Since the release of Open Enterprise Server SP1 (Linux), I have received several requests to revise my articles concerning OES2 and migrating from NetWare to OES2 Linux. After much thought, I decided to rewrite the entire article in lieu of a simple revision to make it easier for the reader to follow the steps I took instead of needing the knowledge of the earlier software packages. I've also decided to write articles that cover migrating from OES 1 to OES 2 SP1 and introducing a new OES2 SP1 server into and existing eDirectory 8.7.3.x tree. I've also added, as requested, iFolder 3.7 into these articles.
If you have read my previous articles, you will see that there are some sections that are completely different from before and there are some sections, Decommissioning, that still hold true today. I have included these redundant sections to complete the guide as they remain the recommended process to successfully complete the migration process, although one would assume you'd decommission the, now obsolete, server. Some may not have that assumption, and thus, I include it. Please disregard the redundancy.
Note: The installations covered in these articles are based on SuSE Linux Enterprise Server 10 SP2 (32 and 64 bit) and have been tested on both physical and virtual (VMWare©) servers. There may be dissimilarities in some screen shots, such as disk partitioning, as best practices recommends separate physical disks for mixing EVMS.
Please make modifications to the data, where noted, to reflect your own organization's structure.
Novell Open Enterprise Server 2 Migration Best Practices Guide:
The services to be migrated include:
Data – User and other shared
ZENWorks – Applications and policies
Backup – RSYNC
The steps to perform the migration are listed here:
- Preparing your current environment.
- Installation of OES2 SP1 Linux to a new server
- Securing the new OES2 SP1 Linux server.
- Data migration.
- DHCP migration.
- Printer migration.
- DNS migration.
- ZENWorks Desktop Management v7 SP1 - Optional.
- RSYNC modification - Optional.
- NetWare Server Decommission.
- iFolder 2.x to 3.7 migration – Optional.
Preparing your Environment
OES2 SP1 installs eDirectory 8.8.4 and can affect other applications in your environment.
Some applications will continue to run in a mixed eDirectory environment, as long as eDirectory 8.8 is not installed on that particular server.
To see a list of which Novell applications are compatible with eDirectory 8.8 and which are not, look here. http://support.novell.com/cgi-bin/search/searchtid.cgi?10099872.htm
OES2 SP1 migration will migrate versions of NetWare from 4 and later. For purposes of this article, we will be migrating NetWare 6.5 SP6.
EVMS or non-EVMS for NSS?
With the original release of OES Linux (OES1), EVMS was required for NSS volumes and pools. When OES2 was released, this requirement was removed and NSS volume creation was simply done using unpartitioned disk space. OES2 SP1 gives you the option of using EVMS for NSS volume management or create your NSS volumes and pools using non-EVMS utilities, namely mkfs. The use of either is your choice, although EVMS allows for more features of NSS to be utilized. In this example migration, we will use EVMS as the default.
OES2 Linux Installation and Configuration
This installation and configuration is based on SuSE Linux Enterprise Server 10 SP2 and OES2 SP1 The option still exists to install OES2 SP1 as an Add-on Product during the initial installation or to add it post SLES install. In this example, we are adding it after the SLES installation.
Previously, I have excluded SLES and OES Linux installations from my articles, and assumed the reader would be bored with the redundancy of the various installation screens. I include them here because of the changes Novell has made compared to the older versions and to show you what's new and included with OES 2 SP1, as well as SLES SP2, specifically EVMS partitioning for NSS volumes and pools.
SuSE Linux Enterprise Server 10 SP2 Installation
Installing SLES 10 SP2 on a new server follows the standard SLES install as previous versions, except for disk partitioning. These screens and options have changed to the affect that I want to include each to show differences.
Select Create Custom Partition Setup and click Next
Select Custom Partitioning (for experts) and click Next
This is just an example of how you can set up your partitions. Be aware that you can only have 4 Primary partitions. Extended partitioning allows for more.
If you are going to use non-EVMS for NSS volumes, then you can stop here with the partitioning. Notice that the Extended is 47GB and we've only used a total of 25GB of this partition. We've left 22GB unpartitioned for non-EVMS NSS later.
Otherwise, If you wish to use EVMS, only include what you need for your Extended Partition and leave the rest for EVMS.
Click Create and specify Primary Partition. Choose Do Not Format and Type 82. Do not set a mount point and click Ok.
Highlight this new Linux Native partition and click the EVMS button.
