Thursday, June 30, 2005

eDirectory - Explanation of Files

Please review this excellent TID which explains all the NDS or eDirectory files in the sys:\_netware directory and sys:\system directory.

TIP: Remember to backup your eDir / NDS / DIB files regularly with DSREPAIR.
:dsrepair -rc
SYS:\SYSTEM\DSR_DIB\00000000.$DU

More details found in TID 10073559

SYS:\_NETWARE\NDS.01 (Main eDirectory database file)

SYS:\_NETWARE\NDS.RFL\0000001.LOG (Roll forward log)

SYS:\_NETWARE\NDS.DB (Roll back log)

SYS:\_NETWARE\NDS.LCK (NDS Lock file)

SYS:\_NETWARE\ NDSDB.INI (NDS cache configuration file)

SYS:\_NETWARE\NDT.DB (DSRepair temporary database file)

SYS:\_NETWARE\NDT.01 (DSRepair temporary database file)

SYS:\_NETWARE\NDT.RFL\0000001.LOG (DSRepair temporary database file)

SYS:\SYSTEM\DSR_DIB\00000000.$DU (DSRepair database backup)

SYS:\SYSTEM\BACKUP.DS (DSMaint prepare NDS for hardware upgrade)

SYS:\SYSTEM\BACKUP.NDS (NWConfig save local NDS information)

SYS:\SYSTEM\DSREPAIR.LOG (DSRepair log file)

SYS:\SYSTEM\DSTRACE.DBG (Set DSTrace log file)

SYS:\SYSTEM\DSTRACE.LOG (DSTRACE.NLM log file)

Tuesday, June 28, 2005

Post NetWare 6.5 SP3 and OES NW patches

Bucky's List of Post NetWare 6.5 SP3 Patches:

* HP ProLiant Support Pack - 7.30a (non-Novell patch for ProLiant hardware)
http://h18023.www1.hp.com/support/files/server/us/download/22273.html

* eDir 8.7.3 IR 6 + Security Update 8 DS.NLM: 10552.60 Lot's of fixes, see readme.
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971156.htm
Biggest fix was memory pre-allocation fix. (TID 10097143)
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097143.htm


* NICI 2.6.7 April 15, 2005 Search on NICI
http://download.novell.com

* NMAS 2.3.8 (ships with eDir 8.7.3.6) - (Fix unable to login issues)
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097706.htm

* n65nss3a - Post SP3 NSS modules for NetWare 6.5 (Fixes memory cache balance issue)
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971622.htm

* tsa5up18.exe - Latest SMS and TSA files post NetWare 6.5 SP3
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971717.htm
 

* 65cifs22 - Update to CIFS on Netware 6.5 SP3
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971628.htm

* nw65os3a - NetWare 6.5 SP3 Updated SERVER.EXE (only if memory issues appear)
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971567.htm

* iprntnwpcsp12b -- iPrint NW Post Consolidated Support Pack 12b (Numerous fixes, CPU Hog Abend, see readme)
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971577.htm

* syscalls3a -- Updated syscalls.nlm to deal with kernel abends
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971458.htm

* tcp659j -- TCP update for NetWare 6.5
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971698.htm

* wsock6g -- Winsock update for NetWare 5.1 and 6.x
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971087.htm

* xnfs3a.exe -- Pose 6.5 SP3 fixes for XNFS (NFS Server)
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971125.htm
Apply if you're using NFS heavily. Fixes hard links issue


* Notes:
NMAS comes with eDirectory IR6
Apply NMAS 2.3.8 (or greater).
To apply NMAS 2.3.8, you must be running a minimum version of NICI 2.6.7 (found at http://download.novell.com ) and SECUPD8.

You can download NMAS 2.3.8 from the latest eDirectory IR patch ( eDir8736.exe ) Please refer to eDir8736.exe readme for install instructions.

Once eDir8736.exe has been extraced you will find:

SECUPD8 in the following folder:
./security/secupd

NMAS 2.3.8 in the following folder:
./secuirty/nmsrv238



Thursday, June 23, 2005

GroupWise Password Security Issue

I'm not sure if you've heard of this "GroupWise Flaw".
Here are some links that have come through my email inbox. I'm sharing this information with you.

Novell in trouble over GroupWise flaw - ZDNET Australia

Novell GroupWise Plain Text Password Vulnerability

Overview: A Vulnerability exsists in the Novell GroupWise Client that will allow an attacker to identify the id and password of the users GroupWise email account.

Technical Description:
The username and password can be dumped out of memory for the process grpWise.exe while GroupWise is running. Using a tool such a pmdump to dump the memory of the process the username and password are clearly visible in plain text. This can be exploited remotely as well, by using pmdump with something like psexe form Sysinternals

Non Novell Consultant comment:
>>> "David F" 06/22/05 4:27 pm >>>
I ran a PMdump on the Grpwise.exe process. Yes the username and password are in clear text. The grpwise.exe dump was almost 80MB running it the way PMdump showed. I don't see this as much of a security risk as there is nothing in the dump that explcitly tells you, you are looking at a username and password. It is a lot of searching, you can't just type in the word "username" in a find box and find out what you need. You'd need to have implicit knowledge of what you were looking for and the username.

Response from GWAVA:
Other messaging clients operating under the Windows XP platform might also exhibit this vulnerability as it is very common. Please refer to the Recommendations for best practices for reducing your risk for exposure.

Recommendations: Implement screen saver password protection and log out of mail clients when leaving your workstation unattended. Install the patch when it is made available by the vendor. Migrating to Linux based Desktops such as Novell Linux Desktop would also prevent this issue.

Solution - in progress:
Novell is treating this at the Highest Priority. Development is fully engaged in investigating and resolving this issue. Novell will make a public statement once a Patch is available.

This can only be exploited if someone has access to your workstation and is able to run applications against your machine. And of course, if GroupWise is left running unattended.

Workaround: Lock your workstation when you leave your desk OR exit GroupWise when you leave. Locking your Workstation should be common habit anyway or everything on your machine is vulnerable.

- Bucky

Clear Text Password Vulnerability in Mail Clients

Clear Text Password Vulnerability in Common Mail Clients on Windows
Statement from GWAVA: Issue Date: June 21, 2005
Author: Joe Bertnick

Overview:
Passwords stored in memory as clear text for multiple mail systems operating on Windows desktops.

Affected Systems:
Outlook 2003
GroupWise 6.5.4 (Windows Client Only)
Thunderbird 1.02 (Windows Client Only)

Note: Other messaging clients operating under the Windows XP platform might also exhibit this vulnerability as it is very common. Please refer to the Recommendations for best practices for reducing your risk for exposure.

Impact:
Unrestricted access to the mailbox of a single user and possible password usage on other directory enabled systems.

Details:
This issue was first reported via insecurity.org by the security team at truedson.com as a vulnerability in GroupWise. A link follows with the original posting.

GWAVA Security Research elected to further research the vulnerability along multiple mail platforms and provide a work around for customers.

There are a number of applications that cache authentication information in memory as plain text. GroupWise, Outlook and Thunderbird mail clients all operate in this manner. With a client loaded into memory and authenticated to the mail system, someone could execute a memory dump of the application and recover the password. The password will always be located at the same offset.

This is a common vulnerability in many client applications operating on the Windows operating system and as such users of Windows should follow the recommendations listed below.

Recommendations:
Implement screen saver password protection and log out of mail clients when leaving your workstation unattended. Install the patch when it is made available by the vendor. Migrating to Linux based Desktops such as Novell Linux Desktop would also prevent this issue.

References:
Original Posting: http://seclists.org/lists/fulldisclosure/2005/Jun/0262.html

Wednesday, June 22, 2005

eDirectory - A Look Ahead

This summary article, adapted from BrainShare 2005 Tutorial 278, discusses what's current and what's ahead for eDirectory - featuring the upcoming eDirectory version 8.8.

http://www.novell.com/coolsolutions/feature/15105.html

Current and Interim Releases

Version 8.7.3 of eDirectory was released in January 2004. Here are some of its key features:

  • Added support for Windows 2003
  • Unix package-based installer
  • Novell Certificate Server 2.7
  • Bundled products
  • Novell iManager 2.0.2
  • Novell Modular Authentication Service 2.3
  • Novell eGuide 2.1.2

Novell has also produced several eDirectory 8.7.3 Interim Releases, from February 2004 to January 2005. These releases have resolved approximately 550 defects.

Version 8.7.3 IR5 was delivered with OES 1.0. It includes bug fixes, NCP engine support on SLES, and installation improvements. Version 8.7.3 IR6 was released in April 2005, featuring better memory management and fixes for localization defects.

Novell eDirectory 8.8 - Focus and Features

Version 8.8 of eDirectory focuses on the following things:

  • Installation and Upgrade Enhancements
  • Performance Improvements
  • Security Enhancements
  • New Developer Interfaces

Installation and Upgrade Enhancements

Here are the main install and upgrade improvements in version 8.8:

  • Installation is fully scriptable.
  • Installs can be done through YaST on SLES.
  • FHS and LSB compliance is supported.
  • An alternate data (DIB) location can be specified.
  • Supervisor rights to the [root] of directory is no longer required to install the service.
  • The service can be run as a non-root user on Linux or UNIX.
  • Installs are patchable.
  • Installs and updates can be done via Ximian Red Carpet.
  • SecretStore is installed by default.
  • The dependency between eDirectory and iManager is removed.
  • Server Health Check and Patch Installer tools are included.

Performance Improvements

Data Import "BulkLoad" Improvements

You can select any of the following options to improve data import performance:

  • Disable in-line change cache
  • Disable ACL templates on inetOrgperson
  • ??? No schema check; Indexing off ???
  • Enable Multi-threading on client and server

Priority Sync

Priority Sync is used for instant convergence for real-time attributes such as passwords. It is configurable per attribute. Priority Sync writes change to all replicas at once - the normal replication process negotiates the rest.

