Previous | Contents | Index |
Once you answer YES to saving the service configuration, the actual configuration begins. You receive messages similar to the following:
Establishing security environment for principal "cell_admin" . . . Starting Security Service Client daemon (DCE$SEC_CLIENTD) . . . %RUN-S-PROC_ID, identification of created process is 00000DAE Testing access to the security registry . . . Initializing CDS... Starting CDS Name Service Advertiser daemon (DCE$CDSADV) . . . %RUN-S-PROC_ID, identification of created process is 00000EEF Starting CDS Name Service Client daemon (DCE$CDSCLERK) . . . %RUN-S-PROC_ID, identification of created process is 00000EC2 Configuring client host objects in the cell namespace . . . Setting up required objects in namespace directory "/.:/hosts/excess" . . . Creating namespace directories and objects . . . Configuring required RPC information . . . Modifying ACL's on namespace objects . . . /.:/hosts/excess /.:/hosts/excess/self /.:/hosts/excess/cds-clerk /.:/hosts/excess/profile /.:/lan-27.0.66-profile Starting Distributed Time Service daemon (DCE$DTSD) . . . %RUN-S-PROC_ID, identification of created process is 00000EC3 Press <RETURN> to continue . . . |
After you press the Return key, the DCE Configuration Menu is displayed.
4.3.11 Exiting from the Configuration
After the configuration is completed, the initial DCE Configuration Menu is displayed once again. Enter 0 to exit.
DCE Configuration Menu 1) RPC_Only Provide DCE RPC services only 2) Client Configure this host as a DCE client system 3) Server Configure this host as a full DCE server system 4) Custom Define a customized DCE configuration for this host 5) IntLogin Enable or disable DCE integrated login support 6) Rebuild Rebuild DCE on this host using the current configuration 7) Add_SecRep Add a Security Replica to the configuration on this host 8) Add_CdsRep Add a CDS Replica clearinghouse to the configuration on this host 0) Exit Return to previous menu ?) Help Display helpful information Please enter your selection: 0 |
In DCE for OpenVMS Version 1.5, the DCE system management command procedure (DCE$SETUP.COM) has been changed. These changes are described in the following sections.
The RPC daemon can be started and stopped with the two new command files DCE$RPC_STARTUP.COM and DCE$RPC_SHUTDOWN.COM. These files are located in SYS$COMMON:[SYSMGR].
To start the RPC daemon, execute DCE$RPC_STARTUP.COM. You can specify the following option:
[NO]CONFIRM | Turns user prompting on or off. CONFIRM is the default. |
To stop the RPC daemon, execute DCE$RPC_SHUTDOWN.COM. You can specify the following options in any order:
[NO]CONFIRM | Turns user prompting on or off. CONFIRM is the default. |
CLEAN | Deletes all entries from the RPC endpoint database. |
Do not stop the RPC daemon if any RPC applications are running on the system. |
The RPC daemon can limit the protocols used by RPC applications. To restrict the protocols that can be used, set a logical name RPC_SUPPORTED_PROTSEQS to contain the valid protocols separated by a colon. Valid protocols are ncadg_ip_udp, ncacn_ip_tcp, and ncacn_dnet_nsp.
For example:
$ DEFINE RPC_SUPPORTED_PROTSEQS "ncacn_ip_tcp:ncacn_dnet_nsp" |
This prevents RPC applications from registering endpoints that utilize
TCP/UDP.
4.5 Client Configuration Considerations
By default, the client configuration configures the following components:
See Appendix C for an example of a client configuration.
4.6 Server Configuration Considerations
By default, the server configuration configures the following components:
See Appendix C for an example of a server configuration.
4.7 Custom Configuration Considerations
Before you begin a custom configuration, make sure you are familiar with all the components of a configuration. Performing a custom configuration is more complex than performing other configurations.
When you choose either the client or the server configurations, defaults are automatically set for you. However, if you do not want all the defaults, or if you want additional DCE components (such as Security Replica or GDA), consider performing a custom configuration.
The custom configuration lets you tailor a client or server system as well as include the following options:
The only way you can configure a split server cell (so that the CDS master server is on one host and the security registry is on another) is through a custom configuration.
