Installation Procedure

By installing a NetWare 6.5 SP4 server, you already have the following components installed on the server:


NICI 2.6.8

CD: NCL Server Components - CD 1
Location: \nici

NICI 2.6.7 is installed during the NetWare 6.5 SP4 server installation. You need to update this by installing NICI 2.6.8.

  1. Extract nici_u0.exe to a floppy diskette or to temporary location on your NetWare server.

  2. Load NWCONFIG.

  3. Select Product Options > Install a Product Not Listed.

  4. Indicate where the self-extracted files will be installed from by pressing Enter for a floppy diskette or F3 for a network directory.

  5. When the product description and Software License are displayed, you are prompted to accept the License Agreement. If you accept the agreement, the files are copied to the appropriate destination directories on the server.

  6. When prompted that the installation was successful, press Enter.

  7. When the installation is complete, restart the server.


Identity Manager 2.0.2 Server

CD: Novell Nsure Identity Manager Pro 2.0.2 - CD 4
Location: \nw

  1. To begin the installation on NetWare, do the following:

    1. At the server console, enter nwconfig.nlm.

    2. Select Product Options > Install a Product Not Listed.

    3. Press F3 ( F4 if you're using RCONSOLE), then specify the path to the Identity Manager NetWare installation files (\nw).

      The graphical installation utility will start after a few moments.

    4. Click Next.

    5. After the files have finished copying, the DirXML Welcome Screen appears. Click Next to begin the installation.

  2. Accept the license agreement.

  3. Review the Overview pages about the various systems and components.


    eDir Requirements
    iManager Requirements

  4. Click Next to begin the installation.

  5. Select the following three DirXML components, then click Next:


    IDM Components

    • DirXML Server: Installs the DirXML® engine and service drivers, DirXML drivers, NMAS components, and Nsure Audit agent, and also extends the eDirectory schema.

      Select the DirXML engine and the Active Directory driver.

    • DirXML Web Components: Installs the DirXML plug-ins, DirXML driver configurations, and Novell eGuide.

  6. Select the following drivers for the engine installation, deselect all other drivers, then click Next:

    • DirXML engine

  7. Click OK on any informational messages.

  8. In the Schema Extension page, specify the following:


    LDAP format

    • User Name: Username (in LDAP format) of a user who has rights to extend the schema

    • User Password: The user's password

    Previous example values:

    Tree Name:

    NCL-TREE

    User Name:

    cn=admin,o=ncl

    Password:

    ncl-test

  9. Accept the default Web components:

    • iManager plug-ins
    • Driver configurations

  10. Click Finish to complete the installation program.

    With the Identity Manager server installed, you need to follow the configuration steps listed in Identity Manager Configuration - eDirectory Server in order to use Identity Manager.

    NOTE:  If you are prompted to overwrite certain files, select Do NOT overwrite newer files.

    NOTE:  You need to activate Identity Manager within 90 days of purchase. For instructions on how to activate Identity Manager, see Activating Identity Manager .


SecretStore 3.3.5.4

CD: NCL Server Components - CD 1
Location: \secretstore\server\netware

  1. Extract the file sss_netware.exe from the CD to a temporary location on your NetWare server.

  2. Load NWCONFIG, then select Product Options > Install a Product Not Listed.

  3. Select any path, then press Enter.

  4. Press F3, then specify the path to the Novell SecretStore files (for example, sys:\tmp\sss_netware\).

  5. Follow the on-screen instructions to accept the license agreement, copy files, and configure the server.

  6. Exit nwconfig.nlm.


Novell Enhanced Smart Card Method (NESCM) - Server Component

CD: NCL Server Components - CD 1
Location: \nmasmethods

NOTE:  When installing to NetWare, you must install the method from a Windows workstation.

  1. Run methodinstaller.exe.

  2. Select the Enhanced Smart Card method.

  3. Enter the eDirectory login information.

    Previous example values:

    User Name:

    Admin

    Password:

    ncl-test

    Context:

    ncl

    Server:

    123.45.67.89 Port 636

  4. Accept the SSL certificate information.

  5. Accept the license agreement.

  6. Accept the NESCM details.

  7. Accept the default NMAS sequence name.

  8. Map a drive to the sys volume of the NetWare server and browse to sys:\tomcat\4\webapps\nps.


Nsure Audit 1.0.3

CD: NetWare 6.5 SP 4 Installation CD and NCL Server Components - CD 1
Location: /netware


Installing on NetWare 6.5

When installing Novell Nsure Audit on NetWare 6.5, we recommended that you follow these instructions to first install Nsure Audit 1.0 from your NetWare 6.5 Installation CD, then run the Nsure Audit 1.0.3 installation to upgrade to version 1.0.3 using the instructions in Installing on NetWare (Upgrading to Nsure Audit 1.0.3).

