Avoiding Posix And Edirectory Duplications; The Problem; Three Examples - Novell OPEN ENTERPRISE SERVER - PLANNING AND IMPLEMENTATION GUIDE 12-2010 Implementation Manual

Planning and implementation guide

Hide thumbs Also See for OPEN ENTERPRISE SERVER - PLANNING AND IMPLEMENTATION GUIDE 12-2010:

Manual (78 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

Table of Contents

6.2 Avoiding POSIX and eDirectory Duplications

OES 2 servers can be accessed by



Local (POSIX) users that are created on the server itself.



eDirectory users that are given local access through Linux User Manager (LUM).

However, there are some issues you need to consider:



Section 6.2.1, "The Problem," on page 60



Section 6.2.2, "Three Examples," on page 60



Section 6.2.3, "Avoiding Duplication," on page 61

6.2.1 The Problem

There is no cross-checking between POSIX and eDirectory to prevent the creation of users or groups

with duplicate names.

When duplicate names occur, the resulting problems are very difficult to troubleshoot because

everything on both the eDirectory side and the POSIX side appears to be configured correctly. The

most common problem is that LUM-enabled users can't access data and services as expected but

other errors could surface as well.

Unless you are aware of the users and groups in both systems, especially those that are system-

created, you might easily create an invalid configuration on an OES 2 server.

6.2.2 Three Examples

The following examples illustrate the issue.



"The shadow Group" on page 60



"The users Group" on page 61



"Other Non-System Groups" on page 61

The shadow Group

There is a default

including the OES 2 QuickFinder server, but it has no relationship with Dynamic Storage

Technology (DST) and shadow volumes.

Because

shadow

enabled second group in eDirectory that is also named

choice for many administrators in conjunction with setting up shadow volume access for Samba/

CIFS users.

However, using this group name results in LUM-enabled users being denied access by POSIX,

which looks first to the local

eDirectory for a group named

OES 2 SP3: Planning and Implementation Guide

system-created group

named

is a local POSIX group, there is nothing to prevent you from creating a LUM-

group when determining access rights and only checks

shadow

if no local group is found.

shadow

that is used by certain Web-related services,

shadow

. In fact, this could be a logical name

shadow

Table of Contents

This manual is also suitable for:

Open enterprise server 2 sp3

Avoiding Posix And Edirectory Duplications; The Problem; Three Examples - Novell OPEN ENTERPRISE SERVER - PLANNING AND IMPLEMENTATION GUIDE 12-2010 Implementation Manual

6.2 Avoiding POSIX and eDirectory Duplications

6.2.1 The Problem

6.2.2 Three Examples

Related Manuals for Novell OPEN ENTERPRISE SERVER - PLANNING AND IMPLEMENTATION GUIDE 12-2010

Related Content for Novell OPEN ENTERPRISE SERVER - PLANNING AND IMPLEMENTATION GUIDE 12-2010

This manual is also suitable for:

Table of Contents