From alandpearson at yahoo.com Thu Aug 6 11:55:37 2009 From: alandpearson at yahoo.com (Alan Pearson) Date: Thu, 6 Aug 2009 11:55:37 +0100 Subject: [Job - UK - Heathrow area] Message-ID: Hi all, Looking for a contractor to come in and provide helpdesk support to our userbase of around 100 people, as well as help with the backend (which is Linux + Novell). This will be working within a small team. Role will involve support of Linux servers, Linux & Windows desktops, as well as a Novell (linux) backend. Good linux skills essential (read several years sys admin, scripting, networking, kickstart / autoyast etc) Novell desired but not 100% necessary (advanced experience with other enterprise directory systems considered) Windows support also necessary, and a good bedside manner for our user support. Linux is at the top of the list for skills here. Based around heathrow area. Will also consider recent graduates, as long as skills are demonstrable. Reply off-list with CV. Tnx --- AlanP From larry at ladyburd.com Thu Aug 6 14:03:26 2009 From: larry at ladyburd.com (Larry Burd) Date: Thu, 6 Aug 2009 09:03:26 -0400 Subject: Long Island Message-ID: <2B75823B159E4FF18834B81C4891820B@ladyburd.local> Is there anybody out there who can handle a mixed environment of SBS 2008 and NW 5.1? I have some work for you. Larry Burd larry at ladyburd.com From ahidalgo at salud.unm.edu Thu Aug 6 14:26:06 2009 From: ahidalgo at salud.unm.edu (Al Hidalgo) Date: Thu, 06 Aug 2009 07:26:06 -0600 Subject: GW Support Job in Albuquerque In-Reply-To: <2B75823B159E4FF18834B81C4891820B@ladyburd.local> References: <2B75823B159E4FF18834B81C4891820B@ladyburd.local> Message-ID: <4A7A858E0200008700018335@hsc-iagate1.health.unm.edu> Hi All, If anyone is interested in a move to Albuquerque, we are looking for an additional GroupWise support person. The primary responsibility of this position will be the administration, maintenance, documentation, planning, and management of the UNM Health Sciences Center (HSC) campus email system. http://unmjobs.unm.edu/applicants/Central?quickFind=53551 Al Al Hidalgo Enterprise Systems Support Analyst Information Technology University Hospitals/UNM Health Sciences Center ahidalgo at salud.unm.edu From mrsmith at oconee.k12.ga.us Thu Aug 6 16:34:34 2009 From: mrsmith at oconee.k12.ga.us (Matt Smith) Date: Thu, 06 Aug 2009 11:34:34 -0400 Subject: admin cannot create users but can delete them Message-ID: <4A7ABDF6.E4C1.0068.0@oconee.k12.ga.us> I have a new admin equivalent user in a new eDirectory container that has all supervisory rights explicitly assigned to her. However, she cannot create new users in the same container as she's in. We keep getting a -427 error in iManager. I have created two additional admin user objects with the same rights assignments who also get the same -427 error when creating users. It doesn't matter which server she tries to use iManager on, she keeps getting the same error. No one else in the tree is getting this error themselves, but our users are all in different contexts. I've even assigned her rights to the root of the tree itself, but still get the exact same error message. As near as I can tell, my tree is healthy. Replication seems normal etc. I don't have any hung obituaries or any other tell-tale signs of bad edir health that I'm aware of. I'm stumped. Anyone have any ideas before I have to call Novell Tech Support? -Matt -- Matt Smith Network Technology Specialist Oconee County School System, Oconee County, Georgia Office of Instruction and Technology 706-769-5685 x1314 From bbrush at gmail.com Thu Aug 6 16:44:20 2009 From: bbrush at gmail.com (Bill Brush) Date: Thu, 6 Aug 2009 10:44:20 -0500 Subject: admin cannot create users but can delete them In-Reply-To: <4A7ABDF6.E4C1.0068.0@oconee.k12.ga.us> References: <4A7ABDF6.E4C1.0068.0@oconee.k12.ga.us> Message-ID: <167f4090908060844l6995c89fo6fe8c4b922adae8d@mail.gmail.com> I've seen similar issues caused by an inherited rights filter. I'd check effective rights for that user on the containers and see if maybe there isn't an IRF hanging out causing problems. Bill On Thu, Aug 6, 2009 at 10:34 AM, Matt Smith wrote: > I have a new admin equivalent user in a new eDirectory container that > has all supervisory rights explicitly assigned to her. ?However, she > cannot create new users in the same container as she's in. ?We keep > getting a -427 error in iManager. ?I have created two additional admin > user objects with the same rights assignments who also get the same -427 > error when creating users. ?It doesn't matter which server she tries to > use iManager on, she keeps getting the same error. ?No one else in the > tree is getting this error themselves, but our users are all in > different contexts. ?I've even assigned her rights to the root of the > tree itself, but still get the exact same error message. > From mrsmith at oconee.k12.ga.us Thu Aug 6 18:06:29 2009 From: mrsmith at oconee.k12.ga.us (Matt Smith) Date: Thu, 06 Aug 2009 13:06:29 -0400 Subject: admin cannot create users but can delete them In-Reply-To: <167f4090908060844l6995c89fo6fe8c4b922adae8d@mail.gmail.com> References: <4A7ABDF6.E4C1.0068.0@oconee.k12.ga.us> <167f4090908060844l6995c89fo6fe8c4b922adae8d@mail.gmail.com> Message-ID: <4A7AD3AA.E4C1.0068.0@oconee.k12.ga.us> >>> On 8/6/2009 at 11:44 AM, in message <167f4090908060844l6995c89fo6fe8c4b922adae8d at mail.gmail.com>, Bill Brush wrote: > I've seen similar issues caused by an inherited rights filter. I'd > check effective rights for that user on the containers and see if > maybe there isn't an IRF hanging out causing problems. Yeah, that's what it feels like, but I can't find any IRF's between the user and the root of the tree anywhere. -Matt -- Matt Smith Network Technology Specialist Oconee County School System, Oconee County, Georgia Office of Instruction and Technology 706-769-5685 x1314 From mrsmith at oconee.k12.ga.us Thu Aug 6 20:38:47 2009 From: mrsmith at oconee.k12.ga.us (Matt Smith) Date: Thu, 06 Aug 2009 15:38:47 -0400 Subject: admin cannot create users but can delete them In-Reply-To: <167f4090908060844l6995c89fo6fe8c4b922adae8d@mail.gmail.com> References: <4A7ABDF6.E4C1.0068.0@oconee.k12.ga.us> <167f4090908060844l6995c89fo6fe8c4b922adae8d@mail.gmail.com> Message-ID: <4A7AF75D.E4C1.0068.0@oconee.k12.ga.us> >>> On 8/6/2009 at 11:44 AM, in message <167f4090908060844l6995c89fo6fe8c4b922adae8d at mail.gmail.com>, Bill Brush wrote: > I've seen similar issues caused by an inherited rights filter. I'd > check effective rights for that user on the containers and see if > maybe there isn't an IRF hanging out causing problems. > > Bill The plot thickens. I am able to create users with ConsoleOne but not with iManager. My admin user has the same roles assigned in the same exact manner as another account in another context that can create users. This issues appears to only affect administrative users in this one context who are trying to create users with iManager. We're using iManager 2.7.2. Thanks, -Matt -- Matt Smith Network Technology Specialist Oconee County School System, Oconee County, Georgia Office of Instruction and Technology 706-769-5685 x1314 From mrsmith at oconee.k12.ga.us Thu Aug 6 21:02:46 2009 From: mrsmith at oconee.k12.ga.us (Matt Smith) Date: Thu, 06 Aug 2009 16:02:46 -0400 Subject: admin cannot create users but can delete them In-Reply-To: <4A7AF75D.E4C1.0068.0@oconee.k12.ga.us> References: <4A7ABDF6.E4C1.0068.0@oconee.k12.ga.us> <167f4090908060844l6995c89fo6fe8c4b922adae8d@mail.gmail.com> <4A7AF75D.E4C1.0068.0@oconee.k12.ga.us> Message-ID: <4A7AFCED.E4C1.0068.0@oconee.k12.ga.us> >>> On 8/6/2009 at 3:38 PM, in message <4A7AF75D.E4C1.0068.0 at oconee.k12.ga.us>, > > The plot thickens. I am able to create users with ConsoleOne but not > with iManager. My admin user has the same roles assigned in the same > exact manner as another account in another context that can create > users. > > This issues appears to only affect administrative users in this one > context who are trying to create users with iManager. We're using > iManager 2.7.2. Sigh! I got it. The user template specified membership in a group outside the branch admin's context and to which she has no rights. Apparently this isn't the case for other templates, or the other branch admins (who are all new,) just haven't created any new users yet. D'oh! Thanks, -Matt -- Matt Smith Network Technology Specialist Oconee County School System, Oconee County, Georgia Office of Instruction and Technology 706-769-5685 x1314 From MGlenn at cco.state.oh.us Thu Aug 6 21:38:53 2009 From: MGlenn at cco.state.oh.us (Michael Glenn) Date: Thu, 06 Aug 2009 16:38:53 -0400 Subject: admin cannot create users but can delete them In-Reply-To: <4A7AFCED.E4C1.0068.0@oconee.k12.ga.us> References: <4A7ABDF6.E4C1.0068.0@oconee.k12.ga.us> <167f4090908060844l6995c89fo6fe8c4b922adae8d@mail.gmail.com> <4A7AF75D.E4C1.0068.0@oconee.k12.ga.us> <4A7AFCED.E4C1.0068.0@oconee.k12.ga.us> Message-ID: <4A7B071D.33FD.002C.1@cco.state.oh.us> Goodness; that's a sneaky one. >>> "Matt Smith" 08/06/2009 16:02 >>> Sigh! I got it. The user template specified membership in a group outside the branch admin's context and to which she has no rights. Apparently this isn't the case for other templates, or the other branch admins (who are all new,) just haven't created any new users yet. D'oh! Thanks, -Matt From Neil.Jensen at wcdsb.ca Fri Aug 7 13:23:06 2009 From: Neil.Jensen at wcdsb.ca (Neil Jensen) Date: Fri, 7 Aug 2009 08:23:06 -0400 Subject: FW: Thanks to the list (was Cache buffers drop like a stone) Message-ID: Now that its summer time in the school board, I'm catching up on listserv postings and realized I never thanked Joe for his response, which of course was the cause. So thank you Joe for not just this response, but all the responses over the years that have helped educate us all on the finer details. Also thanks to all the regulars out there who keep this list interesting. I don't know how you find the time to do it all. I'd like to respond more, but by the time there's an issue where I think I may be able to contribute, someone's already answered. Neil Jensen Waterloo Catholic District School Board -----Original Message----- From: Joe R. Doupnik [mailto:joe.doupnik at oucs.ox.ac.uk ] Sent: Tuesday, March 03, 2009 12:17 PM To: Novell LAN Interest Group Subject: Re: Cache buffers drop like a stone Neil Jensen wrote: > NW6.5 sp6 on an HP Proliant ML370G5 - basic file server serving > applications and files in a high school. Also printing and Tivoli > back-up > > Total Cache Buffers drops suddenly from an average of 476,000 to a > number quite a bit less - right now mine's dropped to 239,000 in one > morning. And I know if it gets much less, I'll run dry and will need > to reboot. We've had no luck tracing the cause. We've updated BIOS > and firmware and patched to latest. > > We've seen this lately at a couple of locations and it seems totally > sporadic with no indicators anywhere. Does anyone have any ideas > where to start looking? > > Thanks, > Neil Jensen > Waterloo Catholic DSB ---------- Remote Manager (NRM). Look within Manage Server | View Memory Config | NLM memory. Most likely culprit (pending facts) is TSM. It has an accomplice known as TSAFS caching which should be turned off via iManager | SMS Backup and Restore | TFSFS Options. Joe D. -------------------------------------------------------------------- Disclaimer - This email and any files transmitted with it are confidential and contain privileged or copyright information. You must not present this message to another party without gaining permission from the sender. If you are not the intended recipient you must not copy, distribute or use this email or the information contained in it for any purpose other than to notify us. If you have received this message in error, please notify the sender immediately, and delete this email from your system. We do not guarantee that this material is free from viruses or any other defects although due care has been taken to minimize the risk. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of the Waterloo Catholic District School Board. From joea at j4computers.com Sat Aug 8 09:56:09 2009 From: joea at j4computers.com (joea at j4computers.com) Date: Sat, 08 Aug 2009 04:56:09 -0400 Subject: moving LDAP Message-ID: <4A7DB214020000850006031A@FS-LIN-OES> Retiring a NetWare server that has served (sigh) as "the LDAP server". The intended honoree is a newly gestated OES(1) Linux box, running openldap, holding r/w replicas of each partition. The intent is to have as little interruption as possible to those who sniff out the LDAP info from that server. My thinking, right now, is that we can simply retire the NetWare server (uninstall eDirectory) and use it's IP on the Linux box. "And all should be Well". Might have to manually add the IP to /etc/openldap/ldap.conf as a URI, not sure. I'd like to think it would simply work. Oh, yes, I suppose I will have to regenerate certs, on the Linux box, to include the additional IP, so SSL/TLS binds will work. Restarts/reboots not specified, but taken as required. Flaws? joe a. From MGlenn at cco.state.oh.us Fri Aug 7 19:38:06 2009 From: MGlenn at cco.state.oh.us (Michael Glenn) Date: Fri, 07 Aug 2009 14:38:06 -0400 Subject: moving LDAP In-Reply-To: <4A7DB214020000850006031A@FS-LIN-OES> References: <4A7DB214020000850006031A@FS-LIN-OES> Message-ID: <4A7C3C4E.33FD.002C.1@cco.state.oh.us> I'd be interested in the answer to this, as well. Re certificate regeneration, this looks interesting: http://www.novell.com/communities/node/5704/certificate-recreation-script-oes1-and-oes2 >>> "joea at j4computers.com" 08/08/2009 04:56 >>> Retiring a NetWare server that has served (sigh) as "the LDAP server". The intended honoree is a newly gestated OES(1) Linux box, running openldap, holding r/w replicas of each partition. The intent is to have as little interruption as possible to those who sniff out the LDAP info from that server. My thinking, right now, is that we can simply retire the NetWare server (uninstall eDirectory) and use it's IP on the Linux box. "And all should be Well". Might have to manually add the IP to /etc/openldap/ldap.conf as a URI, not sure. I'd like to think it would simply work. Oh, yes, I suppose I will have to regenerate certs, on the Linux box, to include the additional IP, so SSL/TLS binds will work. Restarts/reboots not specified, but taken as required. Flaws? joe a. From alandpearson at yahoo.com Fri Aug 7 19:59:04 2009 From: alandpearson at yahoo.com (Alan Pearson) Date: Fri, 7 Aug 2009 19:59:04 +0100 Subject: moving LDAP In-Reply-To: <4A7C3C4E.33FD.002C.1@cco.state.oh.us> References: <4A7DB214020000850006031A@FS-LIN-OES> <4A7C3C4E.33FD.002C.1@cco.state.oh.us> Message-ID: Is this system eDir or OpenLdap ? You say openldap but then you mention r/w replicas of each partition ? --- AlanP On 7 Aug 2009, at 19:38, Michael Glenn wrote: > I'd be interested in the answer to this, as well. > > Re certificate regeneration, this looks interesting: http://www.novell.com/communities/node/5704/certificate-recreation-script-oes1-and-oes2 > > >>>> "joea at j4computers.com" 08/08/2009 04:56 >>> > Retiring a NetWare server that has served (sigh) as "the LDAP > server". The intended honoree is a newly gestated OES(1) Linux > box, running openldap, holding r/w replicas of each partition. > > The intent is to have as little interruption as possible to those > who sniff out the LDAP info from that server. > > My thinking, right now, is that we can simply retire the NetWare > server (uninstall eDirectory) and use it's IP on the Linux box. > "And all should be Well". Might have to manually add the IP to / > etc/openldap/ldap.conf as a URI, not sure. I'd like to think it > would simply work. > > Oh, yes, I suppose I will have to regenerate certs, on the Linux > box, to include the additional IP, so SSL/TLS binds will work. > Restarts/reboots not specified, but taken as required. > > Flaws? > > joe a. > > > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell From joe.acquisto at gmail.com Fri Aug 7 20:46:47 2009 From: joe.acquisto at gmail.com (joe Acquisto) Date: Fri, 7 Aug 2009 15:46:47 -0400 Subject: moving LDAP In-Reply-To: References: <4A7DB214020000850006031A@FS-LIN-OES> <4A7C3C4E.33FD.002C.1@cco.state.oh.us> Message-ID: <5e7da10a0908071246u5a653b71k52d5292d5a0aa3c4@mail.gmail.com> Well, yes I did. What's yer point? Oh, this is not a town hall meeting? Realilty matters? Hmm, yes, open ldap is not installed. joe a. On Fri, Aug 7, 2009 at 2:59 PM, Alan Pearson wrote: > Is this system eDir or OpenLdap ? > You say openldap but then you mention r/w replicas of each partition ? > > > > > > --- > AlanP > > > > On 7 Aug 2009, at 19:38, Michael Glenn wrote: > > I'd be interested in the answer to this, as well. >> >> Re certificate regeneration, this looks interesting: >> http://www.novell.com/communities/node/5704/certificate-recreation-script-oes1-and-oes2 >> >> >> "joea at j4computers.com" 08/08/2009 04:56 >>> >>>>> >>>> Retiring a NetWare server that has served (sigh) as "the LDAP server". >> The intended honoree is a newly gestated OES(1) Linux box, running >> openldap, holding r/w replicas of each partition. >> >> The intent is to have as little interruption as possible to those who >> sniff out the LDAP info from that server. >> >> My thinking, right now, is that we can simply retire the NetWare server >> (uninstall eDirectory) and use it's IP on the Linux box. "And all should be >> Well". Might have to manually add the IP to /etc/openldap/ldap.conf as a >> URI, not sure. I'd like to think it would simply work. >> >> Oh, yes, I suppose I will have to regenerate certs, on the Linux box, to >> include the additional IP, so SSL/TLS binds will work. Restarts/reboots not >> specified, but taken as required. >> >> Flaws? >> >> joe a. >> >> >> _______________________________________________ >> Novell mailing list >> Novell at netlab1.oucs.ox.ac.uk >> http://netlab1.usu.edu/mailman/listinfo/novell >> > > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > From alandpearson at yahoo.com Sat Aug 8 12:13:50 2009 From: alandpearson at yahoo.com (Alan Pearson) Date: Sat, 8 Aug 2009 12:13:50 +0100 Subject: moving LDAP In-Reply-To: <5e7da10a0908071246u5a653b71k52d5292d5a0aa3c4@mail.gmail.com> References: <4A7DB214020000850006031A@FS-LIN-OES> <4A7C3C4E.33FD.002C.1@cco.state.oh.us> <5e7da10a0908071246u5a653b71k52d5292d5a0aa3c4@mail.gmail.com> Message-ID: <725808AF-7CF2-47DF-BD46-943953FF463C@yahoo.com> What I would do, is get both boxes working together first before retiring the netware one. Give OES a different IP & hostname, make sure it all works, then change your DNS 'ldap' alias (I assume you have one?) to point to the OES box That way any probs, you can flick the DNS entry back to the netware box. Alternatively if you don't have a DNS alias for LDAP service, then give make an alias of the old netware hostname for the OES dns entry. --- AlanP On 7 Aug 2009, at 20:46, joe Acquisto wrote: > Well, yes I did. What's yer point? Oh, this is not a town hall > meeting? > Realilty matters? > > Hmm, yes, open ldap is not installed. > > joe a. > > On Fri, Aug 7, 2009 at 2:59 PM, Alan Pearson > wrote: > >> Is this system eDir or OpenLdap ? >> You say openldap but then you mention r/w replicas of each >> partition ? >> >> >> >> >> >> --- >> AlanP >> >> >> >> On 7 Aug 2009, at 19:38, Michael Glenn wrote: >> >> I'd be interested in the answer to this, as well. >>> >>> Re certificate regeneration, this looks interesting: >>> http://www.novell.com/communities/node/5704/certificate-recreation-script-oes1-and-oes2 >>> >>> >>> "joea at j4computers.com" 08/08/2009 04:56 >>> >>>>>> >>>>> Retiring a NetWare server that has served (sigh) as "the LDAP >>>>> server". >>> The intended honoree is a newly gestated OES(1) Linux box, running >>> openldap, holding r/w replicas of each partition. >>> >>> The intent is to have as little interruption as possible to those >>> who >>> sniff out the LDAP info from that server. >>> >>> My thinking, right now, is that we can simply retire the NetWare >>> server >>> (uninstall eDirectory) and use it's IP on the Linux box. "And all >>> should be >>> Well". Might have to manually add the IP to /etc/openldap/ >>> ldap.conf as a >>> URI, not sure. I'd like to think it would simply work. >>> >>> Oh, yes, I suppose I will have to regenerate certs, on the Linux >>> box, to >>> include the additional IP, so SSL/TLS binds will work. Restarts/ >>> reboots not >>> specified, but taken as required. >>> >>> Flaws? >>> >>> joe a. >>> >>> >>> _______________________________________________ >>> Novell mailing list >>> Novell at netlab1.oucs.ox.ac.uk >>> http://netlab1.usu.edu/mailman/listinfo/novell >>> >> >> _______________________________________________ >> Novell mailing list >> Novell at netlab1.oucs.ox.ac.uk >> http://netlab1.usu.edu/mailman/listinfo/novell >> > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell From joea at j4computers.com Sun Aug 9 17:04:08 2009 From: joea at j4computers.com (joea at j4computers.com) Date: Sun, 09 Aug 2009 12:04:08 -0400 Subject: moving LDAP In-Reply-To: <725808AF-7CF2-47DF-BD46-943953FF463C@yahoo.com> References: <4A7DB214020000850006031A@FS-LIN-OES> <4A7C3C4E.33FD.002C.1@cco.state.oh.us> <5e7da10a0908071246u5a653b71k52d5292d5a0aa3c4@mail.gmail.com> <725808AF-7CF2-47DF-BD46-943953FF463C@yahoo.com> Message-ID: <4A7EBB38020000850006031E@FS-LIN-OES> One of the (mgmt) stated goals for this is that any and all "client" services (running in various places), some custom coded, would not require to changes. Most of them specify the IP of the LDAP server, not DNS. So, one must move the IP to the new LDAP box, with no fuss to those app or their maintainers Right now, the new "LDAP" box answers up to simple LDAP queries, via one of those GUI test programs. So I tend to think that once a few test scripts run against it, successfully, all will be good to go, leaving only the certs question. But I must be overlooking something. One never knows what to expect when wandering in dark places. joe a. >>> On 8/8/2009 at 7:13 AM, Alan Pearson wrote: > What I would do, is get both boxes working together first before > retiring the netware one. > > Give OES a different IP & hostname, make sure it all works, then > change your DNS 'ldap' alias (I assume you have one?) to point to the > OES box > That way any probs, you can flick the DNS entry back to the netware box. > > Alternatively if you don't have a DNS alias for LDAP service, then > give make an alias of the old netware hostname for the OES dns entry. > > > > > > --- > AlanP > > > On 7 Aug 2009, at 20:46, joe Acquisto wrote: > >> Well, yes I did. What's yer point? Oh, this is not a town hall >> meeting? >> Realilty matters? >> >> Hmm, yes, open ldap is not installed. >> >> joe a. >> >> On Fri, Aug 7, 2009 at 2:59 PM, Alan Pearson >> wrote: >> >>> Is this system eDir or OpenLdap ? >>> You say openldap but then you mention r/w replicas of each >>> partition ? >>> >>> >>> >>> >>> >>> --- >>> AlanP >>> >>> >>> >>> On 7 Aug 2009, at 19:38, Michael Glenn wrote: >>> >>> I'd be interested in the answer to this, as well. >>>> >>>> Re certificate regeneration, this looks interesting: >>>> > http://www.novell.com/communities/node/5704/certificate-recreation-script-oes1-an > d-oes2 >>>> >>>> >>>> "joea at j4computers.com" 08/08/2009 04:56 >>> >>>>>>> >>>>>> Retiring a NetWare server that has served (sigh) as "the LDAP >>>>>> server". >>>> The intended honoree is a newly gestated OES(1) Linux box, running >>>> openldap, holding r/w replicas of each partition. >>>> >>>> The intent is to have as little interruption as possible to those >>>> who >>>> sniff out the LDAP info from that server. >>>> >>>> My thinking, right now, is that we can simply retire the NetWare >>>> server >>>> (uninstall eDirectory) and use it's IP on the Linux box. "And all >>>> should be >>>> Well". Might have to manually add the IP to /etc/openldap/ >>>> ldap.conf as a >>>> URI, not sure. I'd like to think it would simply work. >>>> >>>> Oh, yes, I suppose I will have to regenerate certs, on the Linux >>>> box, to >>>> include the additional IP, so SSL/TLS binds will work. Restarts/ >>>> reboots not >>>> specified, but taken as required. >>>> >>>> Flaws? >>>> >>>> joe a. >>>> >>>> >>>> _______________________________________________ >>>> Novell mailing list >>>> Novell at netlab1.oucs.ox.ac.uk >>>> http://netlab1.usu.edu/mailman/listinfo/novell >>>> >>> >>> _______________________________________________ >>> Novell mailing list >>> Novell at netlab1.oucs.ox.ac.uk >>> http://netlab1.usu.edu/mailman/listinfo/novell >>> >> _______________________________________________ >> Novell mailing list >> Novell at netlab1.oucs.ox.ac.uk >> http://netlab1.usu.edu/mailman/listinfo/novell > > > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell From ahidalgo at salud.unm.edu Sat Aug 8 18:19:04 2009 From: ahidalgo at salud.unm.edu (Al Hidalgo) Date: Sat, 08 Aug 2009 11:19:04 -0600 Subject: CD ISOs? Message-ID: <4A7D5F280200008700018A3E@hsc-iagate1.health.unm.edu> Seems like most of the downloads are now DVD ISOs. Where can I get SLES 10 SP2 CD ISOs and SLES 11 CD ISOs? Thanks, Al Al Hidalgo Enterprise Systems Support Analyst Information Technology University Hospitals/UNM Health Sciences Center ahidalgo at salud.unm.edu From joe.acquisto at gmail.com Wed Aug 12 16:04:07 2009 From: joe.acquisto at gmail.com (joe Acquisto) Date: Wed, 12 Aug 2009 11:04:07 -0400 Subject: OES/eDir upgrades Message-ID: <5e7da10a0908120804x179ba654q2e670a82fd2c31ae@mail.gmail.com> Regarding upgrading OES1 (Linux) to eDir 8.8.x, etc. "Research" seems to indicate this is (was?) a dead end. Meaning, while possible, one could not subsequently upgrade to OES2. (Tho I imagine one could "migrate" to clean OES2 istalls.) Has the issue been resolved? Or is one still "forced" to upgrade to OES2? Some indications where the this would be resolved when OES2 SP2 came out. joe a. From joe.acquisto at gmail.com Wed Aug 12 16:44:36 2009 From: joe.acquisto at gmail.com (joe Acquisto) Date: Wed, 12 Aug 2009 11:44:36 -0400 Subject: moving LDAP In-Reply-To: <725808AF-7CF2-47DF-BD46-943953FF463C@yahoo.com> References: <4A7DB214020000850006031A@FS-LIN-OES> <4A7C3C4E.33FD.002C.1@cco.state.oh.us> <5e7da10a0908071246u5a653b71k52d5292d5a0aa3c4@mail.gmail.com> <725808AF-7CF2-47DF-BD46-943953FF463C@yahoo.com> Message-ID: <5e7da10a0908120844s50274ff6se87b80a847c3547c@mail.gmail.com> Well, this turned out to be as simple as can be, at least in this environment. Seems nldap, for eDir 8.7.3 anyway, will answer/respond to requests made on any IP's bound on a machine. In this case, all I had to do was define a NIC "alias" (via yast) and query on that alias IP. Appears to work, so far. joe a. On Sat, Aug 8, 2009 at 7:13 AM, Alan Pearson wrote: > What I would do, is get both boxes working together first before retiring > the netware one. > > Give OES a different IP & hostname, make sure it all works, then change > your DNS 'ldap' alias (I assume you have one?) to point to the OES box > That way any probs, you can flick the DNS entry back to the netware box. > > Alternatively if you don't have a DNS alias for LDAP service, then give > make an alias of the old netware hostname for the OES dns entry. > > > > > > --- > AlanP > > > On 7 Aug 2009, at 20:46, joe Acquisto wrote: > > Well, yes I did. What's yer point? Oh, this is not a town hall meeting? >> Realilty matters? >> >> Hmm, yes, open ldap is not installed. >> >> joe a. >> >> On Fri, Aug 7, 2009 at 2:59 PM, Alan Pearson >> wrote: >> >> Is this system eDir or OpenLdap ? >>> You say openldap but then you mention r/w replicas of each partition ? >>> >>> >>> >>> >>> >>> --- >>> AlanP >>> >>> >>> >>> On 7 Aug 2009, at 19:38, Michael Glenn wrote: >>> >>> I'd be interested in the answer to this, as well. >>> >>>> >>>> Re certificate regeneration, this looks interesting: >>>> >>>> http://www.novell.com/communities/node/5704/certificate-recreation-script-oes1-and-oes2 >>>> >>>> >>>> "joea at j4computers.com" 08/08/2009 04:56 >>> >>>> >>>>> >>>>>>> Retiring a NetWare server that has served (sigh) as "the LDAP >>>>>> server". >>>>>> >>>>> The intended honoree is a newly gestated OES(1) Linux box, running >>>> openldap, holding r/w replicas of each partition. >>>> >>>> The intent is to have as little interruption as possible to those who >>>> sniff out the LDAP info from that server. >>>> >>>> My thinking, right now, is that we can simply retire the NetWare server >>>> (uninstall eDirectory) and use it's IP on the Linux box. "And all >>>> should be >>>> Well". Might have to manually add the IP to /etc/openldap/ldap.conf >>>> as a >>>> URI, not sure. I'd like to think it would simply work. >>>> >>>> Oh, yes, I suppose I will have to regenerate certs, on the Linux box, to >>>> include the additional IP, so SSL/TLS binds will work. Restarts/reboots >>>> not >>>> specified, but taken as required. >>>> >>>> Flaws? >>>> >>>> joe a. >>>> >>>> >>>> _______________________________________________ >>>> Novell mailing list >>>> Novell at netlab1.oucs.ox.ac.uk >>>> http://netlab1.usu.edu/mailman/listinfo/novell >>>> >>>> >>> _______________________________________________ >>> Novell mailing list >>> Novell at netlab1.oucs.ox.ac.uk >>> http://netlab1.usu.edu/mailman/listinfo/novell >>> >>> _______________________________________________ >> Novell mailing list >> Novell at netlab1.oucs.ox.ac.uk >> http://netlab1.usu.edu/mailman/listinfo/novell >> > > > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > From Tony_DelGaudio at nysp.uscourts.gov Wed Aug 12 17:01:51 2009 From: Tony_DelGaudio at nysp.uscourts.gov (Tony_DelGaudio at nysp.uscourts.gov) Date: Wed, 12 Aug 2009 10:01:51 -0600 Subject: CN=Tony DelGaudio/OU=NYSP/OU=02/O=USCOURTS is out of the office. Message-ID: I will be out of the office starting Mon 08/10/2009 and will not return until Wed 08/26/2009. I will respond to your message when I return. From joe.acquisto at gmail.com Fri Aug 14 15:06:12 2009 From: joe.acquisto at gmail.com (joe Acquisto) Date: Fri, 14 Aug 2009 10:06:12 -0400 Subject: Reasons to Upgrade to OES2 Message-ID: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> Looking for sources of info - bullet points OK, that outline (at least) reasons to upgrade from OES1 (Linux) to OES2. Virtually everything I've found is focused on why/how to upgrade (migrate) from NW to OES2, Linux. "No longer in general support" is, sadly, insufficent reason. joe a. From mrsmith at oconee.k12.ga.us Fri Aug 14 15:16:23 2009 From: mrsmith at oconee.k12.ga.us (Matt Smith) Date: Fri, 14 Aug 2009 10:16:23 -0400 Subject: Reasons to Upgrade to OES2 In-Reply-To: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> References: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> Message-ID: <4A853960.E4C1.0068.0@oconee.k12.ga.us> >>> On 8/14/2009 at 10:06 AM, in message <5e7da10a0908140706p22695e0ejac4fb425519c5724 at mail.gmail.com>, joe Acquisto wrote: > Looking for sources of info - bullet points OK, that outline (at least) > reasons to upgrade from OES1 (Linux) to OES2. > > Virtually everything I've found is focused on why/how to upgrade (migrate) > from NW to OES2, Linux. > > "No longer in general support" is, sadly, insufficent reason. If you're happy with it, why bother? I would think that a lack of general support would be a compelling factor if you found yourself in a position to need it. On the whole, I've found OES2 easier to work with when it comes to the extra administration tools specifically provided for OES services. I never ran OES 1 long enough to give you a bullet-point comparison though. I just waited for OES2 before putting production services on it and have been happy for it. Your mileage may vary. -Matt -- Matt Smith Network Technology Specialist Oconee County School System, Oconee County, Georgia Office of Instruction and Technology 706-769-5685 x1314 From joe.doupnik at oucs.ox.ac.uk Fri Aug 14 15:20:42 2009 From: joe.doupnik at oucs.ox.ac.uk (Joe R. Doupnik) Date: Fri, 14 Aug 2009 15:20:42 +0100 Subject: Reasons to Upgrade to OES2 In-Reply-To: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> References: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> Message-ID: <4A8572BA.10909@oucs.ox.ac.uk> joe Acquisto wrote: > Looking for sources of info - bullet points OK, that outline (at least) > reasons to upgrade from OES1 (Linux) to OES2. > > Virtually everything I've found is focused on why/how to upgrade (migrate) > from NW to OES2, Linux. > > "No longer in