3.9 Guidelines for Configuring OES 2 SP3 Components

Keep the following in mind as you configure the OES 2 SP3 components:

Table 3-3 Guidelines for Configuring OES Components

Issue

Guideline

Software Selections When Using Text-Based YaST

Some older machines, such as Dell 1300, use the text mode install by default when the video card does not meet SLES 10 specifications. When you go into the Software Selection, and then to the details of the OES software selections, YaST doesn’t bring up the OES selections like it does when you use the graphical YaST (YaST2).

To view the Software Selection and System Task screen, select Filter > Pattern (or press Alt+F > Alt+I).

Specifying a State identifier for a Locality Class object

If you to specify a state identifier, for example California, Utah, or Karnataka, as a Locality Class object in your eDirectory tree hierarchy, you must make sure to use the correct abbreviation in your LDAP (comma-delimited) or NDAP (period-delimited) syntax.

When using LDAP syntax, use st to specify a state. For example

ou=example_organization,o=example_company,st=utah,c=us

When using NDAP syntax, use s to specify a state. For example

ou=example_organization.o=example_company.s=utah.c=us

Specifying Typeful Admin Names

When installing OES, you must specify a fully distinguished admin name by using the typeful, LDAP syntax that includes object type abbreviations (cn=, ou=, o=, etc.). For example, you might specify the following:

cn=admin,ou=example_organization,o=example_company

Using Dot-Delimited or Comma-Delimited Input for All Products

For all parameters requiring full contexts, you can separate the names by using comma-delimited syntax; you must be consistent in your usage within the field.

The OES installation routine displays all input in the comma-delimited (LDAP) format. However, it converts the name separators to dots when this is required by individual product components.

IMPORTANT:After the OES components are installed, be sure to follow the conventions specified in the documentation for each product. Some contexts must be specified using periods (.) and others using commas (,). However, eDirectory supports names like cn=juan\.garcia.ou=users.o=novell. The period (.) inside a name component must be escaped.

When using NDAP format (dot), you must escape all embedded dots. For example:cn=admin.o=novell\.provo

When using LDAP format (commas), you must escape all embedded commas. For example:cn=admin,o=novell\,provo

The installation disallows a backslash and period (\.) in the CN portion of the admin name.

For example, these names are supported:

cn=admin.o=novell
cn=admin.o=novell\.provo
cn=admin.ou=deployment\.linux.o=novell\.provo

These names are not supported:

cn=admin\.first.o=novell
cn=admin\.root.o=novell

Before LUM-enabling users whose cn contains a period (.), you must remove the backslash (\) from the unique_id field of the User object container.

For example, cn=juan.garcia has a unique_id attribute = juan\.garcia. Before such a user can be LUM-enabled, the backslash (\) must be removed from the unique_id attribute.

Each OES component and the configurable fields associated with it are listed in the following sections. These components also include the default or previously entered values, where applicable. Some components might require some additional configuration as part of the OES installation; this information is also included in the tables.

The following sections list the specific configuration information required for each component:

3.9.1 LDAP Configuration for Open Enterprise Services

Table 3-4 LDAP Configuration for Open Enterprise Services Values

Page

Parameter

Configured LDAP Servers

 

  • eDirectory Tree Name: The eDirectory tree name that you specified when configuring eDirectory. The tree you are installing this server into.

 

  • Admin Name and Context: The eDirectory Admin name you specified when configuring eDirectory.

 

  • Admin Password: The password of the eDirectory Admin user.

 

  • Configured LDAP Servers: You can specify a list of servers that can be used to configure other OES services on this server.

    Each added server must have either the master or a read/write replica of the eDirectory tree. The first server added to the list becomes the default server for the installed and configured OES services to use.

    For each server you must specify an IP Address, LDAP Port, Secure LDAP Port, and Server Type.

    For information about specifying multiple LDAP servers for Linux User Management (LUM), see Configuring a Failover Mechanism in the OES 2 SP3: Novell Linux User Management Administration Guide.

    Default: The eDirectory server you specified when configuring eDirectory.

3.9.2 Novell AFP Services

Table 3-5 Novell Apple Filing Protocol Parameters and Values

Page

Parameter

AFP Configuration - Mac Client Access to NSS Volumes

 

  • eDirectory Contexts: Specify the FQDN of the eDirectory containers that contain AFP users, for example ou=afp_users.o=novell

For additional configuration instructions, see Installing and Setting Up AFP in the OES 2 SP3: Novell AFP For Linux Administration Guide.

3.9.3 Novell Archive and Version Services

Table 3-6 Novell Archive and Version Services Parameters and Values

Page

Parameter

Archive and Version Services Configuration

 

  • Database Port Number: Specify a port number to use for the archive database communications.

    Default: 5432

 

  • Database Username: Specify a username for the administrator of the archive database (the PostgreSQL database for the archived data).

    IMPORTANT:The Postgres user must be an unprivileged user, not the root user.

    Default: arkuser

 

  • Database Password: Specify and validate a password for the database user.

    Default: The password for the eDirectory Admin user.

For additional configuration instructions, see Setting Up Archive and Version Services in the OES 2 SP3: Novell Archive and Version Services 2.1 Administration Guide.

3.9.4 Novell Backup/Storage Management Services (SMS)

Table 3-7 Novell Backup / Storage Management Services Parameters and Values

Page

Parameter

SMS Configuration

 

  • Directory Server Address: If you do not want to use the default shown, select a different LDAP server in the list.

    If you are installing into an existing tree, ensure that the server you select has a master replica or read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using the LDAP Configuration for Open Enterprise Services dialog box.

    Default: The first server selected in the LDAP Configuration list of servers.

For additional configuration instructions, see Installing and Configuring SMS in the Installing and Configuring SMS.

3.9.5 Novell CIFS for Linux

Table 3-8 Novell CIFS Parameters and Values

Page

Parameter

Novell CIFS Service Configuration

 

  • eDirectory server address or host name: Leave the default or select from the drop-down list to change to a different server.

 

  • LDAP port for CIFS Server: Displays the port value.

 

  • Local NCP Server context: Displays the NCP Server context.

 

  • CIFS Proxy User

    • Use existing user as CIFS Proxy User: Select this option to use an existing proxy user for the CIFS service.

      If you specified the server’s common proxy user, this option is selected.

    • Create a new CIFS Proxy User: Select this option to create a new proxy user for the CIFS service.

    • CIFS Proxy User Name: Specify the FQDN (fully qualified distinguished name) of the CIFS proxy user.

      For example: cn=user, o=novell

      NOTE:This user is granted rights to read the passwords of any users, including non-CIFS users, that are governed by any of the password policies you select in the Novell CIFS Service Configuration page.

    • CIFS Proxy User Password: Specify a password for the CIFS proxy user to use when authenticating to the CIFS server, and verify the password if you are specifying an existing proxy user.

      For more information on proxy user and password management, see Planning Your Proxy Users in the OES 2 SP3: Planning and Implementation Guide.

 

  • Credential Storage Location: Accept CASA or specify the Local File option.

    The CIFS proxy user password is encrypted and encoded in the credential storage location.

    Default: CASA

Novell CIFS Service Configuration (2)

 

  • eDirectory Contexts: Provide a list of contexts that are searched when the CIFS User enters a username. The server searches each context in the list until it finds the correct user object.

Novell CIFS Service Configuration (3)

 

For additional configuration instructions, see Installing and Setting Up CIFS in the OES 2 SP3: Novell CIFS for Linux Administration Guide OES 2 SP3: Novell AFP For Linux Administration Guide

3.9.6 Novell Cluster Services

Table 3-9 Novell Cluster Services Parameters and Values

Page

Parameter

Novell Cluster Services (NCS) Configuration

 

  • New or Existing Cluster: Specify whether the server is part of a new cluster or is joining an existing cluster.

    Default: New Cluster

 

  • Directory Server Address: The IP address shown is the default LDAP server for this service. If you do not want to use the default, select a different LDAP server in the list.

    If you are installing into an existing tree, ensure that the server you select has a master replica or read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using the LDAP Configuration for Open Enterprise Services dialog box.

    Default: The first server selected in the LDAP Configuration list of servers.

 

  • Cluster FDN: Specify or browse to the fully distinguished name (FDN) of the cluster. Use the comma format illustrated in the example. Do not use dots.If you are creating a new cluster, this is the name you will give the new cluster and the eDirectory context where the new cluster object will reside. You must specify an existing context. Specifying a new context does not create a new context.If you are adding a server to an existing cluster, this is the name and eDirectory context of the cluster that you are adding this server to.

    Cluster names must be unique. You cannot create two clusters with the same name in the same eDirectory tree. Cluster names are case sensitive on Linux.

 

  • Cluster IP Address: If you are creating a new cluster, specify a unique IP address for the cluster.

    The cluster IP address is separate from the server IP address and is required to be on the same IP subnet as the other servers in the cluster.

 

  • Storage Device With Shared Media: If you are creating a new cluster, select the device where the Split Brain Detector (SBD) partition will be created.

    If you have a shared disk system attached to your cluster servers, Novell Cluster Services creates a small cluster partition on that shared disk system. This small cluster partition is referred to as the Split Brain Detector (SBD) partition. Specify the drive or device where you want the small cluster partition created.

    You must have at least 20 MB of free space on one of the shared disk drives to create the cluster partition. If no free space is available, the shared disk drives cannot be used by Novell Cluster Services.

    If you do not have a shared disk system connected to your cluster servers, accept the default (none). You must create the SBD manually before adding a second server to the cluster.

    Default: none

 

  • Optional Device for Mirrored Partitions: If you want to mirror the SBD partition for greater fault tolerance, select the device where you want to mirror to.You can also mirror SBD partitions after installing Novell Cluster Services.

Novell Cluster Services (NCS) Configuration (2)

 

  • IP Address of this Node: This field contains the IP address of this node. If this server has multiple IP addresses, you can change the default address to another value if desired.

 

  • Start Cluster Services Now: Select this box if you want clustering to start now. If you want clustering to start after rebooting, or if you want to manually start it later, deselect this box.

    This option applies only to installing Novell Cluster Services after the OES installation because it starts automatically when the server initializes during the installation.

    If you choose to not start Novell Cluster Services software, you need to either manually start it after the installation, or reboot the cluster server to automatically start it.You can manually start Novell Cluster Services by going to the /etc/init.d directory and entering ./novell-ncs start at the server console of the cluster server.

    Default: Selected

Proxy User Configuration

 

Specify one of the following users as the NCS Proxy user.

  • OES Common Proxy User: If the OES common proxy User is enabled in eDirectory, the Use OES Common Proxy User check box is automatically selected and the NCS Proxy User Name and Specify NCS Proxy User Password fields are populated with the credentials of the OES common proxy User.

  • LDAP Admin User: If the OES common proxy User is disabled in eDirectory, the Use OES Common Proxy User check box is automatically deselected and the NCS Proxy User Name and Specify NCS Proxy User Password fields are populated with the credentials of the LDAP Admin user. The fields are also automatically populated with the LDAP Admin credentials if you deselect the Use OES Common Proxy User check box.

  • Another Administrator User: Deselect the Use OES Common Proxy User check box, then specify the credentials of an administrator user.

For additional instructions, see the OES 2 SP3: Novell Cluster Services 1.8.8 Administration Guide for Linux.

3.9.7 Novell DHCP Services

Table 3-10 Novell DHCP Services Parameters and Values

Page

Parameter

Novell DHCP Services Configuration

 

  • DHCP Server Context: Specify a context for the DHCP Server object.

    Default: o=example

 

  • DHCP Server Object Name: Specify the name of the Server object that these DHCP services will be running on.

    This is the DHCP server object that contains a list of DHCP Services (configuration) served by the DHCP Server.

    Default: DHCP_example_server

 

  • Common DHCP Configuration Object Contexts

    • DHCP Locator Object: Specify the context for the DHCP Locator object.

      The DHCP Locator object has references to dhcpServer and dhcpService objects.

    • Group Context: Specify the context for the DHCP Group object.

      This object is used to grant the necessary rights to the eDirectory user used by the DHCP server to access the DHCP objects.

    Default: o=example

 

  • Log File Location: Specify the path and filename for the DHCP Services log file. You can type the path manually or click Browse to locate the log.

    Default: Usually /var/log/

 

  • LDAP Method

    • Static: Select this option if you do not want the DHCP server to query the LDAP server for host details.

    • Dynamic: Select this option if you want the DHCP server to query the LDAP server on every request for host details.

      Selecting the dynamic LDAP method ensures that the responses you receive to queries are accurate, but the server takes a longer time to respond.

    Default: Static

 

  • Referrals

    A referral is a message that the LDAP server sends to the LDAP client informing it that the server cannot provide complete results and that more data might be on another LDAP server.

    • Chase Referral: Select this option if you want the DHCP server to follow referrals.

    • Do Not Chase Referral: Select this option to ignore LDAP referrals.

Novell DHCP LDAP and Secure Channel Configuration

 

  • eDirectory Server Address or Host Name: The IP address shown is the default LDAP server for this service. If you do not want to use the default, select a different LDAP server in the list.

    If you are installing into an existing tree, ensure that the server you select has a master replica or read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using the LDAP Configuration for Open Enterprise Services dialog box.

    Default: The first server selected in the LDAP Configuration list of servers.

 

  • Use Secure Channel for Configuration: Leaving this option selected causes DHCP configuration information to be transferred over a secure channel.

    Deselecting the option lets a user with fewer privileges configure LDAP services and allows configuration information to be transferred over a non-secure channel.

    Default: Selected

 

  • LDAP User Name with Context: Specify a typeful, distinguished name and context for an LDAP user.

    This user should be an eDirectory user that can access the DHCP server.

    Default: If you specified a common proxy user, it is used by default. If you didn’t specify a common proxy user, the eDirectory Admin name and context that you specified when configuring eDirectory is specified.

  • LDAP User Password: Type a password for the LDAP user.

 

  • LDAP Port for DHCP Server: Select a port for the LDAP operations to use.

    IMPORTANT:The scripts that manage the common proxy user introduced in OES 2 SP3 require port 636 for secure LDAP communications.

    Default: 636

 

  • Use Secure LDAP Channel: When selected, this option ensures that the data transferred between the DHCP server and the LDAP server is secure and private.

    If you deselect this option, the data transferred is in clear text format.

    Default: Selected

 

  • Certificates (optional)

    • Request Certificate: Specifies what checks to perform on a server certificate in a SSL/TLS session. Select one of the following options:

      • Never: The server does not ask the client for a certificate. This is the default

      • Allow: The server requests a client certificate, but if a certificate is not provided or a wrong certificate is provided, the session still proceeds normally.

      • Try: The server requests the certificate. If none is provided, the session proceeds normally. If a certificate is provided and it cannot be verified, the session is immediately terminated

      • Hard: The server requests a certificate. A valid certificate must be provided, or the session is immediately terminated.

    • Paths to Certificate Files: Specify or browse the path for the certificate files.

      • The LDAP CA file contains CA certificates

      • The LDAP client certificate contains the client certificate.

      • The LDAP client key file contains the key file for the client certificate.

Novell DHCP Services Interface Selection

 

  • Network Boards for the Novell DHCP Server: From the available interfaces, select the network interfaces that the Novell DHCP server should listen to.

For additional configuration instructions, see Installing and Configuring DHCP in the OES 2 SP3: Novell DNS/DHCP Administration Guide.

3.9.8 Novell DNS Services

Table 3-11 Novell DNS Services Parameters and Values

Page

Parameter

Novell DNS Configuration

 

  • Directory server address: If you have specified multiple LDAP servers by using the LDAP Configuration for Open Enterprise Services dialog box, you can select a different LDAP server than the first one in the list.

    If you are installing into an existing tree, you must ensure that the selected server has a master or read/write replica of eDirectory.

    Default: The first LDAP server in the LDAP Server Configuration dialog box.

 

  • Common DNS Configuration Object and User Contexts:

    • Get Context and Proxy User Information from Existing DNS Server: Select this option if you are configuring DNS in an existing tree where DNS is already configured, and you want to use the existing Locator, Root Server Info, Group and Proxy User contexts.

    • Existing Novell DNS Server Address: If you have enabled the previous option, you an type the IP address of an NCP server (must be up and running) that is hosting the existing DNS server.

      To automatically retrieve the contexts of the objects that follow, click Retrieve.

      If you do not want to use the retrieved contexts, you can change them manually.

    • Novell DNS Services Locator Object Context: Specify the context for the DNS Locator object.

      The Locator object contains global defaults, DHCP options, and a list of all DNS and DHCP servers, subnets, and zones in the tree.

      Default: The context you specified for the OES server you are installing.

    • Novell DNS Services Root Server Info Context: Specify the context for the DNS Services root server.

      The RootSrvrInfo Zone is an eDirectory container object that contains resource records for the DNS root servers.

      Default: The context you specified for the OES server you are installing.

    • Novell DNS Services Group Object Context: Specify the context for the DNS Group object.

      This object is used to grant DNS servers the necessary rights to other data within the eDirectory tree.

      Default: The context you specified for the OES server you are installing.

    • Proxy User for DNS Management: Specify the FDN of the DNS proxy user.

      An existing user must have eDirectory read, write, and browse rights under the specified context. If the user doesn’t exist, it is created in the context specified.

      Default: If you specified a common proxy user, it is used by default. If you didn’t specify a common proxy user, the eDirectory Admin name and context that you specified when configuring eDirectory is specified.

    • Specify Password for eDirectory User: Type the password for the DNS proxy user.

      For more information on proxy user and password management, see Planning Your Proxy Users in the OES 2 SP3: Planning and Implementation Guide.

      Default: The password that you specified for the OES server you are installing.

 

  • Local NCP Server Context: Specify a context for the local NCP Server object.

    Default: The eDirectory context specified for this OES server.

 

  • Use Secure LDAP Port: When selected, this option ensures that the data transferred by this service is secure and private.

    If you deselect this option, the transferred data is in clear text format.

    Default: Selected

 

  • Credential Storage Location: Specify where the DNS proxy user’s credentials are to be stored.

    Default: For security reasons, the default and recommended method of credential storage is CASA.

For additional configuration instructions, see Installing and Configuring DNS in the OES 2 SP3: Novell DNS/DHCP Administration Guide.

3.9.9 Novell Domain Services for Windows

There are multiple configuration scenarios, depending on your deployment. For information, see Installing Domain Services for Windows in the OES 2 SP3: Domain Services for Windows Administration Guide.

3.9.10 Novell eDirectory Services

WARNING:You specified the eDirectory configuration for this server in either Specifying LDAP Configuration Settings or Specifying eDirectory Configuration Settings, and the settings you specified were extended to your OES service configurations by the OES install.

