Sounds like the server has not been assigned to service the 
> subnet.
>
> In the left hand tree view of the dhcp console, you should see a subnet
> definition, with an address range inside. Make sure that the dhcp server
> is listed in both the subnet definition and the address range.
>
I see that the documentation says that dhcp is setup through imanager

My imanager is not working, so I use the console from NWadmin.

Maybe that is the problem.

From John at wdigitech.com  Mon Nov  3 15:35:06 2008
From: John at wdigitech.com (John Davis)
Date: Mon, 3 Nov 2008 10:35:06 -0500
Subject: DHCP question
In-Reply-To: <490F13B90200000700014A6E@mail2.nds8.com>
References: <490F13B90200000700014A6B@mail2.nds8.com><490F13B90200000700014A6E@mail2.nds8.com>
	<490F13B90200000700014A6E@mail2.nds8.com>
Message-ID: <78C49BCB7F109740ACE2630CA8DFF58D01401692@microdog.wdigitech.com>

I believe you need to set the subnet to 192.168.1.0 255.255.255.0

Then set the range of addresses that you want the DHCP server to hand
out i.e. 192.168.1.50 thru 192.168.1.70.

Regards, 

John  Davis  MCNE6, MCSE, CCNA, CCDA
Senior Engineer
Western Digitech, Inc.
305-669-0119
john at wdigitech.com

-----Original Message-----
From: novell-bounces at netlab1.oucs.ox.ac.uk
[mailto:novell-bounces at netlab1.oucs.ox.ac.uk] On Behalf Of Steven Aitken
Sent: Monday, November 03, 2008 10:08 AM
To: novell at netlab1.oucs.ox.ac.uk
Subject: Re: DHCP question

Sounds like the server has not been assigned to service the subnet.

In the left hand tree view of the dhcp console, you should see a subnet
definition, with an address range inside. Make sure that the dhcp server
is listed in both the subnet definition and the address range.

Steve 
-----Original Message-----
From: Steve Klemetti 
To: Novell LAN Interest Group 
Cc: Novell LAN Interest Group 

Sent: 03/11/2008 14:09:20
Subject: DHCP question

I have always used static ip addresses but now on my NW6 sp5 SBS server 
I am setting
up DHCP for a laptop.

I set up DHCP with the DNS/DHCP management console.

subnet address  192.168.1.96
mask             255.255.255.224

It has allocated addresses 96 - 127 for dhcp

But when I try to connect the dhscpservr screen gives this error.

Incoming client  on subnet <192.168.1.0> will not be
serviced
since this server is not configured to give out addresses for this
subnet.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From dtran at ssc.ucla.edu  Mon Nov  3 15:47:20 2008
From: dtran at ssc.ucla.edu (Daniel Tran)
Date: Mon, 3 Nov 2008 07:47:20 -0800
Subject: edir 8.7.3.10b install problem
Message-ID: 

Hi.

I'm trying to install edir 8.7.3.10b on a netware 6 test server.

I' getting this error in nwconfig:

-          Directory "sys:system\edirbackup.8.7.3.10 cannot be created.
Error: error  code 135 (87 hex). (ICMD-5.0-5)

Any ideas ?

Thanks

From Sami.Kapanen at hamk.fi  Mon Nov  3 16:17:07 2008
From: Sami.Kapanen at hamk.fi (Sami Kapanen)
Date: Mon, 03 Nov 2008 18:17:07 +0200
Subject: DHCP question
Message-ID: <490F40230200004E00043D50@com-gwweb.hamk.fi>

\SYS\PUBLIC\DNSDHCP\setup.exe for dns-dhcp management console.

The dhcp subnet needs to be created from the beginning of the class, like John said,
192.168.1.0 mask 255 (or 224 whatever mask you have)
And then a create the actual dhcp range within the subnet addresses.

It won't work otherwise.

-sk

>>> Steve Klemetti  11/03/08 5:24 PM >>>
>
I see that the documentation says that dhcp is setup through imanager

My imanager is not working, so I use the console from NWadmin.

Maybe that is the problem.

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From sklemetti at centralprint.net  Mon Nov  3 16:57:10 2008
From: sklemetti at centralprint.net (Steve Klemetti)
Date: Mon, 03 Nov 2008 11:57:10 -0500
Subject: DHCP question
In-Reply-To: <490F40230200004E00043D50@com-gwweb.hamk.fi>
References: <490F40230200004E00043D50@com-gwweb.hamk.fi>
Message-ID: <490F2D66.60609@centralprint.net>

Sami Kapanen wrote:
> \SYS\PUBLIC\DNSDHCP\setup.exe for dns-dhcp management console.
>
> The dhcp subnet needs to be created from the beginning of the class, like John said,
> 192.168.1.0 mask 255 (or 224 whatever mask you have)
> And then a create the actual dhcp range within the subnet addresses.
>
> It won't work otherwise.
>
> -sk
>   
Thanks to you both and all.

That worked.

Subnet is 1.0
mask is 225
then the range is the range itself.

From Setienne at enesco.com  Mon Nov  3 16:59:42 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Mon, 03 Nov 2008 10:59:42 -0600
Subject: Enabling Universal Password
In-Reply-To: <490F40230200004E00043D50@com-gwweb.hamk.fi>
References: <490F40230200004E00043D50@com-gwweb.hamk.fi>
Message-ID: <490ED99E.8A77.004D.0@enesco.com>

Right now we have users who have to remember multiple passwords because we didn't turn on universal password for any of our containers. My question is, when we turn it on, which password wins, NDS/eDirectory or Universal Password?

What else should I know before trying it?

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

From Setienne at enesco.com  Mon Nov  3 17:02:24 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Mon, 03 Nov 2008 11:02:24 -0600
Subject: Enabling Universal Password
In-Reply-To: <490ED99E.8A77.004D.0@enesco.com>
References: <490F40230200004E00043D50@com-gwweb.hamk.fi>
	<490ED99E.8A77.004D.0@enesco.com>
Message-ID: <490EDA40.8A77.004D.0@enesco.com>

Also, to complicate matters, we are using LDAP authentication from GroupWise. So, which password takes precedence there?

>>> "Scott Etienne"  11/3/2008 10:59 AM >>>
Right now we have users who have to remember multiple passwords because we didn't turn on universal password for any of our containers. My question is, when we turn it on, which password wins, NDS/eDirectory or Universal Password?

What else should I know before trying it?

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From larry at ladyburd.com  Mon Nov  3 17:25:28 2008
From: larry at ladyburd.com (Larry Burd)
Date: Mon, 3 Nov 2008 12:25:28 -0500
Subject: isolated ground outlets
References: 
Message-ID: <352F46119E00410AA8DB254DA4491051@Larrys>

 those orange outlets that were popular 10 years ago.
are they still popular, or did the APC UPS invention do away with isolated 
grounded outlets.
we use an APC UPS at every workstation, switch, and hub, and everything else 
IT related.

thx
Larry 

From bbrush at gmail.com  Mon Nov  3 17:27:47 2008
From: bbrush at gmail.com (Bill Brush)
Date: Mon, 3 Nov 2008 11:27:47 -0600
Subject: Enabling Universal Password
In-Reply-To: <490EDA40.8A77.004D.0@enesco.com>
References: <490F40230200004E00043D50@com-gwweb.hamk.fi>
	<490ED99E.8A77.004D.0@enesco.com> <490EDA40.8A77.004D.0@enesco.com>
Message-ID: <167f4090811030927v180b639fp24e3419c1b9e0143@mail.gmail.com>

AFAIK, Universal wins vs. all others.

I fretted my UP deployment for months before pulling the trigger.  It
was so smooth we questioned whether it worked.

Bill

On Mon, Nov 3, 2008 at 11:02 AM, Scott Etienne  wrote:
> Also, to complicate matters, we are using LDAP authentication from GroupWise. So, which password takes precedence there?
>
>>>> "Scott Etienne"  11/3/2008 10:59 AM >>>
> Right now we have users who have to remember multiple passwords because we didn't turn on universal password for any of our containers. My question is, when we turn it on, which password wins, NDS/eDirectory or Universal Password?
>
> What else should I know before trying it?
>

From RGrein at tpchd.org  Mon Nov  3 17:58:09 2008
From: RGrein at tpchd.org (Randy Grein)
Date: Mon, 03 Nov 2008 09:58:09 -0800
Subject: isolated ground outlets
In-Reply-To: <352F46119E00410AA8DB254DA4491051@Larrys>
References: 
	<352F46119E00410AA8DB254DA4491051@Larrys>
Message-ID: <490ECB31.811E.0072.0@tpchd.org>

Popular or not, good grounding is critical in computer systems. I've seen fewer problems these days, but grounding loops can still cause serious problems - anything from dropped packets to hardware failure.

APC will be the first to say that they need good grounding, just like anything else. Without that you can get ground loops or noise on lines. Of course, if power were completely isolated by the UPS you might be able to get away with less, but the APC design is a direct connection to wall power with clamping for excessive voltage and cutover to battery power in the event of a drop. It's not a power conditioner and will pass line noise (unless they're not advertising a very useful feature). 

Randy Grein
Sr. Network Engineer

>>> "Larry Burd"  11/3/2008 9:25 AM >>>
those orange outlets that were popular 10 years ago.
are they still popular, or did the APC UPS invention do away with isolated 
grounded outlets.
we use an APC UPS at every workstation, switch, and hub, and everything else 
IT related.

thx
Larry 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

*************************************************************************************
This e-mail and any attachments may contain confidential and privileged information. It has been scanned for viruses. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination, use, review, disclosure, or distribution of this information by a person other than the intended recipient is unauthorized and may be illegal.
**************************************************************************************

From rpcarroll at wallgames.com  Mon Nov  3 18:24:27 2008
From: rpcarroll at wallgames.com (Robert Carroll)
Date: Mon, 03 Nov 2008 13:24:27 -0500
Subject: isolated ground outlets
References: 
	<352F46119E00410AA8DB254DA4491051@Larrys>
Message-ID: <08A4BA6BB2CA4876B566B00F2D4562B5@y6i6u5udu1mk8xk>

Hi Larry,

A couple weeks ago, I visited a newly-built hospital.  I noticed that 
patient rooms had both orange outlets and red outlets.  As always, the 
orange outlets indicate isolated ground.  The red outlets are connected to 
an automatic emergency generator system.

There were also the normal white outlets in the waiting rooms.

-Bob Carroll

----- Original Message ----- 
From: "Larry Burd" 
To: 
Sent: Monday, November 03, 2008 12:25 PM
Subject: isolated ground outlets

> those orange outlets that were popular 10 years ago.
> are they still popular, or did the APC UPS invention do away with isolated
> grounded outlets.
> we use an APC UPS at every workstation, switch, and hub, and everything 
> else
> IT related.
>
> thx
> Larry
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell 

From Sami.Kapanen at hamk.fi  Mon Nov  3 18:37:58 2008
From: Sami.Kapanen at hamk.fi (Sami Kapanen)
Date: Mon, 03 Nov 2008 20:37:58 +0200
Subject: Enabling Universal Password
Message-ID: <490F61270200004E00043D5F@com-gwweb.hamk.fi>

UP wins.
Be carefull with Universal Password, we had big issues when we turned it on.
Read the docs about the password policies, as the normal password restricstions won't apply anymore.

-sk

>>> "Scott Etienne"  11/03/08 6:59 PM >>>
Right now we have users who have to remember multiple passwords because we didn't turn on universal password for any of our containers. My question is, when we turn it on, which password wins, NDS/eDirectory or Universal Password?

What else should I know before trying it?

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From dtran at ssc.ucla.edu  Mon Nov  3 18:42:10 2008
From: dtran at ssc.ucla.edu (Daniel Tran)
Date: Mon, 3 Nov 2008 10:42:10 -0800
Subject: edir 8.7.3.10b install problem (solved)
In-Reply-To: 
References: 
Message-ID: 

Yikes ...
The installation script tried to create the backup directory named
"edirbackup.8.7.7.10".
I guess the name is too long eventhough sys: is nss with long name
support.
I ended up modifying the "setup.ils" file located in the install\4
directory where:

setvar backupDir, 'SYS:SYSTEM\\EDIRBACKUP.%{eDirVersion}'

to:

setvar backupDir, 'SYS:SYSTEM\\myold'

After that, the patch ran nicely.

-----Original Message-----
From: novell-bounces at netlab1.oucs.ox.ac.uk
[mailto:novell-bounces at netlab1.oucs.ox.ac.uk] On Behalf Of Daniel Tran
Sent: Monday, November 03, 2008 7:47 AM
To: Novell LAN Interest Group
Subject: edir 8.7.3.10b install problem

Hi.

I'm trying to install edir 8.7.3.10b on a netware 6 test server.

I' getting this error in nwconfig:

- Directory "sys:system\edirbackup.8.7.3.10 cannot be created.
Error: error  code 135 (87 hex). (ICMD-5.0-5)

Any ideas ?

Thanks

From Hatchellb at vvc.edu  Mon Nov  3 18:45:14 2008
From: Hatchellb at vvc.edu (Brian Hatchell)
Date: Mon, 03 Nov 2008 10:45:14 -0800
Subject: Enabling Universal Password
In-Reply-To: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
Message-ID: <490ED63A.2FC1.0024.0@vvc.edu>

I will be implementing this real soon to get password complexity requirements enforced.

Does anyone want to share details about 'gotchas'

Brian Hatchell
Network Manager
Victor Valley College
760 245-4271 x2792

"A good plan, violently executed now, is better than a perfect plan next week."

- General George S. Patton

Check my Blog at http://gwcal.vvc.edu/mplusextranet/scp.dll/blog?user=hatchellb 

>>> On 11/3/2008 at 10:37 AM, in message <490F61270200004E00043D5F at com-gwweb.hamk.fi>, "Sami Kapanen"  wrote:
UP wins.
Be carefull with Universal Password, we had big issues when we turned it on.
Read the docs about the password policies, as the normal password restricstions won't apply anymore.

-sk

>>> "Scott Etienne"  11/03/08 6:59 PM >>>
Right now we have users who have to remember multiple passwords because we didn't turn on universal password for any of our containers. My question is, when we turn it on, which password wins, NDS/eDirectory or Universal Password?

What else should I know before trying it?

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Brian Hatchell1.vcf
Url: http://netlab1.usu.edu/pipermail/novell/attachments/20081103/8f8824c0/attachment.bat 

From Setienne at enesco.com  Mon Nov  3 20:46:05 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Mon, 03 Nov 2008 14:46:05 -0600
Subject: More Universal Password Questions
In-Reply-To: <490ED63A.2FC1.0024.0@vvc.edu>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
Message-ID: <490F0EAC.8A77.004D.0@enesco.com>

1. We have GroupWise setup for LDAP authentication against eDirectory. Which password will they use, NDS or Universal Password?

2. What about LDAP?

3. Cisco ACS Radius server for Cisco VPN client connections?

4. If one of the above things must use the eDirectory password and not the Universal Password, then is it possible to do bi-directional sync between eDirectory and Universal Password, without or even with IDM? 

From cjf at calfrye.com  Mon Nov  3 21:06:16 2008
From: cjf at calfrye.com (Cal Frye)
Date: Mon, 03 Nov 2008 16:06:16 -0500
Subject: DHCP question
In-Reply-To: <490F0610.8090702@centralprint.net>
References: <490B0694.E927.0018.0@mbc.qld.edu.au>
	<490F0610.8090702@centralprint.net>
Message-ID: <490F67C8.2040208@calfrye.com>

Steve Klemetti wrote:
> I set up DHCP with the DNS/DHCP management console.
> 
> subnet address  192.168.1.96
> mask             255.255.255.224
> 
> It has allocated addresses 96 - 127 for dhcp
> 
> But when I try to connect the dhscpservr screen gives this error.
> 
> Incoming client  on subnet <192.168.1.0> will not be serviced
> since this server is not configured to give out addresses for this subnet.
Steve,
It would appear from the error ms. that your client is on a different
subnet (192.168.1.0/24 perhaps?) from your DHCP subnet, 192.168.1.96/27.

Do you mean to create a pool of DHCP addresses from 192.168.1.96-127 in
the subnet 192.168.1.0/24 instead?
-- 
Regards,
-- Cal Frye, Network Administrator, Oberlin College

   www.calfrye.com,  www.pitalabs.com

"Be kind, for everyone you meet is fighting a great battle." -- Philo of
Alexandria.

From setienne at enesco.com  Mon Nov  3 22:46:59 2008
From: setienne at enesco.com (Scott Etienne)
Date: Mon, 03 Nov 2008 16:46:59 -0600
Subject: Enabling Universal Password
In-Reply-To: <167f4090811030927v180b639fp24e3419c1b9e0143@mail.gmail.com>
References: <490F40230200004E00043D50@com-gwweb.hamk.fi>
	<490ED99E.8A77.004D.0@enesco.com> <490EDA40.8A77.004D.0@enesco.com>
	<167f4090811030927v180b639fp24e3419c1b9e0143@mail.gmail.com>
Message-ID: <490F2B02.8A67.004D.0@enesco.com>

Okay, so if there is already a universal password set and an edirectory password set, and you apply a UP policy to a container, what happens to the edirectory password if you don't reset their U.P? Does it stay the same?

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

>>> "Bill Brush"  11/3/2008 11:27 AM >>>
AFAIK, Universal wins vs. all others.

I fretted my UP deployment for months before pulling the trigger.  It
was so smooth we questioned whether it worked.

Bill

On Mon, Nov 3, 2008 at 11:02 AM, Scott Etienne  wrote:
> Also, to complicate matters, we are using LDAP authentication from GroupWise. So, which password takes precedence there?
>
>>>> "Scott Etienne"  11/3/2008 10:59 AM >>>
> Right now we have users who have to remember multiple passwords because we didn't turn on universal password for any of our containers. My question is, when we turn it on, which password wins, NDS/eDirectory or Universal Password?
>
> What else should I know before trying it?
>
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From James.Taylor at eastcobbgroup.com  Mon Nov  3 22:53:40 2008
From: James.Taylor at eastcobbgroup.com (James Taylor)
Date: Mon, 03 Nov 2008 17:53:40 -0500
Subject: More Universal Password Questions
In-Reply-To: <490F37F9.9252.0075.1@eastcobbgroup.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu> <490F37F9.9252.0075.1@eastcobbgroup.com>
Message-ID: <490F3AA40200007500035262@inet.eastcobbgroup.com>

You set up and apply a password policy as part of enabling UP. One of the settings, which is normally on, is to sync the NDS password to the UP.  Part of implementing UP is normally to determine the best procedure to sync UP to NDS passwords.  One method is to expire everyone's password, thereby requiring a user password reset which will sync UP to NDS.  At this point UP and NDS passwords will stay the same, unless an administrator manually changes the UP.
So there really shouldn't be a question of which password is used.
An application that uses NCP to access eDir will use the NDS password and NMAS apps will use the UP.
If the Novell client has NMAS enabled it will try the UP first, and if UP is not set, it will try NDS.  If the user doesn't have a UP set or the client doesn't have NMAS enabled, it authenticate via the NDS password.
But in any case, they should be the same after initial implementation.

One thing you may need to be aware of is that older versions of NMAS (think unpatched 5.1 or older servets) can cause issues when mixed with servers running the latest version of NMAS. I would highly recommend all servers be patched with the latest NMAS versions and SDIDIAG run to make sure all the server keys are in order before implementing UP.

-jt 

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com
http://www.eastcobbgroup.com

>>> "Scott Etienne"  11/3/2008 03:46 PM >>> 
1. We have GroupWise setup for LDAP authentication against eDirectory. Which password will they use, NDS or Universal Password?

2. What about LDAP?

3. Cisco ACS Radius server for Cisco VPN client connections?

4. If one of the above things must use the eDirectory password and not the Universal Password, then is it possible to do bi-directional sync between eDirectory and Universal Password, without or even with IDM? 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From James.Taylor at eastcobbgroup.com  Mon Nov  3 23:00:12 2008
From: James.Taylor at eastcobbgroup.com (James Taylor)
Date: Mon, 03 Nov 2008 18:00:12 -0500
Subject: Enabling Universal Password
In-Reply-To: <490F3AD7.9252.0075.1@eastcobbgroup.com>
References: <490F40230200004E00043D50@com-gwweb.hamk.fi>
	<490ED99E.8A77.004D.0@enesco.com> <490EDA40.8A77.004D.0@enesco.com>
	<167f4090811030927v180b639fp24e3419c1b9e0143@mail.gmail.com>
	<490F3AD7.9252.0075.1@eastcobbgroup.com>
Message-ID: <490F3C2C020000750003526B@inet.eastcobbgroup.com>

You can't set a universal password unless you have a password policy set for the container of objects.
The NDS password will not change until you or the user changes it.
One other thing to keep in mind is that with the latest version of NMAS, login events can set UP.  This means that if the password policy has been set and the user or admin has not initiated a PW change, then a login event will create the UP from the existing NDS password.
The interesting thing about this is that even if the current NDS password does not meet the password policy requirements the UP will still be created with the current NDS password anyway.  Any subsequent password changes will enforce the policy.
-jt 

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com
http://www.eastcobbgroup.com

>>> "Scott Etienne"  11/3/2008 05:46 PM >>> 
Okay, so if there is already a universal password set and an edirectory password set, and you apply a UP policy to a container, what happens to the edirectory password if you don't reset their U.P? Does it stay the same?

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

>>> "Bill Brush"  11/3/2008 11:27 AM >>>
AFAIK, Universal wins vs. all others.

I fretted my UP deployment for months before pulling the trigger.  It
was so smooth we questioned whether it worked.

Bill

On Mon, Nov 3, 2008 at 11:02 AM, Scott Etienne  wrote:
> Also, to complicate matters, we are using LDAP authentication from GroupWise. So, which password takes precedence there?
>
>>>> "Scott Etienne"  11/3/2008 10:59 AM >>>
> Right now we have users who have to remember multiple passwords because we didn't turn on universal password for any of our containers. My question is, when we turn it on, which password wins, NDS/eDirectory or Universal Password?
>
> What else should I know before trying it?
>
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From petervl at gmail.com  Tue Nov  4 02:29:39 2008
From: petervl at gmail.com (Peter Van Lone)
Date: Mon, 3 Nov 2008 20:29:39 -0600
Subject: NSS -- opinions on it's suitability as
Message-ID: <68b791330811031829i4a6786dq7fe14c5a9e199e91@mail.gmail.com>

a general OSS file system.

I wish reiser was in a better situation. I think the newest additions
to EXT3 (and the coming of EXT4) have interest.

But I wonder: we old Netware dogs believe that NSS is a superior file
system. Is that really the case? Why? Is it only due to it's
file-system rights implementation?

Is it, now, competitive with EXT3/Reiser et al for speed of file
access? Or is it still clunky? How does it's journaling system compare
with NTFS, EXT3, Reiser, JFS, XFS? How do it's recovery tools compare
(not well, I will bet on that one ...)

Has it been fully and completely open sourced? If so, what prevents it
from being adopted outside of OES camps? If not -- why not?

Just wondering ...

Peter

-- 
Everything is vague to a degree you do not realize till you have tried
to make it precise.

Bertrand Russell

http://xkcd.com/167/
www.the-brights.net

From cmangiarelli at gmail.com  Tue Nov  4 03:55:57 2008
From: cmangiarelli at gmail.com (Christopher Mangiarelli)
Date: Mon, 3 Nov 2008 22:55:57 -0500
Subject: Enabling Universal Password
In-Reply-To: <490F3C2C020000750003526B@inet.eastcobbgroup.com>
References: <490F40230200004E00043D50@com-gwweb.hamk.fi>
	<490ED99E.8A77.004D.0@enesco.com> <490EDA40.8A77.004D.0@enesco.com>
	<167f4090811030927v180b639fp24e3419c1b9e0143@mail.gmail.com>
	<490F3AD7.9252.0075.1@eastcobbgroup.com>
	<490F3C2C020000750003526B@inet.eastcobbgroup.com>
Message-ID: 

Regarding the LDAP question, this depends on what version of eDirectory you
have.  eDirectory 8.7 will use the NDS Password if it exists and try UP
second.  eDirectory 8.8 will use UP if it exists and fall back to NDS.

NDS passwords are not case-sensitive, so if you have an LDAP application on
eDir87, you'll find that the case doesn't matter when you authenticate
against it (unless you tell your UP Policy to remove the NDS password).

On Mon, Nov 3, 2008 at 11:02 AM, Scott Etienne  wrote:
> > Also, to complicate matters, we are using LDAP authentication from
> GroupWise. So, which password takes precedence there?
> >
> >>>> "Scott Etienne"  11/3/2008 10:59 AM >>>
> > Right now we have users who have to remember multiple passwords because
> we didn't turn on universal password for any of our containers. My question
> is, when we turn it on, which password wins, NDS/eDirectory or Universal
> Password?
> >
> > What else should I know before trying it?
>

-- 
Christopher Mangiarelli
cmangiarelli at gmail.com

From cmangiarelli at gmail.com  Tue Nov  4 03:57:25 2008
From: cmangiarelli at gmail.com (Christopher Mangiarelli)
Date: Mon, 3 Nov 2008 22:57:25 -0500
Subject: More Universal Password Questions
In-Reply-To: <490F3AA40200007500035262@inet.eastcobbgroup.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<490F37F9.9252.0075.1@eastcobbgroup.com>
	<490F3AA40200007500035262@inet.eastcobbgroup.com>
Message-ID: 

See my earlier post about LDAP and eDir87 vs eDir88.

>>> "Scott Etienne"  11/3/2008 03:46 PM >>>
> 1. We have GroupWise setup for LDAP authentication against eDirectory.
> Which password will they use, NDS or Universal Password?
>
> 2. What about LDAP?
>
> 3. Cisco ACS Radius server for Cisco VPN client connections?
>
> 4. If one of the above things must use the eDirectory password and not the
> Universal Password, then is it possible to do bi-directional sync between
> eDirectory and Universal Password, without or even with IDM?
>

-- 
Christopher Mangiarelli
cmangiarelli at gmail.com

From joe.doupnik at oucs.ox.ac.uk  Tue Nov  4 09:24:51 2008
From: joe.doupnik at oucs.ox.ac.uk (Joe Doupnik)
Date: Tue, 04 Nov 2008 09:24:51 +0000
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <68b791330811031829i4a6786dq7fe14c5a9e199e91@mail.gmail.com>
Message-ID: <20081104092451.E305B185D3@webmail223.herald.ox.ac.uk>

An embedded and charset-unspecified text was scrubbed...
Name: not available
Url: http://netlab1.usu.edu/pipermail/novell/attachments/20081104/b423916e/attachment.bat 

From petervl at gmail.com  Tue Nov  4 13:35:19 2008
From: petervl at gmail.com (Peter Van Lone)
Date: Tue, 4 Nov 2008 07:35:19 -0600
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <20081104092451.E305B185D3@webmail223.herald.ox.ac.uk>
References: <68b791330811031829i4a6786dq7fe14c5a9e199e91@mail.gmail.com>
	<20081104092451.E305B185D3@webmail223.herald.ox.ac.uk>
Message-ID: <68b791330811040535gf7d76na6699f2bacd6c905@mail.gmail.com>

Thanx Dan and Joe ...

unfortunately, while interesting in their own right, neither of your
responses addresses my interest (other than perhaps Joe saying that
NSS is not at all OSS).

I had thought that NSS had been 'released' so to speak ... but perhaps
not. If not, then too bad. Such an investment, if the file system is
really up to it technically, would be valuable to the linux world.

I am most interested in the technical aspects of whether NSS "could"
perform well as a general OSS file system, how it compares to the
major others, and whether there are any particularly difficult
technical hurdles that would have to be over-come, in order for it to
work as a general linux file system (like, for example, I suspect that
integrating file system rights with the larger linux ecosystem, might
be a particular challenge ...)

P

On Tue, Nov 4, 2008 at 3:24 AM, Joe Doupnik  wrote:
> In message <68b791330811031829i4a6786dq7fe14c5a9e199e91 at mail.gmail.com> Novell LAN Interest Group  writes:
>> a general OSS file system.
>>
>> I wish reiser was in a better situation. I think the newest additions
>> to EXT3 (and the coming of EXT4) have interest.
>>
>> But I wonder: we old Netware dogs believe that NSS is a superior file
>> system. Is that really the case? Why? Is it only due to it's
>> file-system rights implementation?
>>
>> Is it, now, competitive with EXT3/Reiser et al for speed of file
>> access? Or is it still clunky? How does it's journaling system compare
>> with NTFS, EXT3, Reiser, JFS, XFS? How do it's recovery tools compare
>> (not well, I will bet on that one ...)
>>
>> Has it been fully and completely open sourced? If so, what prevents it
>> from being adopted outside of OES camps? If not -- why not?
>>
>> Just wondering ...
>>
>> Peter
> -------------
>      Last year I did some presentations on file systems for Linux.
> First, EXT4 is more talked about than produced, and even the lead programmer
> is thinking of other/better file systems. EXT3 is barely adequate: fine
> for desktops but not so good for production file servers. Reiser is gone.
> XFS is quite good for production, many of us use it that way, but it too
> has its personality quirks. JFS has lost support, NTFS is for Windows.
>      NSS per se runs well on Linux. Getting at it via NCP filters slows
> it down, but the speed is generally acceptable. It really needs updating
> for the very large capacity disk farms of today. NSS is definitely not open
> source.
>     If you have many huge files for say streaming video or similar, put
> them on XFS real time, a system designed specifically for that task.
>     Without going on for hours/days I can recommend these for OES2 servers:
> /boot on EXT2, / on XFS, /userspace on NSS. Keep the o/s completely separated
> from userspace files. NSS supports our needed ACL visibilty work.
>     Joe D.
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>

-- 
Everything is vague to a degree you do not realize till you have tried
to make it precise.

Bertrand Russell

http://xkcd.com/167/
www.the-brights.net

From jrd at netlab1.oucs.ox.ac.uk  Tue Nov  4 13:54:05 2008
From: jrd at netlab1.oucs.ox.ac.uk (jrd)
Date: Tue, 04 Nov 2008 13:54:05 +0000
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <68b791330811040535gf7d76na6699f2bacd6c905@mail.gmail.com>
References: <68b791330811031829i4a6786dq7fe14c5a9e199e91@mail.gmail.com>	<20081104092451.E305B185D3@webmail223.herald.ox.ac.uk>
	<68b791330811040535gf7d76na6699f2bacd6c905@mail.gmail.com>
Message-ID: <491053FD.4000806@netlab1.oucs.ox.ac.uk>

Peter Van Lone wrote:
> Thanx Dan and Joe ...
>
> unfortunately, while interesting in their own right, neither of your
> responses addresses my interest (other than perhaps Joe saying that
> NSS is not at all OSS).
>
> I had thought that NSS had been 'released' so to speak ... but perhaps
> not. If not, then too bad. Such an investment, if the file system is
> really up to it technically, would be valuable to the linux world.
>
> I am most interested in the technical aspects of whether NSS "could"
> perform well as a general OSS file system, how it compares to the
> major others, and whether there are any particularly difficult
> technical hurdles that would have to be over-come, in order for it to
> work as a general linux file system (like, for example, I suspect that
> integrating file system rights with the larger linux ecosystem, might
> be a particular challenge ...)
>
> P
>
> On Tue, Nov 4, 2008 at 3:24 AM, Joe Doupnik  wrote:
>   
>> In message <68b791330811031829i4a6786dq7fe14c5a9e199e91 at mail.gmail.com> Novell LAN Interest Group  writes:
>>     
>>> a general OSS file system.
>>>
>>> I wish reiser was in a better situation. I think the newest additions
>>> to EXT3 (and the coming of EXT4) have interest.
>>>
>>> But I wonder: we old Netware dogs believe that NSS is a superior file
>>> system. Is that really the case? Why? Is it only due to it's
>>> file-system rights implementation?
>>>
>>> Is it, now, competitive with EXT3/Reiser et al for speed of file
>>> access? Or is it still clunky? How does it's journaling system compare
>>> with NTFS, EXT3, Reiser, JFS, XFS? How do it's recovery tools compare
>>> (not well, I will bet on that one ...)
>>>
>>> Has it been fully and completely open sourced? If so, what prevents it
>>> from being adopted outside of OES camps? If not -- why not?
>>>
>>> Just wondering ...
>>>
>>> Peter
>>>       
>> -------------
>>      Last year I did some presentations on file systems for Linux.
>> First, EXT4 is more talked about than produced, and even the lead programmer
>> is thinking of other/better file systems. EXT3 is barely adequate: fine
>> for desktops but not so good for production file servers. Reiser is gone.
>> XFS is quite good for production, many of us use it that way, but it too
>> has its personality quirks. JFS has lost support, NTFS is for Windows.
>>      NSS per se runs well on Linux. Getting at it via NCP filters slows
>> it down, but the speed is generally acceptable. It really needs updating
>> for the very large capacity disk farms of today. NSS is definitely not open
>> source.
>>     If you have many huge files for say streaming video or similar, put
>> them on XFS real time, a system designed specifically for that task.
>>     Without going on for hours/days I can recommend these for OES2 servers:
>> /boot on EXT2, / on XFS, /userspace on NSS. Keep the o/s completely separated
>> from userspace files. NSS supports our needed ACL visibilty work.
>>     Joe D.
>>     
> -------------
>   
     Your wish involves POSIX permissions and ACLs (rotten stuff here) 
plus NSS
ACLs associated with an identity directory. Two different situations, 
with tradeoffs
accordingly.
     I have rather wished that NSS could stand on its own, as a general 
purpose
file system and then couple in ACLs as necessary. But it was not 
designed with
that situation in mind, and for performance reasons alone it has many 
hooks into
that directory and leftovers from NetWare o/s supporting mechanisms.
    Getting a new file system accepted as native into major Linux 
distributions  is
both a technical as well as techno-political challenge. Licensing 
considerations
alone can be a total barrier.
   As for handling of rights and identifiers globally within a Linux 
system, all I see
is more competing half-finished notions which come and go. Linux itself 
is that way.
One would need to abandon or surmount the pervasive notions from Unix.
  Joe D.

>
>   

From Sami.Kapanen at hamk.fi  Tue Nov  4 16:18:28 2008
From: Sami.Kapanen at hamk.fi (Sami Kapanen)
Date: Tue, 04 Nov 2008 18:18:28 +0200
Subject: NSS -- opinions on it's suitability as
Message-ID: <491091F40200004E00043F28@com-gwweb.hamk.fi>

NSS is not superior, but traditional linux file rights are ancient crap with no use when talking about shared network drives for teams and such. 

No need for open source with NSS, I have no love for open source thinking or for linux.. We need supported enterprise solutions.

And NSS still works better on Netware than Linux, which is a bit sad ;/

-sk

>>> "Peter Van Lone"  11/04/08 4:29 AM >>>
a general OSS file system.

I wish reiser was in a better situation. I think the newest additions
to EXT3 (and the coming of EXT4) have interest.

But I wonder: we old Netware dogs believe that NSS is a superior file
system. Is that really the case? Why? Is it only due to it's
file-system rights implementation?

Is it, now, competitive with EXT3/Reiser et al for speed of file
access? Or is it still clunky? How does it's journaling system compare
with NTFS, EXT3, Reiser, JFS, XFS? How do it's recovery tools compare
(not well, I will bet on that one ...)

Has it been fully and completely open sourced? If so, what prevents it
from being adopted outside of OES camps? If not -- why not?

Just wondering ...

Peter

-- 
Everything is vague to a degree you do not realize till you have tried
to make it precise.

Bertrand Russell

http://xkcd.com/167/
www.the-brights.net
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From joe.doupnik at oucs.ox.ac.uk  Tue Nov  4 16:49:16 2008
From: joe.doupnik at oucs.ox.ac.uk (jrd)
Date: Tue, 04 Nov 2008 16:49:16 +0000
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <491091F40200004E00043F28@com-gwweb.hamk.fi>
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>
Message-ID: <49107D0C.7060806@oucs.ox.ac.uk>

Sami Kapanen wrote:
> NSS is not superior, but traditional linux file rights are ancient crap with no use when talking about shared network drives for teams and such. 

     Agreed on that. Enterprise versus old friendly work groups, and all
that jazz. Winndows still thinks largely in terms of work groups.

> No need for open source with NSS, I have no love for open source thinking or for linux.. We need supported enterprise solutions.

     I see that opinions do differ on some things.

> And NSS still works better on Netware than Linux, which is a bit sad ;/

     Alas, very true. We see the performance cost of moving from a
tightly integrated file system + file server o/s to the grafting
of a foreign file system onto a time sharing o/s.
    Joe D.

> -sk

From petervl at gmail.com  Tue Nov  4 16:52:09 2008
From: petervl at gmail.com (Peter Van Lone)
Date: Tue, 4 Nov 2008 10:52:09 -0600
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <491091F40200004E00043F28@com-gwweb.hamk.fi>
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>
Message-ID: <68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>

On Tue, Nov 4, 2008 at 10:18 AM, Sami Kapanen  wrote:
> NSS is not superior, but traditional linux file rights are ancient crap with no use when talking about shared network drives for teams and such.

agreed re: the need for better file rights system.

> No need for open source with NSS, I have no love for open source thinking or for linux.. We need supported enterprise solutions.

big need ... Netware and related proprietary stuff is dead. Have you
not been awake? NCP/NSS stuff needs to make it into OSS so that there
is some alternative to M$.

> And NSS still works better on Netware than Linux, which is a bit sad ;/

way sad ... a testament to Novell's lack of focus. Witness the
off-message acquisitions of late. Novell does not give a crap about
the stuff that matters to us ...

p

From TJohnson at lancaster.wnyric.org  Tue Nov  4 17:10:58 2008
From: TJohnson at lancaster.wnyric.org (TJohnson at lancaster.wnyric.org)
Date: Tue, 4 Nov 2008 12:10:58 -0500
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>
	<68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>
Message-ID: 

I guess you have to weigh whether it is better to have more technically 
savvy staff that can put together an open source solution or have a couple 
of staff that know how to dial a tech support number?  I imagine almost 
everyone falls somewhere in between.