  1. Start the NetWare 6.5 installation.

  2. In the Choose a Pattern window, select the Novell Nsure Audit Starter Pack.

    • Select Pre-Configured Server > Novell Nsure Audit Starter Pack.

      or

    • Select Customized NetWare Server and mark the following components:
      • Apache2 Web Server and Tomcat4 Servlet Container
      • MySQL (if you want to configure the MySQL data store during installation)
      • Novell Nsure Audit Starter Pack
      • iManager 2.5

  3. In the Summary window, review the products to be installed, then click Copy Files.

  4. When the installation program displays the Component Selection window for the Novell Nsure Audit Starter Pack, select the program components you want to install.

    • Install Secure Logging Server: Installs the Secure Logging Server (lengine.nlm), the Multiple Directory Database (mdb.nlm), and the channel drivers (lgd*.nlm) to the current server. It also creates a Logging Server object in the Logging Services container.

      You need at least one Secure Logging Server in your network.

      • Autoconfigure MySQL: creates the MySQL Channel object in the Logging Services' Channel container and configures the Secure Logging Server to log events to the MySQL database. If you select this option, you must install MySQL with the NetWare 6.5 install. (See Step 2.)

        WARNING:  The MySQL Channel object is created with a default Expiration script that runs every night at midnight and automatically deletes every record older than 12 hours. This was done because the default events logged by the NetWare and eDirectory instrumentations quickly fill the database. To remove this setting, simply delete the script from the SQL Expiration Commands property in the MySQL Channel object and restart the Secure Logging Server. For more information, see My SQL Channel Object in the Novell Nsure Audit 1.0.3 Administration Guide.

    • Install Platform Agent installs and configures the Platform Agent (logevent.nlm), the Caching Module (lcache.nlm), and the NetWare and eDirectory instrumentations (auditNW.nlm and auditDS.nlm respectively).

      You must install the Platform Agent on every workstation or server that is running an application that logs events to Novell Nsure Audit. To enable NetWare and file system logging, the NetWare instrumentation must be installed and loaded on every server on which you want to log NetWare and file system events. To log eDirectory events, auditDS must be installed and loaded on one server per DS Replica.

      • Secure Logging Server Address is the IP address or host name of the Secure Logging Server that the Platform Agent connects to.

  5. If you selected the Autoconfigure MySQL option, the installation program displays the Database Options window so you can define your MySQL data store.

    • MySQL Database Host: The IP Address or host name of the MySQL database server.
    • Port: Defines the port at which the Secure Logging Server connects to the database server. If this field is left blank, the Secure Logging Server uses the default MySQL port assignment, 3306.
    • DB Username: User account the Secure Logging Server uses to log in to the database. This account has all privileges to the default database and can log in from any IP address. The default username for the NetWare 6.5 data store is "auditusr."
    • DB User Password: Password the logging server uses to authenticate with the database. You must confirm this password. The default password for the NetWare 6.5 data store is "auditpwd."
    • Database Name: Name of the database to which the logging server writes events. The default database name is "naudit."
    • Table Name: Database table to which the logging server writes events. The default table is "log."

  6. Follow the prompts to complete the rest of the NetWare 6.5 install. For more information, see the OES NetWare Installation Guide.

Upon completing the installation, you must restart the server or manually launch the installed components. For the program startup commands, see Commands and Utilities in the Novell Nsure Audit 1.0.3 Administration Guide.


Installing on NetWare (Upgrading to Nsure Audit 1.0.3)

  1. On the NetWare server, insert, and if necessary, mount the NCL Server Components - CD 1, then launch NWConfig.

    • Load nwconfig.nlm at the server console.

  2. In NWConfig, Select Product Options > Install a Product Not Listed.

  3. Press F3 (F4 if you're using RCONSOLE) and specify the path to the directory where the installation program can find the install.ips file, which is located in the ncl_2_0_1:\nsureaudit\netware directory on the NCL Server Components - CD 1.

  4. Select your install options. Each option is outlined in the following table. The third and fourth columns contain the recommended settings for a new installation and upgrade.

    Option Description New Install Upgrade

    First-time Directory Install

    Extends the Directory schema for Novell Nsure Audit version 1.0.3.

    Yes

    No

    Configure Server for Nsure Audit

    Creates the Secure Logging Server object in Logging Services. It also creates a File Channel object in the Logging Services Channel container, and configures the Secure Logging Server to log events to the File channel.

