After completing the NetWare server portion of the installation, you can select other networking products to install. Other networking products provide enhanced functionality, such as network management and Internet access, to NetWare 6.
NOTE: Some products can be installed only by using NetWare Deployment Manager after the server installation is complete.
Although you can choose which products to install, installing the products that are already selected by default will ensure that you receive the features recommended for NetWare.
For more information on NetWare products, see Welcome to NetWare 6 .
Depending on the products selected to be installed, you may need to complete the steps in the following sections. Although the products are installed, many require additional configuration after completing the server installation.
For more information on configuration requirements for specific products, refer to each product documentation as part of the NetWare 6 documentation at the NetWare 6 Documentation site.
If the Port Resolver detects a potential port conflict (two or more services using the same port on the same IP address) it displays the Configure IP-based Services dialog box. This dialog box contains configuration fields for each service it manages that is selected to be installed, or that was previously installed. The configuration fields include IP address, host name, non-secure port, and secure port.
The first time the dialog box displays, it defaults to Single IP Address configuration mode. If the dialog box displays again later, either by returning to it or in a subsequent post install, it uses the previous configuration mode and retains any previous values input by the user.
The following figure shows the Port Resolver dialog in Single IP Address configuration mode. This example shows all four of the services (or service groups) managed by Port Resolver, namely, NetWare Enterprise Web Server, Apache-based Services (NetStorage, NetWare Web Access, and NetWare Web Search), Novell iFolder Storage Services, and iPrint/NDPS.
Figure 31
Single IP Address configuration mode
In Single IP Address configuration mode, the Port Resolver sets the IP address and host name fields to the server's primary IP address and host name and disables these fields. The non-secure and secure port number fields are enabled and set to default values. Services are defaulted to their preferred port configurations unless a particular port number is already assigned to another service. If the preferred port number is already used, the Port Resolver sets the port number to a secondary default.
In Single IP Address configuration mode, the Port Resolver assigns preferred port numbers based on the following priorities:
The following figure shows the Port Resolver dialog box in Multiple IP Addresses configuration mode. This example shows all four of the services (or service groups) managed by Port Resolver, namely, NetWare Enterprise Web Server, Apache-based Services (NetStorage, NetWare Web Access, and NetWare Web Search), Novell iFolder Storage Services, and iPrint/NDPS.
Figure 32
Multiple IP Address configuration mode
In Multiple IP Addresses configuration mode, the Port Resolver configures services with their preferred IP configuration if it is not already used. If the preferred configuration is used, the Port Resolver will assign the preferred port numbers and assume the service will be using an IP address other than the primary IP address. If the server has multiple bound IP addresses (multiple NIC cards), it will, by default, assign one of those IP addresses. If no additional bound IP addresses are available, the user must specify a unique secondary IP address or unique port numbers.
Secondary IP addresses must be in the same subnet as the IP address bound to a NIC card in the server. The subnet is identified by performing a bitwise AND operation on the bound IP address and its corresponding subnet mask. For example, the valid secondary IP addresses for the IP address 137.65.70.44 with a subnet mask of 255.255.252.0 are in the range 137.65.68.xxx to 137.65.71.xxx.
If no bound IP addresses remain that the Port Resolver has not assigned, the Port Resolver performs a bitwise AND operation on the primary IP address and the subnet mask and places the results in the IP address configuration field as a partial IP address. The intent is to simplify the entering of secondary IP addresses and to guide the user in selecting a valid secondary IP address.
In Multiple IP Address configuration mode, the Port Resolver assigns preferred configurations based on the following priorities:
For each secondary IP address xxx.xxx.xxx.xxx specified by the user, the Port Resolver adds the following line to the autoexec.ncf:
add secondary ipaddress xxx.xxx.xxx.xxx
If performing a post install, the Port Resolver also executes the command on the console.
For more information on default port assignments, which ports can be reassigned, and which ports cannot be reassigned, see "Port Number Assignments" in Getting Results with Novell Web Services.
Novell Certificate Server enables secure data transmissions and is required for Web-related products such as NetWare Web Manager and NetWare Enterprise Web Server. It also allows you to mint, issue, and manage digital certificates by creating a Security container object and an Organizational Certificate Authority (CA) object.
If the network does not already have an Organizational CA object, the first NetWare 6 server will automatically create and physically store the Security container object and Organizational CA object for the entire eDirectory tree. Both objects are created at, and must remain at the [Root] of, the eDirectory tree.
