Support
The ZfCR 2.0 product is intended for network environment, in which at least one server with the Netware 6.0 SP4 operating system or higher is installed with ZENworks for Desktops 4 or higher. You can buy the mentioned products as a part of NetWare for SmallBusiness 6.5, or separately. As concerns ZENworks, you only need to have WorkStation Manager installed on workstations (please note that it is not a part of a client!), and to extend the scheme of eDirectory (to be selected upon the launch of installation from a CD). Server parts of ZENworks can be operated, or - respectively - installed, but are not necessary.
Recommended configuration
Client:
|
Server:
|
F.A.Q.
It means that the creation of dynamic users does not work. The reasons can be as follows:
- Novell Workstation Manager is not installed. Install it from SYS:PUBLIC\ZenWorks\ (ZfDAgent.msi, or Setup.exe).
- An incorrect version of Workstation Manager is installed. The Novell client installation includes Workstation Manager version 3.x, which is not fully compatible with ZenWorks 4.x. Therefore, do not install Workstation Manager with the client, but always the version 4.x from the SYS:PUBLIC\ZenWorks directory. If Workstation Manager 3.x has been already installed, you can remove it through the network setting.
-
The container, in which the user account is created, has no policy allocated for creation of dynamic users. Create it using ConsoleOne (New->Object->Policy Package->User Package->Dynamic Local User). In the policy features - the 'Policies' bookmark - permit the 'Dynamic Local User' policy for individual operating systems (Win2000/WinXP). Check 'Enable Dynamic Local User', 'Manage existing account (if any)', 'Use eDirectory credentials' and 'Volatile user (Remove user after logout)' in features.
In the 'Association' bookmark, allocate the package of policies created in this way to the container with users, to a group or to individual users. - If everything is installed correctly and the policy for creation of dynamic users is allocated, and users are still not created, Workstation Manager is probably unable to find or load the allocated policy. In this case, you can try to create the policy of 'Container Package' and to define rules of search of the eDirectory tree - the 'Search Policy' - so that Workstation Manager can find the policy.
To access the control (and administration) web, encoded SSL connection is used to protect the password and improve the security of the application. The web server (Apache) is configured to use the existing certificate saved in the eDirectory, in the container of the server(it is called 'SSL CertificateIP - name of the server').
If your browser displays a message notifying you of an invalid name in the certificate, a new certificate must be created, in which the name will be identical to the address, to which you are connecting. It can be done as follows:
- In ConsoleOne, select the container of the server and in the File menu click on New -> Object -> NDSPKI:Key Material.
- In the next dialogue window, selected the ZfCR server and enter the name of certificate (such as ZFCR). Select the 'Custom' method of creation, as you need to set extended parameters of the certificate. Click on 'Next', select 'Organizational certificate authority', and click on 'Next' again. Leave the RSA parameters as they are and click on 'Next'.
- Now, you can set the name provided in the certificate. Next to the 'Subject name:' field, click on 'Edit' and enter the subject of the certificate in the following form: .O=TREE.CN=<address of the web server> (example: if you enter the address https://192.168.0.10 in the browser, enter .O=TREE.CN=192.168.0.10 as the subject of the certificate). -> OK -> Next -> Next -> Finish.
- When the certificate is created in this way, it is still necessary to change the configuration of the web server to make it to use the certificate. In the ys:zfcr2\apache.conf file, change the name of the certificate from "SSL CertificateIP" to "ZfCR" in the line 'SecureListen <address of the server>:443. Save the file and restart apache on the console of the server:
UNLOAD ADDRESS SPACE=ZAPACHE APACHE ZSTART
Another problem can be that the certificate is undersigned by a certification authority of your server, which is not listed as a reliable in your browser. This can be solved by checking the certificate as reliable when the warning on invalid certificate appears, or by importing a public key of the root certification authority of your server to the browser.
This can be done in ConsoleOne by opening features of the SSL certificate - Certificate IP, selecting 'Trusted Root Certificate' in the 'Certificates' bookmark and clicking on the button 'Export' -> No -> Next -> Select the file in the DER format, to which the certificate with the public key should be saved, and click on Next and Finish.
Select File -> Open in the window of your web browser and click on the file with the exported certificate.
- If you use the Mozilla Firefox or Mozilla browsers, a window will appear, in which you can select the purpose of the certificate. Select the option 'Trust this CA to identify web sites.' and click on OK.
- If you still use Internet Explorer, a window will appear containing information about the certificate. Select 'Install certificate...' -> 'Next' -> 'Place all certificates to the following destination'
- Click on 'Browse...' and select 'Reliable root certification authorities' -> 'OK' -> 'Next' -> 'Finish'
Now, your web browser will trust the certificate of the control web server.
If all is done propertly, the message on invalid certificate will not appear any more.