Install OES11 DSfW
Here is a playlist for videos covering the install of OES11 DSfW
It is broken out into 6 videos
Install OES11 DSfW – Yast section
Install OES11 DSfW – Log Files
Install OES11 DSfW – Provisioning Wizard
Start with the oes11 documentation and TID 7002172 Preparing for Domain Services for Windows Install
OES2SP3 January Maintenance Patch released
Here are a list of bug fixes in the patch
January 2012 Scheduled Maintenance for OES2 SP3
– 496114: FIRST_WATCHDOG_PACKET Parameter Incorrect
– 498911: iprint_nss_relocate script fails to with errors if dn’s have space in them.
– 517837: Unable to create users with MMC due to the Top superclass on Person
– 557645: random dsfw samba crash log errors in oes2sp1.
– 605154: Mac client misleads users about characters unsupported by Windows
– 616747: Bump version for each milestone.
– 632850: NCP is causing ndsd segfault.
– 641812: owcimomd crash when performing an xml import with an invalid IP address for dserver
– 642072: Modifying DNS Entry For DHCP Zone Breaks DDNS Updates
– 647600: OES2SP2 ncpcon log level ALL
– 648340: creating printer from Manage Print manager throws plugin error after successful creation
– 653310: iPrint database becomes out of sync
– 658145: NSS volume with Di and RI… Continue reading
Prepare to install an ADC DSfW server
This video will go through the preparation of installing an ADC DSfW server. It will guide you through TID 7009927.
Cross Forest Trust Password
Some times the cross forest trust between DSfW and AD fails and a common reason for this failure is the cross forest trust password. By default the Windows server will reset the trust password every 30 days. Some times the change only occurs on the Windows side and trust object in DSfW does not get the update leading to a broken trust. Validating and reseting the trust is one way to fix this. Another option is to disable the server from changing the password. This video will show how to validate the trust, reset the password, modify the number of days when a password is changed, and how to disable password changes.
How to disable the automatic machine account password changes.
-
In the registry go toHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange
- Change the registry subkey to a value of 1 (default is 0 which enables password changes, 1 disables password changes)
- Restart the… Continue reading
OES11 is now available
OES11 is can be downloaded now.
OES11 runs on SLES11SP1. Besides running on SLES11 SP1 there are not a lot of new features. Samba is updated to 3.5 which allows winbind to be configured with out recompiling winbind.
Running Windows 7 on an iPad using VMWare View
Using VMWare View a Apple iPad can run Windows 7. Using Domain Services for Windows as the directory VMWare View can easily be deployed in and existing or new Novell eDirectory environment. This video from Network World demonstrates how Windows 7 can run on a Apple iPad.
Overview of VMWare View 5
VMWare View is one of the most common reasons why Domain Services for Windows is deployed and the most popular app authenticating to Domain Services for Windows. With View workstations can be centrally managed and reside in the data-center. If you are looking at implementing VMWare View, consider DSfW as a replacement for AD. If you are a Novell Shop and want to continue using eDirectory and don’t want to have two directories to administer, DSfW will allow a AD style Domain to be installed into your tree, providing AD style authentication. No CALS, which will saver $, no syncing directories because all the users are in eDirectory. eDirectory is running behind the scenes with DSfW. The users in the DSfW domain are both eDir and DSfW users. AD and NCP authentication will work with DSfW. With applications like VMWare View that require… Continue reading
Creating a SLES11 Install source
Creating an install source is extremely easy to do with YaST. Just follow the installation server wizard.
To create a single SLES+OES DVD follow Simon’s Coolsolution Article
How to create a cross forest trust
This video will guide you through the creation of a cross forest trust between DSfW and AD.
For more information on creating a cross forest trust please read through the documentation
http://www.novell.com/documentation/oes11/acc_dsfw_lx/data/ber65jt.html
The trust password will change every 30 days by default. Consider disabling the automatic machine password changes or increasing the time before the password is changed. Some times when a workstation or in this case trust changes its password the change does not get set in the directory and the trust relationship is broken. In that case the trust needs to be re-established.
If a trust is removed and then re-established, before creating the trust again be sure that the trust object in cn=users, is removed as well. The object will look like a user object with the name of the AD Domain with a $ at the end.
Good MS documents to help troubleshoot errors:
Known… Continue reading
How to create DNS forwarders
In order to create a cross forest trust both the DSfW server and the AD server need to resolve each others domains. The video will show you how to create a forward and reverse forwarder for only the AD zone (domain) to the AD server and how to put a forwarder on the AD server to the DSfW DNS server.
How to Create a Forest and DC on Windows 2008R2
Creating an AD forest and domain is easy with dcpromo. Before you start, put the DSfW server as the DNS server on the Windows 2008 server. When the server is promoted to a domain controller, the server listed as the DNS server will be a listed as a forwarder.
Novell Filr, taking network files to a new level
I’m trying to keep this site more along the lines of DSfW related topics, but I think this is so cool. I can’t wait to have to test this out with DSfW.
For more info about Novell Filr, check out the Filr product page.
