DCE and DFS for Linux Installation and Configuration Guide

[Previous] [Next] [Contents] [Index]

This chapter describes how to configure DCE and contains the following sections:

4.1 Error Recovery During Configuration
4.2 Configuring a New Cell
4.3 Configuring Your System as a DCE Client with Runtime Services
4.4 Split Server Configuration (Adding a Master CDS Server)
4.5 Running the DCE Configuration Verification Program

4.1 Error Recovery During Configuration

If the procedure encounters any errors during DCE system configuration, it displays error messages. Some errors are not fatal, and the procedure attempts to continue. Other errors are fatal, and the procedure terminates. If a fatal error is encountered while the procedure is starting the DCE daemons, the procedure attempts to stop any daemons that have already been started. This returns the system to its original state, as before you began the configuration.

You can get more detailed information about the cause of the error by examining the associated log file in /opt/dcelocal/dcesetup.log. (If dcesetup is run without root privileges, the log file will be located in tmp/dcesetup.username.log.) This log file contains a record of the operations invoked by the System Configuration utility the last time it was executed, and may help you diagnose the cause of the problem.

Sometimes the cause of an error is transitory and may not recur if you repeat the operation. Use the command /usr/sbin/dcesetup restart to retry if errors are encountered during the startup of the DCE daemons. For more information about this command, see the DCE and DFS for Linux: Product Guide.

4.2 Configuring a New Cell

The following steps explain how to create a cell and configure the Security server and CDS server on the same system.

1. To begin your initial cell creation and server configuration, log in as root and invoke dcesetup (/usr/sbin/dcesetup). If you are not logged in as root, the dcesetup utility can perform only the Show and Version choices. The dcesetup utility displays the following menu:

                ***  DCE Setup Main Menu  ***
   

                    Version 2.3
   

   1) Configure Configure DCE services on this system

   2) Show Show DCE configuration and active daemons

   3) Stop Terminate all active DCE daemons

   4) Start Start all DCE daemons

   5) Restart Terminate and restart all DCE daemons

   6) Clean Terminate all active DCE daemons and remove

   all temporary local DCE databases

   7) Clobber Terminate all active DCE daemons and remove

   all permanent local DCE databases

   8) Version Show DCE Version number

   X) Exit

   Please enter your selection:
   

NOTE: For troubleshooting during configuration, open an additional window after you invoke dcesetup, and enter the following command: # tail -f /opt/dcelocal/dcesetup.log This window allows you to track the configuration procedure as it executes. The file dcesetup.log captures most configuration errors. If you are not logged in as root, the log file is named /tmp/dcesetup .username.log.

1. If you are creating a new cell or adding a CDS server, choose option 3 (Terminate and restart all DCE daemons) to stop the DCE daemons in a controlled manner. Be sure to back up your security and CDS databases before proceeding if this has not been done.

   Press Enter or Return to continue at the Main Menu

2. Choose option 1 from the DCE Setup Main Menu to configure DCE services on your system. You must have system privileges to modify the DCE system configuration.

   You may be prompted to continue with reconfiguration.

   The procedure displays the following menu:

   					  ***  Configuration Choice Menu  ***
   

   1) Configure this system as a DCE Client

   2) Configure this system as a Lightweight Client

   3) Create a new DCE cell

   4) Add Master CDS server

   5) Configure DCE Distributed File Service (DFS)

   6) Modify DCE cell configuration

   7) Configure this system for RPC only

   R) Return to previous menu

        Please enter your selection (or '?' for help):
   

3. Choose option 3 to create a new DCE cell.

   NOTE: At many prompts, you can press Return to take the default displayed in brackets or enter a question mark (?) for help.

4. When prompted, select a cell name and then hostname. You can use defaults. (The names are used again when you configure DCE client systems.)

   The configuration utility asks if you want to configure the host as a CDS server.

5. Answer yes to configure the CDS and security servers on the same system

   You would answer no to perform a split server installation in which you configure the security server on the current host and the CDS server on a different host. (Continued in Section 4.4, Split Server Configuration (Adding a Master CDS Server))

   If you answered yes to configure the CDS server you may be prompted:

   Will there be any DCE pre-R1.1 CDS servers in this cell? (y/n/?) [n]:
   

6. Press Return to accept the default, "no".

7. You are prompted to confirm the system time; it is important that you check the current time before you respond.

   At the prompts concerning the time service:

   Do you need the Distributed Time Service? (y/n/?) [y]
   

   Do you want this system to be a DTS Server (y/n/?) [y]:
   

   Do you want this system to be a DTS Global Server (y/n/?) [n]:
   

   Does this cell use multiple LANs? (y/n/?) [n]:
   

8. Answer the questions appropriately.

   Next, the screen displays your selections and asks whether to save them as your DCE system configuration.

9. Answer y.

   The script prompts that you enter a "keyseed", and explains that you can enter any random text, and need not remember it.

10. Type your own text and press return.

    The script reports that it is configuring a security server, and prompts for a new password.

11. Type your own password and confirm it.

    Configuration proceeds. At completion, the Main Menu is displayed.

    To verify that all requested services are configured, you can choose option 2 (Show) from the DCE Setup Main Menu.

NOTE: During initial DCE client configuration, the client software may have problems locating the Cell Directory Service if the Internet protocol netmask for your client machine is not consistent with the netmask used by other machines operating on the same LAN segment. You might need to ask your network administrator to determine the correct value to use as a netmask on your network.

The following steps explain how to configure your system as a DCE client(Steps 9 through 11 are not needed for a Lightweight Client or RPC-Only configuration.)

1. Match the time on your system to that from the Security Server. It should be within four minutes.

   If you are not sure how, see Appendix Section C.1.2, Setting Time.

2. At the command line, log in as root and invoke /opt/dcelocal/bin/dcesetup. The dcesetup utility displays the Main menu.

3. Choose option 1, Configure.

   If prompted:

   Do you want to proceed with this reconfiguration (y/n/?) [y]
   

   Press Return.

   dcesetup displays the Configuration Choice menu.

4. Choose option 1, Configure this system as a DCE Client.

   The dcesetup procedure displays the following messages describing how to follow prompts.

   At each prompt, enter <Return> to take the default displayed in [braces] 
   or enter '?' for help.
   

   Press <Return> to continue:
   

   After listing the status of the configuration, dcesetup displays the following question:

   Would you like to search the LAN for known cells? (y/n) [y] :
   

5. Type n and then press Return, to enter answers manually; or Return, to choose from lists.

   To enter manually:

   Having entered n, supply the following information at the prompts:

   • Your DCE cell
     
   • Your DCE hostname
     
   • The hostname of the Master CDS server for this cell
     
   • Whether your host can broadcast to the host where the master CDS server is installed
     

     To choose from lists:

     Having entered y, choose the default hostname and cell name or choose from list of available DCE cells as follows:

     Please enter your DCE hostname[your system's name]:
     

     Press Return. The screen lists available cells.

     Please enter the name of your DCE cell [default_cell]:
     

     To choose the default, press Return.

     If you enter a name, type it and press Return. Do not add the /.../ prefix to the cell name; dcesetup automatically adds it.

     The prompt might contain a cell name which is the last configured cell name for this host or the first cell name from the alphabetical list of available cells. If you enter a cell name that is not on the list of cell names, the procedure assumes you are performing a WAN configuration, and asks you to enter the hostname of the master CDS server for your cell, and its IP address.

     After listing the status of the configuration, dcesetup asks:

     What is the hostname of the Master CDS server for this cell
     [default hostname]:
     

6. Press Return.

   After listing the status of the configuration, dcesetup displays:

   Found DTS server
   

   The local system time is: Wed Mar 11 12:01:14 2001
   

   Is this time correct? (y/n):
   

   You may get a prompt, where the DTS in the cell you are joining can correct your system's time.

   Will you allow this procedure to correct your local time? (y/n/?) [y]:
   

7. You can press Return to accept this.

   If the correction is not offered, verify that the correct time is displayed. It should be within four minutes of that on the Security Server. If the time is incorrect, specify n, and the procedure exits to the command window to allow you to reset your system time. Correcting the time depends on your system and will require that you restart configuration with dcesetup, starting with Step 1.

   To see how to set the time in Linux, see Section C.1.2, Setting Time

   After you specify y, the time is correct, you are asked:

   Do you need the Distributed Time Service (y/n/?)[y]
   

8. Press Return to answer yes to connect with the DCE DTS.

   After you respond to the prompt, the procedure stops the CDS advertiser and asks you to perform a dce_login operation, as follows:

   This operation requires that you be authenticated as a member of the 
   sec-admin group. Please login.
   

   Enter Principal Name: 
   

   Password:
   

9. Enter the Principal Name and Password (as obtained earlier, in Section 3.1, Before You Configure DCE).

   After you perform the dce_login operation, dcesetup begins configuring the security client software.

10. When prompted to delete the principals, answer [y].

    After the prompt:

    Do you wish to delete these objects? (y/n) [y]
    

11. Press Return.

    When the process is complete it returns to the dcesetup main menu.