Multi-Instance Support

Multi-instance support in Version 8.8 enables you to host more than one instance of eDirectory on a server.

With multi-instance support, you can:

  • Maximize high-end host hardware.
  • Open up new performance configuration options.
  • Use a dedicated IP address per service instance.
  • Use more than one tree per server.
  • Use multiple replicas of the same tree or partition on a single server.
  • Assign an interface for each partition to accelerate searches.

  • Security Improvements

    New Encryption Options

    In version 8.8 you can encrypt attributes within the DIB. The attribute is encrypted on a per-server basis. Once encrypted, attributes can be accessed through clear text or secure channel (e.g., SSL).

    Encrypted replication can also be done. You can set the replication traffic to be encrypted, on a per-partition or per-replica basis. Per-server is not currently supported but may be in the future.

    Case-Sensitive Passwords

    In eDirectory 8.7.1 and 8.7.3, when you enabled Universal Password, the password was case-sensitive only when you logged in through Novell Client32. The password was not case-sensitive when you logged in through other clients (for example, the eDirectory SDK or iManager).

    With eDirectory 8.8, you can make your passwords case-sensitive for all the clients.

    Object-based Backup and Restore

    Object-based Backup and Restore is implemented through an extension to LDAP. It is used to back up the attributes and attribute values of one object at a time. This process returns same data as the Target Service Agent (TSANDS). This feature is available through C LDAP and the Java LDAP SDK.

    Object-based Backup and Restore has the following advantages:

    • You can do incremental backup, where the object is backed up only if changes have been made to it.
    • It works on all eDirectory-supported platforms.
    • It is reverse-compatible with TSA.

    SASL-GSSAPI Support

    The LDAP SASL-GSSAPI mechanism is an authentication module that helps the LDAP server authenticate to a user based on a Kerberos ticket. This support is targeted at LDAP application users in environments that already have the Kerberos infrastructure in place.

  • These users must be able to use the Kerberos tickets obtained from the Kerberos server to authenticate to the LDAP server, without providing a separate LDAP user password.


  • ======
    I'm most excited about Multi-Instance Support!

    See more on this information at Novell Cool Solutions.
    - Bucky

    Monday, June 20, 2005

    Timesync Tips NW 6.5SP3 and OES NetWare

    This was recently posted at Novell Cool Solutions:

    Over the past few months I noticed some of our NW 6.5 servers (eDir 8.7.3.3) would lose timesync. We have one reference (gets time via NTP over Internet) and two primary time servers. These 3 servers always appear to be in sync with each other.

    The problem is with some of the secondary NW 6.5 servers. If I look at the timesync debug screen on some of these servers they may be several seconds (8 to 10 or more) out of sync. Restarting timesync will fix it but it may drift out again after several hours. I found that if I switched from using NTP (:123) in timesync.cfg to just using the IP address, time stays in sync without a problem. This is a workaround for now, but we would prefer to standardize on NTP for all time synching.

    Solution
    Two of our Forum experts contributed some practical suggestions on the topic, as follows:

    Expert 1: On NetWare 6.5 Sp3 and above if you want to use NTP, use XNTPD.NLM instead of Timesync. You can make this happen automatically by editing TIMESERV.NCF and remming-out the LOAD TIMESYNC line and un-remarking the LOAD xntpd line.
    You also need to edit /etc/ntp.conf to point it at the proper NTP server(s).




    Expert 2: Here are some common gotcha's of timesync ...
    * In Monitor > Server parameters > Time, make sure you have "Default Time Server Type" and "TimeSync Type" both set to the exact same thing.
    * Set "Configured Sources" to "on" and theIP address with port 123, followed by a semi-colon.
    * Make sure the NTP client can hit the NTP server's port 123 (nmap can tell easily, or at least I like it best)?
    * Verify that RADIUS is set to just port 2000.

    I have twice seen cases where the hardware clock was nuts. In both cases, we watched them rush ahead of real-world time when we disabled timesync and watched the time source and the bad box simultaneously (via rconj, freecon, whatever). That doesn't happen often, but it may be something to check.

    Friday, June 17, 2005

    News from Premium Service - June

    June 16, 2005

    Issue 6, Volume 5



    News
    & Views



    100 Best Corporate Citizens for 2005, Business Ethics Magazine, Spring 2005

    [Novell ranked #9 on this year's survey. – Editor]

    http://www.business-ethics.com/whats_new/100best_2005.html#How%20the%20List%20Is%20Put%20Together


    U.S. Health Department Signs Major Linux Deal With Novell, InformationWeek, June 1, 2005

    HHS is already a user of Novell products, however the new deal provides an enterprise license to Novell's Linux and OpenSource products, the spokesman says. The pact doesn't require HHS or NIH to migrate off other platforms used in their environments, he says.

    An NIH source says there are no plans to "unseat" Microsoft products, which are widely used throughout HHS. However, Linux products provides "an attractive low unit cost" for thousands of scientific users within NIH and other HHS agencies, such as the Centers for Disease Control and Prevention, the NIH official says.”

    http://informationweek.com/story/showArticle.jhtml?articleID=163702338


    Desktop Linux: Ready for Prime Time?, RedmondMag.com, June 2005

    Three of the products reviewed here impressed me as suitable for use on a desktop within a business setting: Novell Linux Desktop 9, Red Hat Professional Workstation, and SuSE Linux Professional 9.2. All three offered the ease of use, administrative tools, and the robustness necessary in a corporate environment.

    Novell is strongly pushing Linux, and essentially betting the company on its success. The company has been very successful with creating a strong server product and is now trying to carry that success down to the workstation. Because two of the three best offerings (SuSE Linux and Novell Linux Desktop) are from Novell, I believe that Linux will make inroads into corporate desktops this year and give Windows XP an honest run for the market.”

    http://www.redmondmag.com/features/article.asp?EditorialsID=485


    Novell's one-two punch, NetworkWorld, April 25, 2005

    With $1.7 billion in cash and ranking among the top 25 most profitable companies on the NW200, Novell has more than a fighting chance with its Linux-plus-management strategy.

    "'Even though Novell's revenue performance in the first quarter was disappointing, with $1.7 billion cash on hand, the company has a lot of room to maneuver in terms of adding to and providing support services [for OES and SuSE Linux],' Hurley adds.” http://www.networkworld.com/nw200/2005/042505novell.html?net


    NetWare Platform Is Far From Dead, eWeek.com, April 18, 2005

    Far from sounding a death knell for NetWare, however, the work Novell has done to plaster over the differences between NetWare and Linux in OES should extend the life of NetWare as a platform. This is good news for NetWare shops that aren't ready to migrate off this stalwart platform.” http://www.eweek.com/article2/0,1759,1785989,00.asp


    TUX magazine debuts

    TUX is the first and only magazine for the new Linux user and is dedicated to promoting and simplifying the use of Linux on the desktop.

    TUX is published by SSC Publishing, the leading Linux and Open Source authority, publishing reference materials in these fields since 1983. Properties include LinuxGazette.com, DocSearls.com, TuxMagazine.com, LinuxJournal.com, and the the award-winning international print magazine, Linux Journal. http://www.tuxmagazine.com/


    Windows can't kill Linux, InfoWorld, May 9, 2005

    In a recent column, Tom Yager provocatively declared, 'Linux can't kill Windows.' Linux is just an OS, he said, whereas commercial offerings such as Windows and Mac OS X give developers a complete platform on which to build applications. His conclusion was that Linux will never be truly ready to compete for a seat at the big table.

    He's wrong, of course.” http://www.infoworld.com/article/05/05/09/19OPopenent_1.html


    British study: schools can save by ditching Microsoft, cNet News.com, May 6, 2005

    A study by Britain's Educational Communications and Technology Association found that primary schools in the UK could cut their computer costs significantly by avoiding software from Microsoft.

    Results of the study, which are due to be released next week, were reported on Friday by The Times Educational Supplement, a British paper. The TES said that the study doesn't actually use Microsoft's name, but leaves little doubt by referring to the world's largest software maker.

    According to the paper, the study compared costs at 33 schools that employ commercial software and 15 using open source. The study finds that the open source-based schools saved an average of 24 percent on software, hardware and support, again according to the TES report.” http://news.com.com/2061-10805-5698429.html


    Cool SolutioNshttp://www.novell.com/coolsolutions/


    Linux Login to NetWare Script

    Easy to use script for making an NCP connection to NetWare.

    http://www.novell.com/coolsolutions/tools/14952.html


    Integrating Novell Linux Desktop into a Novell NetWare network

    As I researched the use of Novell Linux Desktop (NLD) in a NetWare 6.5 Network, I became frustrated with the lack of documentation concerning using NLD as a client to a NetWare server. I started out by scouring the Novell site for Documentation \ TIDS and Cool Solutions. This search turned up very little. I decided that I needed to figure out a path through NetWare's NFAP and LDAP tools to create what I thought would be some crude connectivity. After working for a little while on LDAP authentication I was guided by a fellow Forum reader who had figured out how to get LDAP authentication working by using the directions for authenticating to eDirectory on Linux.” http://www.novell.com/coolsolutions/trench/15201.html


    TraiNinghttp://www.novell.com/training/


    Getting Started With Linux: Novell’s Guide to CompTIA’s Linux+

    Getting Started with Linux: Novell’s Guide to CompTIA’s Linux+ (Course 3060) introduces students to the knowledge and skills needed to manage all Linux distributions. Specifically, this course covers the objectives outlined by CompTIA® for its Linux+ exam and certification, an international industry credentials that offers proof of knowledge...

    Not only does this course prepare students for the CompTIA Linux+ exam; it offers an excellent way to begin preparing for the Novell Certified Linux Professional (Novell CLP) practicum exam. In fact, after completing this course, students will have acquired one-third the knowledge needed to become a full Novell CLP, the ideal certification for people interested in become Linux administrators.

    http://www.novell.com/training/train_product/linuxplus.html


    Products & SolutioNs http://www.novell.com/products/ & http://www.novell.com/solutions/


    Linux is about more than software. It's about tech support. It's about consulting expertise. It's about training. And most importantly, it's about you - how will Linux help you run your business better?