If you change the eDirectory configuration at this point in the install, your modifications might or might not extend to the other OES services. For example, if you change the server context from o=example to ou=servers.o=example, the other service configurations might or might not reflect the change.

Be sure to carefully check all of the service configuration summaries on the Novell Open Enterprise Server Configuration summary screen. If any of the services don’t show the eDirectory change you made, click the service link and modify the configuration manually. Otherwise your installation will fail.

Table 3-12 Novell eDirectory Parameters and Values

Page

Parameter

eDirectory Configuration - New or Existing Tree

 

  • New or Existing Tree

    • New Tree: Creates a new tree.

      Use this option if this is the first server to go into the tree or if this server requires a separate tree. Keep in mind that this server will have the master replica for the new tree, and that users must log into this new tree to access its resources.

    Default: New Tree

 

  • eDirectory Tree Name: Specify a unique name for the eDirectory tree you want to create or the name of the tree you want to install this server into.

    • Use eDirectory Certificates for HTTPS Services: Selecting this option causes eDirectory to automatically back up the currently installed certificate and key files and replace them with files created by the eDirectory Organizational CA (or Tree CA).

      Most OES services that provide HTTPS connectivity are configured by default to use the self-signed common server certificate created by YaST. Self-signed certificates provide minimal security and limited trust, so you should consider using eDirectory certificates instead.

      For all server installations, this option is enabled by default and is recommended for the increased security it provides.

      To prevent third-party CA certificates from being accidentally backed up and overwritten, deselect this option.

      For more information on certificate management and this option, see Security in the OES 2 SP3: Planning and Implementation Guide.

    • Require TLS for Simple Binds with Password: Select this option to make connections encrypted in the Session layer.

    • Install SecretStore: Select this option to install Novell SecretStore (SS), an eDirectory-based security product.

eDirectory Configuration - New/Existing Tree Information

 

  • IP Address of an Existing eDirectory Server with a Replica: Type the IP address of a server with an eDirectory replica.

    This option appears only if you are joining an existing tree.

 

  • NCP Port on the Existing Server: Type the NCP port used by the eDirectory server you specified.

    This option appears only if you are joining an existing tree.

    Default: 524.

 

  • LDAP and Secure LDAP Ports on the Existing Server: Type the LDAP ports used by the eDirectory server you specified.

    This option appears only if you are joining an existing tree.

    IMPORTANT:The scripts that manage the common proxy user introduced in OES 2 SP3 require port 636 for secure LDAP communications.

    Default: 389 (LDAP), 636 (Secure LDAP)

 

  • FDN Admin Name with Context: Specify the name of the administrative user for the new tree.

    This is the fully distinguished name of a User object that will be created with full administrative rights in the new directory.

    Default: The eDirectory Admin name and context that you specified when initially configuring eDirectory.

 

  • Admin Password: Specify the eDirectory administrator's password.

    This is the password of the user specified in the prior field.

 

  • Verify Admin Password: Retype the password to verify it.

    This option only appears if creating a new tree.

eDirectory Configuration - Local Server Configuration

 

  • Enter Server Context: Specify the location of the new server object in the eDirectory tree.

 

  • Enter Directory Information Base (DIB) Location: Specify a location for the eDirectory database.

    Default: The default path is /var/opt/novell/eDirectory/data/dib, but you can use this option to change the location if you expect the number of objects in your tree to be large and the current file system does not have sufficient space.

 

  • Enter LDAP Port: Specify the LDAP port number this server will use to service LDAP requests.

    Default: 389

 

  • Enter Secure LDAP Port: Specify secure LDAP port number this server will use to service LDAP requests.

    IMPORTANT:The scripts that manage the common proxy user introduced in OES 2 SP3 require port 636 for secure LDAP communications.

    Default: 636

 

  • Enter iMonitor Port: Specify the port this server will use to provide access to the iMonitor application.

    iMonitor lets you monitor and diagnose all servers in your eDirectory tree from any location on your network where a Web browser is available.

    Default: 8028

 

  • Enter Secure iMonitor Port: Specify the secure port this server will use to provide access to the iMonitor application.

    Default: 8030

eDirectory Configuration - NTP and SLP

 

  • Network Time Protocol (NTP) Server: Specify the IP address or DNS hostname of an NTP server.

    • For the first server in a tree, we recommend specifying a reliable external time source.

    • For servers joining a tree, specify the same external NTP time source that the tree is using, or specify the IP address of a configured time source in the tree. A time source in the tree should be running time services for 15 minutes or more before connecting to it, or the time synchronization request for the installation fails.

      If the time source server is NetWare 5.0 or earlier, you must specify an alternate NTP time source, or the time synchronization request fails. For more information, see Time Services in the OES 2 SP3: Planning and Implementation Guide.

  • Use Local Clock: Alternatively, you can select Use Local Clock to designate the server’s hardware clock as the time source for your eDirectory tree.

    This is not recommended if there is a reliable external time source available.

 

  • (SLP Options)

    • Do Not Configure SLP: This option is good for eDirectory trees with three or fewer eDirectory servers.

      Without SLP, users can’t see a tree list, but they should still be able to attach to a tree by name. Users can configure the Novell Client to use DNS, or they can configure the local host file (%SystemDrive%\windows\system32\drivers\etc\hosts on WinXP) to resolve tree and server names. Users can also specify preferred tree and context information in the DHCP Settings page of the Novell Client.

      IMPORTANT:If the tree where you are installing this server has or will have more than three servers, you must configure SLP.

    • Use Multicast to Access SLP: This option allows the server to request SLP information by using multicast packets. Use this in environments that have not established SLP DAs (Directory Agents).

      IMPORTANT:If you select this option, you must disable the firewall for it to work correctly. Multicast creates a significant amount of network traffic and can reduce network throughput.

    • Configure as Directory Agent: This option configures this server as a Directory Agent (DA). This is useful if you plan to have more than three servers in the tree and want to set up SLP during the installation.

      • DASyncReg: This option causes SLP, when it starts up, to query the Directory Agents listed under Configured SLP Directory Agents for their current lists of registered services. It also causes the DA to share service registrations that it receives with the other DAs in the SLP Directory Agent list.

      • Backup SLP Registrations: This option causes SLP to back up the list of services that are registered with this Directory Agent on the local disk.

      • Backup Interval in Seconds: This specifies how often the list of registered services is backed up.