    Yes

    No

    Nsure Audit Log Server Files

    Installs the Novell Nsure Audit Secure Logging Server (lengine.nlm). The Secure Logging Server securely receives reported events, and is installed on only one server in your tree.

    Yes

    Yes

    Nsure Audit Instrumentation Files

    Installs the NetWare Instrumentation (auditNW.nlm) and the eDirectory Instrumentation (auditDS.nlm). This instrumentation must be installed on any NetWare server that will report events.

    Yes

    Yes

    Nsure Audit Platform Agent Files

    Installs the Novell Nsure Audit Platform Agent (logevent.nlm). The Platform Agent must be present on any NetWare server that will report events. If you are certain another instrumented application has previously installed the Nsure Audit 1.0.3 Platform Agent on this server, you can leave this unselected.

    Yes

    Yes

    Backup Files from Previous Versions

    Makes a backup of existing Nsure Audit files to enable rollback.

    No

    Yes

    Directory Schema Update

    Updates the Directory schema for Novell Nsure Audit version 1.0.3.

    NOTE:  You must scroll to see this option in nwconfig.

    No

    Yes

  5. Press F10 to continue, then follow the on-screen instructions until you have completed the installation program.

If you selected First-time Directory Install or Directory Schema Update, enter the Directory administrator's login name and password to update the schema. This account must have admin rights to the root of the tree. If the admin object is not in the same context as the current server, you must enter the object's fully distinguished name (for example, .Admin.Accounts.Finance.YourCo).

If you selected Configure Server for Nsure Audit, you are prompted to provide a name for the Secure Logging Server object.

NOTE:  Do not overwrite newer files.

Upon completing the installation, you must restart the server or manually launch the installed components. For the program startup commands, see Commands and Utilities in the Novell Nsure Audit 1.0.3 Administration Guide.


Password Generation Service

CD: NCL Server Components - CD 1
Location: \passwordgenerationservice

The Password Generation Service uses Novell Client and NICI. If you install the Password Generation Service on another machine, you will need to install Novell Client and NICI first. For this solution, NICI is already installed on the eDirectory server.

IMPORTANT:  On a NetWare eDirectory server, you must install the Password Generation Service on a Windows machine that is in the Active Directory domain somewhere on the network.


Prerequisite Procedure

Before installing the Password Generation Service, you must first extend the eDirectory schema by doing the following:

  1. From the NCL Server Components - CD 1, copy the passwordgenerationservice.sch file to a temporary location on the server's hard drive.

  2. Rename the passwordgenerationservice.sch file to an 8.3 convention name. For example, pgsschem.sch.

  3. From the NetWare server console, load NWCONFIG, then select Directory Options > Extend Schema.

  4. Enter the username and password of a user with rights to extend the schema.

  5. Enter the path to the renamed Password Generation Service schema file.

    This will update the schema. If the process completes successfully, you return to the Extend Schema screen.


Installation Procedure

To install the Password Generation Service:

CD: NCL Server Components - CD 1
Location: \passwordgenerationservice

NOTE:  You need to be authenticated as an Active Directory Domain Administrator on a Windows machine before running this install. When configuring the Password Generation Service, you must configure it to run as the same administrative user. If you change the Password Generation policy, ensure that you log in as the same administrative user.

  1. Run setup.exe.

  2. On the Welcome screen, click Next.

  3. When you receive a reminder message about manually extending the eDirectory schema. Click OK to close the message.

    You already extended the schema in the previous section.

  4. Specify the Password Generation Policy values.


    Password Generation Policy page

    Make sure the policy does not contain conflicting rules.

    A conflicting policy would be as follows:

    Min Password Length = 10
    Max Password Length = 5

    IMPORTANT:  Your Password Generation policy must match your Active Directory password policy or you will receive Active Directory errors when Password Generation attempts to set the password.

  5. Click OK > Finish.


Post-Install Procedure

After you have the Password Generation Service installed and running, you need to give the service rights to log on to the Active Directory Domain.

  1. Click Start > Settings > Control Panel > Administrative Tools > Services.

  2. Right-click PasswordGenerationService, then click Properties.

  3. Click the LogOn tab.

  4. Select This Account.

  5. Click the browse button and select your Active Directory Domain/Administrator user.

  6. Type the password, then retype the password where instructed to do so.

  7. Click Apply, then click OK.

  8. Restart the PasswordGenerationService.

    You have to restart the service before changes take effect.

  9. (Optional) Check the passwordgen.log file in the \system32 directory to make sure the service was started correctly.

For information on using the Password Generation Service plug-in and command line utilities, see Using the Password Generation Service.