This file contains installation instructions and issues related to Security Services 2.0.2 (Novell® Certificate ServerTM 3.2, NICI 2.7, NMASTM 3.1.1, and NTLS 2.0).
Security Services 2.0.2 can be installed on eDirectoryTM 8.7.3, eDirectory 8.8, or eDirectory 8.8 SP1. This bundle will install on the following platforms:
This bundle has been fully tested with eDirectoryTM 8.7.3 SP8, eDirectory 8.8, and eDirectory 8.8 SP1. Novell recommends one of these minimum versions be installed prior to installing Security Services 2.0.2.
This bundle has been fully tested with Novell iManager 2.6 and partially tested with Novell iManager 2.5.
The Security Services 2.0.2 patch installs Novell Certificate Server 3.2, NICI 2.7, NMAS 3.1.1, and NTLS 2.0 using one integrated install script.
NOTE: For NMAS Method updates on all platforms, download nmmthd273.tgz. To install NMAS methods, use methodInstaller.exe from a Windows workstation or nmasinst for the other platforms. Methods are installed once per tree.
If you have performed a minimal or custom install of Open Enterprise Server (OES), SUSE Linux Enterprise Server (SLES), or Red Hat Advanced Server, you may be lacking a dependent module needed by this Security Services 2.0.2 patch. The Security Services 2.0.2 patch is dependent on the Compat library being installed on your server. You can identify the installation of this module on your server by running the following command:
rpm -qa |grep compat
For OES or SLES, look for this command to return compat-2004.7.1-1.2 or later.
For Red Hat, look for compat-libstdc++-296-2.96-132.7.2 or later.
If you don't have the Compat module installed, the module can be found on your install CDs.
Search for Security Services at the Novell Downloads Web site and download the necessary platform-specific download for the Security Services 2.0.2 patch.
On NetWare, Linux, Solaris, HP-UX, and AIX servers, extract the download to temporary directory on the server.
For example, gzip -d -c ss202_SLAH.tgz | tar xv
Run the installation script.
On NetWare servers, load NWCONFIG and select Product Options > Install product not listed, then press Enter. Press F3 and enter the path to the extraction directory (for example, sys:temp\ss202_nw\), then follow the installation prompts.
On Linux, Solaris, HP-UX, and AIX servers, go to the extraction directory (for example, temp\ss202_slah\) and run the install.sh script. The script detects if you are on Linux, Solaris, HP-UX, or AIX and installs the corresponding packages.
On Windows servers, double-click the ss_setup.exe file.
This release of Security Services will not update the security components for an eDirectory 8.8 tarball installation. Please install eDirectory 8.8 SP1 to update a tarball installation. You can download eDirectory 8.8 SP1 at the Novell Downloads Web site.
For example: install.sh --force
If you are reading this section and you have gotten the following error on SLES 8:
The package "ntls" could not be removed. Please remove this package manually. The error output is: error: package ntls is not installed
You can fix this problem by using the "--force" option and re-running the ./install.sh.
For example: install.sh --force
NOTE: This install issue appears only on SLES 8. It should not happen on SLES 9.
For detailed Certificate Server documentation, see the Certificate Server documentation Web site.
"The PKI install was unable to create the default IP and DNS certificates. Error -613. Do you want to retry?"
The -613 error is not a fatal error; however, Novell Certificate Server will not be able to create the auto-generated certificates which match the long DNS name.
To avoid this problem with future servers, make sure that the combined number of characters of the DNS name and the server name is fewer than 64 characters.
To fix this problem on an existing server, use iManager to manually create a server certificate using the DNS name or the IP address as the certificate subject name, depending on the needs of your applications.
See the Novell Certificate Server Administration Guide for instructions on how to create server certificates.
After the server certificate is created, the applications (Apache, Tomcat, etc.) on which you want to use the new server certificate must be configured to use it.
For detailed NICI documentation, see the NICI documentation Web site.
For detailed NMAS documentation, see the NMAS documentation Web site.
This issue has been resolved in the NMAS Client 3.2 by allowing the NMAS Client to resolve to an eDirectory 8.8 external reference server to read the Universal Password policy. To install NMAS Client 3.2, download and install Novell Client 32 4.91 SP2. NMAS Client 3.2 is included in the Novell Client 32 4.91 SP2 download and install.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2006 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.
Novell and NetWare are registered trademark of Novell, Inc. in the United States and other countries.
eDirectory, Novell Client, Novell Certificate Server, and NMAS are trademarks of Novell, Inc.
All third-party trademarks are the property of their respective owners.