By installing a NetWare 6.5 SP4 server, you already have the following components installed on the server:
eDirectory 8.7.3 SP7 installs the following components:
NICI 2.6.7 is installed during the NetWare 6.5 SP4 server installation. You need to update this by installing NICI 2.6.8.
Extract nici_u0.exe to a floppy diskette or to temporary location on your NetWare server.
Load NWCONFIG.
Select Product Options > Install a Product Not Listed.
Indicate where the self-extracted files will be installed from by pressing Enter for a floppy diskette or F3 for a network directory.
When the product description and Software License are displayed, you are prompted to accept the License Agreement. If you accept the agreement, the files are copied to the appropriate destination directories on the server.
When prompted that the installation was successful, press Enter.
When the installation is complete, restart the server.
To begin the installation on NetWare, do the following:
At the server console, enter nwconfig.nlm.
Select Product Options > Install a Product Not Listed.
Press F3 ( F4 if you're using RCONSOLE), then specify the path to the Identity Manager NetWare installation files (\nw).
The graphical installation utility will start after a few moments.
Click Next.
After the files have finished copying, the DirXML Welcome Screen appears. Click Next to begin the installation.
Accept the license agreement.
Review the Overview pages about the various systems and components.
Click Next to begin the installation.
Select the following three DirXML components, then click Next:
DirXML Server: Installs the DirXML® engine and service drivers, DirXML drivers, NMAS components, and Nsure Audit agent, and also extends the eDirectory schema.
Select the DirXML engine and the Active Directory driver.
DirXML Web Components: Installs the DirXML plug-ins, DirXML driver configurations, and Novell eGuide.
Select the following drivers for the engine installation, deselect all other drivers, then click Next:
Click OK on any informational messages.
In the Schema Extension page, specify the following:
Previous example values:
Tree Name: |
NCL-TREE |
User Name: |
cn=admin,o=ncl |
Password: |
ncl-test |
Accept the default Web components:
Click Finish to complete the installation program.
With the Identity Manager server installed, you need to follow the configuration steps listed in Identity Manager Configuration - eDirectory Server in order to use Identity Manager.
NOTE: If you are prompted to overwrite certain files, select Do NOT overwrite newer files.
NOTE: You need to activate Identity Manager within 90 days of purchase. For instructions on how to activate Identity Manager, see Activating Identity Manager .
Extract the file sss_netware.exe from the CD to a temporary location on your NetWare server.
Load NWCONFIG, then select Product Options > Install a Product Not Listed.
Select any path, then press Enter.
Press F3, then specify the path to the Novell SecretStore files (for example, sys:\tmp\sss_netware\).
Follow the on-screen instructions to accept the license agreement, copy files, and configure the server.
Exit nwconfig.nlm.
NOTE: When installing to NetWare, you must install the method from a Windows workstation.
Run methodinstaller.exe.
Select the Enhanced Smart Card method.
Enter the eDirectory login information.
Previous example values:
User Name: |
Admin |
Password: |
ncl-test |
Context: |
ncl |
Server: |
123.45.67.89 Port 636 |
Accept the SSL certificate information.
Accept the license agreement.
Accept the NESCM details.
Accept the default NMAS sequence name.
Map a drive to the sys volume of the NetWare server and browse to sys:\tomcat\4\webapps\nps.
When installing Novell Nsure Audit on NetWare 6.5, we recommended that you follow these instructions to first install Nsure Audit 1.0 from your NetWare 6.5 Installation CD, then run the Nsure Audit 1.0.3 installation to upgrade to version 1.0.3 using the instructions in Installing on NetWare (Upgrading to Nsure Audit 1.0.3).
Start the NetWare 6.5 installation.
In the Choose a Pattern window, select the Novell Nsure Audit Starter Pack.
or
In the Summary window, review the products to be installed, then click Copy Files.
When the installation program displays the Component Selection window for the Novell Nsure Audit Starter Pack, select the program components you want to install.
You need at least one Secure Logging Server in your network.
WARNING: The MySQL Channel object is created with a default Expiration script that runs every night at midnight and automatically deletes every record older than 12 hours. This was done because the default events logged by the NetWare and eDirectory instrumentations quickly fill the database. To remove this setting, simply delete the script from the SQL Expiration Commands property in the MySQL Channel object and restart the Secure Logging Server. For more information, see My SQL Channel Object in the Novell Nsure Audit 1.0.3 Administration Guide.
