To install a basic iChain infrastructure, complete the following procedures:
The iChain Proxy Server should only be installed on compatible hardware (see iChain Proxy Server Requirements). To install the proxy server software:
Insert the iChain Proxy Server CD in the CD drive of the appliance or machine.
At the license screen, type YES and press Enter.
During the proxy installation process, the server will reboot twice. Do not remove the CD until the proxy prompt is visible, indicating the installation is complete.
After the system reboots the first time, you will hear a beep and the installation will prompt you about whether you would like to select custom drivers. If you click Yes, the installation will stop in HDetect.nlm and allow you to select the correct drivers for the system in the same manner as the NetWare 6 installation. Because of the iChain imaging process, you will need to do this twice during the installation.
If you click No (or if no selection is made within 30 seconds from the time of the prompt), iChain will automatically detect the drivers as it does in earlier versions of iChain.
IMPORTANT: When installing iChain 2.2 with custom drivers, remove the floppy disk immediately after the drivers are copied. Otherwise, the installation might hang when the system reboots.
If you opt to select custom drivers and the wrong drivers are selected, the iChain 2.2 Proxy Server software installation will fail. We recommend you attempt an automatic installation first, and only attempt to select your own drivers if the automatic installation fails.
Make sure the LAN adapter IP address is configured correctly.
After installation, the first LAN adapter on the iChain Proxy Server is preconfigured with the IP address 10.1.1.1 and subnet mask 255.255.255.0. In order to administrate the server using the browser-based administration utility, you either need to have a client workstation with an IP address on the same subnet (such as 10.1.1.2) or you need to use the command line interface to set the IP address on the iChain Proxy Server.
The following commands from the iChain proxy server console configure the first LAN adapter with an IP address of 123.45.67.89 and a subnet mask of 255.255.252.0:
>unlock
At the Password prompt, press Enter (no password exists yet).
>set eth0 address = 123.45.67.89/255.255.252.0
>apply
Restart the server after resetting the eth0 address.
If you are going to configure the iChain Proxy Server from a different segment than the one the iChain Proxy Server is on, you also need to use the following commands to configure the gateway:
>set gateway nexthop = 123.45.69.254
>apply
After installation, your iChain Proxy Server requires some basic setup to support your iChain implementation. The basic steps are detailed in Setting Up the iChain Proxy Server .
If you use the iChain Web Server Accelerator Wizard to assist with configuration, you need to enable FTP on at least one IP address for your proxy server. Once you have configured a LAN adapter as described above, enable the FTP server with the following commands:
>set miniftpserver address = 123.45.67.89>apply
NOTE: Because FTP is an insecure protocol, enabling FTP can be a security risk on your network. We recommend that you enable the FTP server on an IP address which is only accessible from a private network such as an isolated hub or crossover cable. See Using the iChain Web Server Accelerator Wizard to Create a Basic Configuration for details on using the iChain Web Server Accelerator Wizard.
The iChain Authorization server is the access point that the iChain Proxy Services uses to retrieve authentication, access privileges, user, and group information for your iChain implementation from the eDirectory database. All you need to do to make your Novell eDirectory server platform into an iChain Authorization Server is install the iChain schema extensions onto the NDS tree for that server.
To install iChain schema extensions on the iChain Authorization Server:
If you have not already done so, install Novell eDirectory on the machine that will be your iChain Authorization Server.
Insert the iChain authorization CD into the CD drive of a Windows client machine with IP connectivity to the iChain Authorization Server.
If this is a Windows 2000 or Windows NT machine, you will need administrator-level access to the client. The installation program launches automatically.
Click Install iChain Schema.
At the Welcome screen, click Next.
Read the license agreement. If you accept the terms of the agreement, click Yes.
Enter the administrator user name in comma-delimited LDAP format (for example, cn=admin, o=novell).
Enter the administrator password.
Enter the IP address (and port, if necessary) for the server where you want to extend the schema.
Click Next.
The installation program will notify you whether the schema extension was successful. If an error occurs, you should look at the log file to determine what LDAP errors occurred. If a bind error occurs, the installation was not able to log in to the LDAP server.
Some of the most common bind errors are:
ldap_simple_bind failed: 49(Invalid credentials), dn: cn=admin,o=novell: Usually denotes an incorrect password. Check the password and try again.
ldap_simple_bind failed: 32(No such object), dn: cn=adm,o=novell: The administrator specified does not exist. Verify the username and try again.
ldap_simple_bind_failed: 13(Confidentiality required), dn: cn=admin,o=novell: You need to enable the Allow Clear Text Passwords option on the LDAP Group object. Open the LDAP Group object in ConsoleOne and make sure the check box labeled Allow Clear Text Passwords is selected.
ldap_simple_bind failed 81(Can't contact LDAP server), dn: cn=admin,o=novell: Either the IP address/port combination is incorrect or the LDAP server is not running. Verify the IP address and LDAP port, make sure the server is running, and try again.
NOTE: If you are unable to resolve an error, refer to the knowledge base on the Novell Support Web site. This site includes information for resolving a number of LBURP operation failure issues.
Sometimes the LDAP bind will succeed but there are other errors in the log file. In these cases, there are usually multiple instances of the same error. Some common non-bind related errors are:
The LBURP extension is not available on the server. Using standard LDAP calls: This generally means the LDAP server is out of date. You should verify that the latest LDAP server (included with Novell eDirectory) is installed on the server to ensure that the schema is completely extended.
Record1: LBURP operation failed: 50(Insufficent access), dn:cn=schema: This error means that the administrator specified does not have sufficient rights to extend the schema.
Record1: LBURP operation failed: 20(Type or value exists), dn:cn=schema: This error is expected if the server has already been extended with a previous version of iChain.
NOTE: Contact Novell Technical Support if you are unable to resolve an error or if you have trouble creating or modifying iChain objects after extending the schema.
You must install the iChain ConsoleOne snap-in files in order to administer the iChain eDirectory objects such as the iChain Service Object. You can install the snap-in files to be used with ConsoleOne running from the iChain Authorization Server, another server in the tree, or from an administrator workstation.
NOTE: iChain 2.2 requires ConsoleOne 1.33 or later for all of the snap-ins to function correctly.
To install the iChain ConsoleOne snap-ins to a server or an administrator workstation:
If the server or workstation does not already have ConsoleOne installed, install ConsoleOne.
NOTE: After ConsoleOne is installed, make sure you close it before starting to install the snap-ins.
Insert the iChain authorization CD into the CD drive of the server or the administrator workstation.
The installation program launches automatically.
Click Install ConsoleOne Snapins for iChain.
At the Welcome screen, click Next.
Read the license agreement. If you accept the terms of the agreement, click Yes.
Select the target drive where you want to copy the snap-in files.
Click Next to start copying the files.
Click Finish.
After completing the full installation, you will need to use ConsoleOne to create the iChain Service Object, along with the access control list (ACL) rule objects, and make any other configuration adjustments. See Setting Up a Basic Configuration for more details.