    Not all Linux distributions are created equally. Perhaps it's time you take a look at SUSE LINUX Enterprise Server from Novell. Read all about it at http://www.novell.com/linux/getservices/


    Patches & Fixes http://support.novell.com/filefinder


    These are the “New this week” patches. Note that some are BETA; be sure to check our website for details about them. The Security Alert Fix symbol indicates a security alert.


    Product

    Patch Date

    Patch Name

    Description

    SecureLogin

    06/10/05

    sl351201.exe

    Post SP2 updates for SecureLogin 3.51


    NetWare 6

    06/10/05

    nw6nss5c.exe

    Post SP5 NSS modules for NetWare 6.0


    NetWare

    06/10/05

    n65nss3a.exe

    Post SP3 NSS modules for NetWare 6.5


    Novell Clients

    06/08/05

    491_pka.exe

    Novell Client 4.91 Update "A"


    NetWare 6

    06/08/05

    mmft2a.exe

    Media Manager and NWPA updates


    GroupWise

    06/08/05

    fwa655c.exe

    GroupWise 6.5.5 WebAccess Rev C (NW/Win)


    GroupWise

    06/08/05

    fgwia655e.exe

    GroupWise 6.5 SP5 Internet Agent Rev. E


    GroupWise

    06/08/05

    fgw655e.exe

    GW 6.5 SP5 Agents Rev 5


    ZENworks 6.5 Suite

    06/08/05

    zen65inv_sd_4.exe

    ZENworks 6.5 Inv Software Dict Update 4


    NetWare 6.5

    06/07/05

    iprntnwpcsp12b.exe

    iPrint NW Post Consolidated SP 12b


    NetMail 3.5, Nterprise Linux Services 1.0 Security Alert Fix

    06/06/05

    netmail352c_lin.tgz

    NetMail 3.52C Update for Linux


    NetMail 3.5, Nterprise Linux Services Security Alert Fix

    06/06/05

    netmail352c_nw.zip

    NetMail 3.52C Update for NetWare


    NetMail 3.5, Nterprise Linux Services Security Alert Fix

    06/06/05

    netmail352c_win.zip

    NetMail 3.52C Update for Windows


    NetWare 6.5

    06/06/05

    nw65os3a.exe

    NetWare 6.5 SP3 Updated SERVER.EXE


    DirXML, Identity Manager

    06/06/05

    idm20xnisir1.tgz

    Updated NIS driver for IDM2.0.x on Solaris


    NetWare 6.5

    06/06/05

    xvsft2.exe

    Xsession Vulnerability Fix



    New TIDshttp://www.novell.com/coolsolutions/collector/tids_new.html


    Status: 503 Service Unavailable – TID10097986

    Tunneling Control is enable in proxy.cfg.

    An error is displayed on the browser:

    Novell BorderManager Information Alert

    HTTP ERROR

    Status: 503 Service Unavailable

    Description: The requested method is not allowed on this scheme type. Tunneling through the port being used is not allowed

    Please contact your Systems Administrator for resolution.

    When Tunneling Control is enable in proxy.cfg and few ports are added, only the first one will allow traffic. The rest will fail. If changing the order of the ports, the one becoming now the first one, is the one that will work

    http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097986.htm


    Invalid syntax error when using the eMBox client to backup NICI files via the " - TID10098019

    http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098019.htm


    HP 10.x NFS client hangs when doing ls on NetWare NFS. - TID10096446

    HP 10.x NFS client enters infinite loop when getting directory list of a NetWare NFS shared directory.

    http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096446.htm


    Message body containing too much plain text cuts off part of the content at the – TID10097993

    http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097993.htm


    In Their OwN Wordshttp://www.novell.com/success/ & http://www.novell.com/news/leadstories/archive/


    Nothing is broken or out of revision, so it doesn't make sense for us to make the move," said Carmen Rahm, senior director of IT Services at Central Washington University. "We have been running Novell GroupWise for years without any virus attacks or unexpected downtime. Novell also offers a solid directory which fully meets our needs and gives us a road map for our plans to move to open systems.”


    "Mobility is no longer a luxury," said Rahm. "The ability to provide consistent remote e-mail access is absolutely critical for us to remain efficient in a time of tight budgets. With the BlackBerry Enterprise Server for GroupWise, we didn't have to look elsewhere for mobile support."


    "I've had my BlackBerry glued to my hand since we installed the BlackBerry Enterprise Server," said Rahm. "Now I can do e-mail while walking across campus or waiting in line for a latte. We're eliminating an enormous amount of wasted time and helping make our staff far more productive. With GroupWise and BlackBerry, you don't have to go looking for your e-mail - it finds you."


    "The BlackBerry doesn't care what's on your desktop - it just synchronizes with a server," said Roland Tollefson, director of Networks and Operations at Central Washington University. "We are reducing the frustrations of our Macintosh users and expect support calls related to PDAs and e-mail to drop to zero.”