You will your partition listed. First we have to create an EVMS container. Click the Create Container button in the upper right-hand side.
You will see your volume listed, but we need to add it to the container, click Add Volume and you will see the path to the container appear in the Container field. Click OK to create your EVMS container.
Now you see your available space for your EVMS volumes, of which there are none yet. Click Add.
Since we want to make this an NSS volume, click Do Not Format and do not specify a mount point. Enter a meaningful name for the volume and specify the size or click Max to use all the available space. Click OK.
Now we see the volume and that it's not mounted or formatted. If you have more to add, do it at this time, otherwise click Next.
We are now done with partitioning as far as the install is concerned, after OES2 SP1 is installed and configured, we'll complete the NSS volume and pool creation.
Note: Although SLES will allow EVMS and non-EVMS to reside on the same physical device, it is recommended that your EVMS/NSS partitions/volumes reside on separate devices from the rest of your SLES installation. Should corruption happen in the future, it's make restoring and even a complete re-install more reliable and easier if they are separate.
My own use is to have a “Linux” installed on a RAID 1 and my NSS volumes on a separate RAID 5. Making it easier to add disks to the RAID, if needed.
Installation Progress screen.
Installation completed successfully.
After the OES installation is complete, you must perform the following tasks to ensure that the system device functions properly under EVMS:
Disable boot.lvm and boot.md
Disable boot.lvm and boot.md so they do not run at boot time. EVMS now handles the boot.
- In YaST, click System > Runlevel Editor > Expert Mode.
- Select boot.lvm.
- Click Set/Reset > Disable the Service.
- Select boot.md.
- Click Set/Reset > Disable the Service.
- Click Finish, then click Yes.
Enable the boot.evms Service
The boot.evms service should be enabled automatically after the install, but you should verify that it is enabled.
- In YaST, click System > Runlevel Editor > Expert Mode.
- Select boot.evms.
- Click Set/Reset > Enable the Service.
The B runlevel option is automatically selected.
- Click Finish, then click Yes.
Edit the /etc/init.d/boot.evms Script
- Open the /etc/init.d/boot.evms script in a text editor.
- Add the following lines to the Stop section:
mount -n -o remount,rw /
echo -en "\nDeleting devices nodes"
rm -rf /dev/evms
mount -n -o remount,ro /
The Stop section looks like this after the edit:
echo -n "Stopping EVMS"
mount -n -o remount,rw /
echo -en "\nDeleting devices nodes"
rm -rf /dev/evms
mount -n -o remount,ro /
- Save the file.
Finally! Reboot the Server
Now reboot the server to activate post-install configuration settings.
Verify the System Services
After the post-install configuration is complete and you have rebooted the server, make sure the server is operating as expected.
Adding OES2 SP1
Again, I'm adding OES2 SP1 to the SLES server post-installation.
When your server comes up, start YaST and choose Software | Add-on Product.
Select your media and click Next. If you have not placed your CD/DVD in the drive, you will be prompted to do so.
The media is cataloged and then the OES2 SP1 Installation will ensue.
The is the list of services offered for OES2 SP1. Notice Domain Services for Windows, Pre-Migration Server, AFP, CIFS and Novell Samba. These are new to OES2. Select the packages your organization requires and click Accept.
Note: You cannot install iFolder and Domain Services on the same server. YaST will complain about conflicts in dependencies. You probably wouldn't want iFolder running on a “Domain Controller” anyway.
Installation progress screen.
After the packages are installed, the installation process starts the OES Configuration process. Select whether you are starting a new eDirectory tree or place this server into an existing tree. Selecting the option to use eDirectory certificates for HTTPS will place the server's eDirectory certificates in Tomcat's certificate store and also replace Apache's certificates. The second option regarding TLS is the default for LDAP Binds to eDirectory, this is recommended. Click Next.
Enter the IP address (faster) of an existing eDirectory server holding a R/W replica of the Root Partition. I always use the server that holds the Master replica of the root partition. This server will always have all schema extensions and knows about all other servers in the tree.
Unless there is a conflict, it is recommended to leave the default ports.
Enter the ID and password of the tree admin or an admin equivalent.
Enter the context you want the server placed during installation of eDirectory. Again, it is recommended that you leave the DIB path and listed ports to default.
Configure NTP and SLP, in accordance with your organization's settings.