To configure a split server cell, you need two custom configurations occurring at almost the same time. In brief, the process is as follows:
The following steps describe in more detail how to configure a split server cell:
Please enter the DCE hostname for this system [opra]: Do you wish to search the LAN for known DCE cells (YES/NO/?) [Y]? n Please enter the name for your DCE cell []: leaper_cell.dce.zko.dec.com Hostname: opra Cellname: leaper_cell.dce.zko.dec.com Do you want to save these names for your DCE configuration (YES/NO/?) [Y]? Do you wish to configure opra as the Security Master server (YES/NO/?) [N]? y Please enter the principal name to be used [cell_admin]: Please enter the password for principal "cell_admin" (or ? for help): Please enter the password again to confirm it: Will opra be the CDS Master server for the cell (YES/NO/?) [N]? n Do you wish to configure opra as a CDS Replica server (YES/NO/?) [N]? n Is the CDS Master Server within broadcast range (YES/NO/?) [N]? y Do you want to enable DCE DTS (YES/NO/?) [N]? y Do you want this host to be a DCE DTS Local Server (YES/NO/?) [N]? y Do you want to configure the NSI Agent (YES/NO/?) [N]? y Do you want to enable DCE integrated login support (YES/NO/?) [N]? **************************** WARNING **************************** *** You have selected a split-server configuration. This requires *** that you coordinate the configuration of the two hosts where the *** Security Registry Server and the CDS Master Server will reside. *** You cannot configure one without configuring the other. *** You have chosen to configure this host as the Security Registry *** Server. *** Continue with the configuration and the process will pause and *** prompt you to configure the CDS Master Server. Do you want to proceed with this operation (YES/NO/?) [N]? y Do you want to save this service configuration (YES/NO/?) [Y] |
**************************** INFO ***************************** *** *** This system has now been configured as a security server. Since *** you chose not to configure this system as a CDS server, you must *** now configure another host as the Master CDS Server for this *** cell. Once you have done this, answer YES to the following *** question to complete the configuration of this system. *** ********************************************************************** Has the CDS Master Server been configured (YES?NO/?) ? |
Please enter the DCE hostname for this system [leaper]: Do you wish to search the LAN for known DCE cells (YES/NO/?) [Y]? n Please enter the name for your DCE cell []: leaper_cell.dce.zko.dec.com Hostname: leaper Cellname: leaper_cell.dce.zko.dec.com Do you want to save these names for your DCE configuration (YES/NO/?) [Y]? Do you wish to configure leaper as the Security Master server (YES/NO/?) [N]? Do you wish to configure leaper as a Security Replica server (YES/NO/?) [N]? Please enter the hostname of the DCE security registry []: opra Checking TCP/IP local host database for address of "opra". Please wait . . . Checking BIND servers for address of "opra". Please wait . . . Please enter the principal name to be used [cell_admin]: Please enter the password for principal "cell_admin" (or ? for help): Will leaper be the CDS Master server for the cell (YES/NO/?) [N]? y Do you want to enable the Global Directory Agent (YES/NO/?) [N]? n Does this cell use multiple LANs (YES/NO/?) [N]? Do you want to enable DCE DTS (YES/NO/?) [N]? y Do you want this host to be a DCE DTS Local Server (YES/NO/?) [N]? y Do you want to configure the NSI Agent (YES/NO/?) [N]? y Do you want to enable DCE integrated login support (YES/NO/?) [N]? Do you want to proceed with this operation (YES/NO/?) [N]? y Do you want to save this service configuration (YES/NO/?) [Y] |
Has the CDS Master Server been configured (YES?NO/?) [Y]? YES |
If you have a split server configuration, you must rebuild the security
server first. When it pauses, rebuild the CDS server configuration.
When the CDS server configuration is completed, continue rebuilding the
security server.
4.9 Running the Configuration Verification Procedure
You can run the Configuration Verification Procedure (CVP) at the end of a successful configuration by choosing Test (Option 8) on the initial DCE Configuration Menu or by entering the following command:
$ @SYS$MANAGER:DCE$SETUP TEST |
The CVP starts and displays the following informational messages:
Executing Digital DCE V1.5 CVP (please wait) \(co Digital Equipment Corporation. 1998. All Rights Reserved |
The CVP invokes tests of the 10 DCE RPC interfaces, displaying a dot (.) as each test is successful. A completely successful test execution results in 10 dots printed in succession.
The CVP test requires CDS and Security. The test procedure does not run
correctly if your system has been configured for RPC only.
4.10 Logical Names Created During Configuration
The configuration process creates the following logical names:
Logical Name | Description |
---|---|
DCE | Defines a search list pointing to directories SYS$COMMON:[DCE$LIBRARY] and SYS$LIBRARY. These directories contain Application Developer's Kit include files and other files for creating DCE applications. |
DCE$COMMON | Points to the directory SYS$COMMON: [DCELOCAL]. This directory holds DCE-specific files common to all DCE hosts in a cluster. |
DCE$LOCAL | Points to the directory DCE$SPECIFIC. This directory defines the top of the DCE directory hierarchy. |
DCE$SPECIFIC | Points to the directory SYS$SPECIFIC: [DCELOCAL]. This directory is for internal use only. |
If the system configuration utility encounters problems, error messages are displayed. When the procedure encounters nonfatal errors, it tries to continue. If the procedure encounters a fatal error, it terminates the requested operation.
The following list provides suggestions for dealing with errors encountered during a configuration:
$ @SYS$MANAGER:DCE$SETUP.COM CLEAN |
$ @SYS$MANAGER:DCE$SETUP.COM START |
If the previous steps do not work and you have an Alpha system running OpenVMS Version 7.2, follow these steps:
$ @SYS$MANAGER:DCE$SETUP.COM CLEAN |
$ @SYS$MANAGER:DCE$RPC_SHUTDOWN CLEAN |
$ @SYS$MANAGER:DCE$SETUP.COM START |
You must configure each node in a VMScluster separately by entering the following command on each node:
$ @SYS$MANAGER:DCE$SETUP.COM CONFIG |
If POSIX is already installed and running on your system, then the DCE
configuration (DCE$SETUP.COM) performs the DCE setup for POSIX.
However, if POSIX is installed after you perform the DCE configuration,
then SYS$STARTUP:POSIX$STARTUP.COM performs the DCE setup for POSIX.
4.13.1 When POSIX Is Installed Before the Configuration
If POSIX is already installed and running on your system, the following symbolic links are defined during the DCE configuration:
After installing and configuring DCE, the system manager should enter the following line at the end of /etc/profile:
. /usr/dce/bin/dce_defs.sh |
Note the dot (.) at the beginning of the line. (In a future release of
POSIX, it will not be necessary to add this line.)
4.13.2 When POSIX Is Installed After the Configuration
If POSIX is not installed and running until after the DCE configuration, then have the system manager perform the following steps:
. /usr/dce/bin/dce_defs.sh |
Previous | Next | Contents | Index |