    "We want to be able to pick and choose our own applications and features, without being tied to a certain vendor," said Tollefson. "It's important that our e-mail system give us that flexibility down the road."


    Read more about Central Washington University at http://www.novell.com/success/cwu.html?sourceidint=ic_nb050505_cwu


    Totally IrrelevaNt Website(s) of the Day


    I'm a student, with limited funds and a cheap house without air conditioning. To avoid dying this summer, I've built a primitive air conditioner. It's a basic heat pump, using water as the medium. You'll probably need to fiddle a bit with the dimensions of the supplies based on your resources and preferences.


    The system will cool an average room to a comfortable level in approximately 15-20 minutes. Depending on flow rate, a full bucket of water will last approximately 1-3 hours.

    “It doesn't rip quite as hard as central air, but for less than $30 CAD I'm not complaining.”


    Find out more about this home-made air conditioner at http://www.eng.uwaterloo.ca/~gmilburn/ac/



    As always, if you have any questions, please feel free to contact me.


    Bucky


    Novell, Inc., The leading provider of informatioN solutions

    www.novell.com


    Tuesday, June 14, 2005

    OES NW and 6.5 SP3 Product Differences.

    Differences between Open Enterprise Server NetWare and NetWare 6.5 SP3

    -------------------------------------------------------
    Non-OES NetWare 6.5 SP3
    -------------------------------------------------------
    | |iManager 2.0.2 Novell iManager 2.0.2
    | |NWS 3.0.2 NetWare Web Search Server
    | |VOffice 1.3.0 Novell Virtual Office
    -------------------------------------------------------

    -------------------------------------------------------
    OES NetWare 6.5 SP3
    -------------------------------------------------------
    | |iManager 2.5.0 Novell iManager 2.5
    | |OES 1.0.0 Open Enterprise Server
    | |QFind 4.0.1 QuickFinder Server
    | |VOffice 1.5.0 Novell Virtual Office
    -------------------------------------------------------

    NOTE: There are NO schema differences between the 2 variants.

    Thursday, June 09, 2005

    NetWare 6.5 SP3 Updated SERVER.EXE

    The new SERVER.EXE 5-23-2005 has been released to Beta. This release also fixes abend issues.

    http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971567.htm

    With NetWare 6.5 Support Pack 3 customers have reported experiencing memory problems. The files included in this update are designed to address these concerns. Included in this package is an updated SERVER.EXE file and an updated PORTAL.NLM file. Both of these files update code from NetWare 6.5 Support Pack 3 only.

    Please see other related posts on Memory Issues in the archives.
    - Bucky

    Wednesday, June 08, 2005

    About Novell Premium Services Programs

    Novell is well known for it's excellent technical service and support. But did you know that Novell also offers many Premium Support Programs? For example, I'm a PSE or Primary Support Engineer. I'm assigned no more than three companies or entities for 24/7 support. PSE's usually exist in different regions to be near their customer base to have a closer relationship.

    Program Feature Chart

    Novell Premium Support Features

    Novell also offeres onsite offerings and scheduled standby services as well as other service modules.

    Novell also has many Linux Support offerings

    For more information contact your local Novell Sales office or contact Novell at 800-529-3400 or 800-321-4272

    - Bucky
    Novell Primary Support Engineer

    Tuesday, June 07, 2005

    Open Enterprise Server: Quick Start Guide

    We've heard from some new Open Enterprise Server customers who are a tad bit confused about how to apply the activation code that lets them access their product updates. Here's something that will help a lot.

    This quick start guide is designed to give you an easy reference to the Open Enterprise Server activation. It describes how to download and register the Open Enterprise Server licenses, download your certificate, add users to your company's account, and obtain product updates.

    http://www.novell.com/coolsolutions/tip/14627.html

    Download PDF Guide Now





    Here's an excellent fast track to increase your knowledge of Open Enterprise Server. Use the OES Lab Guides to take you step by step through Installation, setting up the eDirectory infrastructure. In Addition these guides have excellent lab projects to get you familiar with Novell Samba, iFolder, Virtual Office, iPrint, Netstorage, eGuide and Linux User Management.

    OES for Linux Lab Guide

    Download OES Linux Lab Guide PDF Now

    OES for NetWare Lab Guide

    Download OES NetWare Lab Guide PDF Now

    Enjoy
    - Bucky

    Monday, June 06, 2005

    Novell Brainshare Presentations Available

    Did you miss Brainshare 2005 this year? Well, did you know that you can still obtain the ALL the Novell Brainshare sessions?

    Download all the PDF Brainshare Sessions now. 184 MB

    Download all the Open Office Brainshare Sessions now. 214 MB

    More information about Brainshare:
    http://www.novell.com/brainshare/index.html

    Novell Brainshare Session Index

    Don't forget the Novell Marketing Videos

    Enjoy!
    - Bucky

    Monthly News Letter June 2005

    "Leveraging Novell technology gives us reliability, stability and performance. Only Novell gives us the ability to maintain our network with an extremely small IT staff. Our new identity management capabilities increase our network manageability, as well as our return on investment." Russell Seibert, Senior Network Engineer, Penn Hills School District

    This newsletter is a collection of information from Novell. It is provided to give you insight on how Novell can help.

