Native File Access Pack

Novell Native File Access Pack (NFAP) lets Macintosh, Windows, and Unix workstations access and store files on NetWare servers without installing the Novell client. NFAP is installed by default as part of the basic NetWare 6.5 server installation process, and provides instant network access. Just plug in the network cable, start the computer, and you've got access to servers on your network.

NFAP lets client workstations access the NetWare 6.5 file system using the same protocols that they use internally to perform local file operations such as copy, delete, move, save, and open . Windows workstations perform these tasks using the Common Internet File System (CIFS) protocol; Macintosh workstations use the AppleTalk Filing Protocol (AFP); and Unix/Linux computers use the Network File System (NFS) protocol. This not only eliminates the overhead of a special network client, but also allows users to perform network tasks using the same familiar tools that they use to work on their local drives .

Admin Workstation Requirements

In order to manage Native File Access, there must be at least one administrative workstation with the following characteristics:

• Windows 9x running Novell client for Windows 9x version 3.21.0 or later or Windows 2000/XP Novell client for Windows 2000/XP version 4.80 or later

• NICI client version 1.5.7 or laterthe NICI client is required to perform password administration using ConsoleOne

NFAP Client Requirements

To access NetWare servers running NFAP, computers must be connected to the network and running one of the following operating systems:

• Mac OS version 8.1 or laterMac OS X.

• Windows 9x, Windows NT v4, Windows 2000/XPWindows computers must be running Client for Microsoft Networks, which is a standard Windows networking component. It can be installed by choosing Add >> Client from the Local Area Connection Properties page.

• Any version of Unix or Linux that supports NFS v2 or NFS v3.

Simple Password

Simple passwords are used to support the local Windows, Macintosh, and NFS password models, which in some cases don't support password encryption. Thus, to prevent the eDirectory password from becoming compromised, Novell created a secondary password suitable for use in these nontraditional situations. To create a simple password for a user , complete the following steps:

1. Launch iManager, open the eDirectory Administration link and select Modify Object.

2. Browse to and select the object for which you want to change the Simple Password and click OK.

3. Select the NMAS Login Methods tab and click the Simple Password link.

4. Make the desired Simple Password modifications and click OK. You can create, change, or remove the simple password.

Once created, the simple password will be used by services such as Native File Access and LDAP authentication that cannot be integrated with the native eDirectory-based authentication option provided by NetWare 6.5. Simple passwords are required for these services to function, and removing the simple password may prevent them from using services that rely on the simple password.

Configuring CIFS Access

With NFAP installed and passwords configured, nothing else is necessary to allow Windows users to access the NetWare file system. They can use Windows Explorer to browse and search for files through Network Neighborhood or My Network Places. They can map network drives to their defined share point and assign it a drive letter. Because access to NetWare files is handled by CIFS, Windows users can copy, delete, move, save, and open network files just like they can with any Windows-based drive resource.

You can stop and start the CIFS service on the NetWare 6.5 server by typing CIFSSTOP at the server console, or from a remote server connection. Similarly, typing CIFSSTRT will start the CIFS service on a given NetWare 6.5 server.

Specifying Contexts in the Context Search File

A context search file lets Windows users log in to the network without specifying their full context. The contexts listed in the context search file will be searched when no context is provided or the object cannot be found in the provided context. If User objects with the same name exist in different contexts, authentication to each user object will be attempted until one succeeds with the user-provided password.

The context search file is stored in the SYS:ETC directory of the NetWare server on which NFAP is running. To modify a context search file, complete the following steps:

1. Open the CTXS.CFG file with any text editor.

2. Enter each context to be searched during authentication, with each context on its own line.

3. Resave the file in the SYS:ETC directory.

4. At the server console, enter CIFSSTOP , and then CIFSSTRT to reload the CIFS service with the new context search file.

Once restarted, NFAP will be able to use the context search file entries you have provided.

Customizing the Network Environment for CIFS

You can use ConsoleOne to configure file access for CIFS users. For more information on ConsoleOne, see Chapter 3, "Novell Management Tools." Three CIFS configuration pages are available by completing the following steps:

1. Launch ConsoleOne and browse to the appropriate NetWare 6.5 server in the left pane.

2. Right-click the Server object and select Properties.

3. Click the CIFS tab and select one of the three CIFS available pages: Config, Attach, or Shares.

4. Enter the desired parameters in the fields provided.

5. Click OK to save your settings and exit.

The following parameter fields appear on the CIFS Config Page:

• Server Name: Lets you specify a name, as it will appear in Network Neighborhood, for the CIFS server. It can be a maximum of 15 characters long and must be different from the actual NetWare server name.

• Comment: Lets you provide a description of the server resource for CIFS users that will be available when viewing resource details in Network Neighborhood.

