Using the DCE Configuration Options [ DCE for the HP 3000 ] MPE/iX 5.0 Express III Documentation
DCE for the HP 3000
Using the DCE Configuration Options
The DCE configure options allow you to perform multiple tasks on a given
DCE cell. This subsection includes the required steps (in order):
1. Configuring an Initial Cell
2. Configuring a DTS Server
3. Configuring a DCE Client (Client-Only System)
4. Removing or Reconfiguring a Cliet
5. Removing or Reconfiguring a Server
For more information about your configuration options (why and/or when to
use them), refer to the OSF DCE Administratin Guide - Core Components
(B3190-90034) document.
Configuring an Initial Cell
When creating a DCE cell, servers must be configured before clients.
Configuration must be performed in the following order:
1. Security server
2. CDS server
3. Time server(s)
4. Time provider
When these server systems have been configured, the client systems can be
configured.
To configure an MPE/iX system as the primary server for the core DCE
services, perform the following steps:
1. Select "1. CONFIGURE" from the DCE Main Menu, the DCE
Configuration Menu is displayed:
____________________________________________
| |
| |
| DCE Configuration Menu |
| |
| 1. Initial Cell Configuration |
| 2. Additional Server Configuration |
| 3. DCE Client |
| |
| |
| 98. Return to previous menu |
| 99. Exit |
| |
| selection: |
| |
____________________________________________
2. Select "1. Initial Cell Configuration" from the DCE Configuration
Menu, the Intitial Cell Configuration menu is displayed:
_______________________________________
| |
| |
| Initial Cell Configuration |
| |
| 1. Security Server |
| 2. Initial CDS Server |
| |
| 98. Return to previous menu |
| 99. Exit |
| |
| selection: |
| |
_______________________________________
3. Select "1. Security Server" from the Initial Cell Configuration
menu.
If you are re-configuring a cell, answer "Y" to the following
displayed question (this is always a safe answer):
__________________________________________________________________
| |
| |
| ... remove all remnants of previous DCE configurations? Y |
| |
__________________________________________________________________
If this is your first cell configuration, or if you have
previously run REMOVE, answer "n" to the question displayed.
4. Enter a cell name, keyseed, cell administrator's principal name,
and the principal's password:
____________________________________________________________________
| |
| |
| ... enter the name of your cell: my_cell_name |
| |
| ... enter keyseed for initial database master key: <anykey> |
| |
| ...Cell Administrator's principal name: cell_admin |
| ...password for the Cell Administrator: password |
| Re-enter desired password: password |
| |
____________________________________________________________________
Progress messages are displayed from dce_config and other programs
it invokes. Common messages displayed include "password must be
changed" (from the dce_login) and "bye" (from rgy_edit), these are
not errors or warnings.
Security configuration takes approximately five to ten minutes.
When complete, three DCE daemon jobs (rpcd, secd and secclntd) are
running.
After the Security server has completed configuration, dce_config
returns to the DCE Configuration menu.
5. From the DCE Configuration Menu, select "1. Initial Cell
Configuration". Then select "2. Initial CDS Server" to configure
the CDS server.
This machine creates a cell directory, the namespace is
initialized, and ACLs are set for all new namespace entries.
6. Respond to the "..multiple LANs.." question:
* If the DCE cell machines will be on different LANs, respond
Y (yes).
* If the DCE cell machines will be on the same LANs, respond
N (no).
_____________________________________________________________
| |
| |
| ... Are you using multiple LAN's within this cell? N |
| |
_____________________________________________________________
_________________________________________________________________
NOTE Failure to answer the "..multiple LANs.." question correctly
results in an incorrect network profile and a non functional
DCE cell. A "Y" answer is the safest if you are unsure.
_________________________________________________________________
If your cell does span multiple LAN's, dce_config asks for the
name of the LAN where the machine being configured resides. The
name you provide is arbitrary, and is used by dce_config to store
cell profile information.
________________________________________________
| |
| |
| ... What is the name of the LAN? lan_50 |
| |
________________________________________________
CDS configuration takes longer than Security configuration
(approximately one hour on small systems). When complete, another
two DCE daemon jobs (cdsadv, cdsd) are up and running.
Configuring a DTS Server
DTS servers may be configured on any system in the cell. A minimum of
three Time servers is recommended for any cell with three or more member
systems. Refer to the OSF DCE Administratin Guide - Core Components
(B3190-90034) for a discussion of the optimum placement of servers in a
cell with gateway or WAN links.
If you do not want to configure DTS or if you do not have three systems
in a cell, you can skip this section.
NOTE Before configuring a DTS server, you must complete the "Initial
Cell Configuration" on that system. It is recommended that the
system that you plan to add a DTS server to is configured as a DCE
client before starting the DTS server configuration.
