Page 1 AUTHORIZED DOCUMENTATION Administration Guide Novell ® iFolder ® December 2008 www.novell.com OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 2 Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Page 3 Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com Online Documentation: To access the online documentation for this and other Novell products, and to get updates, see The Novell Documentation Web page (http://www.novell.com/documentation).
Page 4 Novell Trademarks For a list of Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/ legal/trademarks/tmlist.html) Third-Party Materials All third-party trademarks are the property of their respective owners.
Page 5: Table Of Contents
Novell iFolder 3.7 Web Admin Console ........
Page 6 What’s New in Novell iFolder 3.7 (OES 2.0 SP1 Linux) ......
Page 7 Managing Certificate Change ......... . 86 Accessing iManager and the Novell iFolder Web Admin ......86 Provisioning Users, Groups and iFolder Services .
Page 8 Accessing the Novell iFolder Web Admin ........
Page 9 Novell iFolder with iChain and the Access Gateway ....... 171...
Page 10 Can the administrator control the ability to share files? ..... . 206 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 11 Clustering Novell iFolder Services ........
Page 12 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 13: About This Guide
Appendix A, “Troubleshooting Tips For Novell iFolder 3.7,” on page 163 Appendix B, “Caveats for Implementing iFolder 3.7 Services,” on page 169 Appendix C, “Clustering iFolder 3.7 Servers with Novell Cluster Services for Linux,” on page 173 Appendix D, “Decommissioning a Slave Server,” on page 183 Appendix E, “Configuration Files,”...
Page 14 Novell Linux Desktop 9 documentation (http://www.novell.com/documentation/nld/ treetitl.html) Novell Support (http://support.novell.com/support_options.html) Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark.
Page 15: Overview Of Novell Ifolder 3.7
Section 1.1.12, “LDAPGroup Support,” on page 18 1.1.1 Seamless Data Access Novell iFolder greatly simplifies the IT department’s ability to keep users productive. It empowers users by enabling their data to follow them wherever they go. The days of users e-mailing themselves project files so they can work on them from home are gone, along with the frustration associated with sorting through different versions of the same file on different machines.
Page 16: Data Safeguards And Data Recovery
1.1.2 Data Safeguards and Data Recovery With Novell iFolder, data stored on the server can be easily safeguarded from system crashes and disasters that can result in data loss. When a user saves a file to an iFolder on a local machine, the iFolder client can automatically update the data on the iFolder server, where it immediately becomes available for an organization’s regular network backup operations.
Page 17: Encryption Support
1.1.5 Productive Mobile Users A Novell iFolder solution makes it significantly easier to support mobile users. VPN connections are no longer needed to deliver secure data access to mobile users. Authentication and data transfer use Secure Sockets Layer (SSL) technology to protect data on the wire.
Page 18: Multi-Volume Support
IT personnel no longer need to condition or train users to perform special tasks to ensure the consistency of data stored locally and on the network. With Novell iFolder, users simply store their files in the local iFolder directory. Their files are automatically updated to the iFolder server and any other workstations that share the iFolder.
Page 19 All that the iFolder owner and iFolder members need is an active network connection and the iFolder client. Novell iFolder provides the following benefits: Guards against local data loss by automatically backing up local files to the iFolder server and multiple workstations Prevent unauthorized network access to sensitive iFolder files.
Page 20: Enterprise Server Sharing
1.4 Key Features of iFolder Section 1.4.1, “iFolder Enterprise Server,” on page 20 Section 1.4.2, “Novell iFolder 3.7 Web Admin Console,” on page 21 Section 1.4.3, “iFolder Web Access Console,” on page 21 Section 1.4.4, “The iFolder Client,” on page 21 Section 1.4.5, “Multi Server Support,”...
Page 21: Novell Ifolder 3.7 Web Admin Console
1.4.2 Novell iFolder 3.7 Web Admin Console The Novell iFolder 3.7 Web Admin is an administrative tool used to manage the iFolder system, user accounts, and user iFolders and data. 1.4.3 iFolder Web Access Console The iFolder 3.7 Web Access console provides the users an interface for remote access to iFolders on iFolder enterprise server.
Page 22: Ifolder Access Rights
Whenever iFolder connects to an enterprise server to synchronize files, it connects with HTTP BASIC and SSL connections to the server, and the server authenticates the user against the LDAP directory service. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 23: File Synchronization And Data Management
1.4.13 iFolder Client APIs As part of the iFolder project, APIs are available for the client. For iFolder Client developer documentation, see the iFolder Software Developers Kit (http://forge.novell.com/modules/xfmod/ docman/?group_id=1372). 1.5 What’s Next Before you install iFolder, review the following sections: “Planning iFolder Services”...
Page 24 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 25: Planning Ifolder Services
Planning iFolder Services ® ® This section discusses the planning considerations for providing Novell iFolder 3.7 services on Open Enterprise Server (OES) 2.0 Linux. Section 2.1, “Security Considerations,” on page 25 Section 2.2, “Server Workload Considerations,” on page 25 Section 2.3, “Naming Conventions for Usernames and Passwords,” on page 26 Section 2.4, “Admin User Considerations,”...
Page 26: Naming Conventions For Usernames And Passwords
2.3 Naming Conventions for Usernames and Passwords Section 2.3.1, “LDAP Naming Requirement,” on page 27 Section 2.3.2, “Length and Format Considerations for an LDAP Object,” on page 27 Section 2.3.3, “Multilingual Considerations,” on page 27 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 27: Ldap Naming Requirement
For information, see “Multilingual Considerations” (http://www.novell.com/documentation/edir88/ edir88/data/a2iiidp.html#a2iiie7) in the Novell eDirectory 8.8 Administration Guide. 2.4 Admin User Considerations During the iFolder install, iFolder creates two Administrator users, the iFolder Admin user and the iFolder Proxy user. After the install, you can also configure other users with the iFolder Admin right to make them equivalent to the iFolder Admin user.
Page 28: Ifolder Proxy User
IMPORTANT: Currently, the Proxy user password cannot be changed in the iFolder system. Ensure that you don’t change the password in the LDAP directory as well. Changing the password in the LDAP directory makes iFolder non-functional. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 29: Ifolder User Account Considerations
“Configuring Local Virus Scanner Settings for iFolder Traffic” in the OES 2 SP1: Novell iFolder 3.7 Cross-Platform User Guide. 2.5.2 Synchronizing User Accounts with LDAP You can specify any existing containers and groups in the Search DNs field of the iFolder LDAP settings.
Page 30: Synchronizing Ldapgroup Accounts With Ldap
If you intend to keep the LDAPGroup as an iFolder LDAPGroup without interruption of service and loss of memberships and data, the new container must be added as a Search DN before the LDAPGroup is moved. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 31: Setting Account Quotas
If the LDAPGroup is moved to a different container that is not specified as a Search DN before the LDAPGroup is moved, the LDAPGroup is removed from the iFolder LDAPGroup list. The LDAPGroup’s iFolders are orphaned and the LDAPGroup is removed as a member of iFolders owned by others.
Page 32: Guidelines For File Types And Sizes To Be Synchronized
If you do this, the GroupWise data files becomes corrupted after synchronizing the file a few times. GroupWise needs the files in the archive to be maintained as a set of files. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 33: Management Tools
2.7 Management Tools Use the following tools to manage the Novell iFolder 3.7 enterprise server and Web Access server. Section 2.7.1, “iFolder Configuration Plug-Ins for YaST,” on page 33 Section 2.7.2, “Novell iFolder Web Admin for Novell iManager 2.7,” on page 34 Section 2.7.3, “Web Access Configuration File,”...