    What is the benefit to you? The biggest benefit is it provides links into Novell's website that can provide you with more information. Information that will help you pro-actively plan and manage your network environment; links where you can find tools, answers and solutions.

    SUPPORT ISSUES & INFORMATION

    Novell Remote and Managed Services

    Your network must be available 24x7, and that kind of uptime requires vigilance. Overlooked performance issues can eventually monopolize your IT staff, limit productivity and result in downtime. With demands already high on both your staff and shrinking budget, you need a way to reliably monitor and manage your Novell and Linux systems.

    Who better than Novell to expertly manage these technologies? Novell Remote and Managed Services provides proactive monitoring—and even onsite management—to ensure your Novell technologies and leading-edge Linux systems are always running smoothly. These services help you make the most of your technology investments and your IT staff.

    For more information on Remote and Managed Services, visit

    http://www.novell.com/services/remote/


    OS Migration

    For many companies, OS migration is a never-ending cycle that eats up enormous amounts of money and IT personnel time.

    You may have heard the term Y2K+5. It's the technology world's acronym for "It's time to upgrade your PCs." Most organizations have been holding on to aging PCs and their equally aging operating systems since Y2K. In the face of a tough economy, this may be understandable, but are you putting your company at risk by not making the switch to more up-to-date hardware and software?

    In this article, we'll focus on the software side of operating system (OS) migration. OS migration is typically defined as the process of moving a user's computer (desktop or laptop) from one OS version to a more current one. As you're painfully aware, this also involves migrating users' personal settings, data and applications.

    For more information on OS migration visit

    http://www.novell.com/identity/resourcemanagement/os_migration/


    Take Linux to the Next Level Web Seminar

    You don’t have to be locked into UNIX. Find out what the experts are saying, what the users are doing and how an enterprise Linux solution from Novell can give you the freedom you didn’t think was possible. Register now this three-part Web seminar series and learn how to deploy Linux in your enterprise.

    To find out when these will be held, what they are about, or to register, visit http://register.novell.com/listings/?id=29&sourceidint=hp_e3_linuxseminar


    Upgrade to Novell Open Enterprise Server Today

    NetWare has been good to you. It's secure, reliable, and has been a cornerstone of your IT environment for years. Now it's time to upgrade to the next generation of NetWare® — Novell® Open Enterprise Server. For more information about OES, or additional opportunities, visit http://www.novell.com/products/openenterpriseserver/upgradebusiness.html?id=19&sourceidint=hp_a2_oes_openmind


    Identity and Access Management - Secure Enterprise Dashboard

    Agility—the ability to adapt quickly to new business demands and changing market conditions—is crucial to success in today’s fast-paced business environment. To gain the agility needed to make informed decisions on behalf of your organization, you need accurate, up-to-the-minute information about your business operations as well as information about your customers, service offerings, market trends and competition.

    The Novell® secure enterprise dashboard solution—part of the Novell family of service-oriented architecture solutions—provides the answer. The solution gathers information from the dozens of different business systems across your enterprise, consolidates it and puts it at your fingertips in an intuitive format that’s customized to your role and responsibilities. So you have everything you need to make fast, informed decisions and support compliance with information disclosure regulations like Sarbanes-Oxley.

    For more information visit http://www.novell.com/identity/soa/secure_enterprise_dashboard/


    Novell ZENworks Asset Management

    Novell® ZENworks® Asset Management integrates asset inventory, software usage and license reconciliation to provide the most complete, accurate view of software installations and license compliance available. The combination of hardware, software and purchasing data enables you to get a complete view of your IT assets. This ensures license compliance and eliminates software overspending. For more information on asset management visit http://www.novell.com/products/zenworks/assetmanagement/overview.html


    Identity and Access Management Solutions

    With Novell identity and access management solutions, you can safeguard your systems and deliver the right resources to the right people—securely and efficiently.

    For more information on Identity and Access Management Solutions, visit http://www.novell.com/identity/access/


    VIRUS Warnings

    To find more on virus protection, removal tools, or security advisories visit: http://securityresponse.symantec.com


    W32.Appfelt.A@mm

    W32.Appfelt.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all email addresses that it finds on the compromised computer.

