NMAS Server and Client Guidelines



By: Marcel_Cox

February 7, 2007 4:53 am

Reads: 190

Comments:0

Rating:0

Problem

A Forum reader recently asked:

“If I have users who are logging into all 4 servers, does each server
need NMAS installed? Or does the install to eDirectory via the server holding the master replica suffice?”

And here’s the response from Marcel Cox …

Solution

Starting with eDirectory 8.7, NMAS is automatically included and installed with eDirectory. Furthermore, on NetWare 6.0 servers, the eDirectory 8.6.x version included a limited version of NMAS. Older versions did not automatically include NMAS; at that time, NMAS was a product you needed to purchase separately.

Here are a few general rules for using NMAS:

1) It is not required to have NMAS running on all of your servers, but for users that need NMAS functionality, at least one server holding a master or R/W replica of the partition containing the user will need to run NMAS.

2) With an NMAS-enabled client, the login is always handled by a server running NMAS. So if the main server used by your users is not running NMAS, you artificially force your users to first connect to a different server, thus potentially creating unnecessary delays and a bottleneck. Therefore, it is best to have NMAS running wherever possible.

3) If you have NMAS running on multiple servers, make sure you run the same versions, or at least versions close enough. This is because Novell did some significant enhancements to NMAS 3.x, especially regarding Universal Password and related functionality.

4) Depending on what server versions you are using, if possible use the following versions:

  • eDirectory : 8.7.3.9 or 8.8 SP1
  • NMAS: 3.1.2 (included with Security Services 2.0.3 or with NW65SP6)

Security Services 2.0.3 can be found here:
http://download.novell.com/Download?buildid=0HLVzEw7UiA~

5) If you want to manage Universal Password and related functionaly (like password self service) and you want to take advantage of all the newer features of NMAS 3.x, use iManager 2.5 or 2.6 togather with the IDM 3.0x plugins:

http://download.novell.com/SummaryFree.jsp?buildid=a5ydrY7vuo0~

You don’t need to be running IDM 3.0x to use these plugins. The password management functionality of these plugins will also work without IDM.

For more information on Universal Password, see Marcel’s guide at:
http://wiki.novell.com/index.php/Universal_Password

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: eDirectory, Identity Manager, iManager, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment