NetWare FTP server is based on the standard ARPANET file transfer protocol that runs over TCP/IP and conforms to RFC 959. You can perform file transfers from any FTP client by using the FTP server to log in to the Novell eDirectory tree. FTP server is a fully functional FTP with many features, such as those in following list. This section provides basic installation and configuration information so you can use FTP file access with NetDrive. -
iManager-based management: Use iManager to start and stop FTP server, and configure server, security, user , and log settings. For more information on iManager, see Chapter 3. -
Run multiple copies of FTP server: Multiple instances of NetWare FTP server software can be loaded on the same NetWare server, providing different FTP services to different sets of users. -
FTP access restrictions: FTP access can be restricted at various levels through comprehensive access rights controls. -
Intruder detection: Intruder hosts or users who try to log in using an invalid password can be detected and restricted. -
Remote server access: FTP users can navigate and access files from other NetWare servers in the same eDirectory tree, and even from remote IBM servers. Remote servers don't have to be running an FTP server. -
Anonymous user access: Anonymous user accounts can be set up to provide users with basic access to public files. -
Special quote site commands: These are special, NetWare-specific commands used to change or view some NetWare-specific parameters. -
Firewall support: If the FTP client is behind a firewall, FTP server supports passive mode data transfer and the configuration of a range of passive data ports. -
Active sessions display: View details of all active FTP instances in real-time. This includes such information as a list of all instances, details of each instance, all sessions in an instance, and details of individual sessions within an instance. -
Name space support: FTP server supports both DOS and long name spaces. The FTP user can dynamically change the default name space by using one of the quote site commands. -
SNMP error reporting: Simple Network Management Protocol (SNMP) traps are issued when an FTP login request comes from an intruder host or from a node address restricted through Novell eDirectory. SNMP traps can be captured and viewed by any SNMP-compliant management console. -
FTP logs: The FTP service maintains a log of several activities, including FTP sessions, unsuccessful login attempts, active sessions details, and system error and FTP server- related messages. -
Cluster services support: NetWare FTP server can be configured with Novell Cluster Services (NCS) for high availability. For detailed information on all FTP server features, see the NetWare 6.5 online documentation. Installing FTP Server The FTP server can be installed as an optional component during the NetWare 6.5 installation or it can be installed later through iManager or the graphical server console. To install the FTP server using iManager, complete the following steps: -
Insert the NetWare 6.5 Operating System CD-ROM into your workstation. -
Launch iManager and open the Install and Upgrade link in the left navigation frame. -
Select Install NetWare 6.5 Products, and then click Remote Product Install in the right frame. -
At the Target Server screen, select the server to which you want to install FTP server and click Next . Authenticate as an Admin user for your eDirectory tree and click OK. -
At the Components screen, click Clear All and select only NetWare FTP Server. Click Next. -
At the Summary screen click Copy Files. You will be prompted to insert the NetWare 6.5 product's CD-ROM. After the FTP server files are copied , click Close to complete the installation. Configuring FTP Server Before you start the NetWare FTP server software, you should configure it by setting the configuration parameters in the configuration file. The default configuration file is SYS:/ETC/FTPSERV.CFG . The parameters in this configuration file are commented with their default values. When the NetWare FTP server is started, the IP address of the host ( HOST_IP_ADDR ) and the port number of the NetWare FTP server ( FTP_PORT ), as defined in the configuration file, are used to bind to and listen for FTP client connection requests . If these parameters are not defined in the configuration file, the FTP server binds to all configured network interfaces in the server and uses the standard FTP ports. Multiple instances of the NetWare FTP server can run on a single machine with different IP addresses or port numbers . The various parameters in the configuration file along with the default values are described in the tables presented later in this chapter. You can use