How to manually create all security objects
(Last modified: 07Apr2005)
This document (10095013) is provided subject to the disclaimer at the end of this document.
goal
How to manually create all security objects
fact
Novell NetWare 6.5
Novell NetWare 6
Novell eDirectory 8.6 for All Platforms
Novell eDirectory 8.7 for All Platforms
note
You would only do this if the security container was deleted or the Certificate Authority Object was deleted. These are the steps if there is no security container in the tree.
fix
1. Do a full eDirectory Health Check by following NDS Health Check Procedures - Cross Platform
3. Creating Certificate Authority Object . Highlight the Security Object | File New | Object | Chose NDSPKI: Certificate Authority and select OK. Chose the host Server (The server that will host the Certificate Authority. This server needs to hold the Master replica or a Read/Write replica of the security container.) Name the object what you like, but something that will define it as the CA. Choose standard then click Next. Then Finish.
4. Creating the Key Access Partition (otherwise known as KAP) Highlight the Security Container and select | File | New | Object | Choose NDSPKI:SD Key Access Partition and select Ok. (Note: You should get a warning stating : There is not a snapin to create this type of object.......Continue with the object creation?) Select Yes to create the object anyway. Name the object KAP | Select Ok.
5. Creating the W0 object. Highlight the KAP object and select | File | New | Object | Choose NDSPKI: SD Key List | Select Ok. (Note: You should get a warning stating : There is not a snap-in to create this type of object........Continue with the object creation?) Select Yes to create the object anyway. Name the object W0 (NOTE this is the number zero not O as in Oscar) | Select Ok.
6. Right click on the W0 object and select properties | Select the Other tab | Select Add | Choose NDSPKI: SD Key Server DN and select Ok. Browse to the server object you used in st.ep 3 and select Ok. Apply these changes and close the properties of the W0 object.
7. Checking the tree keys. All of the servers in the tree need to have the same tree key. These are files stored on each server. Please use the following TID Using SDIDiag to gather specific SDKey information from servers to verify what tree keys are on the server hosting the CA and what keys all of the other servers in the tree hold. If there are no keys, then use the following command: SDIDIAG prompt SD -G. If the keys are different on the servers in the tree, you have to type the following command at the SDIDIAG prompt: SD -R. If the keys are the same through out the tree, you don't have to issue any commands.
8. Creating the SSL certificates and SAS objects using PKIDIAG. Load PKIDIAG from the server console. Authenticate as Admin.novell Run options 4 - Diagnostic Mode, then 0 - Begin fixing now [All problems will be fixed if possible]
The summary should show:
Fixable problems found: 4
Problems fixed: 4
document
| Document Title: | How to manually create all security objects |
| Document ID: | 10095013 |
| Solution ID: | NOVL99332 |
| Creation Date: | 13Oct2004 |
| Modified Date: | 07Apr2005 |
| Novell Product Class: | Netware |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.