Article

There are many migration tips and helpful HowTo's available, but lack most of the steps necessary to perform a complete migration. Here I have included everything I did to migrate a remote location from NetWare to OES Linux.

Please make modifications to the data, where noted, to reflect your own organization's structure.

The services to be migrated include:

• Data – User and other shared
• Printers
• DNS/DHCP
• ZENWorks – Applications and policies
• Backup – RSYNC
• After the migration is completed and tested, decommission of existing NetWare servers

The steps to perform the migration are listed here:

1. OES Linux Installation and Configuration
2. Securing the New OES Linux Server
3. LDAP Authentication for Local User Access
4. Printer and Data Migration
5. DNS/DHCP Migration
6. ZENWorks Desktop Management v7 - Optional
7. RSYNC Modification - Optional
8. NetWare Server Decommission
9. Workstations
10. Conclusion

1. OES Linux Installation and Configuration

This portion does NOT walk all the way through an OES Installation. It is intended to specify critical changes that must be made to the default installation of OES Linux to ensure the migration is transparent to the user.

Partitioning

1. When the installation reaches the Installations Settings screen, delete the recommended partitions and the partition table on the system disk so that the device can be marked to use EVMS as the volume manager instead of LVM.
1. In the list of Installation Settings, select Partitioning.
2. In the Partitioning menu, select Create Custom Partition Setup, then click Next.
3. Select Custom Partition - for Experts, then click Next to open the Expert Partitioner options.
4. Select Expert > Delete Partition Table and Disk Label, then click Yes twice to continue through the Warning advisories.
   This deletes the recommended partitions and the partition table on the system disk.
2. Create a primary partition on the system disk to use as the boot partition.
1. Click Create.
2. From the list of devices, select the device you want to use for the boot partition, ex: /dev/sda, then click OK.
3. Select Primary Partition, then click OK.
4. Select Format, then select the native Linux file system you want to use, such as Ext3.
5. In Size (End Value) field, specify 300 MB.
6. Set the mount point to /boot.
7. Click OK.
   The partition appears as a logical device in the devices list, ex: /dev/sda1.
3. Create a second primary partition on the system disk to use for your swap and system volumes as follows:
1. Click Create.
2. From the list of devices, select the device you want to use for the second primary partition, ex: /dev/sda, then click OK.
3. Select Primary Partition, then click OK.
4. Select Do Not Format, then select Linux LVM (0x8E) from the list of file system IDs.
5. In Size (End Value field), set the cylinder End value to the size of your disk minus what you want to use for swap., ex: 12GB
4. Leave unpartitioned space available.
5. Click OK.
   The partition appears as a logical device in the devices list, ex: /dev/sda2.
6. Modify the volume management type from LVM to EVMS for the second primary partition you created in Step 3 as follows:
1. At the bottom of the page, click EVMS.
2. Available partitions for EVMS appear as devices under /dev/evms, such as /dev/evms/sda2.
3. In the EVMS Configurator, select the LVM partition created in Step 3, then click Create Container.
4. In the Create EVMS Container dialog box, select the partition, specify the container name (such as system), then click Add Volume to create the lvm/system container, where system is the container name.
5. Click OK.
   The EVMS Configurator displays the lvm/system container you just created, its size, and free space.
7. Create the swap volume in the lvm/system container as follows:
1. Select lvm/system, then click Add.
2. In the Create Logical Volume dialog box, select Format, then select Swap from the File System drop-down menu.
3. Specify swap as the volume name.
4. Specify the size of the swap volume as 2 GB.
5. Specify the mount point as swap.
6. Click OK.
8. Create the system volume in the lvm/system container as follows:
1. Select lvm/system, then click Add.
2. In the Create Logical Volume dialog box, select Format, then select the file system to use from the File System drop-down menu, such as Ext3.
3. In the Volume Name field, specify a volume name, such as sysx.
4. Specify the Size of the system volume as the remaining space available in the lvm/system partition by clicking Max.
5. Specify the mount point as / (root volume).
6. Click OK.
9. Click Next to return to the list of devices.

Below is an example of the physical and logical devices you should see.

