Posted: 22 Jun 2005
This lab installs Open Enterprise Server with the Linux kernel. It creates an
NSS volume to allow file sharing and adminitration via ConsoleOne and iManager.
It sets up an Apache web server and has examples to set up an intranet or public
web server and use LDAP for authentication. In my example I had a two Compaq Evo
D510C workstations with 1 gig of ram and 70 gig hard drives. One I used for my
server the other for my workstation. My nic and graphic cards auto detected so I
do not cover this. I tried doing this lab with 2 450 Mhz workstations and I was
unable to get OES to install properly. I did not setup DNS or DHCP so you will
need to have an IP and a DNS name to do this lab. You will, of course, need to
have downloaded the ISO files for OES and have created the CDs.
- To begin, insert OES-LINUX-1 CD into the server you wish to setup, and
boot to it.
- Agree to the license agreement.
- Select English (US) for YAST2.
- Select New Installation.
- Select Partitioning.
- Select Create Custom Partition Setup.
- Select Custom Partitioning - for experts.
- From the bottom up delete all the partitions
* If this server had a
previous install of Linux click on Expert and delete partition table. I found
I had to physically shut off the box at this point. If you get a msg like
Cannot delete "volume" etc ., you did not delete the partition completely.
- Click Create - select Primary partition.
- Under format select Reiser.
- For Size End enter 1GB or the size you chose.
- For mount point enter /boot
- Click Create - select Primary partition.
- Select Do not format.
- For file system id select 0x8E Linux LVM.
- For End enter 30GB or the size you chose.
- Then click OK.
- Now Select the partition you just created above and then click EVMS.
- Click the Create Container button.
- Enter Vol1 for the Container name.
- Click Add Volume button and choose the 30GB volume.
- Click Add to create swap volume.
- Format select swap.
- Volume name swap
- Size 4.9 GB or the default
- mount point swap
- Click Add again this time to create the system volume.
- Format Reiser.
- Enter a volume name of sys_lx
- Specify a size by clicking on Max
- Leave the mount point as /
- Click Next.
- Click Next again (You should receive a message about it is not good to
put EVMS & NonEVMS entities on the same disk; click YES).
- Select Software.
- Novell Open Enterprise Server
- Click on Details.
- Under Filter ? Selections, select Simple Web Server.
- Unselect Novell Quickfinder.
- Select Novell NSS.
- Select C++ compiler (optional).
- Under Filter - Package groups, scroll down and expand productivity and
check authldap.
- Select Accept.
- Select Continue.
- Select Time Zone.
- Select USA - Central - and verify time and date.
- Select Accept - It will now begin copying data from CD1
and
OES-LINUX-2, OES-LINUX-4-SLES9-2 and OES-LINUX-5-SLES9-3,
OES-LINUX-6-SLES9-4
System should then reboot and prompt you to enter a password for the root
account.
- You will now need to configure the NIC. Enter the ipaddress.
- Enter the subnet.
- Then click on hostname and name server.
- Enter a hostname and a domain name.
- Enter Name Server 1
- Enter Name Server 2
- Then click on routing and enter a default gateway.
- Then click Next, Finish, Next, and test connection, skip updates for now.
- Then edit default settings for CA Management and enter your email address
(optional).
- Configure OES now and enter a tree name (ie., example).
- Enter FDN for admin account ie cn=admin.o=example (you may want to use the
same password as you used for root. )
- Then click Next, Next, Next, do not configure SLP (you will get a nag
message -- just hit OK).
- Click Next through the readme. Click Next through graphics and sound card
configure.
- Click Finish, eject CD.
- Login in as the root user.
- Verify via YaST that auth_ldap has been installed. (If not, Enter YAST |
Install Remove Software | Filter Package Groups | Productivity | check
auth_ldap | click accept and put in requested CDs.)
- Do updates (optional may take 60 minutes plus) Online Updates | Make sure
you have a channel partner | Run all updates and patches
The steps in this section are a continuation of setting up the drive
partitions for EVMS. By default Linux does not use EVMS. EVMS is required for
setting up a Novell NSS volume.
- Click on N | utilities | editor | File | Open | Open root | etcfstab
- Modify the /boot partition from /dev/hda1 to /dev/evms/hda1
- Click on N | system | Yast | system | Run Level Editor | Click the expert
mode button |
- Scroll down to boot.lvm and then boot.md and disable these by clicking
on the Set/Reset button
Now you need to edit the /etc/init.d/boot.evms script. See this
section of the documentation for more information.
Edit the /etc/init.d/boot.evms script by adding the following lines to the
Stop section. mount -n -o remount,rw /
echo -en "
Deleting devices nodes"
rm -rf /dev/evms
mount -n -o remount,ro /
For example, after the edit, the Stop section looks like this: stop) echo -n "Stopping EVMS"
mount -n -o remount,rw /
echo -en "
Deleting devices nodes"
rm -rf /dev/evms
mount -n -o remount,ro /
rc_status -v
;;
These steps are to create an NSS volume and setup folders for users and the
web.
