NetWare 6.5 Web Components Part 2: Upgrade
Novell Cool Solutions: Feature
By Joe Harmon
Digg This -
Posted: 26 Aug 2003
This is the second installment of the long-awaited sequel to Joe Harmon's training series on NetWare 6.0 Web Infrastructure. That series was so popular with readers, Joe agreed to create a new series to help you get acquainted with the brand-new NetWare 6.5. Joe Harmon is part of Novell's Web Services Support team, so this is kind of an experimental approach to "proactive" support that is offered before you encounter a problem. We'd like to keep Joe's managers happy so they keep letting him work on these, so please take a minute to fill out this survey when you're done reading this installment.
Network Preparation - Using the NetWare Deployment Manager, we will perform certain tasks which will allow us to prepare for an upgrade.
** IMPORTANT ** This process is required regardless of whether or not you are performing a downed server upgrade or an upgrade on a server that is already running.
- To start this process, we will place the NW65OS CD in a workstation and double click on the NWDEPLOY.EXE option. We will focus on several options within the NetWare Preparation section. Some of these tasks are optional and will not be covered in this document. The essential options will be covered.
- Back Up Data - This first section is optional, but suggested. However it is not essential to this demonstration and the deployment manager covers it quite well, so I will not cover it in this document.
- Search Tree for eDirectory and NDS versions - This option is required. In NetWare 6.0 we didn't have this option and you could potentially run into some problems. The reason you want to perform this option is because NetWare 6.5 has schema that is not compatible with older versions of DS. Therefore if an older version of DS is contacted during the installation of NetWare 6.5 schema, you could run into problems installing that schema.
- What information do I need before I start the update of NDS?
- IP information
- Mapped Drives
- Connection and context information
- Who is in the replica ring were the server is being installed?
- Who holds the Master and R/W replica's within that ring?
- Once you have this information, you can click on the VIEW AND UPDATE NDS option with the SEARCH TREE FOR EDIRECTORY AND NDS VERSION section.
- Performing the search - If you are unable to see your tree in the list, then try mapping a drive to the server first.
- Select the servers to update - This process shouldn't take long. This process is needed in order to make your older servers compatible with Novell's eDirectory. This will not update servers that are already running eDirectory or DS 8.x.
- Warning - If you are not at the latest support pack then you will receive a warning. If you are not at the latest support pack then STOP HERE. Please update to the latest support pack before moving on.
- Logging into the server - If you have problems logging into the server, then select the DETAILS option, choose CONNECT BY ADDRESS, and put in the IP address of the server you are trying to connect to. (This is the reason that you were asked to collect this information before starting this process). Click OK to continue.
- Restarting DS - After the update process has completed, you will be asked to restart those versions of DS. This is a required process, so if you don't have the option of restarting DS at this time, then you can uncheck the box. However you must restart DS before moving on with the next task.
- Update complete - Click EXIT to continue.
- Prepare for New eDirectory - Due to new schema that comes with NetWare 6.5, we will need to prepare older versions of the OS to be able to be compatible or able to accept the NetWare 6.5 schema.
- Extending the core schema - If you are doing this remotely (not on the same subnet) then you may need to remap to your tree in order to be able to see it.
- Choosing the server with a R/W or Master of root - Here we are just choosing a server that we can perform the schema upgrade on. Choose a server from the list and click NEXT to continue.
- Core Schema installed and tree is prepared for NetWare 6.5. Click EXIT to finish.
- Prepare a Server with NDS 7 and NSS (Conditional)
- Selecting the server
- You will be prompted to log in to the server. Put in the proper password and click OK to continue.
- Now you will have the option of what checks you wish to perform. Leave everything checked and click NEXT to continue.
- Authenticating to the server - One thing to note here is that you may need to click on the DETAILS button, choose the CONNECT BY ADDRESS option, and login with the IP address of the server.
- The warning here on the Schema is normal, if you look through the log file you will see that there is certain schema that will be done during the install and that it is just reporting it.
- This screen is shown if you were having failures that you need to take care of. This is just shown for reference.
- Viewing the log - If you receive any failures or warnings, this log will help you know what you need to do to correct the problem.
- The screen below is the NetWare 6.5 software license agreement. After reading the license agreement click I ACCEPT to continue.
- Now you are presented with the JREPORT license agreement. Again, after reading the license agreement, choose I ACCEPT to continue.
- Click on the button to choose the server that is going to be upgraded. Click NEXT to continue. <
- Authenticating to the server. The one thing that should be noted here is that if you are going to use an admin equivalent user be sure that this user has rights to the root of the tree.
- In order to perform an upgrade to NetWare 6.5 a health check MUST be performed on the server. With the remote upgrade option this will be done automatically. If you are installing from a downed server, you will need to first run a health check from the NetWare Remote Manager. If a HEALTH.LOG file is not found in the SYS:/SYSTEM directory then you will not be allowed to move forward with the installation. Once the health check is performed you can review and fix any errors and/or warnings.
- If you desire to backup your old NWSERVER directory then you can choose that option at this point. You are also given the option of whether or not you want to reboot the server once the installation is complete. We will leave the defaults to YES. As far as the upgrade type, we will choose DEFAULT. The reason for choosing default is because a MANUAL installation will require user intervention at the server in order to manually select the drivers.
- If you choose a MANUAL installation you will receive a screen explaining that user intervention will be required at the server console to manually select the server's drivers. Since I know that you chose the default option, we will just skip right past this screen.
- There are several components that ship with NetWare 6.5. For this demo we are going to install all of them.
- This is your last chance to back up and make any changes before moving on. Please review the list and make sure you didn't forget anything. Select COPY FILES to continue.
