NetWare 5.1 Advanced Administration

Chapter 1: Installing NetWare 5.1 and NLS, and Determining Which Management Tools to Use

 

Objectives:

This chapter discusses installing NetWare 5.1, installing Novell License Service (NLS), and which of several management tools to use for several tasks. The objectives important to this chapter are on page 1-1:

  1. Install NetWare 5.1
  2. Describe NLS
  3. Install NLS
  4. Perform License Management Tasks
  5. Determine Which Network Administration Tools to Use
 Concepts:
Installing NetWare 5.1

On page 1-2, there is a list of the minimum hardware requirements for a NetWare 5.1 server.

  • The computer that will be a server must be an IBM-style machine. Its processor must be a Pentium, or better (speed is not specified here)
  • a VGA monitor and video adapter are required
  • at least 128 MB of RAM (more is better)
  • a 50 MB, bootable DOS partition, with 35 MB free
  • room for a 750 MB NetWare partition (More is always better: 1.3 GB are needed to install all standard products.)
  • a network board and cables to match
  • a CD drive capable of reading ISO 9660 disks

The chapter then presents you with an exercise in which you wipe the hard drive of a PC and build a server from scratch. In order to do this you will need the CDs that come with your text book and some additional software.

A Novell server must have at least one hard drive, and that hard drive must have two partitions (logical divisions) on it: one for DOS and one for NetWare. As noted above, the DOS partition should be at least 50 Megabytes (MB) in size. You can wipe the hard drive and create a new DOS partition if you have a bootable floppy disk with DOS on it, and if that disk contains some standard DOS programs: format.exe, sys.com, and fdisk.exe. In order to continue to install NetWare, you will also need DOS compatible CD-ROM drivers for your CD drive.

If you have a bootable floppy, as described above, boot the PC with it. You will be taken to an A: prompt. All DOS commands in this exercise are to be typed at an A: prompt. At that prompt, type the command: 

  fdisk

This command takes no parameters, since it only works on hard drives, and its first function is to present you with a menu of choices of what to do with that hard drive.

Your book advises you to begin by creating a DOS partition. I have found it more reliable to first remove all existing partitions from the hard drive. I recommend that you do so, then proceed as Novell recommends. Note that their procedure calls for you to create a primary DOS partition, and to specify the size of it (50 MB.) You are then advised to make the partition active. Novell does not explain why you do it this way. You need a primary DOS partition for the server to boot from. Experienced DOS users will know that the partition will not be bootable unless made active. Very experienced DOS users will know that the partition will automatically become active if you allow DOS to take all available space. DO NOT do this! On small hard drives, it is necessary to specify that DOS is limited to 50 MB or so, in order to leave enough room for NetWare when it is installed. (If the hard drive is 4 GB or larger in size, you may get away with the automatic trick, but it is not advised.)

After using the fdisk program, you have created a DOS partition and given it a letter in the BIOS of your computer. The hard drive is not yet bootable. You will need to boot from the floppy disk again, then use the format command, like this: 

  format c: /s /u

You should be careful with this command. Format will happily erase your floppy if you do not include the c: pointer to your hard drive. Also, you should be careful to include the two softswitches. /s means to install the startup files for DOS after the format is completed. Although it is not required, I find it expedient to include /u, which means "perform an unconditional format". This modifier tells DOS to format the disk, regardless of whether it thinks the disk is already formatted or not. As a mnemonic for the softswitches, I think of them as meaning "shut up and do it". (Why that? If you do not include the /u, recent versions of DOS will pause and give you an argument about formatting a disk they think might have an operating system already.)

The hard drive should now be bootable. After formatting, if you forgot to use the /s switch, the hard drive will not be bootable. You could format again. Or you could use the command 

  sys c:

which means to copy the startup files to drive c:. You should pause here, boot the machine from the hard drive, and make sure that it works.

Your book now tells you to place the NetWare Installation CD in the CD drive. This will do you no good unless you have installed CD drivers for that drive on your DOS hard drive. Haven't done that, have you? In our lab, there is no longer a subdirectory on your floppy disk called "cdrom". From the C: prompt type the command 

  copy A:*.* c:

then type the command 

  edit config.sys

In the DOS edit program, look for the line that loads a driver from the A: drive. Change the A: to C:. Save this file by pressing 

 alt | f | s
(These are sequential key presses, not simultaneous key presses.)

Close the edit program by pressing 

 alt | f | x

Use the editor again, this time opening the autoexec.bat file. Again, change the reference to drive A: to read C:. Save and exit as above.

Now when the computer boots into DOS, the system will install drivers, and assign the letter D: to the CD drive. NOW remove the floppy disk, reboot, and test whether your machine can read the Novell CD.

All this work, and you still haven't installed the server. Everything you have done so far has been necessary. Now you can proceed. Boot from the hard drive, place the Novell Installation CD in the CD drive, switch the prompt to the CD drive, and enter the command 

  install
The installation program will ask you to make some choices. Proceed carefully, confirming your choices before locking them in. The installation program is easy to use, but it is unforgiving of errors. If anything goes wrong, such as telling it that you have a PS/2 mouse when you really have a serial mouse, you are better off aborting the procedure and starting over at "install".

During the installation of NetWare 5.1, unlike previous versions, you will create more than one volume. The SYS: volume was always created on every server, and it still is. This time, you also create a volume called WEB: for files used in web based services.

You will be asked during the installation what additional products and services you wish to install. You will install several, which are discussed in various chapters in this course:

  • NetWare Enterprise Web Server - choose port 80 for regular traffic, port 443 for secure traffic
  • NetWare News Server - choose port 119
  • NetWare FTP Server
  • NetWare Web Search
  • Novell DNS/DHCP Services - make sure all objects for these services are installed in the EMA container, where your server and your admin objects will also go
  • NetWare Multimedia Server

Web services are managed through NetWare Web Manager. Choose port 2200 for its access port.

We will also use workstations in this class. Installing the NetWare Client software on these workstations is the next step. This software usually installs without problem, once the proper IP settings have been set on each workstation.

Describing NLS

The next topic in the chapter is Novell Licensing Services (NLS). NLS is a service with several purposes. It allows only as many connections to the network as there are licenses installed for such connections. It tracks the number of users of an application installed on the network, if that application supports such tracking.

The process can go like this:

  • Application software that is "license enabled" first requests a license from the network. It does this by sending the request to an NLS Client. All servers and workstations can run NLS Client software. The Client then sends the request across the net.
  • A License Service Provider (LSP) is a program that runs on a server. It watches the net for such requests. When it sees such a request, it searches the Tree for a License Container that has licenses available. Two ways to do this are possible, and both are discussed later.
  • The LSP checks out a license, if it finds one, and tells the NLS Client.
  • The Client tells the application about the license, and reports to the server that the license is in use.
  • If no license was available, the application may be granted a grace connection, if such are available, or may be denied connection.

The License Service Provider (LSP) is created on a server by running NLSLSP.NLM. (This can be done on NetWare 4.11 or later servers, not just NetWare 5.1.) The server this software runs on should have a Master or Read/Write replica of the NDS partition its license certificates are in. (The book says that if it does not have such a replica, the server must be able to communicate with a server that has such a replica. Later in this chapter, this possibility is ignored. Maybe it's just a bad idea.)

NLS service can be installed on a server when it is created, or can be added later with Deployment Manager (NWDEPLOY.EXE), a new management tool.

NLS software is installed in the SYS:\PUBLIC and SYS:\SYSTEM directories on servers that NLS service is installed on. Workstations run the client software through their Novell Client software.

An NDS object called NLS_LSP_servername is created when the schema is extended with SETUPNLS.NLM or when you run NWCONFIG | License Options | Create License Service Provider.

License container objects are created when a server is created that runs NLS. These objects go into the same NDS context that the server object is in.

  • The Server License Container Object The license container will be named "Novell+NetWare 5 Server+510”. This object holds the license for the server itself. The number at the end is the version number of its copy of NetWare.
  • The Connection License Container Object The license container will be named something similar to “Novell+NetWare 5 Conn SCL+510”. Your student copy of NetWare allows 5 workstation connections. A commercial license may allow considerably more than 5 connections, so the number in the middle of this object's name will vary considerably from one installation to another.

Your book notes that each of these containers will retain information about connections through their licenses for up to 15 months. These objects may be moved up the Tree, but they must be moved to the same context.

A server must have a license certificate placed inside its license container object. A server license will be one of three types:

  • MLA - a Master License Agreement may be installed over and over on as many servers as a company has. This type of license is for very large (global) organizations.
  • CLA - a Corporate License Agreement is restricted: each server must have its own unique license number. This type of license is for medium to large organizations.
  • VLA - a Volume License Agreement is restricted, and each server must have its own unique license number, just like a CLA. The difference is cost and size: this type of license is for small to medium organizations.

To remember these in the right relationship, remember Roman numerals. M (1000) is bigger than C (100), which is bigger than V (5).

Additionally, license certificates come in two types:

  • Secure license certificates - also just called license certificates, they are secured by secrets, digitally signed, cannot be modified, and usually come from a software vendor.
  • Unsecure metering certificates - a metering certificate has no secrets, works with ZENworks as an NLS client, and can be created by a network administrator.

 

Installing NLS

The version of NLS that ships with NetWare 5.1 is NLS 5.02. This version can be run on servers running NetWare 4.11, 4.12, 5.0, or 5.1.

It is recommended in the text that two servers in each NDS partition have NLS installed on them, preferably the server with the Master replica and a server that has a Read/Write replica. The installation can be done through NetWare Deployment Manager, if your servers are already installed. If you are installing or upgrading to NetWare 5.1, the installation program can handle it.

You can run NWDEPLOY from a Windows workstation by placing the NetWare Installation CD in the workstation's CD drive, and running NWDEPLOY.EXE from the root directory of the CD. Deployment Manager can do the following for you:

  • Extend the NDS schema
  • Install NLSLSP.NLM on selected servers
  • Create the NLS_LSP_servername objects
  • Configure NLS
  • Modify AUTOEXEC.NCF on NetWare 4.11 and NetWare 4.2 servers

Deployment Manager does not install license certificates. You should use NetWare Administrator or NWCONFIG to do that. NWCONFIG.NLM automatically assigns license certificates to an LSP server. With NetWare Administrator, you manually assign the certificates.

When upgrading a NetWare 4 server to NetWare 5, the NLS version on the server is not upgraded automatically. You will need to run SETUPNLS.NLM and then Deployment Manager to finish the upgrade of NLS.

To verify that NLS is installed on a server:

  1. Run NWCONFIG on the server
  2. Select Product Options | View/Configure/Remove Installed Products
  3. Scroll through the list of installed products. Look for NLS. Verify the version.

Alternatively, you could type the command

  modules nls*

at a server console to verify that NLS is running. You might also want to verify that the NLS_LSP_servername object is actually associated with the correct server.

Perform License Management Tasks

Novell refers to the methods used here as the Server Connection Licensing (SCL) model. Servers are required by NLS to use a base license unit. Each workstation connecting to that server is required to use a connection license unit. License units are installed in either a single license certificate or in an envelope.

Single License Certificates are installed using NLS and KEY files. Envelopes can contain many licenses. They are installed as NLF files.

To install license certificates, use NetWare Administrator. Click Tools | Novell Licensing Services | Add Licenses | License File | OK.

In general, place license certificates near the object (server, user, etc.) that will need them. Place certificates on both sides of a WAN link, if users on both sides of the link will need them.

If NetWare is installed without licenses (an option, if you have no license disk when installing) three grace licenses are granted: one for the server, one for a user, and one for services like NDPS or SAS. If your license certificates have nine digits, you cannot use them with the NetWare upgrade program. You must install without licenses and add the licenses afterward.

A Novell International Cryptographic Infrastructure (NICI) license must be installed on each server. This is called the encryption foundation key in the installation. These license files end with NFK.

CLA and VLA licensing works as described above. MLA is a bit different: you do not assign the license to a specific server, nor do you have to install the licenses multiple times (although this is allowed). An MLA server license is good for the whole Tree, so you can install it once or many times. If you do assign a license to a specific server, no other server will be able to use it.

In an MLA installation, Foundation Keys (FKs) for NICI are installed automatically if you install licenses. If you do not install licenses, you must copy the Keys manually. They are in a file on the MLA license disk called serial_number.NFK. Copy this file to SYS:SYSTEM, then rename it NICIFK.

