LDAP Proxy 1.0 is Released
The much awaited LDAP Proxy has been released and is available for download on the download.novell.com site.
The documentation can be found at http://www.novell.com/documentation/ldapproxy/
If you are unfamiliar with LDAP Proxy, it allows a single access point for access to multiple directories. That is the basic function of LDAP Proxy. It does way more than that. Very cool product. I have been waiting a long time for this.
How to join a Mac to a DSfW domain
This video will show you how to join a Mac to a DSfW domain
At this time Mac joined to a DSfW domain is not supported, but it can be done.
Be sure dns resolves the domain name – nslookup <domain name>
Go to the System Preferences
Accounts
click Join button next to Network Account Server
Click Open Directory Utility
Unlock the directory utility
Click Active Directory
Add the domain name to the Active Directory Domain field
Be sure the Computer name ID is a unique name
Click bind
Now the workstation is joined to the domain. To enable DSfW users to login to the workstation
Under Hide Advanced Options
Click the User Experience
use smb as the network protocol
and /bin/bash as the default shell
so that users can login when the domain is not available enable Create mobile account at login
The most important setting is… Continue reading
How to take a LDAP trace – quick version
This video will show you how to take a ldap trace on a linux/DSfW server.
This applies to both eDirectory and DSfW (since DSfW is built on eDir)
A ldap trace is helpf in troublehooting applications or workstations authenticating,
searching, or modifying the directory.
Some commands used in the video
ldapconfig utility:
See the screen level
ldapconfig get |grep -i “ldap screen level”
set the screen level for everything but packet dumping
ldapconfig -s “Operation| Connection| Config| Extensions| Error| Critical| DataConnection”
Setting the screen level to all
ldapconfig -s “ldap screen level=all”
Going back to default screen level
ldapconfig -s “ldap screen level= Error| Critical”
ndstrace section:
turn off the screen and file logging
ndstrace off
clear the filter
set ndstrace = nodebug
enabeling ldap and nmas in the filter
ndstrace +time +tags +ldap +nmas
turn on the screen and logging
ndstrace on
The ndstrace.log is located in
/var/opt/novell/eDirectory/log/
How to take a LDAP trace – long version
How to take a LDAP NMAS trace for DSfW TID 7009602
LDAP on DSfW and how it differs from standard eDirectory LDAP ports
TID 7001886 has information on the ports DSfW uses including the ldap ports.
How to recreate the Domain Users Group
See TID 7009288 for the steps to re-create the Domain Users group
DSfW and Novell Cifs
Novell Cifs is a wonderful way to access files from a workstation not running the Novell Client.
This video shows how to install Novell Cifs and configure it to work with Domain Services for Windows.
The key is to assign the cifs proxy user to the password policy for the DSfW users.
Password Policies with DSfW
The /etc/opt/novell/xad/xad.ini file has the setting to determine if password policies are controlled by the GPO or Novell password policies. XADRETAINPOLICIES =no will use the GPO, XADRETAINPOLICIES = yes can me managed with iManager
How to Join a workstation to a DSfW domain
Joining a workstation to a DSfW domain is the same as joining to an AD domain.
Be sure the workstation’s time is insync with the server and can resolve the domain with nslookup
Prepare and Install Novell’s Domain Services for Windows
TID 7002172 provides steps to follow to ensure a successful install.