NAAS is configured on a per-partition basis.
To automatically configure NAAS:
In ConsoleOne, select a partition root object for configuration.
Click Tools > Configure NAAS. A dialog box to select a configuration task is displayed.
NOTE: The configuration utility can also be run by right-clicking the selected partition root object and selecting Configure NAAS.
In the Select Configuration Task dialog box, select one of the following tasks, then click OK.
The following procedures provide details for configuring NAAS:
This utility should be run separately for configuring every NAAS Agent.
In the Select Configuration Task dialog box, select Set Up NAAS Agent and click OK to display a dialog box where you can select the host server.
Click Browse > select the host server where you are setting up the Agent.
Click OK to configure the NAAS Agent on the server you selected.
Continue with Setting Up NAAS Server .
This utility should be run separately for configuring every NAAS server. Typically, one or two servers should be configured for each partition.
In the Select Configuration Task dialog box, select Set Up NAAS Server, then click OK to display a dialog box where you can select the host server.
Browse and select the host server where you are setting up the NAAS server.
Click OK to configure the NAAS server on the server you selected.
Proceed to Setting Up NAAS Database .
This utility should be run separately for configuring every database. Typically, one database should be configured for each partition.
During NAAS Database setup, DSN is created automatically in sys:\_netware folder of specified server. A new database can be created using create database in different folder or volume using Pervasive Control Centre (PCC).
Install the Pervasive client on a Windows machine by running sys:\pvsw\clients\win\setup.exe, available on the NetWare 6 server.
Installing the Pervasive client is optional. The Pervasive client is useful for database maintenance and for using other utilities offered by the Pervasive database.
For information on Pervasive 2000i client compatibility with different versions of the Windows operating system, refer to the Pervasive 2000i Readme file.
From the client, start the Pervasive Control Center by clicking Start > Programs > Pervasive > Pervasive Control Center.
Right-click Pervasive.SQL 2000i Engine > click Register New Engine.
Enter the name of the server where the NAAS database is to be hosted.
Browse to the database folder.
Right-click Databases and click New Database.
In the New Database wizard, enter the following details.
Click Next.
Enter NAASADMN as the database name and \\Netware_server_name\SYS:\_netware as the directory and click Next.
Click Finish.
A new database is created and an informational message is displayed.
Click OK.
The NAASADMN entry will appear below Databases in the left pane.
In the Select Configuration Task dialog box, select Set Up NAAS Database, then click OK to display a dialog box to enter details about the database.
Select Pervasive.SQL 2000* as the database type.
Enter the database (server) IP address.
Enter the fully distinguished name (FDN) and password of the eDirectory administrator. For example the FDN can be .admin.acme.
When you setup the NAAS Database, the system creates a user by name Master to manage the NAAS Database. Enter the password.
Re-enter the password.
Click OK to activate automatic configuration of the NAAS database.
This procedure creates all policies, objects, and related templates with default values. These values should be modified based on the auditing requirements.
In the Select Configuration Task dialog box, select Configure NAAS Framework, and click OK to display the Select Auditor dialog box.
Click Browse to select the user to be set as the Auditor and click OK to configure the NAAS framework.
The NAAS Auditor is an entity that views the audit trail.
The configuration is completed and you can modify the default values for the various components, if required.
Refer Deploying Novell Advanced Audit Service to know more about various scenarios in which NAAS can be deployed, after the default configuration.
By default, NAAS Default Configuration utility configures NAAS for a single partition. Complete the steps provided in Configuring NAAS for Multipartition Auditing , to configure NAAS for multiple partitions.
After configuring the NAAS Agent, NAAS Server, NAAS Database and NAAS framework, proceed with the following tasks:
In ConsoleOne, locate the NAASAgentPolicy object in the NAAS container. The container will be just below the partition root object.
Right-click the object, then click Properties.
Go to the Policy Content tab.
Modify the commit period to speed up commit process.
NOTE: The Commit Period must be greater than 30 seconds.
These changes are applicable to all agents in the partition.
An error message for restarting the NAAS modules is displayed. Ignore this error message.
By default, no events are audited.
To activate auditing for specific events and services:
In ConsoleOne, select the specific Event Policy object from the following Event Policy objects. These objects are in the NAAS container just below the partition root.
Right-click the object, then click Properties
Go to the Policy Content tab.
Modify the action flag and filtering condition for the events, according to your requirements.
These changes are applicable to all agents in the partition.
An error message for restarting the NAAS modules is displayed. Ignore this error message.
The NAAS Default Configuration utility configures NAAS for a single partition. It creates a NAAS Agent for the selected eDirectory server. The Agent is capable of auditing all the partitions or replicas hosted on that server. It is must that all the objects (in partitions) have Event policies associated with them, for them to be audited. The Default configuration associates Event polices to the partition for which NAAS was configured only. All other hosted partitions on that server need to have Event policies associated for them to be audited.
To learn more about how to configure NAAS for multipartition auditing refer Configuring NAAS for Multipartition Auditing for a few scenarios.
NOTE: If you are configuring and using NAAS for the first time after installing NetWare 6 with Support Pack 1 or later and do not have NAAS on any other NetWare 6 server, this issue isn't applicable to your setup.
Auditing eDirectory on NetWare 6 servers with Support Pack 1 or later installed uses a new eDirectory event template with Service Version 2.0, Service Identifier eDirectory, and a new eDirectory event policy. The new eDirectory event template and eDirectory event policy are created as part of the default configuration of NAAS on NetWare 6 Support Pack 1 or later.
Auditing eDirectory on NetWare 6 servers without Support Pack 1 or later continues to use the eDirectory template with Service Version 1.0, Service Identifier NDS, and the eDirectory event policy derived from it.
In order for eDirectory auditing to function on NetWare 6 Support Pack 1 or later servers, you must reconfigure the existing NAAS framework using the NAAS snap-ins that ship with Support Pack 1 or later.
IMPORTANT: Only the administrator can reconfigure the existing NAAS configurations, using the NAAS default configuration utility.
To successfully audit eDirectory after installing NetWare 6 Support Pack 1 or later, complete one of the following procedures.
If the Auditor has not created an eDirectory event policy template and an eDirectory event policy in the eDirectory partition manually (NAAS uses the DS Event policy template and DS Event Policy created by the NAAS default configuration utility on NetWare 6), complete the following steps:
Manually replicate the contents of the old eDirectory policy contents to the newly created eDirectory event policy.
Restart NetWare servers with Support Pack 1 or later after reconfiguring the NAAS framework.
To refresh templates and policies, restart ConsoleOne® after reconfiguring NAAS.
If the Auditor has created new eDirectory event policy template or eDirectory event policy in the eDirectory partition manually (by creating new ones in addition to the DS event policy template and DS event policy created by the default configuration utility on NetWare 6), complete the following steps:
For every eDirectory event template and eDirectory event policy in the partition, other than DSEventPolicyV2 and DSEventPolicyTemplateV2 created by default, manually create a new eDirectory event template using the EVENTS.TXT file located in the SYS:\AUDIT\naasEvents folder on all NetWare 6 Support Pack1 servers and a new eDirectory event policy respectively.
Manually replicate the contents of the old eDirectory policy contents to the newly created directory event policy.
Replicate associations to new event policies.
For example, associate the new eDirectory event policies to wherever the old ones were associated.
After reconfiguring the NAAS framework, restart your NetWare 6 servers with Support Pack 1 or later.
To refresh templates and policies, restart ConsoleOne after reconfiguring NAAS.