Open Lab: Installing Novell Access Manager

Open Lab: Installing Novell Access Manager

In this Lab procedure we will install Novell Access Manager, with the Identity Server, the Access Gateway, the Device Manager (a dedicated iManager + embedded eDir), and the SSL-VPN components. We will use VMWare for this.



Introduction



Requirements



  • Basic Linux knowledge (vi, scp, ssh,...)

  • Vmware (Preferably the workstation version with the great multi-snapshot possibility)

  • 3.1 GB of RAM and abt 8 GB of disk space

  • Novell Access Manager (eval) from: www.novell.com/download
    We only need AM_30_Linux_AccessGateway_Eval-0407.iso 666.4 MB (698779648)


Necessary Reading





Installation Steps



1. Create a virtual machine. Give it 768 MB of ram (I first tried with 512 MB, but this is too little. It produces all kinds of errors with Tomcat (see /var/opt/novell/tomcat4/logs/catalina.out).







Click to view.


Figure 1




Figure 1 - Creating the virtual machine in VMWare



I more or less followed the Utopia standard for the network card and IP address (Vmnet5 is a NAT setup to subnet 172.17.2.0) We will use a "one-armed setup," so we only need one network card in the access gateway. (In real life, you'll have probably two or three external network, internal network, administration network.)



2. Set the CD-ROM to this path: AM_30_Linux_AccessGateway_Eval-0407.iso



3. Boot the VM (boot from the CD-ROM, hit Esc to open a boot menu if needed).



4. At the boot screen, select Standard Installation.



5. Press F2 and select Text Mode (graphic install didn't work for me).







Click to view.


Figure 2




Figure 2 - Text Mode for the installation



6. Set your Language (choose English).



7. Select your keyboard layout.



8. Choose your timezone and set your hardware clock.



9. Set the Network configuration as follows:



  • eth0

  • IP: 172.17.2.111 (or any other IP address you prefer)

  • Subnet Mask: 255.255.255.0

  • Default Gateway: 172.17.2.2 (provided by VMWare Workstation, when using NAT on subnet 172.17.2.X)


10. Set the Hostname configuration as follows:



  • Hostname: box1

  • Domain Name: Utopia.com

  • DNS Server 1: 172.17.2.2 (provided by VMWare Workstation, when using NAT on subnet 172.17.2.X)

  • DNS Server 2: Your local DNS server as from your local network or internet service provider (optional)

  • NTP server Configuration : 172.17.2.91 (the NTP server of Utopia; if your VM has an internet connection, you can also use pool.ntp.org or 0.pool.ntp.org)


It is essential that the IDP and the AG are in timesync (within 5 minutes). As these are on the same box, that should be OK.



11. Set the Administration Console configuration as follows:



  • Enable On Box Indentity Server (Note: It is not currently supported yet)

  • IP Address: 172.17.2.111

  • User Name: admin

  • Password: n0v3ll

  • Re-enter: n0v3ll

  • Enable SSL VPN Service


12. Start the installation.



13. After 20-30 minutes, the system is installed and ready for login. (I had "fail: novell-jcc" and "Skipped services in runlevel 3 : nfs snmpsysman sp_autoimport".)



14. On the host, open a terminal and open an ssh connection:

ssh root@172.17.2.111



15. Check which RPM's have been installed:

rpm -qa | grep -i novell



16. If your host has a Centrino (Pentium Mobile) processor, some additional measures have to be taken to keep the clock drift under control (even with ntp or vmware tools running). Do this on the host and the virtual machine:



  • vi /boot/grub/menu.lst

  • add "apm=off acpi=off" to the default boot option


The entry becomes:

title Novell Linux Access Gateway
kernel (hd0,0)/vmlinuz root (hd0,2) splash=silent desktop
resume (hd0,1) showopts apm=off acpi=off
initrd (hd0,0)/initrd


17. clock=pit ?



Normally we would "clock=pit " to the entry. However, the current version of the Linux Access Gateway (LAG) does not register in the DeviceManager console when this option is added to the boot process. This should be fixed in a later version / patch / Support Pack ...



Currently this means that the clock of our "all_on_one box" will drift. Fortunately, the Identity Server and the Access Gateway are on the same box, so they will "drift together" and remain in time-sync with respect to each other.



18. Edit your hosts file on your hosts and add the following:



172.17.2.111      www.utopia.com NAMbox1 NAMbox1.Utopia.com


19. Browse to: www.utopia.com:8080/nps or http://172.17.2.11:8080/nps



This is devicemanager (a dedicated version of iManager). Have a look at Access Manager (in the left margin) -> Overview. The Identity Server, which is not configured yet, will show as red; the Access Gateway should be green.



20. Install the VMWare tools:



At the VMWare main menu bar, run this:



VM -> Install VMWare tools 
rpm -Uvh /media/cdrom/VMwareTools-5.5.3-34685.i386.rpm
Preparing...################################### [100%]
1:VMwareTools############################### [100%]


21. Configure the VMWare tools, from the VM-console (not from a remote connection):



vmware-config-tools.pl   


22. Shut down and take a snapshot.



Troubleshooting



1). Check the installation log files for errors, at:



/tmp/novell_access_gateway 
/tmp/novell_access_manager


You can do a quick check with the following commands:



www:~ # cd /tmp/novell_access_manager/
www:/tmp/novell_access_manager # strings *.log -f | grep -i error


or



www:~ # cd /tmp/novell_access_gateway/
www:/tmp/novell_access_gateway # strings *.log -f | grep -i error



A few times I saw the following error:



Entering install ZipOps: npmPath: /tmp/inst_novlwww/NMAS.npm   webAppRoot: /var/opt/novell/tomcat4/webapps/nps
java.io.FileNotFoundException: /var/.com.zerog.registry.xml.save (Permission denied)
at java.io.FileOutputStream.open(Native Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:179)
at java.io.FileOutputStream.<init>(FileOutputStream.java:131)


I think it is related to the ZeroG installer; it didn't seem to be much of an issue.



2) Error: The NAG is "not reporting."



From DeviceManager, try a "repair import" - if this doesn't help, try the following from the VM console (do not use ssh this time). We will change the IP address of the box to a dummy value, save and apply it, and then set it back to the value we want. This will cause a retry on the import as well.



       www:~ # nash
www> show devicemanager
ERROR: Invalid or too many arguments.
www> show deviceManager
....verify if the settings are okay
www> configure (or configure .current )
www (conf-.cur)> interface eth0
www (conf_.cur_inte_eht0)>replace 172.17.2.108 with 10.10.10.10/255.255.255.0
www (conf-.cur-inte-eth0)> exit
www (conf-.cur)> save .current
www (conf-.cur)> apply
Success
www> configure (or configure .current )
www (conf-.cur)> interface eth0
www (conf_.cur_inte_eht0)>replace 10.10.10.10 with 172.17.2.108/255.255.255.0
www (conf-.cur-inte-eth0)> exit
www (conf-.cur)> save .current
www (conf-.cur)> apply
Success


3) Config file problems



	/var/novell/cfgdb/.current/config.xml
/opt/novell/devman/jcc/conf/settings.properties
/opt/novell/devman/jcc/logs/jcc-0.log.0 file


You should see:



<exDescription exHealthStatus="Passed">The Device Management service "vcc" is functioning properly
/tmp/novell_access_gateway/inst_.......log


4) Verify the running services:



Is Tomcat running and listening on port 8080?



  • ps -eaf | grep tomcat

  • netstat -nap | grep 8080


Is the JCC (Java Communications Channel) up and listening?



  • tps -eaf | grep jcc

  • netstat -nap | grep 100
Labels (1)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
I thought we were going to "Novell Access Manager, with the Identity Server, the Access Gateway, the Device Manager (a dedicated iManager + embedded eDir), and the SSL-VPN components. "

Yet I only see this as installing the Access Gateway. (Which assumes the Identity Server and Device manager is already installed).
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2020-01-31 22:09
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.