Home > Articles

OES NetWare Clients

This chapter is from the book

Native File Access

Novell Native File Access (NFA) enables Macintosh, Windows, and Unix workstations to access and store files on NetWare servers without installing the Novell client. NFA is installed by default as part of the basic OES NetWare server installation process and provides instant network access. Just plug in the network cable, start the computer, and you’ve got access to servers on your network.

NFA enables client workstations to access the OES NetWare file system using the same protocols they use internally to perform local file operations, such as copy, delete, move, save, and open. Windows workstations perform these tasks using the Common Internet File System (CIFS) protocol, Macintosh workstations use the AppleTalk Filing Protocol (AFP), and Unix/Linux computers use the Network File System (NFS) protocol. This not only eliminates the overhead of a special network client, but also enables users to perform network tasks using the same familiar tools that they use to work on their local drives.

Admin Workstation Requirements

To manage Native File Access, there must be at least one administrative workstation with the following characteristics:

  • Windows 9x running Novell client for Windows 9x version 3.21.0 or later or Windows XP/2000 Novell client for Windows XP/2000 version 4.80 or later.

  • NICI client version 1.5.7 or later—The NICI client is required to perform password administration using ConsoleOne.

NFA Client Requirements

To access NetWare servers running NFA, computers must be connected to the network and running one of the following operating systems:

  • Mac OS version 8.1 or later—Mac OS X.

  • Windows 9x, Windows NT v4, Windows XP/2000—Windows computers must be running Client for Microsoft Networks, which is a standard Windows networking component. It can be installed by choosing Add, Client from the Local Area Connection Properties page.

  • Any version of UNIX or Linux that supports NFS v2 or NFS v3.

Simple Password

Simple passwords are used to support the local Windows, Macintosh, and NFS password models, which in some cases don’t support password encryption. Thus, to prevent the eDirectory password from becoming compromised, Novell created a secondary password suitable for use in these nontraditional situations. To create a simple password for a user, complete the following steps:

  1. Launch iManager, open the eDirectory Administration link, and select Modify Object. For more information on iManager, see Chapter 4 "OES Management Tools."

  2. Click the View Objects button and browse to the object for which you want to change the Simple Password.

  3. Click the object and select Modify Object.

  4. Select the NMAS Login Methods tab and click the Simple Password link.

  5. Make the Simple Password modifications and click OK. You can create, change, or remove the simple password.

After it’s created, the simple password will be used by services such as Native File Access and LDAP authentication that cannot be integrated with the native eDirectory-based authentication option provided by OES NetWare. Simple passwords are required for these services to function, and removing the simple password may prevent them from using services that rely on it.

Configuring CIFS Access

With NFA installed and passwords configured, nothing else is necessary to enable Windows users to access the NetWare file system. They can use Windows Explorer to browse and search for files through Network Neighborhood or My Network Places. They can map network drives to their defined share point and assign it a drive letter. Because access to NetWare files is handled by CIFS, Windows users can copy, delete, move, save, and open network files as they can with any Windows-based drive resource.

You can stop and start the CIFS service on the OES NetWare server by typing CIFSSTOP at the server console or from a remote server connection. Similarly, typing CIFSSTRT starts the CIFS service on a given OES NetWare server.

Specifying Contexts in the Context Search File

A context search file enables Windows users to log in to the network without specifying their full context. The contexts listed in the context search file will be searched when no context is provided or the object cannot be found in the provided context. If user objects with the same name exist in different contexts, authentication to each user object will be attempted until one succeeds with the user-provided password.

The context search file is stored in the SYS:ETC directory of the NetWare server on which NFA is running. To modify a context search file, complete the following steps:

  1. Open the CTXS.CFG file with any text editor.

  2. Enter each context to be searched during authentication, with each context on its own line.

  3. Resave the file in the SYS:ETC directory.

  4. At the server console, enter CIFSSTOP and then CIFSSTRT to reload the CIFS service with the new context search file.

When restarted, NFA will be able to use the context search file entries you have provided.

Customizing the Network Environment for CIFS

You can use ConsoleOne to configure file access for CIFS users. For more information on ConsoleOne, see Chapter 4. Three CIFS configuration pages are available by completing the following steps:

  1. Launch ConsoleOne and browse to the appropriate OES NetWare server in the left pane.

  2. Right-click the Server object and select Properties.

  3. Click the CIFS tab and select one of the three CIFS available pages: Config, Attach, or Shares.

  4. Enter the parameters in the fields provided.

  5. Click OK to save your settings and exit.

The following parameter fields appear on the CIFS Config Page:

  • Server Name—Server Name enables you to specify a name, as it will appear in Network Neighborhood, for the CIFS server. It can be a maximum of 15 characters long and must be different from the actual NetWare server name.

  • Comment—Comment enables you to provide a description of the server resource for CIFS users that will be available when viewing resource details in Network Neighborhood.

  • WINS Address—WINS Address specifies the address of the WINS server that should be used to locate the Primary Domain Controller (PDC). This is necessary if the PDC is on a different IP subnet than the NetWare server running NFA.

  • Unicode—Unicode enables international character support.

  • OpLocks (Opportunistic Locking)—Oplocks improves file access performance using the CIFS protocol.

  • Authentication Mode—Authentication Mode specifies the authentication method used to authenticate CIFS users.

    • Domain—If the users are members of a Windows domain, you can have the Windows domain controller perform the authentication. In this instance, the domain and workstation username and password must match.

    • Local—If the users are members of a Windows workgroup, you can have the NFA server perform the authentication. In this instance, the NetWare and workstation username and password must match.

  • Authentication Workgroup NameAuthentication Workgroup Name specifies the name of the Windows domain, or workgroup, to which the NFA server will belong.

  • Primary Domain Controller Name—Primary Domain Controller Name specifies the name of the PDC server and is necessary only if the PDC is on a different subnet. This option will override WINS or DNS.

  • Primary Domain Controller Address—Primary Domain Controller Address specifies the static IP address of the PDC server and is necessary only if the PDC is on a different subnet. This option will override WINS or DNS.

The Attach page enables you to specify the IP addresses to which you want to bind the CIFS protocol. By default, CIFS will be bound to all IP addresses on the NetWare server on which NFA is running.

The Shares page enables you to specify volumes or directories as Windows share points that will be directly accessible from Network Neighborhood. If no share points are defined, all mounted volumes will be listed by default:

  • Name—Name specifies a name for the share point, as it will be seen in Network Neighborhood.

  • Path—Path specifies the full path to the share point. This will appear as the root, or starting point, for the share. The path must end with a backslash (\).

  • Comment—Comment enables you to provide a description of the share point for CIFS users that will be available when viewing resource details in Network Neighborhood.

  • Maximum Number of Connections—Maximum Number of Connections specifies the maximum number of simultaneous connections allowed to the share point.

Configuring AFP Access

With NFA installed and passwords configured, nothing else is necessary to allow Mac users to access the NetWare file system. They can use Chooser or the Go menu to access network files and even create aliases. Because access to NetWare files is handled by AFP, Mac users can copy, delete, move, save, and open network files as they can with any local drive resource.

You can stop and start the AFP service on the OES NetWare server by typing AFPSTOP at the server console or from a remote server connection. Similarly, typing AFPSTRT starts the AFP service on a given OES NetWare server.

Context Search Files

If the user object for Mac users is not in the same container as the server they are trying to access, a context search file enables them to log in to the network without specifying their full context. The contexts listed in the context search file will be searched when no context is provided or the object cannot be found in the provided context. This is important because the Mac allows 31 characters for the username. If the full eDirectory context and username is longer than this, you must use a search list so users can access the NetWare server.

If user objects with the same name exist in different contexts, the first one in the context search list will be used. For this reason, it is advisable to have globally unique usernames when using this type of service.

The context search file is stored in the SYS:ETC directory of the NetWare server on which NFA is running. To modify a context search file, complete the following steps:

  1. Open the CTXS.CFG file with any text editor.

  2. Enter each context to be searched during authentication, with each context on its own line.

  3. Resave the file in the SYS:ETC directory.

When restarted, NFA will be able to use the context search file entries you have provided.

Renaming Volumes

You can also rename NetWare volumes so that they appear with a different name in the Mac Chooser. To rename a volume for Mac users, complete the following steps:

  1. Create a file named AFPVOL.CFG in the SYS:ETC directory of the NetWare server on which NFA is running.

  2. For each volume you want to rename, enter the current name of the volume and, in quotes, the new Mac name of the volume. For example:

  3. prv-serv1.sys "SYS volume"
  4. Save the file.

Mac users will access the NetWare volume through the name you have specified, rather than the formal name syntax typically used to denote NetWare volumes.

Accessing Files from a Mac

Mac users use the Chooser to access files and directories as needed. They can also create an alias on the desktop that will be maintained after rebooting:

  1. In Mac OS 8 or 9, click the Apple menu and select Chooser, AppleTalk, Server IP Address. In Mac OS X, click Go, Connect to Server.

  2. Specify the IP address or DNS name of the NetWare server and click Connect.

  3. When prompted, specify a valid eDirectory username and password, and then click Connect.

  4. Select a volume to be mounted on the desktop. You now have access to the files on the specified volume. However, these settings are not saved after rebooting the Mac. If you want to create a perpetual link to the volume, you can create an alias.

When these steps are completed, Mac users will have access to files and directories on a NetWare volume.