To install licenses with NetWare Administrator (for example, the license for an application):

  1. Select Tools | Install license | Install License Certificate.
  2. Browse to the CD or floppy containing the license or envelope.

To install metering certificates with NetWare Administrator (which will use ZENworks as the NLS Client):

  1. Select Tools |Novell Licensing Services | Add Licenses | License Metering | OK.
  2. A series of prompts will help with the process

To move licenses with NetWare Administrator (from one context to another):

  1. First, find and select the license certificate
  2. Select Tools | Novell Licensing Services | Move Selected License Certificates.
  3. Browse to the target context, select it, and click OK.

In other than MLA scenarios, servers must be assigned to service license certificates. (In MLA, this is not necessary.) When certificates are associated with a server, no other server can administer those certificates. Servers can have multiple certificates assigned to them.

To make a server assignment:

  1. Run NetWare Administrator
  2. Right-click the License Certificate object you want to assign to a server.
  3. On the pop-up menu, click Details. On the Details screen, choose Assignments | Add.
  4. Select a Server object by browsing the Tree:
    1. Using icons in the Browse Context box, navigate the NDS tree to the desired context.
    2. Select a Server object from the Available Objects box.
  5. From the Select Object window, click OK; then from the License Certificate window, click OK .

NLS can notify someone that too many users are trying to use certificates. By default, the user who installs the certificates is notified. Users can be added and deleted from the Notify list of a License Container or an LSP object.

License containers track usage of licenses. Reports can be generated from License containers using NetWare Administrator.

To generate a report:

  1. Run NetWare Administrator
  2. Select a License container.
  3. Access the Report Wizard by clicking Tools | Novell Licensing Services | Generate License Reports
  4. Click Scan Tree | OK
  5. At the Novell Licensing Services window, click a product license container or context for a product license container.
  6. Click Actions | Create License Usage Report.
  7. Click Finish or Next. (The Next option appears if you are reporting on a license container with more than one context.)

Reports can be saved in four formats. You may choose one or all of them: Save Graph as Bitmap, Save Summary as Text, Save Reloadable Data, and Save Tab-Delimited Data.

Guidelines for Troubleshooting Licenses:

  • If licenses are needed on both sides of a WAN link, put enough on each side.
  • Place at least one LSP object in a container near the [Root] of the tree, and in servers that are most used for logins.
  • Place licenses that are used the most toward the top of the Tree.
  • Place licenses used only by small groups near those groups, preferably in the context that their user objects are in.
  • If large groups use licenses, place the certificates in the highest context that the group can easily reach.

Problems and solutions:

  • If a server beeps a lot, you may not have installed licenses. Use NWCONFIG.NLM to do so. If licenses are already installed, they may not be assigned to a server. Use NetWare Administrator to do so.
  • If you receive error messages when moving a server object, you may need to move the licenses as well.
  • If you receive errors when using NWCONFIG to reinstall NDS, you should set up licensing again, still using NWCONFIG.
  • Errors when renaming a server may indicate that the licenses need to be reassigned to the new server name.
  • Remember that NDS rights are important for licensing to work. NLS_LSP_server objects need browse rights to certificate objects. The [Public] trustee needs the browse right to the license container objects.
Determine Which Network Administration Tools to Use

Your book discusses four management tools, two old and two under development:

  • NetWare Administrator - tried and true, still used. More efficient for small and medium Trees than ConsoleOne. You must use NetWare Administrator if you are setting up accounting charges for a user, and if you are managing users and desktops with ZENworks. (ConsoleOne cannot do either, at this time.) Likewise, use NetWare Administrator if you are managing GroupWise or BorderManager.
  • ConsoleOne - meant to replace NetWare Administrator some day; Java application. It lets you manage NDS objects, rights, and schema; as well as NetWare file system resources and access control. Use ConsoleOne if you are browsing very large Trees.
  • NDS Manager - tried and true, used for managing replicas and partitions in NDS. Use NDS Manager to check the NDS version, to manage partitions and replicas, and to delete servers from the Tree. (ConsoleOne cannot do these things yet.)
  • NetWare Management Portal - browser based control for managing servers. This program will not run on servers running less than NetWare 5.1. This program is the only interface for managing Web based services in NetWare.