    • Configure SLP to use an existing Directory Agent: This option configures SLP to use an existing Directory Agent (DA) in your network. Use this in environments that have established SLP DAs. When you select this option, you configure the servers to use by adding or removing them from the SLP Directory Agent list.

 

  • Service Location Protocols and Scope: This option configures the scopes that a user agent (UA) or service agent (SA) is allowed when making requests or when registering services, or specifies the scopes a directory agent (DA) must support. The default value is DEFAULT. Use commas to separate each scope. For example, net.slp.useScopes = myScope1,myScope2,myScope3.

    This information is required when selecting the Use Multicast to Access SLP or Configure SLP to Use an Existing Directory Agent option is selected.

    Default: Default

 

  • Configured SLP Directory Agents: This option lets you manage the list of hostname or IP addresses of one or more external servers on which a SLP Directory Agent is running.

    It is enabled for input only when you configure SLP to use an existing Directory Agent.

Novell Modular Authentication Services

 

IMPORTANT:NMAS client software (included with Novell Client software) must be installed on each client workstation where you want to use the NMAS login methods.

  • CertMutual: The Certificate Mutual login method implements the Simple Authentication and Security Layer (SASL) EXTERNAL mechanism, which uses SSL certificates to provide client authentication to eDirectory through LDAP.

  • Challenge Response: The Challenge-Response login method works with the Identity Manager password self-service process. This method allows either an administrator or a user to define a password challenge question and a response, which are saved in the password policy. Then, when users forget their passwords, they can reset their own passwords by providing the correct response to the challenge question.

  • DIGEST-MD5: The Digest MD5 login method implements the Simple Authentication and Security Layer (SASL) DIGEST-MD5 mechanism as a means of authenticating the user to eDirectory through LDAP.

  • NDS: The NDS login method provides secure password challenge-response user authentication to eDirectory. This method supports the traditional NDS password when the NMAS client is in use. Reinstallation is necessary only if the NDS login method object has been removed from the directory.

  • Simple Password: The Simple Password NMAS login method provides password authentication to eDirectory. The Simple Password is a more flexible but less secure alternative to the NDS password. Simple Passwords are stored in a secret store on the user object.

  • SASL GSSAPI The SASL GSSAPI login method implements the Generic Security Services Application Program Interface (GSSAPI) authentication by using the Simple Authentication and Security Layer (SASL) that enables users to authenticate to eDirectory through LDAP by using a Kerberos ticket.

If you want to install all of the login methods into eDirectory, click Select All.

If you want to clear all selections, click Deselect All.

For more information on these login methods, see Managing Login and Post-Login Methods and Sequences in the Novell Modular Authentication Services 3.3.3 Administration Guide.

Defaults: Challenge Response and NDS

OES Common Proxy User Information

 

  • Use Common Proxy User as Default for OES Products: Selecting this option configures the specified common proxy user for the following services: CIFS, DNS, DHCP, iFolder, NetStorage, and NCS. Optionally, you can specify that LUM use it.

  • OES Common Proxy User Name: By default, the common proxy user’s name is OESCommonProxy_hostname, but you can specify any name that fits your naming methodology.

    By default, the common proxy user is created in the container that you specify for the server object.

    You can specify a different container, but it must meet one of the following qualifications:

    • New Tree Installation: The container must be included in either the path specified for the eDirectory Admin user or the path for Server object.

      Or

    • Existing Tree Installation: The container must already exist in eDirectory.

    WARNING:You cannot create a new container by specifying a non-qualifying path. If you attempt this, the installation program will appear to proceed normally until the eDirectory Configuration (ndsconfig) runs. At that point the installation will fail with an Error creating Common Proxy User: 32 error, and you will need to install the server again.

  • OES Common Proxy User Password: You can accept the default system-generated password or specify a new password for the common proxy user.

  • Verify OES Common Proxy User Password: If you specified a different password, type the same password in this field. Otherwise, the system-generated password is automatically included.

  • Assign Common Proxy Password Policy to Proxy User: The initial common proxy password policy is a simple password policy created with default rules. If desired, you can modify this policy after the installation to enforce stricter rules regarding password length, characters supported, expiration intervals, etc.

For additional configuration instructions, see Installing or Upgrading Novell eDirectory on Linux in the Novell eDirectory 8.8 Installation Guide.

3.9.11 Novell FTP Services

No additional configuration is required.

3.9.12 Novell iFolder

When you configure iFolder as part of the OES install and configuration, you can specify only an EXT3 or ReiserFS volume location for the System Store Path, which is where you are storing iFolder data for all your users. You cannot create NSS volumes during the system install.

If you want to use an NSS volume to store iFolder data, you must reconfigure iFolder after the initial OES installation. To reconfigure, use Novell iManager to create an NSS volume, then go to YaST > Open Enterprise Server > Install and Configure Open Enterprise Services and select iFolder 3.8 to enter new information. All previous configuration information is removed and replaced.

Table 3-13 Novell iFolder 3.8 Parameters and Values

Page

Parameter

Novell iFolder System Configuration Options

 

  • iFolder Component to Be Configured

    • iFolder Server: This option lets you configure the settings for the iFolder server that is the central repository for storing user iFolders and synchronizing files for enterprise users.

    • iFolder Web Admin: This option lets you create and configure settings for the administrator user.

      The iFolder Admin user is the primary administrator of the iFolder Enterprise Server. The Web Admin server does not need to be configured on the iFolder Enterprise Server. Devoting a separate server to the Web Admin application improves the performance of the iFolder Enterprise Server by reducing the admin traffic.

    • iFolder Web Access: This option lets you configure the Web Access server, which is an interface that lets users have remote access to iFolders on the enterprise server.

      The Web Access server lets users perform all the operations equivalent to those of the iFolder client through using a standard Web browser.

      The Web Access server does not need to be configured in the same iFolder Enterprise Server. Directing the user tasks to a separate server and thereby reducing the HTTP requests helps to improve the performance of the iFolder Enterprise Server.

    Default: All three items are selected

Novell iFolder System Configuration

 

  • Name Used to Identify the iFolder System to Users: Specify a unique name to identify your iFolder Enterprise Server.

    Default: iFolder

 

  • System Description (optional): Specify a descriptive label for your iFolder Enterprise Server to identify it to the users.

    Default: iFolder Enterprise System

 

  • Path to Server's Data Files: Specify the case-sensitive address of the location where the iFolder Enterprise Server stores iFolder application files as well as the user iFolders and files.

    IMPORTANT:This location cannot be modified after iFolder is installed.