- File Copy Status
- Replace the OS CD with the NetWare 6.5 Product CD. Click OK to continue.
- After the file copy has finished, you will see a screen that shows the server going down and coming back up. You will then see that it is waiting for DS to fully initialize. The screen may disappear for a while. Have patience. It is just trying to connect to the server and you will eventually receive the login screen. If you are flipping around through the windows, then it may be in the background without you knowing it.
- Prompted to login - You should only receive this login if you chose the MANUAL upgrade. Otherwise you will receive the screen that is shown in the next step. If you do receive this screen, then you may need to click on the DETAILS button, check the CONNECT BY ADDRESS option, and put in the IP address of the server in order to make the connection.
- eDirectory login - If you receive this login then you have properly queried the eDirectory database. Log in with admin or a user who has trustee rights to root.
- Since this is an upgrade, we will be installing into an existing tree. This screen is just showing that eDirectory has been upgraded. Click NEXT to continue.
- Make sure you have your license diskette in the floppy drive. Select the proper license(s) and click NEXT to install them.
- Next is the container where you want to install the license(s). Be sure that you select the proper container. Make sure that the licenses are at the same level or above the users within the eDirectory tree. Click NEXT to continue. This is explained in the description section of this screen. Licenses are valid for all servers and users at the same level as this container and below. That is why I said that your license must be at the same level or above the users and servers in question. Remember that rights flow down, not up. The same concept is true for licenses. Click NEXT to continue.
- Novell Modular Authentication Service is a service that controls your multiple authentication methods. NDS is a required install, and if you desire any other tokens or methods for authenticating they can be configured here. Since we are only going to use NDS authentication, we will accept the defaults and click NEXT to continue.
- There are three sections here that you really need to understand. The first is the LDAP CONTEXT FOR ADMINS section. This section coincides with the IFOLDER ADMIN NAMES section. The context which is used in the LDAP CONTEXT FOR ADMINS must be a container in which there is an admin user who has sufficient rights to extend schema (ie. Rights to root). Even if these rights are temporary. The reason for this is that we extend the schema and create the objects that hold the iFolder configuration the first time that we log into GLOBAL SETTINGS within the iFolder Administration page.
- The MySQL database will need a password for the root user. The root user to MySQL is synonymous to the admin user within eDirectory, so you will need to keep note of the password. ** NOTE ** A password is required. The SECURE INSTALLATION option will be discussed in the next few steps.
- If you choose to secure the installation then your rights will be setup as shown in the graphic below. You will notice that root@% is not listed. This means that if you are planning on using MyCC that you will not be able to connect from a workstation without putting root@% in as a user. You will however be able to use the phpMyAdmin utility because it does a server connection. In other words it connects over localhost. The other users, appserver and audituser, are installed for exteNd application server and the advanced audit services respectively. The reason that they allow connection on the server, "localhost" and client "%" access is due to the need of performing specific operations. One example of this would be publishing a web application from exteNd workbench (which runs on the client).
- If you do NOT choose a secure installation then the rights to the MySQL database will be setup as shown in the graphic below. There are three different rights that come with a non-secure MySQL installation. The one of most consequence is that you receive root@%. What this means is that you can connect to the MySQL server from a workstation running MyCC or some other database administration program. Without the % connection you would only be able to connect from the server.
- The user that is defined here is the locksmith for the Server Management Console utility that is used for managing the exteNd Application Server. If you choose the RESTRICT ACCESS option, then you will be required to log in before you can access Server Management Console. If you uncheck that option then the utility can be run by anyone who has access to the server console. ** NOTE ** The password is required. Click NEXT to continue.
- This next section is setting up the data base user and database within MySQL for the exteNd Application Server. The defaults should suffice here, but you can change the password to something else if desired. As far as the option EXECUTE SILVERMASTERINIT, I would leave it checked. This will create the database for the exteNd Application Server. Click NEXT to continue.
- This section is for the Novell Audit Starter Pack. Just accept the defaults and click NEXT to continue.
- Here we are setting up a DB user and database for the Novell Audit Starter pack. Put in a password and click NEXT to continue.
- Next is the RSYNC license agreement. RSYNC does backup and restore. After reading the agreement, if you agree then click on I ACCEPT to continue.
- Now we will configure all of the services.
- Select YES to restart your server.
** NOTE ** The next section is performing an upgrade on a server that is up and running using the remote upgrade option. If you want to perform an upgrade on a downed server then please refer to the fresh install chapter. At the point where you are asked if you want to run the install.bat manually or automatically, you would choose the manual option and put in the parameter INSTALL /UPGRADE.
** IMPORTANT ** Just because a user has the SECURITY EQUAL TO ME option set within eDirectory, does not mean that they have sufficient rights. The best option is to go to the root of the tree and add that user as a trustee with supervisor rights. Otherwise use the admin account.
Once this is done, iFolder can be administered by a container admin with less rights. If you do decide to change the LDAP CONTEXT FOR ADMINS to a container lower down in the tree, then make sure that it is in LDAP format (example: ou=iFolder,o=web), that you have an admin with sufficient rights to extend schema, and that the admin user is listed in the IFOLDER ADMIN NAMES section. You can add other admins to the list of the IFOLDER ADMIN NAMES section by separating then with a semicolon. An example of this would be admin;iFolderAdmin. If you place any other character than a semicolon, then the user names will be read as one user name and your authentication to the iFolderAdmin will fail.
The next setting we want to look at is the USER DATABASE PATH. This is where the users' accounts will reside on the server. You could leave this on the SYS volume for test purposes, but in production I would suggest that you point it to a different volume. This will keep the SYS volume from being filled. In our case the information will be changed from SYS:\iFolder to DATA:\iFolder. You can also add iFolder administrators here.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com