Page 34: Novell Ifolder Web Admin For Novell Imanager 2.7
2.7.2 Novell iFolder Web Admin for Novell iManager 2.7 The Novell iFolder Web Admin is an administrative tool used to manage the iFolder system, user iFolder accounts, and user iFolders and data. For information about installing iManager, see the Novell iManager 2.7 Installation Guide...
Page 35: What's New In Novell Ifolder 3.7 (Oes 2.0 Sp1 Linux)
Novell iFolder 2.x. This section discusses the following: Section 3.1, “What’s New in Novell iFolder 3.7 (OES 2.0 SP1 Linux),” on page 35 Section 3.2, “What’s New in Novell iFolder 3.6 (OES 2.0 Linux),” on page 35 Section 3.3, “What’s New in Novell iFolder 3.2 (OES SP2 Linux),”...
Page 36: What's New In Novell Ifolder 3.2 (Oes Sp2 Linux)
3.4 What’s New in Novell iFolder 3.1 (OES SP1 Linux) The following features are new in iFolder 3.1 for OES SP1 Linux: Support for the iFolder data store on Novell Storage Services (NSS) volumes on Linux Support for Novell Cluster Services for Linux.
Page 37 Remote and Policy-Based Administration: Administrators manage iFolder services with the Novell iFolder 3 plug-in to Novell iManager, which is the central management console for Novell Open Enterprise Server. The tool supports policy-based management of the iFolder system, user accounts, and users’ iFolders.
Page 38 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 39: Comparison Of 2.X And 3.7 Server Features And Capabilities
Comparing Novell iFolder 2.x and ® ® This section compares the features and capabilities of Novell iFolder 3.7 on OES 2 SP1 Linux to Novell iFolder 2.x. Section 4.1, “Comparison of 2.x and 3.7 Server Features and Capabilities,” on page 39 Section 4.2, “Comparison of 2.x and 3.7 Client Features and Capabilities,”...
Page 40 An iFolder member can specify a quota for the iFolder on each client. The quota cannot exceed the iFolder’s quota or that user’s own quota for his or her account. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 41 Backup support to restore Entire iFolder contents must be Individual files, directories, and deleted files backed up and restored. iFolders are backed up. Comparing Novell iFolder 2.x and 3.7...
Page 42: Comparison Of 2.X And 3.7 Client Features And Capabilities
Use unencrypted on the client. Use third-party local encryption third-party local encryption options, if needed. options, if needed. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 43 Client with a Novell iFolder Feature or Capability Novell iFolder 2.x Client 3.7 Enterprise Server Create an iFolder Yes, by logging in to the server for Yes, by selecting any local the first time after being directory and making it an iFolder.
Page 44 Preferences tab. You can Disable the account in the remain logged in, and then Account window (deselect synchronization when you Enable Account) want with the Synchronization Now option. Passphrase Management Automated passphrase management. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 45: Comparison Of 2.X And 3.7 Web Access Features And Capabilities
Client with a Novell iFolder Feature or Capability Novell iFolder 2.x Client 3.7 Enterprise Server Remote access to iFolder data on Yes, using NetStorage. Yes, using iFolder 3.7 Web the server Access. Your administrator must configure NetStorage for iFolder services.
Page 46 An additional option is available to enable HTTPS(SSL) connection. WebDAV protocol support Yes, allows WebDAV clients, such as Microsoft Explorer, to seamlessly access folders and files on an iFolder 2.x server. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 47: File System
5.2 Enterprise Server IMPORTANT: Do not install any of the following service combinations on the same server. Although not all of the combinations cause pattern conflict warnings, Novell does not support any of the combinations shown below. Novell iFolder...
Page 48: Prerequisites For The Operating System
Section 5.2.5, “Installing the OES 2.0 Linux SP1 Server,” on page 50 5.2.1 Prerequisites for the Operating System Novell iFolder 3.7 is designed to work only on the Novell Open Enterprise Server (OES 2) SP1 for ® Linux platform, which is comprised of specific versions of the SUSE Linux Enterprise Server platform and the basic OES applications and services.
Page 49: Install Guidelines When Using A Linux Posix Volume To Store Ifolder Data
OES 2.0 Linux SP1(Minimum predefined server plus graphics support and NSS if desired) Novell eDirectory 8.8 (can be configured on a different OES 2.0 Linux SP1 server) Novell iManager 2.7 (can be configured on a different OES 2.0 Linux SP1 server) Novell iFolder 3.7 (typically post-installed on an OES 2.0 Linux SP1 server)
Page 50: Installing The Oes 2.0 Linux Sp1 Server
Access Protocol (LDAP) 3 and provides support for TLS/SSL services based on the OpenSSL source code. eDirectory is available as a component of Novell Open Enterprise Server. IMPORTANT: Ensure that you select Use eDirectory Certificate for HTTPS services option in the eDirectory configuration for a proper SSL communication between the iFolder master and the slave servers.
Page 51: Novell Imanager 2.7
OES Linux server, uninstall it before you install iFolder. Novell iFolder 3.7 supports only the version of Mono included in its install software. If you need to upgrade Mono for another reason, please check our online documentation to see if we explicitly support that version and to learn any necessary steps to make the upgrade work correctly.
Page 52: Web Browser
You need one or more of the following supported Web browsers on the computer you use to access iManager, Web Admin console, and Web Access console on the client computers: Mozilla* Firefox* 2.x Microsoft* Internet Explorer Safari* 3.0 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 53: Installing Ifolder On An Existing Oes 2 Linux Sp1 Server
Section 6.3, “Configuring the iFolder Web Access Server,” on page 71 Section 6.4, “Configuring the iFolder Web Admin Server,” on page 73 Section 6.5, “Installing the Novell iFolder 3 Plug-In for iManager,” on page 75 Section 6.6, “Recovery Agent Certificates,” on page 77 Section 6.7, “Accessing iManager and the Novell iFolder Web Admin,”...
Page 54 3 In the left menu, select Open Enterprise Server > OES Install and Configuration A window displays with the Open Enterprise Server Services and Server Role patterns under software selection. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 55: Deploying Ifolder Server
Section 6.4, “Configuring the iFolder Web Admin Server,” on page 73 6.2 Deploying iFolder Server ® ® This section describes how to configure Novell iFolder 3.7 servers in a Multi-server environment. Section 6.2.1, “Configuring the iFolder Enterprise Server,” on page 56 Section 6.2.2, “Configuring the iFolder Slave Server,”...
Page 56: Configuring The Ifolder Enterprise Server
4 Select Use Following Configuration and click Novell iFolder to change the default configuration settings for iFolder. If you decide to use default settings, click Next to start Novell iFolder 3 configuration. IMPORTANT: For security reasons, it is recommended that you always change the default iFolder configuration settings.
Page 57 TIP: If the iFolder configuration failed at any stage, refer to the file /var/log/YaST2/y2log to find the details on the failure that help you in analyzing and troubleshooting the issues. Install Settings Description iFolder components Select the iFolder components to be configured: Select the components you want to configure.
Page 58 After you configure the path to the Recovery Agent, you must load the Agent certificates to this location. For more information, see Section 6.6, “Recovery Agent Certificates,” on page OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 59 Install Settings Description Novell iFolder System Configuration Name of iFolder Server: Specify a unique name to identify your iFolder server. For example, IF3EastS iFolder public URL Host or IP Address: Specify the public URL to reach the iFolder server. IMPORTANT: You must specify the DNS name of the server as iFolder Public URL to connect the client to the server using a DNS name.
Page 60 IMPORTANT: If you are using a DSFW server, ensure that the iFolder Admin user and iFolder Proxy user are already present. You must use port 1389 for non-SSL communication and port 1636 for SSL communication. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 61 Install Settings Description Novell iFolder System Configuration The iFolder Default Administrator: Specify the username for the default iFolder Admin user. Use the full distinguished name of the iFolder Admin user. For example: cn=admin,o=acme . If the Active Directory is the LDAP source, ensure that the iFolder Admin user is created using Active Directory tools before specifying it here.