iManager as an access point for administering the NetWare FTP server. To do so, launch iManager and select File Protocols > FTP in the left navigation frame. The FTP server utility is shown in Figure 10.15. Figure 10.15. FTP Server Administration page in iManager. The FTP server configuration file can be edited manually with any text editor. However, it is much easier to configure and manage FTP server from iManager. iManager also gives you the freedom to manage the FTP server from any network connection and Web browser. From the FTP Server Administration page, you can start and stop the FTP server as necessary. This loads or unloads NWFTPD.NLM on the NetWare 6.5 server running FTP services. You can also use the Monitor button to view a list of active FTP sessions, with statistics on each. The server reads the default configuration file SYS:/ETC/FTPSERV.CFG and configures itself accordingly . If there is any change in the FTP configuration file, you should stop and restart the FTP server. There are four pages of configuration options available to configure and manage FTP server from iManager. Each provides access to specific types of configuration parameters and information, as described in the following sections. General Settings Click the General tab to access general FTP server settings. When finished, click Save to record your settings or click Reset to revert to the previous settings. Table 10.1 lists the available server settings, with a brief description and the equivalent setting in the configuration file. Table 10.1. Server Settings Parameters in iManager PARAMETER | CONFIG FILE | DEFAULT VALUE | DESCRIPTION | Server IP address | HOST_IP_ADDR | N/A | Sets the IP address that will be used for the FTP server. If left blank, FTP server will bind to every IP address on the NetWare server. | FTP Port | FTP_PORT | 21 | Specifies the port that FTP server will use to listen for FTP requests. | FTP sessions (maximum) | MAX_FTP_SESSIONS | 30 | Maximum number of FTP sessions that can be active at any point of time. Minimum value is 1. | Idle session timeout (seconds) | IDLE_SESSION_TIMEOUT | 600 | Duration in seconds that any session can remain idle. Check the Disable Idle Timeout box if you don't want FTP sessions to time out. This sets the FTPSERV value to 1. | Secure connections only | SECURE_CONNECTIONS_ONLY | Disabled | Forces all FTP sessions to use a secure (SSL) connection. Nonsecure sessions are rejected. | Default Namespace | DEFAULT_NS | Long | The default namespace. The valid values are DOS and LONG . | Data buffer size (KB) | D ATA_BUFF_SIZE | 64 | Sets the size of the FTP transfer buffer. Valid sizes range from 4KB to 1020KB. | Keep- alive time (minutes) | KEEPALIVE_TIME | 10 | Sets the interval at which the FTP server will check active connections to see whether they have been broken from the other side. Values can be 5 minutes to 120 minutes. | Welcome banner file | WELCOME_BANNER | SYS:/ETC/WELCOME.TXT | When the FTP client establishes a connection, the content of this file is displayed. | Directory message file | MESSAGE_FILE | MESSAGE.TXT | When the user changes the directory, the contents of this file are displayed. For this, the file with that name should exist in the directory. | Minimum port | PASSIVE_PORT_MIN | 1 | Minimum port number used for establishing passive data connection. The port value range is 1 to 65534. The minimum value should always be less than or equal to the maximum value. | Maximum port | PASSIVE_PORT_MAX | 65534 | Maximum port number used for establishing passive data connection. The port value range = 1 to 65534. The maximum value should always be greater than or equal to the minimum value. | File permissions | PSEUDO_FILE_PERMISSIONS | 644 | If enabled, this will display file rights in the standard Unix format rather than in the NetWare trustee rights format. | Directory permissions | PSEUDO_DIR_PERMISSIONS | 755 | If enabled, this will display directory rights in the standard Unix format rather than in the NetWare trustee rights format. | User Settings Click the User tab to access parameters that control file access and user authentication for FTP server. When finished, click Save to record your settings or click Reset to revert to the previous settings. Table 10.2 lists the available user settings, with a brief description and the equivalent setting in the configuration file. Table 10.2. User Settings in Web Manager PARAMETER | CONFIG FILE | DEFAULT VALUE | DESCRIPTION | Use FTP for Web publishing | N/A | No | Sets home directory to SYS:/APACHE2/HTDOCS/FTPWEBS . Lets content publishers copy files to a Web server via FTP. | Default home server | DEFAULT_USER_HOME-SERVER | Server where FTP is running | Specifies the name of the