    For more information on this worm, visit http://securityresponse.symantec.com/avcenter/venc/data/w32.appfelt.a@mm.html


    W32.Mytob.DA@mm

    W32.Mytob.DA@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

    For more information on this worm, visit http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.da@mm.html




    W32.Mytob.CY@mm

    W32.Mytob.CY@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

    For more information on this worm, visit http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.cy@mm.html


    VBS.Ypsan.F@mm

    VBS.Ypsan.F@mm is a mass-mailing worm that sends itself to all email addresses gathered from the Windows Address Book and also spreads through file-sharing networks. The worm deletes several files, folders, and registry entries, and attempts to shut down the compromised computer. For more information on this worm, visit http://securityresponse.symantec.com/avcenter/venc/data/vbs.ypsan.f@mm.html


    Technical Information Documents

    More TIDs can be found for specific products by going to

    http://support.novell.com/products/psMenu.jsp


    NetWare

    Server abends when generating an Open SSH key pair - TID 10097264

    When using a commandline 'ssh-kgen -t dsa' or 'ssh-kgen -t rsa' the server will abend after you accept the default file name.

    The fix can be found in the TID.


    Unable to access shares on a CIFS/NFAP enabled server - TID 10097527

    Unable to access shares on a CIFS/NFAP enabled server, the CIFS shares were visible but when clicking on the share users were prompted to authenticate when the Authentication mode was set either as Domain or Workgroup. The server CIFS configuration was correct and at the console this was confirmed by typing: "CIFS Info". Supplying credentials when prompted did not allow access to the Shares on the NetWare server, when supplying credentials no error message was being returned, the user was prompted again to authenticate.

    The solution can be found in the TID.


    Upgraded from NW6.0 to 6.5 and now there is more than one SBD - TID 10097583

    While upgrading Cluster services portion server encountered an error and upon reboot server had missing partitions.

    The solution can be found in the TID.


    Unable to perform backups. Cannot see cluster resource using - TID 10097575

    Backup server fails to backup cluster resources. Backup server uses SLP but there are no references within SLP using SMDR.

    The solution can be found in the TID.


    Error: -1227 importing a third party certificat - TID 10055757

    Error: -1227 importing a third party certificate.

    Error: "Failed to store the public key certificate into the object (name) returned error code -1227."

    Cannot import VeriSign or third party certificates.

    Error: "603 Attribute not found"

    The solution can be found in the TID.



    GroupWise

    Double Fault Processor Exception, GWIA-Receive - TID 10097411

    Double Fault Processor Exception, GWIA-Receive

    GWIA abends receiving message.

    The fix can be found in the TID.


    GWIA Abends on startup - TID 10097448

    GWIA Abends on startup.

    GWIA directories are not created when the GWIA is started

    The solution can be found in the TID.


    How to add or remove registry keys when installing the GroupWise- TID 10097568

    How to add or remove registry keys when installing the GroupWise client.

    How to use SETUP.CFG to modify the client's registry settings.

    The solution can be found in the TID.


    Blackberry will not authenticate to the GroupWise Post Office- TID 10097582

    Blackberry will not authenticate to the GroupWise Post Office

    Blackberry log shows Login Unsuccessful and Login Failed

    The solution can be found in the TID.


    ZENworks

    Dynamic Local User (DLU) does not work, even though it is shows- TID 10097626

    Dynamic Local User (DLU) does not work, even though it is shows up as an effective policy for the user.

    Enabling ZENPOL logging only shows the following single line in the ZENPOL32.LOG file:

    The fix can be found in the TID.


    Launching Programs with Variables - TID 10097671

    The exe needs to be called the name of the session. Need to be able to NAL launch via a wild card or variable.

    The solution can be found in the TID.


    eDirectory

    How do I allow users to modify only specific attributes on their- TID 10097540

    How do I allow users to modify only specific attributes on their own object?

    The solution can be found in the TID.


    Workaound for error message stopping NDSD services in eDirectory- TID 10097569

    Workaound for error message stopping NDSD services in eDirectory 8.7.3 using a non-default database location.

    Error: "Validation failed in post_ndsd_start script."

    The solution can be found in the TID.


    ConsoleOne fails to open an object: Value not within bounds - TID 10097654

    ConsoleOne fails to open an object: Value not within bounds

    When checking the properties of an object, Console One displays the following dialog: Value_not_within_bounds

    The solution can be found in the TID.


    ERROR: 'classID' field set when 'BACKLINKED' flag is cleared on - TID 10097632

    ERROR: 'classID' field set when 'BACKLINKED' flag is cleared on Tree Root object

    This error is seen the second time a local database repair in DSREPAIR is run.

    If you check with DSBROWSE, the Tree Root object has a class of "Invalid ID". If you look at the attributes of the Tree Root object, you would also notice that the T attribute (naming attribute for the Tree Root class) is missing.

    The solution can be found in the TID.


    iPrint

    NDPS Printer Agent fails when resource is migrated - TID 10097596

    NDPS Printer Agent fails when resource is migrated.

    When the volume is migrated to a different node, NDPS Printer agents is no longer able to contact NDPS Manager.

    In ConsoleOne the NDPS Manager entry in the Printer Agent properties is shown empty.

    In NWADMIN32 the NDPS Manager entry in the Printer Agent properties is shown empty.

    Problem occurs with both HP and Novell Gateways.

    The solution can be found in the TID.


    How to push NDPS printer attributes to multiple printers - TID 10097674

    How to populate Printer agent attributes for many printers at one time.

    The solution can be found in the TID.