts and Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
K.2.1 Prerequisites for File Service Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
K.2.2 eDirectory contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
K.2.3 Password Policies and Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
K.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
K.3.1 Example 1: Complex Mixed Tree with a Mix of File Access Services and Users from
across the Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
K.3.2 Example 2: Mutually Exclusive Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
K.4 Deployment Gui delines for Different Servers and Deployment Scenarios. . . . . . . . . . . . . . . 2 91
K.4.1 Deployment Scenario 1: Complex Mixed Scenario with a Mix of File Access Services
291
K.4.2 Deployment Scenario 2: Mutually /Exclusive Users . . . . . . . . . . . . . . . . . . . . . . . . 293
K.4.3 Deployment Scenario 3: Simple deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
K.4.4 Modifying User Password Policies after AFP/CIFS/Samba/DSfW Is Installed . . . . 293
K.4.5 Addi ng New User eDirectory Contexts to AFP/CIFS after AFP/CIFS/Samba/DSfW Is
Installed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
K.4.6 Enabling File Access for DSfW Servers Across Domains. . . . . . . . . . . . . . . . . . . . 293
L Documentation Updates 295
Contents 11
12 OES 2 SP3: Planning and Implementation Guide
About This Guide
Purpose
This guide provides:
Planning and implementation instructions
Service overviews
Links to detailed information in other service-specific guides.
Audience
This guide is designed to help network administrators
Understand Open Enterprise Server 2 services prior to installing them.
Make pre-installation planning decisions.
Understand installation options for each platform.
Implement the services after they are installed.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with OES 2. Please use the User Comments feature at the bottom of each page of the online
documentation, or go to www.novell.com/documentation/feedback.html and enter your comments
there.
Documentation Updates
Changes to this guide are summarized in a Documentation Updates appendix at the end of this
guide. The lack of such an appendix indicates that no changes have been made since the initial
product release.
Additional Documentation
The OES 2 SP3: Getting Started with OES 2 and Vi rtua li zed N etWare is the hands-on coun terpart to
this guide and helps network administrators:
Set up a basic lab with an OES 2 server, a virtualized NetWare server, a test tree, and user
objects that represent the different types of users in OES 2.
Use the exercises in the guide to explore how OES 2 services work.
Continue exploring to gain a soun d un derstand ing of how O ES 2 can b enefit their o rganization.
Additional documentation is also found on the OES 2 Documentation Web si te (http://
www.novell.com/documentation/oes2).
About This Guide 13
Documentation Conventions
The terms OES 2 and OES 2 SP3 are both used in this guide. Generally, OES 2 SP3 is used to
differentiate something that is new or changed for the SP3 release of OES 2. Unless otherwise
indicated, all statements that refer to OES 2 also apply to OES 2 SP3 unless otherwise indicated.
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items
within a cross-reference path.
When a single pathname can be written with a backslash for some platforms, or a forward slash for
other platforms, the pathname is presented with a forward slash to reflect the Linux* convention.
Users of platforms that require a backslash, such as NetWare, should use backslashes as required by
the software.
14 OES 2 SP3: Planning and Implementation Guide
1
What’s New or Changed
This section summarizes the new features for each release of Novell Open Enterprise Server (OES)
2.
Section 1.1, “Links to What's New Sections,” on page 15
Section 1.2, “New or Changed in OES 2 SP3,” on page 16
Section 1.3, “New or Changed in OES 2 SP2,” on page 17
Section 1.4, “New in OES 2 SP1,” on page 19
Section 1.5, “New in OES 2 (Initial Release),” on page 21
Section 1.6, “Where’s NetWare?,” on page 22
1.1 Links to What's New Sections
The following table provides links to the What’s New sections in the documentation for all OES 2
products.
