Novell iChain provides comprehensive documentation to help you understand and deploy the product in your network. Documentation is available in Adobe* Acrobat* PDF format on the Novell iChain 2.3 Authorization Server CD and at the Novell Documentation Web site.
Review the following system requirements to ensure that both your server and client environments meet installation prerequisites:
For basic system requirements and tested hardware, see the Novell iChain System Requirements Web page.
General guidelines for iChain 2.3 are as follows:
We recommend that most iChain installations have processor speeds of at least 1 gigahertz and memory sizes of at least 1 gigabyte.
SMPs are not supported.
You need two or more LAN adapters if iChain will be used as a firewall between a private network and a public network.
NOTE:Hardware issues that have been logged almost always relate to disk or LAN adapter drivers. If no matching drivers are found, multiple matching drivers are found, or other manual parameter input is needed during driver configuration, the install will hang (showing infinite dots). Included drivers for disk arrays are limited. If the iChain Proxy Server installs and the Mini Web Server can be configured and accessed correctly, then the hardware should be fully compatible.
You can view the list of approved hardware on the iChain product Web page.
The iChain Authorization Server can be installed on the following Novell eDirectory™ version 8.7 x platforms:
NetWare® 5.1, 6.0, and 6.5
Windows* NT* 4.0 and Windows 2000
Solaris*
Linux*
For additional information on the supported platforms and full system requirements for Novell eDirectory 8.7 x, refer to the Novell eDirectory 8.7 Quick Start, available at the Novell Documentation Web site .
Novell eDirectory can be downloaded at the Novell Product Downloads Web page.
NOTE:For increased security, we recommend installing the iChain Authorization Server in a tree that is separate from your corporate file/print tree. DirXML® can be used to synchronize user account information between trees if needed. We also recommend that the authorization server be the first server in the tree so that it contains the master replica of the tree.
The administrator workstation requirements are as follows:
Pentium* 233 MHz processor or higher
Minimum 35 MB of free disk space
Minimum 128 MB of RAM
One LAN card
Windows 98, Windows NT, Windows 2000, or Windows XP
Current Service Pack for Windows
Java*-enabled browser, such as Internet Explorer 5.5 (or higher)
Current Novell Client™
ConsoleOne® 1.3 or later
IP connectivity between the client, the iChain Authorization Server, and the iChain Proxy Server
The latest Novell Client and ConsoleOne can be downloaded at the Novell Product Downloads Web page.
The iChain Proxy Server should be installed only on approved hardware. (See the Novell iChain System Requirements Web page.
To install the proxy server software:
Insert the Novell iChain 2.3 Proxy Server CD in the CD drive of the appliance or machine.
At the license page, type YES and press Enter if you accept the license.
If the Installation states that the system is not a valid ICS box, type BLAST and press Enter. The normal installation process should continue and the disk image will be copied. After the copying is complete, the system reboots itself.
Verify that the LAN adapter IP address is configured correctly.
After installation, the first LAN adapter on the iChain Proxy Server is preconfigured with the IP address 172.16.0.1 and subnet mask 255.255.255.0. In order to administrate the server using the browser-based administration utility, you either need to have a client workstation with an IP address on the same subnet (such as 172.16.0.2) or you need to use the command line interface to set the IP address on the iChain Proxy Server.
The following commands from the iChain Proxy Server console configure the first LAN adapter with an IP address of 123.45.67.89 and a subnet mask of 255.255.252.0:
>unlock
At the Password prompt, press Enter (no password exists yet).
>set eth0 address = 123.45.67.89/255.255.252.0 >apply
You need to restart the server after resetting the eth0 address.
If you are going to configure the iChain Proxy Server from a different segment than the one the iChain Proxy Server is on, you also need to use the following commands to configure the gateway:
>set gateway nexthop = 123.45.69.254>apply
The iChain Proxy Server communicates with the iChain Authorization Server to verify authentication credentials and access privileges. This information is held in eDirectory and is accessed using LDAP or Secure LDAP. The iChain Authorization Server is essentially an eDirectory server that has been updated with the iChain schema enhancements.
To install iChain schema extensions on the iChain Authorization Server:
If you have not already done so, install Novell eDirectory 8.7 on the machine that will be your iChain Authorization Server.
The install program requires that the eDirectory LDAP Group Object be configured to have TLS disabled (or Allow Clear Text Password enabled). See the Novell iChain 2.3 Administration Guide for detailed steps on how to configure iChain to use the LDAP Secure option before you switch the eDirectory LDAP Group Object Configuration back to TLS-enabled (or disable the Allow Clear Text Password option).
Insert the Novell iChain 2.3 Authorization Server CD into the CD drive of a Windows client machine with IP connectivity to the iChain Authorization Server. If Auto Start is enabled, the Installation utility begins. Otherwise, launch Start.exe from the Authorization Server CD.
If this is a Windows 2000 or Windows NT machine, you need administrator-level access to the client. The installation program launches automatically.
Click Install iChain Schema.
On the Welcome page, click Next.
Read the license agreement. If you accept the terms, click Yes.
Enter the administrator user name in comma-delimited LDAP format (for example, cn=admin, o=novell).
Enter the administrator password.
Enter the IP address (and port, if necessary) for the server where you want to extend the schema.
Click Next.
The installation program notifies you whether the schema extension was successful. If an error occurs, look at the log file to determine what LDAP errors occurred. If a bind error occurs, the installation could not log in to the LDAP server.
For more information, see “Installing iChain Components” in the iChain 2.3 Administration Guide located on the Novell iChain 2.3 Authorization Server CD and at the Novell Documentation Web site.
To configure iChain, you must install the iChain ConsoleOne snap-ins. We recommend that ConsoleOne be installed on the local drive of the administrator workstation.
To configure the administrator workstation:
Insert the Novell iChain 2.3 Authorization Server CD into the CD drive of the administrator workstation. If Auto Start is enabled, the iChain Installation Utility begins. Otherwise, launch Start.exe from the Authorization Server CD.
If this is a Windows 2000 or Windows NT machine, you need administrator-level access to the client. The installation program launches automatically.
Click Install ConsoleOne Snap-Ins.
On the Welcome page, click Next.
Read the license agreement. If you accept the terms of the agreement, click Yes.
Select where to install the ConsoleOne snap-ins, then click Next to install them.
Novell iChain provides additional configuration options using the iChain Proxy Server GUI. Documentation is available in PDF format on the Novell iChain 2.3 Authorization Server CD and at the Novell Documentation Web site.
Novell iChain provides comprehensive documentation to help you understand and deploy Novell RADIUS Services. Documentation is available online and in PDF format on the Novell iChain 2.3 documentation web site.