Preparing for Domain Services for Windows Install
This document (7002172) is provided subject to the disclaimer at the end of this document.
Novell Open Enterprise Server 2 SP3 (OES 2SP3)
Novell Open Enterprise Server 11 (OES11)
Domain Services for Windows
OES2SP1 is installed on SLES10 SP2
OES2 SP2 or OES2 SP3 DSfW use SLES10 SP3
OES11 is installed on SLES 11SP1
eDirectory can not be installed on the server prior to installing DSfW.
Extend the DSfW schema before installing. The schema tool on an existing OES server in the tree is an easy way to accomplish this.
Before doing the install determine the dns name for the domain. This will be the name for the domain. The domain name should not end in .local, the .local top level domain is regarded as a link-local domain. The DNS queries are sent to a multicast address instead of the DNS server. .int, .lan, .dsfw, or .internal are common substituted for .local
192.168.0.5 server1.dsfwdomain.com server1
For OES11 verify the /etc/HOSTNAME has the full DNS name listed (server.domain). It should be the same domain name as in the /etc/hosts file otherwise the field for the DSfW domain name will be empty while doing the YaST configuration.
Best Practice is to use a unique domain name. If a domain name already exists like novell.com, there will be a conflict and the zones most likely will need to be merged. It is recommend in these situations to use another domain name. Example for novell.com use novell.lan or novell.dsfw instead so that it is not only unique, also the domain will only be available internal and will not be rout-able on the internet.
/etc/resolv.conf should list the first name server with the IP address of the to be installed DSfW server. If installing into an existing domain point to the first DSfW server. It should be a DNS server also unless DNS was removed and the records imported on another DNS server after the install of DSfW.
If doing a name map install (installing into an existing tree):
Partition the container that is to be the domain. The domain name has to be the same as the container it is being mapped to for OES2SP1 and OES2SP2.
dsfwdomain.com has to be mapped to a partitioned container named dsfwdomain.
For OES2SP3 and OES11, and current versions of DSfW the domain name and the container name can be different.
If this is the first DSfW server in the tree. A forest will be create (only one forest per eDir tree) and the container that is to be a domain in DSfW will be the root for all other domains. An additional domain will not be permitted to be installed in a higher location in the tree.
The max depth for domains in a forest is 5 and a total of 10 domains per forest is allowed. The maximum number of Domain Controllers per domain is 5.
A partition can not exist between domains. Example city.county.state.country.com
country.com is partitioned and the root domain.
state is a partition not a domain
county is a partition not a domain
city is a partition not a domain
A domain can not be created for county until a domain has been created for state.
A domain can not be created for city until a domain has been created for state and county.
With OES2SP3 and OES11 multiple partitions can be added to a domain. When the provisioning wizard is started check the 'Enable Custom Provisioning' to add additional partitions to the domain. Replicas of the additional partitions (not the top partition/container the domain is created at) will need to be added to the DSfW server. Only child partitions, not sibling partitions can be added to the domain.
If doing a name mapped install verify the following ACL's do not exist on the container that will be mapped:
ACL: 3#subtree#[Root]#[All Attributes Rights]
When you are installing DSfW, default containers will be created. Make sure that the following container names do not already exist under the domain partition:
Note: What matters is if the name of the object and not the base-class. If there is an ou=users or dc=computers under the domain container they will need to be re-named or moved lower down in the tree before installing DSfW.
For OES2SP1 and SP2 the first domain controller in a domain will automatically be designated as the master of the partition and will be the RID master for the domain.
For OES2SP3 and OES11 the Master will be retained on the eDirectory server. A R/W will be added to the DSfW server.
Verify the time and time zone are correct on both the eDirectory server and the DSfW server.
Perform a eDirectory Health check as listed in TID 3564075.
Before installing DSfW either install Apparmor or the perl-TermReadKey perl module otherwise the install will fail with because of a missing dependency (TID 7010065)
If LUM is configured with unix config in the container where the domain will be mapped to, look at TID 7009930. LUM attributes on the container need to be removed. This only affects OES11 installs, not OES11SP1.
If a password policy is assigned to the container where the domain will be mapped, be sure to enable Synchronize Distribution Password when Setting Universal Password" in the password policy. If this is not enabled the unicode password will not be synchronized. Ensure the option to "Retain existing Novell Password Policies on Users" is checked. This option will be available on the screen to enter the FDN of the container that needs to be mapped. Again only check this option if a password policy is already assigned to the container where the domain will be mapped.
When installing DSfW only select the DSfW pattern. All the necessary patterns will also be selected. Do no uncheck any of the other patterns.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7002172
- Creation Date:12-DEC-08
- Modified Date:09-DEC-13
- NovellOpen Enterprise Server
Did this document solve your problem? Provide Feedback