NOVELL TECHNICAL INFORMATION DOCUMENT TITLE: NAAS Update for NW6 SP1 or SP2 Servers TID #: 2965104 README FOR: NAASPT5.EXE NOVELL PRODUCTS and VERSIONS: Novell Advanced Auditing Services - NW6 ABSTRACT: This file contains updates for Novell Advanced Auditing Services (NAAS) for NetWare 6 SP1 or SP2. All the fixes in the patch will be in NetWare 6 SP3. ----------------------------------------------------------------- DISCLAIMER THE ORIGIN OF THIS INFORMATION MAY BE INTERNAL OR EXTERNAL TO NOVELL. NOVELL MAKES ALL REASONABLE EFFORTS TO VERIFY THIS INFORMATION. HOWEVER, THE INFORMATION PROVIDED IN THIS DOCUMENT IS FOR YOUR INFORMATION ONLY. NOVELL MAKES NO EXPLICIT OR IMPLIED CLAIMS TO THE VALIDITY OF THIS INFORMATION. ----------------------------------------------------------------- INSTALLATION INSTRUCTIONS: *** Prior to installing this patch the NAAS services must be stopped. *** Issue the following commands: java -show This will display the Java classes that are currently running. Find the Audit.Server.SocketServer and Audit.Client.Tester and make note of the Process ID. Java -killxxx Issue this command for both classes replacing xxx with the Process ID number from the previous command. RECOMMENDED INSTALLATION 1. Map a driver to the root of the SYS: volume of NetWare server on which the patch is to be applied. 2. Copy NAASPT5.EXE to the root of the SYS volume of the mapped NetWare server, then expand NAASPT5.EXE. The files will be expanded to their proper locations. 3. Copy CONFIG.JAR and AUDIT.JAR from SYS:\JAVA\LIB folder on the server having this latest patch, to the \1.2\snapins directory of your ConsoleOne installation. 3. Copy the AUDITRES.JAR and CONFIGRES.JAR from SYS:\JAVA\LIB folder on the server having this latest patch, to the \1.2\RESOURCES\NAAS directory of your ConsoleOne installation. 4. See "Installation Notes" below. MANUAL INSTALLATION 1. Extract NAASPT5.EXE to a temporary directory, then copy the files to the following locations: SYS:\system\ adagent.nlm adserver.nlm dsshim.nlm fsshim.nlm jadagent.nlm nssshim.nlm updncf.nlm SYS:\Audit\ adagtset.nlm adsrvset.nlm SYS:\java\lib\ audit.jar 1164 auditres.jar Copy the following JAR files to \1.2\snapins config.jar audit.jar Copy the following JAR files to \1.2\resources\naas auditres.jar configres.jar 2. See "Installation Notes" below. INSTALLATION NOTES 1. This patch should be applied after installing NetWare 6.0 SP1 or SP2 and before configuring the NAAS framework. If NAAS is already configured and running on NetWare 6.0 SP1 or SP2, apply the patch and do not reconfigure it again. 2. Running SMS and NAAS Server components from the AUTOEXEC.NCF may result in a server abend. To avoid this possibility, remove ST_SRVR.NCF from the AUTOEXEC.NCF and load NAAS Server manually using ST_SRVR.NCF. (NAAS Agent and NAAS Server modules can be loaded in any order.) ISSUE: This patch includes fixes for the following issues: 1. *** Important for first time configuration *** Pervasive DSN creation feature is removed. With this patch, using the Pervasive Control Center, the Pervasive database (DSN) must be created before configuring the NAAS database using the NAAS configuration utility. See TID 10067500 for the procedure. 2. Agent not able to get NAAS server IP address. 3. NAAS Report not showing all the events. 4. DSShim abends while auditing DSE MODIFY ENTRY, DSE ENABLE LOGIN, DSE DISABLE LOGIN, and DSE CHANGE ACL events. 5. Deleting adcache1.aud and not deleting _cache causes commit to fail. 6. Auditing not enabled for all the partitions hosted on the server. 7. Cleaning up NAASADMN and other tables if NAAS encounters NICI errors. 8. DSShim, FSShim and NSSShim fail to come up if SNMP community string is changed from default string. 9. Shims taking too long to come up. Now instead of evaluating policies for all objects, the Agent evaluates policy only for the partition root objects. So all objects in a partition will follow the same policy. 10. Report generation in a large eDirectory tree takes long time. 11. Improved error reporting from NAAS Utility. 12. Removed LDAP dependency for Report generation. User need not configure LDAP servers for NAAS reports to work. 13. NAAS components fail to load with eDirectory error code -649. 14. Fix for the problem, "Agents fail to commit data with no errors being logged". FIXES NEW WITH NAASPT5 15. Pervasive DSN creation feature is removed. With this patch, using PCC Pervasive DSN should be created, before configuring NAAS database using NAAS configurtion utility. 16. Agents fail to commit data with no errors being logged. 17. Association of a data policy with more than 10 objects in the policy causes abend. 18. File system auditing during backup with ArcServ causes abend. 19. In a multi-partition tree, NAAS Utility fail to find effective policies. Troubleshooting ---------------- Additional NAAS Error codes --------------------------- 1. Error code: 7202 Problem 1: There was an error generating report. Problem 2: There was an error in getting the filter list from the database. problem 3: There was an error in displaying the query results. Possible cause: Insuficient Rights for Auditor. Action: Assign the read rights for naasTrail on the NAAS Server object. Then, close the ConsoleOne and try again. 2. Error code: 7504 Problem 1: There was an error generating report. Problem 2: There was an error in getting the filter list from the database. problem 3: There was an error in displaying the query results. Possible cause:Unable to read the NAAS server certificate from Novell eDirectory. Action: Check whether the Auditor is assigned with read rights for the key material object, NAASKMO and naasTrail on the NAAS server object. Assign the rights if not assigned. Then, close the ConsoleOne and try again. 3.Error code: 7510, Problem 1: There was an error generating report. Problem 2: There was an error in getting the filter list from the database. problem 3: There was an error in displaying the query results. Poissible cause: Error while reading the NAAS server parameters. Action: 1. Make sure that the NAAS is up and running. 2. Check whether Auditor is assigned with read rights for naasPortNumber, HostDevice, NAASKMO and naasTrail on the NAAS server object. Assign the rights if not assigned. Close the ConsoleOne and try again. 4. Error code 7511: Problem 1: There was an error generating report. Problem 2: There was an error in getting the filter list from the database. problem 3: There was an error in displaying the query results. Possible cause: The user name and password entered by the user are incorrect. Action:Make sure that the correct user name and password are entered and try again. 5. Error code 7512: Problem 1: There was an error generating report. Problem 2: There was an error in getting the filter list from the database. problem 3: There was an error in displaying the query results. Possible cause: Internal error. Action:Restart the NAAS Server and client and try again. Self-Extracting File Name: NAASPT5.EXE Files Included Size Date Time ..\ NAASPT5.TXT (This file) ..\AUDIT\ ADAGTSET.NLM 77329 12-2-2002 4:28:56 pm ADSRVSET.NLM 77330 12-2-2002 4:29:30 pm ..\JAVA\ ..\JAVA\LIB\ AUDIT.JAR 1191920 3-3-2003 12:04:48 pm AUDITRES.JAR 40059 2-24-2003 4:51:58 pm CONFIG.JAR 162042 10-30-2002 12:32:42 pm CONFIGRES.JAR 6330 10-30-2002 12:32:44 pm ..\SYSTEM\ ADAGENT.NLM 176653 2-24-2003 4:51:56 pm ADSERVER.NLM 133716 2-24-2003 4:54:22 pm DSSHIM.NLM 44066 10-1-2002 1:16:28 pm FSSHIM.NLM 43210 3-4-2003 10:05:58 am JADAGENT.NLM 120633 2-24-2003 4:52:10 pm NSSSHIM.NLM 42292 3-4-2003 10:06:44 am UPDNCF.NLM 6360 2-24-2003 5:54:46 pm ----------------------------------------------------------------- Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information. -----------------------------------------------------------------