Device	Size	F	Type	Mount	Start	End	Used By
/dev/sda	149 GB		ST34001A		0	19456
/dev/sda1	300 MB	F	Linux native	/boot	0	38
/dev/sda2	20.0 GB		Linux LVM		39	2649	EVMSlvm/system
/dev/evms/lvm/system/sysx	14.9 GB	F	EVMS	/	-	-
/dev/evms/lvm /system/swap	2.0 GB	F	EVMS	swap	-	-

10. Click Next to return to the Installation Settings page.
    You can dismiss the message warning that you should not mix EVMS and non-EVMS partitions on the same device.
11. From the Installations Settings screen, click Software > Details, then select the following software options - These are the basic options I chose for my use. You can modify this depending on your needs.
    

    Basic Runtime System
    YaST
    Graphical Base System
    Linux Tools
    Authentication Server (NIS, LDAP, Kerberos)
    Basic Sound Libraries and Tools
    Gnome System
    Novell eDirectory
    Novell iManager
    Novell Linux User Management
    Novell iPrint
    Novell NetStorage
    Novell NSS
    Novell NCP Server
    Novell Backup Services (SMS)
    Novell Health Monitoring

    Select Search and in the search field, type Locate and then search. On the right side, "findutils-locate" will appear. Also add DHCP Server and RSYNC, if desired. Click Accept.

12. Scroll down the list and select the TimeZone for this server's location and then click Runlevel. Select Runlevel 3 - No GUI on console.
13. Continue with the OES installation.

IMPORTANT: After the install is complete, make sure to perform the mandatory post-install configuration of the related system settings to ensure that the system device functions properly under EVMS. Otherwise, the system fails to boot properly.

After the Install

After the OES installation is complete, you must perform the following tasks to ensure that the system device functions properly under EVMS:

Edit the /etc/fstab File

When you boot the system, the kernel reads the /etc/fstab file to identify which file systems should be mounted and then mounts them. This file contains a table of file system information about the root (/), /boot, and swap partitions plus other partitions and file systems you want to mount.

The /boot partition is separate from the EVMS container where you placed the root (/) and swap partitions and is not managed by EVMS at this time. However, in the following steps, you disable boot.lvm and boot.md, then enable boot.evms. In effect, this forces EVMS to scan all the partitions at boot time, including the /boot partition, and it activates /boot under the /dev/evms directory. Therefore, this makes /boot a partition that is discovered by EVMS at startup, and requires that the device be listed under /dev/evms in the fstab file so it can be found when booting with boot.evms.

After the install, you must edit the /etc/fstab file to modify the location of the /boot partition so it is under the /dev/evms directory. For example, change /dev/sda1 to /dev/evms/hda1. Replace sda1 with the device name you used for your /boot partition.

IMPORTANT: When working in the /etc/fstab file, do not leave any stray characters or spaces in the file. This is a configuration file, and it is highly sensitive to such mistakes.

1. Open the /etc/fstab file in a text editor.
2. Locate the line that contains the /boot partition. Look for a line similar to this: /dev/sda1 /boot ext3 defaults 1 1
3. In the Device Name column, modify the location of the /boot partition from /dev to /dev/evms so it can be managed by EVMS. Modify only the device name by adding /evms to the path: /dev/evms/sda1 /boot ext3 defaults 1 1
4. Save the file.
   Do not reboot the server yet!

Disable boot.lvm and boot.md

Disable boot.lvm and boot.md so they do not run at boot time. EVMS now handles the boot.

1. In YaST, click System > Runlevel Editor > Expert Mode.
2. Select boot.lvm.
3. Click Set/Reset > Disable the Service.
4. Select boot.md.
5. Click Set/Reset > Disable the Service.
6. Click Finish, then click Yes.
   Do not reboot the server yet!

Enable the boot.evms Service

The boot.evms service should be enabled automatically after the install, but you should verify that it is enabled.

1. In YaST, click System > Runlevel Editor > Expert Mode.
2. Select boot.evms.
3. Click Set/Reset > Enable the Service.
   The B runlevel option is automatically selected.
4. Click Finish, then click Yes.
   Do not reboot the server yet!.

