Create key:
openssl genrsa -des3 -out www_example_com.key 1024
Create certificate request:
openssl req -new -nodes -keyout www_example_com.key -out www_example_com.csr
Verify contents of certificate request:
openssl req -noout -text -in www_example_com.csr
Make sure, that eDirectory server, NICI and iManager are installed. Obtain the following packages from download.novell.com:
Novell Audit 2.0 Plug-in for iManager 2.5 and Greater
Novell Audit 2.0 Starter Pack
Now follow the below instructions to get all Novell Audit components up and running:
Install MySQL server using Yast -> “Software” -> “Install and Remove Software” and select package “mysql”. It will automatically select dependent packages
Make sure the ip address of your nic resolves to something useful by running /usr/bin/resolveip ip_address_of_nic
In case this did not return successfully add the hostname to /etc/hosts by adding a line like the following:
192.168.1.10 sles9
(just an example)
Fire up the MySQL server using /etc/init.d/mysql start. If this went well you should be able to set a new password for the root user:
/usr/bin/mysqladmin -u root password 'new_password‘
Time to add an Novell Audit user and database to the MySQL server:
mysql -u username -p
CREATE DATABASE naudit;
GRANT ALL PRIVILEGES ON naudit.* TO auditusr@'%'
IDENTIFIED BY 'auditpwd' WITH GRANT OPTION;
FLUSH PRIVILEGES;
Now copy the downloaded tarball Novell_Audit_20_Starter_Linux.tar.gz to an installation directory of your choice, e.g. /usr/local/src and unwrap it using
tar xfz Novell_Audit_20_Starter_Linux.tar.gz
There should be a newly created directory Linux. Change into it and run:
./pinstall.lin
Accept the license agreement using “Y” and choose the default (Secure Logging Server) which should install all necessary components in one go. Now AuditExt will open and you should first select “Add Schema Extensions”. If that went successful choose “Configure This Server” and accept the defaults. Then exit AuditExt.
When asked to start the “eDirectory Instrumentation Agent” enter “Y”.
This should have installed Novell Audit successfully.
As an additional step you might want to install the Novell Audit plugin for iManager to manage Novell Audit via the iManager web interface. Open the following link in your browser. Use the ip of your server instead of the one supplied below:
https://192.168.1.10:8443/nps/iManager.html
iManager automatically detects the naudit.npm module if you copied it to /usr/local/src beforehand.
“Roles and Tasks” -> “Auditing and Logging” -> “Logging Server Options” -> (select Logging Server) -> “Secure Logging Server Interactive Configuration Guide”
setup basic SLES9 installation
activated multicast routing (route add -net 224.0.0.0 netmask 240.0.0.0 device eth0)
Installed the following prerequisites using “Install and Remove Software” functionality from Yast:
In case you do not have the SLES9 cd’s at hand, add the following URLs to your list of install sources (”Change Source of Installation”):
Installed NICI using rpm -ivh nici-2.6.8-0.02.i386.rpm
Unpacked eDirectory tarball to /usr/local/src/eDirectory
Added source /usr/local/src/eDirectory to list of Yast installation sources
Selected all packages in “Install and Remve Software” which appear und “Selections”->”Novell eDirectory”
In order to resolve dependencies it is necessary to remove the “openldap2″ package
Added the following environment variables:
export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:\
/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib:$LD_LIBRARY_PATH
export PATH=/opt/novell/eDirectory/bin:\
/opt/novell/eDirectory/sbin:$PATH
export MANPATH=/opt/novell/man:\
/opt/novell/eDirectory/man:$MANPATH
export TEXTDOMAINDIR=/opt/novell/eDirectory/share/locale:\
$TEXTDOMAINDIR
As an alternative there is the ndspath script which could be called in your .profile or .bashrc login script:
. /opt/novell/eDirectory/bin/ndspath
Start Yast to configure the newly installed eDirectory server under “Network Services”->”eDirectory”
Install iManager 2.6, unpack to /usr/local/src/iManager, cd into /usr/local/src/iManager/installs/linux
./iManagerInstallLinux.bin
Accept all defaults, supply the admin account “admin.user”
Install samba-3.0.14a.tar.gz
./configure --with-winbind --with-ads --prefix=/opt/samba
make
make install
Install squid-2.5.STABLE10.tar.gz
./configure --prefix=/opt/squid --enable-auth="ntlm,basic" --enable-external-acl-helpers="wbinfo_group" --enable-icap-support
make
make install
Setup WebWasher
https://support.webwasher.com/otrs/customer.pl?Action=CustomerFAQ&ID=1466
./net rpc join -S ADSERVER -U ldaplookup
It is a must that you use the Netbios name of the PDC, neither DNS name nor IP address works!
Recent Comments