Installing OES2 and Avoiding SLES10 SP2!

TID 7000466

Open Enterprise Server 2 customers are advised not to download SUSE Linux Enterprise Server 10 SP2 at the present time.

TID 7000387

How to update SLES / SLED 10 SP2 - OES2 systems should NOT be updated to SLES10 SP2 at this time!

Cool Solutions: Installing Open Enterprise Server2 Into Existing Tree

Screen Shots - Screen by screen. Very useful.

http://www.novell.com/coolsolutions/appnote/19585.html?rnd=271504.72808083845

Whatever you do - Do NOT allow the system to Update or Install SLES10 SP2! I had a customer do this and we ended up re-installing and deleting the server out of the tree!

The customer upgraded the OES1 Linux to OES2 Linux and somehow updated SLES10 SP2 at the same time. Symptoms: eDirectory services stopped appearing in YAST and he couldn't mount his NSS drives. - Weird!

By the way. Here are some handy commands to check what services and catalogs have been registered.

To verify you have the catalogs you need enter - :rug ca

To verify the service typs enter - :rug sl (That is an L as in Lima, not a 1 [one])

Other rug commands:

:rug ca

:rug sl

:rug

:man rug

:rug shutdown

:rug restart

:rug pch -i (to see a list of installed patches)

:rug ref (refresh)

To manually register OES Linux use the following commands:

suse_register -a email= -a regcode-oes2=

Example:
suse_register -a email=joe@example.com -a regcode-sles=4adab769abc68 -a regcode-oes=30a74ebb94fa

Here is an example of someone that updated the OES2 Linux server with SLES SP2 and an example of what was seen. This is very similar to what my customer saw:

oes2:~ # zypper up
Restoring system sources...
Parsing metadata for SUSE Linux Enterprise Server 10 SP1...
Parsing metadata for Novell Open Enterprise Server 2...
Parsing metadata for SLES10-SP1-Updates...
Parsing metadata for OES2-Updates...
Parsing RPM database...
13 Problems:
Problem: pattern:novell-ncp-10-88.i586 cannot be installed due to
missing dependencies
Problem: pattern:novell-dhcp-10-88.i586 cannot be installed due to
missing dependencies
Problem: pattern:novell-netstorage-10-88.i586 cannot be installed due to
missing dependencies
Problem: pattern:novell-xtier-10-88.i586 cannot be installed due to
missing dependencies
Problem: pattern:novell-edirectory-10-88.i586 cannot be installed due to
missing dependencies
Problem: pattern:novell-base-10-88.i586 conflicts with other resolvables
Problem: pattern:novell-nss-10-88.i586 cannot be installed due to
missing dependencies
Problem: pattern:novell-nrm-10-88.i586 cannot be installed due to
missing dependencies
Problem: pattern:novell-lum-10-88.i586 cannot be installed due to
missing dependencies
Problem: pattern:novell-imanager-10-88.i586 cannot be installed due to
missing dependencies
Problem: product:OPEN_ENTERPRISE_SERVER-2.i686 conflicts with other
resolvables
Problem: pattern:novell-sms-10-88.i586 cannot be installed due to
missing dependencies
Problem: pattern:novell-samba-10-88.i586 cannot be installed due to
missing dependencies

Problem: pattern:novell-ncp-10-88.i586 cannot be installed due to
missing dependencies
There are no installable providers of novell-base for
pattern:novell-ncp-10-88.i586

Solution 1: delete novell-ncp
delete pattern:novell-ncp-10-88.i586

Solution 2: Ignore this requirement just here
number, (r)etry or (c)ancel>

If you the choose to apply 'solution 2' for these patterns it then turns
out 'move-to-sles10-sp2' is still being offered via the
SLES10-SP1-Updates catalog and it's this that (correctly) clashes with
novell-base-10-88.i586 and OPEN_ENTERPRISE_SERVER-2.i686!

Removing OES2 Linux out of the TREE

Removing a Server Object And Directory Services From a Tree

Use the following syntax:

• ndsconfig rm -a admin FDN eDirectory and its database are removed from the server.

Example, To remove the eDirectory Server object and directory services from a tree, you could enter the following command:

• ndsconfig rm -a cn=admin.o=company

ndsconfig Utility Parameters

• new
  Creates a new eDirectory tree. If the parameters are not specified in the command line, ndsconfig prompts you to enter values for each of the missing parameters.
  
• def
  Creates a new eDirectory tree. If the parameters are not specified in the command line, ndsconfig takes the default value for each of the missing parameters.
  
• add
  Adds a server into an existing tree.
  
• rm
  Removes the Server object and directory services from a tree.
  
• -i
  Ignores a tree of the same name, while installing a new tree. This option is generally not recommended for use.
  
• -S
  Specifies the server name. The default server name is host name.
  
• -t
  The tree name to which the server has to be added. If not specified, ndsconfig uses the tree name from the n4u.base.tree-name parameter specified in the etc/nds.conf file.
  
• -n
  The context of the server into which the Server object is added. If not specified, ndsconfig uses the context from the n4u.nds.server-context parameter specified in the /etc/nds.conf file.
  
• -d
  The directory path where the database files will be stored.
  
• -L
  The TCP port number on the LDAP server.
  
• -l
  The SSL port number on the LDAP server.
  
• -a
  Distinguished name of the User object that has Supervisor rights to the context in which the Server object and directory services will be created.
  
• -e
  Enables clear text passwords for LDAP objects.
  
• -p
  Installs eDirectory Server into an existing tree by specifying the IP address of a server hosting the tree. If this option is used, SLP is not used for tree lookup.
  
• -m
  Specifies the module name to install. While installing a new tree, you can install only the ds module. After installing the ds module, you can add the NMAS, LDAP, SAS, HTTP and SNMP services using the add command. If the module name is not specified, by default, all the five modules are installed.
  
• -o
  Specifies the HTTP clear port number.
  
• -O
  Specifies the HTTP secure port number.
  
• set
  Sets the value for the specified eDirectory configurable parameters. If the parameter list is not specified, ndsconfig lists all the eDirectory configurable parameters.
  
• get
  Lets you view the current value of the eDirectory configurable parameters.
  
• get help
  Lets you view the help strings for the eDirectory configurable parameters.

eDirectory - What's new in 8.8?

Today I was asked if it was ok to have a mixed tree with NetWare Server running eDirectory 8.7 and the new OES2 servers running 8.8. The short answer is... yes it's ok to have a mixed tree with different versions of eDirectory. It's not like in the old days with NDS v6 and v7 mixed with NDS v 8. But then I started thinking about this.

Novell Support recommends you don't have a mixed tree with mixed versions of eDirectory. You need to ask yourself; Are you running Single Sign on? Do you need Case Sensitive Passwords? Are you running IDM v3 or greater? Are you running eDirectory on Solaris? Are you using ZCM10 with automatic deployment? Are your OES2 Linux servers out numbering your older NetWare servers? Are you running eDirectory servers in the same tree over a slow WAN or the Internet?

If the answer to any of these questions is yes, then you need to upgrade your older servers to the latest version of eDirectory 8.8. The latest version is 8.8 SP3 or 8.8.3 (20216.83)

For anyone who hasn't looked at eDirectory in awhile, there have been some major enhancements since version 8.7:

• Numerous install updates:
• Multiple package formats for installation
• Automatic deployment through ZENworks® Configuration Management
• Installation and configuration of eDirectory through YaST
• Configuring multiple instances of eDirectory on a single host
• Authentication to eDirectory through SASL-GSSAPI
• Enforcing case-sensitive universal passwords
• Priority Sync
• Encrypted attributes and replication
• Improved bulkload performance
• LDAP-based backup
• Error logging

Here is a list of all the Technical Issues, Bug fixes, and Enhancements fixed in eDirectory 8.8.

