Table of Contents
Advertisement
1b When the command completes, copy the DAC_keystore file (from /tmp or wherever you
specified) to C:\Program Files\StillSecure\DAC\lib\ .
1c After copying the DAC_keystore file from the MS, delete the file from its temporary
location on the MS.
NOTE: Note that for each remote DAC host, this step must be repeated as each host
should have its own unique key.
2 Add a firewall rule to the ES or ESs to which the DAC host will be sending packets. On each
ES:
2a Enter the following command to dump the Lokkit iptables chain:
iptables -nvL RH-Lokkit-0-50-INPUT --line-numbers
2b Add a rule AFTER the RELATED, ESTABLISHED rule. The rule numbers are listed in
the first column of the output from the previous statement. For example, if the RELATED,
ESTABLISHED rule is rule 5, the INSERT command would look like the following:
iptables -I RH-Lokkit-0-50-INPUT 6 -p tcp --dport 8999 -s <DAC host IP> -m
state --state NEW -j ACCEPT
If you want this addition to survive a reboot, you must use the iptables-save
command and dump the iptables ruleset to /etc/sysconfig/iptables with the
following command:
/sbin/iptables-save > /etc/sysconfig/iptables
13.1.5 Adding Additional ESs
For this release, if you want to add additional ESs, you must install them manually. A future release
will expand the options in the installer to include multiple ESs.
To add additional interfaces to the DAC host:
Windows server
1 Open the DAC/conf/wrapper.conf file with a text editor.
1a Locate the Application Parameters section in the wrapper.conf file. You will see a list of
entries like the following:
wrapper.app.parameter.X
Where X is the numerical value representing the order in which the parameter will be
added to the command.
1b Add additional ESs:
304 Novell ZENworks Network Access Control Users Guide
1. Locate the line that represents the initial ES, for example:
wrapper.app.parameter.8=172.17.100.100
Advertisement
Table of Contents