T2

"Peter Van Lone"  
Sent by: novell-bounces at netlab1.oucs.ox.ac.uk
11/04/2008 11:52 AM
Please respond to
Novell LAN Interest Group 

To
"Novell LAN Interest Group" 
cc

Subject
Re: NSS -- opinions on it's suitability as

On Tue, Nov 4, 2008 at 10:18 AM, Sami Kapanen  
wrote:
> NSS is not superior, but traditional linux file rights are ancient crap 
with no use when talking about shared network drives for teams and such.

agreed re: the need for better file rights system.

> No need for open source with NSS, I have no love for open source 
thinking or for linux.. We need supported enterprise solutions.

big need ... Netware and related proprietary stuff is dead. Have you
not been awake? NCP/NSS stuff needs to make it into OSS so that there
is some alternative to M$.

> And NSS still works better on Netware than Linux, which is a bit sad ;/

way sad ... a testament to Novell's lack of focus. Witness the
off-message acquisitions of late. Novell does not give a crap about
the stuff that matters to us ...

p
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

-- 
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------

Teach CanIt if this mail (ID 155865963) is spam:
Spam:        
http://milton1.wnyric.org/canit/b.php?i=155865963&m=e15637c42b39&c=s
Not spam:    
http://milton1.wnyric.org/canit/b.php?i=155865963&m=e15637c42b39&c=n
Forget vote: 
http://milton1.wnyric.org/canit/b.php?i=155865963&m=e15637c42b39&c=f
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS

From petervl at gmail.com  Tue Nov  4 17:27:38 2008
From: petervl at gmail.com (Peter Van Lone)
Date: Tue, 4 Nov 2008 11:27:38 -0600
Subject: NSS -- opinions on it's suitability as
In-Reply-To: 
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>
	<68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>

Message-ID: <68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com>

On Tue, Nov 4, 2008 at 11:10 AM,   wrote:
> I guess you have to weigh whether it is better to have more technically
> savvy staff that can put together an open source solution or have a couple
> of staff that know how to dial a tech support number?  I imagine almost
> everyone falls somewhere in between.
>

huh?

I want an open source solution that has enterprise features and is
supported by an enterprise company.

Novell needs to figure it out -- but they will not. They are not an
OSS company, unfortunately. They will continue to protect the "company
jewels" until the company is even more irrelevant than currently -- in
the meantime, all enterprise storage systems will become completely
dependent on Windows and there will be no options.

Unfortunately, there is no OSS option right now that competes, and the
way Novell is handling OES it will not ever compete with Windows. To
me, it is very sad.

P

From jrd at netlab1.oucs.ox.ac.uk  Tue Nov  4 17:36:47 2008
From: jrd at netlab1.oucs.ox.ac.uk (jrd)
Date: Tue, 04 Nov 2008 17:36:47 +0000
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com>
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>	<68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>	
	<68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com>
Message-ID: <4910882F.1000103@netlab1.oucs.ox.ac.uk>

Peter Van Lone wrote:
> On Tue, Nov 4, 2008 at 11:10 AM,   wrote:
>   
>> I guess you have to weigh whether it is better to have more technically
>> savvy staff that can put together an open source solution or have a couple
>> of staff that know how to dial a tech support number?  I imagine almost
>> everyone falls somewhere in between.
>>
>>     
>
> huh?
>
> I want an open source solution that has enterprise features and is
> supported by an enterprise company.
>
> Novell needs to figure it out -- but they will not. They are not an
> OSS company, unfortunately. They will continue to protect the "company
> jewels" until the company is even more irrelevant than currently -- in
> the meantime, all enterprise storage systems will become completely
> dependent on Windows and there will be no options.
>
> Unfortunately, there is no OSS option right now that competes, and the
> way Novell is handling OES it will not ever compete with Windows. To
> me, it is very sad.
>
> P
>   
---------
     I hate to spoil a good grumble, but here I am with the phone in one 
hand on
an OES2 SP1 closed beta call. We are trying to do the best we can with 
available
resources. In practice OES2 offers many enterprise services which are 
difficult to
replace otherwise. Things could be better, but they are reasonably good 
today.
   OES2 won't be a replacement for Windows, such an attempt would be 
commercial
suicide today, but as a services platform it has much to offer.
   Now back to the call...
   Joe D.

From petervl at gmail.com  Tue Nov  4 17:46:57 2008
From: petervl at gmail.com (Peter Van Lone)
Date: Tue, 4 Nov 2008 11:46:57 -0600
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <4910882F.1000103@netlab1.oucs.ox.ac.uk>
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>
	<68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>

	<68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com>
	<4910882F.1000103@netlab1.oucs.ox.ac.uk>
Message-ID: <68b791330811040946v43b613e1kfb1b4d436dd9daf7@mail.gmail.com>

On Tue, Nov 4, 2008 at 11:36 AM, jrd  wrote:
> We are trying to do the best we can with
> available
> resources.

that is exactly the point. But Novell wants us to believe that the
resources that have been committed, are all that could possibly be
made available. I on the other hand believe that Novell has aptly
expressed it's priorities in the way that it has allocated resources.

>In practice OES2 offers many enterprise services which are
> difficult to
> replace otherwise. Things could be better, but they are reasonably good
> today.

meh ... not competitive, would be more accurate. OK for those
committed to Novell, who are in a believer position. Market-wide
adoption and respect and being able to compete for business? Nope ...
far far from it.

>   OES2 won't be a replacement for Windows, such an attempt would be
> commercial
> suicide today, but as a services platform it has much to offer.

nothing that distinguishes it from SLES, really ... I mean, ifolder is
nice, iprint is nice, etc ... but if a customer has not fully bought
into the "netware/novell/OES story" (and nobody but a handful of
existing customers have) will ever care about that stuff. And if you
are not going to leverage OES-specific services, then ... SLES (or
more likely RH and/or Windows) will be the choice.

P

From TJohnson at lancaster.wnyric.org  Tue Nov  4 18:00:30 2008
From: TJohnson at lancaster.wnyric.org (TJohnson at lancaster.wnyric.org)
Date: Tue, 4 Nov 2008 13:00:30 -0500
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com>
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>	<68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>

	<68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com>
Message-ID: 

My point was more towards the smaller or non profit organizations or 
public services organizations (like a school district) that many times 
have to choose between spending money on staff and using OSS or spending 
money on well supported "pay for" solutions and most have a combination of 
the two.

I guess my question would be if you want an OSS solution that is supported 
like a black box (read M$) solution then you may be SOL and why would you 
want an OSS solution if you are going to strictly rely on their support 
and pre-packaged solutions?  Is it a philosophical thing with OSS or am I 
not reading your comment right?

T2

"Peter Van Lone"  
Sent by: novell-bounces at netlab1.oucs.ox.ac.uk
11/04/2008 12:28 PM
Please respond to
Novell LAN Interest Group 

To
"Novell LAN Interest Group" 
cc

Subject
Re: NSS -- opinions on it's suitability as

On Tue, Nov 4, 2008 at 11:10 AM,   wrote:
> I guess you have to weigh whether it is better to have more technically
> savvy staff that can put together an open source solution or have a 
couple
> of staff that know how to dial a tech support number?  I imagine almost
> everyone falls somewhere in between.
>

huh?

I want an open source solution that has enterprise features and is
supported by an enterprise company.

Novell needs to figure it out -- but they will not. They are not an
OSS company, unfortunately. They will continue to protect the "company
jewels" until the company is even more irrelevant than currently -- in
the meantime, all enterprise storage systems will become completely
dependent on Windows and there will be no options.

Unfortunately, there is no OSS option right now that competes, and the
way Novell is handling OES it will not ever compete with Windows. To
me, it is very sad.

P
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

-- 
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------

Teach CanIt if this mail (ID 155877120) is spam:
Spam:        
http://milton1.wnyric.org/canit/b.php?i=155877120&m=9e506d94a878&c=s
Not spam:    
http://milton1.wnyric.org/canit/b.php?i=155877120&m=9e506d94a878&c=n
Forget vote: 
http://milton1.wnyric.org/canit/b.php?i=155877120&m=9e506d94a878&c=f
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS

From Hatchellb at vvc.edu  Tue Nov  4 18:02:03 2008
From: Hatchellb at vvc.edu (Brian Hatchell)
Date: Tue, 04 Nov 2008 10:02:03 -0800
Subject: NSS -- opinions on it's suitability as
In-Reply-To: 
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>	<68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>

	<68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com><68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com>

Message-ID: <49101D99.2FC1.0024.0@vvc.edu>

Hi Folks:

Let me ring in and say that NSS is one of the best file systems I have worked with in my career.  Low maintenance and rights management is key.

Brian Hatchell
Network Manager
Victor Valley College
760 245-4271 x2792

"A good plan, violently executed now, is better than a perfect plan next week."

- General George S. Patton

Check my Blog at http://gwcal.vvc.edu/mplusextranet/scp.dll/blog?user=hatchellb 

>>> On 11/4/2008 at 10:00 AM, in message ,  wrote:
My point was more towards the smaller or non profit organizations or 
public services organizations (like a school district) that many times 
have to choose between spending money on staff and using OSS or spending 
money on well supported "pay for" solutions and most have a combination of 
the two.

I guess my question would be if you want an OSS solution that is supported 
like a black box (read M$) solution then you may be SOL and why would you 
want an OSS solution if you are going to strictly rely on their support 
and pre-packaged solutions?  Is it a philosophical thing with OSS or am I 
not reading your comment right?

T2

"Peter Van Lone"  
Sent by: novell-bounces at netlab1.oucs.ox.ac.uk 
11/04/2008 12:28 PM
Please respond to
Novell LAN Interest Group 

To
"Novell LAN Interest Group" 
cc

Subject
Re: NSS -- opinions on it's suitability as

On Tue, Nov 4, 2008 at 11:10 AM,   wrote:
> I guess you have to weigh whether it is better to have more technically
> savvy staff that can put together an open source solution or have a 
couple
> of staff that know how to dial a tech support number?  I imagine almost
> everyone falls somewhere in between.
>

huh?

I want an open source solution that has enterprise features and is
supported by an enterprise company.

Novell needs to figure it out -- but they will not. They are not an
OSS company, unfortunately. They will continue to protect the "company
jewels" until the company is even more irrelevant than currently -- in
the meantime, all enterprise storage systems will become completely
dependent on Windows and there will be no options.

Unfortunately, there is no OSS option right now that competes, and the
way Novell is handling OES it will not ever compete with Windows. To
me, it is very sad.

P
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

-- 
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------

Teach CanIt if this mail (ID 155877120) is spam:
Spam:        
http://milton1.wnyric.org/canit/b.php?i=155877120&m=9e506d94a878&c=s 
Not spam:    
http://milton1.wnyric.org/canit/b.php?i=155877120&m=9e506d94a878&c=n 
Forget vote: 
http://milton1.wnyric.org/canit/b.php?i=155877120&m=9e506d94a878&c=f 
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Brian Hatchell1.vcf
Url: http://netlab1.usu.edu/pipermail/novell/attachments/20081104/146c2962/attachment.bat 

From petervl at gmail.com  Tue Nov  4 19:04:57 2008
From: petervl at gmail.com (Peter Van Lone)
Date: Tue, 4 Nov 2008 13:04:57 -0600
Subject: NSS -- opinions on it's suitability as
In-Reply-To: 
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>
	<68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>

	<68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com>

Message-ID: <68b791330811041104s37c6806ag6fc88e6b98cebd72@mail.gmail.com>

On Tue, Nov 4, 2008 at 12:00 PM,   wrote:

> I guess my question would be if you want an OSS solution that is supported
> like a black box (read M$) solution then you may be SOL and why would you
> want an OSS solution if you are going to strictly rely on their support
> and pre-packaged solutions?  Is it a philosophical thing with OSS or am I
> not reading your comment right?
>

I do not believe the dichotomy that you have setup: "OSS vs Supported"

If Novell is to have it's software survive, then it will be because it
is BOTH OSS AND Supported.

Bringing the benefits of Netware to the OSS world. I suppose that an
OES solution may involve more staffing requirements, but I am not
convinced of that. You seem to assume it -- but perhaps that is
because OSS stuff is as yet still new to you?

Yes, I want OES to be polished and to have mature admin tools (like
Netware). And yes, I want it all to be OSS ... and I do not believe
that these things are antithetical. Do I believe Novell will ever do
it right? Ummm ... no, I guess I do not.

P

From bbrush at gmail.com  Tue Nov  4 19:50:22 2008
From: bbrush at gmail.com (Bill Brush)
Date: Tue, 4 Nov 2008 13:50:22 -0600
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <68b791330811041104s37c6806ag6fc88e6b98cebd72@mail.gmail.com>
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>
	<68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>

	<68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com>

	<68b791330811041104s37c6806ag6fc88e6b98cebd72@mail.gmail.com>
Message-ID: <167f4090811041150g50fd758dv62d371c04d2031be@mail.gmail.com>

I find it ironic that the primary function of a file server, namely
providing shared storage, has now been reduced to the point of
irrelevance for most customers.  No one goes out and buys a file
server just for serving files any more, and IMO it shows.
CIFS/SMB/Windows file share they all suck for performance and
features.  NFS is a horrible albatross.  FTP is cumbersome for regular
access.  NCP/NSS comes with either a nearly unsupported old OS
(Netware) or a nearly unsupported new OS (Linux.)

So basically there aren't any really good options out there right now
for file serving.  You can either go with fast and easy to administer
(NCP/NSS), and struggle with finding options for backup and such or
you can go with CIFS/SMB/Windows and struggle with administration, and
performance but sleep easy at night because backup software is
reasonably stable and has many options.

There are no good options IMO.

As far as Novell as a business goes, they have a strategy that they're
focusing on the "Big Leagues" and their partners can handle the
medium, small, and smaller accounts.  The problem with that being that
their enterprise products are prices out of range for the little guys,
and a pure Linux solution has a problem with scaling and multiple
servers.  Besides which their partner channel is decimated by the
Messman debacle and not many places could put together a pure Linux
solution that would be cheaper than Windows.

So it's a poor environment for those of us that have been around since
the Netware 2,3, and 4 days, with some hard choices to make.  Right
now some of my colleagues are discussing the feasibility of Windows
shares, despite the fact that the Netware cluster has been running
reliably for years, and is currently going over 200 days uptime.  That
despite the backup software borking it up on a regular basis.
Personally I think they just want some shiny to play with.  Of
Novell's current products I think IDM, and ZCM are the two strongest
products but they aren't really that easy to deploy.  Still I don't
see a good replacement for the Netware cluster waiting in the wings,
yet I doubt we can run it indefinitely.

Interesting times and all that.  :-(  Dang Chinese.

Bill

On Tue, Nov 4, 2008 at 1:04 PM, Peter Van Lone  wrote:

From TJohnson at lancaster.wnyric.org  Tue Nov  4 19:59:59 2008
From: TJohnson at lancaster.wnyric.org (TJohnson at lancaster.wnyric.org)
Date: Tue, 4 Nov 2008 14:59:59 -0500
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <68b791330811041104s37c6806ag6fc88e6b98cebd72@mail.gmail.com>
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>	<68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>

	<68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com>	
	<68b791330811041104s37c6806ag6fc88e6b98cebd72@mail.gmail.com>
Message-ID: 

I don't believe that I setup the OSS vs. Supported premise, I believe it 
was implied when you posited the OSS alternative to M$ which I read to be 
a philosophical difference between OSS and "black box" products.

I agree that Novell as a company would benefit from being in the OSS camp 
and supported at an enterprise level which I think it has tried, although 
maybe not wholly successfully, to do.

If you read my post I did say that you may need more technically savvy 
staff as opposed to a "couple" of staff that would be able to deal with 
the vendor's tech support so there is no comparison of quantity, simply of 
areas of expertise.  I also appreciate your concern over my familiarity 
with the Open Source Software movement and that did remind me to renew my 
EFF membership.

I don't think a  company can be all things to all people, am I a fan of 
Novell?...yes, am I loyal to their products above all others?...No.  I 
have problems with M$ and their business practices and products but I am 
not naive enough to think that I will not need to be familiar with them in 
almost any employment as a systems administrator.

I agree with about 90% of your statements about the way it "should be" but 
that may not be the state of the industry.  Pushing companies to be better 
and meet customer requirements is definitely our right and responsibility 
but faulting a company for not following your specific course seems 
guaranteed to let you down every time.

If OSS is a passion, and it sounds like it is, then you can always "roll 
your own" system using all OSS and/or make it available to the community. 
I don't have the programming skills to contribute to OSS by creating 
actual operating systems, file systems, programs, etc., I am a novice 
script writer, but I can build an iSCSI SAN using OSS projects and spread 
my experiences, offer feedback and evangelize if I feel strongly.  Isn't 
OSS all about contributing, sharing and learning?

T2

"Peter Van Lone"  
Sent by: novell-bounces at netlab1.oucs.ox.ac.uk
11/04/2008 02:05 PM
Please respond to
Novell LAN Interest Group 

To
"Novell LAN Interest Group" 
cc

Subject
Re: NSS -- opinions on it's suitability as

On Tue, Nov 4, 2008 at 12:00 PM,   wrote:

> I guess my question would be if you want an OSS solution that is 
supported
> like a black box (read M$) solution then you may be SOL and why would 
you
> want an OSS solution if you are going to strictly rely on their support
> and pre-packaged solutions?  Is it a philosophical thing with OSS or am 
I
> not reading your comment right?
>

I do not believe the dichotomy that you have setup: "OSS vs Supported"

If Novell is to have it's software survive, then it will be because it
is BOTH OSS AND Supported.

Bringing the benefits of Netware to the OSS world. I suppose that an
OES solution may involve more staffing requirements, but I am not
convinced of that. You seem to assume it -- but perhaps that is
because OSS stuff is as yet still new to you?

Yes, I want OES to be polished and to have mature admin tools (like
Netware). And yes, I want it all to be OSS ... and I do not believe
that these things are antithetical. Do I believe Novell will ever do
it right? Ummm ... no, I guess I do not.

P
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

-- 
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------

Teach CanIt if this mail (ID 155904165) is spam:
Spam:        
http://milton1.wnyric.org/canit/b.php?i=155904165&m=0ae3a043b0bf&c=s
Not spam:    
http://milton1.wnyric.org/canit/b.php?i=155904165&m=0ae3a043b0bf&c=n
Forget vote: 
http://milton1.wnyric.org/canit/b.php?i=155904165&m=0ae3a043b0bf&c=f
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS

From petervl at gmail.com  Tue Nov  4 20:03:58 2008
From: petervl at gmail.com (Peter Van Lone)
Date: Tue, 4 Nov 2008 14:03:58 -0600
Subject: NSS -- opinions on it's suitability as
In-Reply-To: <167f4090811041150g50fd758dv62d371c04d2031be@mail.gmail.com>
References: <491091F40200004E00043F28@com-gwweb.hamk.fi>
	<68b791330811040852t55c6ccdeld44867689937baeb@mail.gmail.com>

	<68b791330811040927m60b6d836ycad4049d31a566b5@mail.gmail.com>

	<68b791330811041104s37c6806ag6fc88e6b98cebd72@mail.gmail.com>
	<167f4090811041150g50fd758dv62d371c04d2031be@mail.gmail.com>
Message-ID: <68b791330811041203u2885f260n388bd2da02bfe514@mail.gmail.com>

On Tue, Nov 4, 2008 at 1:50 PM, Bill Brush  wrote:
> I find it ironic that the primary function of a file server, namely
> providing shared storage, has now been reduced to the point of
> irrelevance for most customers.

nice summary, Bill ... I guess it is because what they have (ie
windows shares) is "good enough".

>  No one goes out and buys a file
> server just for serving files any more, and IMO it shows.
> CIFS/SMB/Windows file share they all suck for performance and
> features.

unfortunately I don't think they suck that badly -- they suck in a ton
of ways, but I see legions of customers for whom it works just fine --
they have other fish to fry, other technologies/services to get on
with -- the file serving and printing just do not rise to the level of
"we give a *hit ..."

>NFS is a horrible albatross.  FTP is cumbersome for regular
> access.  NCP/NSS comes with either a nearly unsupported old OS
> (Netware) or a nearly unsupported new OS (Linux.)
>
> So basically there aren't any really good options out there right now
> for file serving.

yup -- and Novell is doing it's best to move slowly, keep prices high,
and stay irrelevant in this space -- the strategy is working nicely,
thank you!

>There are no good options IMO.
>
> As far as Novell as a business goes, they have a strategy that they're
> focusing on the "Big Leagues" and their partners can handle the
> medium, small, and smaller accounts.  The problem with that being that
> their enterprise products are prices out of range for the little guys,
> and a pure Linux solution has a problem with scaling and multiple
> servers.  Besides which their partner channel is decimated by the
> Messman debacle and not many places could put together a pure Linux
> solution that would be cheaper than Windows.

Messman -- ugh! Though, I am not convinced that the current regime is
much better -- look at all the products they have been running around
acquiring that don't do anything in this space. I think they have
abandoned this space, frankly -- and are just running out the
licensing as long as they can, keeping minimal resources working away
at it, to keep up the image while it is still possible.

> So it's a poor environment for those of us that have been around since
> the Netware 2,3, and 4 days, with some hard choices to make.  Right
> now some of my colleagues are discussing the feasibility of Windows
> shares, despite the fact that the Netware cluster has been running
> reliably for years, and is currently going over 200 days uptime.  That
> despite the backup software borking it up on a regular basis.
> Personally I think they just want some shiny to play with.  Of
> Novell's current products I think IDM, and ZCM are the two strongest
> products but they aren't really that easy to deploy.  Still I don't
> see a good replacement for the Netware cluster waiting in the wings,
> yet I doubt we can run it indefinitely.
>
> Interesting times and all that.  :-(  Dang Chinese.

yes, damn someone, at any rate.

p

From MollardM at mbc.qld.edu.au  Wed Nov  5 03:29:48 2008
From: MollardM at mbc.qld.edu.au (Michael Mollard)
Date: Wed, 05 Nov 2008 13:29:48 +1000
Subject: ichain install problems
Message-ID: <49119FCE.E927.0018.0@mbc.qld.edu.au>

Hi all,
I'm trying to build a new ichain box, using the latest ISO (2.3sp5ir1).  The box is a P4 3ghz, with a Intel pro 1000, and a SATA drive.
Every time I try and build, I get close to the end of the install, and get an abend :

Abend on P00: SERVER-5.60-8716: Thread performed Illegal recursive LOADER operation when current LOADER state is non-recurisve

The only TID I can find with this abend at support.novell.com is 10086155, which is for an old version of ichain.  

Can anyone suggest anything?  Has anyone even seen this.

(Before you suggest, I do plan to build an AM3 box, but need to buy some time by putting ichain to a bigger box.  Our existing ichain is getting a bit hammered, but works ok for the moment.  It is restricted by RAM, CPU and LAN hardware limitations in the box.)

Thanks for any thoughts .. 

Michael Mollard
Network Administrator
Moreton Bay College
mollardm at mbc.qld.edu.au
http://www.mbc.qld.edu.au
Ph: (Direct) 07 3907 5712 / (Mob) 0417 631 801 
Fax: 07 3390 8919 ( http://www.mbc.qld.edu.au )

--------------------------------------------------------------------------------
Disclaimer: Whilst every attempt has been made to ensure that material contained in this email is free from computer viruses or other defects, the attached files are provided, and may only be used, on the basis that the user assumes all responsibility for use of the material transmitted. This email is intended only for the use of the individual or entity names above and may contain information that is confidential and privileged. If you are not the intended recipient, please note that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone 07 3390 8555 and destroy the original message. The contents of this message are provided without responsibility in law for their accuracy or otherwise, and without assumption of a duty of care by the School.
--------------------------------------------------------------------------------

From setienne at enesco.com  Wed Nov  5 17:55:01 2008
From: setienne at enesco.com (Scott Etienne)
Date: Wed, 05 Nov 2008 11:55:01 -0600
Subject: Identity Manager Questions
In-Reply-To: <49119FCE.E927.0018.0@mbc.qld.edu.au>
References: <49119FCE.E927.0018.0@mbc.qld.edu.au>
Message-ID: <49118994.8A67.004D.0@enesco.com>

We want to setup IDM3.5.1 to sync passwords between eDir and AD, and maybe automate account creation from eDir to AD. I have created a CN in AD named after our tree, and have constructed a duplicate structure of the first ou we want to synch. I have a simple goal in mind, but when I try to understand the parts of what's going on, I come out with more questions.

The planning guide is recommending a separate instance of eDirectory for identity vault, a test instance to better get acquainted with the way things work, etc. My boss just wants be to just get it done--with a very specific requirement here. Is IDM so complex and nebulas that I have to immerse myself in it first, before I can engage a limited deployment?

Specific questions I have include, if I need to later, can't I create a separate instance of eDir for a "vault," if it is found that I really need to do that, and if not, then why?

Another question I have is can I link accounts in multiple edirectory ou's with one policy, driver and driver set? And, if not, which piece of the puzzle handles separate containers?

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

From bbrush at gmail.com  Wed Nov  5 18:11:46 2008
From: bbrush at gmail.com (Bill Brush)
Date: Wed, 5 Nov 2008 12:11:46 -0600
Subject: Identity Manager Questions
In-Reply-To: <49118994.8A67.004D.0@enesco.com>
References: <49119FCE.E927.0018.0@mbc.qld.edu.au>
	<49118994.8A67.004D.0@enesco.com>
Message-ID: <167f4090811051011u5cec6806jb47cc19877b5ef37@mail.gmail.com>

IDM just happens to be something I have worked with quite a bit.

On Wed, Nov 5, 2008 at 11:55 AM, Scott Etienne  wrote:
> We want to setup IDM3.5.1 to sync passwords between eDir and AD, and maybe automate account creation from eDir to AD. I have created a CN in AD named after our tree, and have constructed a duplicate structure of the first ou we want to synch. I have a simple goal in mind, but when I try to understand the parts of what's going on, I come out with more questions.
>

Manually creating the mirrored tree really isn't necessary, the driver
can do it.

> The planning guide is recommending a separate instance of eDirectory for identity vault, a test instance to better get acquainted with the way things work, etc. My boss just wants be to just get it done--with a very specific requirement here. Is IDM so complex and nebulas that I have to immerse myself in it first, before I can engage a limited deployment?
>

Ok, the meta-directory recommendation stems from the expectation that
you'll want to be able to control where and how the data is propagated
by the drivers.  In a small, simple installation it is an unnecessary
added complexity.  I have been running IDM for years with just my
single eDir as the identity vault.

> Specific questions I have include, if I need to later, can't I create a separate instance of eDir for a "vault," if it is found that I really need to do that, and if not, then why?

Re-doing to the drivers to point to a separate meta-Directory is
possible, and I've considered doing it in my case since I'm getting a
lot of AD's, but it will be labor intensive.  Still for a "Get me up
and running" situation I wouldn't bother trying to get a
meta-directory going as the eDir to eDir driver is about the most
annoying to get working.

>
> Another question I have is can I link accounts in multiple edirectory ou's with one policy, driver and driver set? And, if not, which piece of the puzzle handles separate containers?
>

For the AD driver you assign a root container in each directory and
the driver will handle the object matching in the container and
sub-containers.  If you want two OU's on the same level to be but not
other OU's on that level, you'd need a separate driver for each OU,
UNLESS you use entitlements to control who gets synced and who
doesn't.  I would encourage you to use them as they can help you
control the flow.  Entitlements in the docs are this amorphous concept
that's never really explained, but basically it's just a fancy way of
flagging an object as "ok to sync."  No entitlement, it doesn't go.
If it has the entitlement, it goes.  Off or on, simple enough.

I have something like 4 AD drivers running right now, and a single
eDir, not to mention having done dozens of test cases, so I'm fairly
familiar with the AD driver, feel free to ask questions.

Bill

From geoffreycarman at gmail.com  Wed Nov  5 18:27:04 2008
From: geoffreycarman at gmail.com (Geoffrey Carman)
Date: Wed, 5 Nov 2008 14:27:04 -0400
Subject: Identity Manager Questions
In-Reply-To: <49118994.8A67.004D.0@enesco.com>
References: <49119FCE.E927.0018.0@mbc.qld.edu.au>
	<49118994.8A67.004D.0@enesco.com>
Message-ID: <993788ac0811051027p12334324pfb99535d7c5bbaad@mail.gmail.com>

IDM works well.  But it is quite a complex beast.  Not in a bad way,
but it is NOT simple.

Novell has done a truly impressive job in making the AD driver work
out of the box for most users, with little to no modifications.  So
that part is probably pretty straightforward.

The problem is that there is so much to know about it when things go
wrong.  It seems almost negligent to assume you will deal with that
aspect later.  I would feel much safer playing with it a little bit.

On Wed, Nov 5, 2008 at 1:55 PM, Scott Etienne  wrote:
> We want to setup IDM3.5.1 to sync passwords between eDir and AD, and maybe automate account creation from eDir to AD. I have created a CN in AD named after our tree, and have constructed a duplicate structure of the first ou we want to synch. I have a simple goal in mind, but when I try to understand the parts of what's going on, I come out with more questions.
>
> The planning guide is recommending a separate instance of eDirectory for identity vault, a test instance to better get acquainted with the way things work, etc. My boss just wants be to just get it done--with a very specific requirement here. Is IDM so complex and nebulas that I have to immerse myself in it first, before I can engage a limited deployment?
>
> Specific questions I have include, if I need to later, can't I create a separate instance of eDir for a "vault," if it is found that I really need to do that, and if not, then why?
>
> Another question I have is can I link accounts in multiple edirectory ou's with one policy, driver and driver set? And, if not, which piece of the puzzle handles separate containers?
>
>
>
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>

-- 
Geoffrey Carman
geoffreycarman at gmail.com

From setienne at enesco.com  Wed Nov  5 19:45:08 2008
From: setienne at enesco.com (Scott Etienne)
Date: Wed, 05 Nov 2008 13:45:08 -0600
Subject: Identity Manager Questions
In-Reply-To: <167f4090811051011u5cec6806jb47cc19877b5ef37@mail.gmail.com>
References: <49119FCE.E927.0018.0@mbc.qld.edu.au>
	<49118994.8A67.004D.0@enesco.com>
	<167f4090811051011u5cec6806jb47cc19877b5ef37@mail.gmail.com>
Message-ID: <4911A363.8A67.004D.0@enesco.com>

I just created a driver to replicate nearly our entire tree, and it wants me to pick exclusions. Thinking about it, it seems like I have a lot to exclude. There are service accounts and some admin equivalents. 

Should I create seperate drivers that point to just targeted containers for replication? 

If I should do this, then I still have a problem with a major container that has many regular user accounts, service accounts and Admin accounts. I am not sure I would want to change my edirectory structure to segregate objects. 

What are the ramifications of having admin/service account objects replicated? Sounds like it replicates admin rights with the admin user accounts over to AD, so that the Admin objects from eDir now have some or all admin rights in AD?

>>> "Bill Brush"  11/5/2008 12:11 PM >>>
IDM just happens to be something I have worked with quite a bit.

On Wed, Nov 5, 2008 at 11:55 AM, Scott Etienne  wrote:
> We want to setup IDM3.5.1 to sync passwords between eDir and AD, and maybe automate account creation from eDir to AD. I have created a CN in AD named after our tree, and have constructed a duplicate structure of the first ou we want to synch. I have a simple goal in mind, but when I try to understand the parts of what's going on, I come out with more questions.
>

Manually creating the mirrored tree really isn't necessary, the driver
can do it.

> The planning guide is recommending a separate instance of eDirectory for identity vault, a test instance to better get acquainted with the way things work, etc. My boss just wants be to just get it done--with a very specific requirement here. Is IDM so complex and nebulas that I have to immerse myself in it first, before I can engage a limited deployment?
>

Ok, the meta-directory recommendation stems from the expectation that
you'll want to be able to control where and how the data is propagated
by the drivers.  In a small, simple installation it is an unnecessary
added complexity.  I have been running IDM for years with just my
single eDir as the identity vault.

> Specific questions I have include, if I need to later, can't I create a separate instance of eDir for a "vault," if it is found that I really need to do that, and if not, then why?

Re-doing to the drivers to point to a separate meta-Directory is
possible, and I've considered doing it in my case since I'm getting a
lot of AD's, but it will be labor intensive.  Still for a "Get me up
and running" situation I wouldn't bother trying to get a
meta-directory going as the eDir to eDir driver is about the most
annoying to get working.

>
> Another question I have is can I link accounts in multiple edirectory ou's with one policy, driver and driver set? And, if not, which piece of the puzzle handles separate containers?
>

For the AD driver you assign a root container in each directory and
the driver will handle the object matching in the container and
sub-containers.  If you want two OU's on the same level to be but not
other OU's on that level, you'd need a separate driver for each OU,
UNLESS you use entitlements to control who gets synced and who
doesn't.  I would encourage you to use them as they can help you
control the flow.  Entitlements in the docs are this amorphous concept
that's never really explained, but basically it's just a fancy way of
flagging an object as "ok to sync."  No entitlement, it doesn't go.
If it has the entitlement, it goes.  Off or on, simple enough.

I have something like 4 AD drivers running right now, and a single
eDir, not to mention having done dozens of test cases, so I'm fairly
familiar with the AD driver, feel free to ask questions.

Bill
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From RGrein at tpchd.org  Wed Nov  5 19:57:09 2008
From: RGrein at tpchd.org (Randy Grein)
Date: Wed, 05 Nov 2008 11:57:09 -0800
Subject: Identity Manager Questions
In-Reply-To: <4911A363.8A67.004D.0@enesco.com>
References: <49119FCE.E927.0018.0@mbc.qld.edu.au>
	<49118994.8A67.004D.0@enesco.com>
	<167f4090811051011u5cec6806jb47cc19877b5ef37@mail.gmail.com>
	<4911A363.8A67.004D.0@enesco.com>
Message-ID: <49118A15.811E.0072.0@tpchd.org>

A couple of issues come up:

Extraneous users that have to be locked down (disabled in AD), a security issue
Extra objects that get in the way on a daily basis
'messy', relevant mostly if you're a neat freak

We went through this last spring, and the selected solution was to select user folders for replication, move service accounts that should not be replicated and mark groups to import with a description  label - so any groups we wanted were given a description of IDMSYNC. Not my idea, but it seems to work well enough.

Randy Grein
Sr. Network Engineer

>>> "Scott Etienne"  11/5/2008 11:45 AM >>>
I just created a driver to replicate nearly our entire tree, and it wants me to pick exclusions. Thinking about it, it seems like I have a lot to exclude. There are service accounts and some admin equivalents. 

Should I create seperate drivers that point to just targeted containers for replication? 

If I should do this, then I still have a problem with a major container that has many regular user accounts, service accounts and Admin accounts. I am not sure I would want to change my edirectory structure to segregate objects. 

What are the ramifications of having admin/service account objects replicated? Sounds like it replicates admin rights with the admin user accounts over to AD, so that the Admin objects from eDir now have some or all admin rights in AD?

>>> "Bill Brush"  11/5/2008 12:11 PM >>>
IDM just happens to be something I have worked with quite a bit.

On Wed, Nov 5, 2008 at 11:55 AM, Scott Etienne  wrote:
> We want to setup IDM3.5.1 to sync passwords between eDir and AD, and maybe automate account creation from eDir to AD. I have created a CN in AD named after our tree, and have constructed a duplicate structure of the first ou we want to synch. I have a simple goal in mind, but when I try to understand the parts of what's going on, I come out with more questions.
>

Manually creating the mirrored tree really isn't necessary, the driver
can do it.

> The planning guide is recommending a separate instance of eDirectory for identity vault, a test instance to better get acquainted with the way things work, etc. My boss just wants be to just get it done--with a very specific requirement here. Is IDM so complex and nebulas that I have to immerse myself in it first, before I can engage a limited deployment?
>

Ok, the meta-directory recommendation stems from the expectation that
you'll want to be able to control where and how the data is propagated
by the drivers.  In a small, simple installation it is an unnecessary
added complexity.  I have been running IDM for years with just my
single eDir as the identity vault.

> Specific questions I have include, if I need to later, can't I create a separate instance of eDir for a "vault," if it is found that I really need to do that, and if not, then why?

Re-doing to the drivers to point to a separate meta-Directory is
possible, and I've considered doing it in my case since I'm getting a
lot of AD's, but it will be labor intensive.  Still for a "Get me up
and running" situation I wouldn't bother trying to get a
meta-directory going as the eDir to eDir driver is about the most
annoying to get working.

>
> Another question I have is can I link accounts in multiple edirectory ou's with one policy, driver and driver set? And, if not, which piece of the puzzle handles separate containers?
>

For the AD driver you assign a root container in each directory and
the driver will handle the object matching in the container and
sub-containers.  If you want two OU's on the same level to be but not
other OU's on that level, you'd need a separate driver for each OU,
UNLESS you use entitlements to control who gets synced and who
doesn't.  I would encourage you to use them as they can help you
control the flow.  Entitlements in the docs are this amorphous concept
that's never really explained, but basically it's just a fancy way of
flagging an object as "ok to sync."  No entitlement, it doesn't go.
If it has the entitlement, it goes.  Off or on, simple enough.

I have something like 4 AD drivers running right now, and a single
eDir, not to mention having done dozens of test cases, so I'm fairly
familiar with the AD driver, feel free to ask questions.

Bill
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
*************************************************************************************
This e-mail and any attachments may contain confidential and privileged information. It has been scanned for viruses. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination, use, review, disclosure, or distribution of this information by a person other than the intended recipient is unauthorized and may be illegal.
**************************************************************************************

From setienne at enesco.com  Wed Nov  5 20:01:34 2008
From: setienne at enesco.com (Scott Etienne)
Date: Wed, 05 Nov 2008 14:01:34 -0600
Subject: Identity Manager Questions
In-Reply-To: <49118A15.811E.0072.0@tpchd.org>
References: <49119FCE.E927.0018.0@mbc.qld.edu.au>
	<49118994.8A67.004D.0@enesco.com>
	<167f4090811051011u5cec6806jb47cc19877b5ef37@mail.gmail.com>
	<4911A363.8A67.004D.0@enesco.com> <49118A15.811E.0072.0@tpchd.org>
Message-ID: <4911A73E.8A67.004D.0@enesco.com>

When you say description label, are you talking about the description field inside the group objects?