    Default: /var/simias/data/

 

  • Path to the Recovery Agent Certificates (optional): Specify the path to the recovery agent certificates that are used for recovering the encryption key.

    Default: /var/simias/data/simias

Novell iFolder System Configuration (2)

 

  • Name of iFolder Server: Specify a unique name to identify your iFolder Enterprise Server. For example: Host1.

    Default: The name of the OES server.

 

  • iFolder Public URL: Specify the public URL for users to reach the iFolder Enterprise Server.

    Default: The OES server’s IP address

 

  • iFolder Private URL: Specify the private URL corresponding to the iFolder Enterprise Server to allow communication between the servers within the iFolder domain. The private URL and the public URL can be the same.

    Default: The OES server’s IP address

 

  • Select SSL Option for iFolder: Select the SSL option you want to set up a secure connection between the iFolder server and the iFolder clients.

    There are three options for the channel for data transfer: SSL, Non SSL, and Both. However, authentication is always over SSL (not optional).

    • Both: (default) This option lets you select a secure or a non-secure channel for communication among the iFolder server, Web Admin server, Web Access server and the clients. By default, these components use the HTTPS (secure) communication channel. However, all components can also be configured to use HTTP.

    • Non SSL: Select this option to enable non-secure communication between the iFolder server, Web Admin server, Web Access server and the clients. The iFolder uses the HTTP channel for communication.

    • SSL: Select this option to enable a secure connection among the iFolder server, iFolder Web Admin server, iFolder Web Access server, and the iFolder clients. The iFolder uses the HTTPS channel for communication.

    Default: Both

 

  • iFolder Port to Listen On: Specify the port for the iFolder to listen on.

    Default: 443

 

  • Install into Existing iFolder Domain: Select this option when you want to attach to an existing iFolder domain.

    If this option is not selected, this server becomes the Master iFolder server.

    Default: Deselected

 

  • Private URL of the Master Server: Specify the private URL of the Master iFolder server that holds the master iFolder data for synchronization to the current iFolder Enterprise Server.

 

  • Configure LDAP Groups Plugin: Select this option to configure the LDAP Groups plug-in.

    If this option is left unselected, iFolder does not have LDAP Group support enabled.

Novell iFolder LDAP Configuration

 

  • Directory server address: The IP address shown is the default LDAP server for this service. If you do not want to use the default, select a different LDAP server in the list.

    If you need to add another eDirectory LDAP server to the list, use the LDAP Configuration for Open Enterprise Services dialog.

    If you are installing into an existing tree, ensure that the server you select has a master replica or read/write replica of eDirectory.

    If you are installing into an existing tree, you must enter the password of an admin user in the tree.

    Default: The first server selected in the LDAP Configuration list of servers

 

  • Use Alternate LDAP server: If you need to add another LDAP server to the list, select this option and enter the following information:

    • Alternate Directory Server Address: Specify the host or IP address of the alternate LDAP server that iFolder will use.

    • LDAP Port: Specify the LDAP port to use for this alternate server.

    • LDAP Secure Port: Specify the LDAP secure port to use for this alternate server.

    • Admin Name and Context: Specify the administrator name and context for the alternate LDAP server.

    • Admin Password: Type the specified administrator’s password.

Novell iFolder System Configuration

 

  • The iFolder Default Administrator: Specify the username for the default iFolder administrative user. Use the full distinguished name of the iFolder administrative user.

    Default: The eDirectory Admin user you specified while configuring eDirectory.

 

  • iFolder Admin Password: Specify a password for the iFolder administrative user.

 

  • Verify iFolder Admin Password: Type the password for the iFolder administrative user again.

 

  • LDAP Proxy User: Specify the full distinguished name of the LDAP Proxy user.

    This user must have the Read right to the LDAP service. This user is used to provision the users between iFolder Enterprise Server and the LDAP server. If it does not already exist, this user is created and granted the Read right to the root of the tree. The LDAP proxy user's domain name (DN) and password are stored by iFolder.

    Default: If you specified a common proxy user, it is used by default. If you didn’t specify the common proxy user, a user object named iFolderProxy is created in the server context you specified.

    NOTE:The common proxy user cannot be used if iFolder is running on a cluster node. If the NCS pattern is selected along with iFolder, this field will be populated with the iFolderProxy by default.

 

 

  • Verify LDAP Proxy User Password: Type the password for the LDAP Proxy user again.

 

  • LDAP Search Context: Click Add, then specify an LDAP tree context to be searched for users to provision them in iFolder. For example, o=acme, o=acme2, or o=acme3

    If no context is specified, only the iFolder administrative user is provisioned for services during the install.

    Default: The server context you specified while configuring eDirectory.

 

  • LDAP Naming Attribute: Select which LDAP attribute of the User account to apply when authenticating users. This setting cannot be changed after the install.

    Each user enters a username in this specified format at login time. Common Name (CN) is the default, and an e-mail address (email) is the other option.

    For example, if a user named John Smith has a common name of jsmith and e-mail of john.smith@example.com, this field determines whether the user enters jsmith or john.smith@example.com as the username when logging in to the iFolder Enterprise Server.

    Default: Common Name (CN)

 

  • Require a Secure Connection Between the LDAP server and the iFolder Server: If the LDAP server co-exists on the same computer as the iFolder Enterprise Server, you can deselect this option, which increases the performance of LDAP authentications.

    Default: Selected

Novell iFolder Web Access Configuration

 

  • An Apache Alias That Will Point to the iFolder Web Access Application: This is a user-friendly pointer for the Apache service.

    Default: /ifolder

 

  • The Host or IP Address of the iFolder Server That Will Be Used by the iFolder Web Access Application: This Web Access application performs all the user-specific iFolder operations on the host that runs the iFolder Enterprise Server.

    Default: The IP address of the OES server you are installing

 

  • Redirect URL for iChain/Access Gateway (optional): Specify the redirect URL for iChain/AccessGateway that will be used by the iFolder Web Access application. This URL is used for the proper logout of iChain/AccessGateway sessions along with the iFolder session.

 

  • Connect to the iFolder Server Using SSL: Select the check box to establish a secure connection between the iFolder enterprise server and the iFolder Web Admin application.

    Default: Selected

 

  • iFolder Server Port to Connect on: Specify the port for the iFolder server to connect to the Web Acess application.

