| Sometimes you won't have ready access to the server console to run any of the server-based tools mentioned in the previous section. This section describes how you can use workstation-based applications to accomplish similar, if not the same, goals as those server-based utilities. NOTE The DS rights of the user you're logged in with determine the functionality you can perform as well as the number and types of objects you can see using workstation-based utilities.
TIP When using workstation-based applications, the DS information is read from your current default server. For example, if you have a drive ( F: ) mapped to server NETWARE65-A and another drive ( G: ) mapped to NETWARE60-B, you'll be reading DS data from NETWARE65-A if your current drive is F: . Otherwise, the data is retrieved from NETWARE60-B. When working from the Windows desktop, such as Windows 2000, and using Novell Client, you can easily change your default server: Right-click My Network Places, select NetWare Connections from the context menu, select the server you want to be your default server, and click Set Primary.
NetWare Administrator and ConsoleOne NetWare Administrator and ConsoleOne, which are mainly management applications, aren't often utilized as crude diagnostic tools ”but they can be. When you don't have ready access to utilities such as DSBrowse and need to do a quick check on the data consistency or synchronization between servers in a replica ring, you can use NetWare Administrator or ConsoleOne. Suppose you suspect there's something wrong with the synchronization between the replicas of a given partition. You can use the following steps to see whether DS changes are being sent from one replica to another: - Identify the servers that have a replica of the partition in question.
- Ensure you're only logged in to the server holding the Master replica.
- Use NetWare Administrator or ConsoleOne to change an attribute value of one of the objects in this partition. For example, change the Location attribute of a User object.
- At the server console of this server, issue the SET DSTRACE=*H command to force an immediate synchronization.
- Back at the workstation, log in to each server in the replica ring separately (using LOGIN servername / username if logging in from DOS, or specify the server name in the Server field in the GUI login dialog box). Then use NetWare Administrator or ConsoleOne to check whether the changed attribute value has been propagated correctly to the server.
You can also use the same technique (logging in to each server in turn ) and look for Unknown objects (because of schema inconsistency or corruption) or missing objects (perhaps due to obituaries ). The key to this exercise is to log in to only one server at a time , or ensure you correctly set your default server so you know from which server you're retrieving the data. TIP The old NWAdmn3X has a Use Master = True INI file parameter so that, when you create a user in NWAdmin, the Master replica is used. The same setting is available in Windows 9x and higher via the Registry key. The key that governs this use-master situation is HKEY_CURRENT_USER\Software\NetWare\ Parameters\NetWare Administrator\UserCreation\Use Master . To enable the feature, create the key of the type String Value (if not already there) and set it to 1 . If you know you have an inconsistent replica ring but NWAdmin isn't showing any differences when you log in to specific servers, check whether this setting is enabled. This also works for NetWare Administrator (NWAdmn32). ConsoleOne 1.3.4 and higher and iManager can also be run in a mode to force the utility to communicate with only the Master replica. Start ConsoleOne with the -forceMaster switch. This forces ConsoleOne to read only from the Master replica. For iManager 1.5 and higher, include &forceMaster=true in the URL when logging in.
ODBC Driver for eDirectory With the popularity of the Open Database Connectivity (ODBC) technology, many data applications (including spreadsheet programs such as Excel) provide an ODBC interface for connecting to an ODBC data source. And because NDS/eDirectory is a database, you can use the Novell ODBC Driver for eDirectory to easily query and retrieve Directory data and generate reports either for management or diagnostic needs. Although ConsoleOne, iManager, and NetWare Administrator provide a convenient interface for DS management, they are not the best applications when it comes to generating reports. This eDirectory ODBC driver serves as an independent interface for extracting and reporting specified DS information for use in the applications you use everyday. It allows you to populate reports, import data into your custom programs, or view data within a spreadsheet. In March 2004, Novell updated the driver to include the capability to perform simple update operations such as insert, modify, and delete on eDirectory objects. The architecture behind the Novell ODBC Driver for eDirectory consists of the application, the ODBC.DLL Driver Manager, the Novell ODBCNDS.DLL driver, the network, and eDirectory itself. The driver employs the ODBCNDS.DLL to abstract the directory tree into accessible relational database tables, which hides the complexity of the underlying directory syntax. Information is selected and ordered from the relational tables using standard Structured Query Language (SQL) statements embedded into the application. Using embedded SQL statements or ODBC functions, you can set queries and sort NDS/eDirectory information. For example, you can access the account information for each user. You can also set search conditions and sort directory entries to return specified entry attributes, such as the username, user description, telephone number, address, or other user-specific information. The retrieved user data can then be viewed in a report or used in programs. Figure 7.31 shows a Visual Basic program that uses the Novell ODBC Driver for eDirectory to access DS information. Figure 7.31. Access the Novell ODBC Driver for eDirectory from a sample Visual Basic program. 
NOTE You can download the Novell ODBC Driver for eDirectory, with read/write access, from developer.novell.com/ndk/odbcrw.htm.
Schema Manager and NDS Snoop Schema Manager is a ConsoleOne snap-in application that allows users with Supervisor rights to a tree (the [Root] object) to customize the schema of that tree. Schema Manager is available from the Tools menu. You can use Schema Manager to perform the following functions: -
View a list of all classes and attributes in the schema (see Figure 7.32). Highlight a class or attribute and then click Info to obtain additional information. Figure 7.32. Viewing a tree's schema classes and attributes using Schema Manager. 
-
View an attribute's information, such as its syntax and flags. -
Extend the schema by adding a class or an attribute to the existing schema; you need to have Supervisor rights to [Root] for this operation. -
Create a new class by naming it and specifying applicable attributes, flags, containers to which it can be added, and parent classes from which it can inherit attributes. The class can be an auxiliary class if running NDS 8 or higher. -
Create an attribute by naming it and specifying its syntax and flags. WARNING Any attributes added to a base class (that is, one that is part of the base schema, such as the User class), cannot be removed at a later time.
-
Add an attribute to an existing class. -
Delete a non-base class that is not in use or that has become obsolete. -
Delete an attribute that is not in use or that has become obsolete. Keep in mind that standard Novell-supplied management utilities, such as NetWare Administrator, cannot manage objects (such as create or update) that use extended schema definitions unless you have a snap-in for NetWare Administrator or custom applications that know about the extensions. Further discussions about NetWare Administrator snap-ins and a utility called ScheMax that allows you to extend the schema and create your own snap-ins can be found in Chapter 12, "eDirectory Management Tools." An excellent Windows application called NDS Snoop is easier to use and more powerful than ConsoleOne's Schema Manager. Initially developed as an NDS developer tool by Novell Developer Support, it has since been enhanced with new features, including support for eDirectory. NDS Snoop has the following features: -
NDS Browser ” It can be used to view any DS object and its corresponding attribute values. The browser allows you to browse any DS tree in your enterprise network. Continue to click the up arrow of the Containers list box until all the trees in your environment are displayed. If you select a tree to which you have not authenticated, you have [Public] access to that tree only. -
Schema Viewer ” The Schema Viewer tool (see Figure 7.33) is used to read all the Attribute and Object class definitions from DS. Expand each definition name to see its corresponding attributes. The Object Class super class hierarchy includes its entire super class lineage all the way to Top. You can determine which attribute is derived from each super class by its icon displayed in the tree view. Matching icons indicate that those attributes were defined for the corresponding super class. Figure 7.33. Viewing User class definitions using NDS Snoop. 