>>> "Randy Grein"  11/5/2008 1:57 PM >>>
A couple of issues come up:

Extraneous users that have to be locked down (disabled in AD), a security issue
Extra objects that get in the way on a daily basis
'messy', relevant mostly if you're a neat freak

We went through this last spring, and the selected solution was to select user folders for replication, move service accounts that should not be replicated and mark groups to import with a description  label - so any groups we wanted were given a description of IDMSYNC. Not my idea, but it seems to work well enough.

Randy Grein
Sr. Network Engineer

>>> "Scott Etienne"  11/5/2008 11:45 AM >>>
I just created a driver to replicate nearly our entire tree, and it wants me to pick exclusions. Thinking about it, it seems like I have a lot to exclude. There are service accounts and some admin equivalents. 

Should I create seperate drivers that point to just targeted containers for replication? 

If I should do this, then I still have a problem with a major container that has many regular user accounts, service accounts and Admin accounts. I am not sure I would want to change my edirectory structure to segregate objects. 

What are the ramifications of having admin/service account objects replicated? Sounds like it replicates admin rights with the admin user accounts over to AD, so that the Admin objects from eDir now have some or all admin rights in AD?

>>> "Bill Brush"  11/5/2008 12:11 PM >>>
IDM just happens to be something I have worked with quite a bit.

On Wed, Nov 5, 2008 at 11:55 AM, Scott Etienne  wrote:
> We want to setup IDM3.5.1 to sync passwords between eDir and AD, and maybe automate account creation from eDir to AD. I have created a CN in AD named after our tree, and have constructed a duplicate structure of the first ou we want to synch. I have a simple goal in mind, but when I try to understand the parts of what's going on, I come out with more questions.
>

Manually creating the mirrored tree really isn't necessary, the driver
can do it.

> The planning guide is recommending a separate instance of eDirectory for identity vault, a test instance to better get acquainted with the way things work, etc. My boss just wants be to just get it done--with a very specific requirement here. Is IDM so complex and nebulas that I have to immerse myself in it first, before I can engage a limited deployment?
>

Ok, the meta-directory recommendation stems from the expectation that
you'll want to be able to control where and how the data is propagated
by the drivers.  In a small, simple installation it is an unnecessary
added complexity.  I have been running IDM for years with just my
single eDir as the identity vault.

> Specific questions I have include, if I need to later, can't I create a separate instance of eDir for a "vault," if it is found that I really need to do that, and if not, then why?

Re-doing to the drivers to point to a separate meta-Directory is
possible, and I've considered doing it in my case since I'm getting a
lot of AD's, but it will be labor intensive.  Still for a "Get me up
and running" situation I wouldn't bother trying to get a
meta-directory going as the eDir to eDir driver is about the most
annoying to get working.

>
> Another question I have is can I link accounts in multiple edirectory ou's with one policy, driver and driver set? And, if not, which piece of the puzzle handles separate containers?
>

For the AD driver you assign a root container in each directory and
the driver will handle the object matching in the container and
sub-containers.  If you want two OU's on the same level to be but not
other OU's on that level, you'd need a separate driver for each OU,
UNLESS you use entitlements to control who gets synced and who
doesn't.  I would encourage you to use them as they can help you
control the flow.  Entitlements in the docs are this amorphous concept
that's never really explained, but basically it's just a fancy way of
flagging an object as "ok to sync."  No entitlement, it doesn't go.
If it has the entitlement, it goes.  Off or on, simple enough.

I have something like 4 AD drivers running right now, and a single
eDir, not to mention having done dozens of test cases, so I'm fairly
familiar with the AD driver, feel free to ask questions.

Bill
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
*************************************************************************************
This e-mail and any attachments may contain confidential and privileged information. It has been scanned for viruses. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination, use, review, disclosure, or distribution of this information by a person other than the intended recipient is unauthorized and may be illegal.
**************************************************************************************

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From RGrein at tpchd.org  Wed Nov  5 20:09:22 2008
From: RGrein at tpchd.org (Randy Grein)
Date: Wed, 05 Nov 2008 12:09:22 -0800
Subject: Identity Manager Questions
In-Reply-To: <4911A73E.8A67.004D.0@enesco.com>
References: <49119FCE.E927.0018.0@mbc.qld.edu.au>
	<49118994.8A67.004D.0@enesco.com>
	<167f4090811051011u5cec6806jb47cc19877b5ef37@mail.gmail.com>
	<4911A363.8A67.004D.0@enesco.com> <49118A15.811E.0072.0@tpchd.org>
	<4911A73E.8A67.004D.0@enesco.com>
Message-ID: <49118CF1.811E.0072.0@tpchd.org>

Yup. Funny how hard it is to describe a description field. (grin)

Randy Grein
Sr. Network Engineer

>>> "Scott Etienne"  11/5/2008 12:01 PM >>>
When you say description label, are you talking about the description field inside the group objects?

>>> "Randy Grein"  11/5/2008 1:57 PM >>>
A couple of issues come up:

Extraneous users that have to be locked down (disabled in AD), a security issue
Extra objects that get in the way on a daily basis
'messy', relevant mostly if you're a neat freak

We went through this last spring, and the selected solution was to select user folders for replication, move service accounts that should not be replicated and mark groups to import with a description  label - so any groups we wanted were given a description of IDMSYNC. Not my idea, but it seems to work well enough.

Randy Grein
Sr. Network Engineer

>>> "Scott Etienne"  11/5/2008 11:45 AM >>>
I just created a driver to replicate nearly our entire tree, and it wants me to pick exclusions. Thinking about it, it seems like I have a lot to exclude. There are service accounts and some admin equivalents. 

Should I create seperate drivers that point to just targeted containers for replication? 

If I should do this, then I still have a problem with a major container that has many regular user accounts, service accounts and Admin accounts. I am not sure I would want to change my edirectory structure to segregate objects. 

What are the ramifications of having admin/service account objects replicated? Sounds like it replicates admin rights with the admin user accounts over to AD, so that the Admin objects from eDir now have some or all admin rights in AD?

>>> "Bill Brush"  11/5/2008 12:11 PM >>>
IDM just happens to be something I have worked with quite a bit.

On Wed, Nov 5, 2008 at 11:55 AM, Scott Etienne  wrote:
> We want to setup IDM3.5.1 to sync passwords between eDir and AD, and maybe automate account creation from eDir to AD. I have created a CN in AD named after our tree, and have constructed a duplicate structure of the first ou we want to synch. I have a simple goal in mind, but when I try to understand the parts of what's going on, I come out with more questions.
>

Manually creating the mirrored tree really isn't necessary, the driver
can do it.

> The planning guide is recommending a separate instance of eDirectory for identity vault, a test instance to better get acquainted with the way things work, etc. My boss just wants be to just get it done--with a very specific requirement here. Is IDM so complex and nebulas that I have to immerse myself in it first, before I can engage a limited deployment?
>

Ok, the meta-directory recommendation stems from the expectation that
you'll want to be able to control where and how the data is propagated
by the drivers.  In a small, simple installation it is an unnecessary
added complexity.  I have been running IDM for years with just my
single eDir as the identity vault.

> Specific questions I have include, if I need to later, can't I create a separate instance of eDir for a "vault," if it is found that I really need to do that, and if not, then why?

Re-doing to the drivers to point to a separate meta-Directory is
possible, and I've considered doing it in my case since I'm getting a
lot of AD's, but it will be labor intensive.  Still for a "Get me up
and running" situation I wouldn't bother trying to get a
meta-directory going as the eDir to eDir driver is about the most
annoying to get working.

>
> Another question I have is can I link accounts in multiple edirectory ou's with one policy, driver and driver set? And, if not, which piece of the puzzle handles separate containers?
>

For the AD driver you assign a root container in each directory and
the driver will handle the object matching in the container and
sub-containers.  If you want two OU's on the same level to be but not
other OU's on that level, you'd need a separate driver for each OU,
UNLESS you use entitlements to control who gets synced and who
doesn't.  I would encourage you to use them as they can help you
control the flow.  Entitlements in the docs are this amorphous concept
that's never really explained, but basically it's just a fancy way of
flagging an object as "ok to sync."  No entitlement, it doesn't go.
If it has the entitlement, it goes.  Off or on, simple enough.

I have something like 4 AD drivers running right now, and a single
eDir, not to mention having done dozens of test cases, so I'm fairly
familiar with the AD driver, feel free to ask questions.

Bill
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
*************************************************************************************
This e-mail and any attachments may contain confidential and privileged information. It has been scanned for viruses. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination, use, review, disclosure, or distribution of this information by a person other than the intended recipient is unauthorized and may be illegal.
**************************************************************************************

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
*************************************************************************************
This e-mail and any attachments may contain confidential and privileged information. It has been scanned for viruses. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination, use, review, disclosure, or distribution of this information by a person other than the intended recipient is unauthorized and may be illegal.
**************************************************************************************

From setienne at enesco.com  Wed Nov  5 20:13:33 2008
From: setienne at enesco.com (Scott Etienne)
Date: Wed, 05 Nov 2008 14:13:33 -0600
Subject: Identity Manager Questions
In-Reply-To: <49118CF1.811E.0072.0@tpchd.org>
References: <49119FCE.E927.0018.0@mbc.qld.edu.au>
	<49118994.8A67.004D.0@enesco.com>
	<167f4090811051011u5cec6806jb47cc19877b5ef37@mail.gmail.com>
	<4911A363.8A67.004D.0@enesco.com> <49118A15.811E.0072.0@tpchd.org>
	<4911A73E.8A67.004D.0@enesco.com> <49118CF1.811E.0072.0@tpchd.org>
Message-ID: <4911AA0C.8A67.004D.0@enesco.com>

Does anyone know if you can build a policy to replicate based upon group-membership? I could create a group called AD-Replicate (or whatever), and assign users to that group?

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

>>> "Randy Grein"  11/5/2008 2:09 PM >>>
Yup. Funny how hard it is to describe a description field. (grin)

Randy Grein
Sr. Network Engineer

>>> "Scott Etienne"  11/5/2008 12:01 PM >>>
When you say description label, are you talking about the description field inside the group objects?

>>> "Randy Grein"  11/5/2008 1:57 PM >>>
A couple of issues come up:

Extraneous users that have to be locked down (disabled in AD), a security issue
Extra objects that get in the way on a daily basis
'messy', relevant mostly if you're a neat freak

We went through this last spring, and the selected solution was to select user folders for replication, move service accounts that should not be replicated and mark groups to import with a description  label - so any groups we wanted were given a description of IDMSYNC. Not my idea, but it seems to work well enough.

Randy Grein
Sr. Network Engineer

>>> "Scott Etienne"  11/5/2008 11:45 AM >>>
I just created a driver to replicate nearly our entire tree, and it wants me to pick exclusions. Thinking about it, it seems like I have a lot to exclude. There are service accounts and some admin equivalents. 

Should I create seperate drivers that point to just targeted containers for replication? 

If I should do this, then I still have a problem with a major container that has many regular user accounts, service accounts and Admin accounts. I am not sure I would want to change my edirectory structure to segregate objects. 

What are the ramifications of having admin/service account objects replicated? Sounds like it replicates admin rights with the admin user accounts over to AD, so that the Admin objects from eDir now have some or all admin rights in AD?

>>> "Bill Brush"  11/5/2008 12:11 PM >>>
IDM just happens to be something I have worked with quite a bit.

On Wed, Nov 5, 2008 at 11:55 AM, Scott Etienne  wrote:
> We want to setup IDM3.5.1 to sync passwords between eDir and AD, and maybe automate account creation from eDir to AD. I have created a CN in AD named after our tree, and have constructed a duplicate structure of the first ou we want to synch. I have a simple goal in mind, but when I try to understand the parts of what's going on, I come out with more questions.
>

Manually creating the mirrored tree really isn't necessary, the driver
can do it.

> The planning guide is recommending a separate instance of eDirectory for identity vault, a test instance to better get acquainted with the way things work, etc. My boss just wants be to just get it done--with a very specific requirement here. Is IDM so complex and nebulas that I have to immerse myself in it first, before I can engage a limited deployment?
>

Ok, the meta-directory recommendation stems from the expectation that
you'll want to be able to control where and how the data is propagated
by the drivers.  In a small, simple installation it is an unnecessary
added complexity.  I have been running IDM for years with just my
single eDir as the identity vault.

> Specific questions I have include, if I need to later, can't I create a separate instance of eDir for a "vault," if it is found that I really need to do that, and if not, then why?

Re-doing to the drivers to point to a separate meta-Directory is
possible, and I've considered doing it in my case since I'm getting a
lot of AD's, but it will be labor intensive.  Still for a "Get me up
and running" situation I wouldn't bother trying to get a
meta-directory going as the eDir to eDir driver is about the most
annoying to get working.

>
> Another question I have is can I link accounts in multiple edirectory ou's with one policy, driver and driver set? And, if not, which piece of the puzzle handles separate containers?
>

For the AD driver you assign a root container in each directory and
the driver will handle the object matching in the container and
sub-containers.  If you want two OU's on the same level to be but not
other OU's on that level, you'd need a separate driver for each OU,
UNLESS you use entitlements to control who gets synced and who
doesn't.  I would encourage you to use them as they can help you
control the flow.  Entitlements in the docs are this amorphous concept
that's never really explained, but basically it's just a fancy way of
flagging an object as "ok to sync."  No entitlement, it doesn't go.
If it has the entitlement, it goes.  Off or on, simple enough.

I have something like 4 AD drivers running right now, and a single
eDir, not to mention having done dozens of test cases, so I'm fairly
familiar with the AD driver, feel free to ask questions.

Bill
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
*************************************************************************************
This e-mail and any attachments may contain confidential and privileged information. It has been scanned for viruses. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination, use, review, disclosure, or distribution of this information by a person other than the intended recipient is unauthorized and may be illegal.
**************************************************************************************

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
*************************************************************************************
This e-mail and any attachments may contain confidential and privileged information. It has been scanned for viruses. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination, use, review, disclosure, or distribution of this information by a person other than the intended recipient is unauthorized and may be illegal.
**************************************************************************************

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From petervl at gmail.com  Wed Nov  5 20:43:04 2008
From: petervl at gmail.com (Peter Van Lone)
Date: Wed, 5 Nov 2008 14:43:04 -0600
Subject: Identity Manager Questions
In-Reply-To: <4911AA0C.8A67.004D.0@enesco.com>
References: <49119FCE.E927.0018.0@mbc.qld.edu.au>
	<49118994.8A67.004D.0@enesco.com>
	<167f4090811051011u5cec6806jb47cc19877b5ef37@mail.gmail.com>
	<4911A363.8A67.004D.0@enesco.com> <49118A15.811E.0072.0@tpchd.org>
	<4911A73E.8A67.004D.0@enesco.com> <49118CF1.811E.0072.0@tpchd.org>
	<4911AA0C.8A67.004D.0@enesco.com>
Message-ID: <68b791330811051243o134c79c2p86dfcba29082e710@mail.gmail.com>

matching rule, selecting on group membership should work just fine.

I think it would be cleaner to just do it on a container basis frankly
-- that way you can keep the driver basically generic. Should not be
too hard to just move service accounts, etc to a diff AD container ...

p

On Wed, Nov 5, 2008 at 2:13 PM, Scott Etienne  wrote:
> Does anyone know if you can build a policy to replicate based upon group-membership? I could create a group called AD-Replicate (or whatever), and assign users to that group?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com
>
>
>
>
>>>> "Randy Grein"  11/5/2008 2:09 PM >>>
> Yup. Funny how hard it is to describe a description field. (grin)
>
> Randy Grein
> Sr. Network Engineer
>
>
>>>> "Scott Etienne"  11/5/2008 12:01 PM >>>
> When you say description label, are you talking about the description field inside the group objects?
>
>>>> "Randy Grein"  11/5/2008 1:57 PM >>>
> A couple of issues come up:
>
> Extraneous users that have to be locked down (disabled in AD), a security issue
> Extra objects that get in the way on a daily basis
> 'messy', relevant mostly if you're a neat freak
>
> We went through this last spring, and the selected solution was to select user folders for replication, move service accounts that should not be replicated and mark groups to import with a description  label - so any groups we wanted were given a description of IDMSYNC. Not my idea, but it seems to work well enough.
>
> Randy Grein
> Sr. Network Engineer
>
>
>>>> "Scott Etienne"  11/5/2008 11:45 AM >>>
> I just created a driver to replicate nearly our entire tree, and it wants me to pick exclusions. Thinking about it, it seems like I have a lot to exclude. There are service accounts and some admin equivalents.
>
> Should I create seperate drivers that point to just targeted containers for replication?
>
> If I should do this, then I still have a problem with a major container that has many regular user accounts, service accounts and Admin accounts. I am not sure I would want to change my edirectory structure to segregate objects.
>
> What are the ramifications of having admin/service account objects replicated? Sounds like it replicates admin rights with the admin user accounts over to AD, so that the Admin objects from eDir now have some or all admin rights in AD?
>
>
>
>>>> "Bill Brush"  11/5/2008 12:11 PM >>>
> IDM just happens to be something I have worked with quite a bit.
>
> On Wed, Nov 5, 2008 at 11:55 AM, Scott Etienne  wrote:
>> We want to setup IDM3.5.1 to sync passwords between eDir and AD, and maybe automate account creation from eDir to AD. I have created a CN in AD named after our tree, and have constructed a duplicate structure of the first ou we want to synch. I have a simple goal in mind, but when I try to understand the parts of what's going on, I come out with more questions.
>>
>
> Manually creating the mirrored tree really isn't necessary, the driver
> can do it.
>
>> The planning guide is recommending a separate instance of eDirectory for identity vault, a test instance to better get acquainted with the way things work, etc. My boss just wants be to just get it done--with a very specific requirement here. Is IDM so complex and nebulas that I have to immerse myself in it first, before I can engage a limited deployment?
>>
>
> Ok, the meta-directory recommendation stems from the expectation that
> you'll want to be able to control where and how the data is propagated
> by the drivers.  In a small, simple installation it is an unnecessary
> added complexity.  I have been running IDM for years with just my
> single eDir as the identity vault.
>
>> Specific questions I have include, if I need to later, can't I create a separate instance of eDir for a "vault," if it is found that I really need to do that, and if not, then why?
>
> Re-doing to the drivers to point to a separate meta-Directory is
> possible, and I've considered doing it in my case since I'm getting a
> lot of AD's, but it will be labor intensive.  Still for a "Get me up
> and running" situation I wouldn't bother trying to get a
> meta-directory going as the eDir to eDir driver is about the most
> annoying to get working.
>
>>
>> Another question I have is can I link accounts in multiple edirectory ou's with one policy, driver and driver set? And, if not, which piece of the puzzle handles separate containers?
>>
>
> For the AD driver you assign a root container in each directory and
> the driver will handle the object matching in the container and
> sub-containers.  If you want two OU's on the same level to be but not
> other OU's on that level, you'd need a separate driver for each OU,
> UNLESS you use entitlements to control who gets synced and who
> doesn't.  I would encourage you to use them as they can help you
> control the flow.  Entitlements in the docs are this amorphous concept
> that's never really explained, but basically it's just a fancy way of
> flagging an object as "ok to sync."  No entitlement, it doesn't go.
> If it has the entitlement, it goes.  Off or on, simple enough.
>
> I have something like 4 AD drivers running right now, and a single
> eDir, not to mention having done dozens of test cases, so I'm fairly
> familiar with the AD driver, feel free to ask questions.
>
> Bill
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
> *************************************************************************************
> This e-mail and any attachments may contain confidential and privileged information. It has been scanned for viruses. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination, use, review, disclosure, or distribution of this information by a person other than the intended recipient is unauthorized and may be illegal.
> **************************************************************************************
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
> *************************************************************************************
> This e-mail and any attachments may contain confidential and privileged information. It has been scanned for viruses. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination, use, review, disclosure, or distribution of this information by a person other than the intended recipient is unauthorized and may be illegal.
> **************************************************************************************
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>

-- 
Everything is vague to a degree you do not realize till you have tried
to make it precise.

Bertrand Russell

http://xkcd.com/167/
www.the-brights.net

From bbrush at gmail.com  Wed Nov  5 20:46:08 2008
From: bbrush at gmail.com (Bill Brush)
Date: Wed, 5 Nov 2008 14:46:08 -0600
Subject: Identity Manager Questions
In-Reply-To: <4911AA0C.8A67.004D.0@enesco.com>
References: <49119FCE.E927.0018.0@mbc.qld.edu.au>
	<49118994.8A67.004D.0@enesco.com>
	<167f4090811051011u5cec6806jb47cc19877b5ef37@mail.gmail.com>
	<4911A363.8A67.004D.0@enesco.com> <49118A15.811E.0072.0@tpchd.org>
	<4911A73E.8A67.004D.0@enesco.com> <49118CF1.811E.0072.0@tpchd.org>
	<4911AA0C.8A67.004D.0@enesco.com>
Message-ID: <167f4090811051246j6c08370aia6253f5e9ec55690@mail.gmail.com>

Yes.  I do this on 3 of my AD's by basing the entitlement on the group
membership.  Entitlements are very handy for eliminating objects from
the AD that shouldn't be there.

Exclusions are just that, objects that should not be processed.  I
always eliminate the admin account.

Security equivalence is what object the driver can operate as in eDir.
 I always set mine to admin, but you could create a limited admin if
that's what you want.

Bill

On Wed, Nov 5, 2008 at 2:13 PM, Scott Etienne  wrote:
> Does anyone know if you can build a policy to replicate based upon group-membership? I could create a group called AD-Replicate (or whatever), and assign users to that group?
>

From Steven.Aitken at nds8.co.uk  Wed Nov  5 22:34:02 2008
From: Steven.Aitken at nds8.co.uk (Steven Aitken)
Date: Wed, 05 Nov 2008 22:34:02 +0000
Subject: Identity Manager Questions
In-Reply-To: <49121F5A0200000700014A96@mail2.nds8.com>
References: <49121F5A0200000700014A93@mail2.nds8.com>
	<49121F5A0200000700014A96@mail2.nds8.com>
Message-ID: <49121F5A0200000700014A96@mail2.nds8.com>

There are a number of ways to exclude objects being replicated, but what
one or indeed combination will work best for you, depends on your needs
and edirectory structure.

As you've already discovered, you have the static exclusion list, where
named objects will never get replicated. You would usually have your
admin user in here, at the very least, but this is list is tricky to
maintain and the least dynamic of all your options.

As others have mentioned here, you have the ability to use entitlements
to control the object flow from edir to ad. These can be very powerful,
especially when used as part of a workflow process in the user
application. I tend to use entitlements for fine grained replication
control as part of workflow, or fed by dynamic group membership where
the entitlement is granted automatically based on a combination of
attributes set on the user object.

Last, but by no means least, you have the ability to veto user
creations, based on rules in the creation policy set. For example you
can veto all creations if the source object is in a specific subtree, or
if a specific string is present in the CN or any other attribute. If you
know that all your admin users have admin in their name, or description
field, just write a creation policy that performs these tests and vetos
the operation accordingly.

Steve

My favoured approach to control bulk  
-----Original Message-----
From: "Scott Etienne" 
To: Novell LAN Interest Group 

Sent: 05/11/2008 19:45:08
Subject: Re: Identity Manager Questions

I just created a driver to replicate nearly our entire tree, and it
wants me to pick exclusions. Thinking about it, it seems like I have a
lot to exclude. There are service accounts and some admin equivalents. 

Should I create seperate drivers that point to just targeted containers
for replication? 

If I should do this, then I still have a problem with a major container
that has many regular user accounts, service accounts and Admin
accounts. I am not sure I would want to change my edirectory structure
to segregate objects. 

What are the ramifications of having admin/service account objects
replicated? Sounds like it replicates admin rights with the admin user
accounts over to AD, so that the Admin objects from eDir now have some
or all admin rights in AD?

>>> "Bill Brush"  11/5/2008 12:11 PM >>>
IDM just happens to be something I have worked with quite a bit.

On Wed, Nov 5, 2008 at 11:55 AM, Scott Etienne 
wrote:
> We want to setup IDM3.5.1 to sync passwords between eDir and AD, and
maybe automate account creation from eDir to AD. I have created a CN in
AD named after our tree, and have constructed a duplicate structure of
the first ou we want to synch. I have a simple goal in mind, but when I
try to understand the parts of what's going on, I come out with more
questions.
>

Manually creating the mirrored tree really isn't necessary, the driver
can do it.

> The planning guide is recommending a separate instance of eDirectory
for identity vault, a test instance to better get acquainted with the
way things work, etc. My boss just wants be to just get it done--with a
very specific requirement here. Is IDM so complex and nebulas that I
have to immerse myself in it first, before I can engage a limited
deployment?
>

Ok, the meta-directory recommendation stems from the expectation that
you'll want to be able to control where and how the data is propagated
by the drivers.  In a small, simple installation it is an unnecessary
added complexity.  I have been running IDM for years with just my
single eDir as the identity vault.

> Specific questions I have include, if I need to later, can't I create
a separate instance of eDir for a "vault," if it is found that I really
need to do that, and if not, then why?

Re-doing to the drivers to point to a separate meta-Directory is
possible, and I've considered doing it in my case since I'm getting a
lot of AD's, but it will be labor intensive.  Still for a "Get me up
and running" situation I wouldn't bother trying to get a
meta-directory going as the eDir to eDir driver is about the most
annoying to get working.

>
> Another question I have is can I link accounts in multiple edirectory
ou's with one policy, driver and driver set? And, if not, which piece of
the puzzle handles separate containers?
>

For the AD driver you assign a root container in each directory and
the driver will handle the object matching in the container and
sub-containers.  If you want two OU's on the same level to be but not
other OU's on that level, you'd need a separate driver for each OU,
UNLESS you use entitlements to control who gets synced and who
doesn't.  I would encourage you to use them as they can help you
control the flow.  Entitlements in the docs are this amorphous concept
that's never really explained, but basically it's just a fancy way of
flagging an object as "ok to sync."  No entitlement, it doesn't go.
If it has the entitlement, it goes.  Off or on, simple enough.

I have something like 4 AD drivers running right now, and a single
eDir, not to mention having done dozens of test cases, so I'm fairly
familiar with the AD driver, feel free to ask questions.

Bill
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.

From setienne at enesco.com  Thu Nov  6 13:59:30 2008
From: setienne at enesco.com (Scott Etienne)
Date: Thu, 06 Nov 2008 07:59:30 -0600
Subject: Identity Manager Questions
In-Reply-To: <49121F5A0200000700014A96@mail2.nds8.com>
References: <49121F5A0200000700014A93@mail2.nds8.com>
	<49121F5A0200000700014A96@mail2.nds8.com>
	<49121F5A0200000700014A96@mail2.nds8.com>
Message-ID: <4912A3E1.8A67.004D.0@enesco.com>

Steve,

I selected 'no' to a question about installing or enabling Entitlements when I created the driver. Should I have answered 'yes'?

Scott

>>> "Steven Aitken"  11/5/2008 4:34 PM >>>
There are a number of ways to exclude objects being replicated, but what
one or indeed combination will work best for you, depends on your needs
and edirectory structure.

As you've already discovered, you have the static exclusion list, where
named objects will never get replicated. You would usually have your
admin user in here, at the very least, but this is list is tricky to
maintain and the least dynamic of all your options.

As others have mentioned here, you have the ability to use entitlements
to control the object flow from edir to ad. These can be very powerful,
especially when used as part of a workflow process in the user
application. I tend to use entitlements for fine grained replication
control as part of workflow, or fed by dynamic group membership where
the entitlement is granted automatically based on a combination of
attributes set on the user object.

Last, but by no means least, you have the ability to veto user
creations, based on rules in the creation policy set. For example you
can veto all creations if the source object is in a specific subtree, or
if a specific string is present in the CN or any other attribute. If you
know that all your admin users have admin in their name, or description
field, just write a creation policy that performs these tests and vetos
the operation accordingly.

Steve

My favoured approach to control bulk  
-----Original Message-----
From: "Scott Etienne" 
To: Novell LAN Interest Group 

Sent: 05/11/2008 19:45:08
Subject: Re: Identity Manager Questions

I just created a driver to replicate nearly our entire tree, and it
wants me to pick exclusions. Thinking about it, it seems like I have a
lot to exclude. There are service accounts and some admin equivalents. 

Should I create seperate drivers that point to just targeted containers
for replication? 

If I should do this, then I still have a problem with a major container
that has many regular user accounts, service accounts and Admin
accounts. I am not sure I would want to change my edirectory structure
to segregate objects. 

What are the ramifications of having admin/service account objects
replicated? Sounds like it replicates admin rights with the admin user
accounts over to AD, so that the Admin objects from eDir now have some
or all admin rights in AD?

>>> "Bill Brush"  11/5/2008 12:11 PM >>>
IDM just happens to be something I have worked with quite a bit.

On Wed, Nov 5, 2008 at 11:55 AM, Scott Etienne 
wrote:
> We want to setup IDM3.5.1 to sync passwords between eDir and AD, and
maybe automate account creation from eDir to AD. I have created a CN in
AD named after our tree, and have constructed a duplicate structure of
the first ou we want to synch. I have a simple goal in mind, but when I
try to understand the parts of what's going on, I come out with more
questions.
>

Manually creating the mirrored tree really isn't necessary, the driver
can do it.

> The planning guide is recommending a separate instance of eDirectory
for identity vault, a test instance to better get acquainted with the
way things work, etc. My boss just wants be to just get it done--with a
very specific requirement here. Is IDM so complex and nebulas that I
have to immerse myself in it first, before I can engage a limited
deployment?
>

Ok, the meta-directory recommendation stems from the expectation that
you'll want to be able to control where and how the data is propagated
by the drivers.  In a small, simple installation it is an unnecessary
added complexity.  I have been running IDM for years with just my
single eDir as the identity vault.

> Specific questions I have include, if I need to later, can't I create
a separate instance of eDir for a "vault," if it is found that I really
need to do that, and if not, then why?

Re-doing to the drivers to point to a separate meta-Directory is
possible, and I've considered doing it in my case since I'm getting a
lot of AD's, but it will be labor intensive.  Still for a "Get me up
and running" situation I wouldn't bother trying to get a
meta-directory going as the eDir to eDir driver is about the most
annoying to get working.

>
> Another question I have is can I link accounts in multiple edirectory
ou's with one policy, driver and driver set? And, if not, which piece of
the puzzle handles separate containers?
>

For the AD driver you assign a root container in each directory and
the driver will handle the object matching in the container and
sub-containers.  If you want two OU's on the same level to be but not
other OU's on that level, you'd need a separate driver for each OU,
UNLESS you use entitlements to control who gets synced and who
doesn't.  I would encourage you to use them as they can help you
control the flow.  Entitlements in the docs are this amorphous concept
that's never really explained, but basically it's just a fancy way of
flagging an object as "ok to sync."  No entitlement, it doesn't go.
If it has the entitlement, it goes.  Off or on, simple enough.

I have something like 4 AD drivers running right now, and a single
eDir, not to mention having done dozens of test cases, so I'm fairly
familiar with the AD driver, feel free to ask questions.

Bill
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From guruweaver at gmail.com  Thu Nov  6 14:17:57 2008
From: guruweaver at gmail.com (Michael Weaver)
Date: Thu, 6 Nov 2008 09:17:57 -0500
Subject: Identity Manager Questions
In-Reply-To: <4912A3E1.8A67.004D.0@enesco.com>
References: <49121F5A0200000700014A93@mail2.nds8.com>
	<49121F5A0200000700014A96@mail2.nds8.com>
	<4912A3E1.8A67.004D.0@enesco.com>
Message-ID: <7b870f120811060617p7a610a80o2ab5d27cb6ac413e@mail.gmail.com>

On Thu, Nov 6, 2008 at 8:59 AM, Scott Etienne  wrote:

> Steve,
>
> I selected 'no' to a question about installing or enabling Entitlements
> when I created the driver. Should I have answered 'yes'?
>
> Scott
>
>
If you want entitlement support, then yes. If you don't tell it you want to
use entitlements when you import the initial configuration, the entitlement
supporting policies will not be created.

If you want to keep the driver you've already started working on, you can
import a new AD driver as a "Dummy" (bogus values in the import wizard) and
copy over the entitlement policies, there's quite a few in both channels. Or
just recreate it.

Mike

-- 
Michael Weaver      Curmudgeon, Motorcyclist, Gamer
guruweaver at gmail.com
http://www.livejournal.com/users/guruweaver/
Do you use your powers for good, or for awesome?

From setienne at enesco.com  Thu Nov  6 14:21:13 2008
From: setienne at enesco.com (Scott Etienne)
Date: Thu, 06 Nov 2008 08:21:13 -0600
Subject: Identity Manager Questions
In-Reply-To: <7b870f120811060617p7a610a80o2ab5d27cb6ac413e@mail.gmail.com>
References: <49121F5A0200000700014A93@mail2.nds8.com>
	<49121F5A0200000700014A96@mail2.nds8.com>
	<4912A3E1.8A67.004D.0@enesco.com>
	<7b870f120811060617p7a610a80o2ab5d27cb6ac413e@mail.gmail.com>
Message-ID: <4912A8F8.8A67.004D.0@enesco.com>

I have no idea what Entitlement Support is.

>>> "Michael Weaver"  11/6/2008 8:17 AM >>>
On Thu, Nov 6, 2008 at 8:59 AM, Scott Etienne  wrote:

> Steve,
>
> I selected 'no' to a question about installing or enabling Entitlements
> when I created the driver. Should I have answered 'yes'?
>
> Scott
>
>
If you want entitlement support, then yes. If you don't tell it you want to
use entitlements when you import the initial configuration, the entitlement
supporting policies will not be created.

If you want to keep the driver you've already started working on, you can
import a new AD driver as a "Dummy" (bogus values in the import wizard) and
copy over the entitlement policies, there's quite a few in both channels. Or
just recreate it.

Mike

-- 
Michael Weaver      Curmudgeon, Motorcyclist, Gamer
guruweaver at gmail.com 
http://www.livejournal.com/users/guruweaver/ 
Do you use your powers for good, or for awesome?
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From Steven.Aitken at nds8.co.uk  Thu Nov  6 15:00:29 2008
From: Steven.Aitken at nds8.co.uk (Steven Aitken)
Date: Thu, 06 Nov 2008 15:00:29 +0000
Subject: Identity Manager Questions
In-Reply-To: <4913068D0200000700014AA8@mail2.nds8.com>
References: <4913068D0200000700014AA5@mail2.nds8.com>
	<4913068D0200000700014AA8@mail2.nds8.com>
Message-ID: <4913068D0200000700014AA8@mail2.nds8.com>

Think of an entitlement as a special attribute that exists on a user
object. You can do some clever things with them, but their basic
operation and assignment really works in two ways:

1. The entitlement attribute is set as part of a workflow from the user
application. An example would be that a user logs into the user app and
requests access to a resource, such as console operator rights to a
server. The workflow process sets or revokes the entitlement attribute
on the user object and an IDM driver responds to the change in the
entitlement state.

2. The entitlement is granted or revoked automatically by the
entitlements service driver, based on criteria on user objects. In
reality, this operates identically to an LDAP dynamic group, always
checking to see if users meet the criteria to grant or revoke an
entitlement. This crieria could be the users location in eDirectory, or
a combination of attribute values. For example if the user is in the
OU=tech,O=mycorp and they have a location attribute set to "south east"
the entitlements service driver (another IDM driver that's deployed into
the driver set) could be configured to look for this combination and set
a "south east console operator" entitlement on the user object.

Its important to remember that entitlements on their own do absolutely
nothing - they are simply attributes on a user object that act as
triggers to tell an IDM driver that it has some work to do. 

When you create an IDM driver and get prompted if you would like to
enable entitlement support, this will determine how the driver creation
wizard creates the driver in the first place. If you select no, there's
nothing stopping you to add entitlement support at a later date, but the
driver won't include it in its initial build script.

So, enough of the background reading and back to business :)

Should you have built your drivers with entitlement support? I would say
no, as you want to replicate the bulk of edir with your ad. 

How would I write your driver? Mirror a top level ou structure from edir
to ad and exclude certain ou's and user names from within the creation
policy set on the subscriber channel.

Hope this helps clarify things rather than muddy the waters...

Cheers,

Steve 
-----Original Message-----
From: "Scott Etienne" 
To: Novell LAN Interest Group 

Sent: 06/11/2008 14:21:13
Subject: Re: Identity Manager Questions

I have no idea what Entitlement Support is.

>>> "Michael Weaver"  11/6/2008 8:17 AM >>>
On Thu, Nov 6, 2008 at 8:59 AM, Scott Etienne 
wrote:

> Steve,
>
> I selected 'no' to a question about installing or enabling
Entitlements
> when I created the driver. Should I have answered 'yes'?
>
> Scott
>
>
If you want entitlement support, then yes. If you don't tell it you want
to
use entitlements when you import the initial configuration, the
entitlement
supporting policies will not be created.

If you want to keep the driver you've already started working on, you
can
import a new AD driver as a "Dummy" (bogus values in the import wizard)
and
copy over the entitlement policies, there's quite a few in both
channels. Or
just recreate it.

Mike

-- 
Michael Weaver      Curmudgeon, Motorcyclist, Gamer
guruweaver at gmail.com 
http://www.livejournal.com/users/guruweaver/ 
Do you use your powers for good, or for awesome?
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.

