You must have iChain 2.3 SP1 or later to complete the OTWUG.
The CD upgrade provides large DOS and Sys volume sizes. The advantage of the CD upgrade are the ability to save core dumps out to the DOS volume for debugging.
When upgrading from iChain 2.2 to iChain 2.3, you are prompted with the EULA. This is a one-way process and you must confirm it in order to continue. If you are upgrading from iChain 2.2, enable telneton.nas from the GUI. It is disabled by default.
IMPORTANT:You cannot upgrade from iChain 2.2 to iChain 2.3 SP3 using the OTWUG. You must upgrade to iChain 2.3 SP1 or SP2 first.
If a DNS services is not available, the OTWUG must use IP addresses.
With the added functionality in iChain 2.3 of being able to combine RADIUS authentication with LDAP authentication, additional configuration is needed to map the RADIUS user common name to a distinguished name in the LDAP authentication tree.
The recommended way to do this is to create an LDAP authentication profile named ldaprad to be used to find the distinguished name of the user in the LDAP authentication tree. See the Novell iChain 2.3 Administration Guide online for details.
To do this using the aclcheck profile, as done in previous versions of iChain, the ldap logintype of the aclcheck profile needs to be modified, as well as the ldap searchbase and ldap bindanonymous settings.
Set the ldap logintype to FieldName using the following command on the iChain server command line interface:
set authentication aclcheck ldap logintype = FieldName
The default settings for SNMP have changed to:
set snmp monitor=no set snmp name=iChain
These settings changes can cause a server reboot if you import a .nas file from a previous version or change to the factory settings.
If you import an iChain 2.2 .nas file that contains password management servlet information to an iChain 2.3 server, the password information might be lost because the SNMP files change. If this occurs, you need to reboot. Importing iChain 2.3 .nas files with the same information works properly.
The servlet directory is no longer available in iChain 2.3. This includes the java, class, and jar files related to the servlets that were previously available on the iChain Authorization CD. To access these servlets, see the Novell Cool Solutions Web site.
For the iChain 2.3 release, the SecretStore client utilities have been removed from the authorization server CD. To get the latest version of these utilities, go to the Novell NDK Web site.