Table 1-1 What’s New
1
Product Link to What's New Section
Archive and Version Services 2.1 Linux Administration Guide
User Guide
DHCP Administration Guide
Distributed File Services Administration Guide
DNS Administration Guide
Domain Services for Windows Administration Guide
Dynamic Storage Technology Administration Guide
File System Management Management Guide
FTP (Pure-FTPd) Section 17.5, “Novell FTP (Pure-FTPd) and OES
2,” on page 196
Identity Manager 3.6 Getting Started Guide (http://www.novell.com/
documentation/idm36/idm_install/data/
be1l5dw.html)
iManager 2.7 Administration Guide
Installation Installation Guide
iPrint Administration Guide
Linux User Management Technology Guide
Migration Tool Administration Guide
What’s New or Changed
15
Product Link to What's New Section
NCP Server for OES 2 Administration Guide
NetStorage Administration Guide
Novell AFP Administration Guide
Novell CIFS Administration Guide
Novell Client Linux
Windows XP/2003 Administration Guide
Windows Vista* Administration Guide
Novell Cluster Services (High Availability) Administration Guide
Novell FTP (Pure-FTPd) Section 17.5, “Novell FTP (Pure-FTPd) and OES
2,” on page 196
Novell iFolder 3.8 Administration Guide
User Guide
Novell Remote Manager Administration Guide
Novell Storage Services (NSS) Administration Guide
NSS Auditing Client What’s New for VLOG
OES 2 Installation Guide
OpenWBEM Administration Guide
QuickFinder 5 Administration Guide
Samba (Linux) Administration Guide
Server Health Monitoring This is now available in various Novell Remote
Manager dialog boxes on both platforms.
For more information, see “Health Monitoring
Services” on page 84.
Shadow Volumes See “Overview of Dynamic Storage Technology” in
the OES 2 SP3: Dynamic Storage Technology
Administration Guide.
SLP (OpenSLP) Section 12.5.5, “SLP Changes in SP3,” on
page 120
Storage Management Services (SMS) Administration Guide
Virtualization (Xen*) Virtualization Overview
1.2 New or Changed in OES 2 SP3
Section 1.2.1, “Common Proxy,” on page 17
Section 1.2.2, “Linux User Management,” o n page 17
Section 1.2.3, “Log File Location,” on page 17
Section 1.2.4, “OpenSLP,” on page 17
16 OES 2 SP3: Planning and Implementation Guide
Section 1.2.5, “QuickFinder,” on page 17
Section 1.2.6, “New in eDirectory 8.8.6,” on page 17
1.2.1 Common Proxy
CIFS, DHCP, DNS, iFolder, LUM, NCS, and NetStorage now support OES common proxy.
Automatic password management for proxy users is now supported.
1.2.2 Linux User Management
In reponse to customer requests for improved LDAP performance, persistent searching for new
Linux-enabled users and groups has been disabled in OES 2 SP3.
For more information, see Section 6.11, “LUM Cache Refresh No Longer Persistent,” on page 66
and “What’s New” in the OES 2 SP3: Novell Linux User Management Administration Guide.
1.2.3 Log File Location
Novell has added a single location to find all OES-related log files—
/var/opt/novell/log/oes
1.2.4 OpenSLP
OpenSLP now supports persistence of SLP registrations. The OpenSLP implementation is
enhanced to achieve communication across multiple directory agents. For more information, see
OpenSLP Implementation in the OES 2 SP3: Planning and Implementation Guide.
1.2.5 QuickFinder
The QuickFinder included with OES 2 SP3 includes various File Reader Updates.
1.2.6 New in eDirectory 8.8.6
The new features included in eDirectory 8.8.6 are listed in the Novell eDirectory 8.8 What's New
Guide (http://www.novell.com/documentation/edir88/edir88new/data/front.html).
1.3 New or Changed in OES 2 SP2
This section summarizes the new features introduced in Novell Open Enterprise Server (OES) 2 SP2
that either involve multiple services or are not covered in service-specific documentation. For
information on service-specific new features, see Section 1.1, “Links to What's New Sections,” on
page 15.
.
Section 1.3.1, “Auditing,” on page 18
Section 1.3.2, “Base Platform Is SLES 10 SP3,” on page 18
Section 1.3.3, “CIFS DFS Support,” on page 18
Section 1.3.4, “Create EVMS Proposal Option,” on page 18
Section 1.3.5, “Cross-Protocol File Lock ing Change,” on page 18
What’s New or Changed 17
Section 1.3.6, “Domain Services for Windows Installation,” on page 19
Section 1.3.7, “Java Console for DNS/DHCP,” on page 19
Section 1.3.8, “Performance Increases,” on page 19
Section 1.3.9, “Pure-FTPd,” on page 19
Section 1.3.10, “Upgrading Online,” on page 19
Section 1.3.11, “Windows 7 Client Support,” on page 19
1.3.1 Auditing
OES 2 SP2 includes support for third-party developers to create au diting products. For more
information, see Section 21.1.2, “NSS Auditing Engine,” on page 219.