• WINS Address: Specifies the address of the WINS server that should be used to locate the Primary Domain Controller (PDC). This is necessary if the PDC is on a different IP subnet than the NetWare server running NFAP.

• Unicode: Enables international character support.

• OpLocks (Opportunistic Locking): Improves file access performance using the CIFS protocol.

• Authentication Mode: Specifies the authentication method used to authenticate CIFS users.

  • Domain: If the users are members of a Windows domain, you can have the Windows domain controller perform the authentication. In this instance, the domain and workstation username and password must match.

  • Local: If the users are members of a Windows workgroup, you can have the NFAP server perform the authentication. In this instance, the NetWare and workstation username and password must match.

• Authentication Workgroup Name: Specifies the name of the Windows domain, or workgroup, to which the NFAP server will belong.

• Primary Domain Controller Name: Specifies the name of the PDC server, and is necessary only if the PDC is on a different subnet. This option will override WINS or DNS.

• Primary Domain Controller Address: Specifies the static IP address of the PDC server, and is necessary only if the PDC is on a different subnet. This option will override WINS or DNS.

The Attach page lets you specify the IP addresses to which you want to bind the CIFS protocol. By default, CIFS will be bound to all IP addresses on the NetWare server on which NFAP is running.

The Shares page lets you specify volumes or directories as Windows share points that will be directly accessible from Network Neighborhood. If no share points are defined, all mounted volumes will be listed by default.

• Name: Specifies a name for the share point, as it will be seen in Network Neighborhood.

• Path : Specifies the full path to the share point. This will appear as the root, or starting point, for the share. The path must end with a backslash ( \ ).

• Comment: Lets you provide a description of the share point for CIFS users that will be available when viewing resource details in Network Neighborhood.

• Maximum Number of Connections: Specifies the maximum number of simultaneous connections allowed to the share point.

Configuring AFP Access

With NFAP installed and passwords configured, nothing else is necessary to allow Mac users to access the NetWare file system. They can use Chooser or the Go menu to access network files and even create aliases. Because access to NetWare files is handled by AFP, Mac users can copy, delete, move, save, and open network files just like they can with any local drive resource.

You can stop and start the AFP service on the NetWare 6.5 server by typing AFPSTOP at the server console, or from a remote server connection. Similarly, typing AFPSTRT will start the AFP service on a given NetWare 6.5 server.

Context Search Files

If the User object for a Mac user is not in the same container as the server they are trying to access, a context search file lets them log in to the network without specifying their full context. The contexts listed in the context search file will be searched when no context is provided or the object cannot be found in the provided context. This is important because the Mac allows 31 characters for the username. If the full eDirectory context and username is longer than this, you must use a search list so users can access the NetWare server.

If User objects with the same name exist in different contexts, the first one in the context search list will be used. For this reason, it is advisable to have globally unique usernames when using this type of service.

The context search file is stored in the SYS:ETC directory of the NetWare server on which NFAP is running. To modify a context search file, complete the following steps:

1. Open the CTXS.CFG file with any text editor.

2. Enter each context to be searched during authentication, with each context on its own line.

3. Resave the file in the SYS:ETC directory.

Once restarted, NFAP will be able to use the context search file entries you have provided.

Renaming Volumes

You can also rename NetWare volumes so that they appear with a different name in the Mac Chooser. To rename a volume for Mac users, complete the following steps:

1. Create a file named AFPVOL.CFG in the SYS:ETC directory of the NetWare server on which NFAP is running.

2. For each volume you want to rename, enter the current name of the volume and, in quotes, the new Mac name of the volume. For example:

    prv-serv1.sys "SYS volume" 

3. Save the file.

Mac users will now access the NetWare volume through the name you have specified, rather than the formal name syntax typically used to denote NetWare volumes.

Accessing Files from a Mac

Mac users use the Chooser to access files and directories as needed. They can also create an alias on the desktop that will be maintained after rebooting.

1. In Mac OS 8 or 9, click the Apple menu >> Chooser >> AppleTalk >> Server IP Address. In Mac OS X, click Go >> Connect to Server.

2. Specify the IP address or DNS name of the NetWare server, and click Connect.

3. When prompted, specify a valid eDirectory username and password, and then click Connect.

4. Select a volume to be mounted on the desktop. You now have access to the files on the specified volume. However, these settings are not saved after rebooting the Mac. If you want to create a perpetual link to the volume, you can create an alias.

Once these steps are completed, Mac users will have access to files and directories on a NetWare volume.

Configuring NFS Access

Native NFS file access requires a few more steps before a Unix/Linux client can use it. There are several terms that you should be familiar with if you have not worked with NFS previously and are implementing NFAP for NFS.

