Starting and Configuring the Services

After installing Solaris^TM for ISPs^TM components, you must:

• Configure Sun^TM Directory Services to start the services daemon and any of the tool processes.

• Configure the FlexLM License Server to get the license for the Sun Directory Services entries.

• Configure Sun^TM Internet Administrator to initialize the required entries in Sun Directory Services and to register and manage the services from Sun Internet Administrator.

• Configure HotJava^TM to support the Solaris for ISPs software security requirements.

You can access some of the services directly from a browser. This chapter discusses in detail how to configure Sun Directory Services and Sun Internet Administrator, and how to access the services from Sun Internet Administrator and directly from a browser.

Starting the Directory Services

If you chose Execute (with reboot) at the end of the installation process, the directory services should be up and running when the host system is finished rebooting. If you need to start the services by hand (for example, if you chose no reboot and performed other tasks before rebooting), start the services daemon and any of the tool processes you want to use. To start:

1. Log in as root.

2. Change the directory to /etc/init.d.

3. Start the directory services (and the RADIUS server, if you have it configured), by entering the following command:

   # ./dsserv start

4. (Optional) If you want to start the Sun Directory Services Web gateway server, enter the following command:

   # ./dsweb start

5. (Optional) If you want to start the Sun Directory Services administration server, enter the following command:

   # ./dsadm start

For information on why you should choose to start the gateway or administration servers, see the Sun Directory Services 3.1 Administration Guide and the Sun Directory Services 3.1 User's Guide.

Starting the License Server

Sun Directory Services allows one thousand entries to be made in the directory services before requiring a license for more entries. The one thousand entry limit is sufficient to install Sun Directory Services and initialize the entries required by the Solaris for ISPs software. To initialize more entries, you need a license key. Please refer the license certificate for more information on obtaining a license key.

When you have the license key, log into the computer where the license server is installed and start the licensing tool.

To Start the License Server

1. Enter:

   # /etc/opt/licenses/lit
   

   The License Installation Tool licenses configuration screen appears

2. From the Select Product pull-down menu, select the Sun Directory Services number of entries for which you purchased the license key.

3. In the text field,

   1. License server: Enter the name of the host where the license server is installed.

   2. Host ID: Enter the hostid of the computer where the license server is installed.

   3. Rights To Use: Enter 1

   4. Expiration Date: Enter the expiry date given to you for the license key.

   5. Password: Enter the license key given to you.

4. Click Done With License.

5. Click Exit - Install Licenses.

6. Expiration date:

   If Sun Directory Services is not installed on the same machine with the license server, perform the following steps.

7. Copy the configuration script from the license server machine to the machine where Sun Directory Services is installed.

   The license server configuration script is located at: /etc/opt/licenses/LIC_CONFIG_SCRIPT

8. Log into the Sun Directory Services machine and run the configuration script. To run, enter:

   # ./LIC_CONFIG_SCRIPT
   

   You must run the script only after installing the license using the License Installation Tool.

Starting Sun Internet Administrator

To manage Solaris for ISPs services through Sun Internet Administrator, you must register those services with Sun Internet Administrator. Optionally, you can create administrators for each managed service, or for groups of services.

The administrator you specified during installation has global access to Sun Internet Administrator and to all services managed from it.

To configure Sun Internet Administrator to manage your services, first install and configure a Sun Directory Services host and all service hosts. See Chapter 3 of Solaris for ISPs Administration Guide for information on the design of a Solaris for ISPs system.

Sun Internet Administrator requires a properly configured and running Sun Directory Services server in order to function. Be sure that the services are running before proceeding. Ensure that you reboot the system before attempting to access Sun Internet Administrator

1. Sun Internet Administrator makes initial entries in the directory services and requires those entries to be able to run.

   • If Sun Directory Services was running when you installed Sun Internet Administrator, the entries have already been initialized.

   • If you installed Sun Internet Administrator and Sun Directory Services together, the entries have already been initialized.

   • If the directory services were not running, you must initialize the Sun Internet Administrator entries.

   To initialize the entries, obtain root access and enter:
   • # /opt/SUNWixamc/bin/mcdsinit
   • -d DNofDSAdmin
   • -n ConsoleAdmin

   where

   -d DNofDSAdmin

   Is the distinguished name of the Sun Directory Services administrator you specified when installing the directory services (For example, cn=admin,o=sun,c=US).

   -n ConsoleAdmin

   Is the name of the administrator for Sun Internet Administrator that you specified at the time of installation.

   ---

   Note -

   The values you enter in these two fields must exactly match the values you entered when installing the software.

   ---

2. You will be prompted for the:

   DA administrator password:

   Enter the password of the administrator of Sun Directory Services.

   IA administrator password:

   Enter the password of the administrator of Sun Internet Administrator console.

   ---

   Note -

   The passwords you enter here must exactly match the passwords you specified when installing the software.

   ---

   The remainder of this procedure does not require root access. You can now access Sun Internet Administrator from a browser.

   ---

   Note -

   For more information on mcdsinit, refer to the man page. To view a man page, enter man -M /opt/SUNWixamc/man command, where command is the command whose man page you want to view.

   ---

3. Start one of the supported Web browsers (for example, HotJava 1.1.5) and access the URL: http://<hostname>:50080/ispmc.

   Where <hostname> is the name of the machine where you installed Sun Internet Administrator. If you configured the administration Web server to another port other than the default, 50080, enter that port number.

   ---

   Note -

   To make accessing Sun Internet Administrator easier, you may want to make a bookmark of this URL.

   ---

4. Log in to get global access to the product and all services this Sun Internet Administrator manages. To log in

   1. Choose Register Services.

   2. Enter the administrator name and password you specified during installation of Sun Internet Administrator.

   3. Register the services and create additional administrators by referring to on line help.

   ---

   Note -

   From this step on, all information is also available in the Sun Internet Administrator on line help.

   ---

5. For each service to be managed through Sun Internet Administrator:

   1. Go to the Register Services screen by clicking the link in the table of contents pane.

   2. Enter the name of the host computer where the service you want to register is installed and click on Register Host.

   3. Select the desired services from the list, and click on Register Services Selected Above.

6. (Optional) If you want to create additional administrators, go to the Manage Administrators screen by clicking the link in the table of contents pane. Follow the steps in the on-line help.

Whenever you install additional Solaris for ISPs services, you can add them to the console by following these steps.

Configuring HotJava

Sun Internet Administrator and Sun Internet Services Monitor both require the security settings in HotJava to allow applet and servlet functionality. Follow the procedures in this section to set security appropriately.

Configuring HotJava for Sun Internet Administrator

The Solaris for ISPs remote administration applets require access to certain client system properties when they load. If your HotJava applet security settings are set to:

• High Security, the applets may not be able to load.

• Medium Security, you will be asked if the applet should be allowed to access to system properties when it loads.

You must configure the browser to Medium Security or Low Security. To configure:

1. Start HotJava and go to the Edit menu.

2. Choose Preferences from the pull-down menu and select Applet Security from the cascade menu.

3. Select Low Security for signed applets and Medium Security for unsigned applets by clicking on the respective radio buttons.

4. Click on Apply.

Configuring HotJava to Support Sun Internet Services Monitor

Sun Internet Services Monitor works through Java Applets and requires certain security settings in HotJava for its functionality. You must configure the browser to support these requirements. To configure:

1. Start HotJava and go to the Edit menu.

2. Choose Preferences from the pull-down menu and select Applet Security from the cascade menu.

3. Configure the system permissions. To configure, select System Permissions radio button and:

   1. Select Advanced Security or click on Advanced to go to the Advanced Security Settings screen.

   2. Click on Add Site and in the Add Web Site text field, enter the host name of Sun Internet Services Monitor server. Click on Add.

      The host name is added to the box with a scrolling list.

   3. Select the host, whose settings you wish to modify, and deselect Use default permissions for this site or certificate.

   4. Click on the respective boxes to enable applets to:

      • Open windows without warning banners.

      • Access properties, clipboard, and print jobs.

      • Launch local applications and warn before launching.

4. Configure network access by selecting the Network Access radio button and:

   1. Enter an asterisk (*) in:

      • Allow selection to listen on these ports text field.
      • Allow connecting to these sites text field.
      • Accept connections from these sites text field.

   2. Click on the square boxes and disable all three warning options. Disable:

      • Warn before allowing listen on other ports
      • Warn before connecting to other sites
      • Warn before accepting connection from other sites

5. Click on Apply.

6. Access Sun Internet Services Monitor user interface. To access, go to "Starting the Services".

Starting the Services

Solaris for ISPs services are controlled by their individual user interfaces. Some services can be accessed only through Sun Internet Administrator. Some Solaris for ISPs services can be accessed directly from a browser, too.

Accessing Components from Sun Internet Administrator

To access a component through the Sun Internet Administrator console:

1. Go to the Sun Internet Administrator Manage Services screen and access the component's user interface by clicking the link.

2. Log into Sun Internet Administrator, either as the console administrator or as the administrator of the service to be started.

   The component user interface is displayed.

3. Follow the instructions in the component's on-line help to start the component.

Sun^TM Internet News Server^TM and Sun^TM Internet FTP Server^TM user interface can be accessed only from Sun Internet Administrator.

Accessing Services Directly

Sun Internet Administrator, Sun Internet Services Monitor, Sun Directory Services, and Sun^TM WebServer^TM user interface can be accessed directly from a browser. To access a service directly:

1. Start one of the supported Web browsers (for example, HotJava 1.0.2) and access the service URL.

   While specifying host name, specify the service host name and the port number used by that service.

   • The Sun WebServer URL is: http://hostname:2380/admin/admin.html, where hostname is the host name of the Web server and 2380 is the default port number. You can configure basic information about how the server runs from this URL.

   • The Sun Internet Services Monitor URL is: http://hostname:2381/monitor/isp-monitor.html, where hostname is the host name of the monitoring software and 2381 is the default port number. You can create clients and configure clients to monitor services from this URL.

   • The Sun Internet Administrator URL is: http://hostname:50080/ispmc, where hostname is the host name of the administrator console and 50080 is the default port number. You can register service hosts, and manage administrators and services from this URL.

   • The Sun Directory Services URL is: http://hostname:1760/, where hostname is the host name of the directory services and 1760 is the default port number. You can browse the directory from this URL using the Web gateway.

2. Follow the instructions in the service's on-line help to start the service.