Edit the /etc/init.d/boot.evms Script

1. Open the /etc/init.d/boot.evms script in a text editor.
2. Add the following lines to the Stop section:
   

   mount -n -o remount,rw /
   echo -en "\nDeleting devices nodes"
   rm -rf /dev/evms
   mount -n -o remount,ro /

   The Stop section looks like this after the edit:

   stop)
           echo -n "Stopping EVMS"
           mount -n -o remount,rw /
           echo -en "\nDeleting devices nodes"
           rm -rf /dev/evms
           mount -n -o remount,ro /
           rc_status -v
           ;;	

3. Save the file.

Finally! Reboot the Server

1. Now reboot the server to activate post-install configuration settings.

Verify the System Services

After the post-install configuration is complete and you have rebooted the server, make sure the server is operating as expected.

Create NSS Volume

From the command prompt, type nssmu to start the NSS Management Utility.

Select Pools, press Insert and create a new Pool. Call it VOL or whatever your standard dictates. Designate all the free space to it.

Select Apply and the Escape back to the main menu.

Select Volumes, press Insert and create a new volume. Name it VOL1 (for example) and place it in the pool you created earlier. Designate all the space to this volume and select apply.

Select the volume and press F4 to update eDirectory, otherwise you won't see the new volume in the tree. Press Esc to exit the utility.

2. Securing the New OES Linux Server

These recommendations are optional and should be used as, at least, a guide to securing your server. Refer to your organization's security policies regarding hardening your servers.

GRUB Boot Loader

Password protect the boot loader to prevent editing of the boot environment or passing kernel level commands to the system at boot time. Use the md5crypt command within GRUB to encrypt a password. Then use this hash to edit the menu.lst file and insert the password line as shown below.

Be sure NOT to use the same password as root or any other user password on the system. If you "fat finger" the password without testing it first you will not be able to make changes to the boot process upon boot up!

# grub

  GRUB version 0.97 (640K lower / 3072K upper memory)

[ Minimal BASH-like line editing is supported. For the first word,
 TAB lists possible command completions. Anywhere else TAB lists 
 the possible completions of a device/filename. ]

grub> md5crypt

Password: *******
Encrypted: $1$vUYoM$OAxm9NVNUBsCeP1dl50

grub>quit


vi /boot/grub/menu.lst

color white/blue black/light-gray
default 0
timeout 8

password --md5 $1$vUYoM$OAxm9NVNUBsCeP1dl50
title linux
  kernel (hd0,0)/boot/vmlinuz root=/dev/sda1 vga=795

BIOS

Password protect changes to the BIOS to prevent changing the boot order of the device. In production booting from CD or floppy should be disabled.

Tuning Network Kernel Parameters

There are a few parameters that can be applied to the kernel through the proc file system to improve protection of the server.

Modify /etc/sysconfig/sysctl to add these options along with the default configuration options.

net.ipv4.ip_forward = 0 -- Disables IP forwarding.
net.ipv4.conf.all.accept_source_route = 0 -- Disables source routing.
net.ipv4.tcp_syncookies = 1 -- TCP syn flood protection parameter.
net.ipv4.tcp_max_syn_backlog = 4096 Additional TCP syn flood protection.
net.ipv4.conf.all.rp_filter = 1 Enables anti-spoofing protection.
net.ipv4.conf.all.send_redirects = 0 Disables the sending of ICMP redirects.
net.ipv4.conf.all.accept_redirects = 0 Disables receipt of ICMP redirects.
net.ipv4.conf.default.accept_redirects = 0 Disables ICMP redirects for newly activated.

Warning Banners

Include this warning message for all direct methods of connection to the server.

/etc/motd Add this banner to this file

/etc/issue Add this banner to this file also. Below is an example that you can use. Change My Company to your Organization - It's lengthy, but you know the legal guys..

My Company owns this computer system and restricts access and use to authorized persons only. Use of and/or access to this system and/or any information obtained via this system is subject to My Company policies and procedures governing such use and access. Unauthorized or improper use of or access to this system, or any portion of it, either directly or indirectly, or any attempt to deny service to authorized users or to alter, damage, or destroy information, or otherwise to interfere with the system or its operation, is strictly prohibited. Any party using or accessing, or attempting to use or access, this system without express authority from My Company may be subject to severe disciplinary action and/or civil and criminal penalties in accordance with applicable state and federal law (including, but not limited to, the Computer Fraud and Abuse Act of 1986 and the Electronic Communications Privacy Act). My Company representatives may monitor and record use and access for quality assurance, security, privacy compliance, regulatory compliance i.e. HIPAA, Sarbanes Oxley, and performance, except as prohibited by law. Any person who uses or accesses this system expressly consents to such monitoring and recording. My Company or its representatives may furnish information obtained by its monitoring and recording activity to law enforcement officials if such monitoring and recording reveals possible evidence of unlawful activity.

Copy the /etc/issue file to /etc/issue.net

For SSH connections edit the /etc/ssh/sshd_config file. Below is the what needs to be changed to point the banner at the /etc/issue.net file.

# vi /etc/ssh/sshd_config

??.
# no default banner path
Banner /etc/issue.net
#VerifyReverseMapping no

# override default of no subsystems

SSH configuration

In addition to setting a banner as above, it should be restricted to version 2 of the protocol only. SSH version 1 has some inherent weaknesses and so should be avoided. Edit this file and make the changes listed in Bold. Most settings are fairly self explanatory. No hosts should be automatically trusted through the rhosts types of authentication or even with a machine based certificate as with the RSA variants. Root should not be allowed direct access. For administration, you should connect to the machine as a regular user and then SU to root for additional needed rights.

#Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::
SyslogFacility AUTH
#
#LoginGraceTime 600
PermitRootLogin no
#StrictModes yes
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in 
        /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
PermitEmptyPasswords no

Further Securing Remote Login

In addition to the restrictions made on SSH, we should also further disable remote interactive login for root in case, mistakenly or maliciously, telnet or some other method of tty access was enabled again. Modify the /etc/securetty file. All lines except the TTY1 should be commented out. This is needed for console access. SSH is running its own daemon and is not affected by these settings.

# This file contains the device names of tty lines (one per line,
# without leading /dev/) on which root is allowed to login.
#
tty1
#tty2
#tty3
#tty4
#tty5
#tty6
# for devfs:
#vc/1
#vc/2
#vc/3
#vc/4
#vc/5
#vc/6

Now this file should be protected by executing the following:

chown root:root /etc/securetty 

chmod 400 /etc/securetty 

this makes it so that only root can read the file and nobody can write to it, even root, until root chmod's the file with more permissions again.

Modification to /etc/inittab

/etc/inittab has several settings in it that should be hardened. Disable Ctrl-Alt-Delete from shutting down the server, edit the default run level, protect the server even in Single User mode, and disable extra console login daemons (Ctrl-Alt-Fx) to further protect console access. See the settings made in Bold.

# The default runlevel is defined here
id:3:initdefault:

# First script to be executed, if not booting in emergency (-b) mode
si::bootwait:/etc/init.d/boot
# what to do in single-user mode
ls:S:wait:/etc/init.d/rc S
~~:S:wait:/sbin/sulogin

# what to do when CTRL-ALT-DEL is pressed. Comment to disable.
#ca::ctrlaltdel:/sbin/shutdown -r -t 4 now

The "3" in the id:3:initdefault line designates that the default run level is level 3 which does not load the GUI. The GUI can be loaded as necessary with the "startx" command but should not remain loaded or load by default on the server.

The line beginning with "~~:S" is the command for what to do in single user mode. (i.e. typing "single" as a boot parameter in grub -- which now requires password access anyway). Change the "respawn" command to "wait." This will prompt for the root password before continuing.

The "ca::ctrlaltdel:/sbin/shutdown --r --t4 now" line is the command to execute when Ctrl-Alt-Delete is pressed. This should be commented out as shown to disable this functionality and prevent someone with physical access from shutting down the machine without a valid login.

Xwindows - GUI protections

Although X-windows is not loading by default on the server, this could be changed easily by an administrator and it is available to load manually by changing run levels or typing "startx" at the console prompt. Therefore, implement the following extra safeguards:

Disable XDMCP

Remote machines should not be able to get an X terminal login window. Edit the following lines in /etc/X11/xdm/Xaccess to prepend them with a "!" as shown.

!*   #NO host can get a login window
!*   CHOOSER BROADCAST  #NO indirect host can get a chooser

Disable listening on port 6000

This prevents the X system from listening for X events from remote machines. Local X access at the console is not affected. Edit the config file /etc/X11/xdm/Xservers as shown below adding the "-nolisten tcp" switch to this line.

:0 local /usr/X11R6/bin/X :0 vt07 -nolisten tcp

Restrict cron and at

Cron and at daemons run processes on the system as root so access to them as well as the crontab command and files so that malicious code can't be "scheduled." The binaries are also world executeable and SUID to root so they can be dangerous. Restrict access to them with the following steps.

1. Create cron.allow and at.allow files
   These files will restrict access to cron to only the users listed in the files. All others will be denied. The only user in the list should be root. These files don't exist by default so you can create them with the echo command as follows. Delete any deny files. (/var/spool/cron/deny)

   # echo root > /etc/cron.allow
   # echo root > /etc/at.allow

2. Modify permissions on cron/at related files
   Since all cron and at files are read and written to by processes that are SUID root, normal users on the system will not ever need to have direct access to the files so they should be secured to prevent tampering.

   # chown -R root:root /etc/cron* /var/spool/cron
   # chmod -R go-rwx /etc/cron* /var/spool/cron

3. LDAP Authentication Through eDirectory

Managing and maintaining passwd files can be a real beating. To make life easier, especially if you have a number of OES Linux servers about, configure local authentication to use LDAP and eDirectory, then simply add designated users/admins, to the LUM group and they'll have local access. Also, root and other predefined local accounts are not affected. Follow the steps below.

1. Type yast at the command line
   Select the "Network/Advanced" section and then > LDAP client.
   Select "Use LDAP".

   Add the LDAP server in the server field and the search base of where users are located. For example:

   Base DN: o=[org]
   
    Addresses of LDAP Servers: my-edir-serv.mydomain.com
    
    Select LDAP TLS/SSL. 
   
    Select "Advanced Configuration"
   
    User Map: o=[org]
   
    Password Map: o=[org]
   
    Group Map: dc=[org]
   
    Password Change Protocol: nds
   
   	Group member Attribute: member
   
   Select "Administration Settings" from the top of the box.
   
   	Configuration Base DN: o=[org]
   	Administration DN: o=[org]
   
   Select "Accept"

   Save your changes with by clicking Finish.

2. Edit the file /etc/nsswitch.conf and modify the following lines:
   

   	passwd:		compat nam
   	group:		compat nam
   
   	passwd_compat: 	ldap	files
   	group_compat:	ldap	files

4. Printer and Data Migration

Server Consolidation and Migration Utility

Use the SCMT for migrating both data and printers to the new OES Linux server. Data migration is fairly straightforward you simply drag the directories you want to migrate from the NetWare volumes to the OES Linux volumes. Printers are a bit more tricky, due to some eDirectory rules and are explained below.

Preparing for Printer Migration

Since this will be a NDPS to iPrint migration as well as moving the printer agents to a Linux platform, a little preparation will be needed prior to running the SCU.

On OES Linux, create Drivers Store with iManager ( Linux ), create a temporary container "OU=temp" under OU=[BranchOU].O=[org]. This where you want to place your new Printer Manager when you migrate iPrint services to the same container, but there can be only one eDirectory object representing a "Printer Agent."

In this temporary container you have to place new Printer Manager and use the IP of your new OES Linux server.

After a successful migration of all PA's to the OES Linux Printer Manager, delete all source PA's on NetWare NDPSM.

Unload both NDPS Manager and Broker from the source server.

Stop iPrint Printer Manager on the OES Linux server

rcnovell-ipsmd stop

Move the iPrint Printer Manager object and all PA's objects with ConsoleOne to OU=[BranchOU].O=[org].

