Many people are having problems getting all of the NetWare 6 Web Services to run properly. This How-To document will, hopefully, help.
Because I am far from being a guru, I'm sure other people have found better ways to do these things. Your feedback is welcome. As feedback comes in, this document will be updated.
The How-To is broken down into 3 parts -- Pre-installation, installation, and post-install configuration.
I'm not going to go into incredible detail on some of these points because then this would end up being a book. Hence, I'm making the assumption that the reader is fairly competent with NetWare.
Here is my test network: -- My workstation is running XP Pro SP1 plus the daily security fixes. I run Internet Explorer 6 SP1. -- My server is running dual PII 350's with 384MB of RAM (if I could get this to work on my piece of junk, you should be able to on your boxes as well). -- The server was installed using the NetWare 6 SP2 .iso image from Novell's web site. -- All web services will be installed on the same server. -- Prior to this process, I had no DNS server on my network. Installing one will be part of the process.
Part I Pre-Installation
1) This is running on my home network over a broadband connection. Because of limitations with my ISP & firewall, I've chosen to install all services with a single IP address. Hence, I've had to use some non-standard ports for a few components, as you'll see.
2) I wrote down which web services I wanted. They are iPrint, iFolder, NetStorage, WebAccess, iManager, and Remote Manager. I am not installing the Enterprise Web Server.
3) Before I even started to install my server, I wrote down the port numbers that would be given to each service: a) 443 for iPrint. Apparently, the RFC standard for IPP printing requires the use of this port. b) 80 for unsecure Apache services c) 50443 for secure Apache services d) 5180 for unsecure iFolder e) 51443 for secure iFolder f) 2200 for iManager g) 8009 for Remote Manager h) 631 for IPP printing
4) I set up port redirection on my firewall to make sure that packets from outside got to the right ports on my server.
Part II Installation 1) Go through the NetWare installation like normal until you get to the Protocols screen in the GUI Install.
2) Protocols screen: a) Give your machine an IP address, netmask, and gateway. Go to the next screen.
3) Domain Name Service screen: a) This is very important. Enter the hostname of your web services. This does not have to be the same as that of your actual server's name. For example, my NetWare server's name is "nwfs," but I entered "www" into the hostname field. b) Enter the domain name for your machine. Because I have a dynamic DNS name, I entered that here. My hostname is now www.domain.name c) Enter the IP address(s) of a DNS server that can resolve names for your new server. Because I didn't already have a DNS server on my network, I entered the IP address of my server here. This will ensure that an entry gets written to the sys:etc\resolv.cfg and sys:etc\hosts files. It is important that these two files are populated because if they aren't, the web services won't work completely.
4) Proceed with the installation until you get to Components screen.
5) Components screen: a) Select iPrint, WebAccess, iFolder, & NetStorage. iManager and Remote Manager don't appear on the list, but they will be installed by default.
6) IP Based Services screen a) For my test, I chose Single IP Address b) Check the box titled "Reserve x.x.x.x to use for secure printing" c) For each of the services, fill in the port numbers that you wrote down during pre-installation.
7) Novell Certificate Server Objects screen a) If you want to have SSL with your services, fill in these fields appropriately.
8) LDAP Configuration screen a) I've heard much confusion about this. If you choose to use clear text passwords, it does NOT mean that some bozo on the Internet can sniff your passwords. This refers to server-to-server communication, not client-to-server communication; it deals with the communication between your web services server and an LDAP server on your network. Here's the general rule of thumb: If you are installing web services on the same box that houses LDAP, allow clear text passwords (the server is only talking to itself). If your LDAP server is another box on your network and you're paranoid of a rogue user with a sniffer, do NOT allow clear text passwords. If your LDAP server is another box on your network and you aren't paranoid, allow clear text passwords. b) Because my web services are on the same server as LDAP, I will choose to allow clear text passwords.
9) NetWare Web Access Setup screen a) This is just to create a container that will hold the WebAccess objects.
10) NetWare Web Access screen a) Select the components that will appear in the WebAccess portal. For my setup, I chose the File & Print gadgets and kept their default paths
11) iFolder Server Options screen a) Change the path for the user data. It's a really bad idea to put this on the SYS volume. b) Enter the NDS names of your iFolder administrator(s). If you want more than one admin user, separate the names with a semi-colon with no spaces between them. c) The network domain is the same one that you entered in step 3b d) Enter your administrator's email address
12) eDirectory iManage Install Options screen a) Leave these at their default values
13) NetStorage Install screen a) The DNS name of the primary eDirectory server should be pre-populated b) Enter the DNS names of any alternate eDirectory servers c) The DNS name & port for the iFolder server should be pre-populated
14) Summary screen 15) complete the installation
Part III Post-Install Configuration
If you've survived this far, you should have a functional NetWare 6 server with web services running. However, there are still some steps that must be taken to get them working right.
GENERAL STEPS 1) To verify that the main page is working, open a browser and point it to http://webname.domain.name. This should open the Welcome to NetWare 6 screen.
2) Click on the Open iManager link in order to open iManager. If iManager doesn't open, here are some things to check: a) Check the address bar of your browser. The address should be correct. If you see an IP address instead of the DNS name, you're going to be re-installing all of the Web Services. It is very important that web services use DNS names. b) Verify that you have an entry in your sys:etc\hosts file that is similiar to my.server.ip.address webname.domain.name c) If you don't have such an entry in your hosts file, put it in and try to connect to iManager again.
3) Once in iManager, go to DNS Management and set up DNS for your network (If you already had a DNS server on your network, this step can be skipped). For help setting up DNS, please refer to Novell's documentation for NetWare 6 at http://www.novell.com/documentation. When you create your DNS zones, make sure to also create in-addr-arpa zones for reverse lookup. Some may ask why I've stressed DNS so much. The answer is very simple--without it, NetStorage will not work. All of the other web services are perfectly happy using your server's hosts file, but NetStorage requires DNS.
4) Once DNS is set up and you've verified that it's working, you can perform configuration steps on each of the web services.
IPRINT STEPS 1) Create an NDPS broker. General rule of thumb is one broker for each WAN site. You can create the broker either through ConsoleOne or through iManager's iPrint Management portal. a) If necessary, add any additional printer drivers, banners, etc to the RMS configuration
2) Using iManager, create an NDPS Print Service Manager. a) iManager didn't have an HP gateway for my jet direct, so I had to switch to the server console, open the Print Service Manager screen, and set up the proper HP gateway. After that, the Print Service Manager went online.
3) Using iManager, create printer objects for each printer that you'll use for IPP printing.
4) Your iPrint system should now be functioning properly.
3) In order to login, you'll need to put in your NDS Distinguished Name (ie username.container.organization).
4) NetStorage should now be completely working
REMOTE MANAGER & IMANAGER STEPS 1) Neither of these requires any special configuration; they should both be completely functional
WEBACCESS 1) WebAccess requires no additional configuration. If you wish to modify the components, refer to Novell's documentation web site.
IFOLDER I saved the best for last. 1) First, we have to modify LDAP. Open ConsoleOne and locate the two LDAP objects, LDAP Server-servername and LDAP Group-servername
2) Open the properties for the LDAP Group object and click on the General tab. Because I decided to use clear text passwords, the "Allow Clear Text Passwords" box should be checked. close the LDAP Group properties.
3) Open the properties for the LDAP server object and click on the General tab. Because I'm using clear text passwords, the TCP port should be set to 389.
4) Click on the SSL Configuration tab. Because we're using clear text passwords, click on the "Disable SSL Port" box. Close the LDAP Server properties
5)This is the critical part. We must either modify rights to the root of the tree or set up an LDAP proxy user. I'm going to modify my root rights because it seems to work better. Disclaimer: Depending on your paranoia level, you may believe this to be a security risk. If you do, use the LDAP proxy user. a) In ConsoleOne, right-click on the root of your tree and choose "Trustees of this object" from the popup menu. b) Click on [Public] and Assigned Rights c) In the window that pops up, click on "Add Property," then "Show All Properties" d) Click on the "CN" property, then click OK e) In the "Rights Assigned to [Public]" box, click on the CN property and select Compare, Read, and Inheritable. Click OK to close. Close all property pages and exit ConsoleOne
6) At the server console, stop iFolder with the "stopifolder" command. Once it's unloaded, restart it with the "startifolder" command.
7) Now we will be able to go into the iFolder Management without it blowing up on us. In case you're wondering, if we hadn't performed step 5, LDAP would have quit working as soon as we modified any of its settings.
9) Log in using one of the iFolder admin credentials.
10) In the Server Management screen, click the link to LDAP
11) Your LDAP DN is probably your organization object (o=orgname). If so, you probably want to tell LDAP to search subcontainers. If so, click the "search Subcontainers" box. Next, click on the "Update" button.
12) You can also configure different server and client policies, view users, etc.