We need one user per peer cluster (with the rights specified in 5.3.3) and one BC group for the whole BCC.
Perform the following tasks to configure the BCC Administrator user and group:
Before you configure BCC in the cluster, you must create a BCC group (bccgroup) and BCC Administrator user (bccadmin). Members of the group include the BCC Administrator user and the UNIX workstation objects of each node in every peer cluster. The group must be enabled for Linux User Management (LUM). The group allows the inter-cluster communication to function properly.
In iManager, select the Roles and Tasks view.
Create a BCC group, named bccgroup.
Select Directory Administration > Create Object.
On the Create Object page, select Group, then click OK.
Specify the information for the group, then click OK.
Create one BCC Administrator user per peer cluster such as bccadmin-cl1.
Select Directory Administration > Create Object.
On the Create Object page, select User, then click OK.
Specify the information for the user, then click OK.
Add the BCC Administrator user to the BCC group.
Select Directory Administration > Modify Object.
Select the BCC group, then click OK.
On the group’s Properties page, select the Members tab.
Add the BCC Administrator user as a member of the BCC group.
Enable the group for Linux.
Select Linux User Management > Enable Groups for Linux.
Browse to select the bccgroup, then click OK.
Enable the group for Linux.
Ensure that you do the following when you LUM-enable bccgroup:
On the Select Groups page, select the LUM enable all users in group option.
On the Select Workstations page, add all UNIXWorkstation objects for all BCC cluster nodes in all peer clusters for the BCC to the bccgroup.
IMPORTANT:If you later add a node or reinstall a node in any of the peer clusters in the BCC, its UNIX workstation object must be added manually to this group.
For information about LUM-enabling groups, see Managing User and Group Objects in eDirectory
in the OES 2023: Linux User Management Administration Guide.
On every node in every peer cluster, refresh the local cache for LUM-enabled users and groups. Log in as the root user, open a terminal console, then enter
namconfig cache_refresh
You need to assign trustee rights to the BCC Administrator user for each cluster you plan to add to the business continuity cluster.
In iManager, select the Roles and Tasks view.
Select Rights, then select Modify Trustees.
Browse and select the Cluster object, then click OK.
Click OK to view the trustee information for the Cluster object.
If the BCC Administrator user is not listed as a trustee, click the Add (plus) button for Add Trustee, browse and select the User object, then click OK.
Click Assigned Rights for the BCC Administrator user.
Click Add Property, select ACL, then click OK.
The [All Attributes Rights] and [Entry Rights] properties should automatically be listed. Add them if they are not present.
Assign rights and inherit settings for each property:
Property Name |
Assigned Rights |
Inherit |
Description |
---|---|---|---|
ACL |
None |
No |
Explicitly removing the rights for the ACL property ensures that no rights flow from eDirectory to the file system. |
[All Attributes Rights] |
Compare, Read, Write |
Yes |
Read and Write are required. |
[Entry Rights] |
Create, Delete |
Yes |
The Create right allows the trustee to create new objects below the container and also includes the Browse right. The Delete right allows the trustee to delete the target from the directory. |
For example:
Click Done to save your changes.
Repeat Step 2 through Step 9 for the Cluster objects of each peer cluster in your business continuity cluster.
In order for the BCC Administrator user to gain access to the cluster administration files (/admin/novell/cluster) on other Linux cluster nodes in your BCC, you must add that user to the Novell Cluster Services administration group (such as ncsgroup) on each cluster node.
Log in as root and open the /etc/group file.
Find either of the following lines:
ncsgroup:!:107:
or
ncsgroup:!:107:bccd
The file should contain one of the above lines, but not both.
Depending on which line you find, edit the line to read as follows:
ncsgroup:!:107:bccadmin
or
ncsgroup:!:107:bccd,bccadmin
Replace bccadmin with the BCC Administrator user you created.
Notice the group ID number of the ncsgroup. In this example, the number 107 is used. The actual number is the same on each node in a given cluster; it might be different for each cluster.
After saving the /etc/group file, execute the id command from a shell.
For example, if you named the BCC Administrator user bccadmin, enter id bccadmin.
The ncsgroup should appear as a secondary group of the BCC Administrator user.
You can manage Linux BCC peer cluster connections and credentials from the CLI: