Novell Home

Configuring OES SP2 with NSS, NCS, and Samba

Novell Cool Solutions: Feature
By Jordan Nielsen

Digg This - Slashdot This

Posted: 3 Aug 2007
 

Steps to configure OES SP2 with Clustering, NSS, and Samba

  1. Download the netinstall.sh script from the following link: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972902.htm. Follow this TID to install OES SP2 over the network.

    There are also further instructions in the OES documentation, which can be found at this link: http://www.novell.com/documentation/oes/install_linux/index.html?page=/documentation/oes/install_linux/data/b1ppmo4.html
  2. After installing the OES SP2 server use TID 3045794 to patch the server correctly with rug: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3045794&sliceId=SAL_Public &dialogID=42082370&stateId=0%200%2042084692
  3. If you have multiple paths to the data storage install multipath-tools. Launch yast or yast2 | select software | install & remove software | search for multipath-tools and accept any dependencies.
  4. Start the multipath daemons on boot by running chkconfig -a multipathd. Next open yast | system | runlevel editor | change to expert mode and enable boot.multipath in the B section.
  5. Edit the /etc/nam.conf file with the following settings:
  6. base-name=o=Base Context
    admin-fdn=Admins Context
    preferred-server=Preferred E-Directory Server
    alternative-ldap-server-list=Alternate E-Directory Servers,Alternare E-Directory Servers
    num-threads=15
    schema=rfc2307
    enable-persistent-cache=YES
    user-hash-size=211
    group-hash-size=211
    persistent-cache-refresh-period=28800
    persistent-cache-refresh-flag=all
    persistent-search=no
    create-home=no
    type-of-authentication=2
    certificate-file-type=der
    ldap-ssl-port=636
    ldap-port=389
    support-alias-name=no
    support-outside-base-context=yes
  7. Configure slp by editing the /etc/slp.conf file and enter the scope and directory agent list. Enter the information in the first two sections about your scope and directory agents. After the file is changed restart the slpd daemon.
  8. LUM enable the Unix workstation object that was created during server installation. Load iManager | linux user management | modify linux workstation object | add the workstation to your corresponding LUM enabled group. On the server run a namconfig cache_refresh to pull to cache from E-Directory. For more details on LUM please see the following link: http://www.novell.com/documentation/oes/implgde/index.html?page=/documentation/oes/implgde/data/lum-implsuggest.html
  9. Install nss with the following command | yast nss | choose to install the nss rpms | select remote server and choose an E-Directory server | accept default nss user.
  10. Install Novell Cluster Services after an SBD device has been presented to the servers. Run yast ncs | choose to install rpms | select remote server and choose an E-Directory server | choose a new cluster | enter a unique ip for the cluster | select the device for the SBD partition | select the ip address Novell Cluster Services will use for this node.
  11. Turn smb and nmb off by running rcsmb stop and rcnmb stop. Turn the services off in the various runlevels by running chkconfig -d smb and chkconfig -d nmb. Shutting off these services lets Novell Cluster Services load and unload smb and nmb.
  12. Disable the following services on the system:
  13. alsasound
    apach2
    SuSEfirewall2_final
    SuSEfirewall2_init
    SuSEfirewall2_setup
    isdn
    nfs
    nfsboot
    nfslock
    nfsserver
    novell-httpstkd
    novell-smdrd
    novell-tomcat4
    novell-xregd
    novell-xsrvd
    postfix
    powersaved
    rcd
    splash
    splash_early
    splash_late
    tomcat
    xdm
  14. Modify the /etc/ssh/sshd_config file, so that login through root is disabled. Also, change the Protocol line and remove the 1, so it is just using protocol 2.
  15. Modify the /etc/hosts.nds file and add all the replica holders. Do this to provide redundancy for E-Directory.
  16. There was an issue where OES could not recognize over 8 luns presented to the cluster nodes. Modifying the /boot/grub/menu/lst file with the following entry. Our current storage is Hitachi Data Systems, so the command may vary depending on your storage vendors. Here is an example of an entry in the menu.lst file:
  17. title Linux
    kernel (hd0,0)/boot/vmlinuz root=6801 vga=0x314 selinux=0 splash=silent resume=/dev/cciss/c0d0p2 elevator=cfq showopts "scsi_mod dev_flags=HITACHI:OPEN-V:0x240"
    initrd (hd0,0)/boot/initrd
  18. Check the kernel version by running uname -r from the console or an ssh session. The current kernel released to the OES channel is 2.6.5-7.286-bigsmp. If your system is at this kernel version then apply a km_nss-4.9.30-1.i586.rpm. This patch fixes two critical nss issues. Check http://download.novell.com for this update. If this is not available contact Novell support.
  19. Install McAfee LinuxShield by installing LinuxShield-1.3.0-108.i386.rpm. Configure a nails lum user and a lum group called nailsgroup. After the initial LinuxShield install run the support pack 4 script for LinuxShield | ./setupSP4 install | apply the McAfee-LinuxShield-1.3_2.6.5_7.286-1.i586.rpm. You may need to contact Novell to get this file. With OES2 (due in September), when you install a security kernel update, the installation process will automatically check the existing kernel modules and re-use them if the new kernel contains the right symbol versions. Kernel security updates usually preserve symbol versions, so McAfee kernel modules would just keep working (no download involved). It should also recognize if there is an update and apply new McAfee kernel hooks.
  20. Assign storage space for NSS pools and volumes. Scan for storage by using TID 3000817 or the following link: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3000817&sliceId=SAL_Public &dialogID=42306352&stateId=0%200%2042310286
  21. To automate these processes create a shell script that includes the commands from TID 3000817. Example:
  22. #!/bin/bash
    echo scsi-qlascan > /proc/scsi/qla2xxx/0
    sleep 5
    echo scsi-qlascan > /proc/scsi/qla2xxx/1
    sleep 5
    echo "- - -" > /sys/class/scsi_host/host0/scan
    sleep 5
    echo "- - -" > /sys/class/scsi_host/host1/scan
    sleep 5
    multipath
    echo Please run multipath -ll to see if your new lun has been detected. 
    sleep 2 
    exit 0
  23. Run the script on each server, so all servers are seeing the same storage space.
  24. Initialize the disk(s) through iManager or nssmu. There is a bug in OES where you could not initialize disks through iManager or nssmu, so evmsgui or evmsn might need to be used. Evmsgui or evmsn will automatically detect new disks and initialize them correctly.
  25. Create the nss pool(s) and volume(s) through iManager or nssum and cluster enable those items. The following is a link for managing nss pools and volumes on OES Linux. http://www.novell.com/documentation/oes/nss_enu/index.html?page=/documentation/oes/nss_enu/data/bycmray.html
  26. After the pool(s) and volume(s) are mounted in /media/nss create a samba directory with the mkdir command. In the samba directory create 3 more directories called etc, logs, and locks.
  27. Next configure Samba by creating the following smb.conf file. I have included some comments above each section, so you understand how we are configuring Samba with OES.
  28. # smb.conf is the main Samba configuration file. You find a full commented 
    # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the 
    # samba-doc package is installed. 
    # Date: 2005-12-01 
    # netbios name = DATALXPL9-W is the name of the samba domain object in E-Directory
    # server string = DATALXPL9 is the name of the nss pool
    [global] 
            netbios name = DATALXPL9-W	
            server string = DATALXPL9
            workgroup = workgroup
            security = user 
            passdb backend = NDS_ldapsam:ldaps://127.0.0.1:636
            ldap admin dn = cn=Adminuser,o=context of Admin user 
            ldap suffix = o=UHSC 
            ldap passwd sync = on 
            encrypt passwords = yes 
            smb ports = 139
            socket options = TCP_NODELAY IPTOS_LOWDELAY
    # Disables mapping to guest
            map to guest = Never 
     
    # Disables printing support and errors
            load printers = no
            printing = bsd
            printcap name = /dev/null
            disable spoolss = yes
    
    # NOTE: use sendfile is set to no to support nss filesystem shares. speeds up file transfers by copying data directly to and  #from kernel buffers, avoiding the overhead of copying to and from buffers in user space.
            use sendfile = no 
    
    # Needed for clustering per NCSL documentation
    # bind interfaces only = yes has samba listen to defined interfaces
    # interfaces specifies ip of the nss pool 
            bind interfaces only = yes 
            interfaces = ip address 
            pid directory = /media/nss/ITS/samba/locks
    # [ITS] is the share name
    # path =/media/nss/ITS is the path the ITS nss volume will get mounted in the filesystem. 
    
    [ITS] 
            comment = ITS share
            path = /media/nss/ITS 
            browseable = Yes 
            read only = No 
            inherit acls = Yes
  29. Copy the smb.conf file to the /media/nss/samba/etc directory.
  30. Modify the Novell Cluster Service scripts. Load iManager | Clusters | Cluster Options | browse to and select the cluster object | Select the Pool Resource | click Details or Properties | click the Scripts tab | click the load script link | Use the following sample script for your load script:
  31. #!/bin/bash
    . /opt/novell/ncs/lib/ncsfuncs
    exit_on_error nss /poolact=DATALXPL9 
    exit_on_error ncpcon mount /opt=ns=long USERS=213
    exit_on_error add_secondary_ipaddress 192.168.0.1
    exit_on_error ncpcon bind --ncpservername=DATALXPL3_SERVER --ipaddress=192.168.0.1
    SAMBA_ROOT=/media/nss/USERS/samba
    exit_on_error /usr/sbin/nmbd -l $SAMBA_ROOT/log -s $SAMBA_ROOT/etc/smb.conf
    exit_on_error /usr/sbin/smbd -l $SAMBA_ROOT/log -s $SAMBA_ROOT/etc/smb.conf
    exit 0

    In the above script DATALXPL9 is the pool name, USERS is the volume name, /opt=ns=long is mounting the nss volume with the long name space, 192.168.0.1 is pool ip address, DATALXPL3_SERVER is the virtual ncp server object, and the ip of the cluster enabled pool, SAMBA_ROOT is a variable specifying a location, next we load samba and point it to our smb.conf file created earlier.

  32. Now modify the Novell Cluster unload script. Load iManager | Clusters | Cluster Options | browse to and select the cluster object | Select the Pool Resource | click Details or Properties | click the Scripts tab | Use the following sample script for your unload script:
  33. #!/bin/bash
    . /opt/novell/ncs/lib/ncsfuncs
    SAMBA_ROOT=/media/nss/USERS/samba
    ignore_error killproc -p $SAMBA_ROOT/locks/nmbd-smb.conf.pid /usr/sbin/nmbd
    ignore_error killproc -p $SAMBA_ROOT/locks/smbd-smb.conf.pid /usr/sbin/smbd
    sleep 8
    ignore_error fuser -k $SAMBA_ROOT
    ignore_error ncpcon unbind --ncpservername=DATALXPL3_SERVER --ipaddress=155.100.117.153
    ignore_error del_secondary_ipaddress 155.100.117.153
    ignore_error nss /pooldeact=DATALXPL3
    	exit 0
  34. After the load and unload scripts are finished unmount and volume and pool. You can use nssmu or iManager to accomplish this task.
  35. Then use iManager or cluster commands to try and load the resource.
  36. If you are using the command line then use the following cluster online command:
  37. Cluster online <RESOURCE_SERVER> <SERVER NAME>
  38. If the resource goes comatose then you have a configuration problem in your smb.conf or the cluster scripts.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell