Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
susehoush Absent Member.
Absent Member.
676 views

How to find Tree easier / faster


hello,

servers: sles10sp3 + oes2sp3
clients: windows 7 sp1 + nc ir8

On some of our clients it takes very long (up to 1 or 2 minutes) until
the tree is found and novell login is processed. On some of our clients
we get 0x800789FC - we already checked TID 7006626 but it didn't help.

Name Services that are configured are: DNS, NCP, SLP

Questions:
1. Is there some way to tell the clients statically the 5 servers which
they can authenticate against, perhaps over hosts file? What would be
the Syntax there?
2. Is there some Best Practise like making a DNS record Treename ->
IP-OF-Masterserver?

Any help is appreciated.
thx,
hugo


--
susehoush
------------------------------------------------------------------------
susehoush's Profile: http://forums.novell.com/member.php?userid=75757
View this thread: http://forums.novell.com/showthread.php?t=448050

Labels (1)
0 Likes
14 Replies
Anonymous_User Absent Member.
Absent Member.

Re: How to find Tree easier / faster

How are you verifying it takes that long for the tree to be found? Since
you're talking about finding a tree I assume you mean using SLP since NCP
is not a name service and DNS does not typically have anything to do with
trees. With that in mind I'd start by seeing what the initial delay is,
and based on your description it's finding somebody to talk to via SLP so
I would tell the clients to point to the SLP DA explicitly:

http://www.novell.com/documentation/vista_client/vista_client_admin/data/a3llvcg.html

If that does not work then I'd go back to the LAN trace to see why either
the DA could not be reached or the results returned by the DA for
authentication could not be reached. The above is all based on the
assumption that finding the tree is the cause of the slow login. If the
problem is a really long login script happening over a dial-up connection
then of course SLP is probably the least of your problems.

Good luck.
0 Likes
susehoush Absent Member.
Absent Member.

Re: How to find Tree easier / faster


See Section D.0
'Novell Documentation'
(http://www.novell.com/documentation/edir88/edir88/?page=/documentation/edir88/edir88/data/a2iii88.html)

They "recommend putting your eDirectory tree name in DNS using A, AAAA,
or Service (SRV) resource record unter the DNS domain the clients are
going to use to resolve names"

I talked to our DNS-Admin, he said he needs the SRV-String (for some
reason he cannot make an A-record right now). If the treename is
"mytree" and the servers are server1.lala and server2.lala, would the
SRV Record be, if edir is running on 524:

1: _ldap._tcp.mytree. SRV 0 0 524 server1.lala SRV 10 0 524
server2.lala
2: _ldap._tcp.mytree. SRV 0 0 389 server1.lala SRV 10 0 524
server2.lala
3. _ndap._tcp.mytree. SRV 0 0 524 server1.lala SRV 10 0 524
server2.lala
4. something else?

thx,
hugo


--
susehoush
------------------------------------------------------------------------
susehoush's Profile: http://forums.novell.com/member.php?userid=75757
View this thread: http://forums.novell.com/showthread.php?t=448050

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: How to find Tree easier / faster

Does the Novell Client documentation talk about its ability to use SRV
records? I've never seen that done for the Novell Client and if it is not
covered I'd suspect this could work for other types of clients such as (in
the example) LDAP clients.

What about the other questions regarding SLP? Does it work, respond
quickly, return reasonable results, etc.? How are you verifying it is
slow until the tree is found exactly?

Good luck.
0 Likes
Knowledge Partner
Knowledge Partner

Re: How to find Tree easier / faster

susehoush wrote:

>
> hello,
>
> servers: sles10sp3 + oes2sp3
> clients: windows 7 sp1 + nc ir8
>
> On some of our clients it takes very long (up to 1 or 2 minutes) until
> the tree is found and novell login is processed. On some of our
> clients we get 0x800789FC - we already checked TID 7006626 but it
> didn't help.
>
> Name Services that are configured are: DNS, NCP, SLP
>
> Questions:
> 1. Is there some way to tell the clients statically the 5 servers
> which they can authenticate against, perhaps over hosts file? What
> would be the Syntax there?
> 2. Is there some Best Practise like making a DNS record Treename ->
> IP-OF-Masterserver?
>
> Any help is appreciated.
> thx,
> hugo


Can you take a packet trace and check what the workstation is trying to
do up on authentication? It could be its trying to contact something
which it is waiting for a timeout etc

--
Cheers,
Edward
0 Likes
susehoush Absent Member.
Absent Member.

Re: How to find Tree easier / faster


Please forget a moment about the clients taking too long.

Let us come back to a general question:
Is it "recommended" or even necessary to include the treename in DNS
(as A or SRV records)? If yes, how can this be done - returning to my
last question about the syntax.

Here is another resource, talking about "the eDirectory tree must have
its own A record":
'Advanced DNS/DHCP for Novell eDirectory Environments'
(http://www.slideshare.net/NOVL/advanced-dnsdhcp-for-novell-edirectory-environments)

See page 46.


--
susehoush
------------------------------------------------------------------------
susehoush's Profile: http://forums.novell.com/member.php?userid=75757
View this thread: http://forums.novell.com/showthread.php?t=448050

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: How to find Tree easier / faster

Certainly not necessary; probably not necessarily recommended unless you
have a reason for it. Thus, my questions about SLP in the other part of
the thread. Edward's questions on isolating the delay is the best route
to go so we can focus on a fix for the problem, not a possible fix for a
symptom that can be caused by any number of problems.

Good luck.
0 Likes
susehoush Absent Member.
Absent Member.

Re: How to find Tree easier / faster


On the login delay: I will follow Edwards advice and wireshark on that.

On the DNS record: Since it is in the official docu and in the
presentation (from novell) I will try to make A records / SRV records
for the tree. Looking at the NC docu (4.2.9) DNS is also selected. There
is also a TID describing that the NC makes a dns lookup on logon with
treename + domain.


--
susehoush
------------------------------------------------------------------------
susehoush's Profile: http://forums.novell.com/member.php?userid=75757
View this thread: http://forums.novell.com/showthread.php?t=448050

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: How to find Tree easier / faster

Fair enough, but as there is no mention of SRV records in the client
documentation I think that is likely a waste of time (the link you cited
before didn't even talk about NDAP, which is almost certainly what you
would want for your issue). Also while DNS and SLP may be used you could
easily rule them in or out by just putting IP addresses in the tree and
server fields of the Novell Client before logging in (well, you could do
this on the 4.9.1 client... I assume you still can with the Novell Client
2 for vista/seven).

Please cite the TID so we can consider its context and recommendations.

Good luck.
0 Likes
Knowledge Partner
Knowledge Partner

Re: How to find Tree easier / faster

susehoush wrote:

>
> Please forget a moment about the clients taking too long.
>
> Let us come back to a general question:
> Is it "recommended" or even necessary to include the treename in DNS
> (as A or SRV records)? If yes, how can this be done - returning to my
> last question about the syntax.


I've never done it. In most cases I've relied on SLP either via local
multicast or with the use of a DA.

--
Cheers,
Edward
0 Likes
susehoush Absent Member.
Absent Member.

Re: How to find Tree easier / faster


Ok, 2 other questions about the NC:

1. On the Login Page -> Advanced there is Tree, Context and Server
Do you put the name/ip of a server there? We have nothing in there.

2. Do you use NMAS? Should it be activated on the NC?


--
susehoush
------------------------------------------------------------------------
susehoush's Profile: http://forums.novell.com/member.php?userid=75757
View this thread: http://forums.novell.com/showthread.php?t=448050

0 Likes
Knowledge Partner
Knowledge Partner

Re: How to find Tree easier / faster

susehoush wrote:

>
> Ok, 2 other questions about the NC:
>
> 1. On the Login Page -> Advanced there is Tree, Context and Server
> Do you put the name/ip of a server there? We have nothing in there.


Yes, you'll need to populate at least tree and context. The server
field can be left blank. What happens when you click on the tree
button? Does the client find a tree?

> 2. Do you use NMAS? Should it be activated on the NC?


It is on by default and can be left on, unless you have some issues we
could disable NMAS Authentication but for now lets focus on the login
problem.


--
Cheers,
Edward
0 Likes
susehoush Absent Member.
Absent Member.

Re: How to find Tree easier / faster


Server field was blank all the time and didn't cause any problems. We
can find the tree. Just wanted to know if in general there should be a
server.

The problem with the Novell Client docu is that it does not give any
background information! It mostly says here you can activate this, but
it doesn't discuss in which cases it would be appropriate or what the
implications are. Also I'm missing an extensive article about the novell
client for windows 7 - there a excellent document for the 4.x novell
client for xp

No, NMAS does not cause any problems. Just read somewhere that some
people could speed up logon by deactivating nmas.


--
susehoush
------------------------------------------------------------------------
susehoush's Profile: http://forums.novell.com/member.php?userid=75757
View this thread: http://forums.novell.com/showthread.php?t=448050

0 Likes
Knowledge Partner
Knowledge Partner

Re: How to find Tree easier / faster

susehoush wrote:

>
> Server field was blank all the time and didn't cause any problems. We
> can find the tree. Just wanted to know if in general there should be a
> server.
>
> The problem with the Novell Client docu is that it does not give any
> background information! It mostly says here you can activate this, but
> it doesn't discuss in which cases it would be appropriate or what the
> implications are. Also I'm missing an extensive article about the
> novell client for windows 7 - there a excellent document for the 4.x
> novell client for xp


That is something I can't fix unfortunately...

> No, NMAS does not cause any problems. Just read somewhere that some
> people could speed up logon by deactivating nmas.


I would take a packet trace and check what the client is doing.


--
Cheers,
Edward
0 Likes
Knowledge Partner
Knowledge Partner

Re: How to find Tree easier / faster

On Fri, 11 Nov 2011 02:16:02 +0000, susehoush wrote:

> Let us come back to a general question: Is it "recommended" or even
> necessary to include the treename in DNS (as A or SRV records)?


You can. I've never bothered to. No problems to report.


--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.