Provide a strong root password to protect your system from attacks
This gallery is also available as a TechRepublic article.
In the previous article in this series, you learned about the base installation for Novell's Open Enterprise Server (SP2). Due to space, that article ended after the base installation was complete, but before you server was fully configured. In this article, I will walk through the initial configuration of your Open Enterprise Server system and provide you with some configuration tips along the way.
Configuring Novell Open Enterprise Server
Your first order of configuration business is to provide a password for the root user account. Bear in mind that this is the almighty account on your new system, so try to use something other than 'password'! By default, your password will be encrypted with DES, but you can use MD5 or Blowfish by clicking the Expert Options button and choosing a different method. Above shows you the password screen.
You can change the password encryption type to something else if you like
Here's a look at the password encryption options screen.
There are a number of options on the Network Configuration screen
Each of these encryption options is better than the once preceding it. DES is the weakest algorithm, but it often used even on newer servers in order to maintain compatibility between older and newer systems. For maximum security, the general consensus is to use Blowfish encryption when possible. I have changed my password encryption method to MD5 in order to allow for passwords longer than eight characters in length.
The SuSE configuration next asks that you provide details about your system's network connectivity and to provide information regarding remote management capability. On this step, you can configure any type of network connection, from an Ethernet adapter to an ISDN modem and can also configure proxy services for your server. The two items you do not see listed above are "Proxy" and "VNC Remote Administration".
All of your network adapters will be listed in this window
For my example server, I'm going to configure its network interfaces and also set up VNC for remote administration. For the network interfaces configuration, click that heading on the screen shown in the last screenshot. A screen similar to the one shown above appears, listing each of the network adapters in your system. To configure a particular network adapter, select it and then click the Configure button.
Give your server an appropriate address and subnet mask
The main network adapter configuration screen, Above, asks the questions that you would expect, such as how you want to handle TCP/IP addressing--manually or automatically. At the bottom of this window are buttons that provide access to other options such as the host name and DNS servers as well as the default gateway. After you provide your server with an address, click the "Host name and name server" button.
Provide a host name, domain name and DNS server addresses
On the "Host name and name server configuration" screen, seen in above, provide a name for your system and a domain name, if applicable. Since my system resides on my home lab network, I haven't provided a domain name. On this screen, also provide DNS server address that your system can use for access to other resources. Click the OK button when you're done to return to the "Network address setup window". Once back on that screen, click the Routing button.
The last tidbit of networking information is a default gateway
Here is the last network configuration step where you specify a default gateway for your system. You can also give your system a more complete routing table if you like. When you're done, click OK and, back on the "Network address setup" screen, click Next followed by Finish on the network adapter configuration window.
Remote administration isn't exactly hard to configure!
I also promised that I would configure VNC so that I can more easily remotely access and administer this server later on. Again, you don't see this option on the Network Configuration window unless you scroll all the way to the bottom. Select the VNC Remote Administration option and, on the Remote Administration configuration screen, above, choose "Allow Remote Administration" and click the Finish button. When you get back to the Network Configuration window, click the Next button to save your network configuration and continue on with your system's configuration.
In order to download updates, your system has to be socialized
In order to perform the next step of the configuration--Online Update--your server has to be able to connect to the world. Choose "Yes, Test Connection to the Internet" to test this connectivity. Above shows you this screen.
The test was successful
Above shows the success of this test in my lab.
Always download and install the latest updates for your system
The next question pops up in a small window, but is important for the security of your system and asks you if you want to download and install updates using YaST Online Update. If you have the time, answer Yes to this question so you can make sure that all of the latest security updates have been applied to your system.
Choose an installation source
If you choose to download updates, YaST will ask you to provide a location from which to download patches and user name/password combination with which to access the files. You'll do that on the screen shown above. You are prompted for a user name and password after you choose and installation source and click Next. I'm not going to go through an actual update for this article.
How do you want to handle these two services?
The Service configuration screen in the YaST configuration tool gives you a place to control how (or whether) a default certificate authority and certificate will be created for your new system. You also get to decide whether or not your OpenLDAP server will start up as a part of your initial system configuration. I'm going with the defaults here, which are to create a CA and certificate and to not start OpenLDAP. When you choose to continue to the next step in the configuration YaST will create your CA and certificate. You'll see that above.
I'm installing eDirectory into a new tree
The next step in your system's configuration is the OES setup, which you can perform now, or wait until after the system is completely installed. In the interest of completeness, I will configure my server now. This configuration consists of configuring eDirectory and other formerly NetWare services. I will not show every single configuration screen on this step as they are too many and some are not necessary.
The items that are available for me to configure here are:
Linux User Management
iFolder 3.x (see note below)
iFolder Web Access
NetWare Core Protocol (NCP) Server
Storage Management Services (SMS)
The first OES configuration step is deciding how you want to install eDirectory--into a new tree, or into an existing tree. Since I have no eDirectory implementation on my home network, I'll install a new tree named "example", as you can see in Figure N. After you give the configurator this information, it might take a little time to continue since the installer looks around your network for other installations.
Make sure that you provide the user name and password using fully distinguished naming syntax
The most important step in eDirectory is providing your tree with an administrative user name and password, on the screen shown above. I've named my new administrator account admin (as usual) and placed it in the root of the tree.
In most multi-server environments, you wouldn't want your server in the root
Next up, YaST asks you about the location into which you want to place your new Open Enterprise Server. I've opted to take the default location (o=example) and also use the default ports for the various related services, such as LDAP.
Choose the iFolder 3.x option to configure this service
I'm not showing the next screen on which you can configure a time source. Bear in mind, though, that a consistent time source is required when you're using an enterprise directory so that directory updates can be properly propagated.
eDirectory now configures itself and starts using the settings you specified. This commencement process can take a bit of time.
After the eDirectory installation completes and the service starts, the remaining Novell OES services are put up on the screen for your review. This screen displays the default configuration for each service and, with one exception, each one can be used as-is. The exception: Novell iFolder. Scroll down the list and find and click the iFolder 3.x option, as seen above.
iFolder needs to know a little about your LDAP server configuration
The iFolder service relies heavily on your eDirectory/LDAP infrastructure and, therefore, needs to know where to find those services.
Give your iFolder server a name and description
Your iFolder system name can be different from your Linux server name. On the next screen of the iFolder configuration wizard, Above, also give your system a reasonable description.
The iFolder administrator account is separate from the eDirectory administrator account
The iFolder administrator is separate from your eDirectory administrator and, thus, needs an account in eDirectory. You'll do that on the screen shown above. Further, you can decide whether a user's iFolder login will be his or her eDirectory user name or email address. When you click the Next button on this screen, you're returned to the OES installation settings window.