• TID 3426981

Future enhancements Novell is working on past eDirectory 8.8 SP3:

• 64 Bit Directory Engine
• More performance improvements in BIND and SEARCH
• LDAP events and monitoring enhancements
• Domain Services for Windows

Another thing you can do with eDirectory on Linux and Windows - You can locate the DIBS (eDirectory databases) and logs to any directory you want to. This makes it easy for backing up eDirectory databases.

Here is a handy reference to the location of eDirectory components and files:

• NetWare: easy - sys:\_NetWare
• Linux: Not so easy - here is the list:

Configuration - /etc/opt/novell/eDirectory/
Database - /var/opt/novell/eDirectory/data/dib
Logs - /var/opt/novell/eDirectory/log
Libraries - /opt/novell/eDirectory/{lib lib64} /opt/novell/eDirectory/{lib lib64}/nds-modules
Binaries - /opt/novell/eDirectory/bin /opt/novell/eDirectory/sbin

Files:

• /etc/opt/novell/eDirectory/conf/ - Main Configuration Directory
• nds.conf - Primary configuration file for ndsd
• nsmodules.conf
  Configures how and what modules are loaded on startup
  To troubleshoot remark them out and load one at a time
• ndsimon.conf and ndsimonhealth.conf
  Allows for customization of iMonitor
• .edir/instances.$uid
  User specific instance file

Default Ports for eDirectory on Linux and OES2 Linux:

• NCP Port 524
• SLP Port 427
• LDAP Port 389
• Secure LDAP Port 636
• HTTPSTK (imon, iconsole) Port 8028
• Secure HTTPSTK Port 8030

• Locate the current httpstk ports - ndsconfig get grep http
• Locate the NCP ports - ndsconfig get grep tcp
• Locate the LDAP ports - ldapconfig get grep -i port

Linux Day 2008 Denver Oct 9

Register now for Novell Linux Day 2008!
I'll see you at the Denver Marriott on October 9, 2008

Event Location:
Denver Marriott City Center
1701 California Street
Denver CO 80202

Invalid incarnation Number creating NSS pool

Here is a resolution to a call I received last week.

Environment
==========
Novell OES2 with Linux
iManager 2.7
eDirectory 8.7 NetWare ; 8.8 OES2 Linux

Issue
==========
iManager Reports Invalid incarnation Number when attempting to create a NSS pool or Volume on OES Linux

Details:
==========
See TID 7000741
Deleted Proxy user, Not sure if the Proxy user was reinstalled correctly.
Systems admin tried running command as explained in the TID.
1. nssAdminInstall -a .admin.HPSD HPSD_TREE -p xpasswd -o .server1admin.HPSD HPSD_TREE

Troubleshooting
=============
1. nssAdminInstall -a admin.HPSD HPSD_TREE -p xpasswd -o server1admin.HPSD HPSD_TREE
Error ffffda2 installing nssAdmin

Converted HEX to Decimal and looked up 606
-606 0xFFFFFDA2 FDA2 = ERR_ENTRY_ALREADY_EXISTS
So.. It's telling us that "cn=server1admin.HPSD" already exists.

2. Compared cn=server1admin with cn=server2admin from NetWare Console using DSBROWSE. They were different. Renamed server1admin to server1adminOLD

3. Tried command again. This time received a success error:
Successfully installed nssAdmin.

Actions:
=======
1. In iManager, click Storage > Pools.
For instructions, see Section 8.1.3, Accessing Roles and Tasks in iManager.
2. Select a server to manage.
For instructions, see Section 8.1.4, Selecting a Server to Manage.
3. In the Pools list, select the pool you want to update.
Wait for the page to refresh. It displays the pools details and enables its management options.
4. Click Update eDirectory.
SUCCES

Cause:
============
1. Don't use leading DOT's with nssAdminInstall.
2. Systems Administrator had reinstalled the server, but failed to delete the "ServernameAdmin" account for the server. Then he deleted the account and re-created by hand. Once we renamed the account and used nssAdminInstall according to TID 7000741 we had success.

TID 7000741 Technical Information Document from Novell
http://www.novell.com/support/viewContent.do?externalId=7000741&sliceId=1