Novell DNS Tools – iManager and DNS/DHCP Console
The Novell DNS DHCP Console is what most prefer to use to manager Novell DNS. It allows for easy viewing, modification, and creation of zones, records, and DNS servers.
If there are more than one dns locator objects in the tree use the -C switch after the executable to specify which locator object to use.
-C OESSystemobjects.novell
If updates made in the DNS/DHCP tool are not fast enough for you, loo at the novell_dyn_reconfigure setting on the DNS server object or restart novell-named.
At 6:51 on the video this setting is displayed. 15 minutes is recommend . If the reconfigure is set to 5 minutes in a large environment, the reconfigure might not finish updating cache before the the process is started again.
iManager is the second tool available to use to manage DNS and DHCP. The second video will… Continue reading
LDAP Proxy 1.0 is Released
The much awaited LDAP Proxy has been released and is available for download on the download.novell.com site.
The documentation can be found at http://www.novell.com/documentation/ldapproxy/
If you are unfamiliar with LDAP Proxy, it allows a single access point for access to multiple directories. That is the basic function of LDAP Proxy. It does way more than that. Very cool product. I have been waiting a long time for this.
How to join a Mac to a DSfW domain
This video will show you how to join a Mac to a DSfW domain
At this time Mac joined to a DSfW domain is not supported, but it can be done.
Be sure dns resolves the domain name – nslookup <domain name>
Go to the System Preferences
Accounts
click Join button next to Network Account Server
Click Open Directory Utility
Unlock the directory utility
Click Active Directory
Add the domain name to the Active Directory Domain field
Be sure the Computer name ID is a unique name
Click bind
Now the workstation is joined to the domain. To enable DSfW users to login to the workstation
Under Hide Advanced Options
Click the User Experience
use smb as the network protocol
and /bin/bash as the default shell
so that users can login when the domain is not available enable Create mobile account at login
The most important setting is… Continue reading
How to take a packet trace using tcpdump
Common options to use are
-D : Lists the available interfaces
-i : Listen on specified interface. Use tcpdump -D, ip a, or ifconfig to get available interfaces or use -i any for all.
-n : Use numbers, don’t resolve hostnames.
-nn : Don’t resolve hostnames or port names.
-v, -vv, -vvv : Increase the amount of packet information you get back.
-c : Capture x number of packets, example tcpdump -c 50
-s : Set the snapshot length or snarfs the snaplen. The default is 68 bytes. Use -s0 unless you are know what snapshot length you want to capture.
-q : Show less protocol information.
-E : Decrypt IPSEC traffic by providing an encryption key.
-R : Read the trace
tcpdump syntax: ‘Protocol’ ‘Direction’ ‘Host(s)’ ‘Value’ ‘Logical Operations’ ‘Other expression’
tcpdump tcp src 192.168.100.10 445 and tcp dst 192.168.100.2
Start by listing interfaces that are available:
tcpdump -D… Continue reading
How to take a LDAP trace – quick version
This video will show you how to take a ldap trace on a linux/DSfW server.
This applies to both eDirectory and DSfW (since DSfW is built on eDir)
A ldap trace is helpf in troublehooting applications or workstations authenticating,
searching, or modifying the directory.
Some commands used in the video
ldapconfig utility:
See the screen level
ldapconfig get |grep -i “ldap screen level”
set the screen level for everything but packet dumping
ldapconfig -s “Operation| Connection| Config| Extensions| Error| Critical| DataConnection”
Setting the screen level to all
ldapconfig -s “ldap screen level=all”
Going back to default screen level
ldapconfig -s “ldap screen level= Error| Critical”
ndstrace section:
turn off the screen and file logging
ndstrace off
clear the filter
set ndstrace = nodebug
enabeling ldap and nmas in the filter
ndstrace +time +tags +ldap +nmas
turn on the screen and logging
ndstrace on
The ndstrace.log is located in
/var/opt/novell/eDirectory/log/
How to take a LDAP trace – long version
How to take a LDAP NMAS trace for DSfW TID 7009602
LDAP on DSfW and how it differs from standard eDirectory LDAP ports
TID 7001886 has information on the ports DSfW uses including the ldap ports.
How to recreate the Domain Users Group
See TID 7009288 for the steps to re-create the Domain Users group
DSfW and Novell Cifs
Novell Cifs is a wonderful way to access files from a workstation not running the Novell Client.
This video shows how to install Novell Cifs and configure it to work with Domain Services for Windows.
The key is to assign the cifs proxy user to the password policy for the DSfW users.
Password Policies with DSfW
The /etc/opt/novell/xad/xad.ini file has the setting to determine if password policies are controlled by the GPO or Novell password policies. XADRETAINPOLICIES =no will use the GPO, XADRETAINPOLICIES = yes can me managed with iManager
How to Join a workstation to a DSfW domain
Joining a workstation to a DSfW domain is the same as joining to an AD domain.
Be sure the workstation’s time is insync with the server and can resolve the domain with nslookup
Prepare and Install Novell’s Domain Services for Windows
TID 7002172 provides steps to follow to ensure a successful install.