Related Tips & Info

Authenticating to Applications that require Active Directory-Style Authentication with Novell Domain Services for Windows

MigrationDeletedUser
0 Likes

Written by: Norm O'Neal

Integrity Network Solutions

2010 Novell Knowledge Partner



In this case, the application is Citrix XenApp 6, formally known as Presentation Server. Follow me for layman's terms on getting it done. Remember, there are SEVERAL scenarios for utilizing DSfW, this is just one of many. Novell has awesome documentation at www.novell.com/documentation. At the end of this doc, I have listed helful TID's and places where we had to make adjustments to the DSfW Server.



In your Lab environment…



Read TID#7002172 – Preparing for DSfW

Perform your eDirectory Health Checks. Make sure you do not have ANY errors in the tree. NONE. See Novell support site for eDirectory Health Checks utilizing dstrace, dsrepair etc. Good timesync is mission critcal, you must be able to use ldap, secure ldap, LUM etc. – NO ERRORS



Configure Universal Password and set the Universal Password for your test users.



Remember that in its current state, eDirectory Partitioning is critical for DSfW. During this install the customer only had one partition, which was at the root. We then partioned off the Organizational Unit. O=CPSC. Take note and read about the limitations regarding partitioning until the next version of DSfW. TID# 7002172 explains it well.



Now, our Active Directory emulation will be at the O – CPSC. The end result is that we will create an Active Directory Domain called CPSC.INT.



Install your OES 2 SP2 Server into your existing tree



Choose ONLY DSfW for your pattern during the installation. The Server will correctly choose its dependencies and you can drive on.



Once the server is in the tree, properly register it with the Novell Customer Care Center. Once that process is done, you can properly apply the post SP2 updates for OES2 via the online channel.



NOTE – there are CRITICAL POST SP2 Updates that DSfW needs to properly run in a XenApp 6 environment. Please search for my article "Debugging the Novell Customer Care Center," if you need help.


Lets get started with the OES2 Configuration portion of the install. You should be comfortable with where we are here….









Click to view.










Click to view.










Click to view.










Click to view.





Now to the DSfW Config – REMEMBER, if the server install fails here, you should go ahead and clean up eDirectory and REINSTALL. Have a good Template or Snapshot of a SLES10 SP3 Server.









Click to view.




Note: See above where our DNS Name for our new domain is cpsc.int. This is being read from the Network Card configuration during the server install. NOTE – in most cases you would have set this to look like the rest of your network, In this case it would have been CPSC.K12.IN.US – HOWEVER, remember, this is DSfW and you are creating a new Active Directory Domain. So, configure your NIC and your Domain Suffixes as if it were the first server in Active Directory DURING THE SERVER INSTALL. This comes from Novell TID# 7002172








Click to view.




Note here the FDN of the new Administrator account & where it is in eDirectory. It will be a ? icon in Console One….









Click to view.




Remember, earlier we talked about our eDirectory Organization Unit is going to be mapped as our AD which is CPSC.INT – We also created our partition there for DSfW.









Click to view.




Ok, now prepare DNS for this new DSfW Server…Note – to all of us newbie's to Active Directory we need to realize that DNS is as critical as SLP so this has to be correct. In this case I checked "Get Context and proxy user info from existing DNS Server." So, you MUST know where your DNS Locator Objects are in eDirectory.



CRITICAL – YOU MUST LEAVE THE CHECK BOX FOR "USE SECURE LDAP PORT." The install will break if you uncheck this.


Once I clicked on Retrieve, the boxes were populated automatically. NOTE – this is an example, do not use Admin as your Proxy User.









Click to view.




Once you click next, you will get a config screen showing you what is getting ready to take place. You have one last chance to make adjustments.









Click to view.




The install is a success. No errors…remember, if you had errors you might as well cash it in and start over. Now that everything is successful we can configure DSfW.



Please launch YaST and open the DSfW Provisioning Wizard.









Click to view.




Now, log in with the credentials that you created during the install of DSfW earlier in this process.









Click to view.




Please follow the installation sequence. Pay close attention to what is going on in case you get an error. However, if you properly followed this document for this type of scenario, this should work just fine.



Once the services are installed without any errors whatsoever you can now join your Windows Machines to the new Active Directory Domain. Check it out!









Click to view.




Finally, I will login to the Citrix Delivery Center Console and XenApp 6 will see eDirectory as an Active Directory Domain…..See CPSC.INT…..Nice huh!!! Now just associate your end users to their respective applications and voila! You have, "Apps On Demand" for your eDirectory user accounts!









Click to view.




Enjoy DSfW!



Issues encountered during our install:



  • Error 139 during DNS installation portion of the install when NOT using Secure LDAP for DNS configuration.

  • BUG 589440 – namuseradd improperly handles existing uniqueID values – the exact problem was that the admin had multiple unique id's. This will not be an issue in OES3. If you run into this issue you need the binary "bug-589440_namuseradd"

  • Domain Trust errors between the Member Server and Domain Controller. This was fixed with the Post SP2 Updates for OES2 – IF YOU INSTALLED THE SAMBA PATCH, you MUST DO THIS:

    • Add  "unix extensions = no"  to the global section in /etc/samba/smb.conf

  • Add  "wide links = yes" to sysvol section in the /etc/samba/smb.conf






Now, if you have troubles see TID# 7002366 however I only needed 2 of the 35.




Thank you very much for reading. We hope this helps someone be successful with DSfW in this particular use case.



_________________________________________________

Norm O'Neal

Integrity Network Solutions

Team NUGI (Novell Users Group of Indiana)

2010 Novell Knowledge Partner



Articles in this series:



  1. Authenticating to Applications that require Active Directory-Style Authentication with Novell Domain Services for Windows - Part 1




Labels:

How To-Best Practice
Comment List
  • Hello noneal,
    I have tried the same to install and i have seen the same problems. Thank you for your post. The user can login to the domain after you have resetted the user password, which will create the universal password at this moment for the existing users.
Related
Recommended

Resources

Support
Documentation
Learning Services
CyberRes Academy
Partner Programs
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Conduct
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.