Planning for the Installation

Before you install and use the driver, you must plan a local or remote installation and define user accounts for GroupWise driver access.


Understanding a Local Installation

A local installation installs the driver on the same Windows NT/2000, Linux, or NetWare® computer where you installed Identity Manager and eDirectoryTM. The GroupWise domain database can either be on the same computer or a different computer.


Local system configuration.
If . . . Then . . .

The GroupWise driver is running on a NetWare server. . .

The GroupWise server (domain database) must also exist on NetWare.

The GroupWise driver is running a Linux server. . .

The GroupWise server (domain database) must be on the same server.

NOTE:  NFS or any other type of mounted file system is not supported if the GroupWise driver connects to it. For example, the GroupWise driver running on LInux should not connect to a domain database on another server through a mounted file system; or a domain database on a Linux server should not be accessed by a GroupWise driver running on any other server, regardless of the operating system.


Understanding a Remote Installation

A remote installation installs the driver on a different computer than the one where Identity Manager and eDirectory are installed. You should use this configuration when Identity Manager and eDirectory are installed on a Solaris* platform. The driver is installed with the Remote Loader on a Linux, NetWare, or Windows NT/2000 system. The GroupWise domain database can be on any of the systems or on a separate system.

GroupWise can be installed on a separate system, on the system where the DirXML engine resides, or on the driver system (two-system installation); or all components can be installed on a single Linux, NetWare, or Windows NT/2000 system.


Remote system configuration.


Configuring Driver Authentication

In order for the driver to authenticate to the GroupWise domain, the driver must first authenticate to its local operating system, and then authenticate to the system holding the GroupWise domain. (If the driver is on the same computer as the domain database or running on Linux, you do not need to configure authentication.)

As part of configuring authentication, you create the same username and password on each system, and assign the account administrative rights.

IMPORTANT:  To establish a connection between systems, you must create user accounts with the same username and password for each system.

The following topics help you configure authentication:


Creating a User Account for the System Containing the Driver for Windows NT/2000/XP

As part of configuring authentication, you should create the same username and password on the system containing the driver, and assign the account administrative rights.

After you have created the user account for the driver system, refer to Creating a User Account for the System Containing the GroupWise Domain.


Defining an Account when the Driver Is on Windows NT

  1. From the Start Menu, select Programs > Administrative Tools (Common), then click User Manager.

  2. Select User > New User, then specify a new username.

    The user name must be the same on both systems.

  3. Specify a case-sensitive password.

    The password must be the same on both systems.

  4. Select Password Never Expires, then deselect all other boxes.

  5. Select Groups, select Add Administrators to the "Member of", then click OK.

    IMPORTANT:  This user should be part of the administrator group.

  6. Click OK.

  7. Select the user you just created.

  8. Select Policies > User Rights.

  9. Select the Show Advanced User Rights check box.

  10. Select Log on as a Service from the Rights drop-down list.

  11. Click Add, then click Show Users.

  12. Select the user you just created.

  13. Click Add, then click OK.

  14. Click OK.

  15. Close the User Manager window.

  16. Restart the system.


Defining an Account when the Driver Is on Windows 2000

  1. From the Start Menu, click Settings > Control Panel > Administrative Tools, then click Computer Management.

  2. In the Tree view, open Local Users and Groups.

  3. Click Users, click Action, then click New User.

  4. Specify a username, and a case-sensitive password.

    The username and password must be the same on both systems.

  5. Click Password Never Expires, click Create, then click Close.

  6. Deselect all other boxes.

  7. In the Tree view, select Groups.

  8. Double-click Administrators.

  9. Click Add.

  10. Click Add to select the user you just created, then click OK.

  11. Click OK.

  12. Close the Computer Management window.

  13. Select Local Security Policy from the Administrative Tools window.

  14. Open Local Policies in the Tree view.

  15. Select User Rights Assignment.

  16. Double-click Log On As a Service.

  17. Make sure your user is displayed and has the "effective rights" box checked.

  18. Select Add, specify the user you just created, click Add, then click OK.

  19. Click OK.

  20. Close the Local Security Settings window.

  21. Close the Administrative Tools window.

  22. Restart your computer.


Defining an Account when the Driver Is on Windows XP

To define a user account when the driver is on Windows XP:

  1. From the Start Menu, click Control Panel, Administrative Tools, then click Computer Management.

  2. In the Tree view, open Local Users and Groups.

  3. Click Users > Action, then click New User.

  4. Specify a username, and a case-sensitive password.

    The username and password must be the same on both systems.