Modify the Print Manager

Edit the eDirectory object representing iPrint Printer Manager which we moved from the temp container in the previous step.

Change the attribute:

iPrintManagerDBPath ( /var/opt/novell/iprint/iPrintManager.TEMP.[BRANCH_OU].[org].psm to /var/opt/novell/iprint/iPrintManager.[BRANCH_OU].[org].psm )
iPrintManagerIPURI (https://ip_address/ipps/iPrintManager.TEMP.[BRANCH_OU].[org] to https://ip_address/ipps/iPrintManager.[BRANCH_OU].[org] )

Then rename folder

/var/opt/novell/iprint/iPrintManager.TEMP.[BRANCH_OU].[org].psm to /var/opt/novell/iprint/iPrintManager.[BRANCH_OU].[org].psm.

Rename

/etc/opt/novell/iprint/conf/iPrintManager.TEMP.[BRANCH_OU].[org].ipsmd.conf to iPrintManager.[BRANCH_OU].[org].ipsmd.conf , in same folder should be symlink for this file ipsmd.conf.

Then modify the above file /etc/opt/novell/iprint/conf/

iPrintManager.[BRANCH_OU].[org].ipsmd.conf

Example of new ipsmd.conf

DSServer1 server_name.mydomain.com
PSMObjectDN CN=iPrintManager,OU=[BRANCH_OU].O=[org]
PSMObjectPasswd xxxxxxxxxxxxxxxxxxxxx
PSMHostAddress server_ip_address
Start iPrint Printer Manager: 
rcnovell-ipsmd start

5. DNS/DHCP Migration

DNS

NOTE: Do not run the DNS service in YaST before the process explained here is complete, it will overwrite any changes.

Follow these steps to "import" the Zone information from eDirectory to Linux

1. Copy the file named "/NetWare_Server/sys/ETC/DNS/named.con" to your workstation.
2. Remove all lines starting with novell and remove the ".db" extension on file references.
3. SSH to the OES Linux server and switch to su.
4. edit /etc/named.conf
5. Go down to below the last "};"
6. Copy the formatted zone information retrieved from the NetWare server and paste it into the file.
7. Save and exit.
8. Copy the file /etc/named.conf to /var/lib/named/etc/named.conf

Migrating the zone data

1. Each DNS server has a copy of the zone files in SYS:\ETC\DNS. The zone files have the file extension ".db". Be aware of whether your NetWare server is setup as a 'master' / 'primary' or 'slave' / 'secondary'.
2. Copy the zone files for the master zones you wish to migrate from your source NetWare server to /var/lib/named/master on your destination server.
3. Copy the zone files for the slave zones from your source NetWare server to /var/lib/named/slave on your destination server.
4. Remove the .db extension from each file. Assuming the zone is example.com.

Adding Named to the boot process

To start at boot time the following commands will ensure that this happens for the correct run levels.

On the OES Linux server;

chkconfig -l named

this will return a response similar to

named 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Ensure that 3 and 5 are "on".

If not, add it

chkconfig -a named

this will automatically add the service to the correct runlevels. You can verify this step by using "chkconfig -l named" again.

DHCP

Create a file called /etc/dhcpd.conf and add the following lines, changing them according to your needs:

Omit the # Comment lines, they are for explanation.

# Domain name
option domain-name "mydomain.com"; 

# Name Servers - DNS
option domain-name-servers [oes server ip], 192.168.1.10, 192.168.1.11;

# WINS Servers
option netbios-name-servers 192.168.1.13, 192.168.1.14;

# NetBIOS Node type 
option netbios-node-type 8;

# Default Gateway
option routers [default_gateway_ip];

# Lease time in seconds
default-lease-time 864000;

# DHCP Address Range
range [branch_ip_range.50] [branch_ip_range.254];

Save the file.

Type rcdhcpd restart to start DHCP Server.

Use the commands in "Adding Named to the boot process" above and substitute dhcpd for named.

6. ZENWorks Desktop Management v7 - Optional

Insert the ZDM 7 CD in the new server and browse to the mount point from the command line.
(/media/cdrom)
Copy the file, silent.properties to /root/.

Edit the file and modify the following lines:

INSTALL_REMOTE_MANAGEMENT=true
INSTALL_APPLICATION_MANAGEMENT=true
INSTALL_APPLICATION_MANAGEMENT_DATABASE=true
INSTALL_WORKSTATION_IMPORT_SERVER=true
INSTALL_ZDM_AGENT=true

Remove Comment from:

TREE_NAME=MY_COMPANY_TREE

SHOULD_EXTEND_SCHEMA=true
USER_SUPPLIED_SERIAL_NUMBER=[Enter your Activation Code Here]
ConfigureAction.ZDM_FORCE_CONFIGURE=true

Save the file and change directories to /media/cdrom

Type the following to install ZDM7 on your server:

./setup -f /root/silent.properties

When complete, dismount the CD.

In ConsoleOne, edit each NAL object to reflect the new path to the files on OES Linux Volume.

7. RSYNC - Optional

Migrating RSYNC is fairly uneventful accept for granting the proper POSIX acls to the NSS file mounts instead of default eDirectory acls.

Here is what needs to be changed and/or added and where.

On your main RSYNC Server, in the SYS:SYSTEM directory, there are several NCF files beginning with RS_. These files have numbers following the prefix that corresponds to a time that the file is executed. Find which file has the branch server reference in it and change that file to reflect the following:

Current:

rsync -vprtuz -stats -delete -volume=VOL1: 
NETWARE_SERVER_NAME::NETWARE_SERVER_NAMEUsers/BACKUP/Branch_name/Users -timeout=360 -bwlimit=256

New:

rsync -vprtuz -stats -delete -volume=VOL1: 
OES_SERVER_NAME::OES_SERVER_NAMEUsers /BACKUP/Branch_name/Users-timeout=360 -bwlimit=256

Change the NETWARE_SERVER_NAME to OES_SERVER_NAME in the file for that branch you are migrating.

On the new OES Linux server, edit the file /etc/rsyncd.conf

Make the following changes:

uid = admin
gid = root
transfer logging = true
log format = %h %o %f %l %b
log file = /var/log/rsyncd.log
slp refresh = 300

[OES-ServernameUsers]
	path = /media/nss/VOL1/users
	comment = (Branch name) Users
	read only = no
	chroot = no
	timeout = 60

[OES-ServernameShare]
	path = /media/nss/VOL1/share
	comment = (Branch name) Share
	read only = no
	chroot = no
	timeout = 60

Save this file and exit.

8. NetWare Server Decommission

In ConsoleOne, remove the R/W replica from the NetWare Server.

Right-Click the Container Object for the branch and select Properties.

Click the Login Script Tab and change any reference to the NetWare server to reflect the OES Server - i.e., MAP ROOT U:=NNETWARE_SERVER/VOL1:USERS/%1 to MAP ROOT U:=OES_SERVER_NAME/VOL1:USERS/%1

From the console of the NetWare server, type NWCONFIG and press Enter.

Select Directory Options|Remove Directory Services from this server

Press Enter on the warning and Yes to remove Directory Services. Choose .Root. as the reference point. Authenticate and complete the removal. Exit NWCONFIG and type EDIT C:\AUTOEXEC.BAT. REMark out the statement to load server.exe. Save the file and exit EDIT.
Down the Netware Server and power it off.

In ConsoleOne, remove any objects not removed by nwconfig relating to that server.

If the server is in a DFS management context, after decommissioning the NetWare server, run the VLDB repair for the DFS management context to remove the server. http://www.novell.com/documentation/oes2/stor_dfs_lx_nw/data/b6o9j66.html

9. Workstations

The only changes that need to be made on the workstations is, if you specify a Preferred Server, it will need to be changed to reflect the new OES Linux Server.

10. Conclusion

Although this seems like a lot steps to migrate a server from NetWare to OES Linux, the process moves along fairly fast. Depending on how much data needs to be migrated, you could migrate one server/site in a single day. To the users, their home directories within Windows Explorer looks identical.