Page 62 LDAP server and the iFolder server. This option is selected by default. If the LDAP server co-exists on the same machine as the iFolder server, an administrator can disable SSL, which increases the performance of LDAP authentications. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 63 Install Settings Description iFolder Web Access Configuration An Apache alias that will point to the iFolder Web Access Application: Specify an Apache alias to point to the iFolder Web Admin application. This is an admin-friendly pointer for the Apache service. For example, /access The host or IP address of the iFolder server that will be used by the iFolder Web Access application: Specify the hostname or IP address of...
Page 64 6b Stop the Apache server by entering either of the following commands at the prompt: /etc/init.d/apache2 stop rcapache2 stop 6c Start Apache by entering either of the following commands at the prompt: OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 65: Configuring The Ifolder Slave Server
/etc/init.d/apache2 start rcapache2 start 7 Go to Novell iManager to install the Novell iFolder plug-in or to manage iFolder services. 8 If you are using an NSS volume to store user data, you must set up NSS file system trustee rights for the Web server user object before restarting your web server.
Page 66 If the path to the Recovery Agent is configured, you need to copy the Agent certificates to this location. For more information, see Section 6.6, “Recovery Agent Certificates,” on page OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 67 Install Settings Description Novell iFolder Name of iFolder Server: Specify a unique name to identify your iFolder System server. For example, IF3EastS Configuration iFolder Public URL: Specify the public URL to reach the iFolder server. iFolder Private URL: Specify the private URL corresponding to the iFolder server to allow communication between the servers within the iFolder domain.
Page 68 IMPORTANT: Ensure that the LDAP search context you have specified is present in the LDAP server. If the LDAP search context is not present, the iFolder installation fails. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 69 Install Settings Description Novell iFolder LDAP Naming Attribute: Select which LDAP attribute of the User System account to apply when authenticating users. Each user enters a Configuration Username in this specified format at login time. Common Name (cn) is the default and an e-mail address (e-mail) is the other option.
Page 70 /etc/init.d/apache2 start rcapache2 start 6 Go to Novell iManager to install the Novell iFolder plug-in or to manage iFolder services. 7 If you are using an NSS volume to store user data, you must set up NSS file system trustee rights for the Web server user object before restarting your web server.
Page 71: Managing Server Ip Change
6.2.3 Managing Server IP Change When you change the Novell OES 2 server IP address either through YaST or through command line, it does not automatically change the iFolder Service IP address. You can change the iFolder service IP address only by reconfiguring the iFolder service either through YaST or command line.
Page 72: Configuring Web Access
, then enter a password to log in as root. 2 Start YaST to refresh its list of installed configuration modules. 3 Click Novell iFolder in the window displays with Novell Open Enterprise Server Configuration. 4 Select iFolder Web Access.
Page 73: Configuring Ifolder Web Access For Ichain Or Accessgateway
, then enter a password to log in as root. 2 Change the directory by typing at the command prompt. cd /opt/novell/ifolder3/bin 3 Run ifolder-web-setup 4 Follow the on-screen instructions to proceed through the iFolder 3 Web Access configuration. The table summarizes the decisions you make.
Page 74 2 Start YaST to refresh its list of installed configuration modules. 3 Click Novell iFolder in the window displays with Novell Open Enterprise Server Configuration. 4 Click Next to start configuring the iFolder Web Admin. 5 In YaST, select iFolder Web Admin.
Page 75: Configuring Ifolder Web Admin For Ichain Or Accessgateway
Before you can manage Novell iFolder 3 services, you must install the iFolder iManager Module for Novell iManager 2.7. After it is installed, this plug-in is named Novell iFolder 3 in the iManager Roles and Tasks list. Make sure you meet prerequisites, then use one of the methods for installing the iFolder plug-in: Section 6.5.1, “Prerequisites,”...
Page 76: Prerequisites
6.5.1 Prerequisites Novell iManager 2.7 If you have not already done so, install Novell iManager 2.7 on the same or different server as your iFolder server. For information, see Novell iManager 2.7 Installation Guide (http:// www.novell.com/documentation/imanager25/imanager_install_25/data/hk42s9ot.html) Role-Based Services The iFolder 3 plug-in supports the optional use of Role Based Services (RBS) in Novell iManager.
Page 77: Installing A Plug-In When Rbs Is Configured
2 In the toolbar, click the Configure icon (person seated behind a desk). 3 In Roles and Tasks, expand Plug-in Installation, then click Available Novell Plug-In Modules. 4 Locate the iFolder iManager Module, select its plug-in check box, then click Install.
Page 78: Understanding Digital Certification
The CA guarantees the validity of the certificate in the specified period. The CPS usually requires the issuing OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 79: Creating A Yast-Based Ca
CA to create and distribute a new certificate before expiration. The extensions can contain any additional information. An application is only required to be able to evaluate an extension if it is identified as critical. If an application does not recognize a critical extension, it must reject the certificate.
Page 80 To confirm, re-enter it in the next field. Key Length (bit) Select the key length. You can choose a value between a minimum of 512 and a maximum of 2048. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 81: Creating Self-Signed Certificates Using Yast
CA Settings Descriptions Valid Period (days) The Valid Period in the case of a CA defaults to 3650 days (roughly ten years). This long period makes sense because the replacement of a deleted CA involves an enormous administrative effort. Advanced Options Advanced Options are very special options.
Page 82 Enter the name of the CA. E-Mail Address You can enter several e-mail addresses that a CA user can see. This is helpful for inquiries. Country Select the country where the CA is operated. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 83: Exporting Self-Signed Certificates
YaST displays the current settings for confirmation. For information on encryption, see “” in the OES 2 SP1: Novell iFolder 3.7 Cross-Platform User Guide “Using the Recovery Agent”...
Page 84: Exporting Self-Signed Private Key Certificates For Key Recovery
IMPORTANT: You must use a password different from the one you have used for certificate creation. 4 Specify a filename for the certificate you have created and click Browse to find a location to save the file. 5 Click OK to save the certificate. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 85: Using Keyrecovery To Recover The Data
This section help you understand the process followed by a Recovery agent to retrieve the key. 1 Go to the location where iFolder is installed. Platform Default Location of the Utility Linux /opt/novell/ifolder3/bin/KeyRecovery Windows C:/Program Files/iFolder/KeyRecovery.exe Macintosh /opt/novell/ifolder3/KeyRecovery 2 Run...
Page 86: Managing Certificate Change
6.7 Accessing iManager and the Novell iFolder Web Admin The Novell iFolder Web Admin is the tool used to manage your iFolder server. 1 Open a Web browser to the iManager Login page by entering the following location: http://servername.example.com/nps/iManager.html...
Page 87 Section 10.2, “Connecting to the iFolder Server,” on page 122. Novell iFolder 3.7 opens to the User page, which consists of a tabbed list of the main administrative functions that can be performed on iFolder domain. Installing and Configuring iFolder Services...
Page 88: Provisioning Users, Groups And Ifolder Services
6.8 Provisioning Users, Groups and iFolder Services After you configure your Novell iFolder 3.7 enterprise server, you must specify containers and groups as Search DNs in the LDAP settings. iFolder uses these to provision user and group accounts. You can provision users and iFolders through iFolder Web Admin console. For more information, see the following: Chapter 10, “Managing iFolder Services via Web Admin,”...
Page 89: Distributing The Ifolder Client To Users
-u <user DN> [-s <surname>] [-c <user password>] [-i <iFolder Home Server>] For example: ./iFolderLdapUserUpdate.sh -h ldaps://10.10.10.10 -d admin,o=novell -w secret -u cn=abc,o=novell -s xyz -c secret -i 10.10.10.10 6.9 Distributing the iFolder Client to Users After you configure iFolder services on the enterprise server, users can download the install files for the iFolder client from the OES 2 Welcome page.
Page 90 Section 6.10, “Using a Response File to Automatically Create iFolder Accounts,” on page 91 After expanding the install files, users are ready to install the iFolder client and its dependencies with the following files: OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 91: Installing The Ifolder Client
You can use a ® deployment manager such as Novell ZenWorks to automate the process of iFolder installation.To make the iFolder account creation simpler and automatic, with little or no user interaction, you can use the Auto-account creation feature.
Page 92: Response Files
Depending on the platform, the log configuration file is present in the following directory. Location of the Configuration File Table 6-5 Platform Location Linux $HOME/.local/share/simias Windows XP %USERPROFILE%\Local Settings\Application Data\simias Windows Vista %LOCALAPPDATA%/simias OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 93 Response File Parameters The following table gives the list of all parameters of the response file. All the parameters except Server and Username are optional. For optional fields, the default value is used when no explicit value is specified. Response File Parameters Table 6-6 Parameter Possible Values...
Page 94: Using A Response File To Deploying The Ifolder Client
Otherwise, the user must provide information for all the empty mandatory fields along with password when he or she logs in for the first time. OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 95: Updating Novell Ifolder 3.7
6.11 Updating Novell iFolder 3.7 As patches become available for iFolder 3.7 and the iFolder client, they are delivered to the OES ® Patch channel. Any iFolder server or client patches or updates can be installed through ZENworks ® Linux Management (formerly Red Carpet ) channels.
Page 96: Updating Mono For The Server And Client
IP address for the iFolder account has not changed. Users must also set up iFolders and share relationships again. 6.14 What’s Next You have now installed and configured your Novell iFolder 3.7 enterprise server and provisioned iFolder services for users. To set up system policies for iFolder services, continue with Chapter 10, “Managing iFolder Services via Web Admin,”...
Page 97 Provisioned iFolder users can install the Novell iFolder 3.6 client on their workstations, create iFolders, and share iFolders with other authorized Novell iFolder users. For information, see the OES 2 SP1: Novell iFolder 3.7 Cross-Platform User Guide. Installing and Configuring iFolder Services...
Page 98 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 99: Migrating Ifolder Services
The OES 2 Migration Tool has a plug-in architecture and is made up of Linux command line utilities with a GUI wrapper. You can migrate Novell iFolder 3.2 running on OES 1 Linux and iFolder 2.x on OES 1 Linux or on ®...
Page 100 100 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 101: Running Novell Ifolder In A Virtualized Environment
Running Novell iFolder in a Virtualized Environment Novell iFolder 3.7 runs in a virtualized environment just as it does on a physical server running OES 2 Linux SP1, and requires no special configuration or other changes. To get started with virtualization, see Introduction to Xen Virtualization (http://www.novell.com/...
Page 102 102 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 103: Managing An Ifolder Enterprise Server
Managing an iFolder Enterprise Server ® ® This section describes how to manage your Novell iFolder 3.7 enterprise server on Novell Open Enterprise Server platform. Section 9.1, “Starting iFolder Services,” on page 103 Section 9.2, “Stopping iFolder Services,” on page 103 Section 9.3, “Restarting iFolder Services,”...
Page 104: Managing The Simias Log And Simias Access Log
/> are overwritten. The log rolls over <maxSizeRollBackups sequentially until the maximum value=”number” /> number of backups are created, then overwrites the oldest log file. 104 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 105: Backing Up The Ifolder Server
Parameters Description Examples Level of Simias Services The type of messages or level of <level value="ERROR" /> messages detail you want to capture for the log. Valid levels include the <level value=”status” following: /> (Use only for the FATAL Simias.log ERROR WARN INFO...
Page 106: Recovering From A Catastrophic Loss Of The Ifolder Server
6 Notify users that they can return their saved files to their iFolders for upload to the server. Users should coordinate this with other shared members of the iFolder to avoid competing updates. 106 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 107: Using Tsaif To Back Up And Restore The Ifolder Store
9.7 Using TSAIF to Back Up and Restore the iFolder Store The Target Service Agent (TSA) for Novell iFolder 3.7 supports the back up of the iFolder store. Section 9.7.1, “Understanding TSAIF,” on page 107 Section 9.7.2, “Syntax,” on page 108 Section 9.7.3, “iFolder Path Options,”...
Page 108: Syntax
The paths for iFolder data objects are specified relative to the root of the iFolder store, using the syntax of the Network File System (NFS) namespace. iFolder paths are logical paths into an iFolder store and do not correspond directly to file system paths. 108 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 109 Parameter Description iFolder path such as the following: path /owner /owner/collection /owner/collection/relative-path owner owner-name.owner-id Collection owner name ( Simias.Storage.Collection.Owner.Name owner-name Collection owner ID ( owner-id Simias.Storage.Collection.Owner.ID collection-name.collection-id collection Collection name ( Simias.Storage.Collection.Name collection-name Collection ID ( collection-id Simias.Storage.Collection.ID Relative path such as relative-path file subdir...
Page 110: Ifolder Path Examples
This sets all read threads to completely process a data set before proceeding to another data set. The default value is 100. 110 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 111: Tsaif And Smsconfig Examples
Option Command This sets the maximum number of data sets that the TSA caches --ReadAheadThrottle simultaneously. This prevents the TSA from caching parts of data sets and enables complete caching of data sets instead. Use this switch along with the ReadThreadAllocation switch. The default value is 2.
Page 112: Tsaif And Nbackup Examples
The following examples show how to perform typical TSAIF backup and restore operations using NBackup. Backup or Restore Command Task Full backup nbackup -cvf full.sidf -U root -P password --target-type=ifolder / Full restore nbackup -xvf full.sidf -U root -P password --target-type=ifolder 112 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 113: Additional Information
Backup or Restore Command Task Owner backup nbackup -cvf owner.sidf -U root -P password --target-type=ifolder /owner Owner restore nbackup -xvf owner.sidf -U root -P password --target-type=ifolder Owner restore nbackup -xvf full.sidf -U root -P password from the full --target-type=ifolder --extract-dir=/owner backup file full.sidf iFolder backup...
Page 114: Recovering Ifolder Data From File System Backup
Upload the file to the iFolder. For example, upload . If MyFile MyiFolder/MyDir1/MyDir2/MyFile necessary, create the directory you want to restore, then upload the files in it. 114 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 115: Recovering Files And Directories From An Encrypted Ifolder
Other files or directories in the iFolder 2 On the iFolder server, use your normal file system restore procedures to restore the iFolder directory from backup to a temporary location. For example, restore /var/opt/novell/ifolder3/simias/SimiasFiles/62ba1844- 6987-47fc-83ab-84bbd5d6130b/MyiFolder/MyDir1/MyDir2/MyFile /tmp/MyFile For example, restore /var/simias/data/simias/SimiasFiles/62ba1844-6987-47fc-...
Page 116: Moving Ifolder Data From One Ifolder Server To Another
4 Install and configure iFolder on the target server, using the same configuration information and location as on the old computer, including the IP address. 5 In a terminal console on the target server, run ifolder-admin-setup ifolder-web- to generate public keys in the server. setup 116 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 117: Changing The Ip Address For Ifolder Services
When you reconfigure the iFolder services, you must ensure that the current data Store path is not changed. Changing the IP address of the Novell iFolder service also needs the Apache service to be restarted. Follow the steps given below to change the IP address through CLI.
Page 118: Using Ssl For Secure Communications
Remove from consideration any ciphers that do not authenticate, such as Anonymous Diffie- Hellman (ADH) ciphers. Use SSL 3.0, and disable SSL 2.0. Disable the Low, Export, and Null cipher suites. 118 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 119: Configuring The Enterprise Server For Ssl Communications With The Ldap Server
Without SSL encryption, the iFolder data is also sent in the clear. 1 Stop the Apache server: At a terminal console, enter /etc/init.d/apache2 stop 2 Go to and run /opt/novell/ifolder3/bin simias-server-setup 3 Select for the option. Enable SSL 4 Start Apache: At a terminal console, enter /etc/init.d/apache2 start...
Page 120: Configuring The Enterprise Server For Ssl Communications With The Web Access Server And Web Admin Server
Server for SSL Communications with the Enterprise Server,” on page 160. 9.11.6 Configuring an SSL Certificate for the Enterprise Server For information, see “Managing SSL Certificates for Apache” on page 197. 120 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 121: Managing Ifolder Services Via Web Admin
Section 10.7, “Securing Web Admin Server Communications,” on page 137 10.1 Accessing the Novell iFolder Web Admin Use the Novell iFolder Web Admin to manage the iFolder system, user accounts, and iFolders. 1 Open a Web browser to the following URL: https://svrname.example.com/nps/iManager.html...
Page 122: Connecting To The Ifolder Server
LDAP identity as your iManager Admin username, depending on how you configure your iFolder system. Log in with the iFolder Admin username and password for the target server. NOTE: You cannot manage Novell iFolder 2.x servers with the Novell iFolder 3 Web Admin. To connect to the iFolder server you want manage: 1 If you are not logged in to iManager, log in to iManager in a Web browser.
Page 123: Accessing Ifolder Web Admin Via Oes 2 Sp1 Welcome Page
Replace with the DNS name or the IP address (such as ifolder3.example.com ) of the Novell iFolder 3.7 enterprise server where you have an account. Ask 192.168.1.1 your iFolder Administrator for this information. 2 In the left navigator, click Management Services.
Page 124: Managing Web Admin Console
1 In the Web Admin console, click the iFolders tab. iFolders tab displays the iFolder type (Admin user or user), iFolder name, iFolder owner, members, the date the iFolder was last modified. 124 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 125: Managing The Ifolder System
2 Use the search functionality to locate the iFolder you want to manage. 3 Click the iFolder's link to open the iFolder Details page to the iFolder tab. The iFolder Details page displays the iFolder details, list of members who own or share the iFolders and policy settings for this particular iFolder.
Page 126: Viewing Reprovisioning Status
Shows the new server to provision for the user. Completed Shows the reprovisioning status as a percentage. Reprovision State Shows any of the following reprovisioning states: Initializing Initialized Moving iFolder Resetting Home Finalizing 126 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 127: Configuring Ifolder Administrators
10.5.3 Configuring iFolder Administrators This section discusses the following: “Understanding the iFolder Admin User” on page 127 “Viewing the Admin User Details” on page 127 “Granting iFolder Admin Right to a User” on page 128 “Removing the iFolder Admin Right for a User” on page 128 Understanding the iFolder Admin User The iFolder Admin user is the primary administrator of the iFolder enterprise server.
Page 128: Configuring System Policies
Use the System Policies page to manage system-wide policies. Viewing the Current System Policies The following table lists the system policies you can manage for any given iFolder System. Click Save to apply the modifications. 128 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 129 System Policies Table 10-4 Parameter Description No of iFolders per Specifies the maximum number of iFolder allowed per user. After Applying this users policy, each user is limited to own a certain number of iFolders. The users who exceed their limit receive an error message about the policy violation. If the limit is zero, users cannot create any iFolders.
Page 130 Specify whether to restrict file types that are synchronized by exclusion filters. Type a file extension, then click Add to add it to the list. You can only add or delete file extensions; subsequent editing is not allowed on the entries. 130 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 131: Managing Ifolder Servers
Parameter Description Synchronization To enable a policy, select the check box, then specify the minimum synchronization interval in minutes. For example, a practical value is 600 seconds (10 minutes). Larger values are more restrictive. To disable the policy, deselect the check box. The value is reported as No Limit. Default value: Disabled The effective minimum synchronization interval is always the largest value of the following settings:...
Page 132 Description System Select System to view the that tracks all the system activities. simias.log User Access Select User Access to view simias.access.log that tracks the user activities on the selected server. 132 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 133 Either you can save it to the machine or open with a desired file format. Parameter Description Shows all the server activities that help Novell support resolve the issues. Debug Shows the server activities that help Novell support debug the issues.
Page 134 7c Authenticate to the LDAP server and modify the LDAP Details, then click OK to apply your changes: Parameter Description LDAP Admin DN Specify the fully distinguished name of the LDAP Admin. This might be the same or different as your iFolder Admin. 134 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 135 Parameter Description LDAP Admin The password is used to authenticate the LDAP Admin user to the LDAP Password server.Click OK to update the password stored in the LDAP settings. LDAP Server Specify the DNS name or IP address of the LDAP server. This might be the same or a different server as any of the iFolder servers in the iFolder system.
Page 136 Deleting a Data Store: You can delete a Data Store if no iFolder is created on it. To delete a Data Store, select the check box next to that Data Store and click Delete. 136 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 137: Securing Web Admin Server Communications
Enable or Disable Data Store: Select the Data Store you want to disable or enable and click Disable or Enable respectively. When the user uploads an iFolder, disabled Data Stores are always skipped while checking for the maximum free space availability for storing the iFolder data.
Page 138: Configuring The Ssl Cipher Suites For The Apache Server
Administrator could reconfigure to enable SSL between the Web Admin Server and the iFolder Enterprise Server, which would increase the security for communications between the two servers. 138 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 139: Configuring The Web Admin Server For Ssl Communications With Web Browsers
SSL (HTTPS) communications between the servers. Traffic between the two servers is secure. If you specify an http:// in the URL, HTTP is used for communications between the servers and traffic is insecure. The setting is stored in the file /opt/novell/ifolder3/lib/simias/webAdmin/Web.config under the following tag: <add key="SimiasUrl" value="https://localhost" />...
Page 140: Configuring An Ssl Certificate For The Web Admin Server
#RewriteRule ^/ifolder/(.*) https://%{SERVER_NAME}/ifolder/$1 [R,L] 3 Start the iFolder Web Admin services. 10.7.5 Configuring an SSL Certificate for the Web Admin Server For information, see “Managing SSL Certificates for Apache” on page 197. 140 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 141: Managing Ifolder Users
Managing iFolder Users ® ® This section discusses how to manage iFolder users with Novell iFolder 3.7 enterprise server. Section 11.1, “Provisioning / Reprovisioning Users and LDAP Groups for iFolder,” on page 141 Section 11.2, “Searching for a User Account,” on page 143 Section 11.3, “Accessing And Viewing General User Account Information,”...
Page 142: Manual Provisioning
A, server B next new user. When all the three servers are provisioned with an equal number of users, the next new user is provisioned to any of these servers. 142 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 143: Searching For A User Account
11.2 Searching for a User Account NOTE: The term iFolder users refers to both individual users and LDAPGroups. 1 In Web Admin console, enable the Users tab. 2 Select a name criterion (User Name, First Name, Last Name, Home Server). 3 Select a filter criterion (Contains, Begins With, Ends With, Equals).
Page 144: Enabling Or Disabling An Ifolder For An User Account
11.3.2 Deleting An iFolder To delete an iFolder: 1 Locate the iFolder you want to delete, then select the check box next to the iFolder. 2 Click Delete. 144 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 145: Configuring User Account Policies
11.4 Configuring User Account Policies Section 11.4.1, “Viewing the Current User Account Policies,” on page 145 Section 11.4.2, “Modifying User Account Policies,” on page 146 11.4.1 Viewing the Current User Account Policies 1 In Web Admin console, select Users tab to view a list of current iFolder users. 2 Click the link for the user’s name to open the User page for that user account.
Page 146: Modifying User Account Policies
To have the lockout take effect immediately, you must restart the Apache services for the iFolder server, which disconnects all active sessions, including the user’s session. Default Value: Enabled, Yes 146 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 147 Parameter Description No of iFolder per Specifies the maximum number of iFolder that a user can own. After Applying users this policy, the user is limited to own a certain number of iFolders.The user who exceeds his or her usage limit receives an error message about the policy violation.
Page 148: Enabling And Disabling Ifolder User Accounts
2 Search for the user whose account you want to enable or disable for login. 3 Do one of the following: Enable login for the user account by selecting Enable. Disable login for the user account by selecting Disable. 148 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 149: Managing Ifolders
Managing iFolders ® ® This section discusses how and administrator can manage iFolders on the Novell iFolder enterprise server, using the Novell iFolder Web Admin console. Section 12.1, “Viewing Details And Configuring Policies for an iFolder,” on page 149 12.1 Viewing Details And Configuring Policies...
Page 150: Searching For An Ifolder
3 Browse the list of iFolders to locate the iFolder you want to manage. 4 Click the iFolder’s name link to view its details, change the owner, configure its policies, share the iFolder, or modify members’ access rights. 150 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 151: Managing Ifolder Members
Locating the iFolders in the Search Results Scroll up and down to browse the search results and locate the iFolder you want to manage. The combination of the iFolder’s name and owner help to identify the iFolder you seek. 12.1.4 Managing iFolder Members You can view the members' name, type and access rights assigned to them.
Page 152 2 On the iFolder Details page, select the check box next to the member user’s name. 3 Select the Members tab, then select the check box next to the member user’s name. 152 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 153: Managing Ifolder Policies
4 Click Delete. The user’s local copy of the data remains on the user’s computer, but the user no longer has access to the server copy of the iFolder data. Transferring Ownership of an iFolder When you change the owner of an iFolder, the existing owner becomes a member of the iFolder and is assigned the Read/Write right.
Page 154 To exclude a file type from the restricted file types, select the check box adjacent to the file type, then click Delete. Default Value: Disabled, Allow all file types or the System-wide settings. 154 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 155: Enabling And Disabling An Ifolder
Parameter Description Synchronization Select the Synchronization Interval check box to enable a minimum interval setting for the selected iFolder, then specify the minimum value in minutes that users are allowed to set on their clients. To disable the setting, deselect the Synchronization Interval check box. If the option is disabled, the value reported is No Limit If this option is enabled, the minimum synchronization interval specifies the...
Page 156 NOTE: Disabling synchronization temporarily, as opposed to deleting or disabling the entire user account, turns off the ability of the selected iFolder to synchronize. 156 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 157: Managing An Ifolder Web Access Server
Managing an iFolder Web Access Server ® ® This section describes how to manage your Novell iFolder 3.7 Web Access server on Novell Open Enterprise Server. Section 13.1, “Starting iFolder Web Access Services,” on page 157 Section 13.2, “Stopping iFolder Web Access Services,” on page 157 Section 13.3, “Distributing the Web Access Server URL to Users,”...
Page 158 For example, to set the time-out to 5 minutes (300 seconds) and the maximum file size to 5 megabytes (5120 KB) for the Web Access server, modify its httpRuntime parameter values in the file: ../webaccess/Web.config <httpRuntime executionTimeout="720" maxRequestLength="1048576" 158 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 159: Securing Web Access Server Communications
/> If the values exceed the values in for the enterprise webaccess/Web.config web/web.config server, you must also increase the sizes of runtime parameters in that file. 13.5 Securing Web Access Server Communications This section describes how to configure SSL traffic between the iFolder Web Access server and other components.
Page 160: Configuring The Web Access Server For Ssl Communications With The Enterprise Server
Access server is on a different machine than the iFolder enterprise server, an Administrator could reconfigure to enable SSL between the Web Access Server and the iFolder Enterprise Server, which would increase the security for communications between the two servers. This is a recommended setting 160 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 161: Configuring The Web Access Server For Ssl Communications With Web Browsers
13.5.4 Configuring the Web Access Server for SSL Communications with Web Browsers The iFolder 3.x Web Access server requires a secure connection between the user’s Web browser and the Web Access server. The SSL connection supports the secure exchange of data. For most deployments, this setting should not be changed because iFolder uses HTTP BASIC for authentication, which means passwords are sent to the server in the clear.
Page 162 162 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 163: Web Admin Console Fails To Start Up
Mono process for iFolder is still running on the server ps -ef|grep mono side. 4 Run to end the Mono process for iFolder. kill <process id of the process> 5 Restart Apache. Troubleshooting Tips For Novell iFolder 3.7...
Page 164: Login To The Web Consoles Fails
The changes you have made in the iFolder domain, such as adding a new user to the iFolder domain from the LDAP, are not reflected even after the identity sync interval. The workaround is to click the Sync Now button after you make the changes. 164 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 165: Synchronizing A Large Number Of Files Randomly Requires Multiple Sync Cycles
If the LDAP users are not synchronized immediately in iFolder, check to see if the default interval to synchronize the LDAP server with iFolder servers is 24 hours. To reflect the changes immediately, you can use the Sync now option in the Server details page of the Web Admin console. Troubleshooting Tips For Novell iFolder 3.7 165...
Page 166: Directory Access Exception On Creating Or Synchronizing Ifolders
If the user cannot log in to iFolder Web Access, consider the following actions: Check the permission for the Apache user to the data store path of iFolder, and change permissions as necessary. chown -R <apache user>:<apache group> <Data/store/path/simias> 166 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 167: Ifolder Upgrade From Oes 1 Sp2 To Oes 2 Fails
A.19 Web Admin and Web Access Show a Blank Page If the Web Admin console and Web Access console show blank pages, ensure that the Simias server and Web Access server are up and running. Troubleshooting Tips For Novell iFolder 3.7 167...
Page 168 168 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 169: B Caveats For Implementing Ifolder 3.7 Services
B.2 Using Novell iFolder Server to Serve Large Files Novell iFolder is capable of serving large files, subject to the system or file system limits. However, Mono® has a race condition in the Mono version that ships with Open Enterprise Server (OES) 2 that prevents large file uploads.
Page 170: Deployment In An Active Directory Environment
B.7 Novell iFolder Admin User By default, the LDAP admin assumes the iFolder Administrator position. You must change this default setting during the master server configuration to have a better role separation. 170 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 171: Novell Ifolder With Ichain And The Access Gateway
B.8 Novell iFolder with iChain and the Access Gateway Novell iFolder can work with iChain® and the Access Gateway. However, the logout URLs for both of these products are not configured by default. You must use CLI to update the logout URL for both iFolder 3.7 Web Admin and iFolder 3.7 Web Access configuration work successfully with iChain or...
Page 172 172 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 173: C Clustering Ifolder 3.7 Servers With Novell Cluster Services For Linux
Clustering iFolder 3.7 Services,” on page 173. 2 Install and configure Novell Cluster Services (NCS) on the Open Enterprise Server (OES) Linux 2 servers you plan to use in the iFolder 3.7 cluster. For information on installing NCS, see the section “Installing Novell Cluster Services on OES...
Page 174: Configuring Ifolder 3.7 Servers On A Ncs For Linux Cluster
C.3 Configuring iFolder 3.7 Servers on a NCS for Linux Cluster The following procedure describes how to configure Novell iFolder 3.7 services on a Novell Cluster Services for Linux cluster. You can optionally add iFolder 3.7 Web Access and iFolder 3.7 Web Admin servers to the cluster.
Page 175: Creating The Ifolder 3.7 Cluster Resource
5 Enter the name of the resource you want to create, such as iFolder3 Do not use periods in cluster resource names. Novell clients interpret periods as delimiters. If you use a space in a cluster resource name, that space is converted to an underscore.
Page 176: Managing The Ifolder 3.7 Cluster Resource
3.7 resource and bring it online. For information, see “Managing Clusters” in the OES 2 SP1: Novell Cluster Services 1.8.4 for Linux Administration Guide. C.6 Sample Load Scripts for iFolder 3.7 Clusters Section C.6.1, “Linux POSIX File System,” on page 176 Section C.6.2, “NSS File System,”...
Page 177: Nss File System
C.7 Sample Unload Scripts for iFolder 3.7 Clusters Section C.7.1, “Linux POSIX File System,” on page 178 Section C.7.2, “NSS File System,” on page 178 Section C.7.3, “Troubleshooting,” on page 179 Clustering iFolder 3.7 Servers with Novell Cluster Services for Linux 177...
Page 178: Linux Posix File System
#deactivate the container exit_on_error deactivate_evms_container $container_name $NCS_TIMEOUT #return status exit 0 ################################################### C.7.2 NSS File System If your shared volume uses the NSS file system, use the following unload script as a guide: 178 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 179: Troubleshooting
For /$MOUNT-POINT example, if the mount point is , add: /var/opt/novell/ifolder3/data #stop service otherwise sleep 10 ignore_error fuser -k /var/opt/novell/ifolder3/data Clustering iFolder 3.7 Servers with Novell Cluster Services for Linux 179...
Page 180: Sample Monitor Scripts For Ifolder 3.7 Clusters
# define the device MOUNT_DEV=/dev/evms/$container_name/ifolder # define the mount point MOUNT_POINT=/mnt/ifolder # check the file system exit_on_error status_fs $MOUNT_DEV $MOUNT_POINT $MOUNT_FS # check the IP address exit_on_error status_secondary_ipaddress $RESOURCE_IP # check iFolder exit_on_error check_ifolder 180 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 181: Nss File System
##MYVOL is the name of your NSS volume exit_on_error ncpcon volume MYVOL # check the IP address exit_on_error status_secondary_ipaddress $RESOURCE_IP # check iFolder exit_on_error check_ifolder #return status exit 0 Clustering iFolder 3.7 Servers with Novell Cluster Services for Linux 181...
Page 182 182 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 183: D Decommissioning A Slave Server
1 Reprovision all the users on the slave server to a different server. 2 In the slave server, open a terminal prompt. 3 Enter to bring down the slave server. rcapache2 stop 4 Enter and follow the on- /opt/novell/ifolder3/bin/simias-server-setup --remove screen instructions. Decommissioning a Slave Server...
Page 184 184 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 185: E Configuration Files
Simias.config <datapath>/simias/Simias.config <configuration> <section name="EnterpriseDomain"> <setting name="SystemName" value="iFolder" /> <setting name="Description" value="iFolder Enterprise System" /> <setting name="AdminName" value="cn=admin,o=novell" /> </section> <section name="Server"> <setting name="Name" value="npsdt-val-3" /> <setting name="PublicAddress" value="https://192.168.1.1:443/simias10" /> <setting name="PrivateAddress" value="https://192.168.1.1:443/simias10" /> <setting name="RAPath" value="/var/simias/data/simias" />...
Page 186: Web.config File For The Enterprise Server
The following is an example of a configured file. simias/web/Web.config <?xml version="1.0" encoding="utf-8"?> <configuration> <!-- Enable this if you want gzip compression. Also uncomment the <mono.aspnet> section below <configSections> <sectionGroup name="mono.aspnet"> 186 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 187 <section name="acceptEncoding" type="Mono.Http.Configuration.AcceptEncodingSectionHandler, Mono.Http, Version=1.0.5000.0, PublicKeyToken=0738eb9f132ed756" /> </sectionGroup> </configSections> --> <system.web> <customErrors mode="Off"/> <httpRuntime executionTimeout="3400" maxRequestLength="2097152" /> <!-- take this out until we need it <webServices> <soapExtensionTypes> <add type="DumpExtension, extensions" priority="0" group="0" /> <add type="EncryptExtension, extensions" priority="1" group="0" /> </soapExtensionTypes> </webServices>...
Page 188: Web.config File For The Web Admin Server
(.pdb information)into the compiled page. Because this creates a larger file that executes more slowly,you should set this value to true 188 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 189 only when debugging and to false at all other times. For more information, refer to the documentation about debugging SP.NET files. --> <compilation defaultLanguage="C#" debug="true" /> <!-- CUSTOM ERROR MESSAGES Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. Add <error>...
Page 190 If cookies are not available, a session can be tracked by adding a session identifier to the URL. To disable cookies, set sessionState cookieless="true". --> <sessionState mode="InProc" cookieless="false" timeout="20" /> <httpHandlers> 190 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 191 <add verb="*" path="tail/*.log" type="Novell.iFolderWeb.Admin.LogTailHandler,Novell.iFolderAdmin" / > <add verb="*" path="*.log" type="Novell.iFolderWeb.Admin.ReportLogHandler,Novell.iFolderAdmin" /> <add verb="*" path="*.csv" type="Novell.iFolderWeb.Admin.ReportLogHandler,Novell.iFolderAdmin" /> </httpHandlers>  <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> </system.web> <appSettings> <add key="SimiasUrl" value="https://localhost" /> <add key="SimiasCert" value="a_certification_key_goes_here" />...
Page 192: Web.config File For The Web Access Server