  5. Deselect all boxes except Password Never Expires, click Create, then click Close.

  6. In the Tree view, select Groups.

  7. Double-click Administrators.

  8. Click Add.

  9. Specify the user you just created, click Check Names to verify the name, then click OK.

  10. Click OK.

  11. Close the Computer Management window.

  12. Open Local Security Policy from the Administrative Tools window.

  13. Open Local Policies in the Tree view.

  14. Select User Rights Assignment.

  15. Double-click Log on As a Service.

  16. Select Add User or Group, then specify the user you just created.

  17. Click Check Names to verify the name, then Click OK.

  18. Click OK.

  19. Close the Local Security Settings window.

  20. Close the Administrative Tools window.

  21. Restart your computer.


Defining an Account when the Driver Is on Windows 2000 AD Domain Controller

  1. From the Start Menu, click Settings > Control Panel > Administrative Tools, then click Active Directory Users and Computers.

  2. In the Tree view, click Users, click Action, click New, then click User.

  3. Specify the full name, then specify the user login name.

    The user login name is used in the driver configuration. The user name must be the same on both systems.

  4. Click Next.

  5. Specify a case-sensitive password.

    The password must be the same on both systems.

  6. Select Password Never Expires.

  7. Click Next, then click Finish.

  8. In the Tree, select Builtin, click Administrators > Members, then click Add.

  9. Select the full name of the user you entered in step 3, click Add, then click OK.

  10. Click OK.

  11. Close the Active Directory Users and Computers window.

  12. In the Administrative Tools window, select Domain Controller Security Policy.

  13. In Tree, expand the Security Settings, click Local Policies, then User Rights Assignment.

  14. Select Log On As a Service and select Define These Policy Settings. Click Add twice, then click Browse.

  15. Browse to and select the user you created in step 3. Click Add, click OK, then click OK again.

  16. Click OK and close the Domain Controller Security Policy window.

  17. In the Administrative Tools window, select Local Security Policy.

  18. In Tree, expand Local Policies, then click User Rights Assignment.

  19. Select Logon as a service, select Local Policy Settings for the user created in step 3, then click OK.

  20. Close the Local Security Policy window.

  21. Restart the system.


Creating a User Account for the System Containing the GroupWise Domain

As part of configuring authentication, you should create a username and password on the system containing the GroupWise domain and assign the account administrative rights.

IMPORTANT:  To establish a connection between the driver and the GroupWise domain system, you should create user accounts with the same username and password for each system.

If the GroupWise domain exists on Linux, and the driver is on Windows NT/2000, the Linux account must be created in Samba. For all other platforms, use the following instructions.

If you have not created the user account for the driver system, refer to Creating a User Account for the System Containing the Driver for Windows NT/2000/XP. (If the driver runs on Linux or NetWare, you do not need to create this user account.)


Defining an Account when the GroupWise Domain Is on Windows NT

  1. From the Start Menu, select Programs > Administrative Tools (Common) > User Manager.

  2. Select User > New User > specify a name.

    The user name must be the same on both systems.

  3. Specify a case-sensitive password.

    The password must be the same on both systems.

  4. Select Password Never Expires and deselect all other boxes.

  5. Select Groups > Add Administrators to the "Member of", then click OK twice.

  6. Click OK to close the User Manager window.

  7. Double-click the My Computer icon on the desktop.

  8. Right-click the drive that contains the GroupWise Domain > Properties > Sharing.

  9. Select New Share.

  10. Specify a share name to be used by the drive.

  11. Restart the system.

  12. Select Permissions > Everyone > Remove menu.

  13. Select Add.

  14. Select the user you added above.

  15. Click Add, then click OK.

  16. Select Permissions: Full Control, then click OK three times.

  17. Restart the system.


Defining an Account when the GroupWise Domain Is on Windows 2000

  1. From the Start Menu, click Settings > Control Panel > Administrative Tools > Computer Management.

  2. In the Tree view, open Local Users and Groups > Users > Action > New User.

  3. Specify a username.

    The username must be the same on both systems.

  4. Specify a case-sensitive password.

  5. Select Password Never Expires, and then deselect all other boxes.

  6. Click Create, then click Close.

  7. Close the Windows Manager window.

  8. Double-click the My Computer icon on the desktop.

  9. Right-click the drive that contains the GroupWise Domain > Properties > Sharing.

  10. Select New Share.

  11. Specify a share name to be used by the drive.

  12. Restart the system.

  13. Select Permissions > Everyone > Remove menu.

  14. Select Add.

  15. Select the user you added above.

  16. Click Add, then click OK.

  17. Select Permissions: Full Control, then click OK three times.

  18. Restart the system.


Defining an Account when the GroupWise Domain Is on NetWare

If the driver is running on NetWare or Windows NT/2000 and the GroupWise domain is on a remote NetWare server, it's especially important to verify that this user has rights to the GroupWise directory tree. If access is not granted to this user, changes do not replicate to the rest of the GroupWise system.

  1. In ConsoleOne, create a user in NetWare with the same username and password as the Windows user account.

  2. Give the user Read, Write, Create, Erase, Modify, and File Scan access to the GroupWise primary domain directory and subdirectories.