Novell Advanced Audit Service (NAAS)
Default Configuration
- NAAS is not supported in a mixed network environment containing NDS® 6.x, 7.x, and NDS 8.x. NAAS enables auditing only for NetWare® servers that are running in pure NDS (Novell® eDirectoryTM) 8.x networks. It does not audit NetWare servers running NDS 8.x even if they are part of a mixed network running NDS versions earlier than NDS 8.x. Therefore, you should install and configure NAAS only in networks solely running NDS 8.x.
- The ConsoleOneTM-based NAAS default configuration utility cannot be run from a NetWare 6 server console. Instead, you must run it from a Windows workstation.
- By default, NAAS searches only up to three levels up the tree to find a policy of any type for an object. If policy is not found in the three levels, that object is not audited.
If the depth of the partition is greater than three, specific NAAS Search Criteria policies should be associated with the objects with search level equal to the partition depth.
- The NAAS default configuration utility fails to create NAAS objects if the partition root is not an Organization Unit or Tree Root. Before using this utility, manually create a NAAS container under the partition root.
- If the NetWare server hosts two partitions, and the server partition root is an ancestor of the other partition, explicitly give rights to the NAAS Agents to the objects in the other partition.
- The default configuration utility configures NAAS for a single partition and, by default, the Audit Server generates reports only for the query domains in the same partition.
If the Auditor Query Domain is in a partition other than that of the Audit Server, you need to give specific rights to that NAAS Server Object.
- The default configuration utility can make a user Auditor for only one partition.
To make the same user an Auditor for more than one partition, do the following:
- Manually configure NAAS.
- Grant the auditor Read and Compare rights to the LDAP Server attribute for the partition containing the User object.
- Grant the auditor Read and Compare rights to the LDAP:keyMaterialName attribute for the partition containing the User object.
- After generating a report for one naasAuditorQueryDomain, restart ConsoleOne to generate a report for a second domain.
- The NAAS schema for eDirectory does not get extended from the NetWare 6 server if that server happens to be a non replica server.
Run the NAAS install from a NetWare 6 server that is hosting a Read/Write replica of the eDirectory.
Audit Data Commit
Automatic commit of audit cache on reaching the specified threshold is not enabled. The size of the cache file will grow until the periodic commit is scheduled.
NAAS Agent
Occasionally, the NAAS Agent may fail to commit data to the NAAS Server due to a communication failure. However, there is no loss of data and the data is cached.
To resolve this, do the following:
-
Unload Java.
This unloads some of the NAAS Agent and NAAS Server components.
-
Reload Java using the LOAD JAVA command at the system console.
-
Reload the unloaded NAAS components using the ST_AGENT and ST_SRVR commands at the system console.
Loading the Shims
If all three NAAS Shims are required to be loaded, the load order should be as follows:
- FSSHIM.NLM
- NSSSHIM.NLM
- DSSHIM.NLM
eDirectory Auditing
- Auditing is not enabled for the following events in Novell eDirectory:
- DSE ADD MEMBER
- DSE DELETE MEMBER
NOTE: This issue is resolved in NetWare 6 Support Pack 1.
- If the NetWare server hosts two partitions and the server partition is a child partition of the other, only the server partition is audited.
Audit Report Generation
- Generating a report for a large number of records takes more time than generating a report for a small number of records. For example, it will take approximately 15 minutes to generate a report containing 17,000 records.
NOTE: This issue is resolved in NetWare 6 Support Pack 1.
- Two or more Audit report queries cannot be processed simultaneously by the Audit database. so auditors should generate one report at a time.
NOTE: This issue is resolved in NetWare 6 Support Pack 1.
- If event filters are created for NSS or NWFS, the Audit report will contain events for both NSS and NWFS even when only one of the two is selected. This happens only for events that are common to both NSS and NWFS.