--> <customErrors defaultRedirect="Error.aspx" mode="RemoteOnly" /> <!-- AUTHENTICATION This section sets the authentication policies of the 192 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 193 application. Possible modes are "Windows", "Forms", "Passport" and "None". "None" No authentication is performed. "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to its settings for the application. Anonymous access must be disabled in IIS. "Forms" You provide a custom form (Web page) for users to enter their credentials, and then you authenticate them in your application.
Page 194 <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> <httpModules> <add name="UploadModule" type="Novell.iFolderApp.Web.UploadModule, Novell.iFolderWeb" /> </httpModules> </system.web> <appSettings> <add key="SimiasUrl" value="https://localhost" /> <add key="SimiasCert" value="a_certification_key_goes_here" /> </appSettings> <location path="Default.aspx"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> 194 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 195 </location> <location path="ICLogout.aspx"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> </configuration> Configuration Files 195...
Page 196 196 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 197: F Managing Ssl Certificates For Apache
Managing SSL Certificates for Apache ® ® This section discusses how to acquire and manage SSL certificates for your Novell iFolder servers. Section F.1, “Generating an SSL Certificate for the Server,” on page 197 Section F.2, “Generating a Self-Signed SSL Certificate for Testing Purposes,” on page 198 Section F.3, “Configuring Apache to Point to an SSL Certificate on an iFolder Server,”...
Page 198: Generating A Self-Signed Ssl Certificate For Testing Purposes
Replace with the actual file name of your files. Replace the filename .key .cert destination path with the shared key directory location where you want to store the .key files. .cert 198 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 199: Configuring Apache To Point To An Ssl Certificate On A Shared Volume For An Ifolder Cluster
If you have received a single file from the trusted authority, copy that to the shared .pem key directory location. At a terminal console, enter cp ./filename.pem /etc/sharedkey/ 4 Perform either of the following: 4a Edit the Apache SSL configuration file ( /etc/apache2/vhosts.d/vhost-ssl.conf to point to the file and...
Page 200: Configuring Apache To Point To An Ssl Certificate On A Nss Volume For An Ifolder Cluster
Replace the path to the files with the actual location and filename on the shared volume. 3b Edit the Apache SSL configuration file ( /etc/apache2/vhosts.d/vhost-ssl.conf to point to the . file on the NSS volume by modifying the values for the following parameters: SSLCertificateKeyFile=/media/nss/VOL1/ifolder3/sharedkey/filename.pem 200 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 201 SSLCertificateFile=/media/nss/VOL1/ifolder3/sharedkey/filename.pem WARNING: Ensure that there are no duplicate entries for SSLCertificateKeyFile in the Apache SSL configuration file. SSLCertificateFile 4 Restart the Apache server. Managing SSL Certificates for Apache 201...
Page 202 202 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 203: G Frequently Asked Questions
For an additional listing of questions and answers that have been submitted by administrators and iFolder users, see the following: Appendix A, “Troubleshooting Tips For Novell iFolder 3.7,” on page 163 OES 2 SP1: Novell iFolder 3.7 Cross-Platform User Guide iFolder 3 Web site (http://www.ifolder.com/index.php/FAQ)
Page 204: Is Ifolder 3.7 Supported On Windows Vista
Yes. You can use iFolder for different operating systems on different workstations to access and share the files. For example, you can use an iFolder client on a Windows workstation at home and on a Linux workstation at the office to share the same files. 204 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 205: There Was A 10 Mb File Limitation Using Web Access? Is It Still Applicable For Ifolder 3.7
G.3.1 What is the management console for iFolder 3.7? There is a new Web-based console for managing iFolder 3.7. Novell iManager provides single sign- on authentication to the Web Admin console. For more information on the Web Admin console, see Chapter 10, “Managing iFolder Services via Web Admin,”...
Page 206: Can The Administrator Control The Ability To Encrypt Ifolder Files
Membership and synchronization continue while the iFolder Admin user determines whether an orphaned iFolder should be deleted or assigned to a new owner. For more information, “Managing Orphaned iFolders” on page 153. 206 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 207: Version History
For information, see Section 3.5, “What’s New in Novell iFolder 3.0 (OES Linux),” on page The server is supported for Novell Open Enterprise Server on Linux servers. The client supports Linux, Windows, and Macintosh desktops. Bundled Section 3.4, “What’s New in Novell iFolder 3.1 (OES SP1 Linux),” on page...
Page 208: Network Operating Systems Support
Workstation Operating Systems Table H-4 Workstation Operating iFolder 3.0 iFolder 3.1 iFolder 3.2 iFolder 3.4 iFolder 3.6 iFolder 3.7 System Novell Linux v9 and later Desktop ® SUSE Linux Enterprise Desktop 10 208 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 209: Web Server Support
H.6 iFolder User Access Support iFolder User Access Support Table H-6 iFolder User Access Method iFolder client iFolder client, using a proxy Novell iFolder IE 6.0 IE 6.0 IE 6.0 IE 6.0/7.0 IE 6.0/7.0 3.x Web Access Firefox Firefox...
Page 210: Management Tools Support
2.7 iFolder 3 plug-in to YaST iFolder 3 Web Access plug-in to YaST iFolder 3 Web Admin plug-in to YaST RPM packages available in the OES install Simias Log Simias Access 210 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 211: Documentation Updates
If you are a new user, simply read the guide in its current state. Refer to the publication date, which appears on the front cover and the Legal Notices page, to determine the release date of this guide. For the most recent version of the Novell iFolder 3.7 Administration Guide, see the Novell iFolder 3.x documentation Web site (http://www.novell.com/...
Page 212: Installing Ifolder Clients Through Novell Zen Works
Section 11.1, “Provisioning / Reprovisioning Users Provisioning users and LDAP Groups. and LDAP Groups for iFolder,” on page 141 Table 11-1 on page 144 Update the table with information on user groups and group members. 212 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 213: Auto Account Creation
I.1.4 Auto Account Creation The following change was made to this section: Auto Account Creation Table I-4 Location Change Section 6.10, “Using a Response File to Added description about using response file to Automatically Create iFolder Accounts,” on page 91 distribute iFolder clients.
Page 214: Viewing Reprovisioning Status
Table I-10 Location Change Section E.1, “Simias.config File,” on page 185 Updated the simias.config file. I.1.11 Web.config File for the Web Admin Server The following change was made to this section: 214 OES 2 SP1: Novell iFolder 3.7 Administration Guide...
Page 215: Clustering Novell Ifolder Services
Section E.3, “Web.config File for the Web Admin Added a new section for Web.config files for the Server,” on page 188 Web Admin server. I.1.12 Clustering Novell iFolder Services The following change was made to this section: iFolder Cluster Table I-12...
Page 216 216 OES 2 SP1: Novell iFolder 3.7 Administration Guide...

Novell IFOLDER 3.7 - ADMINISTRATION Administration Manual

About this Guide

Overview of Novell Ifolder 3.7

Planning Ifolder Services

3 What's New

4 Comparing Novell Ifolder 2.X and 3.7

5 Prerequisites and Guidelines

6 Installing and Configuring Ifolder Services

Migrating Ifolder Services

Running Novell Ifolder in a Virtualized Environment

Managing an Ifolder Enterprise Server

Managing Ifolder Services Via Web Admin

Managing Ifolder Users

Managing Ifolders

Managing an Ifolder Web Access Server

A Troubleshooting Tips for Novell Ifolder 3.7

B Caveats for Implementing Ifolder 3.7 Services

C Clustering Ifolder 3.7 Servers with Novell Cluster Services for Linux

D Decommissioning a Slave Server

E Configuration Files

F Managing SSL Certificates for Apache

G Frequently Asked Questions

H Product History of Ifolder 3

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Novell IFOLDER 3.7 - ADMINISTRATION

Summary of Contents for Novell IFOLDER 3.7 - ADMINISTRATION