With 2011 fully upon us, let's take a look at what the industry should expect in the year ahead. The past year was as full of business and technical innovations as any in memory, and there's no reason to expect less from 2011. Here are five predictions about Linux, cloud and appliances to help you prepare your organization for 2011.

Read the full blog post at http://www.novell.com/prblogs/?p=3454 .

written by Peter van der Walt for www.netcb.com

Web Interface for eDirectoryTimeSync Checks and attempted Repairs for Linux Servers.

How the application works

1. It runs ndsrepair -T to get a eDirectory TimeSync report in /timesync.log
2. The PHP interface starts by using Grep to identify Linux servers in the timesync.log that's out of sync
3. The PHP interface generates a Table of the servers out of sync, and in sync
4. These are displayed on two tabbed pages using a JavaScript
5. For cosmetic reasons a clock is generated using JavaScript
6. All actions are posted to PHP or Bash scripts (i.e. Generate TimeSync report, Restart NDS and Fix Time). The results of Generate and Restart refreshes the page and diplays the results in the header as the information in timesync.log can be changed by running these commands. The Fix is run without refreshing the page, instead results are displayed in a status bar at the bottom of the screen. This is because even though time is/is not fixed, you first need to run a Generate new TimeSync report to get this information validated. Not refreshing saves time: as soon as the result is updated in the status bar, you can immediately click Fix for the next server. As soon as you have gone through the list, you can validate the results by Generating a new TimeSync Report
7. Fixing NTP only works if NTP is properly configured, but for instance the drift is too big therefore NTP is not adjusting the time, or for some other reason - manually setting the time then restarting ntpd is required - this fixes NTP issues 95% of the time on Linux

Requirements:
1. This web interface was only tested on Firefox
2. Server requirements:
2.1 Server must be in the Tree.
2.2 This server's time must be in sync with the time sources used on all the other servers
2.3 NTP must be properly configured prior to using this tool. i.e. a proper ntp.conf, ntpd running, etc
2.4 Server must have Apache2 and PHP5. To install: 'zypper in apache2 php5 apache2-mod_php5'
2.5 Paths are for Novell SuSE Linux Enterprise 10 SP3 with OES2 SP2a - if you need to modify, modify references in index.php, timesync.php and the script files in /usr/scripts.
2.6 Install the 'expect'shell: zypper in expect - this is required for the Automated fixing of time. It is not part of a Default OES install

How to Install:

1. Edit /etc/sudoers as reflected in the sample sudoers file in the /etc folder on the installation

   The purpose of this step is to allow the Apache daemon to execute the scripts in /usr/scripts as well as ndsrepair (to generate Timesync report) and the cat, touch, ls commands. These bash executables are called from the PHP code

2. Copy the /usr/scripts into the filesystem. Make sure that wwwrun:www has permissions to access and execute the files

   These are the bash scripts called by the PHP program - to execute certain core parts of the Time Synchronisation interface.

3. Copy the /srv/www/htdocs/ntp into the filesystem. Make sure that wwwrun:www has permissions as above

   This is the php, javascript, css stylesheets, images and Password CSV files used by the Web interface.

   NB: See next note about password CSV file.

4. Using the sample passwd.csv file, construct a list of server names (NCP server names as will be reported in NDSRepair) and their respective root passwords. These passwords will be used when fixing NTP bu using SSH to the server to execute a date -s command with the correct date of the server the Web Interface is running from, then restarting the xntpd daemon. It follows these up, by running ntptime to confirm of NTP is now working properly.

   The format of this CSV must be servername|password, not separated with Commas, instead seperated by a "|".

   You could also leave this blank, as the interface allows you to insert a password manually. When I developed this, I added the password lookup as this particular scenario had several password and I was not planning on memorising which password goes with which server.

Please note that this is the first public release. There may still be a bug or two.

In an effort to increase Novell product training opportunities, Novell, GroupLink, GWAVA, BrainStorm, Messaging Architects and other Novell Partners are proud to bring you an exciting new series of webinars. These monthly webinars highlight successes using Novell and Novell partner products.

To make it easier to access these webinars, each one has been recorded and archived. To view any of the recordings follow the links below (sorted by product):

GroupWise
"GroupWise 8.3" - Charles Gonzales, Novell TS http://grouplink.net/event/75

"The Future of Novell Collaboration, including GroupWise Ascot" - Charles Gonzales Novell TSS http://grouplink.net/event/9

“Mobile Device Management for GroupWise” Paul dePond, Notify http://www.grouplink.net/event/61

"Advantages of Upgrading/Migrating to GroupWise 8“ - Travis Grandpre/Dean Lythgoe, GroupWise Team http://grouplink.net/event/10

"GroupWise 8 - Migration Tips and Tricks” Tim Leerhoff, TIES (Minnesota education technology collaborative) http://grouplink.net/event/11

“What is New in GroupWise 8” presented by Derek Adams from BrainStorm, Inc. your Novell training partner http://grouplink.net/event/12

“What is New in GroupWise 8 part 2” presented by Derek Adams from BrainStorm, Inc.
http://grouplink.net/event/13

“What is New in GroupWise 8 part 3” presented by Derek Adams from BrainStorm, Inc.
http://grouplink.net/event/14

“Training tips for your organization + GroupWise 8 Training” presented by Derek Adams from BrainStorm, Inc. http://grouplink.net/event/15

"GroupWise Mobility Training" Paul DePond, President, Notify
http://grouplink.net/event/16

"A Simple Guide to Single Message Recovery" GWAVA Retain, Willem Bachgus
http://grouplink.net/event/17