server that the default home directory is on. | Default home directory | DEFAULT_USER_HOME | SYS:\PUBLIC | The default home directory for FTP users. | Always use Default Home Directory instead of user's home directory from eDirectory | IGNORE_REMOTE_HOME | No | Specifies whether to ignore the home directory and go to the default directory. | Use FTP Default Home Directory if user's eDirectory home directory is not on the FTP server | IGNORE_HOME_DIR | No | Specifies whether to ignore the home directory, if it is on a remote server, and go to the default directory. | Default FTP context | DEFAULT_FTP_CONTEXT | N/A | Sets the container in which FTP server will look for users. This must be a fully distinguished container name in eDirectory (with leading dot). | Search List | SEARCH_LIST | N/A | A list of fully distinguished names of containers in which FTP users will be looked for, separated by commas. The length of this string including the commas should not exceed 2048 bytes. You can specify a maximum of 25 containers. | FTP user restrictions file | RESTRICT_FILE | SYS:/ETC/FTPREST.TXT | FTP server can define access restrictions to various levels of users, hosts, and so on. These restrictions are defined in a file, which can be specified here. | Anonymous users | ANONYMOUS_ACCESS | No | Specifies whether anonymous user access is allowed. | Anonymous user directory | ANONYMOUS_HOME | SYS:/PUBLIC | The Anonymous user's home directory. | Require email for password | ANONYMOUS_PASSWORD_REQUIRED | Yes | Specifies whether to ask for an email ID as the password for Anonymous user to log in. | Security Settings Click the Security tab to access intruder detection parameters for FTP server. When finished, click Save to record your settings or click Reset to revert to the previous settings. Table 10.3 lists the available security settings, with a brief description and the equivalent setting in the configuration file. Table 10.3. Security Settings in Web Manager PARAMETER | CONFIG FILE | DEFAULT VALUE | DESCRIPTION | Intruder list | N/A - Clear | N/A | Clears the [button] intruder list that is maintained by FTP server. | Host intruder detection | See next parameter | Yes | Turns intruder detection on/off for other FTP hosts that access the FTP server. | Login attempts for host intruder detection | INTRUDER_HOST_ATTEMPTS | 20 | The number of unsuccessful login attempts for intruder host detection. When set to 0, intruder host login detection is disabled. | Login disable time after detection | HOST_RESET_TIME | 5 | Time interval in minutes during which the intruder host is not allowed to log in. | User intruder detection | See next parameter | Yes | Turns intruder detection for FTP clients that access FTP server. | Login attempts for user intruder detection | INTRUDER_USER_ATTEMPTS | 5 | The number of unsuccessful login attempts for intruder host detection. When set to 0, intruder host login detection is disabled. | Login disable time after detection | USER_RESET_TIME | 10 | Time interval in minutes during which the intruder user is not allowed to log in. | Log Settings Click the Log tab to access log file parameters for FTP server. All FTP logs are created automatically. You control only the types of messages that are logged and how large the log files will grow. When finished, click Save to record your settings. You can also view current log files by selecting the log you want to see and clicking the View button. Table 10.4 lists the available log settings, with a brief description and the equivalent setting in the configuration file. Table 10.4. Log Settings in Web Manager PARAMETER | CONFIG FILE | DEFAULT VALUE | DESCRIPTION | Log directory | FTP_LOG_DIR | SYS:\ETC | Specifies the directory in which FTP log files will be stored. | Maximum log size (KB) | MAX_LOG_SIZE | 1024 | Maximum size to which an FTP log file will grow. Range from 1KB to 4194303KB. | Messages of type | LOG_LEVEL | Errors, Warnings, and Information | Indicates the types of messages that are logged. | Daemon log file | FTPD_LOG | ftpd | Specifies the name of the FTP daemon log file. | Audit log file | AUDIT_LOG | ftpaudit | Specifies the name of the FTP audit log file. | Intruder log file | INTRUDER_LOG | ftpintr | Specifies the name of the FTP intruderlog file. | Statistics log file | STAT_LOG | ftpstat | Specifies the name of the FTP statistics log file. | To view any of the log files mentioned in Table 10.4, select it from the Log File drop-down menu and click the View button. This information will give you an FTP server suitable for use with NetDrive, which was discussed earlier in this chapter. For more information on using an FTP server in more general situations, see the NetWare 6.5 online documentation. |