Digital DCE for OpenVMS VAX and OpenVMS Alpha
Installation and Configuration Guide


Previous Contents Index


Chapter 4
Configuring DCE

This chapter describes the DCE system configuration utility for Digital DCE for OpenVMS VAX and OpenVMS Alpha. Note that DCE must be configured.

Many of the system configuration utility prompts have default values associated with them. The default responses are based on your existing configuration, if you have one. Otherwise, default values for the most common DCE system configurations are provided.

The system configuration utility sets up the DCE environment on your node so that you can use DCE services. The system configuration utility leads you through the process of creating or joining a cell.

Note

If you are installing DIGITAL DCE for OpenVMS VAX or OpenVMS Alpha Version 1.5 over a previous version of DCE, you do not have to reconfigure DCE after the installation. Before the installation, stop the DCE daemons with the following command:


$ @SYS$MANAGER:DCE$SETUP CLEAN

Then, after the installation, enter the following command:


$ @SYS$MANAGER:DCE$SETUP START

You must reconfigure if you are installing DCE for the first time or if you are installing a new version over DCE Version 1.0.

If you are installing DCE over an existing DIGITAL DCE for OpenVMS VAX or OpenVMS Alpha Version 1.5, perform the following steps:

  1. Stop the DCE deamons with the following commands:


    $ @SYS$MANAGER:DCE$SETUP CLEAN
    


    $ @SYS$MANAGER:DCE$RPC_SHUTDOWN
    

  2. After the installation, enter the following command:


    $ @SYS$MANAGER:DCE$SETUP START
    

4.1 Starting the System Configuration Utility

If you did not reboot after the installation and if you chose to configure your system during installation, the DCE system configuration utility starts automatically. You can also start the system configuration utility manually at the DCL prompt. You can use the same command to perform an initial configuration or to reconfigure DCE. See Appendix C for several sample configurations.

To start the system configuration utility at the DCL prompt, enter the following command:


$ @SYS$MANAGER:DCE$SETUP

The DCE System Management Main Menu appears:


               DCE System Management Main Menu 
 
                   DCE for OpenVMS VAX V1.5 
 
 
  1)  Configure   Configure DCE services on this system 
  2)  Show        Show DCE configuration and active daemons 
  3)  Stop        Terminate all active DCE daemons 
  4)  Start       Start all DCE daemons 
  5)  Restart     Terminate and restart all DCE daemons 
  6)  Clean       Terminate all active DCE daemons and remove 
                  all temporary local DCE databases 
  7)  Clobber     Terminate all active DCE daemons and remove 
                  all permanent local DCE databases 
  8)  Test        Run Configuration Verification Program 
 
  0)  Exit        Exit this procedure 
  ?)  Help        Display helpful information 
 
Please enter your selection: 

Enter 1 to view the DCE Configuration Menu.

To skip the previous menu and go directly to the DCE Configuration Menu, enter the following command:


$ @SYS$MANAGER:DCE$SETUP CONFIG

4.2 Initial Configuration Menu

The configuration procedure displays an initial menu:


 
          DCE Configuration Menu 
 
1)  RPC_Only    Provide DCE RPC services only 
2)  Client      Configure this host as a DCE client system 
3)  Server      Configure this host as a full DCE server system 
4)  Custom      Define a customized DCE configuration for this host 
5)  IntLogin    Enable or disable DCE integrated login support 
6)  Rebuild     Rebuild DCE on this host using the current 
                configuration 
7)  Add_SecRep  Add a Security Replica to the configuration on this host 
8)  Add_CdsRep  Add a CDS Replica clearinghouse to the configuration 
                on this host 
 
0)  Exit        Return to previous menu 
?)  Help        Display helpful information 
 
 
 
Please enter your selection: 
 

Table 4-1 provides descriptions of the options available on the DCE Configuration Menu.

Table 4-1 Configuration Menu Options
Option Description
1 RPC_Only Provides a subset of the DCE RPC services. If DCE Version 1.5 is installed on an OpenVMS Alpha system running Version 7.2 or higher, NTLM security may be utilized for authenticated RPC requests. With an RPC_Only configuration, there are no RPC name service interface routines available. This configuration will, however, allow applications to communicate if full string bindings are supplied by the RPC client, or if the client requests the port number to complete the partial string binding from the end point mapper (RPC daemon).
2 Client Provides full DCE RPC services, client services for CDS and Security, and optional time services. A DCE client system must join an existing DCE cell with a security registry and a CDS master server available on other systems in the cell.
3 Server Provides full DCE RPC services, a security registry server for the cell, a CDS master server, a DTS server, and the NSI agent for name service independent access to directory services from PC client systems. There can be only one security registry and CDS master server in a cell, although they need not reside on the same host.
4 Custom If one of the other configuration options is not appropriate for this host, this option creates a customized DCE configuration. This configuration allows tailoring of the following DCE services:
  • Security Client or Security Registry Server or Security Replica
  • CDS Client, CDS Master Server, or CDS Replica Server
  • Global Directory Agent (optional)
  • Time Services (optional)
  • NSI Agent (optional)
5 IntLogin Provides support for Integrated Login, which combines the DCE and OpenVMS login procedures. (See the Digital DCE for OpenVMS VAX and OpenVMS Alpha Product Guide for information about Integrated Login.)
6 Rebuild If a valid configuration is present, this option rebuilds the DCE configuration on this host using the current settings. Note that this option appears on the menu only if the procedure detects an existing valid configuration.
7 Add_SecRep Adds a security replica to the configuration on this host. This option is only present if the host is a DCE security client.
7 Del_SecRep Deletes the security replica from this host. This option appears instead of Add_SecRep if a security replica has already been configured. Selecting this option is the only way to delete a security replica (except for clobbering the configuration).
8 Add_CdsRep Adds a CDS replica clearinghouse to the configuration on this host. This option is only present if the host is a DCE CDS client.
8 Del_CdsRep Deletes the CDS replica clearinghouse from this host. This option appears instead of Add_CdsRep if a CDS replica has already been configured. Selecting this option is the only way to delete a CDS replica clearinghouse (except for clobbering the configuration).

4.3 Configuration Procedure

This section leads you through the configuration process. It assumes that you have chosen either the client or server option from the configuration menu described in Section 4.2.

4.3.1 Initial Messages

If you are performing an initial configuration, the procedure responds with messages similar to the following:


Starting DCE client configuration . . . 
 
This system has no current DCE configuration. 
 
Based on this configuration, there should be no active DCE daemons. 
 
 At each prompt, enter your response.  You may enter <RETURN>  for 
 the default response, displayed in [brackets], or '?' for help. 
 Entering a CONTROL-Z will terminate this configuration request. 
 
Press <RETURN>  to continue . . . 

The procedure then stops any daemons and removes all files from previous configuration operations.


Removing temporary local DCE databases . . . 
 
Removing permanent local DCE databases . . . 

4.3.2 Time Zone Configuration

If you do not already have a valid time zone configuration, you are asked to provide one during the configuration. For more information on time zone configuration, see the Troubleshooting chapter in the Digital DCE for OpenVMS VAX and OpenVMS Alpha Product Guide.

The following questions may be displayed:


DCE requires a valid UTC time zone configuration.  No time zone 
configuration startup procedure was found, so you will now be 
asked to provide local time zone information so that the startup 
procedure will be created. 
 
 
        Timezone Options: 
 
        [0]     Exit Timezone Configuration 
 
        [1]     Choose a timezone using menus 
        [2]     Use Universal Coordinated Time (UTC) 
        [3]     Type in your own timezone rule 
 
* Enter an option number [1] : 
 
        Timezone Region Options: 
 
        [0]     Return to the Timezone Options menu 
 
        [1]     Europe 
        [2]     North America 
        [3]     Central & South America 
        [4]     Africa 
        [5]     Asia 
        [6]     South Pacific 
        [7]     Antarctica 
 
* Enter a timezone region number : 
 
        Timezone Subregion Options: 
 
        [0]     Return to Region Options menu 
 
        [1]     US/Eastern 
        [2]     US/East-Indiana 
        [3]     US/Central 
        [4]     US/Mountain 
        [5]     US/Pacific 
        [6]     US/Alaska 
        [7]     US/Arizona 
        [8]     US/Navajo 
        [9]     US/Michigan 
        [10]    US/Aleutian 
        [11]    US/Hawaii 
        [12]    US/Samoa 
        [13]    Canada/Newfoundland 
        [14]    Canada/Atlantic 
        [15]    Canada/Eastern 
        [16]    Canada/Central 
        [17]    Canada/East-Saskatchewan 
        [18]    Canada/Mountain 
        [19]    Canada/Pacific 
        [20]    Canada/Yukon 
 
* Enter a timezone subregion number : 

4.3.3 Defining the DCE Hostname

After removing the temporary and permanent local DCE databases, the procedure leads you through the process of creating or joining a cell.

Note

Names and identifiers associated with DCE, including principal names and passwords, are case sensitive and cell names and hostnames are always converted to lowercase.

First, the system responds with the following messages:


Starting Remote Procedure Call Services daemon (DCE$RPCD) . . . 
%RUN-S-PROC_ID, identification of created process is 218001AB 

It then asks you for the DCE hostname:


Please enter the DCE hostname for this system [dcevms]: 

Press the Return key to take the default name. If you do not take the default, define a name for your system that is unique within your DCE cell. You can base this name on your network hostname, but do not include any dots (.) in the name. Use only the hostname portion of the node's fully specified name. For example, use only myhost; do not use myhost.mycompany.com.

4.3.4 Defining the DCE Cellname

After you enter the hostname, you are asked whether you want to search the LAN for known DCE cells:


Do you wish to search the LAN for known DCE cells (YES/NO/?) [Y]? 

If you answer YES the system responds with messages similar to the following:


Searching, please wait . . . 
 
The following cells were discovered within broadcast range of this system: 
 
            openup_cell.dce.zko.dec.com 
            opndce_cell.dce.zko.dec.com 
            excess_cell.dce.zko.dec.com 
            opnsea_cell.dce.zko.dec.com 

Whether you answered YES or NO to the previous question, you are then asked for the name of your DCE cell:


Please enter the name of your DCE cell []: excess_cell.dce.zko.dec.com 

Note that cell names can look like IP Domain names with the form
cellname.domain.company.com.

X.500 cell names have the form
c=country/o=organization/ou=organization unit.

Note

X.500 cell names can contain spaces or hyphens if they are enclosed in double quotes, but underscores are never allowed, even if they are enclosed in double quotes. For example, the X.500 cell names /c=us/o=digital/ou="excess cell" and /c=us/o=digital/ou="excess-cell" are allowed, but /c=us/o=digital/ou=excess_cell and /c=us/o=digital/ou="excess_cell" are not allowed.

X.500 requires DECnet/OSI. If you enter an X.500 style cell name and you do not have DECnet/OSI installed, the system responds with the following message:


*** 
*** You have entered an X.500 style cellname. 
*** DECnet/OSI has not been found on this system and is necessary for X.500 
*** operation.  If you wish to configure an X.500 cell, please exit this 
*** program and install DECnet/OSI.  YOu can then configure DCE successfully. 
*** 

If you do not know the cell name, refer to the section on global names in the OSF DCE Administration Guide, or consult your network administrator. Note that you should not include the /.../ or /.:/ prefix when specifying a cellname. It will be added automatically whenever it is needed.

You are then asked whether you want to save the current cell names:


Do you want to save these names for your DCE configuration (YES/NO) [YES]? 

Under normal circumstances, press the Return key to save the settings. You must save these names to be able to start the DCE daemons.

If you have made an error in the hostname or cellname and want to correct the error, answer NO to the question on saving the current names. You are then asked whether you want to continue the procedure. Answer YES if you are satisfied. Answer NO if you have made a mistake and want to change your answers.

If you have specified an X.500 cellname, you are then asked whether you want to register the DCE cell in X.500. Remember that X.500 requires DECnet/OSI.