    Default: 443 (SSL communications), 80 (non-SSL communication)

 

  • Require a secure connection between the Web browser and the iFolder Web Access application: Select the check box to establish a secure connection between the Web browser and the iFolder Web Access application.

    Default: Selected

Novell iFolder Web Admin Configuration

 

  • An Apache Alias That Will Point to the iFolder Web Admin Application: This is an admin-friendly pointer for the Apache service.

    Default: /admin

 

  • The Host or IP Address of the iFolder Server That Will Be Used by the iFolder Web Application: The iFolder Web admin application manages this host.

    Default: The IP address of the OES server you are installing

 

  • Redirect URL for iChain/Access Gateway (optional): Specify the redirect URL for iChain/AccessGateway that will be used by the iFolder Web Admin application. This URL is used for the proper logout of iChain/AccessGateway sessions along with the iFolder session.

 

  • Connect to the iFolder Server Using SSL: Select the check box to establish a secure connection between the iFolder enterprise server and the iFolder Web Admin application.

 

  • iFolder Server Port to Connect on: Specify the port for the iFolder server to connect to the Web Admin application. Port 443 is the default. Port 80 is the default value for non-SSL communication.

 

  • Require a secure connection between the Web browser and the iFolder Web Access application: Select the check box to establish a secure connection between the Web browser and the iFolder Web Admin application.

For additional configuration instructions, see Installing and Configuring iFolder Services in the Novell iFolder 3.8.4 Administration Guide.

3.9.13 Novell iManager

Table 3-14 Novell iManager Parameters and Values

Page

Parameter

iManager Configuration

 

  • eDirectory Tree: Shows the name of a valid eDirectory tree that you specified when configuring eDirectory.

    To change this configuration, you must change the eDirectory configuration.

 

  • FDN Admin Name with Contextt: Shows the eDirectory Admin name and context that you specified when configuring eDirectory. This is the user that has full administrative rights to perform operations in iManager.

    To change this configuration, you must change the eDirectory configuration.

For additional configuration instructions, see Installing iManager in the Novell iManager 2.7 Installation Guide.

3.9.14 Novell iPrint

Table 3-15 Novell iPrint Parameters and Values

Page

Parameter

iPrint Configuration

 

  • Directory server address: The IP address shown is the default LDAP server for this service. If you do not want to use the default, select a different LDAP server in the list.

    If you are installing into an existing tree, ensure that the server you select has a master replica or read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using the LDAP Configuration for Open Enterprise Services dialog.

 

  • Top-Most Container of eDirectory Tree: iPrint uses LDAP to verify rights to perform various iPrint operations, including authenticating users for printing and performing management tasks such as uploading drivers.

    During the installation of the iPrint software, iPrint attempts to identify the topmost container of the eDirectory tree and sets the base dn to this container for the AuthLDAPURL entry in /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf.

    For most installations, this is adequate because users are often distributed across containers.

    IMPORTANT:If you have mutliple peer containers at the top of your eDirectory tree, leave this field blank so that the LDAP search begins at the root of the tree.

For additional configuration instructions, see Installing and Setting Up iPrint on Your Server in the OES 2 SP3: iPrint for Linux Administration Guide.

3.9.15 Novell Linux User Management

Table 3-16 Novell Linux User Management Parameters and Values

Page

Parameter

Linux User Management Configuration

 

  • Directory Server Address: The IP address shown is the default LDAP server for this service. If you do not want to use the default, select a different LDAP server in the list.

    If you are installing into an existing tree, ensure that the server you select has a master replica or read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using the LDAP Configuration for Open Enterprise Services dialog.

    For information about specifying multiple LDAP servers for Linux User Management (LUM), see Configuring a Failover Mechanism in the OES 2 SP3: Novell Linux User Management Administration Guide.

    Default: The first server selected in the LDAP Configuration list of servers

 

  • Unix Config Context: The Unix Config object holds a list of the locations (contexts) of Unix Workstation objects in eDirectory. It also controls the range of numbers to be assigned as UIDs and GIDs when User objects and Group objects are created.

    Specify the eDirectory context (existing or created here) where the Unix Config object will be created. An LDAP search for a LUM User, a LUM Group, or a LUM Workstation object begins here, so the context must be at the same level or higher than the LUM objects searched for.

    If the Unix Config Object is placed below the location of the User objects, the /etc/nam.conf file on the target computer must include the support-outside-base-context=yes parameter.

    Geographically dispersed networks might require multiple Unix Config objects in a single tree, but most networks need only one Unix Config object in eDirectory.

    Default: The Organization object you specified in the eDirectory configuration

 

  • Unix Workstation Context: Computers running Linux User Management (LUM) are represented by Unix Workstation objects in eDirectory. The object holds the set of properties and information associated with the target computer, such as the target workstation name or a list of eDirectory groups that have access to the target workstation.

    Specify the eDirectory context (existing or created here) for the Unix Workstation object created by the install for this server. The context should be the same as or below the Unix Config Context specified above.

    Default: The context you specified for this OES server in the eDirectory configuration

 

  • Proxy User Name with Context (Optional): If you specified a common proxy user, and you select the Use OES Common Proxy User option (below) it is used by default. If you didn’t specify a common proxy user, you can specify a user (existing or created here) with rights to search the LDAP tree for LUM objects.

 

 

  • Use OES Common Proxy User: Check this option if you specified a common proxy user and want to use it as the proxy user for LUM.

 

  • Restrict Access to the Home Directories of Other Users: This option is selected by default to restrict read and write access for users other than the owner to home directories.

    Using the default selection changes the umask setting in /etc/login.defs from 022 to 077.

    Default: Selected

Linux User Management Configuration (2)

 

IMPORTANT:Before you change the PAM-enabled service settings, be sure you understand the security implications explained in User Restrictions: Some OES 2 Limitations in the OES 2 SP3: Planning and Implementation Guide.

  • Services to LUM-enable for authentication via eDirectory: Select the services to LUM-enable on this server. The services marked yes are available to authenticated LUM users.

    • login: no

    • ftp: no

    • sshd: no

      If you want to use the SSH protocol to define a NetStorage storage location object, you must select SSHD as a LUM-enabled service.

      If do not select SSHD, users cannot to log in to NetStorage through SSH to access their files.

    • su: no

    • rsh: no

    • rlogin: no

    • xdm: no

    • openwbem: yes

      This is selected by default because it is used by many of the OES services such as iPrint, NSS, SMS, Novell Remote Manager, and Samba. To get access to iManager, you must enable OpenWBEM.