From bbrush at gmail.com  Thu Nov  6 15:01:45 2008
From: bbrush at gmail.com (Bill Brush)
Date: Thu, 6 Nov 2008 09:01:45 -0600
Subject: Identity Manager Questions
In-Reply-To: <4912A8F8.8A67.004D.0@enesco.com>
References: <49121F5A0200000700014A93@mail2.nds8.com>
	<49121F5A0200000700014A96@mail2.nds8.com>
	<4912A3E1.8A67.004D.0@enesco.com>
	<7b870f120811060617p7a610a80o2ab5d27cb6ac413e@mail.gmail.com>
	<4912A8F8.8A67.004D.0@enesco.com>
Message-ID: <167f4090811060701v497e7205nf898300497679a83@mail.gmail.com>

On Thu, Nov 6, 2008 at 8:21 AM, Scott Etienne  wrote:
> I have no idea what Entitlement Support is.
>
>>>> "Michael Weaver"  11/6/2008 8:17 AM >>>
> On Thu, Nov 6, 2008 at 8:59 AM, Scott Etienne  wrote:
>
>> Steve,
>>
>> I selected 'no' to a question about installing or enabling Entitlements
>> when I created the driver. Should I have answered 'yes'?
>>

And you would not be alone in that.  They are not explained very well
in the docs.  It took me a while before I grasped what they are, and
when I did I was a little annoyed that they're so opaque.

Basically an entitlement is a logical "check box" on the user object.

As the user is created or modified, the event gets picked up by the
IDM driver, and it starts processing it.

As the event propagates towards the AD side of the house, all of the
normal modifications and checks are done, but at the last stage, the
doorway to AD, there's a bouncer.  The bouncer grabs the user and says
"Yo boy, are you entitled to go through this door?"   If the user has
the entitlement, the bouncer lets it through.  If the user doesn't,
then it is rejected until such time as it gets the entitlement.

Simple.

You can enable the entitlements by simply re-running the configuration
wizard on your driver.  As long as you didn't customize the policies
it's quick and painless.

Now the question becomes, "How do I grant entitlements?"

That isn't too bad either.

You create a role-based services driver, which as I recall doesn't
require any real input from the creator.

You create a entitlement policy with the iManager plugin which says
"If  then grant the entitlement ."  I won't kid you, creating
these policies can be tricky, but basing it on a group or OU
membership or something isn't too bad.  They can be pretty powerful,
which combined with a dynamic group.

Bill

From jetadmin at gmail.com  Fri Nov  7 04:21:55 2008
From: jetadmin at gmail.com (Eric Rothweiler)
Date: Thu, 6 Nov 2008 23:21:55 -0500
Subject: edir 8.7.3.10b install problem (solved)
In-Reply-To: 
References: 

Message-ID: <1d6cdac70811062021q1fd873b8u9117fff468473d12@mail.gmail.com>

NWConfig is 8.3 name constrained.  Did that ips file come from Novell or was
it manipulated by someone in your shop?

On Mon, Nov 3, 2008 at 1:42 PM, Daniel Tran  wrote:

> Yikes ...
> The installation script tried to create the backup directory named
> "edirbackup.8.7.7.10".
> I guess the name is too long eventhough sys: is nss with long name
> support.
> I ended up modifying the "setup.ils" file located in the install\4
> directory where:
>
>
> setvar backupDir, 'SYS:SYSTEM\\EDIRBACKUP.%{eDirVersion}'
>
> to:
>
> setvar backupDir, 'SYS:SYSTEM\\myold'
>
> After that, the patch ran nicely.
>
>
>
>
> -----Original Message-----
> From: novell-bounces at netlab1.oucs.ox.ac.uk
> [mailto:novell-bounces at netlab1.oucs.ox.ac.uk] On Behalf Of Daniel Tran
> Sent: Monday, November 03, 2008 7:47 AM
> To: Novell LAN Interest Group
> Subject: edir 8.7.3.10b install problem
>
> Hi.
>
> I'm trying to install edir 8.7.3.10b on a netware 6 test server.
>
> I' getting this error in nwconfig:
>
> - Directory "sys:system\edirbackup.8.7.3.10 cannot be created.
> Error: error  code 135 (87 hex). (ICMD-5.0-5)
>
>
>
> Any ideas ?
>
> Thanks
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>

From jetadmin at gmail.com  Fri Nov  7 04:27:15 2008
From: jetadmin at gmail.com (Eric Rothweiler)
Date: Thu, 6 Nov 2008 23:27:15 -0500
Subject: Enabling Universal Password
In-Reply-To: <490ED63A.2FC1.0024.0@vvc.edu>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
Message-ID: <1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>

Be on the latest eDir, NMAS, and Security Services patches that apply.

When you create your Universal Password policy associate it with one user
object then add a few more until you have confidence in what is going to be
experienced. I would wait at least one password expiration cycle before
going out to everyone if possible as the password expiration process may
reveal problems not previously thought through.

The good thing is at this point UP is pretty solid and simple, the earlier
adopters (2 years ago) were the ones that took the pain.

On Mon, Nov 3, 2008 at 1:45 PM, Brian Hatchell  wrote:

> I will be implementing this real soon to get password complexity
> requirements enforced.
>
> Does anyone want to share details about 'gotchas'
>
> Brian Hatchell
> Network Manager
> Victor Valley College
> 760 245-4271 x2792
>
> "A good plan, violently executed now, is better than a perfect plan next
> week."
>
> - General George S. Patton
>
> Check my Blog at
> http://gwcal.vvc.edu/mplusextranet/scp.dll/blog?user=hatchellb
>
>
> >>> On 11/3/2008 at 10:37 AM, in message <
> 490F61270200004E00043D5F at com-gwweb.hamk.fi>, "Sami Kapanen" <
> Sami.Kapanen at hamk.fi> wrote:
> UP wins.
> Be carefull with Universal Password, we had big issues when we turned it
> on.
> Read the docs about the password policies, as the normal password
> restricstions won't apply anymore.
>
> -sk
>
> >>> "Scott Etienne"  11/03/08 6:59 PM >>>
> Right now we have users who have to remember multiple passwords because we
> didn't turn on universal password for any of our containers. My question is,
> when we turn it on, which password wins, NDS/eDirectory or Universal
> Password?
>
> What else should I know before trying it?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>

From Setienne at enesco.com  Fri Nov  7 15:39:12 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Fri, 07 Nov 2008 09:39:12 -0600
Subject: Basic-level Clustering
In-Reply-To: <1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
Message-ID: <49140CBF.8A77.004D.0@enesco.com>

I gather from the Novell documentation, that shared disk is _not_ required to do clustering--is this right?

If this is the case, then I may want to setup clustering to do simple failover for eDirectory-based services like DHCP.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

From mrsmith at oconee.k12.ga.us  Fri Nov  7 16:19:08 2008
From: mrsmith at oconee.k12.ga.us (Matt Smith)
Date: Fri, 07 Nov 2008 11:19:08 -0500
Subject: Basic-level Clustering
In-Reply-To: <49140CBF.8A77.004D.0@enesco.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
	<49140CBF.8A77.004D.0@enesco.com>
Message-ID: <49142427.E4C1.0068.0@oconee.k12.ga.us>

>>> On 11/7/2008 at 10:39 AM, in message
<49140CBF.8A77.004D.0 at enesco.com>, "Scott
Etienne"  wrote:
> I gather from the Novell documentation, that shared disk is _not_
required to 
> do clustering--is this right?
>  
> If this is the case, then I may want to setup clustering to do simple

> failover for eDirectory-based services like DHCP.

Depends on whether you're talking a file-system cluster or application
clustering a.k.a fail-over.  I'm not an expert, but for DHCP, you should
not need shared disk to allow the service to fail over between servers.

-Matt
-- 

Matt Smith                Network Technology Specialist
Oconee County School System, Oconee County, Georgia
Office of Instruction and Technology       706-769-5685

From joea at j4computers.com  Fri Nov  7 16:31:41 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Fri, 07 Nov 2008 11:31:41 -0500
Subject: Basic-level Clustering
Message-ID: <4914271D020000850005ED45@FS-LIN-OES>

If you are referring to Novell Cluster Services, then AFAIK, it is centered around the concept of "shared disk".  

joe a.

>>> "Scott Etienne"  11/07/08 10:38 AM >>>
I gather from the Novell documentation, that shared disk is _not_ required to do clustering--is this right?

If this is the case, then I may want to setup clustering to do simple failover for eDirectory-based services like DHCP.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From bbrush at gmail.com  Fri Nov  7 17:06:54 2008
From: bbrush at gmail.com (Bill Brush)
Date: Fri, 7 Nov 2008 11:06:54 -0600
Subject: Basic-level Clustering
In-Reply-To: <49140CBF.8A77.004D.0@enesco.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
	<49140CBF.8A77.004D.0@enesco.com>
Message-ID: <167f4090811070906y6f9c40b7kffcd2682f8020e4@mail.gmail.com>

If the resources require no disk then they can be clustered without
shared storage.  The SBD partition is required if you have any
resources that provides or requires storage.

There are precious few of those services that Netware provides, but
IIRC DHCP is one of them.

Bill

On Fri, Nov 7, 2008 at 9:39 AM, Scott Etienne  wrote:
> I gather from the Novell documentation, that shared disk is _not_ required to do clustering--is this right?
>
> If this is the case, then I may want to setup clustering to do simple failover for eDirectory-based services like DHCP.
>
>
> Thank you,
>

From dtran at ssc.ucla.edu  Fri Nov  7 18:20:51 2008
From: dtran at ssc.ucla.edu (Daniel Tran)
Date: Fri, 7 Nov 2008 10:20:51 -0800
Subject: edir 8.7.3.10b install problem (solved)
In-Reply-To: <1d6cdac70811062021q1fd873b8u9117fff468473d12@mail.gmail.com>
References: 
	<1d6cdac70811062021q1fd873b8u9117fff468473d12@mail.gmail.com>
Message-ID: 

Eric,
I modified the original ips.
Sorry I was unclear.

Daniel

-----Original Message-----
From: novell-bounces at netlab1.oucs.ox.ac.uk
[mailto:novell-bounces at netlab1.oucs.ox.ac.uk] On Behalf Of Eric
Rothweiler
Sent: Thursday, November 06, 2008 8:22 PM
To: Novell LAN Interest Group
Subject: Re: edir 8.7.3.10b install problem (solved)

NWConfig is 8.3 name constrained.  Did that ips file come from Novell or
was
it manipulated by someone in your shop?

On Mon, Nov 3, 2008 at 1:42 PM, Daniel Tran  wrote:

> Yikes ...
> The installation script tried to create the backup directory named
> "edirbackup.8.7.7.10".
> I guess the name is too long eventhough sys: is nss with long name
> support.
> I ended up modifying the "setup.ils" file located in the install\4
> directory where:
>
>
> setvar backupDir, 'SYS:SYSTEM\\EDIRBACKUP.%{eDirVersion}'
>
> to:
>
> setvar backupDir, 'SYS:SYSTEM\\myold'
>
> After that, the patch ran nicely.
>
>
>
>
> -----Original Message-----
> From: novell-bounces at netlab1.oucs.ox.ac.uk
> [mailto:novell-bounces at netlab1.oucs.ox.ac.uk] On Behalf Of Daniel Tran
> Sent: Monday, November 03, 2008 7:47 AM
> To: Novell LAN Interest Group
> Subject: edir 8.7.3.10b install problem
>
> Hi.
>
> I'm trying to install edir 8.7.3.10b on a netware 6 test server.
>
> I' getting this error in nwconfig:
>
> - Directory "sys:system\edirbackup.8.7.3.10 cannot be created.
> Error: error  code 135 (87 hex). (ICMD-5.0-5)
>
>
>
> Any ideas ?
>
> Thanks
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From bkone2002 at gmail.com  Fri Nov  7 20:17:45 2008
From: bkone2002 at gmail.com (D8TA)
Date: Fri, 7 Nov 2008 12:17:45 -0800 (PST)
Subject: OT: teaming and Conferencing
In-Reply-To: <68b791330810270753pa48c5do9bf0138b04e7c215@mail.gmail.com>
References: <68b791330810270753pa48c5do9bf0138b04e7c215@mail.gmail.com>
Message-ID: <20388133.post@talk.nabble.com>

When we were looking at Teaming,  Novell directed me to
http://sourceforge.net/project/showfiles.php?group_id=207459 and download
the IceCore Team VM. It was the same as their Teaming but missing the Novell
branding.

We have since purchased the product.

Peter Van Lone wrote:
> 
> Anyone know whether there is a VM appliance that can be used as a T+C
> demo?
> 
> Also .... anyone used this product as a doc man system? Does it work ok?
> 
> I've got a customer who uses Netware/GW. They are a manufacturing
> company, and they have alot of projects that have to do with product
> development. Each project has tons of documents. They would like to be
> able to access documents by project, rather than by storage location
> (currently they use a standard mapped drive to the main Netware file
> server).
> 
> If they were to use T+C, would they be able to leave the docs where
> they are, and T+C would simply index and present them? Or, would the
> doc store have to be moved into a T+C storage area?
> 
> Is the interface such that they could login, then just seach for a
> particular project code or name, and then see all the folders/docs
> associated with that particular project?
> 
> What about emails, ect ... will it pull in email from GW that is
> related to a project, or would that be a seperate step, like exporting
> email to the T+C project?
> 
> What about calendar -- will meetings that have been scheduled in GW
> for a project somehow be visible in T+C? Would we have to create
> special project users/folders or something, or would calendars be
> available as long as we setup the project in T+C and added users to
> the project team?
> 
> Thnx ... I've been looking over the available docs, but per usual it
> is either all marketing speak that says literally nothing, or just
> "click here to do this, click there to do that".
> 
> Hoping someone else has actually used it, and can give a bit of low-down!
> 
> 
> Peter
> 
> 
> 
> -- 
> 
> 
> 
> "Nothing works and nobody cares."
> Woody Allen
> 
> http://xkcd.com/167/
> 
> www.the-brights.net
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
> 
> 

-- 
View this message in context: http://www.nabble.com/OT%3A-teaming-and-Conferencing-tp20189264p20388133.html
Sent from the Novell mailing list archive at Nabble.com.

From Setienne at enesco.com  Fri Nov  7 20:27:30 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Fri, 07 Nov 2008 14:27:30 -0600
Subject: cannot set ftp search context
In-Reply-To: <167f4090811070906y6f9c40b7kffcd2682f8020e4@mail.gmail.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
	<49140CBF.8A77.004D.0@enesco.com>
	<167f4090811070906y6f9c40b7kffcd2682f8020e4@mail.gmail.com>
Message-ID: <49145051.8A77.004D.0@enesco.com>

I changed the ftpserv.cfg file to include the contexts for users who want to login in both , but if I don't specify the FQDN, I cannot login. I have unloaded nwftpd and loaded it with -c sys:etc\ftpserv.cfg.

Every time I load nwftpd.nlm, it changes the ftpserv.cfg file, the entry for DEFAULT_FTP_CONTEXT is changed back to "#DEFAULT_FTP_CONTEXT=" no matter what I set it to.
Search on Support turns up nothing.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

From Steven.Aitken at nds8.co.uk  Fri Nov  7 20:37:53 2008
From: Steven.Aitken at nds8.co.uk (Steven Aitken)
Date: Fri, 07 Nov 2008 20:37:53 +0000
Subject: cannot set ftp search context
In-Reply-To: <4914A7210200000700014ADF@mail2.nds8.com>
References: <4914A7210200000700014ADC@mail2.nds8.com>
	<4914A7210200000700014ADF@mail2.nds8.com>
Message-ID: <4914A7210200000700014ADF@mail2.nds8.com>

Think the syntax you need to use is:

SEARCH_LIST=.someou.someorg

Comma separated list for multiple ou's. If you append a :s to the item
it will do subtree too.

Steve 
-----Original Message-----
From: "Scott Etienne" 
To: Novell LAN Interest Group 

Sent: 07/11/2008 20:27:30
Subject: cannot set ftp search context

I changed the ftpserv.cfg file to include the contexts for users who
want to login in both , but if I don't specify the FQDN, I cannot login.
I have unloaded nwftpd and loaded it with -c sys:etc\ftpserv.cfg.

Every time I load nwftpd.nlm, it changes the ftpserv.cfg file, the entry
for DEFAULT_FTP_CONTEXT is changed back to "#DEFAULT_FTP_CONTEXT=" no
matter what I set it to.
Search on Support turns up nothing.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.

From Setienne at enesco.com  Fri Nov  7 20:40:47 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Fri, 07 Nov 2008 14:40:47 -0600
Subject: cannot set ftp search context
In-Reply-To: <4914A7210200000700014ADF@mail2.nds8.com>
References: <4914A7210200000700014ADC@mail2.nds8.com>
	<4914A7210200000700014ADF@mail2.nds8.com>
	<4914A7210200000700014ADF@mail2.nds8.com>
Message-ID: <4914536E.8A77.004D.0@enesco.com>

Tried that. That setting sticks and doesn't get changed back, but doesn't do anything for the login. Sill have to use FDN.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

>>> "Steven Aitken"  11/7/2008 2:37 PM >>>
Think the syntax you need to use is:

SEARCH_LIST=.someou.someorg

Comma separated list for multiple ou's. If you append a :s to the item
it will do subtree too.

Steve 
-----Original Message-----
From: "Scott Etienne" 
To: Novell LAN Interest Group 

Sent: 07/11/2008 20:27:30
Subject: cannot set ftp search context

I changed the ftpserv.cfg file to include the contexts for users who
want to login in both , but if I don't specify the FQDN, I cannot login.
I have unloaded nwftpd and loaded it with -c sys:etc\ftpserv.cfg.

Every time I load nwftpd.nlm, it changes the ftpserv.cfg file, the entry
for DEFAULT_FTP_CONTEXT is changed back to "#DEFAULT_FTP_CONTEXT=" no
matter what I set it to.
Search on Support turns up nothing.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From Steven.Aitken at nds8.co.uk  Fri Nov  7 20:58:42 2008
From: Steven.Aitken at nds8.co.uk (Steven Aitken)
Date: Fri, 07 Nov 2008 20:58:42 +0000
Subject: cannot set ftp search context
In-Reply-To: <4914AC020200000700014AE6@mail2.nds8.com>
References: <4914AC020200000700014AE3@mail2.nds8.com>
	<4914AC020200000700014AE6@mail2.nds8.com>
Message-ID: <4914AC020200000700014AE6@mail2.nds8.com>

If you look at sys:etc\ftpd.log does it complain that subtree searches
are not avaiable on the system and that the search list is empty?

Cheers

Steve 
-----Original Message-----
From: "Scott Etienne" 
To:  

Sent: 07/11/2008 20:40:47
Subject: Re: cannot set ftp search context

Tried that. That setting sticks and doesn't get changed back, but
doesn't do anything for the login. Sill have to use FDN.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

>>> "Steven Aitken"  11/7/2008 2:37 PM >>>
Think the syntax you need to use is:

SEARCH_LIST=.someou.someorg

Comma separated list for multiple ou's. If you append a :s to the item
it will do subtree too.

Steve 
-----Original Message-----
From: "Scott Etienne" 
To: Novell LAN Interest Group 

Sent: 07/11/2008 20:27:30
Subject: cannot set ftp search context

I changed the ftpserv.cfg file to include the contexts for users who
want to login in both , but if I don't specify the FQDN, I cannot login.
I have unloaded nwftpd and loaded it with -c sys:etc\ftpserv.cfg.

Every time I load nwftpd.nlm, it changes the ftpserv.cfg file, the entry
for DEFAULT_FTP_CONTEXT is changed back to "#DEFAULT_FTP_CONTEXT=" no
matter what I set it to.
Search on Support turns up nothing.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.

From Steven.Aitken at nds8.co.uk  Fri Nov  7 21:10:25 2008
From: Steven.Aitken at nds8.co.uk (Steven Aitken)
Date: Fri, 07 Nov 2008 21:10:25 +0000
Subject: cannot set ftp search context
In-Reply-To: <4914AEC10200000700014AED@mail2.nds8.com>
References: <4914AEC00200000700014AEA@mail2.nds8.com>
	<4914AEC10200000700014AED@mail2.nds8.com>
Message-ID: <4914AEC10200000700014AED@mail2.nds8.com>

Ok fixed, at least here anyway...

It appears that the ftp server has a dependency on ndsilib.nlm to
perform its searching. Even with subtree off, it chokes and ignores its
context list if this module is not loaded.

I would have expected that the ftp server, or at least the ftpstart.ncf
file would have loaded all the required dependences...... But alas no...

 On the other hand its easy to fix :)

Cheers

Steve 
-----Original Message-----
From: "Steven Aitken" 
To:  
To:  

Sent: 07/11/2008 20:58:42
Subject: Re: cannot set ftp search context

If you look at sys:etc\ftpd.log does it complain that subtree searches
are not avaiable on the system and that the search list is empty?

Cheers

Steve 
-----Original Message-----
From: "Scott Etienne" 
To:  

Sent: 07/11/2008 20:40:47
Subject: Re: cannot set ftp search context

Tried that. That setting sticks and doesn't get changed back, but
doesn't do anything for the login. Sill have to use FDN.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

>>> "Steven Aitken"  11/7/2008 2:37 PM >>>
Think the syntax you need to use is:

SEARCH_LIST=.someou.someorg

Comma separated list for multiple ou's. If you append a :s to the item
it will do subtree too.

Steve 
-----Original Message-----
From: "Scott Etienne" 
To: Novell LAN Interest Group 

Sent: 07/11/2008 20:27:30
Subject: cannot set ftp search context

I changed the ftpserv.cfg file to include the contexts for users who
want to login in both , but if I don't specify the FQDN, I cannot login.
I have unloaded nwftpd and loaded it with -c sys:etc\ftpserv.cfg.

Every time I load nwftpd.nlm, it changes the ftpserv.cfg file, the entry
for DEFAULT_FTP_CONTEXT is changed back to "#DEFAULT_FTP_CONTEXT=" no
matter what I set it to.
Search on Support turns up nothing.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.

From Setienne at enesco.com  Fri Nov  7 21:43:10 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Fri, 07 Nov 2008 15:43:10 -0600
Subject: cannot set ftp search context
In-Reply-To: <4914AEC10200000700014AED@mail2.nds8.com>
References: <4914AEC00200000700014AEA@mail2.nds8.com>
	<4914AEC10200000700014AED@mail2.nds8.com>
	<4914AEC10200000700014AED@mail2.nds8.com>
Message-ID: <4914620D.8A77.004D.0@enesco.com>

Loaded ndsilib, and reloaded nwftpd--no dice.

Error , 119 , 11-7-2008 3:40:20 pm , Sub-tree Search function(s) are not available in the system, working with context level search.
Info , 118 , 11-7-2008 3:40:20 pm , Search List is empty
Info , 118 , 11-7-2008 3:40:20 pm , Search List is empty
Info , 115 , 11-7-2008 3:40:20 pm , Configuration File sys:\etc\ftpserv.cfg is modified. Working with updated Configuration parameters.
Info , 121 , 11-7-2008 3:40:22 pm , Invalid Parameters found in Cfg File sys:\etc\ftpserv.cfg. File Saved with valid parameters.
Info , 111 , 11-7-2008 3:40:24 pm , FTP Server stopped
Error , 119 , 11-7-2008 3:40:29 pm , Sub-tree Search function(s) are not available in the system, working with context level search.
Info , 118 , 11-7-2008 3:40:29 pm , Search List is empty
Info , 118 , 11-7-2008 3:40:29 pm , Search List is empty
Info , 109 , 11-7-2008 3:40:29 pm , FTP Server started with  sys:\etc\ftpserv.cfg as the configuration file
Info , 112 , 11-7-2008 3:40:29 pm , Default context where FTP users will be searched : OU=HQ.O=ENESCO
Info , 113 , 11-7-2008 3:40:29 pm , FTPServer is bound to 0.0.0.0::21 (IP Address::Port Number)

>>> "Steven Aitken"  11/7/2008 3:10 PM >>>
Ok fixed, at least here anyway...

It appears that the ftp server has a dependency on ndsilib.nlm to
perform its searching. Even with subtree off, it chokes and ignores its
context list if this module is not loaded.

I would have expected that the ftp server, or at least the ftpstart.ncf
file would have loaded all the required dependences...... But alas no...

On the other hand its easy to fix :)

Cheers

Steve 
-----Original Message-----
From: "Steven Aitken" 
To:  
To:  

Sent: 07/11/2008 20:58:42
Subject: Re: cannot set ftp search context

If you look at sys:etc\ftpd.log does it complain that subtree searches
are not avaiable on the system and that the search list is empty?

Cheers

Steve 
-----Original Message-----
From: "Scott Etienne" 
To:  

Sent: 07/11/2008 20:40:47
Subject: Re: cannot set ftp search context

Tried that. That setting sticks and doesn't get changed back, but
doesn't do anything for the login. Sill have to use FDN.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

>>> "Steven Aitken"  11/7/2008 2:37 PM >>>
Think the syntax you need to use is:

SEARCH_LIST=.someou.someorg

Comma separated list for multiple ou's. If you append a :s to the item
it will do subtree too.

Steve 
-----Original Message-----
From: "Scott Etienne" 
To: Novell LAN Interest Group 

Sent: 07/11/2008 20:27:30
Subject: cannot set ftp search context

I changed the ftpserv.cfg file to include the contexts for users who
want to login in both , but if I don't specify the FQDN, I cannot login.
I have unloaded nwftpd and loaded it with -c sys:etc\ftpserv.cfg.

Every time I load nwftpd.nlm, it changes the ftpserv.cfg file, the entry
for DEFAULT_FTP_CONTEXT is changed back to "#DEFAULT_FTP_CONTEXT=" no
matter what I set it to.
Search on Support turns up nothing.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From Setienne at enesco.com  Fri Nov  7 21:56:14 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Fri, 07 Nov 2008 15:56:14 -0600
Subject: cannot set ftp search context
In-Reply-To: <4914620D.8A77.004D.0@enesco.com>
References: <4914AEC00200000700014AEA@mail2.nds8.com>
	<4914AEC10200000700014AED@mail2.nds8.com>
	<4914AEC10200000700014AED@mail2.nds8.com>
	<4914620D.8A77.004D.0@enesco.com>
Message-ID: <4914651D.8A77.004D.0@enesco.com>

NW6.5.7, master replica server, no ds errors.

>>> "Scott Etienne"  11/7/2008 3:43 PM >>>
Loaded ndsilib, and reloaded nwftpd--no dice.

Error , 119 , 11-7-2008 3:40:20 pm , Sub-tree Search function(s) are not available in the system, working with context level search.
Info , 118 , 11-7-2008 3:40:20 pm , Search List is empty
Info , 118 , 11-7-2008 3:40:20 pm , Search List is empty
Info , 115 , 11-7-2008 3:40:20 pm , Configuration File sys:\etc\ftpserv.cfg is modified. Working with updated Configuration parameters.
Info , 121 , 11-7-2008 3:40:22 pm , Invalid Parameters found in Cfg File sys:\etc\ftpserv.cfg. File Saved with valid parameters.
Info , 111 , 11-7-2008 3:40:24 pm , FTP Server stopped
Error , 119 , 11-7-2008 3:40:29 pm , Sub-tree Search function(s) are not available in the system, working with context level search.
Info , 118 , 11-7-2008 3:40:29 pm , Search List is empty
Info , 118 , 11-7-2008 3:40:29 pm , Search List is empty
Info , 109 , 11-7-2008 3:40:29 pm , FTP Server started with  sys:\etc\ftpserv.cfg as the configuration file
Info , 112 , 11-7-2008 3:40:29 pm , Default context where FTP users will be searched : OU=HQ.O=ENESCO
Info , 113 , 11-7-2008 3:40:29 pm , FTPServer is bound to 0.0.0.0::21 (IP Address::Port Number)

>>> "Steven Aitken"  11/7/2008 3:10 PM >>>
Ok fixed, at least here anyway...

It appears that the ftp server has a dependency on ndsilib.nlm to
perform its searching. Even with subtree off, it chokes and ignores its
context list if this module is not loaded.

I would have expected that the ftp server, or at least the ftpstart.ncf
file would have loaded all the required dependences...... But alas no...

On the other hand its easy to fix :)

Cheers

Steve 
-----Original Message-----
From: "Steven Aitken" 
To:  
To:  

Sent: 07/11/2008 20:58:42
Subject: Re: cannot set ftp search context

If you look at sys:etc\ftpd.log does it complain that subtree searches
are not avaiable on the system and that the search list is empty?

Cheers

Steve 
-----Original Message-----
From: "Scott Etienne" 
To:  

Sent: 07/11/2008 20:40:47
Subject: Re: cannot set ftp search context

Tried that. That setting sticks and doesn't get changed back, but
doesn't do anything for the login. Sill have to use FDN.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

>>> "Steven Aitken"  11/7/2008 2:37 PM >>>
Think the syntax you need to use is:

SEARCH_LIST=.someou.someorg

Comma separated list for multiple ou's. If you append a :s to the item
it will do subtree too.

Steve 
-----Original Message-----
From: "Scott Etienne" 
To: Novell LAN Interest Group 

Sent: 07/11/2008 20:27:30
Subject: cannot set ftp search context

I changed the ftpserv.cfg file to include the contexts for users who
want to login in both , but if I don't specify the FQDN, I cannot login.
I have unloaded nwftpd and loaded it with -c sys:etc\ftpserv.cfg.

Every time I load nwftpd.nlm, it changes the ftpserv.cfg file, the entry
for DEFAULT_FTP_CONTEXT is changed back to "#DEFAULT_FTP_CONTEXT=" no
matter what I set it to.
Search on Support turns up nothing.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From jetadmin at gmail.com  Sun Nov  9 03:23:34 2008
From: jetadmin at gmail.com (Eric Rothweiler)
Date: Sat, 8 Nov 2008 22:23:34 -0500
Subject: Basic-level Clustering
In-Reply-To: <49140CBF.8A77.004D.0@enesco.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
	<49140CBF.8A77.004D.0@enesco.com>
Message-ID: <1d6cdac70811081923o3906ea45vdd3e30f186ef3d31@mail.gmail.com>

I have clustered NetWare based DNS and DHCP without shared disk.

Eric

On Fri, Nov 7, 2008 at 10:39 AM, Scott Etienne  wrote:

> I gather from the Novell documentation, that shared disk is _not_ required
> to do clustering--is this right?
>
> If this is the case, then I may want to setup clustering to do simple
> failover for eDirectory-based services like DHCP.
>
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>

From petervl at gmail.com  Sun Nov  9 16:26:57 2008
From: petervl at gmail.com (Peter Van Lone)
Date: Sun, 9 Nov 2008 10:26:57 -0600
Subject: Basic-level Clustering
In-Reply-To: <1d6cdac70811081923o3906ea45vdd3e30f186ef3d31@mail.gmail.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
	<49140CBF.8A77.004D.0@enesco.com>
	<1d6cdac70811081923o3906ea45vdd3e30f186ef3d31@mail.gmail.com>
Message-ID: <68b791330811090826l4177333di77ec4a8c00c75273@mail.gmail.com>

On Sat, Nov 8, 2008 at 9:23 PM, Eric Rothweiler  wrote:
> I have clustered NetWare based DNS and DHCP without shared disk.
>

well I understand that DNS and DHCP cluster resources do not require
shared disk ... but I'm not sure how one would install Novell Cluster
Services without it? What could function as the SBD? My understanding
of NCS is that one must have an SBD in order to have a cluster.

Peter

From bbrush at gmail.com  Sun Nov  9 16:39:00 2008
From: bbrush at gmail.com (Bill Brush)
Date: Sun, 9 Nov 2008 10:39:00 -0600
Subject: Basic-level Clustering
In-Reply-To: <68b791330811090826l4177333di77ec4a8c00c75273@mail.gmail.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
	<49140CBF.8A77.004D.0@enesco.com>
	<1d6cdac70811081923o3906ea45vdd3e30f186ef3d31@mail.gmail.com>
	<68b791330811090826l4177333di77ec4a8c00c75273@mail.gmail.com>
Message-ID: <167f4090811090839o4cdf87au5e2b932144c9a3a3@mail.gmail.com>

On Sun, Nov 9, 2008 at 10:26 AM, Peter Van Lone  wrote:
> On Sat, Nov 8, 2008 at 9:23 PM, Eric Rothweiler  wrote:
>> I have clustered NetWare based DNS and DHCP without shared disk.
>>
>
> well I understand that DNS and DHCP cluster resources do not require
> shared disk ... but I'm not sure how one would install Novell Cluster
> Services without it? What could function as the SBD? My understanding
> of NCS is that one must have an SBD in order to have a cluster.
>

That is incorrect.  You are not required to have an SBD or shared
storage to have a working cluster.

I will say that the usefulness of an NCS cluster without shared
storage is pretty limited, but it does work.

Bill

From hooeld at bay.k12.fl.us  Sun Nov  9 17:57:38 2008
From: hooeld at bay.k12.fl.us (Leslie Hooe)
Date: Sun, 09 Nov 2008 11:57:38 -0600
Subject: Basic-level Clustering
In-Reply-To: <167f4090811090839o4cdf87au5e2b932144c9a3a3@mail.gmail.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
	<49140CBF.8A77.004D.0@enesco.com>
	<1d6cdac70811081923o3906ea45vdd3e30f186ef3d31@mail.gmail.com>
	<68b791330811090826l4177333di77ec4a8c00c75273@mail.gmail.com>
	<167f4090811090839o4cdf87au5e2b932144c9a3a3@mail.gmail.com>
Message-ID: <4916D032.4E75.0001.0@bay.k12.fl.us>

Can you do NDS/DHCP Clustering with just the 2 node clustering that comes with NW6.5??

Leslie Hooe
Telecommunications Manager
Bay District Schools
(850) 747-5295 

>>> On 11/9/2008 at 10:39 AM, in message <167f4090811090839o4cdf87au5e2b932144c9a3a3 at mail.gmail.com>, "Bill Brush"  wrote:
On Sun, Nov 9, 2008 at 10:26 AM, Peter Van Lone  wrote:
> On Sat, Nov 8, 2008 at 9:23 PM, Eric Rothweiler  wrote:
>> I have clustered NetWare based DNS and DHCP without shared disk.
>>
>
> well I understand that DNS and DHCP cluster resources do not require
> shared disk ... but I'm not sure how one would install Novell Cluster
> Services without it? What could function as the SBD? My understanding
> of NCS is that one must have an SBD in order to have a cluster.
>

That is incorrect.  You are not required to have an SBD or shared
storage to have a working cluster.

I will say that the usefulness of an NCS cluster without shared
storage is pretty limited, but it does work.

Bill
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public-records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.

From James.Taylor at eastcobbgroup.com  Sun Nov  9 18:43:16 2008
From: James.Taylor at eastcobbgroup.com (James Taylor)
Date: Sun, 09 Nov 2008 13:43:16 -0500
Subject: Basic-level Clustering
In-Reply-To: <4916E8E6.9252.0075.1@eastcobbgroup.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
	<49140CBF.8A77.004D.0@enesco.com>
	<1d6cdac70811081923o3906ea45vdd3e30f186ef3d31@mail.gmail.com>
	<68b791330811090826l4177333di77ec4a8c00c75273@mail.gmail.com>
	<167f4090811090839o4cdf87au5e2b932144c9a3a3@mail.gmail.com>
	<4916E8E6.9252.0075.1@eastcobbgroup.com>
Message-ID: <4916E8F50200007500035B7A@inet.eastcobbgroup.com>

You can cluster anything that you only need two nodes for.  It works fine.
-jt 

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com
http://www.eastcobbgroup.com

>>> "Leslie Hooe"  11/9/2008 12:57 PM >>> 
Can you do NDS/DHCP Clustering with just the 2 node clustering that comes with NW6.5??

Leslie Hooe
Telecommunications Manager
Bay District Schools
(850) 747-5295 

>>> On 11/9/2008 at 10:39 AM, in message <167f4090811090839o4cdf87au5e2b932144c9a3a3 at mail.gmail.com>, "Bill Brush"  wrote:
On Sun, Nov 9, 2008 at 10:26 AM, Peter Van Lone  wrote:
> On Sat, Nov 8, 2008 at 9:23 PM, Eric Rothweiler  wrote:
>> I have clustered NetWare based DNS and DHCP without shared disk.
>>
>
> well I understand that DNS and DHCP cluster resources do not require
> shared disk ... but I'm not sure how one would install Novell Cluster
> Services without it? What could function as the SBD? My understanding
> of NCS is that one must have an SBD in order to have a cluster.
>

That is incorrect.  You are not required to have an SBD or shared
storage to have a working cluster.

I will say that the usefulness of an NCS cluster without shared
storage is pretty limited, but it does work.

Bill
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public-records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From Setienne at enesco.com  Mon Nov 10 20:16:46 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Mon, 10 Nov 2008 14:16:46 -0600
Subject: OES2 DHCP
In-Reply-To: <4916E8F50200007500035B7A@inet.eastcobbgroup.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
	<49140CBF.8A77.004D.0@enesco.com>
	<1d6cdac70811081923o3906ea45vdd3e30f186ef3d31@mail.gmail.com>
	<68b791330811090826l4177333di77ec4a8c00c75273@mail.gmail.com>
	<167f4090811090839o4cdf87au5e2b932144c9a3a3@mail.gmail.com>
	<4916E8E6.9252.0075.1@eastcobbgroup.com>
	<4916E8F50200007500035B7A@inet.eastcobbgroup.com>
Message-ID: <4918424E.8A77.004D.0@enesco.com>

It seems to me that OES2 DHCP is different than traditional DHCP, and this has me worried. It seems that a new object, called DHCP Locator object gets created and that it wants you to create a "service?"

I have been using DNS-DHCP console to do things until now--if I create the service and set things up with iManager, will it mess up my ability to use the console and/or the existing NetWare DHCP server?  

