NDS for UNIX Frequently Asked Questions (FAQ)

  • 7001600
  • 10-Oct-2008
  • 26-Apr-2012

Environment

NDS Corporate Edition for Solaris/Linux
NDS eDirectory 8.5 for Solaris/Linux

Situation

Where is eDirectory 8.6.1 for UNIX information?
Where is the best place to get information about the configuration and management of NDS for Linux or Solaris?
How do I perform an NDS health check on a UNIX box?
How do I install NDS Corporate Edition or eDirectory 8.5 on Solaris/Linux?
What is the difference between NDS 8, eDirectory, NDS Corporate Edition, NDS eDirectory 8.5, and Account Management 2.1?
What are the product features of NDS Corporate Edition for Linux/Solaris?
How do I map a drive to a UNIX or Linux file system with NDS?
How do I troubleshoot problems with NDS on Solaris/Linux?
Is there an easier way to run ndsrepair, instead of memorizing all the startup switches?
Can you install NDS for UNIX into the [Root] partition?
When I create a new NDS user who will have access to Linux/Solaris, how do I automatically create default Linux/Solaris home directories with all requested user files (for the shells and gnome etc.), and the necessary permissions?
How do I force NDS to use a specific IP address (in case I have multiple NICs and some addresses are not routable)?
What port numbers does NDS need to use?
How do I configure NDS on Solaris/Linux if my servers are spread across lan segments and I do not have a NetWare/Windows NT Server that can function as a directory agent (DA)?
What are the required object attributes for Linux/Solaris?
How can I integrate applications that not work with PAM (directly using /etc/passwd)?
How do I create tree-wide unique UNIX uids when creating a user with ConsoleOne?
Why does ConsoleOne allow input for out-of-range uids?
What are the password restrictions when using NDS with UNIX (maximum password length for Linux / Solaris)?
How do I synchronize time between NetWare, Windows NT, and Linux/Solaris?
How do I get the UNIX snapins for ConsoleOne?
How do I force the removal of NDS on UNIX?
NDS for UNIX Frequently Asked Questions (FAQ)

Resolution

For additional information on eDirectory 8.6.1, please see the following solution.   TID #10066455 - eDirectory 8.6.1 Readme Addendum
The product documentation, available online at https://www.novell.com/documentation/, is the best source for product information. More detailed information about command syntax and specific functions and features can be found in the product man pages. These pages are accessible by typing "man at the terminal session. Man pages exist for all NDS commands, and for most of the NDS configuration files. Most of these man pages are stored in /usr/share/man/ and can be copied over and printed out if so desired.
See TID 3564075
See TID 10057737.
See TID 10026433.
See TID 10051978.
Use TID # 10075466 - How to create a UNIX configuration file. This has a link to a shell script that will gather information about the configuration of the machine.  This script should be run before calling Novell Technical Support.  It is similar to a "config.txt" in NetWare.
Use the NDSRepair for UNIX Menu Wrapper. This is a shell script, called dsrmenu.sh, that functions as a menu wrapper for ndsrepair on UNIX. The menu wrapper provides the same screen options as dsrepair.nlm does on NetWare. For more information, or to download this tool, go to https://support.novell.com/filefinder and search for DSRMENU.
The product must be installed into a non-root partition.  Only NDS users in the subtree (container and all sub-containers) where Account Management has been installed will be able to access the workstation(s).
This is something you need to do on your own.  ConsoleOne will allow you to link to an existing UNIX home directory, but it will not create it for you.  This is very different from the "home directory" attribute for a NetWare volume.  In UNIX, a user uses a home directory as the default location when accessing a system.  Since the UNIX file system is not mounted inside NDS, home directories cannot be automatically created. One possible solution would be to write a shell script of some sort that could help you do it.  In addition, be aware that if a user is created with ConsoleOne and the home directory is linked, but does not exist, that user will be able to login via a terminal session, but will not be able to login at the console via the GUI.  They must have a home directory in order for the environment settings to be stored.
This process is similar to using an "NCP Include" (see TID 10050532) for NetWare.  When a server has multiple IP addresses, not all of which are routable to the entire network, NDS may advertise a private address incorrectly and cause subsequent communications problems.  This is most common when a server is functioning as a firewall and has both public and private interfaces, or when a separate, private segment is configured for backups, etc.  With UNIX/Linux, you can force NDS to use specific addresses by adding the following command to the "/etc/nds.conf" file.   n4u.server.interfaces=, There is no way to exclude addresses, only to include those that you want NDS to use. Multiple IP addresses can be bound to NDS as long as they are separated by a comma. Make sure that all bound addresses are routable to the entire NDS tree.
See TID 10056600
For those environments where servers are separated by lan segments and no SLP Directory Agent is installed (to forward services), a workaround has been created with a file called "/etc/hosts.nds".  This file works similar to a traditional hosts file, and provides lookup services, but for NDS instead of DNS.  The syntax of the file is as follows: .  .  .   You must have at least NDS Corporate Edition SP1 or newer (eDirectory 8.5) to make use of this feature.  For more information on this feature, consult the "hosts.nds" man page.
These objects are DS user objects, just like any other objects.  Therefore, they need the same mandatory attributes, "CN", "Object Class", and "Surname." For DS objects to work with UNIX, however, they must have a UNIX profile configured.  This includes the UNIX user ID, primary group, and home directory.  The primary group must be associated with a workstation object, which must be associated with the UNIX config object.  
The /etc/passwd file should still exist as it did before.  Its contents was copied into DS, but the original file should still be there.  You can continue to use it as a "backup" authentication, as well as for applications that are not PAM enabled.  If an application is not PAM enabled, then it cannot use the features of DS.
See TID 10050398.  Currently, ConsoleOne does not automatically increment UNIX user IDs for you.  This means that you need to keep track of which numbers have been used and which should come next.  Unfortunately, there is no way around this.  Therefore, you should probably create a spreadsheet to keep track of the assignments.  
There are no checking constraints in ConsoleOne at this time.  That might be implemented in a future release.
NDS password restrictions are in effect.  To learn more about those, see TID 10055061.  In addition, UNIX naming standards will apply to all NDS users who want to access a UNIX machine.
See TID 10018288.
See TID 10051850 for ConsoleOne 1.2c  (used with Corporate Edition)
See TID 10060750 for ConsoleOne 1.2d (used with eDirectory 8.5 and Account Management 2.1). To download the snapins, see TID 2958561.
Linux running Edirectory/Corporate Edition: see TID 10055701
Linux running eDirectory 8.5/Account Management 2.1: see TID 10057888
Solaris running eDirectory 8.5/Account Management 2.1: see TID 10057888
Solaris running Edirectory/Corporate Edition: see TID 10052680
Scrub scripts have been written for Solaris and Linux to force the removal of all NDS for UNIX products off of a UNIX machine. Go to https://support.novell.com/filefinder and search for SCRUB.

Additional Information

Formerly known as TID# 10059820