Novell

LDAP Proxy 1.0 is Released

The much awaited LDAP Proxy has been released and is available for download on the download.novell.com site.

The documentation can be found at http://www.novell.com/documentation/ldapproxy/

If you are unfamiliar with LDAP Proxy, it allows a single access point for access to multiple directories. That is the basic function of LDAP Proxy. It does way more than that. Very cool product. I have been waiting a long time for this.

How to join a Mac to a DSfW domain

This video will show you how to join a Mac to a DSfW domain

At this time Mac joined to a DSfW domain is not supported, but it can be done.

Be sure dns resolves the domain name – nslookup <domain name>
Go to the System Preferences
Accounts
click Join button next to Network Account Server
Click Open Directory Utility
Unlock the directory utility
Click Active Directory
Add the domain name to the Active Directory Domain field
Be sure the Computer name ID is a unique name
Click bind

Now the workstation is joined to the domain.  To enable DSfW users to login to the workstation
Under Hide Advanced Options
Click the User Experience
use smb as the network protocol
and /bin/bash as the default shell
so that users can login when the domain is not available enable Create mobile account at login

The most important setting is… Continue reading

How to take a LDAP trace – quick version

This video will show you how to take a ldap trace on a linux/DSfW server.

This applies to both eDirectory and DSfW (since DSfW is built on eDir)
A ldap trace is helpf in troublehooting applications or workstations authenticating,
searching, or modifying the directory.
Some commands used in the video

ldapconfig utility:
See the screen level
ldapconfig get |grep -i “ldap screen level”

set the screen level for everything but packet dumping
ldapconfig -s “Operation| Connection| Config| Extensions| Error| Critical| DataConnection”

Setting the screen level to all
ldapconfig -s “ldap screen level=all”

Going back to default screen level
ldapconfig -s “ldap screen level= Error| Critical”

ndstrace section:
turn off the screen and file logging
ndstrace off

clear the filter
set ndstrace = nodebug

enabeling ldap and nmas in the filter
ndstrace +time +tags +ldap +nmas

turn on the screen and logging
ndstrace on

The ndstrace.log is located in
/var/opt/novell/eDirectory/log/

How to take a LDAP trace – long version

How to take a LDAP NMAS trace for DSfW TID 7009602

LDAP on DSfW and how it differs from standard eDirectory LDAP ports

TID 7001886 has information on the ports DSfW uses including the ldap ports.

How to recreate the Domain Users Group

See TID 7009288 for the steps to re-create the Domain Users group

DSfW and Novell Cifs

Novell Cifs is a wonderful way to access files from a workstation not running the Novell Client.
This video shows how to install Novell Cifs and configure it to work with Domain Services for Windows.

The key is to assign the cifs proxy user to the password policy for the DSfW users.

Password Policies with DSfW

The /etc/opt/novell/xad/xad.ini file has the setting to determine if password policies are controlled by the GPO or Novell password policies. XADRETAINPOLICIES =no will use the GPO, XADRETAINPOLICIES = yes can me managed with iManager

How to Join a workstation to a DSfW domain

Joining a workstation to a DSfW domain is the same as joining to an AD domain.
Be sure the workstation’s time is insync with the server and can resolve the domain with nslookup

 

Prepare and Install Novell’s Domain Services for Windows

TID 7002172 provides steps to follow to ensure a successful install.

Start with a clean install, eDirectory can not be installed on the server prior to installing DSfW.
Be sure the /etc/hosts has the server name and domain name you want for the name of your domain.
List the DSfW server as the first DNS server in the /etc/resolv.conf
If you removed DSfW and are installing again, be sure to follow TID 7005431 to properly clean up the tree.

 

 

 

 

Categories