My NetWare servers are running NW65SP7.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

From James.Taylor at eastcobbgroup.com  Mon Nov 10 20:29:51 2008
From: James.Taylor at eastcobbgroup.com (James Taylor)
Date: Mon, 10 Nov 2008 15:29:51 -0500
Subject: OES2 DHCP
In-Reply-To: <49185348.9252.0075.1@eastcobbgroup.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
	<49140CBF.8A77.004D.0@enesco.com>
	<1d6cdac70811081923o3906ea45vdd3e30f186ef3d31@mail.gmail.com>
	<68b791330811090826l4177333di77ec4a8c00c75273@mail.gmail.com>
	<167f4090811090839o4cdf87au5e2b932144c9a3a3@mail.gmail.com>
	<4916E8E6.9252.0075.1@eastcobbgroup.com>
	<4916E8F50200007500035B7A@inet.eastcobbgroup.com>
	<49185348.9252.0075.1@eastcobbgroup.com>
Message-ID: <4918536F020000750003C80E@inet.eastcobbgroup.com>

There's a newer version of the DNS/DHCP console that has Linux and NetWare tabs for DHCP.  I think it's out of bet, but I haven't checked lately.
-jt

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com
http://www.eastcobbgroup.com

>>> "Scott Etienne"  11/10/2008 03:16 PM >>> 
It seems to me that OES2 DHCP is different than traditional DHCP, and this has me worried. It seems that a new object, called DHCP Locator object gets created and that it wants you to create a "service?"

I have been using DNS-DHCP console to do things until now--if I create the service and set things up with iManager, will it mess up my ability to use the console and/or the existing NetWare DHCP server?  

My NetWare servers are running NW65SP7.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From Setienne at enesco.com  Mon Nov 10 22:01:13 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Mon, 10 Nov 2008 16:01:13 -0600
Subject: OES2 DHCP
In-Reply-To: <4918536F020000750003C80E@inet.eastcobbgroup.com>
References: <490F61270200004E00043D5F@com-gwweb.hamk.fi>
	<490ED63A.2FC1.0024.0@vvc.edu>
	<1d6cdac70811062027k1f445807k7ac3f5b382076cf0@mail.gmail.com>
	<49140CBF.8A77.004D.0@enesco.com>
	<1d6cdac70811081923o3906ea45vdd3e30f186ef3d31@mail.gmail.com>
	<68b791330811090826l4177333di77ec4a8c00c75273@mail.gmail.com>
	<167f4090811090839o4cdf87au5e2b932144c9a3a3@mail.gmail.com>
	<4916E8E6.9252.0075.1@eastcobbgroup.com>
	<4916E8F50200007500035B7A@inet.eastcobbgroup.com>
	<49185348.9252.0075.1@eastcobbgroup.com>
	<4918536F020000750003C80E@inet.eastcobbgroup.com>
Message-ID: <49185AC8.8A77.004D.0@enesco.com>

My goal is to create a second DHCP pool in the same subnet (TID 10014761), but serviced by a second server for redundancy without clustering. My existing DHCP server is NetWare 6.5 SP7, and I don't want to muck up it's ability to function. 

Scott

>>> "James Taylor"  11/10/2008 2:29 PM >>>
There's a newer version of the DNS/DHCP console that has Linux and NetWare tabs for DHCP.  I think it's out of bet, but I haven't checked lately.
-jt

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com 
http://www.eastcobbgroup.com 

>>> "Scott Etienne"  11/10/2008 03:16 PM >>> 
It seems to me that OES2 DHCP is different than traditional DHCP, and this has me worried. It seems that a new object, called DHCP Locator object gets created and that it wants you to create a "service?"

I have been using DNS-DHCP console to do things until now--if I create the service and set things up with iManager, will it mess up my ability to use the console and/or the existing NetWare DHCP server?  

My NetWare servers are running NW65SP7.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From automatedprocess at bellsouth.net  Tue Nov 11 04:40:47 2008
From: automatedprocess at bellsouth.net (Stephen Cummings)
Date: Mon, 10 Nov 2008 23:40:47 -0500
Subject: Practice Labs
Message-ID: <00be01c943b7$af4635a0$0301a8c0@apcdesktop>

I am writing to the group here to get a few questions answered. 

First, is there anyone out here that actually teaches the Linux SUSE 10 3064 course
Second, if you do, do you have any labs that you could share with me to allow my students to gain more hands on experience with the chapters that we are covering. the book itself, labs are not really good for a student to get practice on.

Once these questions are answered, I will definitely have many more. But this is just the door opener

Thanks,

Stephen Cummings
A+, NET +, CNA 5x, 6x,
CNE 5x, 6x, NAI, CNI,
MCNE, LINUX +

From Setienne at enesco.com  Tue Nov 11 13:40:04 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Tue, 11 Nov 2008 07:40:04 -0600
Subject: BackupExec Pulls Support For NetWare
In-Reply-To: <00be01c943b7$af4635a0$0301a8c0@apcdesktop>
References: <00be01c943b7$af4635a0$0301a8c0@apcdesktop>
Message-ID: <491936D3.8A77.004D.0@enesco.com>

Due to changing market conditions, Symantec has decided to discontinue
the Backup Exec for NetWare Servers (BENW) product line. Backup Exec for
NetWare Servers' discontinuation represents part of Symantec*s evolving
strategic direction, which involves placing even greater focus on
Windows and Linux offerings that aid customers with their data
protection and information lifecycle management. For more information
about these changes, see this document:
http://support.veritas.com/docs/312180 

For detailed information about the end-of-life support schedule for
Backup Exec for NetWare Servers, please go to this URL:
http://support.veritas.com/docs/302200 

Backup Exec for NetWare Servers does not have a direct upgrade path to
any other Symantec product. However, there are upgrade mechanisms that
will allow customers to maintain nearly the same level of support for
existing NetWare servers, as well as be a better fit for Novell's stated
upgrade path from Novell NetWare to Novell SUSE Linux and Open
Enterprise Server. All transition mechanisms require at least one
Windows Server and Backup Exec for Windows Servers.

For many of the Agents and Options offered as part of the Backup Exec
for NetWare Servers software package, there is an analogue in the Backup
Exec for Windows Servers product. Customers who have mixed NetWare/SUSE
Linux and Windows Server environments will find this transition easiest;
these customers will already have the necessary Windows Server hardware
on which to run Backup Exec for Windows Servers. Customers who have pure
NetWare/SUSE Linux environments will find this transition more
challenging, as at least one Backup Exec for Windows Server installation
(and the Windows Server operating system and hardware that requires) is
necessary for continued data protection.

From Setienne at enesco.com  Tue Nov 11 15:10:17 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Tue, 11 Nov 2008 09:10:17 -0600
Subject: BackupExec Pulls Support For NetWare
In-Reply-To: <491936D3.8A77.004D.0@enesco.com>
References: <00be01c943b7$af4635a0$0301a8c0@apcdesktop>
	<491936D3.8A77.004D.0@enesco.com>
Message-ID: <49194BF9.8A77.004D.0@enesco.com>

Symantec sales told me that support for NetWare will continue until the end of 2009.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

>>> "Scott Etienne"  11/11/2008 7:40 AM >>>

Due to changing market conditions, Symantec has decided to discontinue
the Backup Exec for NetWare Servers (BENW) product line. Backup Exec for
NetWare Servers' discontinuation represents part of Symantec*s evolving
strategic direction, which involves placing even greater focus on
Windows and Linux offerings that aid customers with their data
protection and information lifecycle management. For more information
about these changes, see this document:
http://support.veritas.com/docs/312180 

For detailed information about the end-of-life support schedule for
Backup Exec for NetWare Servers, please go to this URL:
http://support.veritas.com/docs/302200 

Backup Exec for NetWare Servers does not have a direct upgrade path to
any other Symantec product. However, there are upgrade mechanisms that
will allow customers to maintain nearly the same level of support for
existing NetWare servers, as well as be a better fit for Novell's stated
upgrade path from Novell NetWare to Novell SUSE Linux and Open
Enterprise Server. All transition mechanisms require at least one
Windows Server and Backup Exec for Windows Servers.

For many of the Agents and Options offered as part of the Backup Exec
for NetWare Servers software package, there is an analogue in the Backup
Exec for Windows Servers product. Customers who have mixed NetWare/SUSE
Linux and Windows Server environments will find this transition easiest;
these customers will already have the necessary Windows Server hardware
on which to run Backup Exec for Windows Servers. Customers who have pure
NetWare/SUSE Linux environments will find this transition more
challenging, as at least one Backup Exec for Windows Server installation
(and the Windows Server operating system and hardware that requires) is
necessary for continued data protection.

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From alandpearson at yahoo.com  Tue Nov 11 15:40:34 2008
From: alandpearson at yahoo.com (Alan Pearson)
Date: Tue, 11 Nov 2008 15:40:34 -0000 (GMT)
Subject: BackupExec Pulls Support For NetWare
In-Reply-To: <491936D3.8A77.004D.0@enesco.com>
References: <00be01c943b7$af4635a0$0301a8c0@apcdesktop>
	<491936D3.8A77.004D.0@enesco.com>
Message-ID: <64689.88.211.54.85.1226418034.squirrel@83.67.10.8>

I think we are missing the key killer in this message.
They _require_ you to have a windows server.

Why ? Is there something wrong with porting the thing to OES properly.
I don't have windows servers, nor want them. (Then again I can say the
same for backup exec)

-- 
AlanP

On Tue, November 11, 2008 1:40 pm, Scott Etienne wrote:
>
> Due to changing market conditions, Symantec has decided to discontinue
> the Backup Exec for NetWare Servers (BENW) product line. Backup Exec for
> NetWare Servers' discontinuation represents part of Symantec*s evolving
> strategic direction, which involves placing even greater focus on
> Windows and Linux offerings that aid customers with their data
> protection and information lifecycle management. For more information
> about these changes, see this document:
> http://support.veritas.com/docs/312180
>
> For detailed information about the end-of-life support schedule for
> Backup Exec for NetWare Servers, please go to this URL:
> http://support.veritas.com/docs/302200
>
> Backup Exec for NetWare Servers does not have a direct upgrade path to
> any other Symantec product. However, there are upgrade mechanisms that
> will allow customers to maintain nearly the same level of support for
> existing NetWare servers, as well as be a better fit for Novell's stated
> upgrade path from Novell NetWare to Novell SUSE Linux and Open
> Enterprise Server. All transition mechanisms require at least one
> Windows Server and Backup Exec for Windows Servers.
>
> For many of the Agents and Options offered as part of the Backup Exec
> for NetWare Servers software package, there is an analogue in the Backup
> Exec for Windows Servers product. Customers who have mixed NetWare/SUSE
> Linux and Windows Server environments will find this transition easiest;
> these customers will already have the necessary Windows Server hardware
> on which to run Backup Exec for Windows Servers. Customers who have pure
> NetWare/SUSE Linux environments will find this transition more
> challenging, as at least one Backup Exec for Windows Server installation
> (and the Windows Server operating system and hardware that requires) is
> necessary for continued data protection.
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>

From James.Taylor at eastcobbgroup.com  Tue Nov 11 15:48:49 2008
From: James.Taylor at eastcobbgroup.com (James Taylor)
Date: Tue, 11 Nov 2008 10:48:49 -0500
Subject: BackupExec Pulls Support For NetWare
In-Reply-To: <491962B9.9252.0075.1@eastcobbgroup.com>
References: <00be01c943b7$af4635a0$0301a8c0@apcdesktop>
	<491936D3.8A77.004D.0@enesco.com>
	<491962B9.9252.0075.1@eastcobbgroup.com>
Message-ID: <49196311020000750003C8E4@inet.eastcobbgroup.com>

Now would be a really good time for NetWare BE users to look at SEP software.  It does not require a windows server and will back up NetWare and GroupWise properly.

http://sepsoftware.com/

-jt

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com
http://www.eastcobbgroup.com

>>> "Alan Pearson"  11/11/2008 10:40 AM >>> 
I think we are missing the key killer in this message.
They _require_ you to have a windows server.

Why ? Is there something wrong with porting the thing to OES properly.
I don't have windows servers, nor want them. (Then again I can say the
same for backup exec)

-- 
AlanP

On Tue, November 11, 2008 1:40 pm, Scott Etienne wrote:
>
> Due to changing market conditions, Symantec has decided to discontinue
> the Backup Exec for NetWare Servers (BENW) product line. Backup Exec for
> NetWare Servers' discontinuation represents part of Symantec*s evolving
> strategic direction, which involves placing even greater focus on
> Windows and Linux offerings that aid customers with their data
> protection and information lifecycle management. For more information
> about these changes, see this document:
> http://support.veritas.com/docs/312180
>
> For detailed information about the end-of-life support schedule for
> Backup Exec for NetWare Servers, please go to this URL:
> http://support.veritas.com/docs/302200
>
> Backup Exec for NetWare Servers does not have a direct upgrade path to
> any other Symantec product. However, there are upgrade mechanisms that
> will allow customers to maintain nearly the same level of support for
> existing NetWare servers, as well as be a better fit for Novell's stated
> upgrade path from Novell NetWare to Novell SUSE Linux and Open
> Enterprise Server. All transition mechanisms require at least one
> Windows Server and Backup Exec for Windows Servers.
>
> For many of the Agents and Options offered as part of the Backup Exec
> for NetWare Servers software package, there is an analogue in the Backup
> Exec for Windows Servers product. Customers who have mixed NetWare/SUSE
> Linux and Windows Server environments will find this transition easiest;
> these customers will already have the necessary Windows Server hardware
> on which to run Backup Exec for Windows Servers. Customers who have pure
> NetWare/SUSE Linux environments will find this transition more
> challenging, as at least one Backup Exec for Windows Server installation
> (and the Windows Server operating system and hardware that requires) is
> necessary for continued data protection.
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From s_david_rose at hotmail.com  Tue Nov 11 16:17:04 2008
From: s_david_rose at hotmail.com (Dave Rose)
Date: Tue, 11 Nov 2008 16:17:04 +0000 (UTC)
Subject: Scriptable remote console commands?
Message-ID: 

Hello All
  I have a mix of Netware 6.0 / 6.5 servers -- about 100 of them.  I would like
to script some commands together, and have those commands be issued on the
console of the remote servers, almost like ssh would allow to do.  However, I
don't have SSH since there are many Netware 6.0 servers out there.

  Is there any way to issue a command which is scriptable from Windows to a
Server?  My preferred scripting language is Python (2.5)

thanks!
Dave Rose

From joea at j4computers.com  Tue Nov 11 17:55:19 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Tue, 11 Nov 2008 12:55:19 -0500
Subject: BackupExec Pulls Support For NetWare
In-Reply-To: <49196311020000750003C8E4@inet.eastcobbgroup.com>
References: <00be01c943b7$af4635a0$0301a8c0@apcdesktop>
	<491936D3.8A77.004D.0@enesco.com>
	<491962B9.9252.0075.1@eastcobbgroup.com>
	<49196311020000750003C8E4@inet.eastcobbgroup.com>
Message-ID: <491972A5.917D.0085.0@j4computers.com>

Seems like all things to all people.  Except it does not appear to "run" on NetWare, tho it does seem to backup NetWare.   Or is it just well hidden?

joe a.

>>> On 11/11/2008 at 10:48 AM, "James Taylor" 
wrote:
> Now would be a really good time for NetWare BE users to look at SEP software. 
>  It does not require a windows server and will back up NetWare and GroupWise 
> properly.
> 
> http://sepsoftware.com/ 
> 
> -jt
>  
> 
> James Taylor
> The East Cobb Group, Inc.
> 678-697-9420
> james.taylor at eastcobbgroup.com 
> http://www.eastcobbgroup.com 
> 
> 
> 
> 
> 
> 
> 
>>>> "Alan Pearson"  11/11/2008 10:40 AM >>> 
> I think we are missing the key killer in this message.
> They _require_ you to have a windows server.
> 
> Why ? Is there something wrong with porting the thing to OES properly.
> I don't have windows servers, nor want them. (Then again I can say the
> same for backup exec)
> 
> 

From pjc9001 at nyp.org  Tue Nov 11 18:24:48 2008
From: pjc9001 at nyp.org (Peter J. Cox)
Date: Tue, 11 Nov 2008 13:24:48 -0500
Subject: Scriptable remote console commands?
In-Reply-To: 
References: 
Message-ID: <4919CDF0.1080901@nyp.org>

Dave,
    I don't know about a windows solution but we've used Toolbox.nlm 
(and CRON) to script some remotely executed jobs. There's a command that 
executes the command on the remote server (and it requires 
authentication, but only once to the NDS tree) called tremote (I 
beleive, I confess I hit the age where I usually have the "kids" do a 
lot of the day to day stuff now on the Tree).

If there are any questions or problems
please contact me.
_______________________
Peter J. Cox
Network Manager, IT
NY Methodist Hospital
718-780-3250 Office
718-780-5993 HelpDesk

Dave Rose wrote:
> Hello All
>   I have a mix of Netware 6.0 / 6.5 servers -- about 100 of them.  I would like
> to script some commands together, and have those commands be issued on the
> console of the remote servers, almost like ssh would allow to do.  However, I
> don't have SSH since there are many Netware 6.0 servers out there.
>
>   Is there any way to issue a command which is scriptable from Windows to a
> Server?  My preferred scripting language is Python (2.5)
>
> thanks!
> Dave Rose
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>
>   

--------------------

This electronic message is intended to be for the use only of the named recipient, and may contain information that is confidential or privileged.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited.  If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message.  Thank you.

From James.Taylor at eastcobbgroup.com  Tue Nov 11 18:31:11 2008
From: James.Taylor at eastcobbgroup.com (James Taylor)
Date: Tue, 11 Nov 2008 13:31:11 -0500
Subject: BackupExec Pulls Support For NetWare
Message-ID: <4919891F02000075000082CE@inet.eastcobbgroup.com>

You are right. The master program does not run on NetWare.  it does run on Linux/OES, so it precludes the need for a Windows server, and fits into the roadmap quite well.
It also backs up eDir and GroupWise properly.
-jt

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com
http://www.eastcobbgroup.com

>>> "joea at j4computers.com"  11/11/08 12:00 PM >>>
Seems like all things to all people.  Except it does not appear to "run" on NetWare, tho it does seem to backup NetWare.   Or is it just well hidden?

joe a.

>>> On 11/11/2008 at 10:48 AM, "James Taylor" 
wrote:
> Now would be a really good time for NetWare BE users to look at SEP software. 
>  It does not require a windows server and will back up NetWare and GroupWise 
> properly.
> 
> http://sepsoftware.com/ 
> 
> -jt
>  
> 
> James Taylor
> The East Cobb Group, Inc.
> 678-697-9420
> james.taylor at eastcobbgroup.com 
> http://www.eastcobbgroup.com 
> 
> 
> 
> 
> 
> 
> 
>>>> "Alan Pearson"  11/11/2008 10:40 AM >>> 
> I think we are missing the key killer in this message.
> They _require_ you to have a windows server.
> 
> Why ? Is there something wrong with porting the thing to OES properly.
> I don't have windows servers, nor want them. (Then again I can say the
> same for backup exec)
> 
> 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From scummings at louisvilletech.edu  Wed Nov 12 01:01:29 2008
From: scummings at louisvilletech.edu (Cummings, Steve)
Date: Tue, 11 Nov 2008 20:01:29 -0500
Subject: Client / SUSE Desktop
Message-ID: 

Does anyone have documentation or the know how to set up the DHCP Server and a DHCP Client in Linux. The client can be another server or a SUSE Desktop.

Help

Thanks,

Stephen Cummings

From MGlenn at cco.state.oh.us  Wed Nov 12 03:37:49 2008
From: MGlenn at cco.state.oh.us (Michael Glenn)
Date: Tue, 11 Nov 2008 22:37:49 -0500
Subject: Client / SUSE Desktop
Message-ID: 

http://www.novell.com/documentation/sles10/sles_admin/data/cha_dhcp.html 

>>> scummings at louisvilletech.edu 11/11/2008 20:01:29 >>>
Does anyone have documentation or the know how to set up the DHCP Server and a DHCP Client in Linux. The client can be another server or a SUSE Desktop.

Help

Thanks,

Stephen Cummings

From TJohnson at lancaster.wnyric.org  Wed Nov 12 18:16:09 2008
From: TJohnson at lancaster.wnyric.org (TJohnson at lancaster.wnyric.org)
Date: Wed, 12 Nov 2008 13:16:09 -0500
Subject: Scriptable remote console commands?
In-Reply-To: <4919CDF0.1080901@nyp.org>
References: 
	<4919CDF0.1080901@nyp.org>
Message-ID: 

If you want to run a Python script I guess the question would be is there 
a Python port to Netware, I don't think there is but you could try running 
JPython, http://www.jython.org/Project/ on Netware and then just build an 
NCF file to run your script through the interpreter.  A cron job could be 
setup to run the ncf or a command line statement to run the JPython 
interpreter with your script.

As for getting the script to the server(s) I guess that would depend on 
your environment, you could schedule a job on a Windows box to copy the 
files to a mapped drive or to a UNC path to your SYS vols and that could 
probably be automated by feeding in server names from a file and using a 
copy blah \\nwserver_name\SYScommand.

I know, pretty generic, HTH.

T2

"Peter J. Cox"  
Sent by: novell-bounces at netlab1.oucs.ox.ac.uk
11/11/2008 01:25 PM
Please respond to
Novell LAN Interest Group 

To
Novell LAN Interest Group 
cc

Subject
Re: Scriptable remote console commands?

Dave,
    I don't know about a windows solution but we've used Toolbox.nlm 
(and CRON) to script some remotely executed jobs. There's a command that 
executes the command on the remote server (and it requires 
authentication, but only once to the NDS tree) called tremote (I 
beleive, I confess I hit the age where I usually have the "kids" do a 
lot of the day to day stuff now on the Tree).

If there are any questions or problems
please contact me.
_______________________
Peter J. Cox
Network Manager, IT
NY Methodist Hospital
718-780-3250 Office
718-780-5993 HelpDesk

Dave Rose wrote:
> Hello All
>   I have a mix of Netware 6.0 / 6.5 servers -- about 100 of them.  I 
would like
> to script some commands together, and have those commands be issued on 
the
> console of the remote servers, almost like ssh would allow to do. 
However, I
> don't have SSH since there are many Netware 6.0 servers out there.
>
>   Is there any way to issue a command which is scriptable from Windows 
to a
> Server?  My preferred scripting language is Python (2.5)
>
> thanks!
> Dave Rose
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>
> 

--------------------

This electronic message is intended to be for the use only of the named 
recipient, and may contain information that is confidential or privileged. 
 If you are not the intended recipient, you are hereby notified that any 
disclosure, copying, distribution or use of the contents of this message 
is strictly prohibited.  If you have received this message in error or are 
not the named recipient, please notify us immediately by contacting the 
sender at the electronic mail address noted above, and delete and destroy 
all copies of this message.  Thank you.

-- 
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------

NOTE: This message was trained as non-spam.  If this is wrong,
please correct the training as soon as possible.

Teach CanIt if this mail (ID 157720349) is spam:
Spam:        
http://milton1.wnyric.org/canit/b.php?i=157720349&m=64e86fc78a83&c=s
Not spam:    
http://milton1.wnyric.org/canit/b.php?i=157720349&m=64e86fc78a83&c=n
Forget vote: 
http://milton1.wnyric.org/canit/b.php?i=157720349&m=64e86fc78a83&c=f
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

Confidentiality Notice: This electronic mail transmission is intended for 
the personal and confidential use of the designated recipient(s) named 
above. This message may contain confidential student or personnel data or 
an attorney-client communication and as such is privileged and 
confidential. If you are not the intended recipient, you are hereby 
notified that you have received this message and any attached documents in 
error, that any review, dissemination/disclosure, copying, distribution, 
or taking of any action in reliance on the contents of this information is 
strictly prohibited. If you have received this transmission in error, 
please notify the sender immediately by e-mail and delete the original 
message and documents. Thank you for your cooperation.

From andysp at usm.maine.edu  Thu Nov 13 14:27:29 2008
From: andysp at usm.maine.edu (Andy Smith-Petersen)
Date: Thu, 13 Nov 2008 09:27:29 -0500
Subject: Scriptable remote console commands?
In-Reply-To: 
References: 
Message-ID: <491BF301020000B900023C52@uct5.uct.usm.maine.edu>

Take a look at the JRB utility serv_cmd (http://www.jrbsoftware.com/). It can issue the same command on multiple servers at one time. For example, the following unloads and reloads rconag6 on four servers:

C:\>serv_cmd UNLOAD rconag6 /a=server1,server2,server3,server4
C:\>serv_cmd NCF ldrconag.ncf /a=server1,server2,server3,server4

I'm sure you could wrap it in the scripting language of your choice.

Hope that helps,
Andy

-- 
Andy Smith-Petersen
System Administrator
IT Network Services
University of Southern Maine

>>> On 11/11/2008 at 11:17 AM, Dave Rose  wrote:
> Hello All
>   I have a mix of Netware 6.0 / 6.5 servers -- about 100 of them.  I would 
> like
> to script some commands together, and have those commands be issued on the
> console of the remote servers, almost like ssh would allow to do.  However, 
> I
> don't have SSH since there are many Netware 6.0 servers out there.
> 
>   Is there any way to issue a command which is scriptable from Windows to a
> Server?  My preferred scripting language is Python (2.5)
> 
> thanks!
> Dave Rose
> 
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell

From MollardM at mbc.qld.edu.au  Fri Nov 14 04:04:56 2008
From: MollardM at mbc.qld.edu.au (Michael Mollard)
Date: Fri, 14 Nov 2008 14:04:56 +1000
Subject: Access Manager question?
Message-ID: <491D8587.E927.0018.0@mbc.qld.edu.au>

Hi all,
I'm just starting out with AM3SP4 (all Linux setup).
If I want to assign multiple IPs, to handle reverse proxies etc, do I need to add them via yast or manually to the AG?  If so, how do they them become available in the LAG configuration to be selected?

Otherwise, where in the NAM Admin console can I add IP addresses?
I can't seem to find anything in docs/support/etc ...

Thanks.

Michael Mollard
Network Administrator
Moreton Bay College
mollardm at mbc.qld.edu.au
http://www.mbc.qld.edu.au
Ph: (Direct) 07 3907 5712 / (Mob) 0417 631 801 
Fax: 07 3390 8919 ( http://www.mbc.qld.edu.au )

--------------------------------------------------------------------------------
Disclaimer: Whilst every attempt has been made to ensure that material contained in this email is free from computer viruses or other defects, the attached files are provided, and may only be used, on the basis that the user assumes all responsibility for use of the material transmitted. This email is intended only for the use of the individual or entity names above and may contain information that is confidential and privileged. If you are not the intended recipient, please note that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone 07 3390 8555 and destroy the original message. The contents of this message are provided without responsibility in law for their accuracy or otherwise, and without assumption of a duty of care by the School.
--------------------------------------------------------------------------------

From Thys at nwpg.gov.za  Fri Nov 14 04:19:26 2008
From: Thys at nwpg.gov.za (Thys de Beer)
Date: Fri, 14 Nov 2008 06:19:26 +0200
Subject: Access Manager question?
In-Reply-To: <491D8587.E927.0018.0@mbc.qld.edu.au>
References: <491D8587.E927.0018.0@mbc.qld.edu.au>
Message-ID: <491D186E.7D39.0014.3@nwpg.gov.za>

hi,

it's all in the access manager, ones defined in the gateway etho setup in accemanager, when creating new reverse proxy it can be selected...all are displayed..

Kind Regards,

Thys de Beer

>>> On 11/14/2008 at 6:04 AM, in message <491D8587.E927.0018.0 at mbc.qld.edu.au>, "Michael Mollard"  wrote:
Hi all,
I'm just starting out with AM3SP4 (all Linux setup).
If I want to assign multiple IPs, to handle reverse proxies etc, do I need to add them via yast or manually to the AG?  If so, how do they them become available in the LAG configuration to be selected?

Otherwise, where in the NAM Admin console can I add IP addresses?
I can't seem to find anything in docs/support/etc ...

Thanks.

Michael Mollard
Network Administrator
Moreton Bay College
mollardm at mbc.qld.edu.au 
http://www.mbc.qld.edu.au 
Ph: (Direct) 07 3907 5712 / (Mob) 0417 631 801 
Fax: 07 3390 8919 ( http://www.mbc.qld.edu.au )

--------------------------------------------------------------------------------
Disclaimer: Whilst every attempt has been made to ensure that material contained in this email is free from computer viruses or other defects, the attached files are provided, and may only be used, on the basis that the user assumes all responsibility for use of the material transmitted. This email is intended only for the use of the individual or entity names above and may contain information that is confidential and privileged. If you are not the intended recipient, please note that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone 07 3390 8555 and destroy the original message. The contents of this message are provided without responsibility in law for their accuracy or otherwise, and without assumption of a duty of care by the School.
--------------------------------------------------------------------------------
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

"This e-mail and any files transmitted with it may contain information which is confidential, private or privilege in nature and it is for the sole use of the recipient to whom it is addressed.  If you are not the intended recipient, you must immediately notify the sender via Electronic-Mail and further refrain from reading, distributing, copying or using this message or any of its transmitted files.  Any views of this message and its transmitted files are those of the sender unless the sender specifically states such views to be those of the North-West Provincial Government.  Though this message and its transmitted files have been swept for the presence of computer viruses, the North-West Provincial Government accepts no liability whatsoever for any loss, damage or expenses resulting directly or indirectly from the use or access of this message or any of its transmitted files".

From jon.bronken at ndsu.edu  Fri Nov 14 17:01:10 2008
From: jon.bronken at ndsu.edu (Jon Bronken)
Date: Fri, 14 Nov 2008 11:01:10 -0600
Subject: DSrepair and IDM
Message-ID: <491DAED6.6060609@ndsu.edu>

Greetings all,

I hope everyone is having a great Friday so far.

After a problem with one of our NetWare 6.5 w/sp7 servers we had to call
Novell support.  They asked if we were dumping the local db with
dsrepair on a weekly or monthly schedule...we were not.

Now we have a scheduled task (dsrepair -rc sys:dbback) to run on all
NetWare boxes except for 1 that is running IDM.

My question:  Is is safe to run dsrepair -rc on a server that is
processing accounts with IDM?  Since dsrepair locks the db I am afraid
of what will happen with IDM/eDir(8.7.3.x).

Thank you,

Jon

From TJohnson at lancaster.wnyric.org  Fri Nov 14 17:46:09 2008
From: TJohnson at lancaster.wnyric.org (TJohnson at lancaster.wnyric.org)
Date: Fri, 14 Nov 2008 12:46:09 -0500
Subject: DSrepair and IDM
In-Reply-To: <491DAED6.6060609@ndsu.edu>
References: <491DAED6.6060609@ndsu.edu>
Message-ID: 

I would think that eMBox would work well to get a point in time backup 
without affecting eDirectory interaction.

HTH

T2

Jon Bronken  
Sent by: novell-bounces at netlab1.oucs.ox.ac.uk
11/14/2008 12:01 PM
Please respond to
Novell LAN Interest Group 

To
Novell LAN Interest Group 
cc

Subject
DSrepair and IDM

Greetings all,

I hope everyone is having a great Friday so far.

After a problem with one of our NetWare 6.5 w/sp7 servers we had to call
Novell support.  They asked if we were dumping the local db with
dsrepair on a weekly or monthly schedule...we were not.

Now we have a scheduled task (dsrepair -rc sys:dbback) to run on all
NetWare boxes except for 1 that is running IDM.

My question:  Is is safe to run dsrepair -rc on a server that is
processing accounts with IDM?  Since dsrepair locks the db I am afraid
of what will happen with IDM/eDir(8.7.3.x).

Thank you,

Jon

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

-- 
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------

NOTE: This message was trained as non-spam.  If this is wrong,
please correct the training as soon as possible.

Teach CanIt if this mail (ID 158386854) is spam:
Spam:        
http://milton1.wnyric.org/canit/b.php?i=158386854&m=93564520b9f5&c=s
Not spam:    
http://milton1.wnyric.org/canit/b.php?i=158386854&m=93564520b9f5&c=n
Forget vote: 
http://milton1.wnyric.org/canit/b.php?i=158386854&m=93564520b9f5&c=f
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS

Confidentiality Notice: This electronic mail transmission is intended for 
the personal and confidential use of the designated recipient(s) named 
above. This message may contain confidential student or personnel data or 
an attorney-client communication and as such is privileged and 
confidential. If you are not the intended recipient, you are hereby 
notified that you have received this message and any attached documents in 
error, that any review, dissemination/disclosure, copying, distribution, 
or taking of any action in reliance on the contents of this information is 
strictly prohibited. If you have received this transmission in error, 
please notify the sender immediately by e-mail and delete the original 
message and documents. Thank you for your cooperation.

From bbrush at gmail.com  Fri Nov 14 18:02:12 2008
From: bbrush at gmail.com (Bill Brush)
Date: Fri, 14 Nov 2008 12:02:12 -0600
Subject: DSrepair and IDM
In-Reply-To: <491DAED6.6060609@ndsu.edu>
References: <491DAED6.6060609@ndsu.edu>
Message-ID: <167f4090811141002r321ce95aldcc450c0f1f5eef2@mail.gmail.com>

Obviously I have no idea on the size of your tree, but we have a db
dump scheduled daily at 5 and it takes less than 5 seconds to do, even
on the IDM server.  If you're worried about IDM, maybe it could be
scheduled in the wee hours of the morning.  FWIW I've never seen an
issue with anything tied back to doing the db dump.

Bill

On Fri, Nov 14, 2008 at 11:01 AM, Jon Bronken  wrote:
> Greetings all,
>
> Now we have a scheduled task (dsrepair -rc sys:dbback) to run on all
> NetWare boxes except for 1 that is running IDM.
>
> My question:  Is is safe to run dsrepair -rc on a server that is
> processing accounts with IDM?  Since dsrepair locks the db I am afraid
> of what will happen with IDM/eDir(8.7.3.x).
>

From brando.fouts at gmail.com  Sun Nov 16 19:47:48 2008
From: brando.fouts at gmail.com (Brandon Fouts)
Date: Sun, 16 Nov 2008 11:47:48 -0800
Subject: cannot set ftp search context
Message-ID: <609b18560811161147n3afb6f8fv1217ec62a04df148@mail.gmail.com>

Scott - WARNING - I don't really understand your problem, exactly.

When I have used nwftp - all rights to directories files (servers) was
controlled by eDir.
So if I trusted users on the LAN to have access to files, then if they used
ftp, they got all the same rights.

When I needed special rights, for say a group (or a network connected
scanner) I would setup a user just for that purpose, and give the login ID
and password to that group of users. Of course network attached scanners I
setup so that the users only knew that when they scanned documents/pictures
these images would show up in the "scanner directory" on temp storage that
everyone had access to.

Hope this might help, but then I really didn't understand what you were
trying to do, so please excuse if all this has been a waste of time.
-- 
=-=-=-=-=-=-=-=-=
www.psnug.org
Puget Sound Network Users Group

Building Technical Skills Through Teamwork And Education.
Helping members realize Open Standards and investigate Open Source.
_____________________
PSNUG dues/food $35 per year -21st anniversary coffee mug
that you can pickup at any meeting - no we don't ship.
pay at monthly meeting or send checks payable to: PSNUG

PSNUG
c/o Brandon Fouts
9549a Olympus Beach Rd NE
Bainbridge Island, WA  98110-3446
==-==-==-==-==-==-==-==-==-==-==

From Setienne at enesco.com  Mon Nov 17 21:06:26 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Mon, 17 Nov 2008 15:06:26 -0600
Subject: cannot set ftp search context
In-Reply-To: <609b18560811161147n3afb6f8fv1217ec62a04df148@mail.gmail.com>
References: <609b18560811161147n3afb6f8fv1217ec62a04df148@mail.gmail.com>
Message-ID: <49218871.8A77.004D.0@enesco.com>

I found that my problem was due to syntactical errors in the search contexts. All contexts must begin with a period, i.e. ".users.org" etc. I found all my contexts were just ou.o, rather than .ou.o., etc.

All is working now.

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
voice: 630.875.5611
mobile: 847-269-3143
fax: 630-875-5335
setienne at enesco.com 

>>> "Brandon Fouts"  11/16/2008 1:47 PM >>>
Scott - WARNING - I don't really understand your problem, exactly.

When I have used nwftp - all rights to directories files (servers) was
controlled by eDir.
So if I trusted users on the LAN to have access to files, then if they used
ftp, they got all the same rights.

When I needed special rights, for say a group (or a network connected
scanner) I would setup a user just for that purpose, and give the login ID
and password to that group of users. Of course network attached scanners I
setup so that the users only knew that when they scanned documents/pictures
these images would show up in the "scanner directory" on temp storage that
everyone had access to.

Hope this might help, but then I really didn't understand what you were
trying to do, so please excuse if all this has been a waste of time.
-- 
=-=-=-=-=-=-=-=-=
www.psnug.org 
Puget Sound Network Users Group

Building Technical Skills Through Teamwork And Education.
Helping members realize Open Standards and investigate Open Source.
_____________________
PSNUG dues/food $35 per year -21st anniversary coffee mug
that you can pickup at any meeting - no we don't ship.
pay at monthly meeting or send checks payable to: PSNUG

PSNUG
c/o Brandon Fouts
9549a Olympus Beach Rd NE
Bainbridge Island, WA  98110-3446
==-==-==-==-==-==-==-==-==-==-==
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From MollardM at mbc.qld.edu.au  Tue Nov 18 23:55:22 2008
From: MollardM at mbc.qld.edu.au (Michael Mollard)
Date: Wed, 19 Nov 2008 09:55:22 +1000
Subject: OT: Mobile Broadband in UK?
Message-ID: <4923E28B.E927.0018.0@mbc.qld.edu.au>

Hi all,
Sorry for the OT posting, but I don't have many contacts in the UK.
My boss is travelling to UK/France over Christmas, and has asked me to organize mobile broadband (USB Modem) for her laptop while she is there.  It seems that the costs to get something in Australia, and enable global roaming is ridiculous.  She isn't a heavy internet user, 3-5GB/month would be heaps for her.
Does anyone from the UK, or who travels a bit, have any suggestions for a 'prepaid' setup (no contract - only required for about a month or two).  Any input would be helpful, eg carriers and coverage in UK/France, approx costs, any gotchas to look out for.  If the modem is an outright purchase, and we can use it in Australia later, that would be a bonus.

I really appreciate the assistance.

