admin
July 2012 Maintenance for OES2SP3 has been released
The July 2012 Maintenance Patch for oes2 sp3 has been release
The 64 bit version can be found here
The 32 bit version can be found here
List of bug fixes in the July 2012 Maintenance for OES2SP3
- 142091: Inconsistency with naming in the GUI
- 142183: Secrets added to Gnome Keyring through CASAManager have a default key/value pair of GKPassword/novell
- 146015: A CASAKeyring is created to add secrets to the Gnome Keyring through CASAManager
- 147031: CASAManager should have a menu item.
- 155529: Firefox Tab is available in CASAManager Preferences even if Firefox is not installed
- 172719: Starting CASAManager with store locked throws exception
- 200912: After a lun is resized gpt does not work correctly
- 508945: When micasad is stopped its status is displayed as “dead”
- 509471: miCASASetCredential handles input argument incorrectly
- 523398: CASA Manager prints GTK warning messages on terminal
- 523402: CASA Manager prints messages on terminal when… Continue reading
July 2012 Maintenance for OES2SP3 eDirectory 8.8 SP6 patch 6 released
The July 2012 Maintenance Patch for eDirectory 8.8 SP6 has been release
The 64 bit version can be found here
The 32 bit version can be found here
List of bug fixes in the July 2012 Maintenance for OES2SP3 for eDirectory patch 6
- – 679767: NMAS Client aborts NCP connection and returns error -625 immediately upon having sent NMAS Start Session request on an idle NCP connection where server sent Watchdog packets.
- – 733188: eDirectory returns error 48 ‘Anonymous Simple Bind Disabled’ for authenticated TLS bind
- – 749516: Dclient DDCGetSEVList function does not return cifs users GUID causing CIFS users authorization failure and Memory/CPU spike up.
- – 765688: Right granted to dynamic group is assigned to whole tree, not just its members
| novell-dclient-32bit-8.8.6.6-0.7.x86_64.rpm | 372.8 KB (381796) |
| novell-dclient-8.8.6.6-0.7.x86_64.rpm | 385.3 KB (394647) |
| novell-edirectory-jclnt-8.8.6.6-0.7.x86_64.rpm | 273.7 KB (280353) |
| novell-edirectory-ldap-extensions-32bit-8.8.6.3-0.11.x86_64.rpm | 28.2 KB (28933) |
| novell-edirectory-ldap-extensions-8.8.6.3-0.11.x86_64.rpm | 29.7 KB (30492) |
| novell-edirectory-tsands-32bit-8.8.6.6-0.7.x86_64.rpm | 257.4 KB… Continue reading |
July 2012 Maintenance for OES11 eDirectory 8.8 SP6 patch 6 released
The July 2012 Maintenance Patch for eDirectory 8.8 SP6 has been release
The 64 bit version can be found here
List of bug fixes in the July 2012 Maintenance for OES11 for eDirectory patch 6
- – 679767: NMAS Client aborts NCP connection and returns error -625 immediately upon having sent NMAS Start Session request on an idle NCP connection where server sent Watchdog packets.
- – 733188: eDirectory returns error 48 ‘Anonymous Simple Bind Disabled’ for authenticated TLS bind
- – 749516: Dclient DDCGetSEVList function does not return cifs users GUID causing CIFS users authorization failure and Memory/CPU spike up.
- – 765688: Right granted to dynamic group is assigned to whole tree, not just its members
| novell-dclient-32bit-8.8.6.6-1.1.x86_64.rpm | 350.2 KB (358675) |
| novell-dclient-8.8.6.6-1.1.x86_64.rpm | 352.7 KB (361182) |
| novell-edirectory-jclnt-8.8.6.6-1.1.x86_64.rpm | 267.9 KB (274431) |
| novell-edirectory-tsands-32bit-8.8.6.6-1.1.x86_64.rpm | 258.3 KB (264554) |
| novell-edirectory-tsands-8.8.6.6-1.1.x86_64.rpm | 265.3 KB (271675) |
| novell-NDSbase-32bit-8.8.6.6-1.1.x86_64.rpm | 406.9 KB (416672) |
| novell-NDSbase-8.8.6.6-1.1.x86_64.rpm | 553.3 KB (566596) |
| novell-NDScommon-8.8.6.6-1.1.x86_64.rpm | 225.7 KB (231121) |
| novell-NDSimon-8.8.6.6-1.4.x86_64.rpm | 2.5 MB (2672112)… Continue reading |
Stand alone eDirectory 8.8 SP7 Patch 1
eDirectory 8.8 SP7 Patch 1 has been release for stand alone (non OES) Linux, Unix, and Windows
Issues addressed in the patch include
NDSD
– Object modifications taking longer on the Windows platform than on Linux (Bug 759576)
– Installing an eDirectory patch on Windows 2008 fails stating that the installed patch is of a later version (Bug 766254)
resulted in
– Alias objects not being returned during searches in iMonitor or iManager (Bug 738688)
– Dynamic group rights issue (Bug 765688)
– NDSD core from libslp.so.1 (Bug 492605)
– NDSD core after upgrading eDirectory to 64-bit on Solaris (Bug 750264)
LDAP
– LDAP control information is now shown in ndstrace (Bug 757770)
NMAS
– On Solaris an LDAP search on login time returned, “loginTime: 19700101000000Z” (Bug 734632)
– Error: -222 when changing a user’s password with write rights to the… Continue reading
How to find all DNS Locator objects
When installing DSfW into an environment were Novell DNS is already in use, be sure to use the existing DNS Locator object. It will simplify management for the all the zones and DNS servers. The locator object is used by the DNS/DHCP Console to return all zones and DNS servers the locator object knows about. If there are multiple locator objects then the first locator object discovered by the DNS/DHCP Console will be used. What will happen is only zones and DNS servers the DNS Loctor object knows about will be displayed and managed in the DNS/DHCP Console. This makes managing DNS difficult. Before installing doe a quick search for existing locator objects.
Do the following search to discover existing locator objects
ldapsearch -x -b “” -s sub objectClass=dNIPlocator
OES11 SP1 Beta released
The OES11 SP1 Beta has been publicly released
Check it out if you are interested in seeing some of the new features in OES
The big news for Domain Services for Windows is the simplified install.
The install allows for a simplified install
For the simplified install the YaST configuration screens have been minimized.
The first screen start with what type of install instead of the eDirectory screen.
Some screens have been eliminated and common default values are used automatically making the install less confusing.
Plus it runs on SLES11 SP2
For more info see http://www.novell.com/beta/auth/beta.jsp?id=4425&type=1
The ISOs can be found here:
ISOs:http://download.novell.com/Download?buildid=hXpxKX0Z4g8~
The documentation can be found here:
Docs:http://www.novell.com/documentation/beta/oes11/oes11_toc/data/index-stand.html
Delete an attribute on all users with a script
Here is the bases of a script to delete an attribute on a user.
I come across issues where an attribute was populated on several users that shouldn’t be there or you want to create new objectsids or just remove the existing objectsids and replace them with a back up.
Most DSfW installs are a name mapped install meaning the install is mapped to an existing container in the tree. If this is the case the domain name most likely will not patch to context in the tree and most likely the objectclass wit not be domain. An example of a domain with the name of novell.com mapped to a container with an objectclass of Organization (o=novell) and not domain (dc=novell). Even it if is a dc most likely the fdn does not match the domain name. Continuing with our example of novell.com that would… Continue reading
Troubleshooting slow logins and unresponsive DSfW servers
I have seen several issues were a DSfW server becomes sluggish or unresponsive. Logins can take several minutes. Some times ndsd or another DSfW process crashes.
If a DSfW server running DNS has a DSfW specific process stop or crash a quick stop gap measure is to monitor the DSfW processes and restart them if one or more of the DSfW processes stop. I created a simple script that will check that a pid exists for each process. The script is called dsfw_processchk.sh. While it does not restart DSfW in every condition like if a process continues to run but is not responding or say a process crashes but the pid is never cleaned up, it does work for most situations. Create a cron job to run the script every hour, 30 minutes, 10 minutes, what ever you desire. My… Continue reading
Script to monitor DSfW processes and restart services
If a DSfW server running DNS has a DSfW specific process stop or crash a quick stop gap mesure is to monitor the DSfW processes and restart them if one or more of the DSfW processes stop. I created a simple script that will check that a pid exists for each process. The script is called dsfw_monitor.sh. While it does not restart DSfW in every condition like if a process continues to run but is not responding or say a process crashes but the pid is never cleaned up, it does work for most situations.
Create a cron job to run the script every hour, 30 minutes, 10 minutes, what ever you desire. My recomendation is to not go below 5 minutes since eDirectory might take several minutes to stop and start again.
To create a cronjob use the crontab command with the -e… Continue reading
Backup ObjectSid
For a disaster recovery issue it might be necessary to have a backup of all objectsSids for users and computers.
Here is a simple script to create a ldif file that is ready to import and replace existing objectsids.
Since computers have an objectclass of user setting the filter to “(&(objectclass=user)(objectsid=*))” will return all users and computers with an objectsid. The base can be set to the domain name context (ex: dc=domain,dc=com) if this is ran from a DSfW server other wise use the standard context in eDir (ex: o=novell) assuming this is a name mapped install and the context does not use dc objectclass.
#!/bin/bash
ldapsearch -x -LLL -H ldaps://localhost:636 -D cn=admin,o=novell -W -b “o=novell” -s sub “(&(objectclass=user)(objectsid=*))” dn objectsid|sed s[objectsid[‘changetype:modify\nreplace:objectsid\nobjectsid'[g | grep -v ^# > Objectsids_restore.ldif
exit 0
Trouble shooting Kerberos on a DSfW server
If kerberos fails to start it is usually caused by
Missing ldap interfaces on the ldap server object
Missing uniquedomainid attribute on key objects
Corrupt or missing libraries
Misconfigured or missing kdc.conf
This video will go over kerberos failing to start because of missing ldap interfaces. This most likely will happen if the ldap server object is deleted and recreated.
June 2012 OES11 Hot Patch for NCP 6385 x86-64
TID 5144803
Files Included
novell-libncputil-1.1.0-5.1.x86_64.rpm 12.4 KB (12735)
novell-libncputil-32bit-1.1.0-5.1.x86_64.rpm 12.5 KB (12834)
novell-ncpenc-5.2.0-29.5.x86_64.rpm 488.8 KB (500550)
novell-ncpns-5.4-6.1.x86_64.rpm 50.2 KB (51500)
novell-ncpserv-2.1.0-14.3.x86_64.rpm 234.2 KB (239847)
novell-ncpserv-nrm-2.0.4-11.2.i586.rpm 282.4 KB (289183)
June 2012 OES11 Hot Patch for NCP
- – 612452: Restore of NSS metadata fails via xattr when there are no local replica on the server
- – 745847: AFP core for MapGUIDToID function call
- – 747903: NSS: NSSMU throws error 23388 during volume creation
- – 748802: Viewing user quotas from iManager give CIMOM error after deleting the user having quota
- – 749428: SMS Backup Performance degradation after OES2 SP2 to SP3 upgrade
- – 755875: zERR_USER_ABORTED when trying to update eDirectory for pool object
- – 756027: Segfault in adminusd
June 2012 OES2SP3 Hot Patch for NCP and FTP 8170
TID 5144804 (32 bit) and 5144805 (64 bit)
Files Included
ovell-libncputil-1.0.1-0.9.x86_64.rpm 12.4 KB (12788)
novell-libncputil-32bit-1.0.1-0.9.x86_64.rpm 12.5 KB (12825)
novell-ncpenc-5.1.5-0.65.x86_64.rpm 581.9 KB (595918)
novell-ncpns-5.3-0.20.x86_64.rpm 51.3 KB (52589)
novell-ncpserv-2.0.3-0.38.x86_64.rpm 847.5 KB (867866)
novell-ncpserv-nrm-2.0.3-0.25.i586.rpm 341.1 KB (349309)
novell-ncpserv-tools-2.0.3-0.38.x86_64.rpm 182.6 KB (187033)
novell-pure-ftpd-config-1.1.0-0.12.x86_64.rpm 7.4 KB (7647)
June 2012 OES2SP3 Hot Patch for NCP and FTP
- – 612700: pure-ftpd seg fault if init script contains PRELOAD line for libldapsdk.so
- – 612452: Restore of NSS metadata fails via xattr when there are no local replica on the server
- – 745847: AFP core for MapGUIDToID function call
- – 747903: NSS: NSSMU throws error 23388 during volume creation
- – 748802: viewing user quotas from iManager give CIMOM error after deleting the user having quota
- – 749428: SMS Backup Performance degradation after OES2 SP2 to SP3 upgrade
- – 755875: zERR\_USER\_ABORTED when trying to update eDirectory for pool object
- – 756027: OES2SP3 – segfault in adminusd
eDirectory Post-887 Kerberos
TID 5088210
This patch has been made available to resolve installation failures due to signed Kerberos packages when installing eDirectory 8.8 SP6 or 8.8 SP7 on a recently patched Red Hat 6.2 server. For more information please refer to TID 7006535.
details
This patch can be used to avoid signed kerberos package errors during the installation of 8.8 SP6 and 8.8. SP7 on non-OES platforms. This patch also contains instructions on how to resolve the installation failure after it has happened.
Issues Resolved:
Post 887 Kerberos
Linux:
– Installation of novell-kerberos-base and novell-kerberos-ldap-extensions rpms fails on RedHat 6.2 with current updates.
TID 7006535
Installation Instructions
Before attempting to install eDirectory 8.8.7 on Red Hat 6.2
Essentially an overlay will be created by replacing the original Kerberos packages with the new ones prior to installing eDirectory on the server.
32-Bit eDirectory :
Log in as a user with root privileges… Continue reading
April 2012 iPrint Scheduled Maintenance Release for OES11
TID 5141052
Files Included
license_agreement.txt 2.8 KB (2909)
novell-iprint-iprntman-6.4.20120220-3.1.noarch.rpm 219.4 KB (224702)
novell-iprint-iprntman-wrapper-1.0.0-13.1.noarch.rpm 217.6 KB (222917)
novell-iprint-management-6.4.20120220-3.1.noarch.rpm 1.6 MB (1697797)
novell-iprint-migration-6.4.20120220-3.1.noarch.rpm 289.6 KB (296644)
novell-iprint-server-6.4.20120220-3.1.x86_64.rpm 1.2 MB (1302086)
readme_5141052.html 10.4 KB (10730)
April 2012 Scheduled Maintenance for OES11 for eDirectory 8.8 SP6 Patch5
April 2012 Scheduled Maintenance for OES11 for eDirectory 8.8 SP6 Patch5
TID 5141051Files Included Size
license_agreement.txt 2.8 KB (2909)
novell-dclient-32bit-8.8.6.5-3.14.x86_64.rpm 350.0 KB (358449)
novell-dclient-8.8.6.5-3.14.x86_64.rpm 352.5 KB (361035)
novell-edirectory-jclnt-8.8.6.5-3.29.x86_64.rpm 267.6 KB (274042)
novell-edirectory-tsands-32bit-8.8.6.5-3.29.x86_64.rpm 257.9 KB (264148)
novell-edirectory-tsands-8.8.6.5-3.29.x86_64.rpm 264.9 KB (271293)
novell-NDSbase-32bit-8.8.6.5-3.29.x86_64.rpm 406.4 KB (416224)
novell-NDSbase-8.8.6.5-3.29.x86_64.rpm 552.7 KB (566025)
novell-NDScommon-8.8.6.5-3.29.x86_64.rpm 225.3 KB (230725)
novell-NDSimon-8.8.6.5-3.124.x86_64.rpm 2.5 MB (2665985)
novell-NDSserv-32bit-8.8.6.5-3.29.x86_64.rpm 4.5 MB (4769948)
novell-NDSserv-8.8.6.5-3.29.x86_64.rpm 6.0 MB (6392800)
novell-NOVLembox-8.8.6.5-3.90.x86_64.rpm 2.3 MB (2428914)
novell-NOVLice-32bit-8.8.6.5-3.29.x86_64.rpm 263.3 KB (269625)
novell-NOVLice-8.8.6.5-3.29.x86_64.rpm 443.4 KB (454111)
novell-NOVLsnmp-8.8.6.5-3.16.x86_64.rpm 70.7 KB (72481)
novell-NOVLsubag-8.8.6.5-3.16.x86_64.rpm 685.7 KB (702220)
novell-sasl-gssapi-method-2.8.3.3-4.1.x86_64.rpm 1.4 MB (1567378)
readme_5141051.html 10.5 KB (10797)
Security Update for Novell OES Samba in OES11
Security Update for Novell OES Samba in OES11
TID 5141050
- Patch: oes11-novell-oes-samba-6143
CVEs:CVE-2012-1182
Bugs:756810
Files Included Size Date
novell-oes-samba-cifs-mount-3.4.3-1.36.17.x86_64.rpm 1.5 MB (1656955) 2012-04-30 14:15:20
novell-oes-samba-libsmbclient0-32bit-3.4.3-1.36.17.x86_64.rpm 1.3 MB (1454602) 2012-04-30 14:15:42
novell-oes-samba-libtdb1-3.4.3-1.36.17.x86_64.rpm 139.5 KB (142946) 2012-04-30 14:15:46
novell-oes-samba-libsmbclient0-3.4.3-1.36.17.x86_64.rpm 1.4 MB (1484631) 2012-04-30 14:15:41
novell-oes-samba-client-32bit-3.4.3-1.36.17.x86_64.rpm … Continue reading