1.3.2 Base Platform Is SLES 10 SP3
With the release of OES 2 SP2, the Linux platform on which OES services run is changed from
SUSE Linux Enterprise Server (SLES) 10 SP2 to SLES 10 SP3 and includes Tomcat 5.5.
1.3.3 CIFS DFS Support
This has been added in OES 2 SP2.
1.3.4 Create EVMS Proposal Option
The Partitioner in the YaST Install offers an option to “Create an EVMS Proposal.”
For unpartitioned devices over 20 GB in size, this option creates a bo ot partit ion and a contain er for
swap
the
device as unpartitioned free space. The default
larger, depending on the amount of RAM the server has.
IMPORTANT: This option applies only if you are installing an NSS volume on the same disk as
your Linux root (/) partition.
and / (root) volumes in up to the first 20 GB, and leaves the remainder of the space on the
/
partition size is 10 GB. The swap size is 1 GB or
1.3.5 Cross-Protocol File Locking Change
Starting with OES 2 SP2, cross-protocol file locking (CPL) is enabled by default as follows:
All new servers with NCP installed ha ve CPL turned on.
If an upgraded server was not configured for CPL prior to the upgrade, CPL will be turned on.
If an upgraded server was configured for CPL prior to the upgrade, the CPL setting
immediately preceding the upgrade is retained.
If a server is only accessed through NCP (AFP and CIFS are not installed), you can achieve an NCP
performance gain of about 10%. However, there is a critical caveat. If you later install AFP or CIFS
and you forget to re-enable CPL, data corruption can occur.
18 OES 2 SP3: Planning and Implementation Guide
There are also obvious implications for clustering because the CPL settings for clustered nodes must
match. For example, if an unmodified OES 2 SP1 node is clustered with an unmodified OES 2 SP2
node, their CPL settings will conflict and one of the nodes must be modified.
For more information about cross-protocol locking, see “Configuring Cross-Protocol File Locks for
NCP Server” in the OES 2 SP3: NCP Server for Linux Administration Guide.
1.3.6 Domain Services for Windows Installation
The DSfW installation has been rearchitected with a focus on usability and simplicity.
1.3.7 Java Console for DNS/DHCP
The Java Console for DNS/DHCP management is now available for Linux.
1.3.8 Performance Increases
AFP, NCP, and Samba all have improved performance in OES 2 SP2.
1.3.9 Pure-FTPd
Gateway parity with NetWare.
1.3.10 Upgrading Online
Support for upgrading through the SP Channel is included. For more information, see “Using the
Patch Channel to Upgrade (Online)” in the OES 2 SP3: Installation Guide.
1.3.11 Windows 7 Client Support
OES 2 SP2 service clients are supported on Windows 7.
1.4 New in OES 2 SP1
Section 1.4.1, “YaST Install Changes,” on page 19
Section 1.4.2, “Novell AFP,” on page 20
Section 1.4.3, “Novell CIFS,” on page 20
Section 1.4.4, “Novell Domain Services for Windows,” on page 21
Section 1.4.5, “Migration Tool,” on page 21
1.4.1 YaST Install Changes
The default behavior of the option to use eDirectory certificates for HTTPS services changed in
OES 2 SP1.
In OES 2, eDirectory certificates were only used by default if you were installing a new server.
What’s New or Changed 19
In OES 2 SP1, eDirectory certificates are used by default in all installation and upgrade scenarios,
except when you are upgrading to SP1 from OES 2. For an upgrade, the option that you selected for
the initial installation is r etained.
For a brief summary of what happens in ea ch scenario, see Table 22-2 on page 232.
1.4.2 Novell AFP
Novell AFP is now available on the Linux platform to provide feature parity with NetWare®.
Support for AFP v3.1 and AFP v3.2, providing network file services for Mac OS X and classic
Mac OS workstations
Support for Universal Password greater than 8 characters
Integration with Novell eDirectory
Integration with the Novell Storage Services (NSS) file system
Support for Unicode filenames
Integration with the Novell Trustee Model for file access
Support for regular eDirectory users (no LUM required)
Cross-protocol file locking with NCP
Novell AFP also offers the following features not available for NetWare:
DHX authentication mechanism: Provides a secure way to transport passwords of up to 64
characters to the server.