Kind regards,

Michael Mollard
Network Administrator
Moreton Bay College
mollardm at mbc.qld.edu.au
http://www.mbc.qld.edu.au
Ph: (Direct) 07 3907 5712 / (Mob) 0417 631 801 
Fax: 07 3390 8919 ( http://www.mbc.qld.edu.au )

--------------------------------------------------------------------------------
Disclaimer: Whilst every attempt has been made to ensure that material contained in this email is free from computer viruses or other defects, the attached files are provided, and may only be used, on the basis that the user assumes all responsibility for use of the material transmitted. This email is intended only for the use of the individual or entity names above and may contain information that is confidential and privileged. If you are not the intended recipient, please note that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone 07 3390 8555 and destroy the original message. The contents of this message are provided without responsibility in law for their accuracy or otherwise, and without assumption of a duty of care by the School.
--------------------------------------------------------------------------------

From rfreeland at bcns.co.uk  Wed Nov 19 08:02:04 2008
From: rfreeland at bcns.co.uk (Rodney Freeland)
Date: Wed, 19 Nov 2008 08:02:04 +0000
Subject: OT: Mobile Broadband in UK?
In-Reply-To: <4923E28B.E927.0018.0@mbc.qld.edu.au>
References: <4923E28B.E927.0018.0@mbc.qld.edu.au>
Message-ID: <4923C7FC020000B500260512@atlas.bcns.co.uk>

Hi Michael

T-Mobile do a pay per day/week/month option, see http://www.t-mobile.co.uk/shop/business/mobile-broadband/pay-per-day-options/

Kind regards

Rodney

>>> 

From: "Michael Mollard" 
To:"Novell LAN Interest Group" 
Date: 18/11/2008 23:57
Subject: OT: Mobile Broadband in UK?
Hi all,
Sorry for the OT posting, but I don't have many contacts in the UK.
My boss is travelling to UK/France over Christmas, and has asked me to organize mobile broadband (USB Modem) for her laptop while she is there.  It seems that the costs to get something in Australia, and enable global roaming is ridiculous.  She isn't a heavy internet user, 3-5GB/month would be heaps for her.
Does anyone from the UK, or who travels a bit, have any suggestions for a 'prepaid' setup (no contract - only required for about a month or two).  Any input would be helpful, eg carriers and coverage in UK/France, approx costs, any gotchas to look out for.  If the modem is an outright purchase, and we can use it in Australia later, that would be a bonus.

I really appreciate the assistance.

Kind regards,

Michael Mollard
Network Administrator
Moreton Bay College
mollardm at mbc.qld.edu.au
http://www.mbc.qld.edu.au
Ph: (Direct) 07 3907 5712 / (Mob) 0417 631 801 
Fax: 07 3390 8919 ( http://www.mbc.qld.edu.au )

--------------------------------------------------------------------------------
Disclaimer: Whilst every attempt has been made to ensure that material contained in this email is free from computer viruses or other defects, the attached files are provided, and may only be used, on the basis that the user assumes all responsibility for use of the material transmitted. This email is intended only for the use of the individual or entity names above and may contain information that is confidential and privileged. If you are not the intended recipient, please note that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone 07 3390 8555 and destroy the original message. The contents of this message are provided without responsibility in law for their accuracy or otherwise, and without assumption of a duty of care by the School.
--------------------------------------------------------------------------------
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

--
This e-mail transmission is strictly confidential and intended solely for the ordinary user of the e-mail address to which it was addressed. It may contain legally privileged and/or confidential information.  The unauthorised use, disclosure, distribution and/or copying of this e-mail or any information it contains is prohibited.  If you have received this e-mail in error or are not an intended recipient please inform Business Computing and Network Services immediately by return e-mail or telephone 0870 0770011.
Registered in England and Wales, number 3754929. Registered office 118 City Business Park, Somerset Place, Plymouth PL3 4BB.

From mrsmith at oconee.k12.ga.us  Wed Nov 19 15:53:53 2008
From: mrsmith at oconee.k12.ga.us (Matt Smith)
Date: Wed, 19 Nov 2008 10:53:53 -0500
Subject: weird iprint issue
Message-ID: <4923F024.E4C1.0068.0@oconee.k12.ga.us>

I'm having a weird iPrint issue on OES Linux v2.  Seems like I have a
lot of these since we converted to secure iPrint.  I have at least one
site where they are unable to install any Lexmark printers from the
http:///ipp page.  Other brand printers install and print
just fine.

The user gets a 1344 error when they try to install the printer. 
Novell has one TID that's fairly recent that describes this error and
three potential solutions.  I've gone through the three steps twice now,
and still have the problem.  The TID is at:  http://tinyurl.com/5acc6u 

Anybody have any suggestions?

-Matt

-- 

Matt Smith                Network Technology Specialist
Oconee County School System, Oconee County, Georgia
Office of Instruction and Technology       706-769-5685

From PHasenjager at kcumb.edu  Wed Nov 19 16:27:12 2008
From: PHasenjager at kcumb.edu (Patrick Hasenjager)
Date: Wed, 19 Nov 2008 10:27:12 -0600
Subject: weird iprint issue
In-Reply-To: <4923F024.E4C1.0068.0@oconee.k12.ga.us>
References: <4923F024.E4C1.0068.0@oconee.k12.ga.us>
Message-ID: <4923EA00.6E24.0005.0@kcumb.edu>

I encountered that error before and the solution was to remove and re-upload the driver to the Driver Store.  Once you do this, you will need to associate the driver to the printer again.

Pat.

Patrick A. Hasenjager
Network/Windows/ZENworks System Administrator
Kansas City University of Medicine and Biosciences

phone 816.283.2478
fax 816.283.0692
email phasenjager at kcumb.edu

>>> On 11/19/2008 at 9:53 AM, "Matt Smith"  wrote:
I'm having a weird iPrint issue on OES Linux v2.  Seems like I have a
lot of these since we converted to secure iPrint.  I have at least one
site where they are unable to install any Lexmark printers from the
http:///ipp page.  Other brand printers install and print
just fine.

The user gets a 1344 error when they try to install the printer. 
Novell has one TID that's fairly recent that describes this error and
three potential solutions.  I've gone through the three steps twice now,
and still have the problem.  The TID is at:  http://tinyurl.com/5acc6u 

Anybody have any suggestions?

-Matt

-- 

Matt Smith                Network Technology Specialist
Oconee County School System, Oconee County, Georgia
Office of Instruction and Technology       706-769-5685
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From mrsmith at oconee.k12.ga.us  Wed Nov 19 16:56:10 2008
From: mrsmith at oconee.k12.ga.us (Matt Smith)
Date: Wed, 19 Nov 2008 11:56:10 -0500
Subject: weird iprint issue
In-Reply-To: <4923EA00.6E24.0005.0@kcumb.edu>
References: <4923F024.E4C1.0068.0@oconee.k12.ga.us>
	<4923EA00.6E24.0005.0@kcumb.edu>
Message-ID: <4923FEBD.E4C1.0068.0@oconee.k12.ga.us>

>>> On 11/19/2008 at 11:27 AM, in message
<4923EA00.6E24.0005.0 at kcumb.edu>,
"Patrick Hasenjager"  wrote:
> I encountered that error before and the solution was to remove and
re-upload 
> the driver to the Driver Store.  Once you do this, you will need to
associate 
> the driver to the printer again.
>  
> Pat.

I think I just came up with a similar solution.  I had a hunch that it
was driver related, so instead of removing and re-uploading the driver,
I just went into the printer object, changed the driver, hit apply, then
changed the driver back.  That seemed to fix things.  Go figure.

Thanks.  Your suggestion would be my next step I think.

-Matt  

-- 

Matt Smith                Network Technology Specialist
Oconee County School System, Oconee County, Georgia
Office of Instruction and Technology       706-769-5685

From dmoon at peru.k12.in.us  Thu Nov 20 01:01:49 2008
From: dmoon at peru.k12.in.us (Dave Moon)
Date: Wed, 19 Nov 2008 20:01:49 -0500
Subject: bordermanager problem
Message-ID: <492470B0.44EC.00EB.0@peru.k12.in.us>

I have a bordermanager 3.8 running on NW 6.5.  Last week we upgraded from 2 T1's to a 15 meg pipe.  Ever since the traffic through this isp is slower than molasses.  Without the bordermanger connected it flies very fast.

Here is the setup for the most part.  Nics are set to Auto which is working better than forcing.

The filters on bordermanager are relatively tight.  No pings allowed.  having said that here is what I am finding.  

Bordermanager with filters off I ping www.yahoo.com and will drop packets consistently from all packets to no packets within a couple of minutes.  Unplug the private side cable and all packets will pass perfectly.  I put a wireshark in parallel with the public side and haven't seen anything jump out at me. 

I plan to do the private side on Wednesday afternoon.

All of that said, does anyone have any ideas.  I don't want to replace it and not fix the problem, nor do I want to spend a bunch of consultant money and not solve it either.

I am at a loss as to how to track this down.

Thanks in advance for any help.

Dave

Dave Moon A+
Network Technologist
Peru Community Schools
401 N. Broadway
Peru, IN 46970
765-473-3081
fax 765-472-5129

From joea at j4computers.com  Thu Nov 20 03:28:22 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Wed, 19 Nov 2008 22:28:22 -0500
Subject: OES1, nbackup restore, smdrd crash
Message-ID: <49248626.917D.0085.0@j4computers.com>

On Fri, Oct 17, 2008 at 01:02:49PM -0400, joea at j4computers.com wrote:
>> OES1 linux, patched.  Groupwise 7.0.3 hp.
>> 
>> doing a restore of an sidf file (/opt/novell/sms/bin/nbackup -xvf filename -r "original path restore path" _U >>root), will sometimes work, but mostly fail.  
>> 
>>. . . 
> joe a.
.
>.
>-----------
>     What we have here is a failure to compute, as one might say. The design of smdr/tsafs have, for a long
>time, had serious problems about memory consumption, particularly when large files are encountered. The >>usual
>way round is to tell tsafs that its cache memory allowance is none to a few percent (as you wish).
>  I suggest you write a report on this and submit it to Novell asap. Please try to see if large files
>are involved when things go pear shaped, and keep an eye on memory consumption via say  top.
>   Thanks,
>  Joe D.

I am pleased to report an apparent fix to this problem, courtesy of Novell's efforts.  Thanks to those who took ownership of the problem, and for providing the fix.

joe a.

From lists at shuters.net  Thu Nov 20 14:39:49 2008
From: lists at shuters.net (Matthew Shuter)
Date: Thu, 20 Nov 2008 09:39:49 -0500
Subject: bordermanager problem
In-Reply-To: <492470B0.44EC.00EB.0@peru.k12.in.us>
References: <492470B0.44EC.00EB.0@peru.k12.in.us>
Message-ID: <492576B5.3060906@shuters.net>

Have you reset the server and any switches between it and the outbound 
connection?
    I don't recall any issues like this on our BM server when we moved 
from different outbound links...
       is there some device that is looking for two outbound links in 
order to load balance them maybe?

Dave Moon wrote:
> I have a bordermanager 3.8 running on NW 6.5.  Last week we upgraded from 2 T1's to a 15 meg pipe.  Ever since the traffic through this isp is slower than molasses.  Without the bordermanger connected it flies very fast.
>
> Here is the setup for the most part.  Nics are set to Auto which is working better than forcing.
>
> The filters on bordermanager are relatively tight.  No pings allowed.  having said that here is what I am finding.  
>
> Bordermanager with filters off I ping www.yahoo.com and will drop packets consistently from all packets to no packets within a couple of minutes.  Unplug the private side cable and all packets will pass perfectly.  I put a wireshark in parallel with the public side and haven't seen anything jump out at me. 
>
> I plan to do the private side on Wednesday afternoon.
>
> All of that said, does anyone have any ideas.  I don't want to replace it and not fix the problem, nor do I want to spend a bunch of consultant money and not solve it either.
>
> I am at a loss as to how to track this down.
>
> Thanks in advance for any help.
>
> Dave
>
> Dave Moon A+
> Network Technologist
> Peru Community Schools
> 401 N. Broadway
> Peru, IN 46970
> 765-473-3081
> fax 765-472-5129
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>
>   

__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com

From cwc at imail.barton.ac.uk  Thu Nov 20 16:47:30 2008
From: cwc at imail.barton.ac.uk (Chris Cheetham)
Date: Thu, 20 Nov 2008 16:47:30 +0000
Subject: bordermanager problem
In-Reply-To: <492470B0.44EC.00EB.0@peru.k12.in.us>
References: <492470B0.44EC.00EB.0@peru.k12.in.us>
Message-ID: <49259478.44FB.006B.0@imail.barton.ac.uk>

Have a look at

http://nscsysop.hypermart.net/

and the forum at http://forums.novell.com/

there are some really dedicated BM users out there who may be able to help.

Chris

>>>  20 November 2008 01:01 >>>
I have a bordermanager 3.8 running on NW 6.5.  Last week we upgraded from 2 T1's to a 15 meg pipe.  Ever since the traffic through this isp is slower than molasses.  Without the bordermanger connected it flies very fast.

Here is the setup for the most part.  Nics are set to Auto which is working better than forcing.

The filters on bordermanager are relatively tight.  No pings allowed.  having said that here is what I am finding.  

Bordermanager with filters off I ping www.yahoo.com and will drop packets consistently from all packets to no packets within a couple of minutes.  Unplug the private side cable and all packets will pass perfectly.  I put a wireshark in parallel with the public side and haven't seen anything jump out at me. 

I plan to do the private side on Wednesday afternoon.

All of that said, does anyone have any ideas.  I don't want to replace it and not fix the problem, nor do I want to spend a bunch of consultant money and not solve it either.

I am at a loss as to how to track this down.

Thanks in advance for any help.

Dave

Dave Moon A+
Network Technologist
Peru Community Schools
401 N. Broadway
Peru, IN 46970
765-473-3081
fax 765-472-5129

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

--- Scanned by M+ Guardian Messaging Firewall ---

--- Scanned by M+ Guardian Messaging Firewall ---

From cjf at calfrye.com  Thu Nov 20 17:43:56 2008
From: cjf at calfrye.com (Cal Frye)
Date: Thu, 20 Nov 2008 12:43:56 -0500
Subject: bordermanager problem
In-Reply-To: <492470B0.44EC.00EB.0@peru.k12.in.us>
References: <492470B0.44EC.00EB.0@peru.k12.in.us>
Message-ID: <4925A1DC.6080003@calfrye.com>

Dave Moon wrote:
> Here is the setup for the most part.  Nics are set to Auto which is
> working better than forcing.

Boy, does this smell like a duplex mismatch problem, or possibly a link
issue with the new line (takes our telco about two tries to get a clean
circuit functioning, it seems). Double-check collisions or errors on all
ports involved. Auto-negotiate often doesn't.

-- 
Regards,
-- Cal Frye, Network Administrator, Oberlin College

   www.calfrye.com,  www.pitalabs.com

"The strongest principle of growth lies in human choice." --George Eliot.

From marcus at myrealbox.com  Thu Nov 20 17:48:20 2008
From: marcus at myrealbox.com (Marcus Williamson)
Date: Thu, 20 Nov 2008 18:48:20 +0100
Subject: bordermanager problem
In-Reply-To: <492470B0.44EC.00EB.0@peru.k12.in.us>
References: <492470B0.44EC.00EB.0@peru.k12.in.us>
Message-ID: 

On Wed, 19 Nov 2008 20:01:49 -0500, you wrote:

>Bordermanager with filters off I ping www.yahoo.com and will drop packets consistently from all packets to no packets within a >couple of minutes.  Unplug the private side cable and all packets will pass perfectly.  I put a wireshark in parallel with the public >side and haven't seen anything jump out at me. 

Hello Dave

When you changed the public IP address of the BorderManager server in INETCFG
have you also changed the public IP address attribute of the BorderManager
server object in NWAdmin?

HTH!

regards
Marcus Williamson
Connectotel
http://www.connectotel.com/

From dmoon at peru.k12.in.us  Thu Nov 20 18:45:53 2008
From: dmoon at peru.k12.in.us (Dave Moon)
Date: Thu, 20 Nov 2008 13:45:53 -0500
Subject: bordermanager problem
In-Reply-To: 
References: <492470B0.44EC.00EB.0@peru.k12.in.us>

Message-ID: <49256A0F.44EC.00EB.0@peru.k12.in.us>

Thanks everyone for the ideas.  We are checking duplex settings as such.  The ip address did not change.  It is now looking as if we may have something internal flooding the connection. We are double checking a wireshark trace at this point also.

dave

Dave Moon A+
Network Technologist
Peru Community Schools
401 N. Broadway
Peru, IN 46970
765-473-3081
fax 765-472-5129

>>> Marcus Williamson  11/20/2008 12:48 PM >>>

On Wed, 19 Nov 2008 20:01:49 -0500, you wrote:

>Bordermanager with filters off I ping www.yahoo.com and will drop packets consistently from all packets to no packets within a >couple of minutes.  Unplug the private side cable and all packets will pass perfectly.  I put a wireshark in parallel with the public >side and haven't seen anything jump out at me. 

Hello Dave

When you changed the public IP address of the BorderManager server in INETCFG
have you also changed the public IP address attribute of the BorderManager
server object in NWAdmin?

HTH!

regards
Marcus Williamson
Connectotel
http://www.connectotel.com/ 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From andrew.foulsham at imm.ox.ac.uk  Fri Nov 21 10:55:51 2008
From: andrew.foulsham at imm.ox.ac.uk (Andrew Foulsham)
Date: Fri, 21 Nov 2008 10:55:51 +0000
Subject: Filesystems for Xen disk images
Message-ID: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>

Dear all,

I followed the discussion a couple of weeks ago about optimal filesystems for different purposes, and found it very enlightening.
I was wondering how these principles apply to a volume intended for storing xen disk images? Clearly, they are large files, but subject to a large number of changes internally. So is XFS or EXT3 the best option? 
Is the fact that the filesystem is on an iSCSI target significant?
And, as (theoretically) the images could be accessed over iSCSI from several different servers (for disaster recovery & capacity management), is a cluster-aware filesystem necessary or desirable? In that case, would OCFS2 be my best course of action?
The Xen hosts will be on SLES10 sp2, and the iSCSI server may be another SLES10 box (or an Openfiler box).

Best wishes,

Andrew Foulsham

-- 

Andrew Foulsham
IT Officer,
Weatherall Institute of Molecular Medicine
Tel. 01865 222618
andrew.foulsham at imm.ox.ac.uk

From joe.doupnik at oucs.ox.ac.uk  Fri Nov 21 11:27:42 2008
From: joe.doupnik at oucs.ox.ac.uk (Joe R. Doupnik)
Date: Fri, 21 Nov 2008 11:27:42 +0000
Subject: Filesystems for Xen disk images
In-Reply-To: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
Message-ID: <49269B2E.3050506@oucs.ox.ac.uk>

Andrew Foulsham wrote:
> Dear all,
> 
> I followed the discussion a couple of weeks ago about optimal filesystems for different purposes, and found it very enlightening.
> I was wondering how these principles apply to a volume intended for storing xen disk images? Clearly, they are large files, but subject to a large number of changes internally. So is XFS or EXT3 the best option? 
> Is the fact that the filesystem is on an iSCSI target significant?
> And, as (theoretically) the images could be accessed over iSCSI from several different servers (for disaster recovery & capacity management), is a cluster-aware filesystem necessary or desirable? In that case, would OCFS2 be my best course of action?
> The Xen hosts will be on SLES10 sp2, and the iSCSI server may be another SLES10 box (or an Openfiler box).
> 
> Best wishes,
> 
> Andrew Foulsham
> 
-------------
      Taking up points in reverse order.
      If you really must have simultaneous access to the same file
system by multiple machines at the same time, then today the choice
is only OCFS2. This is a very so-so file system, more quicky than
thoughtful but good enough for Oracle's purposes. It is basically
EXT3 with locking. The key phrase is "at the same time".
      Clustering in the Novell manner is not at the same time. Yes,
the SBD partition is at the same time, but different sectors for each
cluster member. SBD is not exactly a file system by our standards.
      iSCSI is a disk block thingy, ignorant of file systems. While it
is appealing in many ways, it is also another layer of complexity and
failure to content with, and it will extract a performance penality.
      Then to those image files proper. I would warmly recommend XFS
over EXT3. What is even better is to have guests use raw devices with
no intermediary file system to hold file systems. Better speed, oodles
better journaling behavior. For general archiving of huge files XFS is
again superior. I keep EXT3 around only as a simple desktop alternative.
      Finally, disaster recovery and such. This can be a very elaborate
subject when we get into the fine print. Simply replicating disk blocks
is often not satisfactory because a lot of data is held in memory. Thus
a cold system is the proper basis as an image source. Hot imaging is
another matter, where disk blocks are replicated and active memory is as
well, which is the case for doing Vmotion and similar high risk tricks.
A cold machine backup is the most rational approach, with its attendant
maintenance interval. Background disk block replication (aka mirroring)
can be very comforting though, if the held file systems are tolerant of
partial writes (when say power fails abuptly).
     Whenever this subject comes up I quietly ask myself if the speakers
know what they really wish to accomplish. Often I suspect the answer
is no, just keep away bad things and have no down time. We have to be
more practical and identify the kinds of outages to be dealt with and
the reasonable means of accomodating them. There is no free lunch here.
     Joe D.

From andrew.foulsham at imm.ox.ac.uk  Fri Nov 21 12:45:25 2008
From: andrew.foulsham at imm.ox.ac.uk (Andrew Foulsham)
Date: Fri, 21 Nov 2008 12:45:25 +0000
Subject: Filesystems for Xen disk images
In-Reply-To: <49269B2E.3050506@oucs.ox.ac.uk>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
Message-ID: <4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>

>>> On 21/11/2008 at 11:27, in message <49269B2E.3050506 at oucs.ox.ac.uk>, "Joe R.
Doupnik"  wrote:
> Andrew Foulsham wrote:
>> Dear all,
>> 
>> I followed the discussion a couple of weeks ago about optimal filesystems 
> for different purposes, and found it very enlightening.
>> I was wondering how these principles apply to a volume intended for storing 
> xen disk images? Clearly, they are large files, but subject to a large number 
> of changes internally. So is XFS or EXT3 the best option? 
>> Is the fact that the filesystem is on an iSCSI target significant?
>> And, as (theoretically) the images could be accessed over iSCSI from several 
> different servers (for disaster recovery & capacity management), is a 
> cluster-aware filesystem necessary or desirable? In that case, would OCFS2 
> be my best course of action?
>> The Xen hosts will be on SLES10 sp2, and the iSCSI server may be another 
> SLES10 box (or an Openfiler box).
>> 
>> Best wishes,
>> 
>> Andrew Foulsham
>> 
> -------------
>       Taking up points in reverse order.
>       If you really must have simultaneous access to the same file
> system by multiple machines at the same time, then today the choice
> is only OCFS2. This is a very so-so file system, more quicky than
> thoughtful but good enough for Oracle's purposes. It is basically
> EXT3 with locking. The key phrase is "at the same time".
>       Clustering in the Novell manner is not at the same time. Yes,
> the SBD partition is at the same time, but different sectors for each
> cluster member. SBD is not exactly a file system by our standards.
>       iSCSI is a disk block thingy, ignorant of file systems. While it
> is appealing in many ways, it is also another layer of complexity and
> failure to content with, and it will extract a performance penality.
>       Then to those image files proper. I would warmly recommend XFS
> over EXT3. What is even better is to have guests use raw devices with
> no intermediary file system to hold file systems. Better speed, oodles
> better journaling behavior. For general archiving of huge files XFS is
> again superior. I keep EXT3 around only as a simple desktop alternative.
>       Finally, disaster recovery and such. This can be a very elaborate
> subject when we get into the fine print. Simply replicating disk blocks
> is often not satisfactory because a lot of data is held in memory. Thus
> a cold system is the proper basis as an image source. Hot imaging is
> another matter, where disk blocks are replicated and active memory is as
> well, which is the case for doing Vmotion and similar high risk tricks.
> A cold machine backup is the most rational approach, with its attendant
> maintenance interval. Background disk block replication (aka mirroring)
> can be very comforting though, if the held file systems are tolerant of
> partial writes (when say power fails abuptly).
>      Whenever this subject comes up I quietly ask myself if the speakers
> know what they really wish to accomplish. Often I suspect the answer
> is no, just keep away bad things and have no down time. We have to be
> more practical and identify the kinds of outages to be dealt with and
> the reasonable means of accomodating them. There is no free lunch here.
>      Joe D.
> 
Many thanks for the informative comments and suggestions.

I hadn't thought of using raw devices for the xen filesystem, which seems to be a good idea for many reasons. I've just found mention of it in one of Sander van Vugt's articles, and so some serious reading and experimentation is about to commence.

As far as I'm aware, the filesystem isn't accessed at the same time during an "xm migrate" operation, and so OCFS2 may well be overkill for this purpose.

And I will certainly try XFS as a filesystem for hosting xen disk images, at least during testing & development.

Best wishes,

Andrew Foulsham

-- 

Andrew Foulsham
IT Officer,
Weatherall Institute of Molecular Medicine
Tel. 01865 222618
andrew.foulsham at imm.ox.ac.uk

From joe.doupnik at oucs.ox.ac.uk  Fri Nov 21 13:20:09 2008
From: joe.doupnik at oucs.ox.ac.uk (Joe R. Doupnik)
Date: Fri, 21 Nov 2008 13:20:09 +0000
Subject: Filesystems for Xen disk images
In-Reply-To: <4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
Message-ID: <4926B589.5030601@oucs.ox.ac.uk>

Andrew Foulsham wrote:
>>>> On 21/11/2008 at 11:27, in message <49269B2E.3050506 at oucs.ox.ac.uk>, "Joe R.
> Doupnik"  wrote:
>> Andrew Foulsham wrote:
>>> Dear all,
>>>
>>> I followed the discussion a couple of weeks ago about optimal filesystems 
>> for different purposes, and found it very enlightening.
>>> I was wondering how these principles apply to a volume intended for storing 
>> xen disk images? Clearly, they are large files, but subject to a large number 
>> of changes internally. So is XFS or EXT3 the best option? 
>>> Is the fact that the filesystem is on an iSCSI target significant?
>>> And, as (theoretically) the images could be accessed over iSCSI from several 
>> different servers (for disaster recovery & capacity management), is a 
>> cluster-aware filesystem necessary or desirable? In that case, would OCFS2 
>> be my best course of action?
>>> The Xen hosts will be on SLES10 sp2, and the iSCSI server may be another 
>> SLES10 box (or an Openfiler box).
>>> Best wishes,
>>>
>>> Andrew Foulsham
>>>
>> -------------
>>       Taking up points in reverse order.
>>       If you really must have simultaneous access to the same file
>> system by multiple machines at the same time, then today the choice
>> is only OCFS2. This is a very so-so file system, more quicky than
>> thoughtful but good enough for Oracle's purposes. It is basically
>> EXT3 with locking. The key phrase is "at the same time".
>>       Clustering in the Novell manner is not at the same time. Yes,
>> the SBD partition is at the same time, but different sectors for each
>> cluster member. SBD is not exactly a file system by our standards.
>>       iSCSI is a disk block thingy, ignorant of file systems. While it
>> is appealing in many ways, it is also another layer of complexity and
>> failure to content with, and it will extract a performance penality.
>>       Then to those image files proper. I would warmly recommend XFS
>> over EXT3. What is even better is to have guests use raw devices with
>> no intermediary file system to hold file systems. Better speed, oodles
>> better journaling behavior. For general archiving of huge files XFS is
>> again superior. I keep EXT3 around only as a simple desktop alternative.
>>       Finally, disaster recovery and such. This can be a very elaborate
>> subject when we get into the fine print. Simply replicating disk blocks
>> is often not satisfactory because a lot of data is held in memory. Thus
>> a cold system is the proper basis as an image source. Hot imaging is
>> another matter, where disk blocks are replicated and active memory is as
>> well, which is the case for doing Vmotion and similar high risk tricks.
>> A cold machine backup is the most rational approach, with its attendant
>> maintenance interval. Background disk block replication (aka mirroring)
>> can be very comforting though, if the held file systems are tolerant of
>> partial writes (when say power fails abuptly).
>>      Whenever this subject comes up I quietly ask myself if the speakers
>> know what they really wish to accomplish. Often I suspect the answer
>> is no, just keep away bad things and have no down time. We have to be
>> more practical and identify the kinds of outages to be dealt with and
>> the reasonable means of accomodating them. There is no free lunch here.
>>      Joe D.
>>
> Many thanks for the informative comments and suggestions.
> 
> I hadn't thought of using raw devices for the xen filesystem, which seems to be a good idea for many reasons. I've just found mention of it in one of Sander van Vugt's articles, and so some serious reading and experimentation is about to commence.
> 
> As far as I'm aware, the filesystem isn't accessed at the same time during an "xm migrate" operation, and so OCFS2 may well be overkill for this purpose.
> 
> And I will certainly try XFS as a filesystem for hosting xen disk images, at least during testing & development.
> 
> Best wishes,
> 
> Andrew Foulsham
> 
Andrew,
      My standard mount options for XFS are
      noatime,nodiratime,logbufs=8
where the last is optional and ought to be the default value by now.
The atime stuff is self explanatory.
      Please do have a go at the raw physical device approach. Novell's
XEN docs may help as Novell tries hard to domesticate XEN.
      I have not tried XEN's vmotion, xm migrate, material even though
it is their big marketing slide.
      My last comment here is that the vaunted mirroring of host time to
guests is effective only if the physical CPUs support the Intel VT, and
AMD equiv, virtualization supplement, so says Novell. Even then one can
encounter some slippage when a host or guest is heavily loaded. Otherwise
it does seem to work reasonably well.
      Joe D.

From Hatchellb at vvc.edu  Fri Nov 21 14:55:12 2008
From: Hatchellb at vvc.edu (Brian Hatchell)
Date: Fri, 21 Nov 2008 06:55:12 -0800
Subject: Piggyback on discussion Re: Filesystems for Xen disk images
Message-ID: <49265B500200002400029D3C@martian4.vvc.edu>

Folks:

I have been reading this discussion with interest as I am having some trouble with ZCM10 with a similar setup.

OS is SLES 10 64 bit.  Images are on a iSCSI partition.  This means that the server has two Ip addresses, one for the main network and one for the iSCSI network.

Imaging is trying its best to use the iSCSI network, I have modified many *.conf files and almost have it, the last part seems to have something to do with tftp.

Does anyone know of a comprehensive list of the *.conf files that tell the imaging services (pdhdp, tftp and pxe?) what ip address to use, and just as importantly their location in the file structure.

Documentation for ZCM10 seems to be woefully inadequete and this really does not seem like something I should have to burn an incident or call a consultant on.

It seems like one would run into real trouble readdressing a ZCM 10 server without this documented.

I welcome any questions.

Brian Hatchell
Network Manager, Victor Valley College
760 245-4271 x2792

"Universities are complicated businesses. You need a good HR department, IT, construction, someone to manage the portfolio. You need someone with a business background running these operations."
Paul Osterman, Professor, Massachusetts Institute of Technology 
>>> "Joe R. Doupnik"  11/21/08 5:20 AM >>>
Andrew Foulsham wrote:
>>>> On 21/11/2008 at 11:27, in message <49269B2E.3050506 at oucs.ox.ac.uk>, "Joe R.
> Doupnik"  wrote:
>> Andrew Foulsham wrote:
>>> Dear all,
>>>
>>> I followed the discussion a couple of weeks ago about optimal filesystems 
>> for different purposes, and found it very enlightening.
>>> I was wondering how these principles apply to a volume intended for storing 
>> xen disk images? Clearly, they are large files, but subject to a large number 
>> of changes internally. So is XFS or EXT3 the best option? 
>>> Is the fact that the filesystem is on an iSCSI target significant?
>>> And, as (theoretically) the images could be accessed over iSCSI from several 
>> different servers (for disaster recovery & capacity management), is a 
>> cluster-aware filesystem necessary or desirable? In that case, would OCFS2 
>> be my best course of action?
>>> The Xen hosts will be on SLES10 sp2, and the iSCSI server may be another 
>> SLES10 box (or an Openfiler box).
>>> Best wishes,
>>>
>>> Andrew Foulsham
>>>
>> -------------
>>       Taking up points in reverse order.
>>       If you really must have simultaneous access to the same file
>> system by multiple machines at the same time, then today the choice
>> is only OCFS2. This is a very so-so file system, more quicky than
>> thoughtful but good enough for Oracle's purposes. It is basically
>> EXT3 with locking. The key phrase is "at the same time".
>>       Clustering in the Novell manner is not at the same time. Yes,
>> the SBD partition is at the same time, but different sectors for each
>> cluster member. SBD is not exactly a file system by our standards.
>>       iSCSI is a disk block thingy, ignorant of file systems. While it
>> is appealing in many ways, it is also another layer of complexity and
>> failure to content with, and it will extract a performance penality.
>>       Then to those image files proper. I would warmly recommend XFS
>> over EXT3. What is even better is to have guests use raw devices with
>> no intermediary file system to hold file systems. Better speed, oodles
>> better journaling behavior. For general archiving of huge files XFS is
>> again superior. I keep EXT3 around only as a simple desktop alternative.
>>       Finally, disaster recovery and such. This can be a very elaborate
>> subject when we get into the fine print. Simply replicating disk blocks
>> is often not satisfactory because a lot of data is held in memory. Thus
>> a cold system is the proper basis as an image source. Hot imaging is
>> another matter, where disk blocks are replicated and active memory is as
>> well, which is the case for doing Vmotion and similar high risk tricks.
>> A cold machine backup is the most rational approach, with its attendant
>> maintenance interval. Background disk block replication (aka mirroring)
>> can be very comforting though, if the held file systems are tolerant of
>> partial writes (when say power fails abuptly).
>>      Whenever this subject comes up I quietly ask myself if the speakers
>> know what they really wish to accomplish. Often I suspect the answer
>> is no, just keep away bad things and have no down time. We have to be
>> more practical and identify the kinds of outages to be dealt with and
>> the reasonable means of accomodating them. There is no free lunch here.
>>      Joe D.
>>
> Many thanks for the informative comments and suggestions.
> 
> I hadn't thought of using raw devices for the xen filesystem, which seems to be a good idea for many reasons. I've just found mention of it in one of Sander van Vugt's articles, and so some serious reading and experimentation is about to commence.
> 
> As far as I'm aware, the filesystem isn't accessed at the same time during an "xm migrate" operation, and so OCFS2 may well be overkill for this purpose.
> 
> And I will certainly try XFS as a filesystem for hosting xen disk images, at least during testing & development.
> 
> Best wishes,
> 
> Andrew Foulsham
> 
Andrew,
      My standard mount options for XFS are
      noatime,nodiratime,logbufs=8
where the last is optional and ought to be the default value by now.
The atime stuff is self explanatory.
      Please do have a go at the raw physical device approach. Novell's
XEN docs may help as Novell tries hard to domesticate XEN.
      I have not tried XEN's vmotion, xm migrate, material even though
it is their big marketing slide.
      My last comment here is that the vaunted mirroring of host time to
guests is effective only if the physical CPUs support the Intel VT, and
AMD equiv, virtualization supplement, so says Novell. Even then one can
encounter some slippage when a host or guest is heavily loaded. Otherwise
it does seem to work reasonably well.
      Joe D.

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From Daniel_Sikes at gamb.uscourts.gov  Fri Nov 21 15:00:51 2008
From: Daniel_Sikes at gamb.uscourts.gov (Daniel_Sikes at gamb.uscourts.gov)
Date: Fri, 21 Nov 2008 10:00:51 -0500
Subject: Daniel Sikes is out of the office.
Message-ID: 

I will be out of the office starting  11/21/2008 and will not return until
12/01/2008.

I will respond to your message when I return.

From tim at nds8.co.uk  Fri Nov 21 17:46:19 2008
From: tim at nds8.co.uk (Tim Heywood)
Date: Fri, 21 Nov 2008 17:46:19 +0000
Subject: Filesystems for Xen disk images
In-Reply-To: <4926B589.5030601@oucs.ox.ac.uk>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
Message-ID: <4926F3EB020000BB0003E800@mail2.nds8.com>

Joe,

Should we not at this point also mention that the XFS is for local disk
systems only and not for a cluster?  equally if we have a storage system
that can be disconnected?

Like you for my local storage I use XFS move and more, however one has
to keep in mind both the streignths of each file system type - and also
their weeknesses

Over to you sir  :-)

Tim

-- 

Tim Heywood
NDS8
Novell Platinum Solution Provider

Office:  +44 (0) 131 538 8202
Mobile:  +44 (0) 7974 134264

>>> On 21 November, 2008 at 13:20, "Joe R. Doupnik"

wrote: 
> Andrew Foulsham wrote:
>>>>> On 21/11/2008 at 11:27, in message
<49269B2E.3050506 at oucs.ox.ac.uk>, "Joe R.
>> Doupnik"  wrote:
>>> Andrew Foulsham wrote:
>>>> Dear all,
>>>>
>>>> I followed the discussion a couple of weeks ago about optimal
filesystems 
>>> for different purposes, and found it very enlightening.
>>>> I was wondering how these principles apply to a volume intended
for storing 
>>> xen disk images? Clearly, they are large files, but subject to a
large 
> number 
>>> of changes internally. So is XFS or EXT3 the best option? 
>>>> Is the fact that the filesystem is on an iSCSI target
significant?
>>>> And, as (theoretically) the images could be accessed over iSCSI
from several 
> 
>>> different servers (for disaster recovery & capacity management), is
a 
>>> cluster-aware filesystem necessary or desirable? In that case,
would OCFS2 
>>> be my best course of action?
>>>> The Xen hosts will be on SLES10 sp2, and the iSCSI server may be
another 
>>> SLES10 box (or an Openfiler box).
>>>> Best wishes,
>>>>
>>>> Andrew Foulsham
>>>>
>>> -------------
>>>       Taking up points in reverse order.
>>>       If you really must have simultaneous access to the same file
>>> system by multiple machines at the same time, then today the
choice
>>> is only OCFS2. This is a very so-so file system, more quicky than
>>> thoughtful but good enough for Oracle's purposes. It is basically
>>> EXT3 with locking. The key phrase is "at the same time".
>>>       Clustering in the Novell manner is not at the same time.
Yes,
>>> the SBD partition is at the same time, but different sectors for
each
>>> cluster member. SBD is not exactly a file system by our standards.
>>>       iSCSI is a disk block thingy, ignorant of file systems. While
it
>>> is appealing in many ways, it is also another layer of complexity
and
>>> failure to content with, and it will extract a performance
penality.
>>>       Then to those image files proper. I would warmly recommend
XFS
>>> over EXT3. What is even better is to have guests use raw devices
with
>>> no intermediary file system to hold file systems. Better speed,
oodles
>>> better journaling behavior. For general archiving of huge files XFS
is
>>> again superior. I keep EXT3 around only as a simple desktop
alternative.
>>>       Finally, disaster recovery and such. This can be a very
elaborate
>>> subject when we get into the fine print. Simply replicating disk
blocks
>>> is often not satisfactory because a lot of data is held in memory.
Thus
>>> a cold system is the proper basis as an image source. Hot imaging
is
>>> another matter, where disk blocks are replicated and active memory
is as
>>> well, which is the case for doing Vmotion and similar high risk
tricks.
>>> A cold machine backup is the most rational approach, with its
attendant
>>> maintenance interval. Background disk block replication (aka
mirroring)
>>> can be very comforting though, if the held file systems are
tolerant of
>>> partial writes (when say power fails abuptly).
>>>      Whenever this subject comes up I quietly ask myself if the
speakers
>>> know what they really wish to accomplish. Often I suspect the
answer
>>> is no, just keep away bad things and have no down time. We have to
be
>>> more practical and identify the kinds of outages to be dealt with
and
>>> the reasonable means of accomodating them. There is no free lunch
here.
>>>      Joe D.
>>>
>> Many thanks for the informative comments and suggestions.
>> 
>> I hadn't thought of using raw devices for the xen filesystem, which
seems to 
> be a good idea for many reasons. I've just found mention of it in one
of 
> Sander van Vugt's articles, and so some serious reading and
experimentation 
> is about to commence.
>> 
>> As far as I'm aware, the filesystem isn't accessed at the same time
during 
> an "xm migrate" operation, and so OCFS2 may well be overkill for this

> purpose.
>> 
>> And I will certainly try XFS as a filesystem for hosting xen disk
images, at 
> least during testing & development.
>> 
>> Best wishes,
>> 
>> Andrew Foulsham
>> 
> Andrew,
>       My standard mount options for XFS are
>       noatime,nodiratime,logbufs=8
> where the last is optional and ought to be the default value by now.
> The atime stuff is self explanatory.
>       Please do have a go at the raw physical device approach.
Novell's
> XEN docs may help as Novell tries hard to domesticate XEN.
>       I have not tried XEN's vmotion, xm migrate, material even
though
> it is their big marketing slide.
>       My last comment here is that the vaunted mirroring of host time
to
> guests is effective only if the physical CPUs support the Intel VT,
and
> AMD equiv, virtualization supplement, so says Novell. Even then one
can
> encounter some slippage when a host or guest is heavily loaded.
Otherwise
> it does seem to work reasonably well.
>       Joe D.
> 
> 
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
> 
> ***Scanned by M+ Guardian***

The information contained in this email is intended for the person to 
whom it is addressed and may contain confidential and/or privileged 
information. You should not copy, retain, forward or disclose its 
contents to anyone else, or take any action based upon it, if it is 
not addressed to you personally. If the message is received by anyone
other 
than the addressee, please notify the sender and delete the message. 

NDS8 does not accept responsibility for changes made to this 
message after it was sent. Whilst all reasonable care has been taken to 
avoid the transmission of viruses, it is the responsibility of the 
recipient to ensure that the onward transmission, opening or use of 
this message and any attachments will not adversely affect its systems
or data.

From joe.doupnik at oucs.ox.ac.uk  Fri Nov 21 19:10:22 2008
From: joe.doupnik at oucs.ox.ac.uk (jrd)
Date: Fri, 21 Nov 2008 19:10:22 +0000
Subject: Filesystems for Xen disk images
In-Reply-To: <4926F3EB020000BB0003E800@mail2.nds8.com>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>	<49269B2E.3050506@oucs.ox.ac.uk>	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
Message-ID: <4927079E.1010701@oucs.ox.ac.uk>

Tim Heywood wrote:
> Joe,
> 
> Should we not at this point also mention that the XFS is for local disk
> systems only and not for a cluster?  equally if we have a storage system
> that can be disconnected?
> 
> Like you for my local storage I use XFS move and more, however one has
> to keep in mind both the streignths of each file system type - and also
> their weeknesses
> 
> Over to you sir  :-)
> 
> Tim
> 
> 
--------
Tim,
     SLES 11 beta now has an extra "sync" of all file systems when the o/s
is shutting down, plus about enough time to really flush data to disk.
The question before was what about during a normal dismount, the same
needs to be done, and for that I simply don't know yet.
    It would not surprise me to learn that EXT3 and ReiserFS have similar
problems when dismounting. With ReiserFS, when problems of this kind
appear they tend to be awful.
    So, what can we do at this point? I suspect we personally need to
insert sync & wait into the dismount process for a cluster. On my
part I can raise the issue with SUSE during the next beta call (a
reminder to do this would not be amiss).
    On another battle front I am dealing with and trying to correct over
time the mess known as KDE v4. It turns out to be rather interesting
doing this through SUSE, with its diversity of opinions. Softly softly,
be reasonable and articulate etc. Discussion is confined to the closed
beta though. I'd not like to be in the KDE group right now.
    Joe D.

From Setienne at enesco.com  Mon Nov 24 17:07:45 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Mon, 24 Nov 2008 11:07:45 -0600
Subject: NMAS & IPX
In-Reply-To: <4927079E.1010701@oucs.ox.ac.uk>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>	<49269B2E.3050506@oucs.ox.ac.uk>	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com><4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk>
Message-ID: <492A8B01.8A77.004D.0@enesco.com>

We currently are still using DOS logins for workstation imaging. I read in a cool solutions document that:

"using IPX in an NMAS environment can be a problem too. A number of NMAS versions had a severe bug, where it would simply not work over IPX but only over TCP/IP. This could lead to login failures where IPX was involved."
Is this still true? I heard getting the DOS protocol stack to work over TCPIP was either impossible or nearly so. We own ZFD but never implemented it (not my fault--my bosses never let me spend the time on it), and I remember spending some time trying to get the workstation imaging working without ZFD installed into the tree unsuccessfully. 

I think Ghost has a utility to create a boot cd that will connect via cifs?

Do you have NMAS implemented, and if so, is IPX-logins still problematic, and/or what do you do for imaging???

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

From jetadmin at gmail.com  Mon Nov 24 19:24:12 2008
From: jetadmin at gmail.com (Eric Rothweiler)
Date: Mon, 24 Nov 2008 14:24:12 -0500
Subject: NMAS & IPX
In-Reply-To: <492A8B01.8A77.004D.0@enesco.com>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk> <492A8B01.8A77.004D.0@enesco.com>
Message-ID: <1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>

CIFS connections - NMAS is fine over CIFS.

On Mon, Nov 24, 2008 at 12:07 PM, Scott Etienne  wrote:
>
> We currently are still using DOS logins for workstation imaging. I read in a cool solutions document that:
>
>
> "using IPX in an NMAS environment can be a problem too. A number of NMAS versions had a severe bug, where it would simply not work over IPX but only over TCP/IP. This could lead to login failures where IPX was involved."
> Is this still true? I heard getting the DOS protocol stack to work over TCPIP was either impossible or nearly so. We own ZFD but never implemented it (not my fault--my bosses never let me spend the time on it), and I remember spending some time trying to get the workstation imaging working without ZFD installed into the tree unsuccessfully.
>
> I think Ghost has a utility to create a boot cd that will connect via cifs?
>
> Do you have NMAS implemented, and if so, is IPX-logins still problematic, and/or what do you do for imaging???
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell

From Setienne at enesco.com  Tue Nov 25 15:03:15 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Tue, 25 Nov 2008 09:03:15 -0600
Subject: Universal Password Policy not working
In-Reply-To: <1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk> <492A8B01.8A77.004D.0@enesco.com>
	<1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>
Message-ID: <492BBF53.8A77.004D.0@enesco.com>

NetWare 6.5 SP7  w/ NMAS.NLM loaded
NetWare Client 4.91 SP4 w/ NMAS Authentication enabled
UPwd Policy assigned to test users--not assigned to any containers.
Set password policy to require 6 characters with at least 1 numeral.
Login to Windows XP SP2 as test user, CTRL-ALT-DEL, Change Pwd, set the password to novell, no errors. Noticed Policy button, clicked it, empty list.

I was told that you can assign Universal Password policies directly to users, but is that only after you have one set at the container or partition above the user's context?

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

From alandpearson at yahoo.com  Tue Nov 25 18:10:20 2008
From: alandpearson at yahoo.com (Alan Pearson)
Date: Tue, 25 Nov 2008 18:10:20 -0000 (GMT)
Subject: Universal Password Policy not working
In-Reply-To: <492BBF53.8A77.004D.0@enesco.com>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk> <492A8B01.8A77.004D.0@enesco.com>
	<1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>
	<492BBF53.8A77.004D.0@enesco.com>
Message-ID: <33939.88.211.54.85.1227636620.squirrel@83.67.10.8>

In Imanager, check what policy is assigned to your test user.

I think is under Password->Policies

I had same issue and it was because user had a different policy assigned
(SAMBA policy in this case)

At least you'll be able to see if policy assigned correctly.
-- 
AlanP

On Tue, November 25, 2008 3:03 pm, Scott Etienne wrote:
> NetWare 6.5 SP7  w/ NMAS.NLM loaded
> NetWare Client 4.91 SP4 w/ NMAS Authentication enabled
> UPwd Policy assigned to test users--not assigned to any containers.
> Set password policy to require 6 characters with at least 1 numeral.
> Login to Windows XP SP2 as test user, CTRL-ALT-DEL, Change Pwd, set the
> password to novell, no errors. Noticed Policy button, clicked it, empty
> list.
>
> I was told that you can assign Universal Password policies directly to
> users, but is that only after you have one set at the container or
> partition above the user's context?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>

From alandpearson at yahoo.com  Tue Nov 25 18:11:36 2008
From: alandpearson at yahoo.com (Alan Pearson)
Date: Tue, 25 Nov 2008 18:11:36 -0000 (GMT)
Subject: Universal Password Policy not working
In-Reply-To: <492BBF53.8A77.004D.0@enesco.com>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk> <492A8B01.8A77.004D.0@enesco.com>
	<1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>
	<492BBF53.8A77.004D.0@enesco.com>
Message-ID: <34009.88.211.54.85.1227636696.squirrel@83.67.10.8>

Sorry under Passwords->View Policy Assignments in iManager
-- 
AlanP

On Tue, November 25, 2008 3:03 pm, Scott Etienne wrote:
> NetWare 6.5 SP7  w/ NMAS.NLM loaded
> NetWare Client 4.91 SP4 w/ NMAS Authentication enabled
> UPwd Policy assigned to test users--not assigned to any containers.
> Set password policy to require 6 characters with at least 1 numeral.
> Login to Windows XP SP2 as test user, CTRL-ALT-DEL, Change Pwd, set the
> password to novell, no errors. Noticed Policy button, clicked it, empty
> list.
>
> I was told that you can assign Universal Password policies directly to
> users, but is that only after you have one set at the container or
> partition above the user's context?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>

From Setienne at enesco.com  Tue Nov 25 19:10:02 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Tue, 25 Nov 2008 13:10:02 -0600
Subject: Universal Password Policy not working
In-Reply-To: <34009.88.211.54.85.1227636696.squirrel@83.67.10.8>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk> <492A8B01.8A77.004D.0@enesco.com>
	<1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>
	<492BBF53.8A77.004D.0@enesco.com>
	<34009.88.211.54.85.1227636696.squirrel@83.67.10.8>
Message-ID: <492BF92A.8A77.004D.0@enesco.com>

After working on this for the past week, I finall found the answer to my question. There is a specific, NMAS client that has to get installed along side of or on top of nwclient491 SP4.

What tipped me off was a cool solutions article that spoke of an NMAS client that was obviously a separate install.

See http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 

I had been going at this thinking this functionality was built into the client

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

.
>>> "Alan Pearson"  11/25/2008 12:11 PM >>>
Sorry under Passwords->View Policy Assignments in iManager
-- 
AlanP

On Tue, November 25, 2008 3:03 pm, Scott Etienne wrote:
> NetWare 6.5 SP7  w/ NMAS.NLM loaded
> NetWare Client 4.91 SP4 w/ NMAS Authentication enabled
> UPwd Policy assigned to test users--not assigned to any containers.
> Set password policy to require 6 characters with at least 1 numeral.
> Login to Windows XP SP2 as test user, CTRL-ALT-DEL, Change Pwd, set the
> password to novell, no errors. Noticed Policy button, clicked it, empty
> list.
>
> I was told that you can assign Universal Password policies directly to
> users, but is that only after you have one set at the container or
> partition above the user's context?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com 
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 
>

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From Hatchellb at vvc.edu  Tue Nov 25 19:12:03 2008
From: Hatchellb at vvc.edu (Brian Hatchell)
Date: Tue, 25 Nov 2008 11:12:03 -0800
Subject: Universal Password Policy not working
In-Reply-To: <492BF92A.8A77.004D.0@enesco.com>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk> <492A8B01.8A77.004D.0@enesco.com>
	<1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>
	<492BBF53.8A77.004D.0@enesco.com>
	<34009.88.211.54.85.1227636696.squirrel@83.67.10.8>
	<492BF92A.8A77.004D.0@enesco.com>
Message-ID: <492BDD95.2FC1.0024.1@vvc.edu>

Wait, you need additional client to use UP?

Brian Hatchell
Network Manager
Victor Valley College
760 245-4271 x2792

"A good plan, violently executed now, is better than a perfect plan next week."

- General George S. Patton

Check my Blog at http://gwcal.vvc.edu/mplusextranet/scp.dll/blog?user=hatchellb 

>>> On 11/25/2008 at 11:10 AM, in message <492BF92A.8A77.004D.0 at enesco.com>, "Scott Etienne"  wrote:
After working on this for the past week, I finall found the answer to my question. There is a specific, NMAS client that has to get installed along side of or on top of nwclient491 SP4.

What tipped me off was a cool solutions article that spoke of an NMAS client that was obviously a separate install.

See http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 

I had been going at this thinking this functionality was built into the client

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

.
>>> "Alan Pearson"  11/25/2008 12:11 PM >>>
Sorry under Passwords->View Policy Assignments in iManager
-- 
AlanP

On Tue, November 25, 2008 3:03 pm, Scott Etienne wrote:
> NetWare 6.5 SP7  w/ NMAS.NLM loaded
> NetWare Client 4.91 SP4 w/ NMAS Authentication enabled
> UPwd Policy assigned to test users--not assigned to any containers.
> Set password policy to require 6 characters with at least 1 numeral.
> Login to Windows XP SP2 as test user, CTRL-ALT-DEL, Change Pwd, set the
> password to novell, no errors. Noticed Policy button, clicked it, empty
> list.
>
> I was told that you can assign Universal Password policies directly to
> users, but is that only after you have one set at the container or
> partition above the user's context?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com 
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 
>

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Brian Hatchell.vcf
URL: 

From James.Taylor at eastcobbgroup.com  Tue Nov 25 19:19:07 2008
From: James.Taylor at eastcobbgroup.com (James Taylor)
Date: Tue, 25 Nov 2008 14:19:07 -0500
Subject: Universal Password Policy not working
In-Reply-To: <492BF92A.8A77.004D.0@enesco.com>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk> <492A8B01.8A77.004D.0@enesco.com>
	<1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>
	<492BBF53.8A77.004D.0@enesco.com>
	<34009.88.211.54.85.1227636696.squirrel@83.67.10.8>
	<492BF92A.8A77.004D.0@enesco.com>
Message-ID: <492C095B020000750003766D@inet.eastcobbgroup.com>

The NMAS client install was to correct problems with prior NMAS clients.
The Novell Client has included NMAS for quite some time.  I believe you can still optionally not install it with a custom install, but is there by default otherwise.
It sounds like something went wrong with the original client install to me.
-jt

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com
http://www.eastcobbgroup.com

>>> "Scott Etienne"  11/25/2008 02:10 PM >>> 
After working on this for the past week, I finall found the answer to my question. There is a specific, NMAS client that has to get installed along side of or on top of nwclient491 SP4.

What tipped me off was a cool solutions article that spoke of an NMAS client that was obviously a separate install.

See http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 

I had been going at this thinking this functionality was built into the client

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

.
>>> "Alan Pearson"  11/25/2008 12:11 PM >>>
Sorry under Passwords->View Policy Assignments in iManager
-- 
AlanP

On Tue, November 25, 2008 3:03 pm, Scott Etienne wrote:
> NetWare 6.5 SP7  w/ NMAS.NLM loaded
> NetWare Client 4.91 SP4 w/ NMAS Authentication enabled
> UPwd Policy assigned to test users--not assigned to any containers.
> Set password policy to require 6 characters with at least 1 numeral.
> Login to Windows XP SP2 as test user, CTRL-ALT-DEL, Change Pwd, set the
> password to novell, no errors. Noticed Policy button, clicked it, empty
> list.
>
> I was told that you can assign Universal Password policies directly to
> users, but is that only after you have one set at the container or
> partition above the user's context?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com 
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 
>

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From Setienne at enesco.com  Tue Nov 25 21:18:34 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Tue, 25 Nov 2008 15:18:34 -0600
Subject: Universal Password Policy not working
In-Reply-To: <492C095B020000750003766D@inet.eastcobbgroup.com>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk> <492A8B01.8A77.004D.0@enesco.com>
	<1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>
	<492BBF53.8A77.004D.0@enesco.com>
	<34009.88.211.54.85.1227636696.squirrel@83.67.10.8>
	<492BF92A.8A77.004D.0@enesco.com>
	<492C095B020000750003766D@inet.eastcobbgroup.com>
Message-ID: <492C1749.8A77.004D.0@enesco.com>

Read:

System Requirements:
Novell Client 4.91 SP4 client installed

This document is not on support connection, and instead is available
when you download the nmas client. So in lieu of a link, here is the
entire document:

NMAS Client 3.4.2 FTF

This document (5007960) is provided subject to the disclaimer at the
end of this document.
patches this patch supersedes
This patch does not supersede any other patches.
patches that supersede this patch
This patch is not superseded by any other patches.
patch attributes
Security patch: No
Priority: Optional
Distribution Type: Field Test File
http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 
document
Revision: 6
Document ID: 5007960
Creation Date: 2008-02-04 14:43:20
Modified Date: 2008-05-14 23:26:21
technical support

This Field Test File is supported by Novell Technical Services.
abstract

NMAS Client 3.4.2 FTF is a Field Test File based on the NMAS Client 3.4
code base (Novell Client 4.91 SP4).
details

The following fixes are included:

Bug 269814 - Resolved EULA display problems during installation.
TID#3721042 - Bug 278037 - Unable to uninstall the client
TID#3272873 - Bug 340934 - NMAS client installation fails to install
resource DLLs

System Requirements:
Novell Client 4.91 SP4 client installed

Installation:
1. Download and run the nmasclient_setup.exe
2. Reboot after installation
file contents
Files Included Size Date
nmasclient_setup.exe 7.0 MB (7362585) 2008-01-22 15:37:42
readme_5007960.html N/A 2008-05-14 23:26:23
disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this
information. Any trademarks referenced in this document are the property
of their respective owners. Consult your product manuals for complete
trademark information.

Novell is a registered trademark of Novell, Inc. in the United States
and other countries. SUSE is a registered trademark of SUSE Linux AG, a
Novell business. *All third-party trademarks are the property of their
respective owners.

>>> "James Taylor"  11/25/2008 1:19 PM
>>>
The NMAS client install was to correct problems with prior NMAS
clients.
The Novell Client has included NMAS for quite some time.  I believe you
can still optionally not install it with a custom install, but is there
by default otherwise.
It sounds like something went wrong with the original client install to
me.
-jt

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com 
http://www.eastcobbgroup.com 

>>> "Scott Etienne"  11/25/2008 02:10 PM >>> 
After working on this for the past week, I finall found the answer to
my question. There is a specific, NMAS client that has to get installed
along side of or on top of nwclient491 SP4.

What tipped me off was a cool solutions article that spoke of an NMAS
client that was obviously a separate install.

See http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 

I had been going at this thinking this functionality was built into the
client

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

.
>>> "Alan Pearson"  11/25/2008 12:11 PM >>>
Sorry under Passwords->View Policy Assignments in iManager
-- 
AlanP

On Tue, November 25, 2008 3:03 pm, Scott Etienne wrote:
> NetWare 6.5 SP7  w/ NMAS.NLM loaded
> NetWare Client 4.91 SP4 w/ NMAS Authentication enabled
> UPwd Policy assigned to test users--not assigned to any containers.
> Set password policy to require 6 characters with at least 1 numeral.
> Login to Windows XP SP2 as test user, CTRL-ALT-DEL, Change Pwd, set
the
> password to novell, no errors. Noticed Policy button, clicked 
it,
empty
> list.
>
> I was told that you can assign Universal Password policies directly
to
> users, but is that only after you have one set at the container or
> partition above the user's context?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com 
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 
>

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From Hatchellb at vvc.edu  Tue Nov 25 21:24:19 2008
From: Hatchellb at vvc.edu (Brian Hatchell)
Date: Tue, 25 Nov 2008 13:24:19 -0800
Subject: Universal Password Policy not working
In-Reply-To: <492C1749.8A77.004D.0@enesco.com>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk> <492A8B01.8A77.004D.0@enesco.com>
	<1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>
	<492BBF53.8A77.004D.0@enesco.com>
	<34009.88.211.54.85.1227636696.squirrel@83.67.10.8>
	<492BF92A.8A77.004D.0@enesco.com>
	<492C095B020000750003766D@inet.eastcobbgroup.com>
	<492C1749.8A77.004D.0@enesco.com>
Message-ID: <492BFC83.2FC1.0024.1@vvc.edu>

Sorry, is SP5 supported at this time also?

Brian Hatchell
Network Manager
Victor Valley College
760 245-4271 x2792

"A good plan, violently executed now, is better than a perfect plan next week."

- General George S. Patton

Check my Blog at http://gwcal.vvc.edu/mplusextranet/scp.dll/blog?user=hatchellb 

>>> On 11/25/2008 at 1:18 PM, in message <492C1749.8A77.004D.0 at enesco.com>, "Scott Etienne"  wrote:
Read:

System Requirements:
Novell Client 4.91 SP4 client installed

This document is not on support connection, and instead is available
when you download the nmas client. So in lieu of a link, here is the
entire document:

NMAS Client 3.4.2 FTF

This document (5007960) is provided subject to the disclaimer at the
end of this document.
patches this patch supersedes
This patch does not supersede any other patches.
patches that supersede this patch
This patch is not superseded by any other patches.
patch attributes
Security patch: No
Priority: Optional
Distribution Type: Field Test File
http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 
document
Revision: 6
Document ID: 5007960
Creation Date: 2008-02-04 14:43:20
Modified Date: 2008-05-14 23:26:21
technical support

This Field Test File is supported by Novell Technical Services.
abstract

NMAS Client 3.4.2 FTF is a Field Test File based on the NMAS Client 3.4
code base (Novell Client 4.91 SP4).
details

The following fixes are included:

Bug 269814 - Resolved EULA display problems during installation.
TID#3721042 - Bug 278037 - Unable to uninstall the client
TID#3272873 - Bug 340934 - NMAS client installation fails to install
resource DLLs

System Requirements:
Novell Client 4.91 SP4 client installed

Installation:
1. Download and run the nmasclient_setup.exe
2. Reboot after installation
file contents
Files Included Size Date
nmasclient_setup.exe 7.0 MB (7362585) 2008-01-22 15:37:42
readme_5007960.html N/A 2008-05-14 23:26:23
disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this
information. Any trademarks referenced in this document are the property
of their respective owners. Consult your product manuals for complete
trademark information.

Novell is a registered trademark of Novell, Inc. in the United States
and other countries. SUSE is a registered trademark of SUSE Linux AG, a
Novell business. *All third-party trademarks are the property of their
respective owners.

>>> "James Taylor"  11/25/2008 1:19 PM
>>>
The NMAS client install was to correct problems with prior NMAS
clients.
The Novell Client has included NMAS for quite some time.  I believe you
can still optionally not install it with a custom install, but is there
by default otherwise.
It sounds like something went wrong with the original client install to
me.
-jt

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com 
http://www.eastcobbgroup.com 

>>> "Scott Etienne"  11/25/2008 02:10 PM >>> 
After working on this for the past week, I finall found the answer to
my question. There is a specific, NMAS client that has to get installed
along side of or on top of nwclient491 SP4.

What tipped me off was a cool solutions article that spoke of an NMAS
client that was obviously a separate install.

See http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 

I had been going at this thinking this functionality was built into the
client

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

.
>>> "Alan Pearson"  11/25/2008 12:11 PM >>>
Sorry under Passwords->View Policy Assignments in iManager
-- 
AlanP

On Tue, November 25, 2008 3:03 pm, Scott Etienne wrote:
> NetWare 6.5 SP7  w/ NMAS.NLM loaded
> NetWare Client 4.91 SP4 w/ NMAS Authentication enabled
> UPwd Policy assigned to test users--not assigned to any containers.
> Set password policy to require 6 characters with at least 1 numeral.
> Login to Windows XP SP2 as test user, CTRL-ALT-DEL, Change Pwd, set
the
> password to novell, no errors. Noticed Policy button, clicked 
it,
empty
> list.
>
> I was told that you can assign Universal Password policies directly
to
> users, but is that only after you have one set at the container or
> partition above the user's context?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com 
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 
>

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Brian Hatchell1.vcf
URL: 

From James.Taylor at eastcobbgroup.com  Wed Nov 26 03:20:43 2008
From: James.Taylor at eastcobbgroup.com (James Taylor)
Date: Tue, 25 Nov 2008 22:20:43 -0500
Subject: Universal Password Policy not working
Message-ID: <492C7A3B0200007500008514@inet.eastcobbgroup.com>

Yes, the nmas update requires that minimum client version. It doesn't say that nmas is not included with the client.
-jt

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com
http://www.eastcobbgroup.com

>>> "Scott Etienne"  11/25/08 16:19 PM >>>
Read:

System Requirements:
Novell Client 4.91 SP4 client installed

This document is not on support connection, and instead is available
when you download the nmas client. So in lieu of a link, here is the
entire document:

NMAS Client 3.4.2 FTF

This document (5007960) is provided subject to the disclaimer at the
end of this document.
patches this patch supersedes
This patch does not supersede any other patches.
patches that supersede this patch
This patch is not superseded by any other patches.
patch attributes
Security patch: No
Priority: Optional
Distribution Type: Field Test File
http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 
document
Revision: 6
Document ID: 5007960
Creation Date: 2008-02-04 14:43:20
Modified Date: 2008-05-14 23:26:21
technical support

This Field Test File is supported by Novell Technical Services.
abstract

NMAS Client 3.4.2 FTF is a Field Test File based on the NMAS Client 3.4
code base (Novell Client 4.91 SP4).
details

The following fixes are included:

Bug 269814 - Resolved EULA display problems during installation.
TID#3721042 - Bug 278037 - Unable to uninstall the client
TID#3272873 - Bug 340934 - NMAS client installation fails to install
resource DLLs

System Requirements:
Novell Client 4.91 SP4 client installed

Installation:
1. Download and run the nmasclient_setup.exe
2. Reboot after installation
file contents
Files Included Size Date
nmasclient_setup.exe 7.0 MB (7362585) 2008-01-22 15:37:42
readme_5007960.html N/A 2008-05-14 23:26:23
disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this
information. Any trademarks referenced in this document are the property
of their respective owners. Consult your product manuals for complete
trademark information.

Novell is a registered trademark of Novell, Inc. in the United States
and other countries. SUSE is a registered trademark of SUSE Linux AG, a
Novell business. *All third-party trademarks are the property of their
respective owners.

>>> "James Taylor"  11/25/2008 1:19 PM
>>>
The NMAS client install was to correct problems with prior NMAS
clients.
The Novell Client has included NMAS for quite some time.  I believe you
can still optionally not install it with a custom install, but is there
by default otherwise.
It sounds like something went wrong with the original client install to
me.
-jt

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com 
http://www.eastcobbgroup.com 

>>> "Scott Etienne"  11/25/2008 02:10 PM >>> 
After working on this for the past week, I finall found the answer to
my question. There is a specific, NMAS client that has to get installed
along side of or on top of nwclient491 SP4.

What tipped me off was a cool solutions article that spoke of an NMAS
client that was obviously a separate install.

See http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 

I had been going at this thinking this functionality was built into the
client

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

.
>>> "Alan Pearson"  11/25/2008 12:11 PM >>>
Sorry under Passwords->View Policy Assignments in iManager
-- 
AlanP

On Tue, November 25, 2008 3:03 pm, Scott Etienne wrote:
> NetWare 6.5 SP7  w/ NMAS.NLM loaded
> NetWare Client 4.91 SP4 w/ NMAS Authentication enabled
> UPwd Policy assigned to test users--not assigned to any containers.
> Set password policy to require 6 characters with at least 1 numeral.
> Login to Windows XP SP2 as test user, CTRL-ALT-DEL, Change Pwd, set
the
> password to novell, no errors. Noticed Policy button, clicked 
it,
empty
> list.
>
> I was told that you can assign Universal Password policies directly
to
> users, but is that only after you have one set at the container or
> partition above the user's context?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com 
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 
>

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From Setienne at enesco.com  Wed Nov 26 14:58:25 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Wed, 26 Nov 2008 08:58:25 -0600
Subject: Universal Password Policy not working
In-Reply-To: <492BFC83.2FC1.0024.1@vvc.edu>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk> <492A8B01.8A77.004D.0@enesco.com>
	<1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>
	<492BBF53.8A77.004D.0@enesco.com>
	<34009.88.211.54.85.1227636696.squirrel@83.67.10.8>
	<492BF92A.8A77.004D.0@enesco.com>
	<492C095B020000750003766D@inet.eastcobbgroup.com>
	<492C1749.8A77.004D.0@enesco.com> <492BFC83.2FC1.0024.1@vvc.edu>
Message-ID: <492D0FB1.8A77.004D.0@enesco.com>

I have just tested SP5, and it appears that this update is not required for NMAS to work regarding u-pwd policies.

>>> "Brian Hatchell"  11/25/2008 3:24 PM >>>
Sorry, is SP5 supported at this time also?

Brian Hatchell
Network Manager
Victor Valley College
760 245-4271 x2792

"A good plan, violently executed now, is better than a perfect plan next week."

- General George S. Patton

Check my Blog at http://gwcal.vvc.edu/mplusextranet/scp.dll/blog?user=hatchellb 

>>> On 11/25/2008 at 1:18 PM, in message <492C1749.8A77.004D.0 at enesco.com>, "Scott Etienne"  wrote:
Read:

System Requirements:
Novell Client 4.91 SP4 client installed

This document is not on support connection, and instead is available
when you download the nmas client. So in lieu of a link, here is the
entire document:

NMAS Client 3.4.2 FTF

This document (5007960) is provided subject to the disclaimer at the
end of this document.
patches this patch supersedes
This patch does not supersede any other patches.
patches that supersede this patch
This patch is not superseded by any other patches.
patch attributes
Security patch: No
Priority: Optional
Distribution Type: Field Test File
http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 
document
Revision: 6
Document ID: 5007960
Creation Date: 2008-02-04 14:43:20
Modified Date: 2008-05-14 23:26:21
technical support

This Field Test File is supported by Novell Technical Services.
abstract

NMAS Client 3.4.2 FTF is a Field Test File based on the NMAS Client 3.4
code base (Novell Client 4.91 SP4).
details

The following fixes are included:

Bug 269814 - Resolved EULA display problems during installation.
TID#3721042 - Bug 278037 - Unable to uninstall the client
TID#3272873 - Bug 340934 - NMAS client installation fails to install
resource DLLs

System Requirements:
Novell Client 4.91 SP4 client installed

Installation:
1. Download and run the nmasclient_setup.exe
2. Reboot after installation
file contents
Files Included Size Date
nmasclient_setup.exe 7.0 MB (7362585) 2008-01-22 15:37:42
readme_5007960.html N/A 2008-05-14 23:26:23
disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this
information. Any trademarks referenced in this document are the property
of their respective owners. Consult your product manuals for complete
trademark information.

Novell is a registered trademark of Novell, Inc. in the United States
and other countries. SUSE is a registered trademark of SUSE Linux AG, a
Novell business. *All third-party trademarks are the property of their
respective owners.

>>> "James Taylor"  11/25/2008 1:19 PM
>>>
The NMAS client install was to correct problems with prior NMAS
clients.
The Novell Client has included NMAS for quite some time.  I believe you
can still optionally not install it with a custom install, but is there
by default otherwise.
It sounds like something went wrong with the original client install to
me.
-jt

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com 
http://www.eastcobbgroup.com 

>>> "Scott Etienne"  11/25/2008 02:10 PM >>> 
After working on this for the past week, I finall found the answer to
my question. There is a specific, NMAS client that has to get installed
along side of or on top of nwclient491 SP4.

What tipped me off was a cool solutions article that spoke of an NMAS
client that was obviously a separate install.

See http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 

I had been going at this thinking this functionality was built into the
client

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

.
>>> "Alan Pearson"  11/25/2008 12:11 PM >>>
Sorry under Passwords->View Policy Assignments in iManager
-- 
AlanP

On Tue, November 25, 2008 3:03 pm, Scott Etienne wrote:
> NetWare 6.5 SP7  w/ NMAS.NLM loaded
> NetWare Client 4.91 SP4 w/ NMAS Authentication enabled
> UPwd Policy assigned to test users--not assigned to any containers.
> Set password policy to require 6 characters with at least 1 numeral.
> Login to Windows XP SP2 as test user, CTRL-ALT-DEL, Change Pwd, set
the
> password to novell, no errors. Noticed Policy button, clicked 
it,
empty
> list.
>
> I was told that you can assign Universal Password policies directly
to
> users, but is that only after you have one set at the container or
> partition above the user's context?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com 
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 
>

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From Setienne at enesco.com  Wed Nov 26 15:39:29 2008
From: Setienne at enesco.com (Scott Etienne)
Date: Wed, 26 Nov 2008 09:39:29 -0600
Subject: Universal Password Policy not working
In-Reply-To: <492D0FB1.8A77.004D.0@enesco.com>
References: <492693B6.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<49269B2E.3050506@oucs.ox.ac.uk>
	<4926AD64.170A.0099.0@gwmail.jr2.ox.ac.uk>
	<4926B589.5030601@oucs.ox.ac.uk>
	<4926F3EB020000BB0003E800@mail2.nds8.com>
	<4927079E.1010701@oucs.ox.ac.uk> <492A8B01.8A77.004D.0@enesco.com>
	<1d6cdac70811241124n270a5383p7cc65c3724d756b2@mail.gmail.com>
	<492BBF53.8A77.004D.0@enesco.com>
	<34009.88.211.54.85.1227636696.squirrel@83.67.10.8>
	<492BF92A.8A77.004D.0@enesco.com>
	<492C095B020000750003766D@inet.eastcobbgroup.com>
	<492C1749.8A77.004D.0@enesco.com> <492BFC83.2FC1.0024.1@vvc.edu>
	<492D0FB1.8A77.004D.0@enesco.com>
Message-ID: <492D1950.8A77.004D.0@enesco.com>

I found problems accessing our GroupWise domain using Console One on our NetWare systems. I am able to access domains on Linux.

>>> "Scott Etienne"  11/26/2008 8:58 AM >>>
I have just tested SP5, and it appears that this update is not required for NMAS to work regarding u-pwd policies.

>>> "Brian Hatchell"  11/25/2008 3:24 PM >>>
Sorry, is SP5 supported at this time also?

Brian Hatchell
Network Manager
Victor Valley College
760 245-4271 x2792

"A good plan, violently executed now, is better than a perfect plan next week."

- General George S. Patton

Check my Blog at http://gwcal.vvc.edu/mplusextranet/scp.dll/blog?user=hatchellb 

>>> On 11/25/2008 at 1:18 PM, in message <492C1749.8A77.004D.0 at enesco.com>, "Scott Etienne"  wrote:
Read:

System Requirements:
Novell Client 4.91 SP4 client installed

This document is not on support connection, and instead is available
when you download the nmas client. So in lieu of a link, here is the
entire document:

NMAS Client 3.4.2 FTF

This document (5007960) is provided subject to the disclaimer at the
end of this document.
patches this patch supersedes
This patch does not supersede any other patches.
patches that supersede this patch
This patch is not superseded by any other patches.
patch attributes
Security patch: No
Priority: Optional
Distribution Type: Field Test File
http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 
document
Revision: 6
Document ID: 5007960
Creation Date: 2008-02-04 14:43:20
Modified Date: 2008-05-14 23:26:21
technical support

This Field Test File is supported by Novell Technical Services.
abstract

NMAS Client 3.4.2 FTF is a Field Test File based on the NMAS Client 3.4
code base (Novell Client 4.91 SP4).
details

The following fixes are included:

Bug 269814 - Resolved EULA display problems during installation.
TID#3721042 - Bug 278037 - Unable to uninstall the client
TID#3272873 - Bug 340934 - NMAS client installation fails to install
resource DLLs

System Requirements:
Novell Client 4.91 SP4 client installed

Installation:
1. Download and run the nmasclient_setup.exe
2. Reboot after installation
file contents
Files Included Size Date
nmasclient_setup.exe 7.0 MB (7362585) 2008-01-22 15:37:42
readme_5007960.html N/A 2008-05-14 23:26:23
disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this
information. Any trademarks referenced in this document are the property
of their respective owners. Consult your product manuals for complete
trademark information.