April 2012 Scheduled Maintenance for OES11
April 2012 Scheduled Maintenance for OES11
TID 5141010
Bug: Issue
- – 410243: Renaming a Volume Mount point with an existing Mount point, does not remove the old mount point
- – 517837: Unable to create users with MMC due to the Top superclass on Person
- – 604852: adminfsdrv hangs while unloading during a reboot.
- – 681363: Samify Objects fails on NetWare License Object
- – 692807: Enh: OES’s metamig to be compatible with NetWare’s TRUSTEE.NLM
- – 699465: setspn -l dsfw\admin Failed to bind to DC of domain DSFW, Access is denied
- – 702772: VLDB fails to respond to a client authentication request
- – 707745: ravsui rebuildhangs at 12.99%
- – 708116: Vlog seg fault
- – 709687: OES11LH: YaST should not create cluster if SBD creation fails
- – 713102: The child domain installation have a invalid TDO if you retried at ndsdcinit stage during child domain installation
- – 716512: OES11LH: NSSMU should support -1… Continue reading
Novell DSfW and Authasas Bio-metrics authentication
Authasas provides biometric, smartcard, OTP, and any BioAPI compliant device. They have a solution to provide biometric authentication with DSfW. To learn more about this take a look at this presentation.
The presentation is a case study of the City of Apopka, Florida utilizing Novell eDirectory, Domain Services for Windows, Zenworks, and Authasas to provide bio-metric authentication and GPO implementation.
Eliot Lanes from Viable Solutions, Donald Kahrs from City of Apopka, and Rik Peters, and Paul Robertson from Authasas describe their implementation of Authasas with Domain Services for Windows.
ATT Live Training May 15-18
ATT Live has some great OES specific trainings coming up in May starting the 15th through the 18th at the M Resort in Las Vegas, Nevada.
I will be doing two four hour session on DSfW for Advance Technical Training
The first session will be “Installing a Domain Service for Windows: Domain Tips and Tricks”
We will be going over Installs, different configurations, recommendations, troubleshooting and hands on installs.
The second session will be “Configuring File Servers and Active Directory with Domain Services for Windows”
We will install a second Domain controller, configure Cifs on another OES server, and set up a cross forest trust.
If you are interested in learning about DSfW and would like some hands on experience installing DSfW into an existing tree this will be a great opportunity for you. Besides DSfW a variety of classes will be taught covering Novell, NetIQ… Continue reading
OES2 SP3 March 2012 Maintenance Patch released
March 2012 Scheduled Maintenance for OES2 SP3
TID 5137450
Here are a list of bug fixes in the patch
- – 520981: Disable Login does not work if the source server is OES Linux
- – 612452: Restore of NSS metadata fails via xattr when there are no local replica on the server
- – 637743: NCPCON NSS VERIFY shows trustee differences after moving a volume from NetWare to Linux
- – 647600: OES2SP2 ncpcon log level ALL
- – 666858: Dynamic DNS update for a Windows 7 or Windows 2008R2 WS fails
- – 668859: Directory quotas incorrectly displayed.