Management: Yo u can use iManager to administer and configure the AFP server on OES 2.
iManager support for AFP on NetWare is unchanged and includes only starting and stopping
the server.
Auditing: You can audit the AFP server to check on the authentication process and any
changes that occur to the configuration parameters of the server.
For more information, see the OES 2 SP3: Novell AFP For Linux Administration Guide.
1.4.3 Novell CIFS
Novell CIFS is now available on Linux to provide feature parity with the existing NetWare release.
It offers the following features:
Support for Windows 2000, XP, 2003, and Windows Vista 32-bit
Support for Universal Password greater than 8 characters
Support for NTLMv1 authentication mode
Integration with Novell eDirectory
Integration with the Novell Storage Services (NSS) file system
Support for Unicode filenames
Integration with the Novell Trustee Model for file access
Support for regular eDirectory users (no LUM required)
Cross-protocol file locking is planned for a future release
20 OES 2 SP3: Planning and Implementation Guide
For more information, see the OES 2 SP3: Novell CIFS for Linux Administration Guide.
1.4.4 Novell Domain Services for Windows
This service creates seamless cross-authentication capabilities between Microsoft Active Directory
on Windows servers and Novell eDirectory on OES 2 SP2 servers, and offers the following
functionality:
Administrators with Windows networking environments can set up one or more “virtual”
Active Directory domains in an eDirectory tree.
Administrators can manage users and groups through MMC or iManager.
eDirectory users can authenticate to the virtual domain from a Windows workstation without
the Novell Client™ for Windows being installed.
eDirectory users can also access file services on
Novell Storage Services (NSS) volumes on Linux servers by using Samba shares.
NTFS files on Windows servers that use CIFS shares.
Shares in trusted Active Directory forests.
For more information, see the OES 2 SP3: Domain Services for Windows Administration Guide.
1.4.5 Migration Tool
The new OES 2 SP2 Migration Tool uses a plug-in architecture and comprises multiple Linux
command line utilities and a GUI wrapper.
The Migration Tool supports:
A single, enhanced GUI interface for migrating all OES services
Service migrations from either a single source server or multiple source servers (consolidat ion)
to a target server.
Transfer ID (server ID swap) migrations—transferring the services and identity from one
server to another server.
For more information, see the OES 2 SP3: Migration Tool Administration Guide.
1.5 New in OES 2 (Initial Release)
Novell Open Enterprise Server 2 included the following major features and enhancements that were
not included in OES 1. All features are retained in SP1 unless otherwise noted in Section 1.4, “New
in OES 2 SP1,” on page 19.
Section 1.5.1, “Dynamic Storage Technology,” on page 22
Section 1.5.2, “OES 2 Migration Tools,” on page 22
Section 1.5.3, “Xen Virtualization Technology,” on page 22
What’s New or Changed 21
1.5.1 Dynamic Storage Technology
OES 2 introduces Novell Dynamic Storage Technology, a unique storage solution that lets you
combine a primary file tree and a shadow file tree so that they appear to NCP and Samba/CIFS users
as one file tree. The primary and shadow trees can be located on NSS volumes on the same server or
on different servers.
This lets you manage storage costs in new and efficient ways that were not previously possible.
For more information, see the related sections in Chapter 13, “Storage and File Systems,” on
page 121 and the OES 2 SP3: Dynamic Storage Technology Administration Guide.
1.5.2 OES 2 Migration Tools
In addition to the legacy Server Consolida tion and Migration Toolkit, OES 2 includes new migration
tools for migrating data and services from NetWare to OES 2.
For more information, see Chapter 8, “Migrating and Consolidating Existing Servers and Data,” on
page 73.
1.5.3 Xen Virtualization Technology
Both OES 2 and NetWare 6.5 SP8 can run in virtual machines on either an OES 2 or a SUSE® Linux
Enterprise Server 10 SP1 or later server. This is especially valuable to those organizations that are
deploying new hardware that doesn’t run NetWare as a physical installation.
For more information, see Chapter 9, “Virtualization in OES 2,” on page 75.
1.6 Where’ s NetWare?
Novell Open Enterprise Server SP3 does not include NetWare. Anyone who wants to deploy
NetWare in an OES 2 SP3 environment should download NetWare 6.5 SP8 from the Novell
download site (http://download.novell.com/Download?buildid=dpIR3H1ymhk~).
