Entegrity DCE and DFS for HP Tru64 UNIX
Installation and Configuration Guide

Software Version 4.3.1

3 — Configuring DCE


[Previous] [Next] [Contents] [Index]


3.1 Overview of New Cell Configuration

The following steps explain how to create a cell and configure the Security server and CDS server on the same system.

  1. To begin your initial cell creation and server configuration, log in as root and invoke dcesetup (/usr/sbin/dcesetup). If you are not logged in as root, the dcesetup utility can perform only the Show and Version choices. The dcesetup utility displays the following menu:

                 ***  DCE Setup Main Menu  ***
    

                     Version V4.0(Rev. 635)
    

    
    

    1)  Configure         Configure DCE services on this system
    

    2)  Show              Show DCE configuration and active daemons
    

    3)  Stop              Terminate all active DCE daemons
    

    4)  Start             Start all DCE daemons
    

    5)  Restart           Terminate and restart all DCE daemons
    

    6)  Clean             Terminate all active DCE daemons and remove
    

                          all temporary local DCE databases
    

    7)  Clobber           Terminate all active DCE daemons and remove
    

                          all permanent local DCE databases
    

    8)  CVP               Run Configuration Verification Program
    

    9)  Version           Show DCE Version number
    

    X)  Exit
    

    
    

    Please enter your selection:
    

    NOTE: For troubleshooting during configuration, open an additional window after you invoke dcesetup, and enter the following command: # tail -f /opt/dcelocal/dcesetup.log This window allows you to track the configuration procedure as it executes. The file dcesetup.log captures most configuration errors. If you are not logged in as root, the log file is named /tmp/dcesetup .username.log.

  2. If you are creating a new cell or adding a CDS server, choose option 3 (Terminate all active DCE daemons) to stop the DCE daemons in a controlled manner. Be sure to back up your security and CDS databases before proceeding if this has not been done.

  3. Choose option 1 from the DCE Setup Main Menu to configure DCE services on your system. You must have system privileges to modify the DCE system configuration.

    The procedure displays the following menu:

    					  ***  Configuration Choice Menu  ***
    

    
    

            1) Configure this system as a DCE Client
    

            2) Create a new DCE cell
    

            3) Add Master CDS server
    

            4) Configure DCE Distributed File Service (DFS)
    

            5) Modify DCE Cell Configuration
    

            6) Configure this system for RPC only
    

            7) Configure DCE in TruCluster
    

            R) Return to previous menu
    

    
    

    Please enter your selection (or '?' for help):
    

  4. Choose option 2 to create a new DCE cell.

  5. At each prompt, you can press <Return> to take the default displayed in brackets or enter a question mark (?) for help. When prompted, select a cell name and hostname; the name is used again when you configure DCE client systems.

  6. The configuration utility asks if you want to configure the host as a CDS server. Answer yes to configure the CDS and security servers on the same system. Answer no to perform a split server installation in which you configure the security server on the current host and the CDS server on a different host.

  7. If you answered yes to configure the CDS and security servers on the same system, the utility asks:

    Will there be any DCE pre-R1.1 CDS servers in this cell? (y/n/?) [n]:
    

    If your cell will be running any CDS servers based on OSF DCE Release 1.0.3a or lower (equivalent to DCE for DIGITAL UNIX Version 1.3b or lower), you should answer yes. The configuration utility sets the directory version number to 3.0 for compatibility with pre-R1.1 servers. This setting disables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on.

    If all CDS servers in your cell will be based on DCE for Tru64 UNIX Version 2.0 (or higher) and based on OSF DCE Release 1.1 (or higher), answer no.

    The configuration utility sets the directory version number to 4.0 for compatibility with DCE for Tru64 UNIX Version 2.0 (or higher) CDS servers (OSF DCE Releases 1.1 and 1.2.2). This enables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on, and OSF DCE Release 1.2.2 features. Once the directory version is set to 4.0, you cannot set it back to 3.0.

  8. You are prompted to confirm the system time; it is important that you check the current time before you respond.

  9. If DECnet/OSI is installed on your system, the configuration utility displays the following message and then asks several questions about configuring a DCE Distributed Time Service server on your system.

    You seem to have DECnet/OSI installed on this system. DECnet/OSI includes 
    a distributed time synchronization service (DECdts), which does not 
    currently support the DCE Distributed Time Service (DCE DTS) 
    functionality. The DCE DTS in this release provides full DECdts 
    functionality.  This installation will stop DECdts and use DCE DTS 
    instead.  For further clarification, please consult the DCE for Tru64 UNIX 
    Product Guide.
    

    Even though DCE DTS will be used, it is possible to accept time from 
    DECdts servers.
    

    Should this node accept time from DECdts servers? (y/n) [n]:
    

    Do you want this system to be a DTS Server (y/n/?) [y]:
    

    Do you want this system to be a DTS Global Server (y/n/?) [n]:
    

    Does this cell use multiple LANs? (y/n/?) [n]:
    

    Answer the questions appropriately.

  10. The configuration utility asks whether you want to run this system as a PKSS server. Answering yes configures the system to run as a PKSS server.

    Do you want this system to be a PKSS server (y/n/?) [y]
    

  11. The dcesetup configuration utility asks whether you want to enable DCE SIA (Security Integration Architecture). The default answer is no. Answering yes configures security-sensitive commands such as login, su, telnet, ftp, and so on, to perform DCE authentication in addition to usual local security operations performed by these commands. For more information about DCE SIA, refer to the Entegrity DCE for Tru64 UNIX Product Guide.

    Do you want to enable DCE SIA? (y/n/?) [n]:
    

  12. The configuration utility asks if you want to run the MIT Kerberos 5 services on this machine. A yes answer runs the configuration utility and (optionally) installs the `Kerberized' version of telnet, rsh, and rlogin on the system.

    Do you intend to run MIT Kerberos 5 services on this machine? [y] 
    

  13. The configuration utility asks if you want to configure the LDAP name service on this system. A yes answer prompts the question, "Do you want to configure the system as an LDAP client?" and requires that you enter further information regarding LDAP services.

    Do you want to configure the LDAP name service? (y/n/?) [n]
    

  14. The configuration utility asks if you want to configure gdad to use LDAP. (gdad is the daemon for Global Directory Agent.)

    Do you want to configure gdad to use LDAP? (y/n/?) [n] 
    

  15. Next, the screen displays your selections and asks whether to save them as your DCE system configuration. Answer yes.

  16. After the gda daemon is started, you are prompted to run the DCE Configuration Verification Program (CVP). Press <Return> to start the CVP. After the procedure runs the CVP, the procedure automatically updates the system startup procedure so the daemons restart automatically whenever the system is rebooted.

  17. To verify that all requested services are configured, choose option 2 (Show DCE configuration and active daemons) from the DCE Setup Main Menu. The screen displays all configured DCE services and active DCE daemons.

You have completed creating a cell.

3.2 Configuring Your System as a DCE Client with Runtime Services

If you want to add your system to an existing cell:

  1. Choose option 1 (Configure this system as a DCE Client) from the Configuration Choice Menu. This option configures the runtime services subset on your system.

    NOTE: During initial DCE client configuration, the client software may have problems locating the Cell Directory Service server if the Internet protocol netmask for your client machine is not consistent with the netmask used by other machines operating on the same LAN segment. You might need to consult with your network administrator to determine the correct value to use as a netmask on your network.

    When you choose option 1, the procedure displays the following messages:

    At each prompt, enter <RETURN> to take the default displayed in [braces] 
    or enter '?' for help.
    

    Press <RETURN> to continue:
    

    Shutting down DCE services
    

    DCE services stopped
    

    Removing temporary local DCE databases and configuration files
    

    Removing permanent local DCE databases and configuration files
    

        Starting client configuration
    

            Initializing dced (dced)...
    

            Starting dced (dced)...
    

    The configuration utility asks whether to search the LAN for known cells within broadcast range of your system.

    Would you like to search the LAN for known cells? (y/n) [y] :
    

  2. If you know the name of your DCE cell, answer no. As prompted, supply the name of your DCE cell, your DCE hostname, and the hostname of your cell's master CDS server. You also need to specify whether your host can broadcast to the host where the master CDS server is installed.

    Answer yes to see a list of available DCE cells. As prompted, supply your DCE hostname. At the next prompt, supply the appropriate DCE cell name from the list.

            Gathering list of currently accessible cells
    

    Please enter your DCE hostname [dcehost]:
    

    The following cells were discovered within broadcast range of this 
    system:
    

            buster_cell
    

            kauai_cell
    

            myhost_cell
    

            tahoe_cell
    

    Please enter the name of your DCE cell
    

    (or '?' for help) [buster_cell]: myhost_cell
    

    If you do not know the name of the cell you wish to join, consult your network administrator. Do not add the /.../ prefix to the cell name; the procedure automatically adds it.

    The prompt might contain a cell name which is the last configured cell name for this host or the first cell name from the alphabetical list of available cells. If you enter a cell name that is not on the list of cell names, the procedure assumes you are performing a WAN configuration, and asks you to enter the hostname of the master CDS server for your cell.

    After you enter your cell name, the procedure continues, displaying information similar to the following, but dependent upon your configuration:

            Stopping dced...
    

            Initializing dced (dced)...
    

            Starting dced (dced)...
    

            Starting CDS advertiser daemon (cdsadv)...
    

            Testing access to CDS clerk (please wait).....
    

            Attempting to locate security server
    

            Found security server
    

            Creating /opt/dcelocal/etc/security/pe_site file
    

            Checking local system time
    

            Looking for DTS servers in this LAN
    

            Found DTS server
    

        The local system time is: Wed Mar 11 12:01:14 1998
    

    Is this time correct?  (y/n):
    

  3. Make sure you check that the correct time is displayed before you continue with the configuration.

  4. If the time is incorrect, specify no, and the procedure exits to the operating system to allow you to reset the system time. After you correct or verify the time, specify yes, and the procedure resumes.

    If DECnet/OSI is installed on your system, the configuration utility displays the following message and then asks several questions about configuring a DCE Distributed Time Service server on your system.

    You seem to have DECnet/OSI installed on this system. DECnet/OSI includes 
    a distributed time synchronization service (DECdts), which does not 
    currently support the DCE Distributed Time Service (DCE DTS) 
    functionality.  The DCE DTS in this release provides full DECdts 
    functionality.  This installation will stop DECdts and use DCE DTS 
    instead.  For further clarification, please consult the DCE for Tru64 UNIX 
    Product Guide. 
    

    Even though DCE DTS will be used, it is possible to accept time from 
    DECdts servers.
    

    Should this node accept time from DECdts servers? (y/n) [n]:
    

  5. Specify yes to accept time from any DECnet/OSI DECdts server; however, time from this source is unauthenticated. If you specify no, this system accepts time only from DCE time servers.

    If DECnet/OSI is not installed on your system, the configuration utility omits the previous DECdts questions and instead, asks:

    Do you need the Distributed Time Service (y/n/?) [y]:
    

  6. Answer yes to configure the host as a DTS client.

  7. If you want to use DCE Security Integration Architecture (SIA), specify yes to the following:

    Do you want to enable DCE SIA? (y/n/?) [n]:
    

    After you respond to the prompt, the procedure stops the CDS advertiser and asks you to perform a dce_login operation, as follows:

            Stopping dcesetup...
    

    This operation requires that you be authenticated as a member of the 
    sec-admin group.  Please login.
    

        Enter Principal Name: cell_admin
    

        Password:
    

    Obtain the password from your system administrator. After you perform the dce_login operation, the procedure begins configuring the security client software. If this system was previously configured as a DCE client or your cell has another host with the same name, the configuration utility also displays a list of client principals that already exist for this system and asks whether to delete the principals.

  8. You must delete these principals to continue with the configuration.

    Configuring security client
    

            Creating /krb5/krb.conf file
    

            Adding kerberos5 entry to /etc/services
    

    The following principal(s) already exist under /hosts/dcehost/:
    

            hosts/dcehost/self
    

    Do you wish to delete these principals? (y/n/?) [y]:
    

            Deleting client principals
    

            Creating ktab entry for client
    

            Stopping dced...
    

            Initializing dced (dced)...
    

            Starting dced (dced)...
    

            Starting sec_client service (please wait).
    

        This machine is now a security client.
    

  9. If your cell uses multiple LANs, you are prompted with the next question:

    Please enter the name of your LAN (or '?' for help) []:
    

    If your LAN has not been defined in the namespace, you are asked whether you want to define it.

  10. The configuration utility asks whether you want to configure gdad to connect to LDAP.

    Do you want to configure gdad to use LDAP? (y/n/?) [n]:
    

  11. The procedure configures the requested services, and then prompts you to complete the configuration of the security server on the other machine before continuing:

    Configuring CDS client
    

            Creating the cds.conf file
    

            Starting CDS advertiser daemon (cdsadv)...
    

            Testing access to CDS server (please wait).
    

            Deleting known hosts/dcehost objects from name space
    

            Creating hosts/dcehost objects in name space
    

    This machine is now a CDS client.
    

            Stopping sec_client service...
    

            Starting sec_client service (please wait).
    

            Modifying acls on /.:/hosts/dcehost/config
    

                secval
    

                xattrschema
    

                srvrexec
    

                keytab
    

                keytab/self
    

                hostdata
    

                hostdata/dce_cf.db
    

                hostdata/cell_name
    

                hostdata/pe_site
    

                hostdata/cds_attributes
    

                hostdata/cds_globalnames
    

                hostdata/host_name
    

                hostdata/cell_aliases
    

                hostdata/post_processors
    

                hostdata/svc_routing
    

                hostdata/cds.conf
    

                hostdata/passwd_override
    

                hostdata/group_override
    

                hostdata/krb.conf
    

                srvrconf
    

        Configuring DTS daemon as client (dtsd)
    

            Starting DTS daemon (dtsd)...
    

            Waiting for DTS daemon to synchronize (please wait)
    

        This machine is now a DTS clerk.
    

        Configuring Kerberos and telnetd
    

    Enabling DCE SIA....
    

    Do you want to run the DCE Configuration Verification Program? (y/n) [y]:
    

    The DCE Configuration Verification Program (CVP) exercises the components of DCE that are running in this cell. It requires approximately 1 to 2 minutes to run.

    If you type yes to run the CVP at this time, you see the following display:

Executing DIGITAL DCE V4.0 (Rev. 635) for DIGITAL UNIX CVP (please wait)

Copyright (c) Digital Equipment Corporation. 1998. All Rights Reserved.

Verifying...........

DIGITAL DCE V4.0 (Rev. 635) for DIGITAL UNIX CVP completed successfully

Modifying system startup procedure...

The DCE components that you have configured are added to your system startup procedure so the daemons restart automatically whenever the system is rebooted. When the procedure is completed, the DCE Setup Main Menu appears again.

If the client system and a CDS server are on the same subnet, the client can automatically locate the CDS server. In this case, the client configuration is complete.

However, if the client system does not share a subnet with a CDS server, you must manually enter a CDS server's location information into the client's CDS cache.

  1. Press X to exit dcesetup.

  2. Then enter CDS server location information into the client's CDS cache.

    #  dcecp -c cdscache create  <name> -binding <protseq>:<ip_addr>
    

    where

    <name> is the simple name of the cached server machine.

    <protseq> is a CDS server's protocol sequence.

    <ip_addr> is the Internet Protocol address of <name>.

    For example:

     #   dcecp -c cdscache create pelican  \ 
    

    -binding ncacn_ip_tcp:16.20.15.25
    

3.3 Configuring DCE Clients in a Cluster

The configuration script will prompt you once, at the beginning, concerning the following items. The script will use that information repeatedly, at the configuration of every member.

Before configuration, be ready to answer the following:

3.3.1 Configuring Time Services

Do not configure DTS in a cluster. TruClusters use the NTP time service to maintain clock synchronization between cluster members. Be sure the cluster and the DCE cell's DTS servers obtain time from the same NTP time source. Make sure that the clock reference for the cluster is within three minutes of the DCE cell clock time. This will prevent time related problems either during client configuration or operation.

3.3.2 Configuring Cluster Members

NOTE: Before configuring a DCE client on Sierra Cluster 2.0, be sure to refer to section 9.4 of the Compaq Alpha ServerTM SC 2.0 Installation Guide. Follow that guide to make sure the local /tmp directory is available before you start configuration.

  1. Navigate to the Configure DCE in TruCluster Menu as in the first steps of Section 3.1

    You must be logged in as root to configure your DCE system.

    Invoke dcesetup,

     	 #  /usr/sbin/dcesetup  
    

    
    

    At the DCE Setup Main Menu, choose option 1:

    	 Configure DCE services on this system
    

    
    

    At the Configuration Choice Menu, choose option 7:

    	 Configure DCE in TruCluster 
    

    
    

    At the Cluster Configuration Choice Menu, choose option 2:

    	 1) Configure this member as a DCE Client
    

    	 2) Configure all cluster members as DCE Clients
    

    	 R) Return to previous menu
    

    	 Please enter your selection (or `?' for help)
    

    
    

    General directions follow. Have the answers ready, from the four questions listed above. For information about determining these names, see your cell administrator or Chapter 2.1 on page 57

    
    

    At each prompt, enter <RETURN> to take the default displayed in [braces]
    

    or enter `?' for help.
    

    In the following example (for only configuring DCE), where defaults were overridden, the choice taken shows to the right of the colon. Where the braces are empty, provide your answers, then enter <RETURN> .

    Press <RETURN> to continue:

    Beginning of remote client configuration
    

  2. Enter your decisions.

    Please enter the name of your DCE cell [] : t40g_test_cell
    

    What is the hostname of the Master CDS Server for this cell []: reeses
    

    
    

    Do you want to enable DCE SIA? (y/n/?) [n]: 
    

    Do you intend to run MIT Kerberos 5 services on this machine [y] : n
    

    Does this cell use multiple LANs? (y/n/?) [n]: 
    

    Do you want to configure this host as an LDAP client? (y/n/?) [n]: 
    

    Do you wish to overwrite existing DCE configurations on ALL cluster 
    members? (y/n) 
    

    [y]:  
    

  3. Enter your Principal Name and Password.

    Remote configuration requires that you be authenticated as a member
    

    of the sec-admin group. Please supply the principal and password.
    

    
    

         Enter Principal Name: cell_admin
    

         Password: 
    

  4. Choose to verify configuration after each client.

    Do you want to run the DCE Configuration Verification Program after 
    configuring each 
    

    client? (y/n/?) [y]: 
    

    
    

         Configuration Options
    

    
    

    Cell name:                       t40g_test_cell
    

    CDS server machine:              reeses
    

    CDS server IP:                   204.164.67.165
    

    SIA:                             DISABLED
    

    SIA forwarding:                  DISABLED
    

    KRB services:                    DISABLED
    

    Single LAN cell
    

    LDAP client:                     DISABLED
    

    Remote configuration overwrite:  YES
    

    Cell admin account:              cell_admin
    

    Cell admin password:             -dce-
    

    Run CVP after configuration:     YES
    

    
    

    Confirm the configuration choices (y/n) [y] : y
    

    
    

  5. Confirm or reject the Configuration Options.

    The configuration script (Example is only configuring DCE) reports the progress as follows:

    Configuring Cluster Member: clu1
    

    clu1:       
    

    clu1:       Remote configuring machine into DCE cell: t40g_test_cell
    

    clu1:       
    

    clu1:       Cleaning up any old configuration information
    

    clu1:       
    

    clu1:       
    

    clu1:           Shutting down DCE services
    

    clu1:       
    

    clu1:           DCE services stopped
    

    clu1:       
    

    clu1:           Removing temporary local DCE databases and configuration 
    files
    

    clu1:       
    

    clu1:           Removing permanent local DCE databases and configuration 
    files
    

    clu1:       
    

    clu1:           Starting remote client configuration
    

    clu1:               Initializing dced (dced)...
    

    clu1:               Starting dced (dced)...
    

    clu1:               Configuring PKSS client...
    

    clu1:               Starting CDS advertiser daemon (cdsadv)...
    

    clu1:       
    

    clu1:               Attempting to locate security server
    

    clu1:               Found security server
    

    clu1:               Creating /opt/dcelocal/etc/security/pe_site file
    

    clu1:               Checking local system time
    

    clu1:               Looking for DTS servers in the LAN profile
    

    clu1:               Looking for Global DTS servers in this cell
    

    clu1:               No DTS servers found in cell
    

    clu1:               (If you have other LAN profiles, DTS servers may still 
    be available)
    

    clu1:       
    

    clu1:       
    

    clu1:               Stopping cdsadv...
    

    clu1:       
    

    clu1:           Configuring security client
    

    clu1:               Creating /krb5/krb.conf file
    

    clu1:               Adding kerberos5 entry to /etc/services
    

    clu1:               Creating ktab entry for client
    

    clu1:       
    

    clu1:               Stopping dced...
    

    clu1:               Initializing dced (dced)...
    

    clu1:               Starting dced (dced)...
    

    clu1:               Starting sec_client service (please wait) .
    

    clu1:       
    

    clu1:           This machine is now a security client.
    

    clu1:       
    

    clu1:           Configuring CDS client
    

    clu1:               Creating the cds.conf file
    

    clu1:               Starting CDS advertiser daemon (cdsadv)...
    

    clu1:               Testing access to CDS server (please wait) .
    

    clu1:               Creating hosts/clu1 objects in name space
    

    clu1:       
    

    clu1:           This machine is now a CDS client.
    

    clu1:               Stopping sec_client service...
    

    clu1:               Starting sec_client service (please wait) .
    

    clu1:       	Modifying acls on /.:/hosts/clu1/config
    

    clu1:       	    secval
    

    clu1:       	    xattrschema
    

    clu1:       	    srvrexec
    

    clu1:       	    keytab
    

    clu1:       	    keytab/self
    

    clu1:       	    hostdata
    

    clu1:       	    hostdata/dce_cf.db
    

    clu1:       	    hostdata/cell_name
    

    clu1:       	    hostdata/pe_site
    

    clu1:       	    hostdata/cds_attributes
    

    clu1:       	    hostdata/cds_globalnames
    

    clu1:       	    hostdata/host_name
    

    clu1:       	    hostdata/cell_aliases
    

    clu1:       	    hostdata/post_processors
    

    clu1:       	    hostdata/svc_routing
    

    clu1:       	    hostdata/krb.conf
    

    clu1:       	    hostdata/dfs-cache-info
    

    clu1:       	    hostdata/cds.conf
    

    clu1:       	    hostdata/passwd_override
    

    clu1:       	    hostdata/group_override
    

    clu1:       	    srvrconf
    

    clu1:       
    

    clu1:           Unconfiguring Kerberos...
    

    clu1:       
    

    clu1:           Executing Entegrity Gradient DCE V4.1 for Tru64 UNIX V5.1 
    (Rev. 
    

    1381) CVP (please wait) 
    

    clu1:           Copyright (c) Entegrity Solutions, Inc. 2001. All 
    RightsReserved
    

    clu1:           Copyright (c) Digital Equipment Corporation. 1996. All 
    Rights Reserved.
    

    clu1:           
    

    clu1:           Verifying...........
    

    clu1:       
    

    clu1:            Entegrity Gradient DCE V4.1 for Tru64 UNIX V5.1 (Rev. 
    1381) CVP completed successfully
    

    clu1:       
    

    clu1:           Modifying system startup procedure...
    

    clu1:       
    

    clu1:       Remote configuration completed
    

    Press <RETURN> to continue:
    

  6. Press <RETURN> to continue :

    The DCE components that you have configured are added to each of the cluster member's system startup procedure so the daemons restart automatically whenever the cluster member is rebooted. After all of the cluster members are configured, then the DCE Setup Main Menu appears again.

    
    

3.4 Split Server Configuration (Adding a Master CDS Server)

This section discusses a split server installation in which a new cell and the master security server are created on one system and the master CDS server is configured on another system. The master CDS server maintains the master replica of the cell root directory.

A split server configuration has four phases:

3.4.1 Creating a New Cell and Master Security Server

This is the first phase of a split server configuration. Begin this phase by creating the new cell on the machine where the master security server will reside.

  1. Choose option 2 (Create a new DCE cell) from the Configuration Choice Menu. Answer the prompts appropriately for the cellname and hostname. Then answer no at the following prompt:

    Do you wish to configure myhost as a CDS server?  (y/n/?) [y]: n
    

  2. Verify the system time at the following message and prompt:

    *********************************************************
    

    * If the system clocks on the machines running the      *
    

    * security and CDS servers differ more than one or two  *
    

    * minutes from other systems in the cell, configuration *
    

    * anomalies can occur. Since this system's time will be *
    

    * used as a reference, please make sure that the system *
    

    * time is correct.												        *
    

    *********************************************************
    

    System time for <myhost>: Wed Jun 12 13:39:24 EDT 1998
    

    Is this correct? (y/n/?):
    

    Make sure you validate the time before you specify yes. If the system time is incorrect, answer no; the configuration procedure exits to the operating system to allow you to correct the system time. You can then reconfigure.

    Do you need the Distributed Time Service? (y/n/?) [y]:
    

    If you will be using any distributed applications that depend on synchronized time, type yes or press <Return> to participate in the Distributed Time Service (DTS).

    The DECnet/OSI DECdts daemon (dtssd) and the DCE DTS daemon (dtsd) are incompatible and cannot be used on the same host. If your machine is running DECnet/OSI, the configuration procedure next displays the following message:

    You seem to have DECnet/OSI installed on this system.  DECnet/OSI includes 
    a distributed time synchronization service (DECdts), which does not 
    currently support the DCE Distributed Time Service (DCE DTS) 
    functionality.  The DCE DTS in this release provides full DECdts 
    functionality.  This installation will stop DECdts and use DCE DTS 
    instead.  For further clarification, please consult the DCE for Tru64 UNIX 
    Product Guide. 
    

    Even though DCE DTS will be used, it is possible to accept time from 
    DECdts servers.
    

    Should this node accept time from DECdts servers? (y/n) [n]:
    

    Specify yes to accept time from any DECdts server; however, time from this source is unauthenticated. If you specify no, this system accepts time only from DCE time servers.

    Do you want this system to be a DTS Server (y/n/?) [y]:
    

    Do you want this system to be a DTS Global Server (y/n/?) [n]:
    

    If DECnet/OSI is not installed, this system must be configured as either a DTS clerk or a DTS server. Briefly, there should be three DTS servers per cell.

  3. The configuration utility asks if you want to run this system as a PKSS server. Answering yes configures the system to run as a PKSS server.

    Do you want this system to be a PKSS Server (y/n/?) [y]:
    

  4. Next, the procedure asks whether to enable DCE Security Integration Architecture (SIA).

    Do you want to enable DCE SIA? (y/n/?) [n]:
    

  5. Next, the configuration utility asks if you want to run the MIT Kerberos 5 services on this machine. A yes answer will run the Kerberos config utility and (optionally) install the "Kerberized" version of telnet on the system.

    Do you intend to run MIT Kerberos 5 services on this machine [y] :
    

  6. The utility asks if you want to configure the LDAP name service on this system. A yes answer prompts a query to ask if you want to configure the system as a LDAP client and ask if you would enter further information regarding the LDAP services you want.

    Do you want to configure the LDAP name service? (y/n/?) [n]: 
    

  7. The configuration utility asks whether you want to configure gdad to use LDAP.

    Do you want to configure gdad to use LDAP? (y/n/?) [n]:
    

    After you respond to the last prompt, the following messages appear:

        DCE Cellname:  myhost_cell
    

        DCE Hostname:  myhost
    

        Use myhost as a CDS Server?   No
    

        Use myhost as the Security Server?   Yes
    

        Use dhaka as a DTS Local Server?   Yes
    

        Use myhost as the PKSS Server?   Yes
    

        Enable Kerberos 5 services?   Yes
    

        Enable DCE SIA?  No
    

        Enable LDAP GDA?   No
    

        Configure myhost as an LDAP client?   No
    

    Do you want to save this as your DCE system configuration? (y/n/?) [y]:
    

  8. Answer no to change your selections. Answer yes to accept your selections. The procedure configures myhost as a Security server and then prompts you to enter a keyseed value (enter several random keystrokes):

    *************************************************************
    

    *   Starting the security server requires that you supply   *
    

    *   a 'keyseed.'  When asked for a 'keyseed,' type some     *
    

    *   random, alphanumeric keystrokes, followed by RETURN.    *
    

    *   (You won't be required to remember what you type.)      *
    

    *************************************************************
    

    Enter keyseed for initial database master key:
    

  9. You are prompted to enter and then confirm the cell_admin password. Remember this password.

    Please type new password for cell_admin (or '?' for help):
    

    Type again to confirm:
    

    The procedure configures more services and then pauses for you to configure the master CDS server on another system.

    ********************************************************************
    

    This system has now been configured as a security server.
    

    Since you chose not to configure this system as a CDS server, you 
    

    must now configure another system as the Master CDS Server for this
    

    cell (Option 1 on the dcesetup Main Menu, Option 3 on the
    

    Configuration Choice Menu.) 
    

    When the Master CDS server has been installed and configured,  *
    

    press the  <RETURN>  key to continue configuring this system.  *
    

    ********************************************************************
    

  10. Go to the machine where you will configure the master CDS server.

3.4.2 Creating a Master CDS Server on Another System

This is the second phase of a split server configuration. You must have created a new cell and begun configuring the security server on another machine.

  1. Log on to the system on which you want to install the CDS master server, and choose option 3 (Add Master CDS Server) from the Configuration Choice Menu. The following messages appear:

    ******************************************************************
    

    *  If the system clocks on the machines running the security     *
    

    *  and CDS servers differ more than one or two minutes from      *
    

    *  other systems in the cell, configuration anomalies can occur. *
    

    *  Since this system's time will be used as a reference, please  *
    

    *  make sure that the system time is correct.                    *
    

    ******************************************************************
    

    System time for cdshost.abc.dec.com: Wed Jun 12 13:52:28 EDT 1998
    

    Is this correct? (y/n/?)
    

    Verify the correct time before answering yes.

  2. Answer the following prompts:

    Please enter the name of your DCE cell []:
    

    Please enter your DCE hostname [myhost2]:
    

    The procedure asks:

    Will there be any DCE pre-R1.1 CDS servers in this cell? (y/n/?) [n]:
    

    If your cell will be running any CDS servers based on OSF DCE Release 1.0.3a or lower, you should answer yes. The configuration utility sets the directory version number to 3.0 for compatibility with pre-R1.1 servers. This disables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on.

    If all CDS servers in your cell will be based on DCE for Tru64 UNIX Version 2.0 or higher (or an equivalent DCE version based on OSF DCE Release 1.1) answer no. The configuration utility sets the directory version number to 4.0 for compatibility with DCE for Tru64 UNIX (Version 2.0 or higher OSF DCE Release 1.1) CDS servers. This enables the use of OSF DCE Release 1.1 features such as cell aliasing, CDS delegation ACLs, and so on. Once the directory version is set to 4.0, you cannot set it back to 3.0.

    The procedure configures accordingly and prompts you to enter the hostname of the security server that you just configured.

    What is the hostname of the Security Server for this cell? []:

    The procedure continues with the following messages:

        Creating /opt/dcelocal/etc/security/pe_site file
    

    ***********************************************************
    

    *    Ensure the opt/dcelocal/etc/security/pe_site file    *
    

    *    matches that on the server.                          *
    

    ***********************************************************
    

    NOTE: If the procedure cannot find the IP address for the host, you will be prompted for the address. Usually, when the procedure cannot find the IP address of the host, it indicates that you may have misspelled the name.

    The procedure displays the following messages and asks you to perform a dce_login operation.

            Creating /krb5/krb.conf file
    

            Adding kerberos5 entry to /etc/services
    

    This operation requires that you be authenticated as a member
    

    of the sec-admin group.  Please login.
    

         Enter Principal Name:  cell_admin
    

         Password:
    

    The procedure continues, asking the same questions as when you configured the Security server.

    Do you need the Distributed Time Service? (y/n/?) [y]:
    

    If your machine is running DECnet/OSI, the configuration procedure next displays the following message:

    You seem to have DECnet/OSI installed on this system. DECnet/OSI includes 
    a distributed time synchronization service (DECdts), which does not 
    currently support the DCE Distributed Time Service (DCE DTS) 
    functionality. The DCE DTS in this release provides full DECdts 
    functionality.  This installation will stop DECdts and use DCE DTS 
    instead.  For further clarification, please consult the DCE for Tru64 UNIX 
    Product Guide.
    

    Even though DCE DTS will be used, it is possible to accept time from 
    DECdts servers.
    

    Should this node accept time from DECdts servers? (y/n) [n]:
    

  3. Specify yes to accept time from any DECnet/OSI DECdts server; however, time from this source is unauthenticated. If you specify no, this system accepts time only from DCE DTS servers.

  4. The procedure next asks whether you want your system to be a DTS local server:

    Do you want this system to be a DTS Local Server (y/n/?) [y]:
    

    NOTE: If you answer yes, this machine becomes a DTS local server; if you answer no, this machine does not become a DTS local server, and you should configure some other system as the DTS server. Entegrity recommends that you configure three DTS servers per cell. Next, the procedure asks whether your cell uses multiple LANs.

  5. The procedure next asks whether this cell uses multiple LANs:

    Does this cell use multiple LANs? (y/n/?) [n]:
    

    If your cell uses multiple LANs, you are prompted with the next question:

    Please enter the name of your LAN (or  '?' for help) []:
    

    If your LAN has not been defined in the namespace, you are asked whether you want to define it.

    The procedure configures the requested services, and then prompts you to complete the configuration of the security server on the other machine before continuing:

    ********************************************************************
    

    *    This system has now been configured as the Master CDS Server. *
    

    *                                                                  *
    

    *    Before continuing, complete the configuration of the Security *
    

    *    Server...                                                     *
    

    ********************************************************************
    

    Press  <RETURN>  to continue:
    

  6. Return to the system on which you configured the security server.

3.4.3 Completing the Security Server Configuration

This is the third phase of a split server configuration. You must have created a new cell and begun configuring the security server on one machine. Then you created a master CDS server on another machine. Now you will complete the security server configuration on the first machine.

  1. Return to the system on which you configured the security server and press the <Return> key. The following prompt appears:

    What is the hostname of the Master CDS Server for this cell [ ]:
    

  2. Provide the hostname of the system you just configured as the master CDS server for this cell. After you enter the hostname of the master CDS server, the following prompt is displayed:

    Can myhost broadcast to cds_master_server? (y/n/?) [y]:
    

    If you respond n to this prompt, the procedure asks you to specify the IP address of the CDS server. You can find the IP address either by performing a grep operation for the hostname in the /etc/host file, or by performing an nslookup operation for the hostname. Once it has been determined that myhost can broadcast to cds_master_server, the procedure displays the following messages and asks whether you want to run the configuration verification program. This operation requires that you be authenticated as a member of the sec-admin group. Please login.

         Enter Principal Name:  cell_admin
    

         Password:
    

        Configuring CDS client
    

            Creating the cds.conf file
    

            Starting CDS advertiser daemon (cdsadv)...
    

            Testing access to CDS server (please wait)....
    

            Creating hosts/myhost objects in name space
    

        Configuring DTS daemon as server (dtsd)
    

            Stopping sec_client service...
    

            Starting sec_client service (please wait).
    

            Starting DTS daemon (dtsd)...
    

            Waiting for DTS daemon to synchronize (please wait)
    

    If you enabled DCE SIA, the procedure also displays the following message:

            Enabling DCE SIA
    

    The procedure asks whether you want to run the configuration verification program:

    Do you want to run the DCE Configuration Verification Program? (y/n) [y]:
    

  3. You can run the CVP now by answering yes, or you can run the CVP at a later time by answering no. The procedure completes the configuration and returns to the DCE Setup Main Menu. Choose option 2 (Show DCE configuration and active daemons) from the DCE Setup Main Menu to verify your configuration choices.

  4. Return to the host on which you are configuring the master CDS server and complete the installation.

3.4.4 Completing the CDS Master Server Configuration

This is the fourth and final phase of a split server configuration. You must have created a new cell and begun configuring the security server on one machine. Then you created a master CDS server on another machine. You completed the security server configuration on the first machine. Now you will complete the CDS master server configuration.

Completion of this phase consists of running the configuration verification program:

Do you want to run the DCE Configuration Verification Program? (y/n) [y]:

You can run the CVP now by answering yes, or you can run the CVP at a later time by answering no. The procedure completes the configuration and returns to the DCE Setup Main Menu. Choose option 2 (Show DCE configuration and active daemons) from the DCE Setup Main Menu to verify your configuration choices.

3.5 Using DCE SIA Security

The Tru64 UNIX operating system provides two local security mechanisms: Berkeley Standard Distribution (BSD) security and C2 class security. The default Tru64 UNIX configuration has BSD security enabled.

When you use dcesetup to enable or disable SIA, an SIA configuration file, /etc/sia/matrix.conf, selects the appropriate configured security mechanism. This configuration file contains entries for a set of siad routines. The operating system is provided with a default matrix.conf file that contains only BSD entries. Layered products that choose to use another security mechanism must modify this configuration file.

Depending on how matrix.conf is set up on the local system, the SIA layer calls the corresponding siad routines in each of the configured mechanisms in order. Therefore, the siad_ses_init routine from DCE is called before the routine from BSD if the matrix.conf file includes the following line:

siad_ses_init=(DCE,/usr/shlib/libdcesiad.so),(BSD,libc.so)

3.5.1 Turning On DCE SIA

During the initial installation and configuration, you will be asked if you want to turn on DCE SIA (the default is "no"). Later, you can turn on DCE SIA security by choosing option 8 (Enable DCE SIA) from the Modify Configuration Menu. After you choose this option, dcesetup executes the shell script /opt/dcelocal/etc/sec_insert_dce_entries.sh to perform the following operations:

  1. Checks whether KRB5CCNAME exists in the /usr/lib/X11/xdm/xdm-config file on the local system. If it does exist, the script continues to step 3. If it does not exist, the script saves the original xdm-config file with the name xdm-config.sav n (where n is the next available number).

    NOTE: You are responsible for deleting all the .sav* files created by enabling or disabling DCE SIA.

  2. Adds KRB5CCNAME to the /usr/lib/X11/xdm/xdm-config file, so that the console login preserves the credential handle, KRB5CCNAME, after a successful login to DCE.

  3. Checks whether DCE entries exist in the matrix.conf file. If DCE entries exist, the script ends; if no entries exist, the script performs steps 4 and 5.

  4. Saves the original matrix.conf file with the name matrix.conf.sav n (where n is the next available number) in the /etc/sia directory.

  5. Inserts DCE entries for all siad routines in the matrix.conf file. For example, before modification, the entry might look as follows:

    siad_init=(BSD,libc.so)
    

    After modification, the new entry looks as follows:

    siad_init=(DCE,/usr/shlib/libdcesiad.so),(BSD,libc.so)
    

    where libdcesiad.so, installed by DCE, is a shared library containing all the DCE siad routines.

3.5.2 Turning Off DCE SIA Security

To turn off DCE SIA security, choose option 8 (Disable DCE SIA) from the Modify Configuration Menu. After you choose this option, dcesetup executes the /opt/dcelocal/etc/sec_remove_dce_entries.sh shell script to perform the following operations:

  1. Checks whether KRB5CCNAME exists in the /usr/lib/X11/xdm/xdm-config file on the local system. If it does not exist, the script continues to step 3. If it does exist, the script saves the original xdm-config file with the name xdm-config.sav n (where n is the next available number).

  2. Removes KRB5CCNAME in /usr/lib/X11/xdm/xdm-config.

  3. Checks whether DCE entries exist in the matrix.conf file. If they do not, the script ends; if they do exist, the script performs steps 4 and 5.

  4. Saves the matrix.conf file with the name matrix.conf.sav n (where n is the next available number) in the /etc/sia directory. (The script saves the existing configuration file instead of reusing the prior one that had DCE SIA turned off, in case other layered products have added their security mechanisms in the interim.)

    NOTE: You are responsible for deleting all the .sav* files created by enabling or disabling DCE SIA.

  5. Removes DCE entries from all siad routines in the matrix.conf file. For example, before modification, the entry might look as follows:

    siad_init=(DCE,/usr/shlib/libdcesiad.so),(BSD,libc.so)
    

    After modification, the new entry looks as follows:

    siad_init=(BSD,libc.so)
    

3.5.3 Managing Your SIA Environment with SIACFG

System administrators can use the SIACFG configuration program to display and resolve inconsistencies between UNIX account information stored in the DCE/Kerberos user database and corresponding information stored in the user database of the local machine.

You can activate SIACFG by using the following command :

siacfg [-l <file>] [-q ] [-o] [-C | -P]

SIACFG may be activated in command mode, by including either the -C or -P option on the command line, or in menu mode, by not including either option. In either mode, the optional -l, -q, and -o switches may be used to modify the behavior of SIACFG; the -q(uiet) switch reduces the amount of informational output produced by SIACFG, the -o(verride) switch causes any override entries that are created to include a password field, and the -l(og) switch, along with its argument, may be used to capture a record of an SIACFG session.

SIACFG captures the results of the database comparison and the conflict resolution choices made by the administrator in a persistent and modifiable form referred to as the "Normalization Plan". There are two commands available in command mode that can be used to manage the Normalization Plan: command C, "Compare and Create Normalization Plan", and command P, "Apply or Publish Normalization Plan." In menu mode, a third command M, "Modify Normalization Plan" allows an administrator to modify the existing plan. The administrator creates a plan using the C command, and refines it if necessary using the M command.

Once the administrator determines that the plan properly resolves the detected conflicts, the administrator employs the P command to create and install the password and group override files and create any DCE registry objects called for by the plan. Once a plan has been created, the conflict detection and resolution processing performed by the C command assumes that the existing plan has been applied, and detects only those conflicts that would not be resolved by the plan. The administrator may publish, retest for conflicts, modify, and republish. The SIACFG Normalization Plan is stored in the following files.

Overrides are configured in the following files.

3.5.4 SIA Credentials Forwarding

SIA (Security Integrated Architecture) mechanism now supports creation of forwardable credentials.

To enable SIA forwardable credential creation put the following into the

/opt/dcelocal/dce_services.db file

enable SIA forward

This change will take place on the next restart of DCE services.

3.5.5 Enhanced SIA Log Messages

Added enhanced log messages to the SIA library. To enable logging of SIA messages, perform the following step.

touch /opt/dcelocal/var/adm/security/sialog file

enable SIA forward

The sialog file will contain the output from the SIA DCE logging.

3.6 Migrating Your Cell

Some DCE cells may be running security or CDS servers on hosts with different versions of DCE. This might happen because a cell has DCE software from multiple vendors, each supplying upgrades at different times. Or perhaps upgrading all the hosts simultaneously is not feasible.

DCE for Tru64 UNIX Version 2.0 (or higher) security servers and CDS servers can interoperate with older servers (based on OSF DCE Release 1.0.3a, 1.0.2, and so on). However, new DCE security features associated with OSF DCE Release 1.1 and DCE Release 1.2.2 will generally not be available until all security server replicas in your cell are based on OSF DCE Release 1.1 and 1.2.2. Additionally, new CDS capabilities will not be available until all security servers and some or all CDS servers are based on OSF DCE Release 1.1 and 1.2.2.

If your cell contains older versions of security or CDS servers, you will need to migrate (gradually upgrade) older servers until all of them are running DCE server software based on OSF DCE Release 1.1 and 1.2.2. Once all security or CDS servers have been upgraded, you must perform some additional steps so that your servers can provide the new security and CDS capabilities.

Security servers and CDS servers use separate procedures to complete migration. Section 3.6.1 on page 91 provides the instructions for completing Security server migration. Section 3.6.2 on page 92 provides the instructions for completing CDS server migration.

