Setting up and configuring Novell Open Enterprise Server for the first time is a different experience from configuring Windows Server 2003. If you're a Windows administrator working with Linux, you need a guide to help you figure it out. Scott Lowe shows you how it works.
In the previous article in this series, you learned about the base installation for Novell's Open Enterprise Server (SP2). Due to space, that article ended after the base installation was complete, but before you server was fully configured. In this article, I will walk through the initial configuration of your Open Enterprise Server system and provide you with some configuration tips along the way.
Configuring Novell Open Enterprise Server
Your first order of configuration business is to provide a password for the root user account. Bear in mind that this is the almighty account on your new system, so try to use something other than 'password'! By default, your password will be encrypted with DES, but you can use MD5 or Blowfish by clicking the Expert Options button and choosing a different method. Figure A shows you the password screen while Figure B provides you with a look at the password encryption options screen.
|Provide a strong root password to protect your system from attacks.|
|You can change the password encryption type to something else if you like.|
Each of these encryption options is better than the once preceding it. DES is the weakest algorithm, but it often used even on newer servers in order to maintain compatibility between older and newer systems. For maximum security, the general consensus is to use Blowfish encryption when possible. I have changed my password encryption method to MD5 in order to allow for passwords longer than eight characters in length.
The SuSE configuration next asks that you provide details about your system's network connectivity and to provide information regarding remote management capability. On this step, you can configure any type of network connection, from an Ethernet adapter to an ISDN modem and can also configure proxy services for your server. The two items you do not see listed below in Figure C are "Proxy" and "VNC Remote Administration".
|There are a number of options on the Network Configuration screen.|
For my example server, I'm going to configure its network interfaces and also set up VNC for remote administration. For the network interfaces configuration, click that heading on the screen shown in Figure C. A screen similar to the one shown below in Figure D appears, listing each of the network adapters in your system. To configure a particular network adapter, select it and then click the Configure button.
|All of your network adapters will be listed in this window.|
The main network adapter configuration screen, Figure E, asks the questions that you would expect, such as how you want to handle TCP/IP addressing--manually or automatically. At the bottom of this window are buttons that provide access to other options such as the host name and DNS servers as well as the default gateway. After you provide your server with an address, click the "Host name and name server" button.
|Give your server an appropriate address and subnet mask.|
On the "Host name and name server configuration" screen, seen in Figure F, provide a name for your system and a domain name, if applicable. Since my system resides on my home lab network, I haven't provided a domain name. On this screen, also provide DNS server address that your system can use for access to other resources. Click the OK button when you're done to return to the "Network address setup window". Once back on that screen, click the Routing button.
|Provide a host name, domain name and DNS server addresses.|
Figure G shows the last network configuration step where you specify a default gateway for your system. You can also give your system a more complete routing table if you like. When you're done, click OK and, back on the "Network address setup" screen, click Next followed by Finish on the network adapter configuration window.
|The last tidbit of networking information is a default gateway.|
I also promised that I would configure VNC so that I can more easily remotely access and administer this server later on. Again, you don't see this option on the Network Configuration window unless you scroll all the way to the bottom. Select the VNC Remote Administration option and, on the Remote Administration configuration screen, Figure H, choose "Allow Remote Administration" and click the Finish button. When you get back to the Network Configuration window, click the Next button to save your network configuration and continue on with your system's configuration.
|Remote administration isn't exactly hard to configure!|
In order to perform the next step of the configuration--Online Update--your server has to be able to connect to the world. Choose "Yes, Test Connection to the Internet" to test this connectivity. Figure I shows you this screen, while Figure J shows the success of this test in my lab.
|In order to download updates, your system has to be socialized.|
|The test was successful.|
The next question pops up in a small window, but is important for the security of your system and asks you if you want to download and install updates using YaST Online Update. If you have the time, answer Yes to this question so you can make sure that all of the latest security updates have been applied to your system.
|Always download and install the latest updates for your system.|
If you choose to download updates, YaST will ask you to provide a location from which to download patches and user name/password combination with which to access the files. You'll do that on the screen shown in Figure L. You are prompted for a user name and password after you choose and installation source and click Next. I'm not going to go through an actual update for this article.
|Choose an installation source.|
The Service configuration screen in the YaST configuration tool gives you a place to control how (or whether) a default certificate authority and certificate will be created for your new system. You also get to decide whether or not your OpenLDAP server will start up as a part of your initial system configuration. I'm going with the defaults here, which are to create a CA and certificate and to not start OpenLDAP. When you choose to continue to the next step in the configuration YaST will create your CA and certificate. You'll see that in Figure M.
|How do you want to handle these two services?|
The next step in your system's configuration is the OES setup, which you can perform now, or wait until after the system is completely installed. In the interest of completeness, I will configure my server now. This configuration consists of configuring eDirectory and other formerly NetWare services. I will not show every single configuration screen on this step as they are too many and some are not necessary.
The items that are available for me to configure here are:
- Health Monitoring
- Linux User Management
- Novell Samba
- iFolder 3.x (see note below)
- iFolder Web Access
- Novell QuickFinder
- NetWare Core Protocol (NCP) Server
- Storage Management Services (SMS)
The first OES configuration step is deciding how you want to install eDirectory--into a new tree, or into an existing tree. Since I have no eDirectory implementation on my home network, I'll install a new tree named "example", as you can see in Figure N. After you give the configurator this information, it might take a little time to continue since the installer looks around your network for other installations.
|I'm installing eDirectory into a new tree.|
The most important step in eDirectory is providing your tree with an administrative user name and password, on the screen shown in Figure O. I've named my new administrator account admin (as usual) and placed it in the root of the tree.
|Make sure that you provide the user name and password using fully distinguished naming syntax.|
Next up, Figure P, YaST asks you about the location into which you want to place your new Open Enterprise Server. I've opted to take the default location (o=example) and also use the default ports for the various related services, such as LDAP.
|In most multi-server environments, you wouldn't want your server in the root.|
I'm not showing the next screen on which you can configure a time source. Bear in mind, though, that a consistent time source is required when you're using an enterprise directory so that directory updates can be properly propagated.
eDirectory now configures itself and starts using the settings you specified. This commencement process can take a bit of time.
After the eDirectory installation completes and the service starts, the remaining Novell OES services are put up on the screen for your review. This screen displays the default configuration for each service and, with one exception, each one can be used as-is. The exception: Novell iFolder. Scroll down the list and find and click the iFolder 3.x option, as seen in Figure Q.
|Choose the iFolder 3.x option to configure this service.|
The iFolder service relies heavily on your eDirectory/LDAP infrastructure and, therefore, needs to know where to find those services. See Figure R.
|iFolder needs to know a little about your LDAP server configuration.|
Your iFolder system name can be different from your Linux server name. On the next screen of the iFolder configuration wizard, Figure S, also give your system a reasonable description.
|Give your iFolder server a name and description.|
The iFolder administrator is separate from your eDirectory administrator and, thus, needs an account in eDirectory. You'll do that on the screen shown in Figure T. Further, you can decide whether a user's iFolder login will be his or her eDirectory user name or email address. When you click the Next button on this screen, you're returned to the OES installation settings window.
|The iFolder administrator account is separate from the eDirectory administrator account.|
I'm not going to go over the remaining OES services. Any that I need for examples later in the series, I will configure on as as-needed basis. For now, the defaults are adequate. Click Next on the Installation Settings window to proceed with the configuration of these services as defined. Note that saving this configuration information can take a very, very long time, particularly when YaST configures the iManager plug-ins. Just be patient (unlike me) and the configuration tool will eventually finish its job.
After what seems an eternity, YaST displays a screen chock full of release notes, which I am not going to show here. Click Next on this screen to move on to the final step in your system installation--device configuration.
The Hardware Configuration screen for my system gives me options to configure three devices: my display adapter, printer and sound card. This is the screen shown in Figure U. As for my printer, I'll be covering connecting to printers in my next article, so I'll skip that for now, and my virtual machine does not have sound capability, so I will also skip that. However, I will configure my graphics card before I complete the installation. Click on the "Graphics card" option to load the SaX2 X11 configuration tool (Figure V).
|Hardware configuration is the last step of your initial system configuration.|
|The main SaX2 screen.|
The first step is to tell SaX2 what kind of monitor you have so it can determine capabilities. Click the Monitors option on the main screen and, on the resulting "Currently configured monitors" screen (Figure W), click the Properties button. On the Monitor-Model tab, find your monitor and model and click OK. Click the Finish button on the "Currently configured monitors" screen. If your monitor isn't shown, pick the closest one. My monitor, a Dell 2405FPW, is not on the list of available monitors, but a 2000FP is pretty close.
|Choose your monitor's make and model.|
Back on the main SaX2 screen, click the plus sign next to the Desktop option and double-click "Color and Resolution" from the resulting menu. By default, SaX2 only gives you an 800x600 screen, but you can change that by, on the resulting "Currently configured desktop" screen, clicking the Properties button and, on the Resolutions tab, changing the resolutions that are available. Select the highest resolution your graphics adapter and monitor will support, as seen in Figure X. Click OK and then Finish when you are done.
|Choose the highest resolution you can support.|
When you're done adjusting your monitor and resolution preferences, click the Finalize button. SaX2 will then suggest that you test your new settings to make sure they work. When you're done, you're returned to the Hardware Configuration screen. Click Next to save your hardware settings.
And you're done! Click Finish.
Your server will reboot and come up using the configurations that you specified throughout the YaST process. After going through a normal Linux startup, the next screen you will see is the system log-in screen, shown in Figure Z.
|Type in your username and password.|
Set and ready to go
The Novell Open Enterprise Server initial configuration is a little more involved than the configuration for some other Linux distributions. This is due in no small part to the fact that Open Enterprise Server includes high-end features, such as iFolder and eDirectory, that all need to be configured to work in your environment.