- – 681363: Samify Objects fails on NetWare License Object
- – 681567: VLOG does not have any option to specify a different location for stream files
- – 685243: ndsd core stack in GetVolInfo()
- – 687449: Copying files across mounted volumes fails with a -50 error on Mac Clients
- – 692761: CIFS quits working and service needs… Continue reading
How to merge DNS zones
The creation of the DSfW domain will create a DNS zone for the domain along with the reverse zone. If there is already a zone with the same name then merging the zones is necessary.
This video shows how to use the DNS/DHCP Console to export, merge, and import zones.
Manage the Domain Boundary
Starting with OES2SP3 DSfW domain boundaries were no longer restricted to a single partition. Now partitions directly below the partitioned container mapped to the domain can be mapped to the domain as well. This can be done during the install of DSfW and creation of the domain with custom provisioning option or after the creation of the domain using the tool domaincntrl.
Here is a playlist for the videos covering Managing the Domain Boundary
The command and usage for managing the domain boundary can be found in the documentation.
The syntax for domaincntrl is:
domaincntrl <Operation> [arguments]
Operators:
–list
Lists partitions in the domain
–add
Adds a partition to the domain
–remove
Removes a partition (and desamify users) from a domain… Continue reading
Install OES11 DSfW
Here is a playlist for videos covering the install of OES11 DSfW
It is broken out into 6 videos
Install OES11 DSfW – Yast section
Install OES11 DSfW – Log Files
Install OES11 DSfW – Provisioning Wizard
Start with the oes11 documentation and TID 7002172 Preparing for Domain Services for Windows Install
OES2SP3 January Maintenance Patch released
Here are a list of bug fixes in the patch
January 2012 Scheduled Maintenance for OES2 SP3
– 496114: FIRST_WATCHDOG_PACKET Parameter Incorrect
– 498911: iprint_nss_relocate script fails to with errors if dn’s have space in them.
– 517837: Unable to create users with MMC due to the Top superclass on Person
– 557645: random dsfw samba crash log errors in oes2sp1.
– 605154: Mac client misleads users about characters unsupported by Windows
– 616747: Bump version for each milestone.
– 632850: NCP is causing ndsd segfault.
– 641812: owcimomd crash when performing an xml import with an invalid IP address for dserver
– 642072: Modifying DNS Entry For DHCP Zone Breaks DDNS Updates
– 647600: OES2SP2 ncpcon log level ALL
– 648340: creating printer from Manage Print manager throws plugin error after successful creation
– 653310: iPrint database becomes out of sync
– 658145: NSS volume with Di and RI… Continue reading
Prepare to install an ADC DSfW server
This video will go through the preparation of installing an ADC DSfW server. It will guide you through TID 7009927.
Cross Forest Trust Password
Some times the cross forest trust between DSfW and AD fails and a common reason for this failure is the cross forest trust password. By default the Windows server will reset the trust password every 30 days. Some times the change only occurs on the Windows side and trust object in DSfW does not get the update leading to a broken trust. Validating and reseting the trust is one way to fix this. Another option is to disable the server from changing the password. This video will show how to validate the trust, reset the password, modify the number of days when a password is changed, and how to disable password changes.
How to disable the automatic machine account password changes.
-
In the registry go toHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange
- Change the registry subkey to a value of 1 (default is 0 which enables password changes, 1 disables password changes)
- Restart the… Continue reading
OES11 is now available
OES11 is can be downloaded now.
OES11 runs on SLES11SP1. Besides running on SLES11 SP1 there are not a lot of new features. Samba is updated to 3.5 which allows winbind to be configured with out recompiling winbind.
Running Windows 7 on an iPad using VMWare View
Using VMWare View a Apple iPad can run Windows 7. Using Domain Services for Windows as the directory VMWare View can easily be deployed in and existing or new Novell eDirectory environment. This video from Network World demonstrates how Windows 7 can run on a Apple iPad.