You must install the Platform Agent on every workstation or server that is running an application that logs events to Novell Nsure Audit. To enable NetWare and file system logging, the NetWare instrumentation must be installed and loaded on every server on which you want to log NetWare and file system events. To log eDirectory events, auditDS must be installed and loaded on one server per DS Replica.
If you selected the Autoconfigure MySQL option, the installation program displays the Database Options window so you can define your MySQL data store.
Follow the prompts to complete the rest of the NetWare 6.5 install. For more information, see the OES NetWare Installation Guide.
Upon completing the installation, you must restart the server or manually launch the installed components. For the program startup commands, see Commands and Utilities in the Novell Nsure Audit 1.0.3 Administration Guide.
On the NetWare server, insert, and if necessary, mount the NCL Server Components - CD 1, then launch NWConfig.
In NWConfig, Select Product Options > Install a Product Not Listed.
Press F3 (F4 if you're using RCONSOLE) and specify the path to the directory where the installation program can find the install.ips file, which is located in the ncl_2_0_1:\nsureaudit\netware directory on the NCL Server Components - CD 1.
Select your install options. Each option is outlined in the following table. The third and fourth columns contain the recommended settings for a new installation and upgrade.
Press F10 to continue, then follow the on-screen instructions until you have completed the installation program.
If you selected First-time Directory Install or Directory Schema Update, enter the Directory administrator's login name and password to update the schema. This account must have admin rights to the root of the tree. If the admin object is not in the same context as the current server, you must enter the object's fully distinguished name (for example, .Admin.Accounts.Finance.YourCo).
If you selected Configure Server for Nsure Audit, you are prompted to provide a name for the Secure Logging Server object.
NOTE: Do not overwrite newer files.
Upon completing the installation, you must restart the server or manually launch the installed components. For the program startup commands, see Commands and Utilities in the Novell Nsure Audit 1.0.3 Administration Guide.
The Password Generation Service uses Novell Client and NICI. If you install the Password Generation Service on another machine, you will need to install Novell Client and NICI first. For this solution, NICI is already installed on the eDirectory server.
IMPORTANT: On a NetWare eDirectory server, you must install the Password Generation Service on a Windows machine that is in the Active Directory domain somewhere on the network.
Before installing the Password Generation Service, you must first extend the eDirectory schema by doing the following:
From the NCL Server Components - CD 1, copy the passwordgenerationservice.sch file to a temporary location on the server's hard drive.
Rename the passwordgenerationservice.sch file to an 8.3 convention name. For example, pgsschem.sch.
From the NetWare server console, load NWCONFIG, then select Directory Options > Extend Schema.
Enter the username and password of a user with rights to extend the schema.
Enter the path to the renamed Password Generation Service schema file.
This will update the schema. If the process completes successfully, you return to the Extend Schema screen.
To install the Password Generation Service:
NOTE: You need to be authenticated as an Active Directory Domain Administrator on a Windows machine before running this install. When configuring the Password Generation Service, you must configure it to run as the same administrative user. If you change the Password Generation policy, ensure that you log in as the same administrative user.
Run setup.exe.
On the Welcome screen, click Next.
When you receive a reminder message about manually extending the eDirectory schema. Click OK to close the message.
You already extended the schema in the previous section.
Specify the Password Generation Policy values.
Make sure the policy does not contain conflicting rules.
A conflicting policy would be as follows:
IMPORTANT: Your Password Generation policy must match your Active Directory password policy or you will receive Active Directory errors when Password Generation attempts to set the password.
Click OK > Finish.
After you have the Password Generation Service installed and running, you need to give the service rights to log on to the Active Directory Domain.
Click Start > Settings > Control Panel > Administrative Tools > Services.
Right-click PasswordGenerationService, then click Properties.
Click the LogOn tab.
Select This Account.
Click the browse button and select your Active Directory Domain/Administrator user.
Type the password, then retype the password where instructed to do so.
Click Apply, then click OK.
Restart the PasswordGenerationService.
You have to restart the service before changes take effect.
(Optional) Check the passwordgen.log file in the \system32 directory to make sure the service was started correctly.
For information on using the Password Generation Service plug-in and command line utilities, see Using the Password Generation Service.