1.6.1 NetWare References in This Guide and Elsewhere
Because many organizations are transitioning their network services from NetWare to OES,
information to assist with upgrading from NetWare to OES 2 is included in this guide and in the
OES 2 SP3 documentation set—especially in the OES 2 SP3: Upgrading to OES—Best Practices
Guide.
1.6.2 NetWare Documentation
For NetWare documentation, including installation and configuration instructions, see the NetWare
6.5 SP8 Online Documentation Web site (http://www.novell.com/documentation/nw65).
22 OES 2 SP3: Planning and Implementation Guide
2
is
running
on
OES
• AFP
• Backup (SMS)
• Clustering (High Availability)
• DNS/DHCP
• Domain Services for Windows
• eDirectory
• CIFS
• FTP
• iFolder 3.x
• NetStorage
• Novell Client Access
• Management Tools
• iPrint
• QuickFinder
• Novell Storage Services (NSS)
SUSE Linux Enterprise ServerSUSE Linux Enterprise Server
Novell ServicesNovell Services
Welcome to Open Enterprise
Server 2
Novell Open Enterprise Server 2 (OES 2) includes all the network services that organizations
traditionally expect from Novell.
Figure 2-1 OES 2 Overview
2
NOTE: For a list of OES 2 services, see T able 3-1, “Service Comparison Between NetWare 6.5 SP8
and OES 2 SP3 Linux,” on page 25.
Welcome to Open Enterprise Server 2
23
24 OES 2 SP3: Planning and Implementation Guide
3
Planning Your OES 2
Implementation
As you plan which OES services to install, you probab ly have a number of qu estions. The fo llowing
sections are designed to help answer your questions and alert you to the steps you should follow for
a successful OES implementation.
Section 3.1, “What Services Are Included in OES 2?,” on page 25
Section 3.2, “Which Servic es Do I Need?,” on page 32
Section 3.3, “Exploring OES 2 services,” on page 32
Section 3.4, “Plan for eDirectory,” on page 32
Section 3.5, “Prepare Yo ur Existing eDirectory Tree for OES 2,” on page 33
Section 3.6, “Identify a Purpose for Each Server,” on page 33
Section 3.7, “Understand Server Requirements,” on page 33
Section 3.8, “Understand User Restrictions and Linux User Management,” on page 34
Section 3.9, “Caveats to Consider Before You Install,” on page 34
Section 3.10, “Consider Coexistence and Migration Issues,” on page 46
Section 3.11, “Understand Your Installation Options,” on page 46
3
3.1 What Services Are Included in OES 2?
Table 3-1 summarizes OES services and the differences in the way these services are provided.
Although extensive, this list is not exhaustive. If you are interested in a service or technology not
listed, or for documentation for listed services, see the OES Documentation Web site (http://
www.novell.com/documentation/oes2).
Table 3-1 Service Comparison Between NetWare 6.5 SP8 and OES 2 SP3 Linux
Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues
Access Control Lists Yes Yes In combination with NCP Server, Linux
supports the Novell trustee model for file
access on NSS volumes and NCP volumes
on Linux.
AFP (Apple* File
Protocol)
Yes - NFAP Yes - Novell
AFP
AFP services on NetWare and OES are
proprietary and tightly integrated with
eDirectory and Novell Storage Services
(NSS).
Planning Your OES 2 Implementation
25
Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues
Apache Web Server Yes - NetWare
port of open
source product
Archive and Version
Services (Novell)
Backup (SMS)
Yes Yes Setup varies slightly, but there are no
Yes Yes SMS provides backup applications with a
SMS
NSS-Xattr
CIFS (Windows File
Services)
Yes - NFAP Yes - Novell
Yes - Standard
Linux
CIFS
and
Novell Samba
Administration Instance vs. Public Instance
on NetWare (http://www .novell.com/
documentation/nw65/web_apache_nw/
data/aipcu6x.html#aipcu6x).
What’s Different about Apache on NetWare
(http://www.novell.com/documentation/
nw65/web_apache_nw/data/ail8hvj.html).
functional differences.
framework to develop complete backup and
restore solutions. For information, see the
OES 2 SP3: Storage Management Services
Administration Guide.
NSS provides extended attribute handling
options for NSS on Linux. For information,
see “Using Extended Attributes (xAttr)
Commands” in the OES 2 SP3: NSS File
System Administration Guide for Linux.
Both NFAP and Novell CIFS are Novell
proprietary and tightly integrated with
eDirectory and Novell Storage Services
(NSS).
Samba is an open source product
distributed with SUSE Linux Enterprise
Server (SLES).
Novell Samba is enhanced by Novell with
configuration settings for eDirectory LDAP
authentication via Linux User Management
(LUM). Novell Samba is not tightly
integrated with NSS on Linux and works
with any of the supported file systems.
Clustering Yes Yes “Product Features” in the OES 2 SP3:
Novell Cluster Services 1.8.8 Administration
Guide for Linux.
“Product Features” in the NW6.5 SP8:
Novell Cluster Services 1.8.5 Administration
Guide.
DFS (Novell Distributed
File Services)
Yes Yes In combination with NCP Server, DFS
supports junctions and junction targets for
NSS volumes on Linux and NetWare. DFS
also supports junction targets for NCP
volumes on non-NSS file systems, such as
Reiser, Ext3, and XFS. The VLDB
command offers additional options to
manage entries in the VLDB for NCP
volumes.
26 OES 2 SP3: Planning and Implementation Guide
Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues
DHCP Y es Yes For a comparison between what is available
on OES 2 and NetWare, see Section 12.2.2,
“DHCP Differences Between NetWare and
OES 2,” on page 99.
To plan your DHCP implementations, see
“Planning a DHCP Strategy” in the OES 2
SP3: Novell DNS/DHCP Administration
Guide and “Planning a DHCP Strategy” in
the NW 6.5 SP8: Novell DNS/DHCP
Services Administration Guide.
DNS Y es Yes For a comparison between what is available
on OES 2 and NetWare, see Section 12.2.1,
“DNS Differences Between NetWare and
OES 2,” on page 98.
See “Planning a DNS Strategy” in the OES
2 SP3: Novell DNS/DHCP Administration
Guide and “Planning a DNS Strategy” in the
NW 6.5 SP8: Novell DNS/DHCP Services
Administration Guide.
Dynamic Storage
Technology
No Yes DST runs on OES 2. An NSS volume on
NetWare is supported only as the
secondary volume in a shadow pair. When
using DST in a cluster, each of the NSS
volumes in a shadow pair must reside on
OES 2.
eDirectory 8.8 Yes Yes No functional differences.
eDirectory Certificate
Yes Yes No functional differences.
Server
eGuide (White Pages) Yes No This functionality is now part of the Identity
Manager 3.6 User Application. For more
information, see the Identity Manager 3.6
Documentation Web Site. (http://
www.novell.com/documentation/idm36/
index.html).
FTP Server Yes Yes FTP file services on OES 2 servers are
provided by Pure-FTPd, a free (BSD),
secure, production-quality and standard-
conformant FTP server. The OES
implementation includes support for
eDirectory LDAP authentication and the
same FTP/SFTP gateway functionality as
on NetWare.
See Section 17.1.2, “FTP Services,” on
page 178.
Planning Your OES 2 Implementation 27
Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues
Health Monitoring
Services
Yes Yes The Health Monitoring Server, which was
included in OES 1, has been removed in
OES 2.
This is now available in various Novell
Remote Manager dialog boxes on both
platforms.
For more information, see “Health
Monitoring Services” on page 84.
Identity Manager 3.6.1
No Yes IDM 3.6.1 is not available on NetWare.
Bundle Edition
iPrint Yes Yes See “Overview” in the OES 2 SP3: iPrint for
Linux Administration Guide, and “Overview”
in the NW 6.5 SP8: iPrint Administration
Guide.
IPX (Internetwork
Yes No Novell has no plans to port IPX to OES.
Packet Exchange) from
Novell
iSCSI Yes Yes The iSCSI target for Linux does not support
eDirectory access controls like the NetWare
target does. Nor is the iSCSI initiator or
target in OES 2 integrated with NetWare
Remote Manager management. You use
YaST management tools instead.
LDAP Server for
Yes Yes No functional differences.
eDirectory
Multipath Device
Yes Yes NetWare uses NSS multipath I/O. Linux
Management
MySQL Yes - NetWare
port of open
source product
Yes - Standard
Linux
On the other hand, the iSCSI
implementation for Linux is newer and
performs better.
See Linux-iSCSI Project on the Web (http://
linux-iscsi.sourceforge.net).