- Now enter iManager (you will need to use Mozilla, since iManager does not
like to work under Konqueror). Just enter your ip address
http://ipaddress/nps/iManager and login in as Admin.
- Expand Storage | Pools | Find your server | Create a new pool ie. pool1 |
select device and use all the diskspace for the pool.
- Click on Volumes | Create new volume ie. soft | Select the pool, keep the
check box of allow volume to grow | choose options of salvage and user space
quoatas (optional)| mount point to /medai/nss/soft
- Enter filemanager and go under media
sssoft and create a folder called
users and a folder called web.
You will now create an NCP mount so you can see the NSS volume.
- Go to the system console by doing a CTL ALT F1 (FYI, To exit the console
you can click CTL ALT F7 ).
- Login as the root account.
- Type ncpcon create volume soft /media/nss/soft
- Go back into iManager and create a container called "people".
- Then click on Passwords | Password Policiets |Edit | Policy Assignment |
select the people container.
- Then click Groups | Create Group | call it LUMUsers | place it in the
people container | when prompted for the Linux Config Object click on the UNIX
Config object.
Now repeat the process above and create a group called web.
Now create a user account for yourself and make yourself an administrator (do
not use the same username that you may have in another tree - use something
unique.) Do not set a simple password. Make your user directory on the soft NSS
volume you created above. When prompted for the group for the LUM user select
the group you created above.
- To setup your workstation, load the Open Enterprise Novell Client on a
workstation (download from novell.com), and login with the account you created
above (if you have problems getting on you may need to click on the advanced
button and put the ipaddress of the server on the line for Tree and also enter
the context).
- Install ConsoleOne from Novell's web site.
- Verify your account has rights to your user directory.
- Edit your login script under ConsoleOne and add map root
u:=youserversoft:username
- Logout and back in again to test this. Create a document and store it in
your userdirectory. Possibly create a text file via wordpad then go to your
OES server and see if you can open and edit via the Kate editor.
Setting up an Apache web server
FYI -
The default home page is located at
srvwwwhtdocsindex.html.en The apache server is located under
etcapache2 The apache log files are found at
varlogsapache2error_log To stop and start apache you can type the
following commands /etc/init.d/apache2 stop /etc/init.d/apache2 start
- Test to make sure your apache webserver works (ie, goto http:\ipaddress).
- Under iManager | LDAP | Group | uncheck Require TLS for simple binds.
- Click on N | System | File Manager | go to your nss volume soft | make a
folder called web. Also make a folder at /var/web and a folder at
/etc/apache2/passwd/
- Then make an index.html document in each of these folders -- you should be
able to compose this via Mozilla.
Go back to ConsoleOne and grant your user account rights to this folder.
Click on N | Utilities | editor | File | Open | root folder |
etcapache2httpd.conf | edit this file scroll down to the bottom of the global
environment section and # out the sections regarding .htaccess and forbid access
to entire file system. Below are several trials for restricting user access to
folders. You may cut and paste these to the bottom of the httpd.conf file. Only
do one at a time. I found that I could not cut and paste in Mozilla and needed
to use Konqueror. To test each go to Mozilla and put in http://ipaddress/Trial1,
etc.
Trial1 creates a file to store usernames and passwords and then the following
Directory grants the rights for your username.
First you need to create this file by running this command and the System
prompt htpasswd -c /etc/apache2/passwd/passwords
yourusername
If you want to grant additional users you do not need the -c (only for the
first user).
Alias /trial1/ "/var/web/" <Directory "/var/web">
AuthType Basic
AuthName webusers
AuthUserFile /etc/apache2/passwd/passwords
require user yourusername
</Directory>
Trial2 uses ldap for authentication for this folder. This trial will allow
any user with a valid eDirectory account access to this folder.
Alias /trial2/ "/var/web/" <Directory "/var/web">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName webusers
AuthLDAPAuthoritative on
AuthLDAPUrl "ldap://address:389/ou=people,o=example?cn"
require valid-user
</Directory>
Trial3 uses ldap for authentication for this folder. This trial will allow
just the users listed to have access to this folder.
Alias /trial3/ "/var/web/" <Directory "/var/web">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName webusers
AuthLDAPAuthoritative on
AuthLDAPUrl "ldap://address:389/ou=people,o=example?cn"
require user yourusername
</Directory>
Trial4 uses ldap for authentication for a folder on an NSS volume.
In order for this to work you should give access to the wwwrun user account
to this folder via ConsoleOne. Also then change the default password for this
account so it is not blank. You will now also need to grant rights to your own
account to this folder.
Alias /trial4/ "/media/nss/SOFT/web/" <Directory "/media/nss/SOFT/web">
EnableSendfile Off
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName webusers
AuthLDAPAuthoritative on
AuthLDAPUrl "ldap://address:389/ou=people,o=example?cn"
require user yourusername
</Directory>
That is the end of the Lab. Hopefully all went well.
|