3.6.1 Security Migration

After you install the new security server version on a host where an older version security replica (master or slave) exists, that replica will operate with the new security server, but with the behavior of the older version server.

A server based on OSF DCE 1.1 or higher cannot create a new replica and operate it as an older version replica. Once OSF DCE Release 1.1 or higher has been installed on all hosts that have security replicas, you must issue a single cell-wide command that simultaneously migrates all the replicas to operate at the level of DCE 1.1. At this point, the cell will support new security features such as extended registry attributes.

NOTE: Once you have migrated the security servers to DCE 1.1 or higher, it is not possible to create a replica on a host running an earlier version.

If all of the Security server replicas in your cell are based on OSF DCE Release 1.1 or higher, you can perform the final migration steps in this section.

NOTE: If your cell is still running any security servers based on a DCE release prior to OSF DCE Release 1.1, do not complete the upgrade steps in this section. The upgrade steps will advance some security database attributes. Older servers cannot operate on newer version databases.

Once you have installed and configured this version of Entegrity DCE for Tru64 UNIX Security servers in your cell, perform the following actions as cell administrator:

  1. Ensure that at least one security replica can write to the cell profile. Use the following operation to check the cell-profile ACL for: user:dce-rgy:rw-t---.

    #  dcecp -c acl show -io /.:/cell-profile
    

  2. On all Security servers, set the server version to: secd.dce.1.1.

    #  dcecp -c registry modify -version secd.dce.1.1 
    

  3. Verify that the version has been set to secd.dce.1.1.

    # dcecp -c registry show
    

    NOTE: If you have not updated all 1.0.3 security replicas to DCE 1.1, any original 1.0.3 replicas will be stopped when you move the registry version forward to DCE 1.1. You may wish to verify that any original 1.0.3 replicas are no longer running.

3.6.2 CDS Migration

If you have installed and configured this version of Entegrity DCE for Tru64 UNIX CDS servers in your cell, you might need to perform additional steps to complete the upgrade process.

If you created a new DCE cell and, during the dcesetup process, you set the default directory version information for each CDS server to Version 4.0, you do not need to perform the migration steps in this section.

If your cell is still running any security or CDS servers based on a DCE release prior to OSF DCE Release 1.1, do not complete the upgrade steps in this section. The upgrade steps will advance some security database and CDS directory attributes. Older servers cannot operate on newer version databases or directories.

Entegrity DCE for Tru64 UNIX features, such as hierarchical cells and cell aliasing features, will be available only when all of your cell's security and CDS servers are running DCE for Tru64 UNIX Version 2.0 or higher and the upgrade steps have been completed. Refer to the Entegrity DCE for Tru64 UNIX Product Guide and to the OSF DCE documentation for descriptions of available features.

Once the necessary DCE servers have been upgraded to DCE software based on OSF DCE Release 1.1 or higher, you can perform the migration steps in this section. The migration steps will enable the use of hierarchical cells, cell aliasing, and delegation.

NOTE: Directory version information can only be set forward. If you migrate a CDS server to OSF DCE 1.1 or higher behavior, you cannot revert that server to 1.0.3 behavior.

Once you have installed and configured Entegrity DCE for Tru64 UNIX security servers and CDS servers, perform the following actions as cell administrator:

  1. If you have not done so, perform the security migration steps in Section 3.6.1 on page 91.

  2. For all CDS clearinghouses manually update the CDS_UpgradeTo attribute to 4.0. The following two operations ensure that new directories created in this clearinghouse will receive the correct directory version number:

    # dcecp -c clearinghouse modify chname \
    -add \{CDS_UpgradeTo 4.0 \}
    # dcecp -c clearinghouse verify chname  
    

  3. Manually upgrade all older directory version information to 4.0 as follows:

    #   dcecp -c directory modify /.: -upgrade -tree 
    

    The -tree option operates recursively on all subdirectories (in this example, it operates on the entire cell). This command does not work unless all CDS servers housing the affected directories are running DCE for Tru64 UNIX Version (2.0 or higher). This command can take a long time to execute depending on the size of the namespace.

3.7 Running the DCE Configuration Verification Program

Once the DCE daemons are started, you can run the DCE Configuration Verification Program (CVP) to ensure that the DCE services are properly installed. The procedure prompts you with the following message:

Do you want to run the DCE Configuration Verification Program?(y/n)[y]:

If you type yes or press <Return>, the procedure indicates that the CVP is running.

Executing DIGITAL DCE V4.0 (Rev.635) for DIGITAL UNIX CVP (please wait)

Copyright (c) Digital Equipment Corporation. 1998. All Rights Reserved.

  Verifying...........

The CVP invokes tests of the 10 DCE RPC interfaces, printing a dot (.) as each test is successful. A completely successful test execution results in 10 dots printed in succession. When the CVP tests are completed successfully, you receive the following message:

DIGITAL DCE V4.0 (Rev. 635) for Compaq Tru64 UNIX CVP completed successfully

NOTE: You can repeat the CVP whenever you want by choosing option 8 (Run Configuration Verification Program) from the DCE Setup Main Menu.

After you run the CVP, the configuration procedure updates your system startup procedure so that the daemons restart automatically whenever the system is rebooted.

3.8 Error Recovery During Configuration

If the procedure encounters any errors during DCE system configuration, it displays error messages. Some errors are not fatal, and the procedure attempts to continue. Other errors are fatal, and the procedure terminates. If a fatal error is encountered while the procedure is starting the DCE daemons, the procedure attempts to stop any daemons that have already been started. This returns the system to its original state before you began the configuration.

If you receive an error message at any time while running the DCE System Configuration utility, you can get more detailed information about the cause of the error by examining the associated log file in /opt/dcelocal/dcesetup.log. (If dcesetup is run without root privileges, the log file will be located in tmp/dcesetup.username.log.) This log file contains a record of the operations invoked by the System Configuration utility the last time it was executed, and may help you diagnose the cause of the problem.

Sometimes the cause of an error is transitory and may not recur if you repeat the operation. Use the command /usr/sbin/dcesetup restart to retry if errors are encountered during the startup of the DCE daemons. For more information about this command, see the Entegrity DCE for Tru64 UNIX Product Guide.


[Previous] [Next] [Contents] [Index]


To make comments or ask for help, contact support@entegrity.com.

Copyright © 1997-2004 Entegrity Solutions Corporation & its subsidiaries