Only one Organizational CA object can exist in an eDirectory tree. Once the Organizational CA object is created on a server, it cannot be moved to another server. Deleting and re-creating an Organizational CA object will invalidate any certificates associated with the Organizational CA.
Make sure that the server that you intend to permanently host the Organizational CA object and will be a reliable, accessible, and continuing part of your network.
To create the Security container object and the Organizational CA object, you must be logged in as a user with rights at [Root] of the eDirectory tree.
If the Organizational CA object already exists on the network, the installation program will find and reference the server that holds it. The installation program will access the Security container and create a Server Certificate object.
To access the Security container and create a Server Certificate object, you must be logged in as a user with the Read right to the existing Security container object.
If an Organizational CA object is not available on the network, Web-related products such as NetWare Web Manager and NetWare Enterprise Web Server will not function.
During the installation, you can configure TCP and SSL port numbers for LDAP services. By using ConsoleOne, you can also configure ports after the installation.
By default, the Allow Clear Text Passwords option is unchecked. This default setting doesn't allow clear-text passwords. eDirectory user binds on non-SSL connections are disabled. Any sent password, however, is received by the server before the bind fails. Therefore, it is possible for an eDirectory username and password to be captured during a failed bind attempt.
Also by default, only passwords exchanged over SSL connections are encrypted. If you check the Allow Clear Text Passwords check box, requests that include passwords can be transmitted over nonencrypted connections. Nonencrypted passwords can be captured by network monitoring equipment. Therefore, depending on the environment, clear-text passwords can pose a security risk.
Encryption is a process of converting or hashing information being sent and then undoing that conversion or hash. Encrypted connections (using SSL) are secure, but the overhead makes this option slower. Clear-text connections are faster, but passwords aren't secure.
If sensitive information does not travel over the network, you might not require an SSL connection.
Novell Portal Services (NPS) and LDAP Services are running on the same server DAir15. NPS uses LDAP for communication between NPS and LDAP. Because both servers are running on DAir15, the information (for example, passwords) doesn't travel over the network. Encryption is unnecessary. You check the Allow Clear Text Passwords check box because clear text is faster than encrypted text.
Figure 35
Scenario 1
Novell Portal Services is running on server DAir15, and LDAP Services is running on a seperate server, DAir28. NPS uses LDAP for communication between NPS and LDAP. Because the information travels over the network, encryption is necessary. You don't check the Allow Clear Text Passwords check box. The encrypted information is slower than a clear-text connection, but the information is secure.
Figure 36
Scenario 2
For additional information on configuring LDAP Services, see Installing or Upgrading eDirectory on Windows NT/2000 Server. Click the Installing or Updating eDirectory link, then click the Communicating with eDirectory through LDAP link.
Novell Native File Access Pack lets Macintosh, Windows, and UNIX workstations access and store files on NetWare servers without having to install any additional software-such as Novell Client software. The software is installed only on the NetWare server and provides "out of the box" network access. Just plug in the network cable, start the computer, and you have access to servers on your network. No client configuration, no client software, no problem.
Novell Native File Access Pack software enables the NetWare server to use the same protocol (referred to as "native") as the client workstation to copy, delete, move, save, and open files. Windows workstations perform these tasks using the native Common Internet File System (CIFS) protocol, and Macintosh workstations use the native Apple* Filing Protocol (AFP). UNIX computers use the NFS protocol.
Enabling native protocols on NetWare means that users can access files, map network drives, and create shortcuts to NetWare servers using the native methods available in their specific operating system. Windows users can use their familiar Network Neighborhood. Macintosh users can use Chooser or the Go menu to access network files and even create aliases. Because the NetWare server is running native protocols, users can copy, delete, move, save, and open network files-just like they would if they were working locally.
You can decide how the NetWare server appears to Windows workstations by configuring the NNFAP Server Name, NNFAP Server Comment, and Unicode settings.
The name specified in the NNFAP Server Name field displays as the server name when Windows workstations without Novell Client software browse the network You can change the name but it must be different than the NetWare Server name and no longer than 15 characters. The default NNFAP Server Name is the NetWare server name with an added underscore (_) and a W. For example, a NetWare server named SERVER1 defaults to a NNFAP server name of SERVER1_W.
The text in the NNFAP Server Comment field displays when viewing details of the NNFAP server from a Windows workstation.
When enabled, this command enables Unicode characters (used in double-byte languages). To support Unicode, an additional file named UNINOMAP.TXT must be created and saved in the SYS:\ETC directory.
When UNICODE is enabled, the UNINOMAP.TXT file is used to resolve Unicode-to-ASCII "no-map" problems. To specify "no-map" cases in the UNINOMAP.TXT file, enter the first Unicode value to watch for and then the second value representing the ASCII replacement code. For example:
0178 98
20AC CC
Save the values in the UNINOMAP.TXT file. If an unmappable character is encountered, the system uses the ASCII substitution character specified in the file.
Select one of the following:
For Windows users, there are two types of authentication methods available with Novell Native File Access: Local and Domain. Local authentication requires a simple password to log in to a NetWare server, but a simple password is not required for Domain authentication.
The server running Novell Native File Access Protocol software performs the user authentication when clients are a member of a workgroup. With local authentication, the username and password on NetWare must match the username and password used to log in to the Windows workstation.
Workgroup Name: The domain or workgroup that the server will belong to. In this case, Workgroup and Domain are interchangeable.
WINS Address: Address of WINS server to be used to locate the primary domain controller (PDC), if the PDC and server running Novell Native File Access Protocols software are on different subnets.
Windows Internet Naming Service (WINS), part of the Microsoft Windows NT and 2000 Servers, manages the association of workstation names and locations with Internet Protocol (IP) addresses. WINS automatically creates and maintains a computer name and corresponding IP address mapping entry in a table. When a computer is moved to another geographic location, the subnet part of the IP address is likely to change. Using WINS, the new subnet information will be updated automatically in the WINS table.
A simple password is not required for domain authentication. Since the password is kept on the Windows domain controller, it is not possible to use Windows' native Change Password feature to change the password. Instead, you must use Windows' domain management utilities. To work properly, the username and password on the domain controller must match the username and password used to log in to the Windows workstation.
Indicates that the PDC is on the same subnet.
Select this option to use DNS or WINS to specify the primary domain controller.
A PDC server name and static IP address are needed if the PDC is on a different subnet. This option should be used only when there is a valid reason for overriding WINS or DNS.
The address of the PDC must be static; otherwise, if the PDC reboots and the address changes, the server running Novell Native File Access Protocols software will not be able to contact the PDC.
Although we recommend that you enable the CIFS protocol on all IP addresses, you can specify which IP addresses will respond to CIFS protocol requests.
Any volume or directory on the server can be specified as a shared point and made accessible via the Network Neighborhood or My Network Places. If no share points are specified, then all mounted volumes are displayed.
The path to the server volume or directory which becomes the root of the sharepoint. Beginning at the volume name, the full path must be specified and it must end with a backslash (\). For example:
VOL1:GRAPHICS\
The name by which the sharepoint is displayed to Windows computers. For example, if you enter Lots of Pics as the sharename associated with VOL1\GRAPHICS, then Windows workstations browsing the network see "Lots of Pics" instead of "VOL1\GRAPHICS."
The number of connections allowed to access the sharepoint.
A description for the sharepoint that appears in Network Neighborhood or My Network Places.
You must specify the NDS contexts of Windows users that require access to the network. These contexts are saved in the context search file. When the Windows user enters a username, the Novell Native File Access Protocol software searches through each context in the list until it finds the correct User object. For example if you had users with full NDS distinguished names such as Bob.sales.acme, Sue.graphics.marketing.acme, Pat.graphics.marketing, and Jo.marketing.acme, then you would enter the following contexts:
If User objects with the same name exist in different contexts, each user object attempts authentication in order until one succeeds with the corresponding password.
After server installation, you can add or remove contexts by editing the context search file (CIFSCTXS.CFG) in the SYS:\ETC directory of the server running Novell Native File Access Protocols.
After completing the installation of the Novell Native File Access Protocols, you must create passwords for users before they can access the files on the server. For more information, see the Novell Native File Access Protocols Installation and Administration Guide.
NetWare WebAccess lets administrators set up a Web page that allows users access to multiple network resources from their Web browser. Users do not need a Novell Client or VPN client to access to their resources. They can access these resources on the Web from any computer with a compliant browser.
Customized content is provided through gadgets which provide access to specific content on the network. Gadgets communicate with the appropriate back-end system to gather the necessary data for a particular user---and users can access it all with a single password. For more information, see NetWare WebAccess Overview and Installation.
Choose which gadgets you want to enable and configure now and which gadgets you want to enable and configure later by checking or unchecking the check boxes next to each gadget type. All gadgets are installed automatically when you install NetWare WebAccess. This screen lets you choose whether to enable and configure those gadgets now or later.
The default is to enable and configure gadgets later, because during a new server installation, the applications accessed by the gadgets might not have been installed yet. If you choose to enable and configure gadgets now, you must specify the location (URL) that you want the gadgets to link to for each application.
If you choose to enable and configure the Mail gadget now, you will need to specify your e-mail type. You can choose between GroupWise, Web-based E-mail, Exchange, Notes, or NIMS.
Specify the URL of the Web server running the service.
If you choose to install the Print gadget now, you will need to specify the URL to your iPrint Web page. The URL might be something like http://myserver.com/iPrint/hongkong.htm.
If you choose to install the NetStorage gadget now, you will need to specify the location of your NetStorage server. The URL might be something like http://myserver.com. The NetStorage gadget requires the NetStorage component of NetWare 6, so you must choose to install the NetStorage component during the NetWare 6 installation.
Novell iManager runs in an Internet browser and is used for administering, managing, and configuring Novell eDirectory objects. Novell iManager gives you the ability to assign specific tasks or responsibilities to users and to present the user with only the tools (with the accompanying rights) necessary to performs those sets of tasks.In NetWare 6, you can use Novell iManager to administer iPrint, DNS/DHCP, and Novell Licensing Services.
During installation, roles and tasks are installed and associated with the logged-in user (typically the Admin user) by default. These role and task objects are stored in a new eDirectory container (rbsCollection). You can select the location and name of the new container or use the defaults provided.
Enter the path to the eDirectory container that you want to create the rbsCollection container in, or use the default location.
Enter a name for the rbsCollection or use the default name.
Novell iFolder is a file storage and management solution to the universal problems associated with storing and retrieving data. With iFolder you have the latest version of your data when you need it and where you need it from any computer that you regularly use. And if you are not at a computer that you regularly use, you can still access and manage your files if you have an Internet connection and a Java-enabled browser. For more information, see the Novell iFolder Administration Guide
Enter the path to the directory where you want the iFolder user data to be stored on the server.
Enter the names of all the administrators who need rights to modify iFolder user account information via the Server Management Console. If you are entering more than one name, separate the usernames with a semicolon (;). For example, if you wanted users JSmith and Admin to have rights to administer the Server Management Console, you would enter admin;jsmith.
Enter the IP address or the DNS name of your iFolder server.
Novell NetStorage provides simple Internet-based access to file storage and serves as a bridge between a company's protected Novell network and the Internet. It allows users secure file access from any Internet location, with nothing to download or install on the user's workstation. Files and folders on a Novell network can be accessed using either a browser or Microsoft Web Folders.
Specify the IP address or DNS name of a server in your eDirectory tree that has the master replica or a read/write replica of eDirectory. The Primary eDirectory Server URL is required for NetStorage to function properly. This does not necessarily have to be the IP address or DNS name of the server where NetStorage is to be installed.
When a user attempts to log in, NetStorage searches the eDirectory database on the server you specify for the User object. If the User object is found, NetStorage attempts to authenticate the user to eDirectory.
If you know the eDirectory context for the users that will use NetStorage, you can add that context to the URL by inserting a colon (:) between the IP address or DNS name and the eDirectory context. The context is optional. If no context is specified, NetStorage searches the entire eDirectory tree on the primary eDirectory server for User objects. For example, if the IP address of the server is 127.0.0.1 and the eDirectory context for your users is Personnel, then you would add 127.0.0.1:personnel to the field.
This optional text box is where you specify alternate IP addresses or DNS names of other servers in your directory tree that have at least read/write eDirectory replicas. You can add two alternate eDirectory server URL and context settings.
These alternate settings can be used in the event that eDirectory authentication cannot be accomplished using the primary eDirectory server URL and context. The alternate URL and context settings are optional, but can help provide users with an additional level of access to NetStorage.
Specify the IP address or DNS name and the port number that you assigned to Novell iFolder. The iFolder DNS name or IP address and the port number are optional but, if specified, will allow NetStorage users to access and manipulate files and directories on the iFolder server.
HINT: Click Back to view the screen where the IP address and port number assignments were made.