See “Overview” in the NW 6.5 SP8: iSCSI
1.1.3 Administration Guide.
uses Device Mapper - Multipath that runs
underneath other device management
services.
See MySQL.com on the Web (http://
www.mysql.com).
See “Overview: MySQL” in the NW 6.5 SP8:
Novell MySQL Administration Guide.
28 OES 2 SP3: Planning and Implementation Guide
Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues
NCP Volumes No Yes NCP Server on Linux supports creating
NCP volumes on Linux POSIX file systems
such as Reiser, Ext3, and XFS.
For information, see “Managing NCP
Volumes” in the OES 2 SP3: NCP Server for
Linux Administration Guide.
NCP Server Yes Yes NCP services are native to NetWare 6.5
and NSS volumes; to have NCP services on
OES, the NCP Server must be installed.
See “Benefits of NCP Server” in the OES 2
SP3: NCP Server for Linux Administration
Guide.
NetStorage Yes Yes NetStorage on Linux offers connectivity to
storage locations through the CIFS, NCP,
and SSH protocols. NetWare uses only
NCP.
These and other differences are
summarized in “NetStorage” on page 179.
NetWare Traditional
File System
NetWare Traditional
Yes No Novell has no plans to port the NetWare
Traditional File System to Linux.
Yes N/A
Volumes
NFS Yes - NFAP Yes - native to
Linux
For NetWare, see “Working with UNIX
Machines” in the NW 6.5 SP8: AFP, CIFS,
and NFS (NFAP) Administration Guide.
NICI (Novell
Yes Yes No functional differences.
International
Cryptography
Infrastructure)
NMAS (Novell Modular
Yes Yes No functional differences.
Authentication
Services)
Novell Audit Yes No Novell Audit is not included with OES.
However, the Novell Audit 2.0 Starter pack
is available for download at no cost on
Novell.com (http://www.novell.com/
downloads).
Novell Client for
Windows and Linux
Y es Yes Novell Client connectivity to OES 2 requires
that the NCP Server be installed.
support
Novell Cluster Services Yes Yes See “Product Features” in the OES 2 SP3:
Novell Cluster Services 1.8.8 Administration
Guide for Linux.
See “Product Features” in the NW6.5 SP8:
Novell Cluster Services 1.8.5 Administration
Guide.
Planning Your OES 2 Implementation 29
Service NetWare 6.5 SP8 OES 2 Platform Differences / Migration Issues
Novell iFolder 2.x Yes No For migration information, see “Migrating
iFolder 2.x” in the OES 2 SP3: Migration
Tool Administration Guide
Novell iFolder 3.8 No Yes OES 2 SP3 includes Linux, Macintosh, and
Windows clients.
Novell Licensing
Services
NSS (Novell Storage
Services)
Yes No See Section 4.5.3, “OES 2 Doesn’t Support
NLS,” on page 56.
Yes Yes Most NSS services are available on both
platforms. For a list of NSS features that are
not used on Linux, see “Cross-Platform
Issues for NSS” in the OES 2 SP3: NSS File
System Administration Guide for Linux.
NTPv3 Yes Yes The
ntpd.conf
file on NetWare can
replace an OES server’s NTP configuration
file without modification.
OpenSSH Yes Yes Netware includes a port of the open source
product. Linux includes the open source
product itself.
See “Functions Unique to the NetWare
Platform” in the NW 6.5 SP8: OpenSSH
Administration Guide.
PAM (Pluggable
Authentication
Modules)
No Yes PAM is a Linux service that Novell
leverages to provide eDirectory
authentication. eDirectory authentication is
native on NetWare.
Pervasive.SQL Yes No Pervasive.SQL is available for Linux from
the Web (http://www.pervasive.com/
support/technical/online_manuals.asp).
PKI (Public Key
Yes Yes No functional differences.
Infrastructure)
Printing Yes Yes See iPrint.
QuickFinder Yes Yes See Search.
RADIUS Yes Yes See the information on forge.novell.com
Samba No Yes Samba is an open source technology
30 OES 2 SP3: Planning and Implementation Guide
(http://forge.novell.com/modules/xfmod/
project/?edirfreeradius).
available on OES. Novell provides
automatic configuration for authentication
through eDirectory. For more information,
see the OES2 SP3: Samba Administration
Guide.
Loading...