general support" is, sadly, insufficent reason. > > joe a. ----------- Servers exist to provide services for folks. You might wish to have a look at what OES2 provides as that body of work is much improved over OES1. In addition, there is the not small matter of maintenance of software. OES1 is quite old, OES2 is in mid-life, software has progressed between these editions (not least driver support for hardware). An easy way to compare is to build both versions in a test environment and get used to OES2. In the end it will be the customer's call, with you providing the factual basis. As all this depends upon local conditions I will stop here. Joe D. From alandpearson at yahoo.com Fri Aug 14 15:33:27 2009 From: alandpearson at yahoo.com (Alan Pearson) Date: Fri, 14 Aug 2009 15:33:27 +0100 (BST) Subject: Reasons to Upgrade to OES2 In-Reply-To: <4A8572BA.10909@oucs.ox.ac.uk> References: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> <4A8572BA.10909@oucs.ox.ac.uk> Message-ID: <5884.88.211.54.85.1250260407.squirrel@83.67.10.8> Having used both, I can testify that OES2 is _much_ improved over OES1. OES 1 is based on an antiquated version of LInux (SLES 9.3) which, if you also use the platform for other things (we do) then you will struggle when these other things need later versions of stuff. There are many fixes in OES2 that will never be in OES1, and support IS a major consideration for us. Finally one key reason is that OES2 is 64 bit, which allows it take advantage of your 64 bit hardware. But trust me, OES 2 is much much better that OES 1, and SP1 further improves on this. -- AlanP On Fri, August 14, 2009 3:20 pm, Joe R. Doupnik wrote: > joe Acquisto wrote: >> Looking for sources of info - bullet points OK, that outline (at least) >> reasons to upgrade from OES1 (Linux) to OES2. >> >> Virtually everything I've found is focused on why/how to upgrade >> (migrate) >> from NW to OES2, Linux. >> >> "No longer in general support" is, sadly, insufficent reason. >> >> joe a. > ----------- > Servers exist to provide services for folks. You might wish to > have a look at what OES2 provides as that body of work is much improved > over OES1. In addition, there is the not small matter of maintenance of > software. OES1 is quite old, OES2 is in mid-life, software has progressed > between these editions (not least driver support for hardware). > An easy way to compare is to build both versions in a test environment > and get used to OES2. > In the end it will be the customer's call, with you providing the > factual basis. As all this depends upon local conditions I will stop here. > Joe D. > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > From joe.acquisto at gmail.com Fri Aug 14 16:25:08 2009 From: joe.acquisto at gmail.com (joe Acquisto) Date: Fri, 14 Aug 2009 11:25:08 -0400 Subject: Reasons to Upgrade to OES2 In-Reply-To: <4A853960.E4C1.0068.0@oconee.k12.ga.us> References: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> <4A853960.E4C1.0068.0@oconee.k12.ga.us> Message-ID: <5e7da10a0908140825u534515cax9bb3f6f01611a05d@mail.gmail.com> > > . .. > If you're happy with it, why bother? > That, is what I am hoping to discover. joe a. From joe.acquisto at gmail.com Fri Aug 14 16:27:16 2009 From: joe.acquisto at gmail.com (joe Acquisto) Date: Fri, 14 Aug 2009 11:27:16 -0400 Subject: Reasons to Upgrade to OES2 In-Reply-To: <4A8572BA.10909@oucs.ox.ac.uk> References: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> <4A8572BA.10909@oucs.ox.ac.uk> Message-ID: <5e7da10a0908140827w78c4efe4k6c86feddfb77da69@mail.gmail.com> On Fri, Aug 14, 2009 at 10:20 AM, Joe R. Doupnik wrote: > joe Acquisto wrote: > >> Looking for sources of info - bullet points OK, that outline (at least) >> reasons to upgrade from OES1 (Linux) to OES2. >> >> Virtually everything I've found is focused on why/how to upgrade (migrate) >> from NW to OES2, Linux. >> >> "No longer in general support" is, sadly, insufficent reason. >> >> joe a. >> > ----------- > Servers exist to provide services for folks. You might wish to > have a look at what OES2 provides as that body of work is much improved > over OES1. In addition, there is the not small matter of maintenance of > software. OES1 is quite old, OES2 is in mid-life, software has progressed > between these editions (not least driver support for hardware). > An easy way to compare is to build both versions in a test > environment > and get used to OES2. > In the end it will be the customer's call, with you providing the > factual basis. As all this depends upon local conditions I will stop here. > Joe D. Limitation of available h/w weighs against a test build. joe a. From joe.acquisto at gmail.com Fri Aug 14 16:30:35 2009 From: joe.acquisto at gmail.com (joe Acquisto) Date: Fri, 14 Aug 2009 11:30:35 -0400 Subject: Reasons to Upgrade to OES2 In-Reply-To: <5884.88.211.54.85.1250260407.squirrel@83.67.10.8> References: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> <4A8572BA.10909@oucs.ox.ac.uk> <5884.88.211.54.85.1250260407.squirrel@83.67.10.8> Message-ID: <5e7da10a0908140830g741665d6v7ebf7238557fdfda@mail.gmail.com> On Fri, Aug 14, 2009 at 10:33 AM, Alan Pearson wrote: > Having used both, I can testify that OES2 is _much_ improved over OES1. > OES 1 is based on an antiquated version of LInux (SLES 9.3) which, if you > also use the platform for other things (we do) then you will struggle when > these other things need later versions of stuff. > > There are many fixes in OES2 that will never be in OES1, and support IS a > major consideration for us. > > Finally one key reason is that OES2 is 64 bit, which allows it take > advantage of your 64 bit hardware. > > But trust me, OES 2 is much much better that OES 1, and SP1 further > improves on this. > > The 64 bit thing may be of value, as a "marketing pressure point". Trust, sadly, will cut no ice, in this environment. Skeptics, experience hardening, etc. joe a. From smf34 at cam.ac.uk Fri Aug 14 16:37:16 2009 From: smf34 at cam.ac.uk (Simon Flood) Date: Fri, 14 Aug 2009 16:37:16 +0100 Subject: Reasons to Upgrade to OES2 In-Reply-To: <5e7da10a0908140827w78c4efe4k6c86feddfb77da69@mail.gmail.com> References: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> <4A8572BA.10909@oucs.ox.ac.uk> <5e7da10a0908140827w78c4efe4k6c86feddfb77da69@mail.gmail.com> Message-ID: <4A8584AC.5010207@cam.ac.uk> On 14/08/2009 16:27, joe Acquisto wrote: > Limitation of available h/w weighs against a test build. Go virtual? Simon From joe.doupnik at oucs.ox.ac.uk Fri Aug 14 16:38:45 2009 From: joe.doupnik at oucs.ox.ac.uk (Joe Doupnik) Date: Fri, 14 Aug 2009 16:38:45 +0100 Subject: Reasons to Upgrade to OES2 In-Reply-To: <5e7da10a0908140827w78c4efe4k6c86feddfb77da69@mail.gmail.com> References: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> <4A8572BA.10909@oucs.ox.ac.uk> <5e7da10a0908140827w78c4efe4k6c86feddfb77da69@mail.gmail.com> Message-ID: <4A858505.1050605@oucs.ox.ac.uk> joe Acquisto wrote: > On Fri, Aug 14, 2009 at 10:20 AM, Joe R. Doupnik > wrote: > >> joe Acquisto wrote: >> >>> Looking for sources of info - bullet points OK, that outline (at least) >>> reasons to upgrade from OES1 (Linux) to OES2. >>> >>> Virtually everything I've found is focused on why/how to upgrade (migrate) >>> from NW to OES2, Linux. >>> >>> "No longer in general support" is, sadly, insufficent reason. >>> >>> joe a. >>> >> ----------- >> Servers exist to provide services for folks. You might wish to >> have a look at what OES2 provides as that body of work is much improved >> over OES1. In addition, there is the not small matter of maintenance of >> software. OES1 is quite old, OES2 is in mid-life, software has progressed >> between these editions (not least driver support for hardware). >> An easy way to compare is to build both versions in a test >> environment >> and get used to OES2. >> In the end it will be the customer's call, with you providing the >> factual basis. As all this depends upon local conditions I will stop here. >> Joe D. > > > > Limitation of available h/w weighs against a test build. > > joe a. -------------- You already have a Windows or Linux machine, that which helped write your email message. Add VMware Server (free), and there is your test environment. 2GB of memory will just suffice for this. Some poking about the old machinery in establishments usually turns up serviceable boxes for this use. Joe D. From RGrein at tpchd.org Fri Aug 14 17:38:53 2009 From: RGrein at tpchd.org (Randy Grein) Date: Fri, 14 Aug 2009 09:38:53 -0700 Subject: Reasons to Upgrade to OES2 In-Reply-To: <5e7da10a0908140827w78c4efe4k6c86feddfb77da69@mail.gmail.com> References: <5e7da10a0908140706p22695e0ejac4fb425519c5724@mail.gmail.com> <4A8572BA.10909@oucs.ox.ac.uk> <5e7da10a0908140827w78c4efe4k6c86feddfb77da69@mail.gmail.com> Message-ID: <4A8530AD0200007200039C67@health-mail2.tpchd.org> Ooh, sounds like a job for virtualization! Randy Grein Sr. Network Engineer (253)798-6443 >>> joe Acquisto 8/14/2009 8:27 AM >>> On Fri, Aug 14, 2009 at 10:20 AM, Joe R. Doupnik wrote: > joe Acquisto wrote: > >> Looking for sources of info - bullet points OK, that outline (at least) >> reasons to upgrade from OES1 (Linux) to OES2. >> >> Virtually everything I've found is focused on why/how to upgrade (migrate) >> from NW to OES2, Linux. >> >> "No longer in general support" is, sadly, insufficent reason. >> >> joe a. >> > ----------- > Servers exist to provide services for folks. You might wish to > have a look at what OES2 provides as that body of work is much improved > over OES1. In addition, there is the not small matter of maintenance of > software. OES1 is quite old, OES2 is in mid-life, software has progressed > between these editions (not least driver support for hardware). > An easy way to compare is to build both versions in a test > environment > and get used to OES2. > In the end it will be the customer's call, with you providing the > factual basis. As all this depends upon local conditions I will stop here. > Joe D. Limitation of available h/w weighs against a test build. joe a. _______________________________________________ Novell mailing list Novell at netlab1.oucs.ox.ac.uk http://netlab1.usu.edu/mailman/listinfo/novell ************************************************************************************* This e-mail and any attachments may contain confidential and privileged information. It has been scanned for viruses. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination, use, review, disclosure, or distribution of this information by a person other than the intended recipient is unauthorized and may be illegal. ************************************************************************************** From bbrush at gmail.com Thu Aug 13 18:07:24 2009 From: bbrush at gmail.com (Bill Brush) Date: Thu, 13 Aug 2009 12:07:24 -0500 Subject: Password expiration e-mail Message-ID: <167f4090908131007r1984b20ap94a3062924ae71fe@mail.gmail.com> Hi guys. I'm looking for solutions that will send an e-mail to users when their password is about to expire. I've found some utilities that do it, and a special IDM driver, but I've found references to IDM being able to do it out of the box, but have not been able to locate a "How to" for it. My resident uber-geek wants to write a script that will do it, but I have thus far restrained him from doing so. Something about implementing a solution that no one else knows anything about gives me hives. So does anyone know how to do this with IDM or have a ultra-spiffy tool that will do the job? Bill From bbrush at gmail.com Mon Aug 17 16:25:57 2009 From: bbrush at gmail.com (Bill Brush) Date: Mon, 17 Aug 2009 10:25:57 -0500 Subject: Password expiration e-mail Message-ID: <167f4090908170825x7cb97068r8b1ab793b11f3abc@mail.gmail.com> Hi guys. I'm looking for solutions that will send an e-mail to users when their password is about to expire. I've found some utilities that do it, and a special IDM driver, but I've found references to IDM being able to do it out of the box, but have not been able to locate a "How to" for it. My resident uber-geek wants to write a script that will do it, but I have thus far restrained him from doing so. Something about implementing a solution that no one else knows anything about gives me hives. So does anyone know how to do this with IDM or have a ultra-spiffy tool that will do the job? Bill From geoffreycarman at gmail.com Mon Aug 17 17:54:02 2009 From: geoffreycarman at gmail.com (Geoffrey Carman) Date: Mon, 17 Aug 2009 12:54:02 -0400 Subject: Password expiration e-mail In-Reply-To: <167f4090908131007r1984b20ap94a3062924ae71fe@mail.gmail.com> References: <167f4090908131007r1984b20ap94a3062924ae71fe@mail.gmail.com> Message-ID: <993788ac0908170954uaa61b4ape7f8c9ed1af530cc@mail.gmail.com> Lothar Heager wrote a really nice driver to do it, I assume that is what you are referring too. There is a Java class someone wrote (I assume Novell Consulting) that is out there that runs via a Cron process on a server every night to send out the emails. Effectivly all three do the same thing. Query the directory for password expiration times, do some math, and send emails to those who need it. You could roll your own pretty easily. But the preexisting ones are pretty fleshed out and work well. On Thu, Aug 13, 2009 at 1:07 PM, Bill Brush wrote: > Hi guys. > > I'm looking for solutions that will send an e-mail to users when their > password is about to expire. ?I've found some utilities that do it, > and a special IDM driver, but I've found references to IDM being able > to do it out of the box, but have not been able to locate a "How to" > for it. ?My resident uber-geek wants to write a script that will do > it, but I have thus far restrained him from doing so. ?Something about > implementing a solution that no one else knows anything about gives me > hives. > > So does anyone know how to do this with IDM or have a ultra-spiffy > tool that will do the job? > > Bill > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > -- Geoffrey Carman geoffreycarman at gmail.com From alandpearson at yahoo.com Mon Aug 17 18:19:41 2009 From: alandpearson at yahoo.com (Alan Pearson) Date: Mon, 17 Aug 2009 18:19:41 +0100 (BST) Subject: Password expiration e-mail In-Reply-To: <167f4090908131007r1984b20ap94a3062924ae71fe@mail.gmail.com> References: <167f4090908131007r1984b20ap94a3062924ae71fe@mail.gmail.com> Message-ID: <26197.88.211.54.85.1250529581.squirrel@83.67.10.8> Hi Bill There is a utility written by Novell support (java based) that does this, it's on cool solutions somewhere. EDIT : found it : http://www.novell.com/coolsolutions/tools/14772.html We use this, and it works reasonably well. Has options to send different messages depending on how close to expiry time the password is. Saved rolling our own for exactly the reasons you describe ! Not sure about IDM if it will do this or not. -- AlanP On Thu, August 13, 2009 6:07 pm, Bill Brush wrote: > Hi guys. > > I'm looking for solutions that will send an e-mail to users when their > password is about to expire. I've found some utilities that do it, > and a special IDM driver, but I've found references to IDM being able > to do it out of the box, but have not been able to locate a "How to" > for it. My resident uber-geek wants to write a script that will do > it, but I have thus far restrained him from doing so. Something about > implementing a solution that no one else knows anything about gives me > hives. > > So does anyone know how to do this with IDM or have a ultra-spiffy > tool that will do the job? > > Bill > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > From RZeman at melwood.org Wed Aug 19 20:39:59 2009 From: RZeman at melwood.org (Rick Zeman) Date: Wed, 19 Aug 2009 15:39:59 -0400 Subject: Interesting iPrint Message-ID: <4A8C1CD1.C84D.00CE.0@melwood.org> Hi, We'd yesterday expanded our DHCP from a /24 (192.168.1.0) to a /22 (192.168.8-10.0). On our DHCP server (which is also the SLP DA with the existing address of 192.168.1.17), we added 192.168.8.17/255.255.252.0 as a secondary protocol bound to the existing board. We could ping both addresses from any segment fine, and DHCP worked fine, etc. So we went home. However, it turns out that adding the secondary IP address broke all of our NDPS/iPrint printing on that server. The server would communicate fine with the printers, but it wouldn't bind port 631 to ANY address (we still want it bound to the original .1.17). So, we had to back out all of changes this morning. Gargh. We couldn't bounce the box during the day, but unloading/loading all of the iPrint and SLP pieces didn't help at all. Deleting the new IP address, running DSRepair to remove the new address from the server object, and resetting SLPDA allowed iPrint to magically start working again. Any suggestions how to troubleshoot this one? We're running out of space in the existing /24 so we want to move all of our workstations over ASAP. TIA! RZ ************ This Melwood e-mail may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed, or their designee. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. Thank you. ************ Sign up for Melwood's e-mail bulletins at http://www.melwood.org/signup.asp From aldo at omni-ts.com Wed Aug 19 22:30:50 2009 From: aldo at omni-ts.com (Aldo Zanoni) Date: Wed, 19 Aug 2009 15:30:50 -0600 Subject: Password expiration e-mail In-Reply-To: <167f4090908131007r1984b20ap94a3062924ae71fe@mail.gmail.com> References: <167f4090908131007r1984b20ap94a3062924ae71fe@mail.gmail.com> Message-ID: <4A8C1AAA020000A80003D6BE@mail.omni-ts.com> Hello, Bill. Password Expiration Email Reminder is one of the Riva Managed Policies. You can read about Riva Managed Policies at: http://www.omni-ts.com/policies/details.html Best regards, Aldo -- Aldo Zanoni CEO, Managing Director Omni Technology Solutions Inc. The GroupWise Integration Company www.omni-ts.com >>> Bill Brush 2009/08/13 11:07 AM >>> Hi guys. I'm looking for solutions that will send an e-mail to users when their password is about to expire. I've found some utilities that do it, and a special IDM driver, but I've found references to IDM being able to do it out of the box, but have not been able to locate a "How to" for it. My resident uber-geek wants to write a script that will do it, but I have thus far restrained him from doing so. Something about implementing a solution that no one else knows anything about gives me hives. So does anyone know how to do this with IDM or have a ultra-spiffy tool that will do the job? Bill _______________________________________________ Novell mailing list Novell at netlab1.oucs.ox.ac.uk http://netlab1.usu.edu/mailman/listinfo/novell From bbrush at gmail.com Thu Aug 20 18:51:59 2009 From: bbrush at gmail.com (Bill Brush) Date: Thu, 20 Aug 2009 12:51:59 -0500 Subject: Password expiration e-mail In-Reply-To: <26197.88.211.54.85.1250529581.squirrel@83.67.10.8> References: <167f4090908131007r1984b20ap94a3062924ae71fe@mail.gmail.com> <26197.88.211.54.85.1250529581.squirrel@83.67.10.8> Message-ID: <167f4090908201051l26c94063w3abf78d5a776c338@mail.gmail.com> I found this utility independently and it works. In typical Novell fashion they make some assumptions that make me wonder about their internal security. The biggest headache was right off the bat, when it couldn't authenticate via secure LDAP. It turns out that if the LDAP server is using a self-signed cert, Java doesn't trust it, so it just ends with an error message. I had to import a cert from the CA into the Java cacerts file to make it happy. If you use unsecured LDAP, it would work fine (but who in their right mind would do that, right Novell?) If you test it, be aware that the e-mail templates pull graphics off of a Novell web server over https, so some mail clients wig out about the certificate. I copied them to a local web server to make the clients happy. There are two files that it uses to keep track of who gets notified (notify.log, and runtime.xml), so make sure whatever user acct is running the utility has rights to modify those files. Overall the config.xml file really wasn't bad to get tweaked, even if you want to customize the templates like I did. I give the utility a 2 thumbs up for being easy to use, not all gooked up with unnecessary features, and flexible within its scope. The only real pain was the SSL cert. Bill On Mon, Aug 17, 2009 at 12:19 PM, Alan Pearson wrote: > Hi Bill > > There is a utility written by Novell support (java based) that does this, > it's on cool solutions somewhere. > EDIT : found it : > http://www.novell.com/coolsolutions/tools/14772.html > > We use this, and it works reasonably well. > Has options to send different messages depending on how close to expiry > time the password is. > > Saved rolling our own for exactly the reasons you describe ! > Not sure about IDM if it will do this or not. > From andrew.foulsham at imm.ox.ac.uk Tue Aug 25 11:35:03 2009 From: andrew.foulsham at imm.ox.ac.uk (Andrew Foulsham) Date: Tue, 25 Aug 2009 11:35:03 +0100 Subject: Changing product activation Message-ID: <4A93CC66.170A.0099.0@gwmail.jr2.ox.ac.uk> Dear all, Sorry to ask a basic question, but Novell Customer Centre product activation is making my brain hurt at the moment. It seems that every time I purchase a subscription from a reseller, we get a new organisation created (albeit associated with my email address, so at least I know about it!). I've already got a system seen under another organisation code with a 60 day evaluation, on which I now want to use one of my purchased subscriptions. Has anyone got a couple of pointers as to how I should either move the system or move the subscription? The subscription is for SLES11 and the virtualisation driver pack. All the best, Andrew -- Andrew Foulsham IT Officer, Weatherall Institute of Molecular Medicine Tel. 01865 222618 andrew.foulsham at imm.ox.ac.uk From joe.doupnik at oucs.ox.ac.uk Tue Aug 25 12:06:29 2009 From: joe.doupnik at oucs.ox.ac.uk (Joe Doupnik) Date: Tue, 25 Aug 2009 12:06:29 +0100 Subject: Changing product activation In-Reply-To: <4A93CC66.170A.0099.0@gwmail.jr2.ox.ac.uk> References: <4A93CC66.170A.0099.0@gwmail.jr2.ox.ac.uk> Message-ID: <4A93C5B5.1000703@oucs.ox.ac.uk> Andrew Foulsham wrote: > Dear all, > > Sorry to ask a basic question, but Novell Customer Centre product activation is making my brain hurt at the moment. > > It seems that every time I purchase a subscription from a reseller, we get a new organisation created (albeit associated with my email address, so at least I know about it!). I've already got a system seen under another organisation code with a 60 day evaluation, on which I now want to use one of my purchased subscriptions. Has anyone got a couple of pointers as to how I should either move the system or move the subscription? > > The subscription is for SLES11 and the virtualisation driver pack. > > All the best, > > Andrew > ------------- I think the solution is at the client-box end of things. The Register with Customer Center part of YaST needs to be run again. One can only hope that NCC will figure out which entitlement to use this time. Fortunately we can query NCC after the fact to discover which has been selected. Plan B is to do your own patch management using a local SLES server to run SMT. Such a machine registers with NCC using mirror credentials tied to an entitlement. It then can pull patches/updates which qualify, and your local machines can draw upon them. In the process said local boxes can have their idents relayed to NCC, or not, as you wish. In any case, the SMT approach means one registration to survive, rather than one per machine if you cycle through many machines. Keeping things licensed is then based on the honor system. Joe D. From andrew.foulsham at imm.ox.ac.uk Tue Aug 25 12:33:20 2009 From: andrew.foulsham at imm.ox.ac.uk (Andrew Foulsham) Date: Tue, 25 Aug 2009 12:33:20 +0100 Subject: Changing product activation In-Reply-To: <4A93C5B5.1000703@oucs.ox.ac.uk> References: <4A93CC66.170A.0099.0@gwmail.jr2.ox.ac.uk> <4A93C5B5.1000703@oucs.ox.ac.uk> Message-ID: <4A93DA0F.170A.0099.0@gwmail.jr2.ox.ac.uk> >>> On 25/08/2009 at 12:06, in message <4A93C5B5.1000703 at oucs.ox.ac.uk>, Joe Doupnik wrote: > Andrew Foulsham wrote: >> Dear all, >> >> Sorry to ask a basic question, but Novell Customer Centre product activation > is making my brain hurt at the moment. >> >> It seems that every time I purchase a subscription from a reseller, we get a > new organisation created (albeit associated with my email address, so at > least I know about it!). I've already got a system seen under another > organisation code with a 60 day evaluation, on which I now want to use one of > my purchased subscriptions. Has anyone got a couple of pointers as to how I > should either move the system or move the subscription? >> >> The subscription is for SLES11 and the virtualisation driver pack. >> >> All the best, >> >> Andrew >> > ------------- > I think the solution is at the client-box end of things. The Register with > Customer Center part of YaST needs to be run again. One can only hope that > NCC will > figure out which entitlement to use this time. Fortunately we can query NCC > after > the fact to discover which has been selected. > Plan B is to do your own patch management using a local SLES server to run > SMT. Such a machine registers with NCC using mirror credentials tied to an > entitlement. > It then can pull patches/updates which qualify, and your local machines can > draw upon > them. In the process said local boxes can have their idents relayed to NCC, > or not, as > you wish. In any case, the SMT approach means one registration to survive, > rather than > one per machine if you cycle through many machines. Keeping things licensed > is then > based on the honor system. > Joe D. > Dear Joe, Many thanks for that. I have now successfully re-registered the system. I had naively thought that registering the system with the NCC meant that I would be able to manage it from there! Best wishes, Andrew Foulsham -- Andrew Foulsham IT Officer, Weatherall Institute of Molecular Medicine Tel. 01865 222618 andrew.foulsham at imm.ox.ac.uk From joe.acquisto at gmail.com Tue Aug 25 15:45:14 2009 From: joe.acquisto at gmail.com (joe Acquisto) Date: Tue, 25 Aug 2009 10:45:14 -0400 Subject: OT - Error on Linux Console Message-ID: <5e7da10a0908250745q728b98d5x28b6704110f76e97@mail.gmail.com> Not even a SuSE box. On console (not logged in) and in /var/log/messages, see this repeat: "TX reached max concurrent block limit of 500" Not finding much, googling. joe a. From joe.doupnik at oucs.ox.ac.uk Tue Aug 25 16:12:08 2009 From: joe.doupnik at oucs.ox.ac.uk (Joe R. Doupnik) Date: Tue, 25 Aug 2009 16:12:08 +0100 Subject: OT - Error on Linux Console In-Reply-To: <5e7da10a0908250745q728b98d5x28b6704110f76e97@mail.gmail.com> References: <5e7da10a0908250745q728b98d5x28b6704110f76e97@mail.gmail.com> Message-ID: <4A93FF48.701@oucs.ox.ac.uk> joe Acquisto wrote: > Not even a SuSE box. On console (not logged in) and in /var/log/messages, > see this repeat: > > "TX reached max concurrent block limit of 500" > > Not finding much, googling. > > joe a. ------------- With that skimpy amount of information I would suggest you look at their IPtables filtering apparatus. Joe D. From petervl at gmail.com Tue Aug 25 16:41:38 2009 From: petervl at gmail.com (Peter Van Lone) Date: Tue, 25 Aug 2009 10:41:38 -0500 Subject: OT - radius to edir Message-ID: <68b791330908250841n53563ed6w5abf8f2971a80942@mail.gmail.com> Hello, I have a few questions regarding what services and/or products can allow authentication for users via RADIUS to Novell Edirectory. I have done some looking and the solution I have come up with is Free RADIUS to be used in combination with the iManager RADIUS plugin -- but I am not at all sure that Free RADIUS is what works with iManager and the RADIUS plugin -- is this the correct combination? Is this the best/easiest way to do this? The goal is to authenticate wireless users using their Edirectory credentials. Anyone done this, and have suggestions or stories to tell about what does or does not work? ------------------------------------------------------------ "I like flaws and feel more comfortable around people who have them. I myself am made entirely of flaws, stitched together with good intentions." Augusten Burroughs http://www.the-brights.net http://xkcd.com/167 From joe.acquisto at gmail.com Tue Aug 25 16:51:19 2009 From: joe.acquisto at gmail.com (joe Acquisto) Date: Tue, 25 Aug 2009 11:51:19 -0400 Subject: OT - Error on Linux Console In-Reply-To: <4A93FF48.701@oucs.ox.ac.uk> References: <5e7da10a0908250745q728b98d5x28b6704110f76e97@mail.gmail.com> <4A93FF48.701@oucs.ox.ac.uk> Message-ID: <5e7da10a0908250851ga657d3fh29197d86ce678f22@mail.gmail.com> On Tue, Aug 25, 2009 at 11:12 AM, Joe R. Doupnik wrote: > joe Acquisto wrote: > >> Not even a SuSE box. On console (not logged in) and in /var/log/messages, >> see this repeat: >> >> "TX reached max concurrent block limit of 500" >> >> Not finding much, googling. >> >> joe a. >> > ------------- > With that skimpy amount of information I would suggest > you look at their IPtables filtering apparatus. > Joe D. > I'd have thought poking about in the kernel TCP stuff. Ah, left out a possible clue, /var/log/messages included "kernel" as the source. At least I think that's what it means when "kernel:" preceeds the message. joe a. From petervl at gmail.com Tue Aug 25 17:01:38 2009 From: petervl at gmail.com (Peter Van Lone) Date: Tue, 25 Aug 2009 11:01:38 -0500 Subject: [ngw] OT - radius to edir In-Reply-To: <4A93D0BC0200003300021586@k12group.net> References: <68b791330908250841n53563ed6w5abf8f2971a80942@mail.gmail.com> <4A93D0BC0200003300021586@k12group.net> Message-ID: <68b791330908250901i44ac7560j7467180580c9dfe9@mail.gmail.com> wow -- sounds like a pretty cool solution, but ... really, seriously, you could find no simple/secure way to configure RADIUS against eDirectory? Sigh ... there has GOT to be a simple way to do this, no? It is fall-off-a-log easy to do with AD, of course -- why oh why oh why would it be so frelling difficult to do with edir? P On Tue, Aug 25, 2009 at 10:53 AM, Keith Larson wrote: > This has been widely discussed on the education list that novell hosts. > > I worked on a project last year where we wanted this same thing.? After a > significant effort we discovered all usernames and passwords appearing in > clear text in our radius logs so we aborted that effort.? We did make it > work though. > > I regrouped and found what I consider to be a better method.? It was rather > complex to setup, but the end result was fantastic and I'm working on > installing it at more of the schools that I support. > > We use the zen imaging process to automatically name computers.? This > guarantees unique names and simplifies it.? During our autoname script, we > spit off a file that includes this name to our FreeRadius server that is > also running OpenSSL.? The certificate server is running a script to look > for incoming certificate requests.? When it sees one, it creates a > certificate and transfers it to a OES2 server.? I have a NAL object that > runs and uses the computername, so each computer will only find the > certificate that was uniquely generated for it.? It imports that certificate > and then uses it for EAP/TLS authentication to radius.? Each workstation has > its own automatically generated certificate.? Each one could be booted off > if there are problems. > > It is completely hands off now. > > > > Keith Larson > Franklin Computer Services - K12 Group > (614) 561-4887 > klarson at k12group.net > > > > > > >>>> Peter Van Lone 8/25/2009 11:41 AM >>> > Hello, > > I have a few questions regarding what services and/or products can > allow authentication for users via RADIUS to Novell Edirectory. > > I have done some looking and the solution I have come up with is Free > RADIUS to be used in combination with the iManager RADIUS plugin -- > but I am not at all sure that Free RADIUS is what works with iManager > and the RADIUS plugin -- is this the correct combination? Is this the > best/easiest way to do this? > > The goal is to authenticate wireless users using their Edirectory > credentials. > > Anyone done this, and have suggestions or stories to tell about what > does or does not work? > > > > > > ------------------------------------------------------------ > "I like flaws and feel more comfortable around people who have them. I > myself am made entirely of flaws, stitched together with good > intentions." Augusten Burroughs > > http://www.the-brights.net > http://xkcd.com/167 > > -- > Visit http://www.ngwlist.com for help unsubscribing > > From petervl at gmail.com Tue Aug 25 19:26:41 2009 From: petervl at gmail.com (Peter Van Lone) Date: Tue, 25 Aug 2009 13:26:41 -0500 Subject: [ngw] OT - radius to edir In-Reply-To: <4A93DEBD02000033000215A0@k12group.net> References: <68b791330908250841n53563ed6w5abf8f2971a80942@mail.gmail.com> <4A93D0BC0200003300021586@k12group.net> <68b791330908250901i44ac7560j7467180580c9dfe9@mail.gmail.com> <4A93DEBD02000033000215A0@k12group.net> Message-ID: <68b791330908251126r647d0a13gda25ed6624e4ec8e@mail.gmail.com> It just kind of boggles my mind that something so simple has been given such backhanded thought/effort for so many years. I guess when you believe that all of your important customers are big time enterprises stocked to the gills with IT talent and are likely to "roll their own" anyway ... it doesn't matter. A simple little module, designed to talk to edir and provide basic radius services ... sigh On Tue, Aug 25, 2009 at 11:53 AM, Keith Larson wrote: > it is entirely possible that i did something wrong with the ldap setup.? i'm > glad though because i got something way better.? it is very cool. > >>>> Peter Van Lone 8/25/2009 12:01 PM >>> > wow -- sounds like a pretty cool solution, but ... > > really, seriously, you could find no simple/secure way to configure > RADIUS against eDirectory? > > Sigh ... there has GOT to be a simple way to do this, no? It is > fall-off-a-log easy to do with AD, of course -- why oh why oh why > would it be so frelling difficult to do with edir? > > P > > > On Tue, Aug 25, 2009 at 10:53 AM, Keith Larson wrote: >> This has been widely discussed on the education list that novell hosts. >> >> I worked on a project last year where we wanted this same thing.? After a >> significant effort we discovered all usernames and passwords appearing in >> clear text in our radius logs so we aborted that effort.? We did make it >> work though. >> >> I regrouped and found what I consider to be a better method.? It was >> rather >> complex to setup, but the end result was fantastic and I'm working on >> installing it at more of the schools that I support. >> >> We use the zen imaging process to automatically name computers.? This >> guarantees unique names and simplifies it.? During our autoname script, we >> spit off a file that includes this name to our FreeRadius server that is >> also running OpenSSL.? The certificate server is running a script to look >> for incoming certificate requests.? When it sees one, it creates a >> certificate and transfers it to a OES2 server.? I have a NAL object that >> runs and uses the computername, so each computer will only find the >> certificate that was uniquely generated for it.? It imports that >> certificate >> and then uses it for EAP/TLS authentication to radius.? Each workstation >> has >> its own automatically generated certificate.? Each one could be booted off >> if there are problems. >> >> It is completely hands off now. >> >> >> >> Keith Larson >> Franklin Computer Services - K12 Group >> (614) 561-4887 >> klarson at k12group.net >> >> >> >> >> >> >>>>> Peter Van Lone 8/25/2009 11:41 AM >>> >> Hello, >> >> I have a few questions regarding what services and/or products can >> allow authentication for users via RADIUS to Novell Edirectory. >> >> I have done some looking and the solution I have come up with is Free >> RADIUS to be used in combination with the iManager RADIUS plugin -- >> but I am not at all sure that Free RADIUS is what works with iManager >> and the RADIUS plugin -- is this the correct combination? Is this the >> best/easiest way to do this? >> >> The goal is to authenticate wireless users using their Edirectory >> credentials. >> >> Anyone done this, and have suggestions or stories to tell about what >> does or does not work? >> >> >> >> >> >> ------------------------------------------------------------ >> "I like flaws and feel more comfortable around people who have them. I >> myself am made entirely of flaws, stitched together with good >> intentions." Augusten Burroughs >> >> http://www.the-brights.net >> http://xkcd.com/167 >> >> -- >> Visit http://www.ngwlist.com for help unsubscribing >> >> > > -- > Visit http://www.ngwlist.com for help unsubscribing > > From pallenr32 at gmail.com Sat Aug 29 02:45:33 2009 From: pallenr32 at gmail.com (Paul Allen) Date: Sat, 29 Aug 2009 11:45:33 +1000 Subject: Cluster issues Message-ID: Hello This is my first post to this list...I hope I have come to the right place. I am currently working on a project to migrate Groupwise 7.0.3 from a 8 way Netware Cluster to a 6 way SLES 10 SP2 OES2 SP1 cluster. 26 Post Offices about 5000 users Sounds simple enough or so I thought...I built a pilot site in VM and all was working well But I have run into many issues, the show stopper at the moment is I have created 26 storage pools and have another 14 to create but they fail with nds -606 errors and the virtual server for the pools don't get created...I hope to open a SR with Novell on this Monday. Anyway, my question is whether to continue down this path or try another tack ? How many folks are running a clustered SLES10 SP2 OES2 environment ? How many are running a clustered SLES11 HA environment ? My line manager would prefer I build the environment with Netware 6.5 ....but these are 8 core servers running 16Gb ram seems a waste of hardware resources I can't help feeling some of the issues I have are hardware related, HBA timing...this is what I will be concertrating on this weekend as I have resources that go comatose rather than migrate...when i offline nodes. Any ideas would be greatly appreciated Cheers Paul -- A perfection of means, and confusion of aims, seems to be our main problem. *Albert Einstein* From alan at precise-computer.com Sat Aug 29 02:54:13 2009 From: alan at precise-computer.com (Alan Downs) Date: Sat, 29 Aug 2009 01:54:13 +0000 Subject: Cluster issues In-Reply-To: References: Message-ID: <1286276248-1251510810-cardhu_decombobulator_blackberry.rim.net-1887277470-@bxe1274.bisx.prod.on.blackberry> My first question is why you have 26 PO's when GW can handle many, many users on each. I would lower my PO count, which would make the migration much less complex. I haven't done a SLES cluster yet, so I can't speak to that, just GW. Sent from my BlackBerry? wireless device from U.S. Cellular -----Original Message----- From: Paul Allen Date: Sat, 29 Aug 2009 11:45:33 To: Subject: Cluster issues Hello This is my first post to this list...I hope I have come to the right place. I am currently working on a project to migrate Groupwise 7.0.3 from a 8 way Netware Cluster to a 6 way SLES 10 SP2 OES2 SP1 cluster. 26 Post Offices about 5000 users Sounds simple enough or so I thought...I built a pilot site in VM and all was working well But I have run into many issues, the show stopper at the moment is I have created 26 storage pools and have another 14 to create but they fail with nds -606 errors and the virtual server for the pools don't get created...I hope to open a SR with Novell on this Monday. Anyway, my question is whether to continue down this path or try another tack ? How many folks are running a clustered SLES10 SP2 OES2 environment ? How many are running a clustered SLES11 HA environment ? My line manager would prefer I build the environment with Netware 6.5 ....but these are 8 core servers running 16Gb ram seems a waste of hardware resources I can't help feeling some of the issues I have are hardware related, HBA timing...this is what I will be concertrating on this weekend as I have resources that go comatose rather than migrate...when i offline nodes. Any ideas would be greatly appreciated Cheers Paul -- A perfection of means, and confusion of aims, seems to be our main problem. *Albert Einstein* _______________________________________________ Novell mailing list Novell at netlab1.oucs.ox.ac.uk http://netlab1.usu.edu/mailman/listinfo/novell From pallenr32 at gmail.com Sat Aug 29 03:19:35 2009 From: pallenr32 at gmail.com (Paul Allen) Date: Sat, 29 Aug 2009 12:19:35 +1000 Subject: Cluster issues In-Reply-To: <1286276248-1251510810-cardhu_decombobulator_blackberry.rim.net-1887277470-@bxe1274.bisx.prod.on.blackberry> References: <1286276248-1251510810-cardhu_decombobulator_blackberry.rim.net-1887277470-@bxe1274.bisx.prod.on.blackberry> Message-ID: Hello Alan I am following the solution design doc put together by the system architechs...its a design where a Post Offices has a maximum size of 50Gb and where a Faculty will have multiple Post Offices...due to storage issues not users.... This is due in part to no policies being put into place to limit user mailbox sizes, the client is a large University and for Intellectual Property reasons would like Faculties and research divisions in their own Post Office... cheers paul 2009/8/29 Alan Downs > > My first question is why you have 26 PO's when GW can handle many, many > users on each. I would lower my PO count, which would make the migration > much less complex. I haven't done a SLES cluster yet, so I can't speak to > that, just GW. > Sent from my BlackBerry? wireless device from U.S. Cellular > > -----Original Message----- > From: Paul Allen > > Date: Sat, 29 Aug 2009 11:45:33 > To: > Subject: Cluster issues > > > Hello > This is my first post to this list...I hope I have come to the right place. > > I am currently working on a project to migrate Groupwise 7.0.3 from a 8 way > Netware Cluster to a 6 way SLES 10 SP2 OES2 SP1 cluster. > > 26 Post Offices about 5000 users > > Sounds simple enough or so I thought...I built a pilot site in VM and all > was working well > > But I have run into many issues, the show stopper at the moment is I have > created 26 storage pools and have another 14 to create but they fail with > nds -606 errors and the virtual server for the pools don't get created...I > hope to open a SR with Novell on this Monday. > > Anyway, my question is whether to continue down this path or try another > tack ? > > How many folks are running a clustered SLES10 SP2 OES2 environment ? > > How many are running a clustered SLES11 HA environment ? > > My line manager would prefer I build the environment with Netware 6.5 > ....but these are 8 core servers running 16Gb ram seems a waste of hardware > resources > > I can't help feeling some of the issues I have are hardware related, HBA > timing...this is what I will be concertrating on this weekend as I have > resources that go comatose rather than migrate...when i offline nodes. > > Any ideas would be greatly appreciated > > Cheers > Paul > > -- > A perfection of means, and confusion of aims, seems to be our main problem. > *Albert Einstein* > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > -- From randygrein at comcast.net Sat Aug 29 03:21:38 2009 From: randygrein at comcast.net (Randy Grein) Date: Fri, 28 Aug 2009 19:21:38 -0700 Subject: Cluster issues In-Reply-To: References: Message-ID: <158010C6-2A58-4340-87EB-6950739FD3B7@comcast.net> Paul, I'm not an expert on the OES2 migration, but it sounds like you're having a connection problem with eDir. Do the physical servers show up in eDir, and do they all sync clean? Sounds obvious, but on SUSE you can get a long way without connecting with eDir correctly, confusing the issue. Sounds like vast hardware overkill, but then there may be more to the situation that warrants it. And yes, I'd reduce the number of POs. Best practices call for 500-1000 users per PO IIRC, but there are many experts here who can speak to that. Randy Grein, Master CNE, CCNA On Aug 28, 2009, at 6:45 PM, Paul Allen wrote: > Hello > This is my first post to this list...I hope I have come to the right > place. > > I am currently working on a project to migrate Groupwise 7.0.3 from > a 8 way > Netware Cluster to a 6 way SLES 10 SP2 OES2 SP1 cluster. > > 26 Post Offices about 5000 users > > Sounds simple enough or so I thought...I built a pilot site in VM > and all > was working well > > But I have run into many issues, the show stopper at the moment is I > have > created 26 storage pools and have another 14 to create but they fail > with > nds -606 errors and the virtual server for the pools don't get > created...I > hope to open a SR with Novell on this Monday. > > Anyway, my question is whether to continue down this path or try > another > tack ? > > How many folks are running a clustered SLES10 SP2 OES2 environment ? > > How many are running a clustered SLES11 HA environment ? > > My line manager would prefer I build the environment with Netware 6.5 > ....but these are 8 core servers running 16Gb ram seems a waste of > hardware > resources > > I can't help feeling some of the issues I have are hardware related, > HBA > timing...this is what I will be concertrating on this weekend as I > have > resources that go comatose rather than migrate...when i offline nodes. > > Any ideas would be greatly appreciated > > Cheers > Paul > > -- > A perfection of means, and confusion of aims, seems to be our main > problem. > *Albert Einstein* > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell From Steven.Tharp at davenport.edu Sat Aug 29 03:24:04 2009 From: Steven.Tharp at davenport.edu (Steven Tharp) Date: Fri, 28 Aug 2009 22:24:04 -0400 Subject: Cluster issues Message-ID: <4A9859040200004000063510@dugwia1.davenport.edu> Sounds like it was written by folks who understood GroupWise about 10 years ago. Nothing special about PO that exceed 50GB. Steven Tharp Davenport University >>> Paul Allen 08/28/09 10:20 PM >>> Hello Alan I am following the solution design doc put together by the system architechs...its a design where a Post Offices has a maximum size of 50Gb and where a Faculty will have multiple Post Offices...due to storage issues not users.... This is due in part to no policies being put into place to limit user mailbox sizes, the client is a large University and for Intellectual Property reasons would like Faculties and research divisions in their own Post Office... cheers paul 2009/8/29 Alan Downs > > My first question is why you have 26 PO's when GW can handle many, many > users on each. I would lower my PO count, which would make the migration > much less complex. I haven't done a SLES cluster yet, so I can't speak to > that, just GW. > Sent from my BlackBerry? wireless device from U.S. Cellular > > -----Original Message----- > From: Paul Allen > > Date: Sat, 29 Aug 2009 11:45:33 > To: > Subject: Cluster issues > > > Hello > This is my first post to this list...I hope I have come to the right place. > > I am currently working on a project to migrate Groupwise 7.0.3 from a 8 way > Netware Cluster to a 6 way SLES 10 SP2 OES2 SP1 cluster. > > 26 Post Offices about 5000 users > > Sounds simple enough or so I thought...I built a pilot site in VM and all > was working well > > But I have run into many issues, the show stopper at the moment is I have > created 26 storage pools and have another 14 to create but they fail with > nds -606 errors and the virtual server for the pools don't get created...I > hope to open a SR with Novell on this Monday. > > Anyway, my question is whether to continue down this path or try another > tack ? > > How many folks are running a clustered SLES10 SP2 OES2 environment ? > > How many are running a clustered SLES11 HA environment ? > > My line manager would prefer I build the environment with Netware 6.5 > ....but these are 8 core servers running 16Gb ram seems a waste of hardware > resources > > I can't help feeling some of the issues I have are hardware related, HBA > timing...this is what I will be concertrating on this weekend as I have > resources that go comatose rather than migrate...when i offline nodes. > > Any ideas would be greatly appreciated > > Cheers > Paul > > -- > A perfection of means, and confusion of aims, seems to be our main problem. > *Albert Einstein* > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > -- _______________________________________________ Novell mailing list Novell at netlab1.oucs.ox.ac.uk http://netlab1.usu.edu/mailman/listinfo/novell From pallenr32 at gmail.com Sat Aug 29 04:22:13 2009 From: pallenr32 at gmail.com (Paul Allen) Date: Sat, 29 Aug 2009 13:22:13 +1000 Subject: Cluster issues In-Reply-To: <158010C6-2A58-4340-87EB-6950739FD3B7@comcast.net> References: <158010C6-2A58-4340-87EB-6950739FD3B7@comcast.net> Message-ID: Hello Randy eDir is in sync but the time sync check done from root of the tree seem to get stuck on the new linux servers (physical and virtual) with -625 errors (DS not contactable) - need to mention this to Novell in the SR. TCP port 524 are open but are the UDP's open from campus to DMZ Any new pools that are created turn up in eDir, but the virtual server for the pool doesn't...when viewed from iManager on the SLES servers or when viewed from iManager from a Netware server in another network segment. the new Groupwise cluster is being placed in the DMZ, while the old Groupwise cluster is in a secure network domain...this means there are three firewalls between users and the two Groupwise systems... cheers Paul 2009/8/29 Randy Grein > Paul, I'm not an expert on the OES2 migration, but it sounds like you're > having a connection problem with eDir. Do the physical servers show up in > eDir, and do they all sync clean? Sounds obvious, but on SUSE you can get a > long way without connecting with eDir correctly, confusing the issue. > > Sounds like vast hardware overkill, but then there may be more to the > situation that warrants it. And yes, I'd reduce the number of POs. Best > practices call for 500-1000 users per PO IIRC, but there are many experts > here who can speak to that. > > Randy Grein, Master CNE, CCNA > > > On Aug 28, 2009, at 6:45 PM, Paul Allen wrote: > > Hello >> This is my first post to this list...I hope I have come to the right >> place. >> >> I am currently working on a project to migrate Groupwise 7.0.3 from a 8 >> way >> Netware Cluster to a 6 way SLES 10 SP2 OES2 SP1 cluster. >> >> 26 Post Offices about 5000 users >> >> Sounds simple enough or so I thought...I built a pilot site in VM and all >> was working well >> >> But I have run into many issues, the show stopper at the moment is I have >> created 26 storage pools and have another 14 to create but they fail with >> nds -606 errors and the virtual server for the pools don't get created...I >> hope to open a SR with Novell on this Monday. >> >> Anyway, my question is whether to continue down this path or try another >> tack ? >> >> How many folks are running a clustered SLES10 SP2 OES2 environment ? >> >> How many are running a clustered SLES11 HA environment ? >> >> My line manager would prefer I build the environment with Netware 6.5 >> ....but these are 8 core servers running 16Gb ram seems a waste of >> hardware >> resources >> >> I can't help feeling some of the issues I have are hardware related, HBA >> timing...this is what I will be concertrating on this weekend as I have >> resources that go comatose rather than migrate...when i offline nodes. >> >> Any ideas would be greatly appreciated >> >> Cheers >> Paul >> >> -- >> A perfection of means, and confusion of aims, seems to be our main >> problem. >> *Albert Einstein* >> _______________________________________________ >> Novell mailing list >> Novell at netlab1.oucs.ox.ac.uk >> http://netlab1.usu.edu/mailman/listinfo/novell >> > > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > -- Business and common sense have little to do with each other these days. (Misquoting 'A Midsummer Night's Dream') From pallenr32 at gmail.com Sat Aug 29 04:27:17 2009 From: pallenr32 at gmail.com (Paul Allen) Date: Sat, 29 Aug 2009 13:27:17 +1000 Subject: Cluster issues In-Reply-To: <4A9859040200004000063510@dugwia1.davenport.edu> References: <4A9859040200004000063510@dugwia1.davenport.edu> Message-ID: Hello Steven I think the concern was the time taken during maintenance and segmenting off users into their own PO to limit the impact to other users when things go pair shaped. cheers Paul 2009/8/29 Steven Tharp > Sounds like it was written by folks who understood GroupWise about 10 > years ago. Nothing special about PO that exceed 50GB. > > Steven Tharp > Davenport University > > >>> Paul Allen 08/28/09 10:20 PM >>> > Hello Alan > I am following the solution design doc put together by the system > architechs...its a design where a Post Offices has a maximum size of > 50Gb > and where a Faculty will have multiple Post Offices...due to storage > issues > not users.... > > This is due in part to no policies being put into place to limit user > mailbox sizes, the client is a large University and for Intellectual > Property reasons would like Faculties and research divisions in their > own > Post Office... > > cheers > paul > > 2009/8/29 Alan Downs > > > > > My first question is why you have 26 PO's when GW can handle many, > many > > users on each. I would lower my PO count, which would make the > migration > > much less complex. I haven't done a SLES cluster yet, so I can't speak > to > > that, just GW. > > Sent from my BlackBerry? wireless device from U.S. Cellular > > > > -----Original Message----- > > From: Paul Allen > > > > Date: Sat, 29 Aug 2009 11:45:33 > > To: > > Subject: Cluster issues > > > > > > Hello > > This is my first post to this list...I hope I have come to the right > place. > > > > I am currently working on a project to migrate Groupwise 7.0.3 from a > 8 way > > Netware Cluster to a 6 way SLES 10 SP2 OES2 SP1 cluster. > > > > 26 Post Offices about 5000 users > > > > Sounds simple enough or so I thought...I built a pilot site in VM and > all > > was working well > > > > But I have run into many issues, the show stopper at the moment is I > have > > created 26 storage pools and have another 14 to create but they fail > with > > nds -606 errors and the virtual server for the pools don't get > created...I > > hope to open a SR with Novell on this Monday. > > > > Anyway, my question is whether to continue down this path or try > another > > tack ? > > > > How many folks are running a clustered SLES10 SP2 OES2 environment ? > > > > How many are running a clustered SLES11 HA environment ? > > > > My line manager would prefer I build the environment with Netware 6.5 > > ....but these are 8 core servers running 16Gb ram seems a waste of > hardware > > resources > > > > I can't help feeling some of the issues I have are hardware related, > HBA > > timing...this is what I will be concertrating on this weekend as I > have > > resources that go comatose rather than migrate...when i offline nodes. > > > > Any ideas would be greatly appreciated > > > > Cheers > > Paul > > > > -- > > A perfection of means, and confusion of aims, seems to be our main > problem. > > *Albert Einstein* > > _______________________________________________ > > Novell mailing list > > Novell at netlab1.oucs.ox.ac.uk > > http://netlab1.usu.edu/mailman/listinfo/novell > > _______________________________________________ > > Novell mailing list > > Novell at netlab1.oucs.ox.ac.uk > > http://netlab1.usu.edu/mailman/listinfo/novell > > > > > > -- > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > -- Business and common sense have little to do with each other these days. (Misquoting 'A Midsummer Night's Dream') From randygrein at comcast.net Sat Aug 29 05:25:22 2009 From: randygrein at comcast.net (Randy Grein) Date: Fri, 28 Aug 2009 21:25:22 -0700 Subject: Cluster issues In-Reply-To: References: <4A9859040200004000063510@dugwia1.davenport.edu> Message-ID: Ah, yes - but that's a function of, to put it grossly, PO size (mail hogs only count partially, so space alone is a poor predictor) and the inverse of the drive configuration of the SAN. I hope they actually did some testing before arriving at the 50 GB limit. Randy Grein, Master CNE, CCNA On Aug 28, 2009, at 8:27 PM, Paul Allen wrote: > Hello Steven > I think the concern was the time taken during maintenance and > segmenting off > users into their own PO to limit the impact to other users when > things go > pair shaped. > > cheers > Paul > > 2009/8/29 Steven Tharp > >> Sounds like it was written by folks who understood GroupWise about 10 >> years ago. Nothing special about PO that exceed 50GB. >> >> Steven Tharp >> Davenport University >> >>>>> Paul Allen 08/28/09 10:20 PM >>> >> Hello Alan >> I am following the solution design doc put together by the system >> architechs...its a design where a Post Offices has a maximum size of >> 50Gb >> and where a Faculty will have multiple Post Offices...due to storage >> issues >> not users.... >> >> This is due in part to no policies being put into place to limit user >> mailbox sizes, the client is a large University and for Intellectual >> Property reasons would like Faculties and research divisions in their >> own >> Post Office... >> >> cheers >> paul >> >> 2009/8/29 Alan Downs >> >>> >>> My first question is why you have 26 PO's when GW can handle many, >> many >>> users on each. I would lower my PO count, which would make the >> migration >>> much less complex. I haven't done a SLES cluster yet, so I can't >>> speak >> to >>> that, just GW. >>> Sent from my BlackBerry? wireless device from U.S. Cellular >>> >>> -----Original Message----- >>> From: Paul Allen >>> >>> Date: Sat, 29 Aug 2009 11:45:33 >>> To: >>> Subject: Cluster issues >>> >>> >>> Hello >>> This is my first post to this list...I hope I have come to the right >> place. >>> >>> I am currently working on a project to migrate Groupwise 7.0.3 >>> from a >> 8 way >>> Netware Cluster to a 6 way SLES 10 SP2 OES2 SP1 cluster. >>> >>> 26 Post Offices about 5000 users >>> >>> Sounds simple enough or so I thought...I built a pilot site in VM >>> and >> all >>> was working well >>> >>> But I have run into many issues, the show stopper at the moment is I >> have >>> created 26 storage pools and have another 14 to create but they fail >> with >>> nds -606 errors and the virtual server for the pools don't get >> created...I >>> hope to open a SR with Novell on this Monday. >>> >>> Anyway, my question is whether to continue down this path or try >> another >>> tack ? >>> >>> How many folks are running a clustered SLES10 SP2 OES2 environment ? >>> >>> How many are running a clustered SLES11 HA environment ? >>> >>> My line manager would prefer I build the environment with Netware >>> 6.5 >>> ....but these are 8 core servers running 16Gb ram seems a waste of >> hardware >>> resources >>> >>> I can't help feeling some of the issues I have are hardware related, >> HBA >>> timing...this is what I will be concertrating on this weekend as I >> have >>> resources that go comatose rather than migrate...when i offline >>> nodes. >>> >>> Any ideas would be greatly appreciated >>> >>> Cheers >>> Paul >>> >>> -- >>> A perfection of means, and confusion of aims, seems to be our main >> problem. >>> *Albert Einstein* >>> _______________________________________________ >>> Novell mailing list >>> Novell at netlab1.oucs.ox.ac.uk >>> http://netlab1.usu.edu/mailman/listinfo/novell >>> _______________________________________________ >>> Novell mailing list >>> Novell at netlab1.oucs.ox.ac.uk >>> http://netlab1.usu.edu/mailman/listinfo/novell >>> >> >> >> >> -- >> _______________________________________________ >> Novell mailing list >> Novell at netlab1.oucs.ox.ac.uk >> http://netlab1.usu.edu/mailman/listinfo/novell >> _______________________________________________ >> Novell mailing list >> Novell at netlab1.oucs.ox.ac.uk >> http://netlab1.usu.edu/mailman/listinfo/novell >> > > > > -- > Business and common sense have little to do with each other these > days. > > (Misquoting 'A Midsummer Night's Dream') > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell From randygrein at comcast.net Sat Aug 29 05:30:16 2009 From: randygrein at comcast.net (Randy Grein) Date: Fri, 28 Aug 2009 21:30:16 -0700 Subject: Cluster issues In-Reply-To: References: <158010C6-2A58-4340-87EB-6950739FD3B7@comcast.net> Message-ID: <5851C977-17EC-4EBC-8C13-7520E2538EE6@comcast.net> Well, you've found your problem already - it won't work if time doesn't sync. You HAVE to pass NTP (and the Netware boxes have to be configured for it, either through timesync or native NTP) before you can progress further. UDP Port 123... Understand the problems putting a resource like this in a DMZ. Although our environment is simpler and smaller we had the same problem - and my boss moved the servers to our DMZ from internal and told me after the fact. I had a lot of work to get things running including management and file access. Fortunately I had access to the firewall configuration, and I didn't have ot contend with crossing 3. Randy Grein, Master CNE, CCNA On Aug 28, 2009, at 8:22 PM, Paul Allen wrote: > Hello Randy > eDir is in sync but the time sync check done from root of the tree > seem to > get stuck on the new linux servers (physical and virtual) with -625 > errors > (DS not contactable) - need to mention this to Novell in the SR. > TCP port > 524 are open but are the UDP's open from campus to DMZ > > Any new pools that are created turn up in eDir, but the virtual > server for > the pool doesn't...when viewed from iManager on the SLES servers or > when > viewed from iManager from a Netware server in another network segment. > > the new Groupwise cluster is being placed in the DMZ, while the old > Groupwise cluster is in a secure network domain...this means there > are three > firewalls between users and the two Groupwise systems... > > cheers > Paul > > 2009/8/29 Randy Grein > >> Paul, I'm not an expert on the OES2 migration, but it sounds like >> you're >> having a connection problem with eDir. Do the physical servers >> show up in >> eDir, and do they all sync clean? Sounds obvious, but on SUSE you >> can get a >> long way without connecting with eDir correctly, confusing the issue. >> >> Sounds like vast hardware overkill, but then there may be more to the >> situation that warrants it. And yes, I'd reduce the number of POs. >> Best >> practices call for 500-1000 users per PO IIRC, but there are many >> experts >> here who can speak to that. >> >> Randy Grein, Master CNE, CCNA >> >> >> On Aug 28, 2009, at 6:45 PM, Paul Allen wrote: >> >> Hello >>> This is my first post to this list...I hope I have come to the right >>> place. >>> >>> I am currently working on a project to migrate Groupwise 7.0.3 >>> from a 8 >>> way >>> Netware Cluster to a 6 way SLES 10 SP2 OES2 SP1 cluster. >>> >>> 26 Post Offices about 5000 users >>> >>> Sounds simple enough or so I thought...I built a pilot site in VM >>> and all >>> was working well >>> >>> But I have run into many issues, the show stopper at the moment is >>> I have >>> created 26 storage pools and have another 14 to create but they >>> fail with >>> nds -606 errors and the virtual server for the pools don't get >>> created...I >>> hope to open a SR with Novell on this Monday. >>> >>> Anyway, my question is whether to continue down this path or try >>> another >>> tack ? >>> >>> How many folks are running a clustered SLES10 SP2 OES2 environment ? >>> >>> How many are running a clustered SLES11 HA environment ? >>> >>> My line manager would prefer I build the environment with Netware >>> 6.5 >>> ....but these are 8 core servers running 16Gb ram seems a waste of >>> hardware >>> resources >>> >>> I can't help feeling some of the issues I have are hardware >>> related, HBA >>> timing...this is what I will be concertrating on this weekend as I >>> have >>> resources that go comatose rather than migrate...when i offline >>> nodes. >>> >>> Any ideas would be greatly appreciated >>> >>> Cheers >>> Paul >>> >>> -- >>> A perfection of means, and confusion of aims, seems to be our main >>> problem. >>> *Albert Einstein* >>> _______________________________________________ >>> Novell mailing list >>> Novell at netlab1.oucs.ox.ac.uk >>> http://netlab1.usu.edu/mailman/listinfo/novell >>> >> >> _______________________________________________ >> Novell mailing list >> Novell at netlab1.oucs.ox.ac.uk >> http://netlab1.usu.edu/mailman/listinfo/novell >> > > > > -- > Business and common sense have little to do with each other these > days. > > (Misquoting 'A Midsummer Night's Dream') > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell From pallenr32 at gmail.com Sat Aug 29 05:44:54 2009 From: pallenr32 at gmail.com (Paul Allen) Date: Sat, 29 Aug 2009 14:44:54 +1000 Subject: Cluster issues In-Reply-To: <5851C977-17EC-4EBC-8C13-7520E2538EE6@comcast.net> References: <158010C6-2A58-4340-87EB-6950739FD3B7@comcast.net> <5851C977-17EC-4EBC-8C13-7520E2538EE6@comcast.net> Message-ID: Hi Randy I have taken a look at the firwall rules they appear to be fine as the current file and print is in dmz also....its a DR thing (stretch cluster using iSCSI) Unfortunatley, the ITS group is broken up into separate entities and I have read access to the firewall but not write access...I will get onto the group and see if they have made any changes as we were able to install the servers into eDir last week but since Wednesday afternoon we have had a mountain of issues...related to the new cluster.... When I ndsrepair -T (check timesync on SLES) all is good...even now I can also perform a ndsrepair -U and have no errors reported. But, I will raise this with Novell when I initiate a SR. cheers Paul 2009/8/29 Randy Grein > Well, you've found your problem already - it won't work if time doesn't > sync. You HAVE to pass NTP (and the Netware boxes have to be configured for > it, either through timesync or native NTP) before you can progress further. > UDP Port 123... > > Understand the problems putting a resource like this in a DMZ. Although our > environment is simpler and smaller we had the same problem - and my boss > moved the servers to our DMZ from internal and told me after the fact. I had > a lot of work to get things running including management and file access. > Fortunately I had access to the firewall configuration, and I didn't have ot > contend with crossing 3. > > Randy Grein, Master CNE, CCNA > > On Aug 28, 2009, at 8:22 PM, Paul Allen wrote: > > Hello Randy >> eDir is in sync but the time sync check done from root of the tree seem to >> get stuck on the new linux servers (physical and virtual) with -625 errors >> (DS not contactable) - need to mention this to Novell in the SR. TCP port >> 524 are open but are the UDP's open from campus to DMZ >> >> Any new pools that are created turn up in eDir, but the virtual server for >> the pool doesn't...when viewed from iManager on the SLES servers or when >> viewed from iManager from a Netware server in another network segment. >> >> the new Groupwise cluster is being placed in the DMZ, while the old >> Groupwise cluster is in a secure network domain...this means there are >> three >> firewalls between users and the two Groupwise systems... >> >> cheers >> Paul >> >> 2009/8/29 Randy Grein >> >> Paul, I'm not an expert on the OES2 migration, but it sounds like you're >>> having a connection problem with eDir. Do the physical servers show up >>> in >>> eDir, and do they all sync clean? Sounds obvious, but on SUSE you can get >>> a >>> long way without connecting with eDir correctly, confusing the issue. >>> >>> Sounds like vast hardware overkill, but then there may be more to the >>> situation that warrants it. And yes, I'd reduce the number of POs. Best >>> practices call for 500-1000 users per PO IIRC, but there are many experts >>> here who can speak to that. >>> >>> Randy Grein, Master CNE, CCNA >>> >>> >>> On Aug 28, 2009, at 6:45 PM, Paul Allen wrote: >>> >>> Hello >>> >>>> This is my first post to this list...I hope I have come to the right >>>> place. >>>> >>>> I am currently working on a project to migrate Groupwise 7.0.3 from a 8 >>>> way >>>> Netware Cluster to a 6 way SLES 10 SP2 OES2 SP1 cluster. >>>> >>>> 26 Post Offices about 5000 users >>>> >>>> Sounds simple enough or so I thought...I built a pilot site in VM and >>>> all >>>> was working well >>>> >>>> But I have run into many issues, the show stopper at the moment is I >>>> have >>>> created 26 storage pools and have another 14 to create but they fail >>>> with >>>> nds -606 errors and the virtual server for the pools don't get >>>> created...I >>>> hope to open a SR with Novell on this Monday. >>>> >>>> Anyway, my question is whether to continue down this path or try another >>>> tack ? >>>> >>>> How many folks are running a clustered SLES10 SP2 OES2 environment ? >>>> >>>> How many are running a clustered SLES11 HA environment ? >>>> >>>> My line manager would prefer I build the environment with Netware 6.5 >>>> ....but these are 8 core servers running 16Gb ram seems a waste of >>>> hardware >>>> resources >>>> >>>> I can't help feeling some of the issues I have are hardware related, HBA >>>> timing...this is what I will be concertrating on this weekend as I have >>>> resources that go comatose rather than migrate...when i offline nodes. >>>> >>>> Any ideas would be greatly appreciated >>>> >>>> Cheers >>>> Paul >>>> >>>> -- >>>> A perfection of means, and confusion of aims, seems to be our main >>>> problem. >>>> *Albert Einstein* >>>> _______________________________________________ >>>> Novell mailing list >>>> Novell at netlab1.oucs.ox.ac.uk >>>> http://netlab1.usu.edu/mailman/listinfo/novell >>>> >>>> >>> _______________________________________________ >>> Novell mailing list >>> Novell at netlab1.oucs.ox.ac.uk >>> http://netlab1.usu.edu/mailman/listinfo/novell >>> >>> >> >> >> -- >> Business and common sense have little to do with each other these days. >> >> (Misquoting 'A Midsummer Night's Dream') >> _______________________________________________ >> Novell mailing list >> Novell at netlab1.oucs.ox.ac.uk >> http://netlab1.usu.edu/mailman/listinfo/novell >> > > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > -- Business and common sense have little to do with each other these days. (Misquoting 'A Midsummer Night's Dream') From Steven.Tharp at davenport.edu Sat Aug 29 13:38:35 2009 From: Steven.Tharp at davenport.edu (Steven Tharp) Date: Sat, 29 Aug 2009 08:38:35 -0400 Subject: Cluster issues Message-ID: <4A98E90B020000400006353A@dugwia1.davenport.edu> The direction that novell has taken is that we need to make our lives as Groupwise admins easier and the best way to do that and a way to save money is to consolidate and reduce the number of PO and Domains we are using. THey used to tell us that that had many size limitations and we should say small but this is no longer true. This coudl easily be done in about 8 PO which woudl make your life much simpler. Steven Tharp >>> Paul Allen 08/28/09 11:28 PM >>> Hello Steven I think the concern was the time taken during maintenance and segmenting off users into their own PO to limit the impact to other users when things go pair shaped. cheers Paul 2009/8/29 Steven Tharp > Sounds like it was written by folks who understood GroupWise about 10 > years ago. Nothing special about PO that exceed 50GB. > > Steven Tharp > Davenport University > > >>> Paul Allen 08/28/09 10:20 PM >>> > Hello Alan > I am following the solution design doc put together by the system > architechs...its a design where a Post Offices has a maximum size of > 50Gb > and where a Faculty will have multiple Post Offices...due to storage > issues > not users.... > > This is due in part to no policies being put into place to limit user > mailbox sizes, the client is a large University and for Intellectual > Property reasons would like Faculties and research divisions in their > own > Post Office... > > cheers > paul > > 2009/8/29 Alan Downs > > > > > My first question is why you have 26 PO's when GW can handle many, > many > > users on each. I would lower my PO count, which would make the > migration > > much less complex. I haven't done a SLES cluster yet, so I can't speak > to > > that, just GW. > > Sent from my BlackBerry? wireless device from U.S. Cellular > > > > -----Original Message----- > > From: Paul Allen > > > > Date: Sat, 29 Aug 2009 11:45:33 > > To: > > Subject: Cluster issues > > > > > > Hello > > This is my first post to this list...I hope I have come to the right > place. > > > > I am currently working on a project to migrate Groupwise 7.0.3 from a > 8 way > > Netware Cluster to a 6 way SLES 10 SP2 OES2 SP1 cluster. > > > > 26 Post Offices about 5000 users > > > > Sounds simple enough or so I thought...I built a pilot site in VM and > all > > was working well > > > > But I have run into many issues, the show stopper at the moment is I > have > > created 26 storage pools and have another 14 to create but they fail > with > > nds -606 errors and the virtual server for the pools don't get > created...I > > hope to open a SR with Novell on this Monday. > > > > Anyway, my question is whether to continue down this path or try > another > > tack ? > > > > How many folks are running a clustered SLES10 SP2 OES2 environment ? > > > > How many are running a clustered SLES11 HA environment ? > > > > My line manager would prefer I build the environment with Netware 6.5 > > ....but these are 8 core servers running 16Gb ram seems a waste of > hardware > > resources > > > > I can't help feeling some of the issues I have are hardware related, > HBA > > timing...this is what I will be concertrating on this weekend as I > have > > resources that go comatose rather than migrate...when i offline nodes. > > > > Any ideas would be greatly appreciated > > > > Cheers > > Paul > > > > -- > > A perfection of means, and confusion of aims, seems to be our main > problem. > > *Albert Einstein* > > _______________________________________________ > > Novell mailing list > > Novell at netlab1.oucs.ox.ac.uk > > http://netlab1.usu.edu/mailman/listinfo/novell > > _______________________________________________ > > Novell mailing list > > Novell at netlab1.oucs.ox.ac.uk > > http://netlab1.usu.edu/mailman/listinfo/novell > > > > > > -- > _______________________________________________ > Novell mail> _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > -- Business and common sense have little to do with each other these days. (Misquoting 'A Midsummer Night's Dream') _______________________________________________ Novell mailing list Novell at netlab1.oucs.ox.ac.uk http://netlab1.usu.edu/mailman/listinfo/novell From wmhblair at comcast.net Mon Aug 31 06:48:37 2009 From: wmhblair at comcast.net (William H. Blair) Date: Mon, 31 Aug 2009 00:48:37 -0500 Subject: NetWare 5.1 INSTALL: Get past DNS setup step without DNS server? In-Reply-To: <20090303192234.bcoep846gw4wo04o@webmail.raad.tartu.ee> Message-ID: I'm installing a new NetWare 5.1 (yes, don't ask) server for an isolated test environment. It will use IP only, no IPX, but I don't think that's relevant to the problem I'm having. I get to the step where the window title is "Domain Name Service" and it wants me to specify a Host Name and a Domain and up to 3 Name Servers. The problem is that this server is inside a firewall, and there's no "internal" (or local) DNS server that's being used. All these client PCs have their IP addresses assigned via DHCP from the router, which simply relays all DNS lookups through to the ISP's DNS server IPs. None of these client PCs are visible on the internet and there are no web servers or anything else that would require any of them to have a DNS name visible either on the internet or internally via DNS; they're all behind the firewall/router. So my question is: what do I specify for host name and Domain, where there isn't one? I specified some presumably suitable, non-conflicting names for these, but INSTALL then apparently attempts to validate what I gave it to confirm that it will resolve to the hard-coded IP address I specified just before. I do not need, or want, to run DNS on this NetWare 5.1 server. Do I have to establish a DNS server that runs and is available inside the firewall simply to get past this INSTALL step? Will NetWare use the Host Name and Domain subsequently to look up the server's IP address using DNS? I don't need a DNS server for the clients, since I can update their HOSTS file to add the server name and its fixed IP addy. Anybody know any way to get past this INSTALL step without having a (local) DNS server? -- WB From Robrinsky at roillc.com Mon Aug 31 07:04:23 2009 From: Robrinsky at roillc.com (Robert Obrinsky) Date: Sun, 30 Aug 2009 23:04:23 -0700 Subject: NetWare 5.1 INSTALL: Get past DNS setup step without DNS server? In-Reply-To: References: <20090303192234.bcoep846gw4wo04o@webmail.raad.tartu.ee> Message-ID: <4A9B05770200006D0003D450@roi-03.roillc.com> William, My recollection is that NW5.1 tries to resolve the DNS name you give it, but when that fails, it allows you to continue. NW6.5 installations ask you whether you want to verify against DNS or not. A possible alternative is to hit until you get to the system screen and edit the sys:system\etc\hosts file. Then you can specify the name of the server and no DNS lookup will be done. Good luck. Robert W. Obrinsky President Robert Obrinsky Industries, LLC 1908 SE 45th Avenue Portland, OR 97215 503.719.4387 (Office) 203.273.7012 (Mobile) >>> "William H. Blair" 8/30/2009 10:48 PM >>> I'm installing a new NetWare 5.1 (yes, don't ask) server for an isolated test environment. It will use IP only, no IPX, but I don't think that's relevant to the problem I'm having. I get to the step where the window title is "Domain Name Service" and it wants me to specify a Host Name and a Domain and up to 3 Name Servers. The problem is that this server is inside a firewall, and there's no "internal" (or local) DNS server that's being used. All these client PCs have their IP addresses assigned via DHCP from the router, which simply relays all DNS lookups through to the ISP's DNS server IPs. None of these client PCs are visible on the internet and there are no web servers or anything else that would require any of them to have a DNS name visible either on the internet or internally via DNS; they're all behind the firewall/router. So my question is: what do I specify for host name and Domain, where there isn't one? I specified some presumably suitable, non-conflicting names for these, but INSTALL then apparently attempts to validate what I gave it to confirm that it will resolve to the hard-coded IP address I specified just before. I do not need, or want, to run DNS on this NetWare 5.1 server. Do I have to establish a DNS server that runs and is available inside the firewall simply to get past this INSTALL step? Will NetWare use the Host Name and Domain subsequently to look up the server's IP address using DNS? I don't need a DNS server for the clients, since I can update their HOSTS file to add the server name and its fixed IP addy. Anybody know any way to get past this INSTALL step without having a (local) DNS server? -- WB _______________________________________________ Novell mailing list Novell at netlab1.oucs.ox.ac.uk http://netlab1.usu.edu/mailman/listinfo/novell From James.Taylor at eastcobbgroup.com Mon Aug 31 12:45:10 2009 From: James.Taylor at eastcobbgroup.com (James Taylor) Date: Mon, 31 Aug 2009 07:45:10 -0400 Subject: NetWare 5.1 INSTALL: Get past DNS setup step without DNS server? In-Reply-To: References: <20090303192234.bcoep846gw4wo04o@webmail.raad.tartu.ee> Message-ID: <4A9B7F8602000075000585E4@inet.eastcobbgroup.com> If the router is relaying DNS, just point to the router. It won't resolve the host name for the server, but that won't keep the install from continuing. -jt James Taylor The East Cobb Group, Inc. 678-697-9420 james.taylor at eastcobbgroup.com http://www.eastcobbgroup.com >>> "William H. Blair" 8/31/2009 01:48 AM >>> I'm installing a new NetWare 5.1 (yes, don't ask) server for an isolated test environment. It will use IP only, no IPX, but I don't think that's relevant to the problem I'm having. I get to the step where the window title is "Domain Name Service" and it wants me to specify a Host Name and a Domain and up to 3 Name Servers. The problem is that this server is inside a firewall, and there's no "internal" (or local) DNS server that's being used. All these client PCs have their IP addresses assigned via DHCP from the router, which simply relays all DNS lookups through to the ISP's DNS server IPs. None of these client PCs are visible on the internet and there are no web servers or anything else that would require any of them to have a DNS name visible either on the internet or internally via DNS; they're all behind the firewall/router. So my question is: what do I specify for host name and Domain, where there isn't one? I specified some presumably suitable, non-conflicting names for these, but INSTALL then apparently attempts to validate what I gave it to confirm that it will resolve to the hard-coded IP address I specified just before. I do not need, or want, to run DNS on this NetWare 5.1 