    • gdm: no

    • gdm-autologin: no

    • gnome-passwd: no

    • gnome-screensaver: no

    • gnomesu-pam: no

For additional configuration instructions, see Setting Up Linux User Management in the OES 2 SP3: Novell Linux User Management Administration Guide.

3.9.16 Novell NCP Server / Dynamic Storage Technology

Table 3-17 Novell NCP Server Parameters and Values

Page

Parameter

NCP Server Configuration

 

  • Admin Name with Context: This is the eDirectory Admin user you specified in the eDirectory configuration.

For additional configuration instructions, see Installing and Configuring NCP Server for Linux in the OES 2 SP3: NCP Server for Linux Administration Guide.

3.9.17 Novell NetStorage

Table 3-18 Novell NetStorage Parameters and Values

Page

Parameter

NetStorage Configuration

 

  • Authentication Domain Host: The IP address shown is the default LDAP server for this service. If you do not want to use the default, select a different LDAP server in the list.

    If you are installing into an existing tree, ensure that the server you select has a master replica or read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using the LDAP Configuration for Open Enterprise Services page.

    Default: The first server selected in the LDAP Configuration list of servers.

 

  • Proxy User Name with Context: Specify the Proxy User Name including the context, or accept the default.

    This user performs LDAP searches for users logging into NetStorage.

    Default: If you specified a common proxy user, it is used by default. If you didn’t specify a common proxy user, the eDirectory Admin name and context that you specified when configuring eDirectory is specified.

 

 

  • User Context: Specify the NetStorage users’ context, or accept the default.

    This is the eDirectory context for the users that will use NetStorage. NetStorage searches the eDirectory tree down from the specified context for User objects. If you want NetStorage to search the entire eDirectory tree, specify the root context.

    Default: The Organization object you specified while configuring eDirectory.

For additional configuration instructions, see Installing NetStorage in the OES 2 SP3: NetStorage Administration Guide.

3.9.18 Novell Pre-Migration Server

No additional configuration is required. For information, see Preparing the Source Server for Migration the OES 2 SP3: Migration Tool Administration Guide.

3.9.19 Novell QuickFinder

Table 3-19 Novell QuickFinder Parameters and Values

Page

Parameter

Novell QuickFinder Admin User

 

  • Novell QuickFinder Admin User Type: Make the QuickFinder administrator a LUM-enabled eDirectory user or a local Linux user.

    • Local: Select this option to give QuickFinder Server administration rights to a local Linux user (the default is the root user if no other local users exist).

    • Directory LUM Enabled: Gives QuickFinder Server administration rights to an eDirectory user.

    Default: Directory LUM enabled

 

  • QuickFinder Admin Name: Specify the QuickFinder administrator name.

    If you selected Directory LUM enabled as the user type, include the full context (such as cn=admin,o=novell).

    If you selected Local as the user type, specify only the admin name (such as root). If the user does not already exist, it will be created.

    Default: The eDirectory Admin user you specified while configuring eDirectory.

 

  • Add novlwww User to the Shadow Group: If only LUM-enabled eDirectory users will use QuickFinder, this option does not need to be set.

    QuickFinder uses Pluggable Authentication Modules (PAM) to authenticate users for both administration and rights-based searching. Because QuickFinder is a servlet under Tomcat, it has the same rights to the system as the Tomcat user (wwwrun).

    For QuickFinder to verify user credentials for local users (including root), the wwwrun user must be added to the local shadow group.

    Default: Yes

Novell QuickFinder Admin Password

 

  • eDirectory Admin Name: Specified on the previous page.

 

  • Novell QuickFinder Admin User Type: If a different admin user was created, specify a password.

For additional configuration instructions, see Installing QuickFinder Server in the OES 2 SP3: Novell QuickFinder Server 5.0 Administration Guide.

3.9.20 Novell Remote Manager

No additional configuration for the installation is required. To change the configuration after the installation, see Changing the Configuration in the OES 2 SP3: Novell Remote Manager for Linux Administration Guide.

3.9.21 Novell Samba

Table 3-20 Novell Samba Parameters and Values

Page

Field or Selection

Novell Samba Configuration

 

  • Directory server address: The IP address shown is the default LDAP server for this service. If you do not want to use the default, select a different LDAP server in the list.

    If you are installing into an existing tree, ensure that the server you select has a master replica or read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using the LDAP Configuration for Open Enterprise Services dialog box.

    This is the primary IP address of the LDAP server to which CIFS client users (such as Windows users) authenticate, to use LDAP for access to the directories and files on this OES server.

    Default The first server selected in the LDAP Configuration list of servers.

 

  • Base Context for Samba Users: The eDirectory context (existing or created here) where the default Samba group is created.

    Default: The Organization object you specified for your tree. Do not change the default unless you are altering the standard Samba configuration.

 

  • Proxy User Name with Context: A user on the specified LDAP server that has rights to search the LDAP tree for Samba users.

    The name and context must be specified by using typeful syntax. (cn=name,ou=organizational_unit,o=organization)

    Default: cn=servername-sambaProxy.o=organization

 

For additional configuration instructions, see Installing the Novell Samba Components in the OES2 SP3: Samba Administration Guide.

3.9.22 Novell Storage Services (NSS)

Table 3-21 Novell Storage Services Parameters and Values

Page

Parameter

NSS Unique Admin Object

 

  • Directory Server Address: The IP address shown is the default LDAP server for this service. If you do not want to use the default, select a different LDAP server in the list.

    If you are installing into an existing tree, ensure that the server you select has a master replica or read/write replica of eDirectory. If you need to add another LDAP server to the list, add it by using the LDAP Configuration for Open Enterprise Services dialog box.

    Default The first server selected in the LDAP Configuration list of servers.

 

  • FD NSS Admin Name with Context: Specify the NSS Admin name and context or accept the default.

    This is the fully distinguished name of a User object with administrative rights to NSS. You must have a unique NSS admin name for each server that uses NSS.

    For more information, see Planning Your Proxy Users in the OES 2 SP3: Planning and Implementation Guide.

    Default: The server hostname concatenated with the LDAP Admin Name you entered for this server,. cn=myserveradmin,o=organization.

For additional configuration instructions, see Installing and Configuring Novell Storage Services in the OES 2 SP3: NSS File System Administration Guide for Linux.