i would like to know if someone is aware of some NDS design problems with
S2S and BM38 ?

As a start to this discussion, every server mentionned here is NW65 and/or
BM38 fully patched, there is no timesync pb, all the partitions are in
sync, etc...

-> A BM38 slave (call S2S-2), with a private and a public interface, is
introduced in the tree in a partition C=FR for example. He's the master of
this partition (hosting only this one)
-> There is 2 RW replicas of C=FR on 2 other servers (NW65-1 and NW65-2)
-> These 2 last servers also have a replica of [root]
-> The master of the S2S VPN is a third server (S2S-1) in his own
partition in the same subnet than NW65-1 and NW65-2

Everything goes fine (VPN circuit is up, IKE ok, etc...) when S2S-2 can
communicate with NW65-1 or NW65-2 through his private interface (a cisco
router with several ethernet ports and appropriate static routes to build
a "masquerade"), but once isolated from NW65-1 and NW65-2, like if he
was "shipped" over the internet, then starting the slave (startvpn), the
service configuration manager generates some java -626 errors...

-> Looks like the java "VPN launcher" is trying to contact a replica of
[root] to learn what ?? He knows that he's a slave because he's trying to
run vpslave.. Putting a replica of [root] on this server would be crazy in
term of NDS design as he's supposed to be in another country.. Could it be
linked to the Security container ?

Like a lot of remote slave servers are supposed to move on BM38, i'm
worrying about a nice bug.. (never had any problem with the legacy
system...). I understand that i can put a S2S-2 in his own tree to make
the protected networks and servers communicating well in their own other
tree, but i find that a bit hard to accept..

-> I've just destoyed all the S2S-2 configuration to try to rebuild the
S2S config in S2S-2 but i would be interested by some comments and to know
if someone else is experiencing similar issues ?
-> If i've again the pb, i'll post the full error message

-> Also would like to know where to find the explanations of the BM
attributes of the NCP server object... The purpose is to understand how
the system is "thinking" and what are the triggers to play with.. With
comparisons between 2 servers with different configurations we can start
to devine, but it would be interesting to have the doc.. BM38 is an
interesting evolution but at my point of view, a little bit poor in high-
level documentation... and still too much abends with SCMAGENT and
FILTSRV.. Also the management of CSL.CFG, CSL.DAT and NLSPSTAT.CFG, the
background processes remain too "dark".. A post from Novell developers in
the AppsNotes would be welcomed ! After all Novell is on the opensource