Preparing for Domain Services for Windows Install
This document (7002172) is provided subject to the disclaimer at the end of this document.
OES11 SP2 is installed on SLES 11 SP3
Extend the DSfW schema before installing: The schema tool on an existing OES server in the tree is an easy way to accomplish this.
Know the DNS name for the domain: Before doing the install determine the dns name for the domain. This will be the name for the domain. The domain name should not end in .local, the .local top level domain is regarded as a link-local domain. The DNS queries are sent to a multicast address instead of the DNS server. .int, .lan, .dsfw, or .internal are common substituted for .local
192.168.0.5 server1.dsfwdomain.com server1
Verify the /etc/HOSTNAME is correct: Starting with OES11 verify the /etc/HOSTNAME has the full DNS name listed (server.domain). It should be the same domain name as in the /etc/hosts file otherwise the field for the DSfW domain name will be empty while doing the YaST configuration.
Best Practice is to use a unique domain name: If a domain name already exists like novell.com, there will be a conflict and the zones most likely will need to be merged. It is recommend in these situations to use another domain name. Example for novell.com use novell.lan or novell.dsfw instead so that it is not only unique, also the domain will only be available internal and will not be rout-able on the internet.
Verify the /etc/resolv.conf is correct: The /etc/resolv.conf should list the first name server with the IP address of the to be installed DSfW server. If installing into an existing domain point to the first DSfW server. It should be a DNS server also unless DNS was removed and the records imported on another DNS server after the install of DSfW.
Name Mapped Install: If doing a name map install (installing into an existing tree):
Partition the container that is to be the domain. The domain name has to be the same as the container it is being mapped to for OES2SP1 and OES2SP2.
dsfwdomain.com has to be mapped to a partitioned container named dsfwdomain.
For OES2SP3 and OES11, and current versions of DSfW the domain name and the container name can be different.
First DSfW in tree: If this is the first DSfW server in the tree. A forest will be create (only one forest per eDir tree) and the container that is to be a domain in DSfW will be the root for all other domains. An additional domain will not be permitted to be installed in a higher location in the tree.
Max Depth for Domain in Forest: The max depth for domains in a forest is 5 and a total of 10 domains per forest is allowed. The maximum number of Domain Controllers per domain is 5.
Partition and Domains: A partition can not exist between domains prior to OES2SP3.
state is a partition not a domain
county is a partition not a domain
city is a partition not a domain
A domain can not be created for county until a domain has been created for state.
A domain can not be created for city until a domain has been created for state and county.
Starting with OES2SP3 and above multiple partitions can be added to a domain. When the provisioning wizard is started check the 'Enable Custom Provisioning' to add additional partitions to the domain. Replicas of the additional partitions (not the top partition/container the domain is created at) will need to be added to the DSfW server.
ACL: 3#subtree#[Root]#[All Attributes Rights]
Existing Names: When you are installing DSfW, default containers will be created. Make sure that the following container names do not already exist under the domain partition:
Note: What matters is if the name of the object and not the base-class. If there is an ou=users or dc=computers under the domain container they will need to be re-named or moved lower down in the tree before installing DSfW.
Master of Domain Partition: For OES2SP1 and SP2 the first domain controller in a domain will automatically be designated as the master of the partition and will be the RID master for the domain.
For OES2SP3 and OES11 the Master will be retained on the eDirectory server. A R/W will be added to the DSfW server.
Time: Verify the time and time zone are correct on both the eDirectory server and the DSfW server.
eDirectory Health: Perform a eDirectory Health check as listed in TID 3564075.
OES11 and Apparmor: Before installing DSfW either install Apparmor or the perl-TermReadKey perl module otherwise the install will fail with because of a missing dependency (TID 7010065)
LUM Configuration: If LUM is configured with unix config in the container where the domain will be mapped to, look at TID 7009930. LUM attributes on the container need to be removed. This only affects OES11 installs, not OES11SP1.
Password Policy: If a password policy is assigned to the container where the domain will be mapped, be sure to enable Synchronize Distribution Password when Setting Universal Password" in the password policy. If this is not enabled the unicode password will not be synchronized.
When installing DSfW only select the DSfW pattern. All the necessary patterns will also be selected. Do no uncheck any of the other patterns.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7002172
- Creation Date:12-DEC-08
- Modified Date:20-OCT-14
- NovellOpen Enterprise Server
Did this document solve your problem? Provide Feedback