|
NDS install instuctions
In software version 4.20 we introduced quick installation wizard available via
http: It is by far the easiest method for installing the StorPoint in to your NDS-tree. simply access the Storpoint by it's IP-address click on
Quick-installation choose NDS-Wizard and continue.
Axis StorPoint CD NDS Installation:
Unlike how the StorPoint CD operates in bindery mode where the server is available without
any configuration, for the server to work in NDS, it needs to be installed.
Installation is very simple, you just fill in the parameters in the config.ini file and the server will
install itself into NDS in less than 15 seconds.
This installation procedure assumes you're familiar with how configuration works in the
StorPoint CD.
For the examples below, we assume the following:
- The name of your NDS tree is ACME.
- The name of the context you wish to install the server is
Corp.Acme.
- The administrator's name is Admin.Acme.
Description of the parameters:
BinderyEnable = yes ; yes/no
Allows you to disable bindery mode login to this server. This increases system security. We will
however ALWAYS allow the supervisor to log in in bindery mode. That way, there will always
be a way for you to log in and solve problems even if the NDS system is down.
SpervisorPassword = PASS u
BindAuthentication = ; Servername
Works as before
NDSEnable = yes ; yes/no
Allows you to disable NDS login even if the server is installed in NDS.
This parameter has no effect in the current software
NDSTreeName =
The name of the tree you want to install the server into.
Example: ACME
NDSServerContext = The context in the NDS tree where you want to install the server.
Example: Corp.Acme
NDSAdminName = The distinguished name (for example Admin.Acme) of a user or administrator with Supervisor or
Create rights in the context where you want to install the server
Example: Admin.Acme
NDSAdminPassword =
The password of the administrator above. Once written, this password will _never_ show up in
the config.ini file. The password will instead be replaced with *****.
Example: Secret
NDSInstall = no ; install = install now
Change this to 'install' when you are ready to install the server. After the config.ini file has been
saved to the StorPoint CD, NDS server installation will begin after 5 seconds. Check the
logfile.txt file in the config directory after 15-20 seconds and check for errors.
TimeSyncSources = SAP ; SAP or SERVER1,SERVER2,...
By default, time syncronization uses SAP to find the time providers on the network (primary
and reference time servers) to read the time from. If you have configured time syncronization in
your network to use configured lists of time providers you can change this parameter to a list of
servers to contact. This parameter also allows you to syncronize time against other
SECONDARY time servers. The list is one or more file servers separated by ',' (no spaces
between the names). The default value of this parameter is SAP which means that the StorPoint
should use SAP in order to find a time provider.
Example: If your network Time Syncronization uses SAP (most networks do), set:
TimeSyncSources = SAP
If your network uses configured lists of time providers, you put the server names of the time
providers in a list: TimeSyncSources = PROVIDER1,PROVIDER2
After server installation has been completed, users will be able to log in in NDS mode. Using
NWAdmin, you will find a new server object and a corresponding volume object in the context
you chose above.
Note: When you want to delete the server object from your NDS tree you
have to turn off the StorPoint server and keep it turned off for 5 minutes before using
NWAdmin's partition manager or NDS manager to delete the server object. If you do not turn
off the server before attempting to delete the server object your client workstation will hang
and you will have to reboot your PC. This is a limitation in
NWAdmin.
After filling in the parameters above correctly, your server should be correctly installed in
NDS. There are a number of things that can go wrong though. Regardless what went wrong, you will
find the reason in the file logfile.txt in the config directory.
Possible errors during NDS installation:
| Error |
Description
|
| Installation failed: NDS tree not found |
Installation failed: NDS tree not found
The server could not find the NDS tree. Please check the spelling.
|
Installation failed: Administrator object
missing. |
The password supplied in the NDSAdminPassword password could not be
used to login as the user in the NDSAdminName parameter. Please check the spelling.
|
Installation failed: Administrator password is
incorrect |
you may have misspelled the password
please try again
|
| Installation failed: Server context not found |
The context specified in the NDSServerContext
parameter was not found. Please verify that the spelling is correct.
|
Installation failed: Insufficient rights to create
server object |
The specified user in the NDSAdminName
parameter doesn't have sufficient rights to create the server object in the
specified context.
|
Installation failed: NDS Server object already
exists. |
You have tried to install the server on top of an
existing server object. To avoid problems when two servers point to the same object we do not
allow installation on top of an existing object in normal cases. If you _really_ want to install on
top of the old object, you can add an exclamation mark (!) to 'yes' the NDSInstall
parameter.
(E.g. NDSInstall = yes!)
|
Installation warning: Could not extend NDS
Schema (class 1)
Installation warning: Could not extend NDS
Schema (class 2)
Installation warning: Could not extend NDS
Schema (attribute) |
These errors is the cause of insufficient rights
of the administrator trying to install the server. The server here tries to extend the NDS schema
with an extra attribute to the 'NCP Server' class in NDS. Extenting the NDS schema requires
SUPERVISOR rights to the [Root] object. This is only necessary for the first StorPoint being
installed in the tree. For all other StorPoints being installed into the tree, the attribute will
already be defined and this step is not necessary. This extension is neccessary for
storage of the server's file system rights (access rights to CD:s and configuration files). These
are the rights that you use NWAdmin to configure. If you get this warning, you will be
unable to change the default access rights (user's access rights to CD:s and
configuration files |
|
Axis StorPoint CD NDS management:
Security:
Once installed, users are able to log on to the server as any other NDS server in the network. By default, after installation, the server is configured to protect all configuration files and display only the CD:s to 'normal' users. User rights to the server and the files and directories on the server is determined in this way: Supervisor rights to the SYS volume is inherited from the Supervisor right to the NDS Server object. Read and file scan rights are inherited from the Browse right to the NDS Server object. By default, the CONFIG and VOLUMES directories are setup with a inherited
rights filter that filters all rights except the Supervisor right. This
protects all configuration files.
Setting access rights:
Access rights are managed by using NetWare Administrator (NWAdmin). You can add or remove trustees to all configurable directories (see below). Inherited right filters can be used to block rights. Basically, there is NO DIFFERANCE between how you'd normally use NWAdmin
on a Novell NetWare NDS server and how you use it on a
StorPoint. Configurable directories are Root (the root of the SYS volume), CD,
CONFIG, VOLUMES and all CD:s currently displayed in the CD directory.
The NDS access rights will be saved in a private extension (a new
attribute) in the server object in NDS. If during the installation you
got the error message 'Could not extend NDS Schema', then the server will
be unable to write the server rights to NDS. That means that you'll be
unable to change the default rights in the server.
Security recommendations:
Since all access control of the different protocols (NetWare, SMB, NFS, HTTP)
is separate, we recommend that you disable all protocols not being used. If
you do not do this, any user accessing the server with for example SMB would
get full access rights even if you have setup a very tights security scheme
in NDS. Access rights for users in bindery mode in NetWare is separate from users
accessing the server in NDS mode. Because of this reason, we recommend that
you disable bindery mode after you have successfully installed the server
in NDS and only allow users to log on in NDS mode. If you intend to allow
users to access the CD-ROM server in bindery mode, you'll need to setup
rights according to the StorPoint manual. |
|