Novell Home

My Favorites

Close

Please to see your favorites.

iChain 2.2 - NetStorage Configuration Quick Start

(Last modified: 13Apr2006)

This document (10080205) is provided subject to the disclaimer at the end of this document.

goal

iChain 2.2 - NetStorage Configuration Quick Start

fact

iChain 2.2

NetWare 6 SP2

fix

NetStorage

 

NetStorage provides users a means of access to files using http, https, XML, and WebDAV protocols. It runs as a web application under tomcat/Apache on NW6. In order to login to NetStorage, user objects must exist in containers at or below the defined search contexts. Search contexts and other configuration can be changed  post-install using the nsadmin tool at URL http://<Apache-Tomcat dns or ip>/oneNet/nsadmin or by using portal.nlm (load with /regedit option). Login requires a dot-delimited NDS name (ex admin.novell) if user is not in a defined search context.

 

In nsadmin, be sure the Domain is set to a DNS name that resolves to the NetStorage server's address where Apache is listening, and that the NetStorage server can (MUST) resolve this DNS name through a real DNS lookup (NetStorage will NOT use the server's /etc/hosts file). Note: The Name Provider functionality of NetStorage has been changed with NW6 SP3 build c10 and later. An entry in the server’s /etc/hosts file will suffice.

 

Also in nsadmin, be sure to set the iFolder Storage Provider->iFolder Server to correct URL and port of the iFolder server (Ex: cpq350.ifolder.dsm.cit.novell.com:80). NetStorage will create an attribute on the user objects called "xTier-iFolderPassPhrase" which will be populated with the user's passphrase when the users connects.

 

User access from a browser is with a URL similar to http:// <Apache-Tomcat_dns_or_ip>/NetStorage. Login to NetStorage is through Xtier and requires a dot-delimited NDS name or, for users within the defined search contexts, just the CN. Upon successful login, a cookie is created which by default is valid for 6000 seconds. If the cookie expires or the user performs a Logout from NetStorage, the next time the user connects he/she will be prompted for a password. IChain 2.1 SSO is not compatible with Xtier authentication due to use of this cookie.

 

After login, NetStorage reads the user's login script for mapped drives (be sure to use UNC pathnames when mapping drives in the login script, i.e. "map s16:=\\<serveripaddress&g.t;\sys\public"), reads the user's Home Directory attribute, then presents those drives and any iFolder connections in the users NetStorage HTML page.

 

Known Issues:

 

Note: The WebDAV extensions for HTTP 1.1 are not supported by iChain. Attempts to connect to WebDAV through an iChain accelerator from IE using the typical actions like "File->Open->Open as web folder" or from NetWork Neighborhood will fail. The workstation log file wecerr.txt shows 409 Conflict errors being returned from proxy.

 

Accelerator Configuration:

 

In the configuration below, cpq350.ns.dsm.cit.novell.com is used as an example.  Replace this string with the correct DNS name of the iChain accelerator being configured.

 

On Web Server Accelerator page:

Name:  NetStore

DNS Name: cpq350.ns.dsm.cit.novell.com

Cookie Domain: dsm.cit.novell.com

"Alternate host name" is selected, set to cpq350.ns.dsm.cit.novell.com

"Return error if host name sent by browser does not match above DNS name" is selected

Web Server Port: 443

Web Server Address: 10.251.201.22 (Secondary ip address of a NW6/Apache server)

Accelerator Proxy port: 80

Accelerator IP address: 10.251.200.1

Enable Authentication is enabled

Authentication options:

Service Profile=ldap

"Forward authentication info to web server" is not enabled

Enable Secure Exchange is enabled

SSL Listening Port: 443

Certificate: Auto

Secure Exchange Options:

Client<-443->Proxy<-443->Web Server

"Enable secure access between the iChain Proxy and the Origin Web Server" is enabled

"Allow pages to be cached at the browser" is not enabled

 

On Access Control Page:

 "Enable OLAC" and  "Enable Form Fill Authentication" are not selected

On Management Page:"

"Enable pin list" is selected, entry exists for "cpq350.ns.dsm.cit.novell.com/*" and is set to type "Bypass"

In ConsoleOne->ISO object properties:

Add resource for the iManager web site:

Name=imanage

URL Prefix=http://cpq350.imanage.dsm.cit.novell.com/*

Access: Restricted

 *Also make sure to put the NetStorage server's Trusted Root in the Security > Trusted Root Container of the Authorization Tree.  See TID 10079862 for details.

 

Single Sign On through iChain:

SSO does not work with Xtier/NetStorage due to use of cookies.  A servlet is available from http://developer.novell.com that will facilitate SSO.  This servlet is NOT supported through Novell Technical Support or iChain engineering.

.

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

  • Document ID:
  • 10080205
  • Solution ID: NOVL87101
  • Creation Date: 13Feb2003
  • Modified Date: 13Apr2006
    • NovellConnectivity Products

      NetWare

Did this document solve your problem? Provide Feedback