server. Do I have to establish a DNS server that runs and is available inside the firewall simply to get past this INSTALL step? Will NetWare use the Host Name and Domain subsequently to look up the server's IP address using DNS? I don't need a DNS server for the clients, since I can update their HOSTS file to add the server name and its fixed IP addy. Anybody know any way to get past this INSTALL step without having a (local) DNS server? -- WB _______________________________________________ Novell mailing list Novell at netlab1.oucs.ox.ac.uk http://netlab1.usu.edu/mailman/listinfo/novell From petervl at gmail.com Mon Aug 31 13:00:12 2009 From: petervl at gmail.com (Peter Van Lone) Date: Mon, 31 Aug 2009 07:00:12 -0500 Subject: password change web utility - CIFS only clients Message-ID: <68b791330908310500q3493bdf3p812ed16d7f414a52@mail.gmail.com> NW65 sp6 -- using CIFS with winxp desktops that have only the Windows (ie no Netware) client -- When these clients change password it changes for AD (of course) but does not (of course) sync to edir. Without having to install/configure password sync between AD and edir, is there a web (or other) utility that can be used by these clients to change the edir/CIFS password? ------------------------------------------------------------ "I like flaws and feel more comfortable around people who have them. I myself am made entirely of flaws, stitched together with good intentions." Augusten Burroughs http://www.the-brights.net http://xkcd.com/167 From Simon.Shilton at acustica.co.uk Mon Aug 31 13:41:32 2009 From: Simon.Shilton at acustica.co.uk (Simon Shilton) Date: Mon, 31 Aug 2009 13:41:32 +0100 Subject: password change web utility - CIFS only clients In-Reply-To: <68b791330908310500q3493bdf3p812ed16d7f414a52@mail.gmail.com> References: <68b791330908310500q3493bdf3p812ed16d7f414a52@mail.gmail.com> Message-ID: <4A9BD30C020000AB0001CB1B@dylan.trident.acustica.co.uk> off the top of my head: web services on NW server: eGuide Virtual Office other Novell solutions: Identity Manager / DirXML bundle edition is free for AD to eDir sync OES2sp1 Domain Services for Windows (make your eDir look like AD and setup cross-domain trust between eDir and AD) best of luck Simon >>> On 31 August 2009 at 13:00, in message <68b791330908310500q3493bdf3p812ed16d7f414a52 at mail.gmail.com>, Peter Van Lone wrote: NW65 sp6 -- using CIFS with winxp desktops that have only the Windows (ie no Netware) client -- When these clients change password it changes for AD (of course) but does not (of course) sync to edir. Without having to install/configure password sync between AD and edir, is there a web (or other) utility that can be used by these clients to change the edir/CIFS password? ------------------------------------------------------------ "I like flaws and feel more comfortable around people who have them. I myself am made entirely of flaws, stitched together with good intentions." Augusten Burroughs http://www.the-brights.net http://xkcd.com/167 _______________________________________________ Novell mailing list Novell at netlab1.oucs.ox.ac.uk http://netlab1.usu.edu/mailman/listinfo/novell -- This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com From petervl at gmail.com Mon Aug 31 13:50:04 2009 From: petervl at gmail.com (Peter Van Lone) Date: Mon, 31 Aug 2009 07:50:04 -0500 Subject: password change web utility - CIFS only clients In-Reply-To: <4A9BD30C020000AB0001CB1B@dylan.trident.acustica.co.uk> References: <68b791330908310500q3493bdf3p812ed16d7f414a52@mail.gmail.com> <4A9BD30C020000AB0001CB1B@dylan.trident.acustica.co.uk> Message-ID: <68b791330908310550v636fa211ue831cc564462c876@mail.gmail.com> virtual office had a password change utility? I guess eGuide, too -- yes. I don't remember when that product went away -- is it still available to install? I guess it was on the NW65 cd, huh? Thanx for the memory jog -- it may be worth looking into one or both of these -- is there any reason that you can think of that we could/shoul not install either of these products on a new server in the production tree, so that pure AD clients could use them just for password change? I know that the interface would be crowded with lots of other stuff that might not actually be configured, but ... would it work? Also -- I seem to remember that there was a third party web util, for changing passwords -- but I don't find it anywhere on cool solutions. I'll look again ... anyone else have a memory of this? P On Mon, Aug 31, 2009 at 7:41 AM, Simon Shilton wrote: > off the top of my head: > > web services on NW server: > eGuide > Virtual Office > > other Novell solutions: > Identity Manager / DirXML bundle edition is free for AD to eDir sync > OES2sp1 Domain Services for Windows (make your eDir look like AD and setup cross-domain trust between eDir and AD) > > best of luck > Simon > > >>>> On 31 August 2009 at 13:00, in message <68b791330908310500q3493bdf3p812ed16d7f414a52 at mail.gmail.com>, Peter Van Lone wrote: > > NW65 sp6 -- using CIFS with winxp desktops that have only the Windows > (ie no Netware) client -- > > When these clients change password it changes for AD (of course) but > does not (of course) sync to edir. > > Without having to install/configure password sync between AD and edir, > is there a web (or other) utility that can be used by these clients to > change the edir/CIFS password? > > > > > > ------------------------------------------------------------ > "I like flaws and feel more comfortable around people who have them. I > myself am made entirely of flaws, stitched together with good > intentions." Augusten Burroughs > > http://www.the-brights.net > http://xkcd.com/167 > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > > -- > This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > From Simon.Shilton at acustica.co.uk Mon Aug 31 14:17:53 2009 From: Simon.Shilton at acustica.co.uk (Simon Shilton) Date: Mon, 31 Aug 2009 14:17:53 +0100 Subject: password change web utility - CIFS only clients In-Reply-To: <68b791330908310550v636fa211ue831cc564462c876@mail.gmail.com> References: <68b791330908310500q3493bdf3p812ed16d7f414a52@mail.gmail.com> <4A9BD30C020000AB0001CB1B@dylan.trident.acustica.co.uk> <68b791330908310550v636fa211ue831cc564462c876@mail.gmail.com> Message-ID: <4A9BDB92020000AB0001CB2F@dylan.trident.acustica.co.uk> Peter afaik both eGuide and VO have been end-of-lifed by Novell, but you stated N6.5sp6, when "I think" both of them were still in the system and will work, not sure on their status in sp7 or sp8 later SPs may break them, probably need to review readme files, but in sp5 they both worked, and I seem to recall sp6 they both worked. On my SP7 server VO seems broken, but eGuide is fine, and offers a "Change Password" option under "Edit Information" there is also the universal password self-service portal, not sure if its status, but it used to work well for a web based password change facility, or there is Zen which can also sync eDir to AD best of luck Simon >>> On 31 August 2009 at 13:50, in message <68b791330908310550v636fa211ue831cc564462c876 at mail.gmail.com>, Peter Van Lone wrote: virtual office had a password change utility? I guess eGuide, too -- yes. I don't remember when that product went away -- is it still available to install? I guess it was on the NW65 cd, huh? Thanx for the memory jog -- it may be worth looking into one or both of these -- is there any reason that you can think of that we could/shoul not install either of these products on a new server in the production tree, so that pure AD clients could use them just for password change? I know that the interface would be crowded with lots of other stuff that might not actually be configured, but ... would it work? Also -- I seem to remember that there was a third party web util, for changing passwords -- but I don't find it anywhere on cool solutions. I'll look again ... anyone else have a memory of this? P On Mon, Aug 31, 2009 at 7:41 AM, Simon Shilton wrote: > off the top of my head: > > web services on NW server: > eGuide > Virtual Office > > other Novell solutions: > Identity Manager / DirXML bundle edition is free for AD to eDir sync > OES2sp1 Domain Services for Windows (make your eDir look like AD and setup cross-domain trust between eDir and AD) > > best of luck > Simon > > >>>> On 31 August 2009 at 13:00, in message <68b791330908310500q3493bdf3p812ed16d7f414a52 at mail.gmail.com>, Peter Van Lone wrote: > > NW65 sp6 -- using CIFS with winxp desktops that have only the Windows > (ie no Netware) client -- > > When these clients change password it changes for AD (of course) but > does not (of course) sync to edir. > > Without having to install/configure password sync between AD and edir, > is there a web (or other) utility that can be used by these clients to > change the edir/CIFS password? > > > > > > ------------------------------------------------------------ > "I like flaws and feel more comfortable around people who have them. I > myself am made entirely of flaws, stitched together with good > intentions." Augusten Burroughs > > http://www.the-brights.net > http://xkcd.com/167 > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > > -- > This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com > _______________________________________________ > Novell mailing list > Novell at netlab1.oucs.ox.ac.uk > http://netlab1.usu.edu/mailman/listinfo/novell > _______________________________________________ Novell mailing list Novell at netlab1.oucs.ox.ac.uk http://netlab1.usu.edu/mailman/listinfo/novell From petervl at gmail.com Mon Aug 31 14:31:29 2009 From: petervl at gmail.com (Peter Van Lone) Date: Mon, 31 Aug 2009 08:31:29 -0500 Subject: password change web utility - CIFS only clients In-Reply-To: <4A9BDB92020000AB0001CB2F@dylan.trident.acustica.co.uk> References: <68b791330908310500q3493bdf3p812ed16d7f414a52@mail.gmail.com> <4A9BD30C020000AB0001CB1B@dylan.trident.acustica.co.uk> <68b791330908310550v636fa211ue831cc564462c876@mail.gmail.com> <4A9BDB92020000AB0001CB2F@dylan.trident.acustica.co.uk> Message-ID: <68b791330908310631x1f1ceecdxe584ae433c893b76@mail.gmail.com> On Mon, Aug 31, 2009 at 8:17 AM, Simon Shilton wrote: > Peter > > afaik both eGuide and VO have been end-of-lifed by Novell, but you stated N6.5sp6, when "I think" both of them were still in the system and will work, not sure on their status in sp7 or sp8 > > later SPs may break them, probably need to review readme files, but in sp5 they both worked, and I seem to recall sp6 they both worked. On my SP7 server VO seems broken, but eGuide is fine, and offers a "Change Password" option under "Edit Information" good to know -- I'll have to poke around to find what versions worked, and when they were broken/removed. I hope the various SP readmes are explicit about that info ... > > there is also the universal password self-service portal, not sure if its status, but it used to work well for a web based password change facility, or there is Zen which can also sync eDir to AD see -- I just don't remember -- was that this: http://www.novell.com/coolsolutions/tools/14073.html ? Trying to keep straight all the various portal and product versions -- what worked when and whether it is supported or even installable -- UGH thnx for the memory jogs/assistance! From Simon.Shilton at acustica.co.uk Mon Aug 31 15:12:42 2009 From: Simon.Shilton at acustica.co.uk (Simon Shilton) Date: Mon, 31 Aug 2009 15:12:42 +0100 Subject: password change web utility - CIFS only clients In-Reply-To: <68b791330908310631x1f1ceecdxe584ae433c893b76@mail.gmail.com> References: <68b791330908310500q3493bdf3p812ed16d7f414a52@mail.gmail.com> <4A9BD30C020000AB0001CB1B@dylan.trident.acustica.co.uk> <68b791330908310550v636fa211ue831cc564462c876@mail.gmail.com> <4A9BDB92020000AB0001CB2F@dylan.trident.acustica.co.uk> <68b791330908310631x1f1ceecdxe584ae433c893b76@mail.gmail.com> Message-ID: <4A9BE86A020000AB0001CB36@dylan.trident.acustica.co.uk> Peter nope, I haven't seen that one before ! Universal Password Self Service came with DirXML v1 and 2 I think, may no longer work.... not sure you have two choices, afaics, if you want AD to eDir sync, so users change AD password and CIFS automatically catches up, either DSFW, Identity Manager or Zen, otherwise if users change AD password, then must change eDir password to match I would probably go for eGuide install on a NW server At present we have NW6.5sp7 with Zen 7 and AD on Windows 2k3 servers, with a cheat using the SBA on NW to sync eDir to GW passwords Simon >>> On 31 August 2009 at 14:31, in message <68b791330908310631x1f1ceecdxe584ae433c893b76 at mail.gmail.com>, Peter Van Lone wrote: On Mon, Aug 31, 2009 at 8:17 AM, Simon Shilton wrote: > Peter > > afaik both eGuide and VO have been end-of-lifed by Novell, but you stated N6.5sp6, when "I think" both of them were still in the system and will work, not sure on their status in sp7 or sp8 > > later SPs may break them, probably need to review readme files, but in sp5 they both worked, and I seem to recall sp6 they both worked. On my SP7 server VO seems broken, but eGuide is fine, and offers a "Change Password" option under "Edit Information" good to know -- I'll have to poke around to find what versions worked, and when they were broken/removed. I hope the various SP readmes are explicit about that info ... > > there is also the universal password self-service portal, not sure if its status, but it used to work well for a web based password change facility, or there is Zen which can also sync eDir to AD see -- I just don't remember -- was that this: http://www.novell.com/coolsolutions/tools/14073.html ? Trying to keep straight all the various portal and product versions -- what worked when and whether it is supported or even installable -- UGH thnx for the memory jogs/assistance! _______________________________________________ Novell mailing list Novell at netlab1.oucs.ox.ac.uk http://netlab1.usu.edu/mailman/listinfo/novell From bbrush at gmail.com Mon Aug 31 17:19:27 2009 From: bbrush at gmail.com (Bill Brush) Date: Mon, 31 Aug 2009 11:19:27 -0500 Subject: password change web utility - CIFS only clients In-Reply-To: <4A9BE86A020000AB0001CB36@dylan.trident.acustica.co.uk> References: <68b791330908310500q3493bdf3p812ed16d7f414a52@mail.gmail.com> <4A9BD30C020000AB0001CB1B@dylan.trident.acustica.co.uk> <68b791330908310550v636fa211ue831cc564462c876@mail.gmail.com> <4A9BDB92020000AB0001CB2F@dylan.trident.acustica.co.uk> <68b791330908310631x1f1ceecdxe584ae433c893b76@mail.gmail.com> <4A9BE86A020000AB0001CB36@dylan.trident.acustica.co.uk> Message-ID: <167f4090908310919v5358aa94i2fdce20c5c44cf66@mail.gmail.com> FWIW, I would set up IDM to sync them, or Domain services. Everything happens in the background and there's only one place to change your password. The IDM AD driver is pretty robust and setting it up can be done in an afternoon. Bill From wmhblair at comcast.net Mon Aug 31 18:59:59 2009 From: wmhblair at comcast.net (William H. Blair) Date: Mon, 31 Aug 2009 12:59:59 -0500 Subject: NetWare 5.1 INSTALL: Get past DNS setup step without DNS server? In-Reply-To: <4A9B7F8602000075000585E4@inet.eastcobbgroup.com> Message-ID: James Taylor suggested: > If the router is relaying DNS, just point to the router. > It won't resolve the host name for the server, but that > won't keep the install from continuing. Actually, it does. If I enter _anything_, it has to make INSTALL happy, else it won't let me get past that panel. But, alas, quite accidentally (too eager to sit a cup of very hot coffee down on the counter beside the keyboard, which hit that Enter key right at the bottom right edge) I have discovered the answer: when one gets to that panel just don't type anything at all (at all, not even space) in any of the fields, and then click Next. INSTALL then complains and warns, but then moves right on. Anything else (as I have been doing), and it absolutely insists that one provide something the DNS server (that it does have access to) can resolve. It's been 8 years since I regularly installed NetWare 5.1, but I never tried to do anything like this before (that I remember, but my memory is not what it once was, I am now old enough to admit). Thanks for the suggestions. This is a great group, and has saved my bacon more than once. -- WB