To configure a DTS server, perform the following steps:
1. Select "2. Additional Server Configuration" from the DCE
Configuration Menu. The Additional Server Configuration menu is
displayed:
_________________________________________
| |
| |
| Additional Server Configuration |
| 1. Additional CDS Server(s) |
| 2. DTS |
| 3. Replica Security Server |
| |
| 98. Return to previous menu |
| 99. Exit |
| |
| selection: |
| |
_________________________________________
2. Select "2. DTS" to configure the DTS server. The DTS
Configuration Menu is displayed:
__________________________________________________________________
| |
| |
| DTS Configuration Menu |
| 1. DTS Local Server |
| 2. DTS Global Server (needed only in multi-LAN cells) |
| 3. DTS Clerk (needed only when changing back to a clerk) |
| 4. DTS Time Provider |
| |
| 98. Return to previous menu |
| 99. Exit |
| |
| selection: |
| |
__________________________________________________________________
3. Start the DTS daemon:
* For servers on the same LAN, select "1. DTS Local Server".
* For servers that intend to communicate across LAN
bounderies, select "2. DTS Global Server".
For a discussion about the use of DTS global servers for time
servers communicating betwen LANs, refer to the OSF DCE
Administration Guide - Core Components (B3190-90034).
Either selection starts the dts daemon.
_________________________________________________________________
NOTE DTS requires at least three servers in order to function.
Skipping DTS will not have a direct impact on Security and
CDS. However, Security requires that clock skew among
systems be no more than five minutes. If the difference is
more than 5 minutes, you can use the MPE/iX SETCLOCK command
to reset your system clocks on the DTS server systems.
Ensure that the sytem time and TIMEZONE are both set
correctly with SETCLOCK.
_________________________________________________________________
4. When the Time servers have completed their configuration in a
cell, select "4. DTS Time Provider" from the DTS Configuration
Menu to configure a DTS time provider on one of the time servers
in a cell. The DTS Time Provider Menu is displayed:
___________________________________________
| |
| |
| DTS Time Provider Menu |
| |
| 1. Configure a NULL time provider |
| 2. Configure an NTP time provider |
| |
| 98. Return to previous menu |
| 99. Exit |
| |
| selection: |
| |
___________________________________________
_________________________________________________________________
NOTE A time provider should be configured on one node only within
the cell.
_________________________________________________________________
The DTS NULL time provider configures a system to trust its own
clock as an accurate source of time. The DTS NTP time provider
obtains an accurate source of time from other systems outside the
cell. Refer to the OSF DCE Administratin Guide - Core Components
(B3192-90034) for more information about time provdier.
If you selected "2. Configure an NTP time provider", respond to
the following question:
___________________________________________________________________
| |
| |
| Enter the hostname where the NTP server is running: MyHost |
| |
___________________________________________________________________
5. To ensure that all DTS servers are configured correctly, use the
following commands:
shell/iX> dtscp show all
shell/iX> dtscp show state
shell/iX> dtscp show local servers
The show local servers command displays all DTS servers in the
cell except for your own system.
6. To display the current time from the dtscp program, setup the
following softlink in the shell:
shell/iX> id /etc/zoneinfo
shell/iX> in -s US/Pacific localtime California local time
When the localtime softlink has been set, then the time can be
displayed with the following command:
shell/iX> dtscp show current time
Configuring a DCE Client (Client-Only System)
A DCE client can not be configured without a functional DCE cell. In
other words, when you configure your machine as a DCE client, the DCE
cell that you are going to configure needs to be up and running. You
need to know the name of the cell and the names of the systems that the
DCE servers (Security, CDS and DTS) reside.
Before preceding with the DCE Client configuration, ensure that the
HOSTS.NET.SYS file in your machine contains the IP addresses for the
systems that are running as Servers. When complete, follow the
description in the "Startup the DCE Configuration" menu to bring up the
DCE main menu.
The following steps enable you to add your machine as a DCE client node:
1. Select "1. Configure" from the DCE Main Menu.
2. Select "3. DCE Client" from the DCE Configuration menu.
3. Respond to the following questions:
_______________________________________________________________________
| |
| |
| Enter the name of your cell (without /.../): n22cell . |
| . |
| . |
| What is the name of the Security Server for this cell? server1 |
| . |
| . |
| . |
| You can either continue or exit from dce_config. |
| Do you wish to continue (y/n)? (y): y |
| Enter Cell Administrator's principal name: cell_admin |
| Enter password: password |
| . |
| . |
| . |
| This machine is now a security client. |
| |
_______________________________________________________________________
Two DCE daemon jobs (rpcd, secclntd) are streamed and are running.