• NFS server: NFS server software is installed as part of the NFAP installation. It enables NFS clients to access a NetWare file system as if it were a local directory on the Unix/Linux workstation. Any client that supports the NFS protocol can also access NetWare files using the NFS server.

• File system export: Before Unix/Linux users can access the NetWare file system it must be made available to the NFS client. This process is called exporting the file system. During the export, you can define who should access the information and how it is accessed.

• File system mount: Once the NetWare file system has been exported, an NFS client can import it into its local file system. Once imported, the specified portion of the NetWare file system will be available as though it were part of the local Unix/Linux file system.

• Network Information Service (NIS): NFAP also permits a NetWare server to function as an NIS server. This is not required for native file access, but is a useful additional service for Unix/Linux clients. NIS is a widely used "Yellow Pages" for the Unix/Linux environment. Similar to eDirectory, NIS servers act as central repositories for common information about users, groups, and hosts that reside on the network. With NIS server software loaded, eDirectory can function as a NIS repository and can respond to NIS requests from any NIS client.

NFAP's NFS support is installed and started as part of the NetWare 6.5 installation. You can stop and start the NFS service from the server console by typing NFSSTOP . Similarly, typing NFSSTART will start the NFS service on a given NetWare 6.5 server. You can also stop and start the NFS server from iManager by clicking the NFS link under File Protocols. This will open the management page for the NFS server. For more information on iManager, see Chapter 3.

When NFAP is installed, it extends the eDirectory schema to support new NFS objects (see Figure 2.12). There are four new objects that you will see after installing NFAP for NFS.

• NFSAdmin : The NFSAdmin object is a group object installed at the eDirectory tree root, and gives you access to the exported file structures that will be made available to NFS users.

• NFAUUser : The NFAUUser object is installed in the server context and is used to provide a link between NetWare and the root user on a Unix/Linux client. This link is used internally for managing data flow between the two systems.

• NFAUWorld : The NFAUWorld group object is installed in the server context and provides Unix rights to Other Unix users when they access an exported NFS path. To do this, the effective rights of the NFAUWorld object are converted into Unix rwx rights. Restrict the effective rights of the NFAUWorld object to prevent these NFS users from getting too much access to the NetWare file system.

• NISSERV_< servername > : The NIS server object is installed in the server context for those who might want to use Novell eDirectory as an NIS data repository. It is not used for NFS file access. For more information on NIS services, see the NetWare online documentation.

Exporting a NetWare Directory

To export part of the NetWare 6.5 file system for use by NFS clients, complete the following steps:

1. Launch iManager and log in as a user with administrative rights. iManager provides a gadget for managing NFS connections. For more information on iManager, see Chapter 3.

2. In the left pane, expand the File Protocols link and select NFS.

3. Click the Export button to open the Export Options screen (see Figure 2.13).

   Figure 2.13. Creating an NFS export from iManager.

   

4. In the Path field, enter the path to be exported. Use forward slashes ( / ) to separate directories. For example, to export the DATA: volume, you would enter /data .

5. In the Access Control field, specify either Independent or NetWare mode. Independent mode means that NetWare and NFS rights will be managed separately. NetWare mode means that rights will be managed from NetWare and mapped to NFS accordingly . For more information on access control modes, see the NetWare 6.5 online documentation.

6. The Global Permissions let you specify those permissions that will be granted to all trusted hostnames.

7. In the Trusted Host and Access Permission table, specify the NFS host that you want to make a trusted host for the exported path. Then specify the rights granted to the export host.

   • Deny prevents access to the host

   • (Default) RO grants read-only access to the host

   • RW grants read-write access to the host

   • Root grants root, or supervisory , access to the host

   • Anonymous grants generic access to the exported directory through the Unix user NOBODY and group NOGROUP

8. Click the plus symbol (+) next to the hostname to add the host to the trusted host list. This updates the etc/exports file on the server and refreshes the NFS server. When you specify access permissions, the default permissions given in the All row are unchecked.

Once created, the newly exported directory will show up in the Exported Paths list on the NFS Server Administration screen. By selecting an exported path from the Exported Paths list, you can see the current path configuration, and modify that configuration by clicking Edit.

Mounting an Exported Directory

Once a NetWare 6.5 directory has been exported for NFS clients, it is imported into a remote file system for access. Unix systems use the mount command to accomplish this. To mount an exported directory on a Unix/Linux system, complete the following steps:

1. Use the mkdir command to create a directory that will hold the NetWare 6.5 NFS export. For example: mkdir NW6Files .

2. Use the mount command to link the new directory to the NetWare 6.5 export. For example: mount <server identifier>:/data/linux /NW6Files .

For more information on the Unix/Linux mount command, refer to your system's MAN pages.