Configuring NFS Access

Native NFS file access requires a few more steps before a Unix/Linux client can use it. There are several terms you should be familiar with if you have not worked with NFS previously and are implementing NFA for NFS:

  • NFS server—NFS server software is installed as part of the NFA installation. It enables NFS clients to access a NetWare file system as if it were a local directory on the Unix/Linux workstation. Any client that supports the NFS protocol can also access NetWare files using the NFS server.

  • File system export—Before Unix/Linux users can access the NetWare file system it must be made available to the NFS client. This process is called exporting the file system. During the export, you can define who should access the information and how it is accessed.

  • File system mount—After the NetWare file system has been exported, an NFS client can import it into its local file system. When imported, the specified portion of the NetWare file system will be available as though it were part of the local Unix/Linux file system.

  • Network Information Service (NIS)—NFA also permits a NetWare server to function as an NIS server. This is not required for native file access but is a useful additional service for Unix/Linux clients. NIS is a widely used "Yellow Pages" for the Unix/Linux environment. Similar to eDirectory, NIS servers act as central repositories for common information about users, groups, and hosts that reside on the network. With NIS server software loaded, eDirectory can function as a NIS repository and can respond to NIS requests from any NIS client.

NFA's NFS support is installed and started as part of the OES NetWare installation. You can stop and start the NFS service from the server console by typing NFSSTOP. Similarly, typing NFSSTART starts the NFS service on a given OES NetWare server. You can also stop and start the NFS server from iManager by clicking the NFS link under File Protocols. This will open the management page for the NFS server. For more information on iManager, see Chapter 4.

When NFA is installed, it extends the eDirectory schema to support new NFS objects. There are four new objects that you will see after installing NFA for NFS:

  • NFSAdmin—The NFSAdmin object is a group object installed at the eDirectory tree root that gives you access to the exported file structures that will be made available to NFS users.

  • NFAUUser—The NFAUUser object is installed in the server context and is used to provide a link between NetWare and the root user on a Unix/Linux client. This link is used internally for managing data flow between the two systems.

  • NFAUWorld—The NFAUWorld group object is installed in the server context and provides Unix rights to other Unix users when they access an exported NFS path. To do this, the effective rights of the NFAUWorld object are converted into Unix rwx rights. Restrict the effective rights of the NFAUWorld object to prevent these NFS users from getting too much access to the NetWare file system.

  • NISSERV_<servername>—The NIS server object is installed in the server context for those who might want to use Novell eDirectory as an NIS data repository. It is not used for NFS file access. For more information on NIS services, see the NetWare online documentation.

To export part of the OES NetWare file system for use by NFS clients, complete the following steps:

  1. Launch iManager and log in as a user with administrative rights. iManager provides a gadget for managing NFS connections. For more information on iManager, see Chapter 4.

  2. In the left pane, expand the File Protocols link and select NFS.

  3. Specify, or browse to, the server running NFS services. Click the Export button to open the Export Options screen (see Figure 3.11).

  4. In the Path field, enter the path to be exported. Use forward slashes (/) to separate directories. For example, to export the DATA: volume, you enter /data.

  5. In the Access Control field, specify either Independent or NetWare mode. Independent mode means that NetWare and NFS rights will be managed separately. NetWare mode means that rights will be managed from NetWare and mapped to NFS accordingly. For more information on access control modes, see the OES online documentation.

  6. Use Global Permissions to specify those permissions that will be granted to all trusted hostnames.

  7. Figure 3.11 Creating an NFS export from iManager.

  8. In the Trusted Host and Access Permission table, specify the NFS host that you want to make a trusted host for the exported path. Then specify the rights granted to the export host:

    • Deny—Deny prevents access to the host.

    • RO(Default) RO grants read-only access to the host.

    • RW—RW grants read-write access to the host.

    • Root—Root grants root, or supervisory, access to the host.

    • Anonymous—Anonymous grants generic access to the exported directory through the Unix user NOBODY and group NOGROUP.

  9. Click the plus symbol (+) next to the hostname to add the host to the trusted host list. This updates the etc/exports file on the server and refreshes the NFS server. When you specify access permissions, the default permissions given in the All row are unchecked.

After it’s created, the newly exported directory will show up in the Exported Paths list on the NFS Server Administration screen. By selecting an exported path from the Exported Paths list, you can see the current path configuration and modify that configuration by clicking Edit.

Mounting an Exported Directory

After an OES NetWare directory has been exported for NFS clients, it is imported into a remote file system for access. Unix systems use the mount command to accomplish this. To mount an exported directory on a Unix/Linux system, complete the following steps:

  1. Use the mkdir command to create a directory that will hold the OES NetWare NFS export—for example: mkdir NWOESFiles.

  2. Use the mount command to link the new directory to the OES NetWare export—for example: mount <server identifier>:/data/linux /NWOESFiles.

For more information on the Unix/Linux mount command, refer to your system’s man pages.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020