Do you want to register the DCE cell in X.500 (YES/NO/?) [N]? y 

4.3.5 Defining Security Information

The security questions in this section may vary depending on the type of configuration you are performing.

If this is a client, you are asked to enter the name of the host where the security registry for the cell is located.


Please enter the hostname of the DCE security registry [leaper]: 
Checking TCP/IP local host database for address of "leaper". Please wait ... 
Checking BIND servers for address of "leaper".  Please wait ... 

To configure an OpenVMS DCE client system, you need access to a DCE security registry server. Security initialization requires contacting the security registry.

If the hostname that you specify is not currently defined in the TCP/IP host's database, you must also provide the IP address. When you enter the hostname, do not include any dots (.) or include the DCE hosts/ prefix with the hostname.

You must also provide the principal name and password that are authorized to perform cell configuration operations. The default principal name is cell_admin.


Please enter the principal name to be used [cell_admin]: 
Please enter the password for principal "cell_admin" (or ? for help): 

If the Internet address for the hostname that you specified cannot be obtained from the current TCP/IP services, the procedure asks whether you want to enter a different hostname.


Do you want to specify a different hostname (YES/NO/?) [Y]? 

If you answer NO, you are asked to provide the IP address.


Please enter the IP address for opra:  55.13.792.631 

4.3.6 Defining CDS

If the procedure did not search the LAN for cells or your cell name is not in the list that the procedure found, the procedure asks whether the CDS master server is in broadcase range.


Is the CDS Master Server within broadcast range (YES/NO/?) [Y] 

CDS clients learn about namespace clearinghouse servers by using an advertisement protocol that is broadcast over the LAN. If the CDS master server for this cell is not reachable on the LAN, you must provide the name of the host running the CDS master server so that this client can contact the server directly via TCP/IP messages instead of LAN broadcast messages. This situation may arise if your CDS Master Server is accessible only through a WAN or is behind a LAN bridge that is filtering out the broadcast messages.

If the CDS master server is not within broadcast range, DCE startup will use the cdscp define cached server command to initiate communication with the CDS master server. If the server is within broadcast range, no cached server command is required.

4.3.7 Configuring Multiple LAN Cells

If you are configuring a CDS Master Server, you are asked whether the cell uses multiple LANs. The cell uses multiple LANs if clients and servers are divided into profile groups to facilitate performance. (Most cells will not require this feature.)


Does this cell use multiple LANs (YES/NO/?) [N]? y 

If you answer YES, the system responds with messages similar to the following:


Checking TCP/IP local host database for address of "leaper".  Please wait . . . 
Please enter the name of your LAN [43.7.12]: 

If you are configuring a CDS client and the procedure detects a multi-LAN cell, you are asked which LAN your host is on. (The following questions are asked during the configuration, because the search cannot occur until after the CDS daemons are started.)


Testing for multi-LAN cell . . . 
 
This cell has been configured to span multiple LANs.  The known LANs are: 
 
       43.7.12 
 
Please enter the name of the LAN for this host [43.7.12]: 27.0.66 
 
The requested LAN has not yet been defined in the namespace. 
 
Do you want to define it (YES/NO/?) [Y]? 

4.3.8 Defining Time Services

Digital DCE for OpenVMS VAX and OpenVMS Alpha provides two time services: DCE DTS and DECnet/DTSS. By default, DCE DTS is used.


Do you want to disable DECnet/DTSS, and use DCE DTS instead? (YES/NO/?) [Y]? 

If you accept the default and use DCE DTS, you can choose to accept time from DECnet/DTSS servers by answering YES to the following question.


Do you want to accept time from DECnet/DTSS servers? (YES/NO/?) [N]? 

If you rely on DCE time services for time synchronization, you need a minimum of three time servers to synchronize time in a cell. See the section on the DCE Distributed Time Service in the OSF DCE Administration Guide for more information.

4.3.9 Saving the DCE Services

One of the last questions asked is whether you want to save the service configuration:


Do you want to save this service configuration (YES/NO/?) [Y] 

If you answer YES, the actual configuration begins. If you answer NO, you are returned to the main menu, where you may answer all the questions again or stop the configuration.


Previous Next Contents Index