-
Schema Manager ” The Schema Manager tool is used to create DS schema attribute and class definitions. You must have sufficient rights to the [Root] of the tree to use the Schema Manager. If you do not have sufficient rights, all fields are disabled and the message You must have Admin Equivalent rights to use the Schema Manager! is displayed at the bottom of the view. Populate the fields with the desired values and select the desired operation for the attribute or object class definition. -
NDS Query ” The NDS Query tool can be used to build complex search filters to query DS for objects that adhere to specific search criteria. For example, you could search for all User objects that have a telephone number that begins with 123. This tool is useful to determine whether you can search for an attribute value or new object you have just added to the DS tree. -
Object Manager ” The Object Manager is used to create, delete, rename, or move any DS object. This tool can be used to create an object of a new custom DS Object Class schema extension you have just added. This tool automatically determines what the object's Mandatory Attributes are and allows you to add values for each. -
Object Editor ” The Object Editor can be used to add values for any attribute type for all DS object classes with the exception for SYN_STREAM and SYN_OCTET_STRING . For example, you could add a value for a new attribute class definition, Student ID Number, to an existing DS object. You can download NDS Snoop from www.novell.com/coolsolutions/tools/1005.html. Protocol Analyzers What do you do when a DS-aware application worked on one DS tree but doesn't on another? When you're encountering -625 communication errors, where should you start looking? Our favorite tools for diagnosing such problems are protocol analyzers . A protocol analyzer is either a combination of hardware and software or pure software that can capture and analyze individual packets on your network. Some protocol analyzer manufacturers require you to use their specific hardware, but others are software-only and can be used with a variety of network cards that can operate in the promiscuous mode. NOTE Promiscuous mode operation is the capability of a network adapter (or network interface card [NIC]) to make a copy of the packets that are not addressed to it. Not all NICs can operate in this mode; therefore, you should check with your NIC's vendor if you're unsure.
One of the first software-only protocol analyzers is Novell's LANalyzer for Windows. It can monitor, capture, and analyze both Ethernet and Token-Ring data frames . It can decode all NetWare, AppleTalk, and TCP/IP protocol suites; for protocols it doesn't support, you're presented with the hex dump of the contents. A number of protocol analyzers are available commercially, such as Sniffer from Network Associates (www.networkassociates.com/us/products/sniffer/home.asp), and one of the more popular free protocol analyzers, Ethereal (www.ethereal.com). Although Ethereal is still technically beta software, it has a comprehensive feature set and many users have used it successfully for production use. Here is the list of features, current as of version 0.9.14, in no particular order: -
Data can be captured "off the wire" from a live network connection or read from a capture file. -
Ethereal can read capture files from tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog , the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, or Visual Networks' Visual UpTime. It can also read traces made from Lucent/Ascend WAN routers and Toshiba ISDN routers, as well as the text output from VMS's TCPIPtrace utility and the DBS Etherwatch utility for VMS. Any of these files can be compressed with gzip, and Ethereal decompresses them on-the-fly . -
Live data can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all those types are supported on all platforms). -
Captured network data can be browsed via a GUI or via the TTY-mode tethereal program. -
Captured files can be programmatically edited or converted via command-line switches to the editcap program. -
More than 500 protocols can currently be dissected, including but not limited to AARP, AIM and its related protocols, ARP/RARP, BOOTP/DHCP, BOOTPARAMS, BROWSER, DHCPv6, DNS, DNSSERVER, EIGRP, FTP, FTP-DATA, FTSERVER, H.261, H.263, H1, H225, H245, H4501, IGRP, IP, IPX, IPX MSG, IPX RIP, IPX SAP, IPX WAN, IPv6, LDAP, MySQL, NBIPX, NCP, NDPS, NETLOGON, NFS, NFSACL, NFSAUTH, NIS+, NIS+ CB, NLSP, NMAS, NNTP, NTP, NetBIOS, OSPF, PPP and its related protocols, RIP, SMB, SMB Mailslot, SMB Pipe, SMPP, SMTP, SPX, SRVLOC, SRVSVC, SSH, SSL, Syslog, TCP, TELNET, TFTP, TIME, Token-Ring, and UDP. -
Output can be saved or printed as plain text or PostScript. -
Data display can be refined using a display filter. -
Display filters can also be used to selectively highlight and color packet summary information. -
All or part of each captured network trace can be saved to disk. To use a protocol analyzer effectively, you need to be versed in the protocols to understand what you're seeing. The analyzer tells you what it sees on the wire, but it's up to you, the user, to interpret the presented data and take appropriate action. TIP An excellent resource about protocol analysis is the Protocol Analysis Institute's Web site at www.packet-level.com.
|