12. You can verify configuration by choosing option 2 Show.

13. Press X to exit dcesetup.

The DCE components that you have configured are added to your system startup procedure so the daemons restart automatically whenever the system is rebooted (unless you opted to disable DCE at boot time). If the client system and a CDS server are on the same subnet, the client can automatically locate the CDS server. In this case, the client configuration is complete.

4.3.1 To Update the Client's CDS Cache

If the client system does not share a subnet with a CDS server, you must manually enter a CDS server's location information into the client's CDS cache.

If processing is unreasonably slow, updating the CDS cache may help. This is not usually necessary.

At the command line, enter CDS server location information into the client's CDS cache.

# dcecp -c cdscache create <name> -binding <protseq>:<ip_addr>

where

<name> is the simple name of the cached server machine.

<protseq> is a CDS server's protocol sequence, either ncacn_ip_tcp if you want to use only TCP connections or ncadg_ip_udp if you want to use only UDP connections

<ip_addr> is the Internet Protocol address of the server machine's <name>, obtainable through the command ping <name>.

For example:

 # dcecp -c cdscache create pelican \ 

-binding ncacn_ip_tcp:16.20.15.25

This section discusses a split server installation in which a new cell and the master security server are created on one system and the master CDS server is configured on another system. The master CDS server maintains the master replica of the cell root directory.

NOTE: Another Entegrity DCE product, PC-DCE, uses a similar term with a different meaning. In that case, a cell administrator can grant cell configuration privileges to local administrators. They can configure clients into a cell without the administrator's password.

A split server configuration has three phases:

• Begin creating the new cell and master security server on one system.
  
• Create the master CDS server on another system.
  
• Complete configuring the master security server on the first system.
  

This is the first phase of a split server configuration. Begin this phase by creating the new cell on the machine where the master security server will reside.

1. At the DCE Setup Main Menu, choose option 1 (Configure).

2. At the Configuration Choice menu, choose option 3 (Create a new DCE cell). Answer the prompts appropriately for the cellname and hostname.

   At the prompt,

   Please enter the name of your DCE cell [default_cell]

3. Press Return to accept the default, or assign a name following OSF conventions.

   At the prompt,

   Please enter your DCE hostname [default]

4. Press Return to accept the default.

   At the prompt,

   Do you wish to configure <hostname> as a CDS server?  (y/n/?) [y]: n
   

5. Answer n. (the other machine will be the CDS server)

   The system will ask to verify system times:

   System time for <myhost>: Wed Jun 12 13:39:24 EDT 1998
   

   Is this correct? (y/n/?):
   

6. Make sure you verify the time before you specify y. If the system time is incorrect, answer n; the configuration procedure exits to the operating system to allow you to correct the system time. You can then reconfigure.

   After the prompts:

   Do you need the Distributed Time Service? (y/n/?) [y]:
   

   Do you want this system to be a DTS Server (y/n/?) [y]:
   

   Do you want this system to be a DTS Global Server (y/n/?) [n]:
   

7. Answer the prompts about using this system as a DTS local or global server. You can follow the defaults.

   At the prompt:

   Do you intend to run MIT Kerberos 5 services on this machine [y] :
   

8. A yes answer will run the Kerberos config utility and (optionally) install the "Kerberized" version of telnet on the system.

   At the prompt:

   Do you want to configure the LDAP name service? (y/n/?) [n]: 
   

9. A yes answer prompts queries to ask if you want to configure the system as a LDAP client and if you would enter further information regarding the LDAP services you want.

   Do you want to configure the LDAP name service? (y/n/?) [n]: 
   

   Do you want to configure gdad to use LDAP? (y/n/?) [n]:
   

10. Answer the LDAP prompts. DOES THIS BRANCH OUT??? < < <

    The screen displays your selections and asks whether to save them as your DCE system configuration. (It did not prompt, but assigned answers of not being a PKSS server or enabling Kerberos 5.)

11. Press Return to answer y to accept your selections, or n and then Return to change your selections.

    The procedure configures the host machine as a security server and then prompts that you enter a "keyseed", and explains that you can enter any random text, and need not remember it.

12. Type your own text as the keyseed, and press Return.

    The script reports that it is configuring a security server, and prompts for a new password.

13. Type your own password and confirm it.

    The procedure configures security services and then pauses for you to configure the master CDS server on another system. It displays:

    ********************************************************************
    

    This system has now been configured as a security server.
    

    Since you chose not to configure this system as a CDS server, you 
    

    must now configure another system as the Master CDS Server for this
    

    cell (Option 1 on the dcesetup Main Menu, Option 3 on the
    

    Configuration Choice Menu.) 
    
    

    When the Master CDS server has been installed and configured, 
    

    press the  <RETURN>  key to continue configuring this system. 
    

    ********************************************************************
    

    Press <RETURN> to continue:
    

14. Don't press Return until after you create the CDS server on another system. Leave the dcesetup script and the security server machine running.

15. Go to the machine where you will configure the master CDS server.

This is the second phase of a split server configuration. You must have created a new cell and begun configuring the security server on another machine.

1. Log on to the system on which you want to install the CDS master server, and install DCE.

2. Use the dcesetup command to get the Main Menu and choose option 1 (Configure).

3. from the Configuration Choice Menu choose option 4 (Add Master CDS Server).

4. When prompted, verify the system time, to be within 4 minutes of the time on the security server, and accept the defaults for other time questions.

   At the prompt:

   Please enter the name of your DCE cell []
   

5. Type the name of the DCE cell you created on the first machine and press Return.

   At the prompt:

   Please enter your DCE hostname [2nd machine's name]:

6. Accept the default, the name of the machine you are configuring as CDS server, and press Return. If not available, name it according to OSF conventions.

   At the prompt:

   Will there be any DCE pre-R1.1 CDS servers in this cell? (y/n/?) [n]:

7. Accept the default.

   At the prompt:

   What is the hostname of the security Server for this cell? []:

8. Enter the hostname of the security server that you just configured

   NOTE: If the procedure cannot find the IP address for the host, you will be prompted for the address. Usually, when the procedure cannot find the IP address of the host, it indicates that you may have misspelled the name.

   At the prompts:

   Enter Principal Name: 
   Password:
   

9. Enter the Principal Name and Password you assigned in the security server.

   At the prompt:

   Do you need the Distributed Time Service? (y/n/?) [y]:
   

10. Press Return

    You may need to configure your LAN into multiple LANS

    At the prompt:

    Does this cell use multiple LANs? (y/n/?) [n]:
    

11. Accept the default.

    If you answer y, you are prompted:

    Please enter the name of your LAN (or  '?' for help) []:
    

    Enter the name of the LAN.

    If your LAN has not been defined in the namespace, you are asked whether you want to define it.

    The procedure configures the requested services, and then prompts you to complete the configuration of the security server on the other machine before continuing:

    ********************************************************************
    

    *    This system has now been configured as the Master CDS Server. *
    

    *                                                                  *
    

    *    Before continuing, complete the configuration of the Security *
    

    *    Server...                                                     *
    

    ********************************************************************
    

    Press  <RETURN>  to continue:
    

12. Press Return

    The DCE Setup Main Menu is displayed.

13. Return to the system on which you configured the security server.

This is the third, and final, phase of a split server configuration. You must have created a new cell and begun configuring the master security server on one machine. Then you created a master CDS server on another machine. Now you will complete the security server configuration on the first machine.

1. Return to the system on which you configured the security server and press the Return key. The following prompt appears:

   What is the hostname of the Master CDS Server for this cell [ ]:
   

2. Provide the hostname of the system you just configured as the master CDS server for this cell. After you enter the hostname of the master CDS server, the following prompt is displayed:

   Can myhost broadcast to cds_master_server? (y/n/?) [y]:
   

   If you respond n to this prompt, the procedure asks you to specify the IP address of the CDS server. You can find the IP address by performing an nslookup operation for the hostname.

3. At prompts, enter the Principal Name and Password

   The script displays the configuration status, then returns to the DCE Setup Main Menu. The split server configuration is complete. You can verify each server's configuration using the Main Menu's option 2 (Show).

>>> NOT NOW, RIGHT ? ? ? >>The procedure asks whether you want to run the configuration verification program:

Do you want to run the DCE Configuration Verification Program? (y/n) [y]:

You can run the CVP now by answering y, or you can run the CVP at a later time by answering n. The procedure completes the configuration and returns to the DCE Setup Main Menu. Choose option 2 (Show DCE configuration and active daemons) from the DCE Setup Main Menu to verify your configuration choices.< < <

4.5 Running the DCE Configuration Verification Program

After the DCE daemons have started, you can run the DCE Configuration Verification Program (CVP) to ensure that the DCE services are properly installed.

At the Main menu:

1. Enter option 8, CVP.

   The DCE Configuration Verification Program (CVP) requires approximately 1 to 2 minutes to run. It adds ten dots as it completes.

   Verifying...........
   

   ...CVP completed successfully
   

2. Press <Return>

   The DCE Setup Main Menu appears again.

After you run the CVP, the configuration procedure updates your system startup procedure so that the daemons restart automatically whenever the system is rebooted.

[Previous] [Next] [Contents] [Index]

To make comments or ask for help, contact support@entegrity.com.

Copyright © 2001-2004 Entegrity Solutions Corporation & its subsidiaries