You are informed that your machine is now a Security client.
4. Respond to the following questions to add CDS client configuration
to your system:
_____________________________________________________________________
| |
| |
| . |
| . |
| . |
| Continue or exit from dce_config. Do you wish to continue? Y |
| . |
| . |
| . |
| Enter name of primary CDS server: server1 |
| Can my_machine broadcast to server1? |
| |
_____________________________________________________________________
Answer "Yes" if my_machine (the name of your machine) is on the
same LAN as the remainder of the cell. If you are not sure if
they are on the same LAN, respond "No." An incorrect "No" answer
causes a local CDS cache to be set up for the client machine; an
incorrect "Yes" answer results in an incorrect network profile and
a non-functional DCE cell.
5. Respond to the "...multiple LAN's..." question:
______________________________________________________________
| |
| |
| Are you using multiple LAN's within this cell? (n): n |
| |
______________________________________________________________
One DCE daemon job (cdsadv) is now running and you are informed
that this machine is now a CDS client.
6. If you want to continue adding your machine as a DTS client,
respond with a "Yes" to the following prompt; however, if you are
not using DTS within the cell or you want this node to be a DTS
server, respond "No" to the prompt:
_______________________________________________________________________
| |
| |
| . |
| . |
| . |
| ...continue or exit from dce_config. Do yo wish to continue? y |
| |
_______________________________________________________________________
7. Respond "No" to the ...make this a DFS client prompt. DCE/3000
does not support DFS.
Removing or Reconfiguring a Client
The procedure described below is used for:
* removing a client
* reconfiguring a client
* stopping a cell
* changing the name of a cell
* changing or modifying a configuration
To remove or reconfigure a client (the client cannot be a Security server
or a CDS server), perform the following steps:
1. Bring up the DCE main menu (as described in "Using the DCE
Configuration Tool" earlier in this section).
2. Select the "4. UNCONFIGURE" option (this option can be executed
from any system in the cell). The UNCONFIGURE option removes the
target machine from the cell Security database and the CDS
namespace; therefore, do not use the UNCONFIGURE option on a
system that is used as a Security server or a CDS server.
_________________________________________________________________
NOTE DCE client daemons must be running on the system executing
the UNCONFIGURE option. If DCE daemons have been stopped,
use the START option from the DCE Main Menu to restart the
daemons before using the UNCONFIGURE option.
_________________________________________________________________
3. The system prompts for the name of the client system to be
unconfigured:
_____________________________________________________________
| |
| |
| Enter hostname of node to be unconfigured: my_client |
| |
_____________________________________________________________
_________________________________________________________________
NOTE If there were any errors unconfiguring the client system,
then the client must be unconfigured from another system in
the cell.
_________________________________________________________________
4. The system prompts for a continuance (unconfiguring a node removes
its ability to operate in a cell), you must respond:
_________________________________________
| |
| |
| Do you wish to continue (y/n)? Y |
| |
_________________________________________
The dce_config tool deletes the registry entries and CDS entries
for the client, then the following message is displayed:
________________________________________________________________
| |
| |
| A dce_config REMOVE will need to be performed from node |
| before reconfiguring it. |
| |
________________________________________________________________
5. The DCE Main Menu is displayed, select the "5. REMOVE" option on
the client system.
The 5. REMOVE option stops all running DCE daemons and removes all
previous configuration files on the local machine.
Removing or Reconfiguring a Server
The procedure described below is used for:
* removing a DCE server
* reconfiguring a DCE server
* changing the name of a cell
* changing or modifying a configuration
* restoring a server after a system crash
NOTE If you want to unconfigure the server, do not perform an
"UNCONFIGURE", instead perform a "REMOVE" option.
Removing a Security or CDS server requires that you reconfigure the
entire cell.
If you are removing both the clients and servers, all client
systems must be unconfigured and removed before the server systems
are removed. If you want to remove and reconfigure a client, you
can do so without reconfiguring the other members of a cell.
To remove or reconfigure a server, perform the following steps:
1. Ensure you are not DCE logged in as a DCE cell principal.
2. Bring up the DCE Main Menu (as described in "Using the DCE
Configuration Tool" earlier in this section).
3. Select "5. REMOVE" from the DCE Main Menu. The dce_config tool
displays the following message:
_______________________________________________________________________
| |
| |
| REMOVE will remove the nodes's ability to operate in the cell. |
| A reconfiguration of the node will be required. if this is not |
| a server node, then this node should be unconfigured before a |
| REMOVE is done. Do you wish to continue (y/n)? |
| |
_______________________________________________________________________
A "Yes" response stops all running DCE daemons in that system and
removes all files created during the initial cell configuration.
MPE/iX 5.0 Express III Documentation