“Making sure your GroupWise Server Never Goes Down” GWAVA Reload http://grouplink.net/event/18

""Email Archiving - Reduce the size and cost of your email archiving" GWAVA Retain http://grouplink.net/event/19

“GroupWise Storage Optimization and Compliance” Ranjit Sarai, Product Manager M+Archive, Messaging Architects http://grouplink.net/event/20

"CRM Success Story with Adventist Risk Management, GroupWise integrated CRM, ContactWise" Charles Mendoza, Adventist Risk
http://grouplink.net/event/21

OES
"The Latest in OES2" - Glenn Davis, Novell TS http://grouplink.net/event/72

"Migrating from Netware to OES2" Mike Faris, First Data
http://grouplink.net/event/22

"Migrating from Netware to OES2, part 2" Mike Faris, First Data
http://grouplink.net/event/23

"Tips and best practices for using OES2" Mike Faris, First Data
http://grouplink.net/event/24

“OES Overview for K12” Jason Williams, Product Manager OES
http://grouplink.net/event/25

ZENworks
"ZAV" - Pat Nurre, Novell ZENworks TS http://grouplink.net/event/74

"ZENworks Application Virtualization" - Christina Chamberlain, Novell Technical Specialist - ZENworks http://grouplink.net/event/26

"Latest Release Features - ZCM 10.2" - Pete Green, Novell Technical Specialist - ZENworks
http://grouplink.net/event/27

“Managing your Assets with Zen 10” Dave Carter Novell Technical Specialist http://grouplink.net/event/28

“Managing your Assets with Zen 10 Part 2” Dave Carter Novell Technical Specialist http://grouplink.net/event/29

"Overview of ZENworks 10 and the everything HelpDesk ZENWorks 10 integration" Dave Carter, Novell Technical Specialist and Casey Trujillo GroupLink
http://grouplink.net/event/30

“Tips for ZENworks 7 to ZCM Migration” Thom Kerby, EOS Systems
http://grouplink.net/event/31

“Migrating from ZENworks 7 to ZENworks 10” – Norm O’Neal, Integrity Solutions http://grouplink.net/event/32

"The ZENworks 10 integrated HelpDesk" Gus Hytonen, GroupLink http://grouplink.net/event/33

"The Novell Integrated HelpDesk, featuring ZENworks 10 and GroupWise 8 Integration”
– Mike Nielson, Product Manager, everything HelpDesk
http://grouplink.net/event/34

Vibe
"Novell Vibe OnPrem" Tracy Smith, Novell Product Manager
http://grouplink.net/event/67

"Novell Vibe Cloud" Karyn Victory, Novell TS
http://grouplink.net/event/69

Teaming and Conferencing
"Next Generation Collaboration with Teaming" Tracy Smith, Product Manager, Novell Teaming http://grouplink.net/event/35

"Teaming 2 and Conferencing" Travis Grandpre, Product Marketing Manager, Novell
http://grouplink.net/event/36

"Using Teaming + Conferencing in the education process for k12" Tim Leerhoff from TIES (a K12 conglomerate in Minnesota)
http://grouplink.net/event/37

“Using Teaming + Conferencing in K12” – Phil Karren, Collaboration Product Manager http://grouplink.net/event/38

“Teaming + Conferencing” Tracy Smith, Product Manager, Novell Teaming http://grouplink.net/event/39

Pulse
"Novell Pulse" Karen Victory, Novell
http://grouplink.net/event/40

"Latest Release Features - Novell Pulse" Karen Victory, Novell
http://grouplink.net/event/41

eDirectory
"eDirectory Overview" - Kamal Nayaran, Product Specialist
http://grouplink.net/event/42

SLES
"SLES 11 Latest Release Overview" Don Vosburg, Novell TSS http://grouplink.net/event/43

"SLED 11 Latest Release Features" Gary Ekker, Desktop OEM Senior Product Manager
http://grouplink.net/event/44

Secure Login
"Novell Secure Login" Thom Kerby, EOS Systems
http://grouplink.net/event/45

"Novell Secure Login part 2" Thom Kerby, EOS Systems
http://grouplink.net/event/46

“Password Synchronization and Universal Password” – Mike Weaver, Concensus Consulting http://grouplink.net/event/47

Misc
"Backup and Disaster Recovery Solutions" - Lanai Bayne & James Delmonico, SEP http://grouplink.net/event/76

"10 Things IT is Doing to Enable Cybercrime" Tom Fitzgerald, Kaspersky/EOS
http://grouplink.net/event/68

"GWAVA 5" Gerald Lamarre, GWAVA
http://grouplink.net/event/60

"Free or Nearly Free Tools for Network Admins" Tim Leerhoff, TIES http://www.grouplink.net/event/62

"An Introduction to ITIL® and IT Service Management"– Jim Bolton, Founder of Propoint Solutions, Inc http://grouplink.net/event/48

"Identity Manager Driver for Google Applications" Don Dare, Concensus Consulting http://grouplink.net/event/49

"Help desk best practices" Casey Trujillo, GroupLink
http://grouplink.net/event/50

“K-12 Novell Technology Success including; collaboration, security, mobility and service desk” Greg Long, Frankfort Community Schools http://grouplink.net/event/51

"Novell and things that make you go hmm" Tim Leerhoff from TIES (a K12 conglomerate in Minnesota)
http://grouplink.net/event/52

"GWAVA 4.5" Taylor Cochrane, GWAVA
http://grouplink.net/event/53

"Document Management with DocXchanger" Doug Ouztz, Condrey Corporation
http://grouplink.net/event/54

These webinars are brought to you by everything HelpDesk, the Novell Integrated HelpDesk solution. To learn more about this product and to receive a free 30 day download trial visit: http://www.grouplink.net/products/ehd.html

SLP Snoop shows SLP services and attributes by scope and service type.

This is a reimplementation of the old Novell Consulting "SLPSNOOP"
utility (http://www.novell.com/communities/node/782/slpsnoo...) which doesn't work on Windows Vista and above or Linux.

This is a script designed to allow some of the command line operations used on an SMT server become more user-friendly and automated.

Some of the options, such as submitting and viewing jobs will not be available on SMT 1.0, which runs on SLES10 SP2/3/4.

If there is anything you would like to add/fix/enhance, please drop me an email or leave a note here. Thanks!

download url:http://www.kvy.com.ua/products/rtmnemesis/
home page url:http://www.kvy.com.ua

RTMNemesis program scans the most current log file of SuperLumin Nemesis proxy and creates the following statistics in real time:

• User IP addresses.
• Last URLs of web sites visited by users and the history cache of these URLs for each user. You can set any quantity of URLs in this cache.
• Last access time to these sites
• Total users loading from the start of the program
• Current users loading for the last parsing of the program
• Type of HTTP packets passing via the proxy
• Hierarchy codes of these packets
• Program's start time
• Seconds left until the next log reading
• Average HTTP loading of the proxy for 5 min, 1 hr and 20 hrs

You also can:

• Sort information in the columns
• Connect to selected web sites to see where your users were
• Look through the history cache of these web sites for several cycles of the program
• Define the DNS name (or workstation name) of the user workstation, if the HTTP proxy authentication is turned off
• See users, who tried to get access to forbidden websites (403 HTTP code). In this case the program shows these users by yellow background in the main window and gives the signal to the PC speaker
• Set a time period when the program will not parse the access log
• Create HTML reports for the main and the History modes
• Create reports for all websites that your users are visiting at the moment. The program forms two kinds of reports: the report of websites and the report of visitors of these sites
• Get IP information using Whois service (Useful for identifying IP addresses accessing reverse proxy)

Full information about the program: http://www.kvy.com.ua.

In this article I will show an example integration of Openvpn + eDir.

After performance of the actions described in this article:

1. For connection to VPN, users will enter the login and password they use to login to the network of the enterprise.
2. All users who were connected on VPN, will have identical access rights inside the network (the general list of IP addresses, ports, protocols)
   (In another article, I will describe how to make it so each user VPN has access rights in a network. And how to control from C1 and iManager)
3. To specify the users that have rights to be connected on VPN. It is possible from C1 or iManager.

Restrictions:

1. VPN users should enter their login ONLY in lowercase letters. ( if there are uppercase letters in the login - access will be denied )
2. In the directory, eDir names of users should be unique.
   (For example:
   user1.office1.df
   user1.office2.df
   )

I assume that you are able to:

• Install the openvpn-server and configure it for operation in a mode WITHOUT KEYS of USERS and With EXTERNAL AUTHENTICATION.
• Create simple rules in iptables.

So:

This is your server SLES11SP1:

ISP------[eth1](SERVER)[eth0]----LOCALLAN
eth0 = 172.17.17.10
eth1 = Piblic IP
tun0 - this is will be Virtual Interface ( 10.0.2.0/24 )
DNS=172.17.17.254
DNS=172.17.17.151

1. All your VPN-users(10.0.2.0/24) should have the full access to these 2 hosts: 172.17.17.200 and 172.17.17.201.
2. Create the file: /etc/openvpn/ldap/iptsave
   

   # Generated by iptables-save v1.3.5 on Thu Jan 26 13:46:24 2012
   *filter
   :INPUT ACCEPT [493:38960]
   :FORWARD DROP [0:0]
   :OUTPUT ACCEPT [296:81728]
   -A INPUT -i tun0 -p tcp -m tcp --dport 22:1024 -j DROP
   -A FORWARD -s 172.17.17.0/24 -j ACCEPT
   -A FORWARD -i tun0 -d 172.17.17.0/24 -j ACCEPT
   COMMIT
   # Completed on Thu Jan 26 13:46:24 2012
   

3. Create the file: /etc/openvpn/ldap/scrptup.sh
   

   #!/bin/bash
   # Executed after TCP/UDP socket bind and TUN/TAP open
   #
   /usr/sbin/iptables-restore < /etc/openvpn/ldap/iptsave
   

   and chmod to 100755 for this file

4. server.conf /etc/openvpn/server.conf

   (for example)

   port 1197
   proto udp
   
   dev tun
   
   ca /etc/openvpn/easy-rsa/keys/ca.crt
   cert /etc/openvpn/easy-rsa/keys/nod1firma.ua.crt
   key /etc/openvpn/easy-rsa/keys/nod1firma.ua.key # This file should be kept secret
   dh /etc/openvpn/easy-rsa/keys/dh1024.pem
   
   server 10.0.2.0 255.255.255.0
   
   ifconfig-pool-persist ipp.txt
   keepalive 10 120
   comp-lzo
   persist-key
   persist-tun
   status /var/log/openvpn/openvpn-status.log
   log-append /var/log/openvpn/openvpn.log
   verb 3
   tls-server
   tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
   tls-timeout 120
   auth MD5
   cipher BF-CBC
   keepalive 10 120
   comp-lzo
   max-clients 100
   # ! ! ! start
   # This is script will be used for Authentication in to the LDAP
   auth-user-pass-verify /etc/openvpn/ldap/ldapauth.pl via-file
   
   tmp-dir /tmp
   # ! ! ! end
   client-cert-not-required
   script-security 3 system
   username-as-common-name
   
   # ! ! ! start
   # This is script will be run after /etc/init.d/openvpn start
   up /etc/openvpn/ldap/scrptup.sh
   # ! ! ! end
   tun-mtu 1500
   fragment 576
   mssfix
   
   # After connection to openvpn at station of the user this record in a routing table will be added
   push "route 172.17.17.0 255.255.255.0"
   # After connection to openvpn at station of the user this records in the DNS table will be inserted
   push "dhcp-option DNS 172.17.17.254"
   push "dhcp-option DNS 172.17.17.151"

5. Download, unpack, and copy the file here: /etc/openvpn/ldap/ldapauth.pl

   and chmod to 100755 for this file.

6. Create in your eDir group:

   Example: cn=openvpngrp.ou=vpnou.ou=firmaua.o=uaa

7. Modify strings in the /etc/openvpn/ldap/ldapauth.pl

   my $ldap_server = "A.B.C.D";

   A.B.C.D - ip address of your server with LDAP(eDir). This is the server with Master or R/W replyc. Allow anonymous access for check users name.

   my $base_dn_user = "o=uaa"
   my $base_dn_group = "o=uaa"
   my $allow_group = "openvpngrp"

8. Create the dir: /var/log/openvpn
9. Check - in your SLES11SP1 exist perl ?
10. If it does not exist, add the following perl modules:
    

    Net::LDAP
    Net::LDAPS

    You can install the modules from YaST or as shown below:

    # cpan
    cpan> install Net::LDAP
    ....
    cpan> install Net::LDAPS
    ....
    cpan>quit
    #
    

All!

By: Victor Gehring, CNE, CCDA, ITIL, VTSP
Updated: 5/24/2012

For those IT shops wanting to enjoy the advantages of Novell clustering in their VMware environments, this article pulls together information from various sources, along with personal experience, for what is intended be a complete configuration guide in terms of the platform discussed. The target audience is assumed to have a working knowledge of SLES/OES, SAN's and VMware.

This article will likely apply to you if you are running SLES10.x/OES2; vSphere4; fiber channel or iSCSI SAN's and desire a CAB (cluster across boxes) architecture in a production environment. SLES11/OES 11 clustering should also work the same using this architecture, but the examples used herein will be based on SLES10/OES2. Using VMware to create a CIB (Cluster In a Box) also works, but isn't generally recommended for high-availability applications.

There are some things you need to consider before heading down this path to determine if this solution will work for your needs. Currently, VMware allows you to create two types of storage disks, VMware Virtual Disks and RDM (Raw Device Mapped) disks. This article requires BOTH disk types to create a stable solution. As such, be aware that VMware has a 2TB less 512k limit on disk sizes in vSphere 4x. Also understand that VMware only allows one virtual machine to host an RDM disk per physical vSphere host. While both disks will be configured for sharing, the traditional VMware Virtual Disk will only be needed to store the RDM configuration file(s), and therefore does not require a large disk. The RDM disk is intended to be used for general data storage. The SLES VM's can either be running in the VMware virtual disk or if you are using physical or blade servers, on the local disk storage, but typically not in the RDM storage area.

Finally, allow me to apologize in advance for redacting the screenshots to mask the identity of the systems. This was the most expeditious way of providing illustrations without compromising client information.

Click to view.

Figure 1. Topology

1. LUN Configuration:

This article assumes that you or your SAN administrator will configure the two dedicated LUNs for presentation to your vSphere hosts. This LUN configuration is typically performed using the SAN manufacturer's disk array management software. Recall from above that one LUN will be used for a VMware Virtual Disk and the other for the RDM disk. From the host's Configuration tab, navigate to the storage adapters to verify and/or rescan for the new LUNs and make note of which LUN is provisioned for which disk type.

2. VMware Virtual Disk Configuration:

Click to view.

Figure 2. Node 2 shared VMDK on LUN 1

Make sure SCSI bus sharing for SCSI Controller 1 is set to physical. Again, this disk is simply setup just like any typical SAN disk resource that provides shared access to VM's.

3. VMware RDM Disk Configuration:

Click to view.

Figure 3. Node 1 RDM disk on LUN 2.

When configuring this disk, it is critical to make sure you add a new dedicated SCSI bus to the VM's configuration. To function properly, the SCSI bus hosting the RDM disk should not be hosting any other disks. Also be sure to note the SCSI bus address of the added hard drive (ex. 2:1). When completing the disk add wizard, be sure to "Save Configuration" to the SHARED virtual disk created in #2 (do NOT store with VM) by using the browse function. Don't worry about setting up a folder ahead of time to store the RDM map file in the shared virtual disk since VMware will create its own – all you need to do is browse to the root of the disk.

4. NSSMU Configuration:

Click to view.

Figure 4. NSSMU showing LUN 2 data partition enabled for sharing.

Click to view.

Figure 5. NSSMU showing sdc partition detail.

Depending on the state of your OES2 cluster configuration, your SBD partition may or may not have been created. If you have already installed the cluster option from the OES2 installation and were not able to get the SBD setup, one way to complete that is to use the sbdutil command line utility. Please refer to the Novell documentation and/or command line help for usage instructions. As shown in Figure 5, it is important to understand that the SBD partition is contained within the RDM disk on LUN 2.

5. Create Master Cluster Node:

If you have already installed the clustering feature on the master node via the OES2 installation process, you may need to reconfigure it following the SAN and VMware disk configuration effort. If the OES2 installer does not allow reconfiguration of the clustering feature stating that it is already configured, you will likely need to run yast ncs and select Yes to reconfigure NCS. Again, please refer to the Novell documentation for assistance with completing the NCS wizard setup questions. Upon successful configuration of the master node, you should be able to run iManager and view the cluster status where both the master node and the master IP resource objects should be viewable, online and ready for user access.

6. Create 2nd Cluster Node:

Click to view.

Figure 6. Node 2 RDM disk added.

This step assumes you have already installed the 2nd SLES Node and now need to join it to Node 1 to complete the cluster. So the next step is to add the RDM hard disk to Node 2. When doing so, make sure to add a dedicated SCSI bus having the SAME addressing as in the RDM disk created in step #3. (Ex. 2:0) Then use the Add hard drive using the Existing disk option.

Browse to the shared virtual disk from step #3 and locate the RDM map file. Make sure to assign the hard drive the same SCSI address from step #3 (Ex. 2:1)

Execute the OES2 Install and Configuration, add or reconfigure NCS, and select the "add node to an existing cluster" option. While going thru the wizard should be rather straightforward, please refer to the Novell cluster installation documentation for assistance with this configuration if necessary. When completed, you should then be able to go into iManager and see the 2nd Node has now joined the cluster. You should also be able to use iManager to fail-over and fail-back the nodes seamlessly. There are also command line utilities you can use to as well. Enter cluster –help at a prompt to view available choices.

So before turning your users loose to access this new resource, please heed these cautionary caveats. Please be sure to keep your SLES/OES servers patching current via Novell's auto-updater and service pack application processes. Just as important, be sure to deploy the most current Novell Client relative to the platform your shop is running. Particularly in this environment, it is still one of the best ways to avoid trouble.

Why Choose This Topology?

You may be wondering why this LUN arrangement is used. Given VMware's 2TB limit, why wouldn't you simply use one shared virtual disk? While you can successfully configure this, I have found in practice that particularly with larger disks (<400GB) that it will not be stable. Users will lose connectivity to drives mapped to the SAN disk resource. It may only happen occasionally, but it will be enough to drive you nuts. So what about just one RDM disk? This won't work because after the 1st/master node grabs the LUN to create the RDM, it will no longer be accessible by other nodes since you cannot store the RDM mapping file within the RDM disk. This is why a 2nd LUN needs to be created and setup as a VMware shared virtual disk for RDM map file storage, so that all cluster nodes can access the mapping file. Additionally, wrapping your arms around this method will likely be useful in the event you are tasked with installing a Windows server cluster, as I have seen other blogs and articles that discuss this same approach. One of the main differences is that the Windows terminology refers to the two LUN's as a "quorum" and "data" LUN, where the quorum LUN is made available to all cluster nodes to control ownership and access of the cluster data. Finally, it's also nice to know (at least when this article was written – April 2012) that Novell allows you to create a two-node SLES cluster without incurring any extra license fees.

Your comments on this article are invited: victor.gehring@pcn-inc.com

So, you decided to migrate DHCP and DNS from NetWare 6.x OES 2 to SLES 11 OES 11 and things, especially DDNS are not working. First things first, DDNS can not work after migration because DDNS works differently on SLES/Linux and OES 11 than it does on NetWare. You also may be having odd issues with DNS resolving things properly too, especially those DDNS addresses that were migrated.

I am going to suggest that you just throw it away and start from scratch! I know, you really don't have the time to start over with it, right? Yeah, that's what I thought and I ended up wasting about two days chasing error messages and not having good results finding answers. I would either find resources (Novell KB articles, forum post, docs) that were too old and/or for NetWare or nothing at all. I am going to show you in this HOW-TO that you can re-create a simple DHCP and DNS setup with DDNS working in very little time, much less time then I spent chasing error messages anyway. Time involved for a simple network topology: ~30 minutes!

Let's get started!

1. Make sure you're using the latest version of the Novell DNS/DHCP Management Console or at least the version you can download from your fully patched OES 11 server.
2. Backup your DNS Zones and DHCP service by using the DNS/DHCP Management Console's Export option. Note: For DNS you need to have the Zone selected to export it and for DHCP you must have the Service selected.
3. Backup eDirectory on your SLES 11 OES 11 server.
   
   1. Open a terminal or SSH into your server
   2. Create a directory for your backups and cd into that directory.
      example: mkdir /root/edir
   3. Type: ndsbackup cf backupname
      example: ndsbackup cf 2012-8-23
   4. Enter your NDS admin name with context
      example: admin.digitalairlines
   5. Enter your admin password and hit "enter"
   6. Congratulations you have backed up eDir on SLES! :D
4. In the DNS/DHCP Management Console go through and delete ALL of your DNS and DHCP stuff! Then close the management console.
5. In ConsoleOne or iManager delete, EXCEPT for DNS AG stuff!, any lingering DNS and DHCP stuff including DNS_servername, DHCP_servername, DHCPGroup, dhcpLocator, DNS Records, IN-ADDR.ARPA records, DNS-DHCP, DNSDHCP-GROUP, RootServerInfo, and TSIG keys you may have created, and any other stuff that mentions DNS or DHCP.
6. Stop DNS and DHCP on the server
   
   1. rcnovell-named stop
   2. rcnovell-dhcpd stop
7. DHCP - Installation/configuration
   
   1. Get to your server console and start X or SSH in from a workstation with X installed (Linux, OSX) and start yast2. (example: ssh -Yl root servername or ssh -Xl root servername ( that is a lowercase "L" in there))
   2. In YaST2 Control Center select "Open Enterprise Server" in the left hand menu to bring that section into view then select "OES Install and Configure"
   3. You don't need to change anything in the Software Selection screen, just hit "Accept"
   4. Scroll until you see "Novell DHCP Services" and change "Reconfigure is disabled" by clicking on the "disabled" link. Wait a moment and then click on the "Novell DHCP Services" heading to configure it.
   5. You will need to enter your admin password then you can fill out the screen in front of you. I suggest you take most of the defaults it gives you though I decided to add ou=dhcp,o=myorg for the "Common DHCP Configuration Object Contexts" and you may wish to as well as the TSIG key file could cause issues if you just dump everything into o=myorg. For the "LDAP method" choose "Dynamic" and for "Referrals" choose "Do not chase referral". Then click "Next".
   6. Choose your eDir server address, I suggest choosing the address of the server you are installing DHCP on. Select the checkbox for "Use secure channel for configuration". In the "LDAP User Name with Context" box leave it as the pre-filled OESCommonProxy_servername,o=myorg or add appropriate credentials. "LDAP port for DHCP server" should be set to 636, and you should select the checkbox for "Use secure channel for DHCP server". Under the "Certificates" section I selected "Never" and left the rest blank. Then click ‘Next".
   7. Select your network interface from the box, there will probably only be one to select so it makes the decision easy! If you have more then one you will have to choose which one(s) you want. Then click "Next" to finish the configuration and return to the "Novell Open Enterprise Server Configuration" page.
   8. Click "Next" to write the configuration and then click "Finish" to close the OES configuration.
8. DHCP - Setup in the DNS/DHCP Management Console
   
   1. Open the DNS/DHCP Management Console and click on the "DHCP (OES Linux)" tab, we now need to create a service so click on "Our Network" then click the create button (the little 3D box) and select "Service" and then click OK. In the "Create Service"dialog box enter the name you want to give the service, I used "DHCP_SERVICE", and select the context, I put it in the context I used during the DHCP server configuration ou=dhcp,o=myorg, and select the Default DHCP Server, there should only be one to choose from, then click "Create".
   2. Select the service you created and click on the "Configured Options" tab. Click on "Modify …" to add the options you need and set them accordingly. (examples: Time Offset, Router, Time Server, Domain Name Server, TFTP Server Name (set this to your ZCM pre-boot server DNS name), Boot File Name (set this to "nvlnbp.sys" for ZCM pre-boot services)) Then click the save button (looks like an arrow going into a floppy disk).
   3. OPTIONAL (Fixes PXE DHCP address hogging) Select the service you just created and then click the create button again and create a "Class" and name it "PXE" and click "Create". Select the PXE class you just created and in the "Conditional Expression:" box type "match if option dhcp-client-identifier = null" without the quotes. Then click the save button (looks like an arrow going into a floppy disk).
   4. Select the service you created and click on the create button, then choose "TSIG Key" and click OK. Enter a name for the key, I used "DNS-DHCP_KEY" but you can use anything you want as long as its not longer than 16 characters, then type in a secret in which the number of characters is divisible by 4 (example: "secret12secret24" 16 characters is divisible by 4) and then click on "Create". Note: You need to create a second key later in the DNS setting with the same name and secret as this one so take that into account!
   5. Select the service you created and click on the create icon, then choose "Zone" and click OK. (Yes, we are creating the Zones before the subnets or pools and even before the DNS, this is to save time later and will work fine as long as you set up the Zones in DNS with the same names.) Enter your primary DNS Zone name, this is the myorg bit and the DNS server IP address then click "Create". Now click back on the Zone you just created and in the "TSIG Key:" dropdown select your key.
   6. Select the service you created and click on the create button, then choose "Zone" and click OK. Enter your primary DNS IN-ADDR.ARPA Zone name, in my case this is the 20.172.IN-ADDR.ARPA bit and the DNS server IP address then click "Create". Now click back on the Zone you just created and in the "TSIG Key:" dropdown select your key.
   7. Select the service you created and click on the create button, then choose "Subnet" and click OK. Enter your subnet information. (example for a 172.20 class 16 subnet use: Subnet Address: 172.20.0.0, Subnet Mask 255.255.0.0) Then click "Create".
   8. Select the subnet you just created and set the "DNS Zone for Dynamic Update:" to your primary DNS Zone that you created, this is the myorg zone, and click the save button.
   9. Select the subnet you created and click the create button, then choose "Pool" and click OK. Enter a pool name, I chose "MAIN_POOL", and set the "Start Address:" and "End Address:" to suit your needs then click "Create".
   10. Select the pool you just created and then click on the "General" tab if it isn't already displayed. In the "Range Type:" dropdown choose "Bootp&DHCP" and in the "DNS Update Option:" dropdown choose "Always Update". Then click save.
   11. OPTIONAL (Fixes PXE DHCP address hogging) Select the pool you just created and then click on the "General" tab if it isn't already displayed. You will see "PXE" listed under the "Available DHCP Class(es):" list, select "PXE" and then under "Denied DHCP Class(es):" click "Add >>" then click save.
   12. OPTIONAL (Fixes PXE DHCP address hogging) Select the subnet you created and then click the create button and choose "Pool", enter "PXE_POOL" for the name and set a range of addresses that it can use for PXE booting then click "Create". Select the "PXE_POOL" and on the General tab under the "Range Type:" dropdown select "DHCP", then select "PXE" under "Available DHCP Class(es):" and under "Allowed DHCP Class(es):" click the "Add >>" button. Now click on the "Settings" tab and click the "Modify …" button then select "max-lease-time" from the list and set it to "0, 0, 30, 30" and then click OK. You should now have an entry under your settings tab that says "max-lease-time" with a value of "1800". Click the save button.
   13. Go to your terminal window or SSH session and start the DHCP service using the "rcnovell-dhcpd start" command. After it starts go back to the DNS/DHCP Management Console and Click on the "DHCP_servername" icon on the bottom of the "DHCP (OES Linux)" tab screen. In the "DHCP Server:" section click "Add …" and add the IP Address of the DHCP Server then click the save button. Now click on the "Settings" tab and add the following settings by clicking the "Modify …" button and choosing them one at a time and setting them as shown below:

       	Setting				Value
       	authoritative			True
       	ddns-domainname		"myorg"
       	ddns-rev-domainname	"20.172.IN-ADDR.ARPA"
       	ddns-update-style		interim
       	omapi-port			7911
       	update-optimization		True
       	client-updates			deny
       	omapi-key			TSIG_KeyName  (This was DNS-DHCH_KEY in my example)

       Then click OK and then click the Save button.

   14. Go to your terminal window or SSH session and restart the DHCP service using the "rcnovell-dhcpd restart" command. Our DHCP setup is done! :D
9. DNS - Installation/configuration
   
   1. Get to your server console and start X or SSH in from a workstation with X installed (Linux, OSX) and start yast2. (example: ssh -Yl root servername or ssh -Xl root servername ( that is a lowercase "L" in there))
   2. In YaST2 Control Center select "Open Enterprise Server" in the left hand menu to bring that section into view then select "OES Install and Configure"
   3. You don't need to change anything in the Software Selection screen, just hit "Accept"
   4. Scroll until you see "Novell DNS Services" and change "Reconfigure is disabled" by clicking on the "disabled" link. Wait a moment and then click on the "Novell DNS Services" heading to configure it.
   5. You will need to enter your admin password then you can fill out the screen in front of you. I suggest you take the defaults it gives you though make sure you select your DNS/DHCP servers IP Address for the "Directory server address" dropdown. This will help keep things running if you the other server isn't available at some point. Also make sure there is the checkbox for "Use Secure LDAP Port" is selected then click "Next".
   6. In the "Proxy User for DNS Management" box leave it as the pre-filled OESCommonProxy_servername,o=myorg or add appropriate credentials. Under the "Credential Storage Location:" section choose "CASA". Then click ‘Next".
   7. In the "Common DNS Configuration Object and User Contexts" section I decided to use ou=dns,o=myorg for all three fields and you may wish to as well as the TSIG key file could cause issues if you just dump everything into o=myorg. Then click "Next"
   8. Make sure you select the checkbox for "Create DNS Server Object" and add your server's DNS name (hostname only, not servername.myorg) to the "Host Name" box and enter your domain name "myorg" into the "Domain Name for DNS Server" box. Then click "Next" to finish the configuration and return to the "Novell Open Enterprise Server Configuration" page.
   9. Click "Next" to write the configuration and then click "Finish" to close the OES configuration.
10. DNS - Setup in the DNS/DHCP Management Console
    
    1. Open the DNS/DHCP Management Console and click on the "DNS" tab, then select "All Zones". You will notice that there is already a "RootServerInfo" zone listed. Its important that you leave that alone. Now click on the create button, select "Zone" from the list and click OK. In the dialog box make sure "Create New Zone" is selected at the top and then enter the "NDS Context:" where you would like to create it (this is the ou=dns,o=myorg bit), Then enter the name of your Primary DNS Zone (this is the "myorg" bit) in the "Zone Domain Name:" box. Make sure that "Zone Type:" is set to "Primary" and "Assign Authoritative DNS Server:" is set to "DNS_servername" then click "Create"
    2. Select "All Zones" again and click create, select "Zone" and click OK. Select the option for "Create IN-ADDR ARPA". Enter the same "NDS Context" as you did for your forward zone, myorg, and then set the network address to be the same as your subnet was for the DHCP settings. In my case this was "172.20" with the last two boxes empty, you should see the "Zone Domain Name:" box automatically populating as you type and for my setup it read "20.172.IN-ADDR.ARPA". Its important to note that this must be the same exact name as the Zone you created for the DHCP service! Make sure that "Zone Type:" is set to "Primary" and "Assign Authoritative DNS Server:" is set to "DNS_servername" then click "Create"
    3. Select "All Zones" again and click create, select "DNS Key" and click OK. Enter the same EXACT "Key Name:" and "Secret:" as you used for the DHCP TSIG key you created in step "8:d". Go back to the DHCP tab and copy and paste them if you must! Enter the "NDS Context:" that you used "9:g" (ou=dns,o=myorg) and click "Create".
    4. Select your Primary DNS Zone (myorg) and click on the "Key List" tab, select your DNS Key in the "Available DNS Keys" box and click "Add >>" to add it to the "Selected DNS Keys" box. Then click the save button! Now click on the "Control Lists" tab and select the option for "Allow Update Option" and click "Add …", then select the "Key Options" option and click OK. Now click the save button again! Repeat these instructions for your IN-ADDR.ARPA zone, remember to save after each step!
    5. Go to your terminal window or SSH session and start the DNS service using the "rcnovell-named start" command. After it starts go back to the DNS/DHCP Management Console and Click on the "DNS_servername" icon on the bottom of the "DNS" tab screen. Check to make sure that your servers FQDN (servername.myorg) is listed in the "DNS Server Domain Name:" section, if it isn't type it in and click save. Now click on the "Key List" tab, select your DNS Key in the "Available DNS Keys" box and click "Add >>" to add it to the "Selected DNS Keys" box. Then click the save button!
    6. Go to your terminal window or SSH session and restart the DNS service using the "rcnovell-named restart" command.
    7. Return to the DNS/DHCP Management Console and click on the "DNS" tab. Select your Primary DNS Zone (myorg) and click the create button. Select "Resource Record" and click OK. Now start adding back all of your static DNS records, don't worry about anything that uses DHCP for addressing as it will now update the DNS server using DDNS! This is the place for things with static IP Addresses like servers, printers, network equipment, or anything else that has both a static IP Address and for which you need DNS resolution. After you're done entering all of your DNS records it is probably wise to restart the DNS service again using the "rcnovell-named restart" command. Our DNS setup is now done! :D
11. Notes
    
    1. I didn't go over setting up "Hosts" in the DHCP subnet. Its easy and well documented and outside of the purpose of this document. You should be able to figure it out easily enough if you need to do it.
    2. DNS/DHCP Management Console may need to be restarted after certain steps for it to "see" the changes. This seems to be a bug, but maybe its just my setup. If it starts acting up on you just try to close it and restart it and see if that fixes your issues.
    3. Note to Novell: Some more thorough documentation would be nice on this stuff!
    4. After you have done everything in this you may want to back up your DNS, DHCP, and eDir configurations again!
    5. DISCLAIMER: These instructions aren't for everybody. They were written for someone who has a good amount of experience managing Novell servers, if this isn't you then please "Don't try this at home" or at least not on production servers! There is a good chance that following these instructions could make your problems worse or GET YOU FIRED, they could even MAKE YOUR SERVER EXPLODE!!! Ok, well maybe not the last one but the point is that this document is provided without any warranty or guarantee and I am not liable in anyway for any damage following these instructions might cause!
    6. Good luck!

Written by:

Justin Paulsen
IT Admin, Novell TTP Member
Frederic School District
1437 Clam Falls Drive
Frederic, WI 54837
USA
paulsenj@frederic.k12.wi.us
petaris@gmail.com

Description

Table of Contents
• Update Instructions
• Installation Instructions
• Using Supportconfig
• Reporting Bugs
• Novell Support Advisor

The updateSupportutils command compares the current versions of supportutils and its plugins to those installed on your server. Those that are outdated or missing are automatically downloaded and installed. Only those plugins that apply to your server are installed. The command supports creating a weekly or monthly cron entry to automatically check and update the supportutils package and its plugins. Click here to see a list of the current supportutils and plugin packages. The updateSupportutils command help screen follows:

################################################################
# Supportutils Auto Update Client
################################################################

Usage: updateSupportutils [OPTION]

Description
  Makes sure the supportutils and supportutils plugin packages are
  installed and current.

Options
  -m  Install a monthly cron for updateSupportutils
  -w  Install a weekly cron for updateSupportutils
  -d  Delete all installed cron entries for updateSupportutils
  -l  List all cron entries for updateSupportutils
  -u  Force RPM update on applicable packages
  -p  Exclude supportutils plugin packages
  -v  Verbose mode
  -h  This screen

Note: Detailed system information and logs are collected and organized in a manner that helps reduce service request resolution times. Private system information can be disclosed when using this tool. If this is a concern, please prune private data from the log files. Several startup options are available to exclude more sensitive information. Refer to the supportconfig(8) man page to see these options.

Update Instructions

Run updateSupportutils as root.

If you do not already have the supportutils-plugin-updater package installed, refer to the Installation Instructions below. If your server does not have network connectivity to http://download.opensuse.org, then install using the Option B (Manual) method.

Installation Instructions

Option A (Automated)

1. Download the supportutils-plugin-updater
2. Login as root
3. Install the updater package
   # rpm -Uvh supportutils-plugin-updater-*.noarch.rpm
4. Run updateSupportutils as root
   # updateSupportutils

Option B (Manual)

1. Download the supportutils and any applicable supportutils plugin packages for your server. Click here for the SLES10 repository.
2. Login as root
3. Install the supportutils-X.XX-XX.XX.noarch.rpm
   # rpm -Uvh supportutils-X.XX-XX.XX.noarch.rpm
4. Install the supportutils-plugin-*-X.X-X.X.norarch.rpm packages you want
   # rpm -Uvh supportutils-plugin-*-X.X-X.X.norarch.rpm

Using Supportconfig

To upload a supportconfig to Novell, run supportconfig -ur $srnum; where $srnum is your 11 digit service request number. You can also just run supportconfig for local use. By default, supportconfig saves its information in /var/log/nts_hostname_date_time.tbz.

Consider using the Novell Support Advisor to perform an initial analysis of your servers. It will generate an HTML report that links you to Technical Information Documents that directly relate to any server issues identified.

Reporting Bugs

Updates to Supportconfig Version 2.25-350:

• Updated supportconfig.conf(5) with OPTION_SSSD and OPTION_BTRFS
• Added btrfs with OPTION_BTRFS for fs-btrfs.txt
• Added sssd with OPTION_SSSD for sssd.txt
• Put lpstat on a timer
• Fixed CONFIG_DNS_LDAP_USER_CONTEXT error
• Fixed apparmor DENIED messages
• Added IP connectivity tests
• Fixed SLED detection in summary.xml
• Added privacy disclaimer to title and supportconfig.txt
• Fixed products tag in summary.xml

Updates to Supportconfig Version 2.25-338:

• Added VAR_OPTION_HBREPORT_DIRS to supportconfig.conf(5)
• Added hb_reports to ha.txt
• Fixed SLES10 kernel detection in analyzevmcore
• Added kernel and debuginfo kernel details to analyzevmcore(8)
• Added exectuable check on user specified binary in getappcore