How to manually create all security objects

(Last modified: 07Apr2005)

This document (10095013) is provided subject to the disclaimer at the end of this document.

goal

How to manually create all security objects

fact

Novell NetWare 6.5

Novell NetWare 6

Novell eDirectory 8.6 for All Platforms

Novell eDirectory 8.7 for All Platforms

note

You would only do this if the security container was deleted or the Certificate Authority Object was deleted.  These are the steps if there is no security container in the tree.

fix

1.  Do a full eDirectory Health Check by following NDS Health Check Procedures - Cross Platform 

2.  Highlight the Tree object | File | New | Object | Chose SAS:Security (This will create the security container) | Select Ok | Confirm the name of ┬ôSecurity┬ö and press Ok

 

3.  Creating Certificate Authority Object . Highlight the Security Object | File New | Object | Chose NDSPKI: Certificate Authority and select OK. Chose the host Server (The server that will host the Certificate Authority.  This server needs to hold the Master replica or a Read/Write replica of the security container.) Name the object what you like, but something that will define it as the CA.   Choose standard then click Next. Then Finish.

 

4.  Creating the Key Access Partition (otherwise known as KAP) Highlight the Security Container and select | File | New | Object | Choose NDSPKI:SD Key Access Partition and select Ok. (Note: You should get a warning stating : There is not a snapin to create this type of object.......Continue with the object creation?) Select Yes to create the object anyway. Name the object KAP | Select Ok.

 

5.  Creating the W0 object. Highlight the KAP object and select | File | New | Object | Choose NDSPKI: SD Key List | Select Ok. (Note: You should get a warning stating : There is not a snap-in to create this type of object........Continue with the object creation?) Select Yes to create the object anyway. Name the object W0 (NOTE this is the number zero not O as in Oscar) | Select Ok.

 

6.  Right click on the W0 object and select properties | Select the Other tab | Select Add | Choose NDSPKI: SD Key Server DN and select Ok. Browse to the server object you used in st.ep 3  and select Ok. Apply these changes and close the properties of the W0 object.

7.  Checking the tree keys.  All of the servers in the tree need to have the same tree key.  These are files stored on each server. Please use the following TID  Using SDIDiag to gather specific SDKey information from servers to verify what tree keys are on the server hosting the CA and what keys all of the other servers in the tree hold.  If there are no keys, then use the following command:  SDIDIAG prompt SD -G.  If the keys are different on the servers in the tree, you have to type the following command at the SDIDIAG prompt: SD -R.  If the keys are the same through out the tree, you don't have to issue any commands. 

8.  Creating the SSL certificates and SAS objects using PKIDIAG. Load PKIDIAG from the server console.  Authenticate as Admin.novell Run options 4 - Diagnostic Mode, then 0 - Begin fixing now [All problems will be fixed if possible]

The summary should show:

Fixable problems found: 4

Problems fixed: 4

Note:  There is no PKIDIAG for Windows or Linux platforms.  If you need to create the SSL certificates and SAS objects, please reinstall certificate server on those machines and the objects will be recreated.

.

document

Document Title: How to manually create all security objects
Document ID: 10095013
Solution ID: NOVL99332
Creation Date: 13Oct2004
Modified Date: 07Apr2005
Novell Product Class:Netware

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.