This is the last screen before eDirectory and the other OES option you selected before are configured and written to disk. This screen allows you to review your options and make changes as needed. Read your selections carefully, I have found placement of objects listed with the incorrect context than I wanted them. Corrections are much easier here than later.
When you are satisfied, click Next.
This is the installation and configuration of all the options you check earlier. Depending on how many you selected, this may take a while.
Your installation of OES2 is completed. Click Finish.
Create NSS Volume
From the command prompt, type nssmu to start the NSS Management Utility.
Select Devices and highlight the device you wish to use for your NSS volumes.
In order for NSS to utilize the space, the device must be Initialized. Warning: Init will destroy any data or volumes on this device.
Ensure you certain this is the device you want be fore proceeding.
Press F3 to Initialize this device.
When complete. You will see the available space for your NSS pools and volumes.
Select Pools, press Insert and create a new Pool. Call it VOL or whatever your standard dictates. Designate all or some of the free space to it, depending on your requirements.
Select Apply and the Escape back to the main menu.
Select Volumes, press Insert and create a new volume. Name it VOL1 (for example) and place it in the pool you created earlier. Designate all or some of the space to this volume and select apply.
If you don't see the volume in eDirectory, select the volume and press F4 to update eDirectory. Press Esc to exit the utility.
Securing the New OES2 Linux Server
These recommendations are optional and should be used as, at least, a guide to securing your server. Refer to your organization's security policies regarding hardening your servers.
GRUB Boot Loader
Password protect the boot loader to prevent editing of the boot environment or passing kernel level commands to the system at boot time. Use the md5crypt command within GRUB to encrypt a password. Then use this hash to edit the menu.lst file and insert the password line as shown below.
Be sure NOT to use the same password as root or any other user password on the system. If you “fat finger” the password without testing it first you will not be able to make changes to the boot process upon boot up!
GRUB version 0.97 (640K lower / 3072K upper memory)
[ Minimal BASH-like line editing is supported. For the first word,
TAB lists possible command completions. Anywhere else TAB lists
the possible completions of a device/filename. ]
color white/blue black/light-gray
password --md5 $1$vUYoM$OAxm9NVNUBsCeP1dl50
kernel (hd0,0)/boot/vmlinuz root=/dev/sda1 vga=795
Password protect changes to the BIOS to prevent changing the boot order of the device. In production booting from CD or floppy should be disabled.
Tuning Network Kernel Parameters
There are a few parameters that can be applied to the kernel through the proc file system to improve protection of the server.
Modify /etc/sysconfig/sysctl to add these options along with the default configuration options.
net.ipv4.ip_forward = 0 -- Disables IP forwarding.
net.ipv4.conf.all.accept_source_route = 0 -- Disables source routing.
net.ipv4.tcp_syncookies = 1 -- TCP syn flood protection parameter.
net.ipv4.tcp_max_syn_backlog = 4096 Additional TCP syn flood protection.
net.ipv4.conf.all.rp_filter = 1 Enables anti-spoofing protection.
net.ipv4.conf.all.send_redirects = 0 Disables the sending of ICMP redirects.
net.ipv4.conf.all.accept_redirects = 0 Disables receipt of ICMP redirects.
net.ipv4.conf.default.accept_redirects = 0 Disables ICMP redirects for newly activated.
Include this warning message for all direct methods of connection to the server.
/etc/motd Add this banner to this file
/etc/issue Add this banner to this file also. Below is an example that you can use. Change My Company to your Organization - It's lengthy, but you know the legal guys..
My Company owns this computer system and restricts access and use to authorized persons only. Use of and/or access to this system and/or any information obtained via this system is subject to My Company policies and procedures governing such use and access. Unauthorized or improper use of or access to this system, or any portion of it, either directly or indirectly, or any attempt to deny service to authorized users or to alter, damage, or destroy information, or otherwise to interfere with the system or its operation, is strictly prohibited. Any party using or accessing, or attempting to use or access, this system without express authority from My Company may be subject to severe disciplinary action and/or civil and criminal penalties in accordance with applicable state and federal law (including, but not limited to, the Computer Fraud and Abuse Act of 1986 and the Electronic Communications Privacy Act). My Company representatives may monitor and record use and access for quality assurance, security, privacy compliance, regulatory compliance i.e. HIPAA, Sarbanes Oxley, and performance, except as prohibited by law. Any person who uses or accesses this system expressly consents to such monitoring and recording. My Company or its representatives may furnish information obtained by its monitoring and recording activity to law enforcement officials if such monitoring and recording reveals possible evidence of unlawful activity.
Copy the /etc/issue file to /etc/issue.net
For SSH connections edit the /etc/ssh/sshd_config file. Below is the what needs to be changed to point the banner at the /etc/issue.net file.
# vi /etc/ssh/sshd_config
# no default banner path
# override default of no subsystems
In addition to setting a banner as above, it should be restricted to version 2 of the protocol only. SSH version 1 has some inherent weaknesses and so should be avoided. Edit this file and make the changes listed in Bold. Most settings are fairly self explanatory. No hosts should be automatically trusted through the rhosts types of authentication or even with a machine based certificate as with the RSA variants. Root should not be allowed direct access. For administration, you should connect to the machine as a regular user and then SU to root for additional needed rights.
# Don't read the user's ~/.rhosts and ~/.shosts files
# For this to work you will also need host keys in
# similar for protocol version 2
Further Securing Remote Login
In addition to the restrictions made on SSH, we should also further disable remote interactive login for root in case, mistakenly or maliciously, telnet or some other method of tty access was enabled again. Modify the /etc/securetty file. All lines except the TTY1 should be commented out. This is needed for console access. SSH is running its own daemon and is not affected by these settings.
# This file contains the device names of tty lines (one per line,
# without leading /dev/) on which root is allowed to login.
# for devfs:
Now this file should be protected by executing the following:
chown root:root /etc/securetty
chmod 400 /etc/securetty
this makes it so that only root can read the file and nobody can write to it, even root, until root chmod's the file with more permissions again.
Modification to /etc/inittab
/etc/inittab has several settings in it that should be hardened. Disable Ctrl-Alt-Delete from shutting down the server, edit the default run level, protect the server even in Single User mode, and disable extra console login daemons (Ctrl-Alt-Fx) to further protect console
See the settings made in Bold.
# The default runlevel is defined here
# First script to be executed, if not booting in emergency (-b) mode
# what to do in single-user mode
# what to do when CTRL-ALT-DEL is pressed. Comment to disable.
#ca::ctrlaltdel:/sbin/shutdown -r -t 4 now
The "3" in the id:3:initdefault line designates that the default run level is level 3 which does not load the GUI. The GUI can be loaded as necessary with the "startx" command but should not remain loaded or load by default on the server.
The line beginning with "~~:S" is the command for what to do in single user mode. (i.e. typing "single" as a boot parameter in grub -- which now requires password access anyway). Change the "respawn" command to "wait." This will prompt for the root password before continuing.
The "ca::ctrlaltdel:/sbin/shutdown --r --t4 now" line is the command to execute when Ctrl-Alt-Delete is pressed. This should be commented out as shown to disable this functionality and prevent someone with physical access from shutting down the machine without a valid login.
Xwindows - GUI protections
Although X-windows is not loading by default on the server, this could be changed easily by an administrator and it is available to load manually by changing run levels or typing "startx" at the console prompt. Therefore, implement the following extra safeguards:
Remote machines should not be able to get an X terminal login window. Edit the following lines in /etc/X11/xdm/Xaccess to prepend them with a "!" as shown.
!* #NO host can get a login window
!* CHOOSER BROADCAST #NO indirect host can get a chooser
Disable listening on port 6000
This prevents the X system from listening for X events from remote machines. Local X access at the console is not affected. Edit the config file /etc/X11/xdm/Xservers as shown below adding the "-nolisten tcp" switch to this line.
:0 local /usr/X11R6/bin/X :0 vt07 -nolisten tcp
Restrict cron and at
Cron and at daemons run processes on the system as root so access to them as well as the crontab command and files so that malicious code can't be "scheduled." The binaries are also world executable and SUID to root so they can be dangerous. Restrict access to them with the following steps.
- Create cron.allow and at.allow files
These files will restrict access to cron to only the users listed in the files. All others will be denied. The only user in the list should be root. These files don't exist by default so you can create them with the echo command as follows. Delete any deny files. (/var/spool/cron/deny)
# echo root > /etc/cron.allow
# echo root > /etc/at.allow
- Modify permissions on cron/at related files
Since all cron and at files are read and written to by processes that are SUID root, normal users on the system will not ever need to have direct access to the files so they should be secured to prevent tampering.
# chown -R root:root /etc/cron* /var/spool/cron
# chmod -R go-rwx /etc/cron* /var/spool/cron
OES2 SP1 Migration
With the release of OES2 SP1, the migration utilities' robustness has greatly improved, especially the gui interface. Novell has combined a majority of the individual utilities into one, allowing for a single migration, instead of each service having it's own, needing to be launched individually.
Here is a list of possible services for gui migration. Note: only services that are installed will be listed.
DNS migration is performed through iManager.
For purposes of this article, we will only be migrating the following services.
File Systems (data)
iFolder – Will be discussed later, as there are various scenarios associated, depending on version.
We will be migrating user data to a server that is in the same eDirectory tree and in the same container. We will use the GUI utility for presentation purposes.
The migration gui saves a lot of time and headaches versus the command line utilities. Personally, I'm a CDL guy, but looking at the DHCP migration utility (migdhcp.sh) alone made me thankful for the gui this time.
With the gui, you can opt for migrating single or multiple services at the same time, we'll show each service covered individually.
You can type miggui from the cdl or launch the migration utility from YaST.
This screen shows both the Source and Target servers, as well as the services configured to be migrated. You can see that there aren't any listed. We'll do that in a moment. First let's configure our source and target servers.
Click the Source server. Enter the source server information and authentication credentials. If the source server is a NetWare server, then the root password is not needed.
Click the Target server. Enter the target server information and authentication credentials. You will need to enter the root password since the target server is a Linux server.
Select the Type of Migration. Here we'll use Consolidate.
In the Services to Migrate frame, click Add to add services that are to be migrated.
You should see something similar, depending on what you have installed the source and target servers
Highlight the services you desire to migrate and click OK.
Almost ready. We have our source and target servers defined and the services we want to migrate. Now each service needs to be configured to your specifications.
Highlight the File System service and click the Configure button.
Select the directories on the source volume you wish to migrate and drag them to the target volume on the target server. Click the File Options tab
Select the options you wish. Click the Trustee Options tab.
Again, select the options as it pertains to your organization. The Match User Options tab is enabled when you select the Custom User Mapping option.
Novell DHCP Service
Highlight the Novell DHCP Service and click the Configure button.
Select type of migration,
Tree level will consolidate all DHCP servers, in the tree to the target server
Server level will simply migrate the DHCP server listed and it's managed subnets to the target server.
Subnet Level migrates a specified subnet to the target server.
For our purposes, we're using Server Level
Browse to the DHCP server object of the source server.
On the Other Options tab, browse or enter, the base DN, i.e., O=Org
Locator DN: cn=dhcpLocator,o=org
Group DN: cn=DHCP Group,o=Org
iPrint service requires that an iPrint Manager and Driver Store be already created on the target server prior to migration.
Highlight the Novell iPrint service and click the Configure button.
Select the Source and Target Print Managers to be migrated. Don't get them mixed up!
Select which printer objects are to be migrated. Or Select All
Specify whether the migrated printer objects are to be placed in the same container after migration or, specify a different target context the printers are to be placed. Select whether existing target printer objects are to be migrated at all.
Click the Other Options tab
Specify the target Driver Store and whether to migrate drivers and profiles.
when you are satisfied with your configuration, click the Start button in between the Source and Target servers.
Each service will migrate in order. When complete, you will see a similar screen.
If you have failures, the utility will let you know.
In the errors above, I learned that the DHCP migration utility migdhcp.sh, did not allow for spaces in the DN. i.e., ou=Salt Lake City,o=Org. This has since been fixed by it's author.
One other gotcha I found was if, ZENworks Inventory process is running on the source NetWare server and you select the ZENworks directory for migration, unload ZENworks, ZFDSTOP.NCF prior to running the migration as it will fail when trying to migrate the DB files because they will be open on the source server.
Let's check trustees to see if the migrated also. Open iManager and browse to a user's Home directory on the target server and view it's trustee assignments.
We see that Rjames has full rights to his Home directory on the OES 2 SP1 Linux server.
Ensure that DNS is not running on the NetWare server.
Login to iManager.
Click DNS and then DNS Server Management.
From the drop-down menu, select Move DNS Server and click OK.
Select the DNS Server name from the drop-down list. This will be the OES2 Linux Server.
Use the Object Selector to select the NCP (NetWare) server that will be migrated.
All primary zones associated with old DNS server will be migrated.
ZENWorks Desktop Management v7 SP1 - Optional
Insert the ZDM 7 SP1 CD in the new server and browse to the mount point from the command line.
Copy the file, silent.properties to /root/.
Edit the file and modify the following lines:
Remove Comment from:
USER_SUPPLIED_SERIAL_NUMBER=[Enter your Activation Code Here]
Save the file and change directories to /media/cdrom
Type the following to install ZDM7 on your server:
./setup -f /root/silent.properties
When complete, dismount the CD.
In ConsoleOne, edit each NAL object to reflect the new path to the files on OES Linux Volume.
RSYNC - Optional
Migrating RSYNC is fairly uneventful accept for granting the proper POSIX acls to the NSS file mounts instead of default eDirectory acls.
Here is what needs to be changed and/or added and where.
On your main RSYNC Server, in the SYS:SYSTEM directory, there are several NCF files beginning with RS_. These files have numbers following the prefix that corresponds to a time that the file is executed. Find which file has the branch server reference in it and change that file to reflect the following:
rsync -vprtuz –stats –delete –volume=VOL1: NETWARE_SERVER_NAME::NETWARE_SERVER_NAMEUsers /BACKUP/Branch_name/Users –timeout=360 –bwlimit=256
rsync -vprtuz –stats –delete –volume=VOL1: OES2_SERVER_NAME::OES2_SERVER_NAMEUsers /BACKUP/Branch_name/Users –timeout=360 –bwlimit=256
Change the NETWARE_SERVER_NAME to OES2_SERVER_NAME in the file for that branch you are migrating.
On the new OES Linux server, edit the file /etc/rsyncd.conf
Make the following changes:
uid = admin
gid = root
transfer logging = true
log format = %h %o %f %l %b
log file = /var/log/rsyncd.log
slp refresh = 300
path = /media/nss/VOL1/users
comment = (Branch name) Users
read only = no
chroot = no
timeout = 60
path = /media/nss/VOL1/share
comment = (Branch name) Share
read only = no
chroot = no
timeout = 60
Save this file and exit.
Decommission NetWare server
In ConsoleOne, remove the R/W replica from the NetWare Server.
Right-Click the Container Object for the branch and select Properties.
Click the Login Script Tab and change any reference to the NetWare server to reflect the OES Server – i.e., MAP ROOT U:=NNETWARE_SERVER/VOL1:USERS/%1 to MAP ROOT U:=OES_SERVER_NAME/VOL1:USERS/%1
From the console of the NetWare server, type NWCONFIG and press Enter.
Select Directory Options|Remove Directory Services from this server
Press Enter on the warning and Yes to remove Directory Services. Choose .Root. as the reference point. Authenticate and complete the removal. Exit NWCONFIG and type EDIT C:\AUTOEXEC.BAT. REMark out the statement to load server.exe. Save the file and exit EDIT.
Down the Netware Server and power it off.
In ConsoleOne, remove any objects not removed by nwconfig relating to that server.
The only changes that need to be made on the workstations is, if you specify a Preferred Server, it will need to be changed to reflect the new OES2 Linux Server.
There are several combinations for migrating iFolder to and OES 2 SP1 Linux server.
In this scenario, I will be focusing on migration iFolder 2.x on NetWare to 3.7 on OES 2 SP1 Linux.
To explore the other possibilities, refer to Novell's documentation concerning migration iFolder
Note: You must migrate iFolder 2.x server file system, using the Migration Utility's File System Migration first. See above File System.
Select your options depending on your current configuration. Note the default path for iFolder on Linux is /var/opt/novell/iFolder. If you migrated the file system data to a separate path, specify it here.
Once you have made your selections, click Ok.
Note: Encrypted file stores are not migrated because they need the user's passphrase and must be performed on the client side.
Now you must migrate your clients.
On the client PC, install the iFolder 3.7 client and ensure that it does not overwrite any iFolder 2.x files. Do this by specifying an alternate path. For the migration to be successful, both versions of iFolder (2.x AND 3.7) must be running on the client PC.
It is not recommended to choose the move iFolder 2.x to 3.7 because there is no back out should the migration fail. The entire iFolder store is moved instead of copied.
Once the migration on the client is complete, you must remove the iFolder 2.x client from the PC for iFolder 3.7 to function normally. It also ensures that user will not accidentally use it out of habit before the NetWare server is decommissioned.
Open Enterprise Server 2 SP1 has many improvements for migration from NetWare AND Windows to OES2 Linux, including tree to tree migration. And with OES2 SP1, Domain Services for Windows will add to the migration possibilities.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.