Novell is a registered trademark of Novell, Inc. in the United States
and other countries. SUSE is a registered trademark of SUSE Linux AG, a
Novell business. *All third-party trademarks are the property of their
respective owners.

>>> "James Taylor"  11/25/2008 1:19 PM
>>>
The NMAS client install was to correct problems with prior NMAS
clients.
The Novell Client has included NMAS for quite some time.  I believe you
can still optionally not install it with a custom install, but is there
by default otherwise.
It sounds like something went wrong with the original client install to
me.
-jt

James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com 
http://www.eastcobbgroup.com 

>>> "Scott Etienne"  11/25/2008 02:10 PM >>> 
After working on this for the past week, I finall found the answer to
my question. There is a specific, NMAS client that has to get installed
along side of or on top of nwclient491 SP4.

What tipped me off was a cool solutions article that spoke of an NMAS
client that was obviously a separate install.

See http://download.novell.com/Download?buildid=TrPyIcMGYnw~ 

I had been going at this thinking this functionality was built into the
client

Thank you,

Scott Etienne
Network Engineer
Enesco, LLC
setienne at enesco.com 

.
>>> "Alan Pearson"  11/25/2008 12:11 PM >>>
Sorry under Passwords->View Policy Assignments in iManager
-- 
AlanP

On Tue, November 25, 2008 3:03 pm, Scott Etienne wrote:
> NetWare 6.5 SP7  w/ NMAS.NLM loaded
> NetWare Client 4.91 SP4 w/ NMAS Authentication enabled
> UPwd Policy assigned to test users--not assigned to any containers.
> Set password policy to require 6 characters with at least 1 numeral.
> Login to Windows XP SP2 as test user, CTRL-ALT-DEL, Change Pwd, set
the
> password to novell, no errors. Noticed Policy button, clicked 
it,
empty
> list.
>
> I was told that you can assign Universal Password policies directly
to
> users, but is that only after you have one set at the container or
> partition above the user's context?
>
> Thank you,
>
> Scott Etienne
> Network Engineer
> Enesco, LLC
> setienne at enesco.com 
>
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 
>

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell 
_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

From joea at j4computers.com  Fri Nov 28 00:28:45 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Thu, 27 Nov 2008 19:28:45 -0500
Subject: Dell pe1900 no operating system
Message-ID: <492EF4ED020000850005EF83@FS-LIN-OES>

Installed SLES 10 sp1 on a Dell PE1900.  4GB RAM 4x160 SATA in a RAID6 array.

Installed VMware server and copied over 2 existing VM''s.   All worked fine. 

I restarted the Host several times, while testing.

Several days later, client found things sluggish and decided to restart the VM.  And every other box in sight.

All came up except this machine, which said "no operating system".

I've found nothing in searches, so thought I would run this by the list.

joe a.

From hooeld at bay.k12.fl.us  Thu Nov 27 23:41:28 2008
From: hooeld at bay.k12.fl.us (Leslie Hooe)
Date: Thu, 27 Nov 2008 17:41:28 -0600
Subject: Dell pe1900 no operating system
In-Reply-To: <492EF4ED020000850005EF83@FS-LIN-OES>
References: <492EF4ED020000850005EF83@FS-LIN-OES>
Message-ID: <492EDBC8.03A7.0001.0@bay.k12.fl.us>

My guess would be the Raid controller..

Leslie Hooe
Telecommunications Manager
Bay District Schools
(850) 747-5295 

>>> On 11/27/2008 at 6:28 PM, in message <492EF4ED020000850005EF83 at FS-LIN-OES>, "joea at j4computers.com"  wrote:
Installed SLES 10 sp1 on a Dell PE1900.  4GB RAM 4x160 SATA in a RAID6 array.

Installed VMware server and copied over 2 existing VM''s.   All worked fine. 

I restarted the Host several times, while testing.

Several days later, client found things sluggish and decided to restart the VM.  And every other box in sight.

All came up except this machine, which said "no operating system".

I've found nothing in searches, so thought I would run this by the list.

joe a.

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public-records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.

From joea at j4computers.com  Fri Nov 28 00:42:20 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Thu, 27 Nov 2008 19:42:20 -0500
Subject: Dell pe1900 no operating system
In-Reply-To: <492EDBC8.03A7.0001.0@bay.k12.fl.us>
References: <492EF4ED020000850005EF83@FS-LIN-OES>
	<492EDBC8.03A7.0001.0@bay.k12.fl.us>
Message-ID: <492EF81D020000850005EF87@FS-LIN-OES>

>>> On 11/27/2008 at 6:41 PM, "Leslie Hooe"  wrote:
> My guess would be the Raid controller..
>  
> Leslie Hooe
> Telecommunications Manager
> Bay District Schools
> (850) 747-5295 
> 
You mean as in being "flakey"?

Going into the RAID config shows the array to be in fine shape.  Just no OS.

Did not try reinstall as the install DVD was not on site.

joe a.

>>>> On 11/27/2008 at 6:28 PM, in message <492EF4ED020000850005EF83 at FS-LIN-OES>, 
> "joea at j4computers.com"  wrote:
> Installed SLES 10 sp1 on a Dell PE1900.  4GB RAM 4x160 SATA in a RAID6 
> array.
> 
> Installed VMware server and copied over 2 existing VM''s.   All worked fine. 
> 
> 
> I restarted the Host several times, while testing.
> 
> Several days later, client found things sluggish and decided to restart the 
> VM.  And every other box in sight.
> 
> All came up except this machine, which said "no operating system".
> 
> I've found nothing in searches, so thought I would run this by the list.
> 
> joe a.
> 
> 
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 
> 
> 
> 
> 
> 
> The information contained in this message may be privileged and confidential 
> and protected from disclosure. If the reader of this message is not the 
> intended recipient, or an employee or agent responsible for delivering this 
> message to the intended recipient, you are hereby notified that any 
> dissemination, distribution or copying of this communication is strictly 
> prohibited. If you have received this communication in error, please notify 
> us immediately by replying to the message and deleting it from your computer. 
> Under Florida law, e-mail addresses are public records. If you do not want 
> your e-mail address released in response to a public-records request, do not 
> send electronic mail to this entity. Instead, contact this office by phone or 
> in writing.
> 
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 

From hooeld at bay.k12.fl.us  Fri Nov 28 00:00:38 2008
From: hooeld at bay.k12.fl.us (Leslie Hooe)
Date: Thu, 27 Nov 2008 18:00:38 -0600
Subject: Dell pe1900 no operating system
In-Reply-To: <492EF81D020000850005EF87@FS-LIN-OES>
References: <492EF4ED020000850005EF83@FS-LIN-OES>
	<492EDBC8.03A7.0001.0@bay.k12.fl.us>
	<492EF81D020000850005EF87@FS-LIN-OES>
Message-ID: <492EE046.03A7.0001.0@bay.k12.fl.us>

No, I would have thought the array would not have looked OK, or you would not have been able to get into the controller..

With Raid 6, it would mean 2 drives went south?? Not common, but I have one last week on a Dell 2500, so not unheard of.. But you would have yellow lights on the drives..

Sorry I am not of more help.. Good luck..

Leslie Hooe
Telecommunications Manager
Bay District Schools
(850) 747-5295 

>>> On 11/27/2008 at 6:42 PM, in message <492EF81D020000850005EF87 at FS-LIN-OES>, "joea at j4computers.com"  wrote:
>>> On 11/27/2008 at 6:41 PM, "Leslie Hooe"  wrote:
> My guess would be the Raid controller..
>  
> Leslie Hooe
> Telecommunications Manager
> Bay District Schools
> (850) 747-5295 
> 
You mean as in being "flakey"?

Going into the RAID config shows the array to be in fine shape.  Just no OS.

Did not try reinstall as the install DVD was not on site.

joe a.

>>>> On 11/27/2008 at 6:28 PM, in message <492EF4ED020000850005EF83 at FS-LIN-OES>, 
> "joea at j4computers.com"  wrote:
> Installed SLES 10 sp1 on a Dell PE1900.  4GB RAM 4x160 SATA in a RAID6 
> array.
> 
> Installed VMware server and copied over 2 existing VM''s.   All worked fine. 
> 
> 
> I restarted the Host several times, while testing.
> 
> Several days later, client found things sluggish and decided to restart the 
> VM.  And every other box in sight.
> 
> All came up except this machine, which said "no operating system".
> 
> I've found nothing in searches, so thought I would run this by the list.
> 
> joe a.
> 
> 
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 
> 
> 
> 
> 
> 
> The information contained in this message may be privileged and confidential 
> and protected from disclosure. If the reader of this message is not the 
> intended recipient, or an employee or agent responsible for delivering this 
> message to the intended recipient, you are hereby notified that any 
> dissemination, distribution or copying of this communication is strictly 
> prohibited. If you have received this communication in error, please notify 
> us immediately by replying to the message and deleting it from your computer. 
> Under Florida law, e-mail addresses are public records. If you do not want 
> your e-mail address released in response to a public-records request, do not 
> send electronic mail to this entity. Instead, contact this office by phone or 
> in writing.
> 
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk 
> http://netlab1.usu.edu/mailman/listinfo/novell 

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk 
http://netlab1.usu.edu/mailman/listinfo/novell

The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public-records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.

From joea at j4computers.com  Sat Nov 29 21:07:48 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Sat, 29 Nov 2008 16:07:48 -0500
Subject: Time problems NW6.5 Vmware Server
Message-ID: <493168D4020000850005EF92@FS-LIN-OES>

NW6.5 on VMware server 1.0.6.   Time seems to be running very slowly.  Thought it was running fine when I checked about a month ago.

One problem is that I cannot sync time properly, with an NTP source.  Time Server type set as Primary.  XNTPD in use.

Other problem is that it is dog slow to start.  You think it is hung.  Saying "time" at console, repeatedly, shows that the seconds tick off about 1 every 10 seconds, in real time.

Thoughts?

joe a.

From joea at j4computers.com  Sat Nov 29 21:47:48 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Sat, 29 Nov 2008 16:47:48 -0500
Subject: Time problems NW6.5 Vmware Server - resolved (?)
In-Reply-To: <493168D4020000850005EF92@FS-LIN-OES>
References: <493168D4020000850005EF92@FS-LIN-OES>
Message-ID: <49317234020000850005EF96@FS-LIN-OES>

>>> On 11/29/2008 at 4:07 PM, "joea at j4computers.com"  wrote:
> NW6.5 on VMware server 1.0.6.   Time seems to be running very slowly.  
> Thought it was running fine when I checked about a month ago.
> 
> One problem is that I cannot sync time properly, with an NTP source.  Time 
> Server type set as Primary.  XNTPD in use.
> 
> Other problem is that it is dog slow to start.  You think it is hung.  
> Saying "time" at console, repeatedly, shows that the seconds tick off about 1 
> every 10 seconds, in real time.
> 
> Thoughts?
> 
> joe a.

Following some Joe D tips, hunted up via Google ( VM host config settings, host.cpukHz = "12345"  sort of stuff) and restarting the host and guests, things seem more normal.

Time will tell.   So to speak.

joe a.

From joea at j4computers.com  Sat Nov 29 23:45:02 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Sat, 29 Nov 2008 18:45:02 -0500
Subject: OES linux time drifts into the future.
Message-ID: <49318DAE020000850005EF9A@FS-LIN-OES>

While chasing time issues on a couple of vm guests, I now find the oes linux box is drifting into the future.  While there are a number of things I have found to try, I am stumped by a seeming simple ntp issue, which may be the root of the problem.

When doing xntpd start, it says it is trying to get time from server "foo", instead of server "bar".  "foo" is the name of the guest itself.  "bar" is what is entered in /etc/ntp.conf and also in yast ntp client config  area.  No idea why it is saying this.

joe a.

From joea at j4computers.com  Sun Nov 30 00:14:21 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Sat, 29 Nov 2008 19:14:21 -0500
Subject: OES linux time drifts into the future.
In-Reply-To: <49318DAE020000850005EF9A@FS-LIN-OES>
References: <49318DAE020000850005EF9A@FS-LIN-OES>
Message-ID: <4931948D020000850005EF9E@FS-LIN-OES>

>>> On 11/29/2008 at 6:45 PM, "joea at j4computers.com"  wrote:
> While chasing time issues on a couple of vm guests, I now find the oes linux 
> box is drifting into the future.  While there are a number of things I have 
> found to try, I am stumped by a seeming simple ntp issue, which may be the 
> root of the problem.
> 
> When doing xntpd start, it says it is trying to get time from server "foo", 
> instead of server "bar".  "foo" is the name of the guest itself.  "bar" is 
> what is entered in /etc/ntp.conf and also in yast ntp client config  area.  
> No idea why it is saying this.

Changing to pool.ntp.org resolved the ntp problem (must have a flaky on site time source), but still time drifts ahead.   This is with clock=pit and noapic on the kernel line in /boot/grub/menu.lst

joe a.

From jrd at netlab1.oucs.ox.ac.uk  Sun Nov 30 11:11:55 2008
From: jrd at netlab1.oucs.ox.ac.uk (jrd)
Date: Sun, 30 Nov 2008 11:11:55 +0000
Subject: OES linux time drifts into the future.
In-Reply-To: <4931948D020000850005EF9E@FS-LIN-OES>
References: <49318DAE020000850005EF9A@FS-LIN-OES>
	<4931948D020000850005EF9E@FS-LIN-OES>
Message-ID: <493274FB.4080800@netlab1.oucs.ox.ac.uk>

joea at j4computers.com wrote:
>>>> On 11/29/2008 at 6:45 PM, "joea at j4computers.com"  wrote:
>>>>         
>> While chasing time issues on a couple of vm guests, I now find the oes linux 
>> box is drifting into the future.  While there are a number of things I have 
>> found to try, I am stumped by a seeming simple ntp issue, which may be the 
>> root of the problem.
>>
>> When doing xntpd start, it says it is trying to get time from server "foo", 
>> instead of server "bar".  "foo" is the name of the guest itself.  "bar" is 
>> what is entered in /etc/ntp.conf and also in yast ntp client config  area.  
>> No idea why it is saying this.
>>     
>
> Changing to pool.ntp.org resolved the ntp problem (must have a flaky on site time source), but still time drifts ahead.   This is with clock=pit and noapic on the kernel line in /boot/grub/menu.lst
>
> joe a.
>
>   
--------------
       That must have been us.pool.ntp.org, one of many country pools. I use
uk.pool.ntp.org at my place.
       For NW in VMware, in addition to my advice about tuning the host 
machine,
we wish to know that NW seems to construct timing details at boot time, 
and if that
is off then time will just not stabilize. The only way to fix this, in 
my experience, is to
issue  reset server  to have it go through the procedure anew. Just 
restarting xntpd
does not suffice.
       Also, NW likes to start time keeping very early in its boot 
process, often before
the network is ready, and then the ntpdate time slamming operation 
fails. My way
forward is to boot the server using timesync, then near the very end of 
autoexec.ncf,
as far from starting up as we can arrange it, unload timesync and load 
xntpd. This
tries to skip over the heavy disk i/o of starting tomcat applications.
      When xntpd is keeping time, ensure to have enabled the clock 
stepping part
in etc\ntp.conf. Then check on matters with ntpq at the console. Give 
ntpq command
lpeer to see how time is being kept. With the NTP pool sources, do 
bewary about
using just one because some are in bad shape from day to day. Use a 
handful of
sources.
      NW virtualized in XEN really needs the host to support the Intel 
VT virtualization
extensions, and their AMD equivalents. Even so, placing a very heavy 
load on such
a box can make NW time keeping go wild.
      For Linux, comment out the local clock sources, use a handful of 
externals.
Here we can say   server us.pool.ntp.org  iburst    several times to get 
more
variety. Note that   iburst   modifier which provides much quicker 
convergence
than without it; xntpd.nlm is too old to have that capability.
      Check your DNS resolving capabilities because delays may mean loss of
sources.
     Linux in VMware does benefit from the kernel startup option  
clock=pit. I think
you will find the most recent editions of VMware (Workstation 6.5.1 and 
Server
2.0) keep time better than earlier ones. These current versions also 
work properly
with the present v2.6.27 tickless kernels. Prior to that such kernels 
need to be started
with option   nohz=true (or is that   yes?).

   Joe D.

From joea at j4computers.com  Sun Nov 30 14:23:48 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Sun, 30 Nov 2008 09:23:48 -0500
Subject: OES linux time drifts into the future.
In-Reply-To: <493274FB.4080800@netlab1.oucs.ox.ac.uk>
References: <49318DAE020000850005EF9A@FS-LIN-OES>
	<4931948D020000850005EF9E@FS-LIN-OES>
	<493274FB.4080800@netlab1.oucs.ox.ac.uk>
Message-ID: <49325BA4020000850005EFAA@FS-LIN-OES>

>>> On 11/30/2008 at 6:11 AM, jrd  wrote:
> joea at j4computers.com wrote:
>>>>> On 11/29/2008 at 6:45 PM, "joea at j4computers.com"  wrote:
>>>>>         
>>> While chasing time issues on a couple of vm guests, I now find the oes linux 
> 
>>> box is drifting into the future.  While there are a number of things I have 
>>> found to try, I am stumped by a seeming simple ntp issue, which may be the 
>>> root of the problem.
>>>
>>> When doing xntpd start, it says it is trying to get time from server "foo", 
>>> instead of server "bar".  "foo" is the name of the guest itself.  "bar" is 
>>> what is entered in /etc/ntp.conf and also in yast ntp client config  area.  
>>> No idea why it is saying this.
>>>     
>>
>> Changing to pool.ntp.org resolved the ntp problem (must have a flaky on site 
> time source), but still time drifts ahead.   This is with clock=pit and 
> noapic on the kernel line in /boot/grub/menu.lst
>>
>> joe a.
>>
>>   
> --------------
>        That must have been us.pool.ntp.org, one of many country pools. I use
> uk.pool.ntp.org at my place.
>        For NW in VMware, in addition to my advice about tuning the host 
> machine,
> we wish to know that NW seems to construct timing details at boot time, 
> and if that
> is off then time will just not stabilize. The only way to fix this, in 
> my experience, is to
> issue  reset server  to have it go through the procedure anew. Just 
> restarting xntpd
> does not suffice.
>        Also, NW likes to start time keeping very early in its boot 
> process, often before
> the network is ready, and then the ntpdate time slamming operation 
> fails. My way
> forward is to boot the server using timesync, then near the very end of 
> autoexec.ncf,
> as far from starting up as we can arrange it, unload timesync and load 
> xntpd. This
> tries to skip over the heavy disk i/o of starting tomcat applications.
>       When xntpd is keeping time, ensure to have enabled the clock 
> stepping part
> in etc\ntp.conf. Then check on matters with ntpq at the console. Give 
> ntpq command
> lpeer to see how time is being kept. With the NTP pool sources, do 
> bewary about
> using just one because some are in bad shape from day to day. Use a 
> handful of
> sources.
>       NW virtualized in XEN really needs the host to support the Intel 
> VT virtualization
> extensions, and their AMD equivalents. Even so, placing a very heavy 
> load on such
> a box can make NW time keeping go wild.
>       For Linux, comment out the local clock sources, use a handful of 
> externals.
> Here we can say   server us.pool.ntp.org  iburst    several times to get 
> more
> variety. Note that   iburst   modifier which provides much quicker 
> convergence
> than without it; xntpd.nlm is too old to have that capability.
>       Check your DNS resolving capabilities because delays may mean loss of
> sources.
>      Linux in VMware does benefit from the kernel startup option  
> clock=pit. I think
> you will find the most recent editions of VMware (Workstation 6.5.1 and 
> Server
> 2.0) keep time better than earlier ones. These current versions also 
> work properly
> with the present v2.6.27 tickless kernels. Prior to that such kernels 
> need to be started
> with option   nohz=true (or is that   yes?).
> 
>    Joe D.

Which kernel, the host or the guest?

I may test VMware server 2.0 later today.

The Linux guest if now ahead by an hour or so, since only last evening.  The NW box appears spot on.

joe a.

From jrd at netlab1.oucs.ox.ac.uk  Sun Nov 30 14:40:46 2008
From: jrd at netlab1.oucs.ox.ac.uk (jrd)
Date: Sun, 30 Nov 2008 14:40:46 +0000
Subject: OES linux time drifts into the future.
In-Reply-To: <49325BA4020000850005EFAA@FS-LIN-OES>
References: <49318DAE020000850005EF9A@FS-LIN-OES>	<4931948D020000850005EF9E@FS-LIN-OES>	<493274FB.4080800@netlab1.oucs.ox.ac.uk>
	<49325BA4020000850005EFAA@FS-LIN-OES>
Message-ID: <4932A5EE.5010305@netlab1.oucs.ox.ac.uk>

joea at j4computers.com wrote:
>>>> On 11/30/2008 at 6:11 AM, jrd  wrote:
>>>>         
>> joea at j4computers.com wrote:
>>     
>>>>>> On 11/29/2008 at 6:45 PM, "joea at j4computers.com"  wrote:
>>>>>>         
>>>>>>             
>>>> While chasing time issues on a couple of vm guests, I now find the oes linux 
>>>>         
>>>> box is drifting into the future.  While there are a number of things I have 
>>>> found to try, I am stumped by a seeming simple ntp issue, which may be the 
>>>> root of the problem.
>>>>
>>>> When doing xntpd start, it says it is trying to get time from server "foo", 
>>>> instead of server "bar".  "foo" is the name of the guest itself.  "bar" is 
>>>> what is entered in /etc/ntp.conf and also in yast ntp client config  area.  
>>>> No idea why it is saying this.
>>>>     
>>>>         
>>> Changing to pool.ntp.org resolved the ntp problem (must have a flaky on site 
>>>       
>> time source), but still time drifts ahead.   This is with clock=pit and 
>> noapic on the kernel line in /boot/grub/menu.lst
>>     
>>> joe a.
>>>
>>>   
>>>       
>> --------------
>>        That must have been us.pool.ntp.org, one of many country pools. I use
>> uk.pool.ntp.org at my place.
>>        For NW in VMware, in addition to my advice about tuning the host 
>> machine,
>> we wish to know that NW seems to construct timing details at boot time, 
>> and if that
>> is off then time will just not stabilize. The only way to fix this, in 
>> my experience, is to
>> issue  reset server  to have it go through the procedure anew. Just 
>> restarting xntpd
>> does not suffice.
>>        Also, NW likes to start time keeping very early in its boot 
>> process, often before
>> the network is ready, and then the ntpdate time slamming operation 
>> fails. My way
>> forward is to boot the server using timesync, then near the very end of 
>> autoexec.ncf,
>> as far from starting up as we can arrange it, unload timesync and load 
>> xntpd. This
>> tries to skip over the heavy disk i/o of starting tomcat applications.
>>       When xntpd is keeping time, ensure to have enabled the clock 
>> stepping part
>> in etc\ntp.conf. Then check on matters with ntpq at the console. Give 
>> ntpq command
>> lpeer to see how time is being kept. With the NTP pool sources, do 
>> bewary about
>> using just one because some are in bad shape from day to day. Use a 
>> handful of
>> sources.
>>       NW virtualized in XEN really needs the host to support the Intel 
>> VT virtualization
>> extensions, and their AMD equivalents. Even so, placing a very heavy 
>> load on such
>> a box can make NW time keeping go wild.
>>       For Linux, comment out the local clock sources, use a handful of 
>> externals.
>> Here we can say   server us.pool.ntp.org  iburst    several times to get 
>> more
>> variety. Note that   iburst   modifier which provides much quicker 
>> convergence
>> than without it; xntpd.nlm is too old to have that capability.
>>       Check your DNS resolving capabilities because delays may mean loss of
>> sources.
>>      Linux in VMware does benefit from the kernel startup option  
>> clock=pit. I think
>> you will find the most recent editions of VMware (Workstation 6.5.1 and 
>> Server
>> 2.0) keep time better than earlier ones. These current versions also 
>> work properly
>> with the present v2.6.27 tickless kernels. Prior to that such kernels 
>> need to be started
>> with option   nohz=true (or is that   yes?).
>>
>>    Joe D.
>>     
>
>
> Which kernel, the host or the guest?
>
> I may test VMware server 2.0 later today.
>
> The Linux guest if now ahead by an hour or so, since only last evening.  The NW box appears spot on.
>
> joe a.
>   
------------
Joe,
    Linux host: we always ensure that it uses NTP and is spot on.
    Linux guest: same thing
    NW guest: ditto

   This is the case for any Linux kernel, host or guest.
   The nohz option is for the Linux guest, though it may be stated
for a Linux host if you wish. This appeared in kernels 2.6.26 or so.
The purpose of being tickless was to reduce the interrupt rate, and
hence also the overhead of running the scheduler, from its extreme
value of 1000/sec (to make clients appear to be "crisp" at any cost)
to the tens/sec so that the modern CPU sleep states can be entered.
The Unix historical value has been 100. Green is good and all that jazz.
    The problem with a tickless kernel has been that older VMware
workstation products were unaware of it and guest time was in very
serious trouble indeed. That's where the nohz option was required.
Today the versions I mentioned above seem to work fine for me in
quick tests. Yet, it is up to us to check our local environment.
    Note: the forthcoming SLES 11 uses kernel 2.6.27, thus is tickless.
At best you can obtain OpenSUSE11 today; SLES 11 is still in closed
beta.
   VMware Server 2.0 seems to be a little behind the finesse found in
VMware Workstation 6.5.x.
   Joe D.

From joea at j4computers.com  Sun Nov 30 17:11:21 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Sun, 30 Nov 2008 12:11:21 -0500
Subject: Restore operating system SLES 10 SP2
Message-ID: <493271F5020000850005EFBC@FS-LIN-OES>

A working system, SLES10 SP2 as host, VMware server 1.0.6, 2 windows hosts. Dell PE1900 6GB ram 420 GB or so RAID 5.

Upon restart says no operating system.  RAID seems fine.  Booting in rescue mode I can see the partitions.  Sadly, I only created swap and /

Is there a way to simply reinstall "OS" without copying over everything?   If no, I am in for a long day.

joe a.

From joea at j4computers.com  Sun Nov 30 17:16:55 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Sun, 30 Nov 2008 12:16:55 -0500
Subject: Restore operating system SLES 10 SP2
Message-ID: <4932732E020000850005EFC3@FS-LIN-OES>

Did find how to "repair" via the sles install dialog.  finds everything, but tells me no mountable partitions found.  Recheck or proceed with install.  I suppose the latter will wipe out existing data.?

joe a.

>>> "joea at j4computers.com"  11/30/08 11:00 AM >>>
A working system, SLES10 SP2 as host, VMware server 1.0.6, 2 windows hosts. Dell PE1900 6GB ram 420 GB or so RAID 5.

Upon restart says no operating system.  RAID seems fine.  Booting in rescue mode I can see the partitions.  Sadly, I only created swap and /

Is there a way to simply reinstall "OS" without copying over everything?   If no, I am in for a long day.

joe a.

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From alandpearson at yahoo.com  Sun Nov 30 16:10:18 2008
From: alandpearson at yahoo.com (Alan Pearson)
Date: Sun, 30 Nov 2008 16:10:18 +0000
Subject: Restore operating system SLES 10 SP2
In-Reply-To: <493271F5020000850005EFBC@FS-LIN-OES>
References: <493271F5020000850005EFBC@FS-LIN-OES>
Message-ID: <352F5FB6-62AE-4675-942A-D6D7F30CE58D@yahoo.com>

Hi Joe,

Seems like your boot sector has gone.

Easiest way to fix :

Boot into Installation mode of the CDs, proceed through language  
dialouges

When offered new Installation or upgrade, choose 'Other options'

There is a repair option given.
Go through it and tell it to repair the boot configuration.

Alternatively you could simply try this in recuse mode

chroot 
grub-install

---
AlanP

On 30 Nov 2008, at 17:11, joea at j4computers.com wrote:

> A working system, SLES10 SP2 as host, VMware server 1.0.6, 2 windows  
> hosts. Dell PE1900 6GB ram 420 GB or so RAID 5.
>
> Upon restart says no operating system.  RAID seems fine.  Booting in  
> rescue mode I can see the partitions.  Sadly, I only created swap  
> and /
>
> Is there a way to simply reinstall "OS" without copying over  
> everything?   If no, I am in for a long day.
>
> joe a.
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell

From jrd at netlab1.oucs.ox.ac.uk  Sun Nov 30 16:37:04 2008
From: jrd at netlab1.oucs.ox.ac.uk (jrd)
Date: Sun, 30 Nov 2008 16:37:04 +0000
Subject: Restore operating system SLES 10 SP2
In-Reply-To: <493271F5020000850005EFBC@FS-LIN-OES>
References: <493271F5020000850005EFBC@FS-LIN-OES>
Message-ID: <4932C130.2040009@netlab1.oucs.ox.ac.uk>

joea at j4computers.com wrote:
> A working system, SLES10 SP2 as host, VMware server 1.0.6, 2 windows hosts. Dell PE1900 6GB ram 420 GB or so RAID 5.
>
> Upon restart says no operating system.  RAID seems fine.  Booting in rescue mode I can see the partitions.  Sadly, I only created swap and /
>
> Is there a way to simply reinstall "OS" without copying over everything?   If no, I am in for a long day.
>
> joe a.
>   
---------
    RAID controllers often require a specific Linux driver different 
from the driver which sees the ordinary
SCSI controller. That former driver must be in the modules used at boot 
time, within initrd. Its name will
be listed in file /etc/sysconfig/kernel, and if you change that then 
finish the job by running mk_initrd.
  What you didn't tell us was what you see when booting the o/s. And is 
that host or guest involved.
If GRUB has once again trashed partition labeling then the o/s partition 
may not be found by other
than /dev/sda style device-name notation, in menu.lst and in fstab. You 
can modify both by booting CD1
into rescue mode and mounting the drive r/w on say /mnt.
    If you don't even get a boot/GRUB splash screen then that suggests 
RAID booting problems.
One booting problem is failing to have a small /boot partition (kind 
EXT2). Lacking that GRUB
will easily get hopelessly lost and you must reinstall the o/s.
   To reinstall without losing things, select the upgrade option. You 
may also choose to do a new
installation and then when partitioning choose to not format nor change 
sizes. Wise managers
have learned long ago to put all valuables on non-o/s partitions, and 
avoid putting the o/s on RAID
or within sundry volume managers and instead keep it on the most simple 
hardware configuration.
    KISS; GRUB is not our friend.
    Joe D.

From joea at j4computers.com  Sun Nov 30 18:02:32 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Sun, 30 Nov 2008 13:02:32 -0500
Subject: Restore operating system SLES 10 SP2
Message-ID: <49327D1D020000850005EFC7@FS-LIN-OES>

grub-install sda2 (my / ) tells me read only file system.

joe a.

>>> Alan Pearson  11/30/08 11:19 AM >>>
Hi Joe,

Seems like your boot sector has gone.

Easiest way to fix :

Boot into Installation mode of the CDs, proceed through language  
dialouges

When offered new Installation or upgrade, choose 'Other options'

There is a repair option given.
Go through it and tell it to repair the boot configuration.

Alternatively you could simply try this in recuse mode

chroot 
grub-install

---
AlanP

On 30 Nov 2008, at 17:11, joea at j4computers.com wrote:

> A working system, SLES10 SP2 as host, VMware server 1.0.6, 2 windows  
> hosts. Dell PE1900 6GB ram 420 GB or so RAID 5.
>
> Upon restart says no operating system.  RAID seems fine.  Booting in  
> rescue mode I can see the partitions.  Sadly, I only created swap  
> and /
>
> Is there a way to simply reinstall "OS" without copying over  
> everything?   If no, I am in for a long day.
>
> joe a.
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From joea at j4computers.com  Sun Nov 30 20:05:01 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Sun, 30 Nov 2008 15:05:01 -0500
Subject: Restore operating system SLES 10 SP2
Message-ID: <493297CA020000850005EFD0@FS-LIN-OES>

Having given up on attempts to recover, did a reinstall.   Upon reboot, I am greeted with a new, graphical login screen, despite having de selected gui stuff.  Or so I thought.

I see the normal blue startup screen, but when done there is this grey screen, suse simply change in graphics, and a small, lower left block (window) of text. saying eteam 

Is this the sp2 stuff?  must have have picked up the wrong DVD's and really installed SP1 last go round?  

Oi!.

joe a.

>>> "joea at j4computers.com"  11/30/08 11:56 AM >>>
grub-install sda2 (my / ) tells me read only file system.

joe a.

>>> Alan Pearson  11/30/08 11:19 AM >>>
Hi Joe,

Seems like your boot sector has gone.

Easiest way to fix :

Boot into Installation mode of the CDs, proceed through language  
dialouges

When offered new Installation or upgrade, choose 'Other options'

There is a repair option given.
Go through it and tell it to repair the boot configuration.

Alternatively you could simply try this in recuse mode

chroot 
grub-install

---
AlanP

On 30 Nov 2008, at 17:11, joea at j4computers.com wrote:

> A working system, SLES10 SP2 as host, VMware server 1.0.6, 2 windows  
> hosts. Dell PE1900 6GB ram 420 GB or so RAID 5.
>
> Upon restart says no operating system.  RAID seems fine.  Booting in  
> rescue mode I can see the partitions.  Sadly, I only created swap  
> and /
>
> Is there a way to simply reinstall "OS" without copying over  
> everything?   If no, I am in for a long day.
>
> joe a.
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From jrd at netlab1.oucs.ox.ac.uk  Sun Nov 30 18:46:14 2008
From: jrd at netlab1.oucs.ox.ac.uk (jrd)
Date: Sun, 30 Nov 2008 18:46:14 +0000
Subject: Restore operating system SLES 10 SP2
In-Reply-To: <493297CA020000850005EFD0@FS-LIN-OES>
References: <493297CA020000850005EFD0@FS-LIN-OES>
Message-ID: <4932DF76.9040708@netlab1.oucs.ox.ac.uk>

joea at j4computers.com wrote:
> Having given up on attempts to recover, did a reinstall.   Upon reboot, I am greeted with a new, graphical login screen, despite having de selected gui stuff.  Or so I thought.
>
> I see the normal blue startup screen, but when done there is this grey screen, suse simply change in graphics, and a small, lower left block (window) of text. saying eteam 
>
> Is this the sp2 stuff?  must have have picked up the wrong DVD's and really installed SP1 last go round?  
>
> Oi!.
>
> joe a.
> ==============
>   
    Next time choose run level 3 during the installation. You deselected 
window managers, we presume,
leaving X11 to be run. I warmly recommend reading all the fine print on 
the installation menus and
resist clicking OK until you are thoroughly satisfied with the choices.
   Joe D.

From joea at j4computers.com  Sun Nov 30 20:16:01 2008
From: joea at j4computers.com (joea at j4computers.com)
Date: Sun, 30 Nov 2008 15:16:01 -0500
Subject: Restore operating system SLES 10 SP2
Message-ID: <49329A30020000850005EFD4@FS-LIN-OES>

I see what I did, I think.  Missed selecting runlevel 3 and left runlevel 5 selected.

back to sleep now.

joe a

>>> "joea at j4computers.com"  11/30/08 1:48 PM >>>
Having given up on attempts to recover, did a reinstall.   Upon reboot, I am greeted with a new, graphical login screen, despite having de selected gui stuff.  Or so I thought.

I see the normal blue startup screen, but when done there is this grey screen, suse simply change in graphics, and a small, lower left block (window) of text. saying eteam 

Is this the sp2 stuff?  must have have picked up the wrong DVD's and really installed SP1 last go round?  

Oi!.

joe a.

>>> "joea at j4computers.com"  11/30/08 11:56 AM >>>
grub-install sda2 (my / ) tells me read only file system.

joe a.

>>> Alan Pearson  11/30/08 11:19 AM >>>
Hi Joe,

Seems like your boot sector has gone.

Easiest way to fix :

Boot into Installation mode of the CDs, proceed through language  
dialouges

When offered new Installation or upgrade, choose 'Other options'

There is a repair option given.
Go through it and tell it to repair the boot configuration.

Alternatively you could simply try this in recuse mode

chroot 
grub-install

---
AlanP

On 30 Nov 2008, at 17:11, joea at j4computers.com wrote:

> A working system, SLES10 SP2 as host, VMware server 1.0.6, 2 windows  
> hosts. Dell PE1900 6GB ram 420 GB or so RAID 5.
>
> Upon restart says no operating system.  RAID seems fine.  Booting in  
> rescue mode I can see the partitions.  Sadly, I only created swap  
> and /
>
> Is there a way to simply reinstall "OS" without copying over  
> everything?   If no, I am in for a long day.
>
> joe a.
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

_______________________________________________
Novell mailing list
Novell at netlab1.oucs.ox.ac.uk
http://netlab1.usu.edu/mailman/listinfo/novell

From jetadmin at gmail.com  Sun Nov 30 22:25:43 2008
From: jetadmin at gmail.com (Eric Rothweiler)
Date: Sun, 30 Nov 2008 17:25:43 -0500
Subject: Time problems NW6.5 Vmware Server
In-Reply-To: <493168D4020000850005EF92@FS-LIN-OES>
References: <493168D4020000850005EF92@FS-LIN-OES>
Message-ID: <1d6cdac70811301425t7e165125gd364f536930b6e34@mail.gmail.com>

Try using timesync.nlm with ntp sources (:123 on the server name/IP),
that made a world of difference for us.

On Sat, Nov 29, 2008 at 4:07 PM, joea at j4computers.com
 wrote:
> NW6.5 on VMware server 1.0.6.   Time seems to be running very slowly.  Thought it was running fine when I checked about a month ago.
>
> One problem is that I cannot sync time properly, with an NTP source.  Time Server type set as Primary.  XNTPD in use.
>
> Other problem is that it is dog slow to start.  You think it is hung.  Saying "time" at console, repeatedly, shows that the seconds tick off about 1 every 10 seconds, in real time.
>
> Thoughts?
>
> joe a.
>
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>