Novell Network Management: NetWare 6

Chapter 3: Understand and Manage Client Access on a NetWare 6 Network

 

Objectives:

This chapter discusses management of issues associated with Novell Client software. The objectives important to this chapter are on page 3-1:

  1. Use the Novell Client to Manage and Troubleshoot User Connectivity Problems
  2. Identify Client Access Guidelines and Components for NetWare Networks
  3. Update Novell Client Software
Concepts:

The chapter begins with the idea of what a network client does. In short, it serves as the interface between the workstation and network services. A network workstation may use several kinds of client software. For example, a workstation may need client software for e-mail, for a Novell network, and for a Microsoft network run at the same location. There are variations on this theme. A remote workstation may need the iFolder client to gain access to files without actually being connected to the network. A workstation may also use a browser now to access services on a Novell network. Users who only need file service from a NetWare 6 network may need only NFAP (Native File Access Pack), if they are using a Windows, Macintosh, or UNIX workstation.

The text explains that there are two kinds of client connections possible on a NetWare network. Each workstation can only have one type of connection at any given time:

  • Bindery Services - This is provided for backward compatibility with NetWare 3 servers, and with applications that require access to Bindery Services.
  • eDirectory Services - This is for access to NDS or eDirectory based services.

Previous versions of NetWare offered client software for the Macintosh OS and for the 3.x versions of Windows.

Use the Novell Client to Manage and Troubleshoot User Connectivity Problems

Once Novell client software is installed on a workstation, you can access services from it by right-clicking the red N that you see in the system tray of that workstation. This will present the context sensitive menu of functions available to the user. This menu can be limited by the configuration of the client software on the workstation. You should know that you can also access some Novell functions by right-clicking any file in Windows Explorer. The Novell functions will show with a red N in the menu that appears.

Using the "N menu", there are several things you can do that relate to troubleshooting:

  • NetWare Connections - The servers that the user has connected to in this session appear in a list. One server should have an asterisk by its name. It is the primary server, which is handling requests from the NetWare client. Initially, it is typically the nearest server that was not busy when the user logged in. The preferred server should be the one the user has the most resources on.
    The preferred server is meant to be listed in the properties of the NetWare client on the workstation, or named in the workstation's NET.CFG file. If it is not, the first server contacted on startup will act as the primary and the preferred server for the workstation.
    Once the workstation connects to the preferred server, it acts as the workstation's primary, processing all requests. It is possible that this server can be too busy to provide good service, so you can manually set the a new primary server by selecting one in the list, and clicking the Set Primary button.
  • NetWare Login - this brings up the login screen, which lets you browse for a tree or a container. If this does not work, the text suggests that you go back to the N menu, and choose Browse To | My Network Places. From there, find and double-click Entire Network. Find and double-click NetWare Services.
    • If you are on a workstation needing a bindery connection, find and double-click NetWare Servers;
    • otherwise find and double-click Novell Directory Services.
    Continue drilling down to a tree or server that presents you with a login screen. A message of Access Denied will indicate a mistake in User Name or Password, or a lack of rights to the resource.
  • Manage Drive Mappings - You can map a drive letter to a resource or release a mapping from the N menu. From either function, you can inspect the mappings currently in effect, to make sure they are correct.
    By default, drive mappings created on NT and Windows 2000 workstations are "root-mapped". This means that the workstation assumes that the resource mapped is at the root of its file system, regardless of its actual hierarchical position. The prevents the user from drilling up the file system tree to resources they should not have, but it also prevents programs that use the mapped drive from accessing files higher than the mapped resource. If this is a problem for some users, insert the following command in their login scripts to prevent root-mapping:
    SET MAPROOTOFF="1"
    Remember that the number 1 usually represents the concept "TRUE" in most programming languages.
  • Send Messages - The Novell Send Message service allows you to send an instant popup message to the screen of a single user, a group of users, or all users who are logged in to a given server. It also allows you to send a message to a server console, if you have supervisor rights to that server, and if you have authenticated to that server.
    Be aware that this is not like e-mail: you can only send to workstations that are currently logged in, not to users who will log in later.
    To use this service, click NetWare Utilities | Send Message, then choose To Users or System Console.
  • Manage Files and Directories - Three areas of troubleshooting are listed.
    • Trustee assignments (rights) - You can check rights to a file or directory by browsing in Windows Explorer or Network Neighborhood. Access the properties of an object, and choose the NetWare Rights tab. You can change rights to the object with the Inherited Rights and Filters button on the NetWare Rights tab. On the next screen, you can remove all or selected rights from the user. The action that takes place establishes a filter for that trustee.
    • Purge or Salvage Directories and Files - Remember, files deleted from a Novell server are not truly gone until an administrator or the system Purges them. Until that time, an administrator, or a user with rights to the system, can Salvage (recover) the deleted files and directories.
    • Customize a Network File Copy - The NetWare Copy utility provides a Windows interface with many choices: copy only files with specific attributes, copy only newer files, copy only files that already exist in the target, and other options. Copied files can be given new attributes, different from the originals.
  • View Client Version - Since some of these feature are not available in earlier clients, it is important to know what version is installed on a workstation. To quickly view the Preferred Server, Preferred Tree, Client Version, and Service Pack version, choose Novell Client Properties from the N menu, and look at the Client tab.
Identify Client Access Guidelines and Components for NetWare Networks

The text offers some guidelines for providing access to network resources:

  • Establish a common desktop. It is easier to troubleshoot and maintain workstations that are all the same.
  • If you have multiple workstation operating systems, identify the needs of the largest group first.
  • There are several types of eDirectory connections. Identify the types needed for each user and each group.
  • Create login scripts that meet common needs, and apply them to users by container. Create special scripts for profiles and users with special needs.
  • Document all the clients installed on workstations. As mentioned above, a workstation may have several clients on it, and they do not all behave well together.
  • Balance the needs of the users to access all resources, with the memory limitations of the workstations.

If a number of users find that login is slow, troubleshoot the server before the client software.

If users have trouble accessing resources, suspect login script problems, such as drive mappings, before suspecting connection settings in the login scripts.

The text describes three types of eDirectory connections:

  • Connected but not logged in - This describes a user who has not logged in, but can bring up the login screen to do so. It is a fine distinction, but necessary. The user should have all rights given to the Public trustee at this point.
  • Authenticated - The user's password and ID have been accepted, and the user has all rights granted by eDirectory in that tree. The text makes a distinction that before NDS (NetWare 4), users had to log in again to each addtional server they had rights to.
  • Authenticated and Licensed - Print service and drive mapping are examples of services that require licenses in NetWare 6. These services are unavaliable until the user is authenticated, and they require the use of a network license from the pool of available user licenses on the network. It is possible to run out of user licenses if you do not install enough for the number of users you may have.

Novell provides 32-bit client software for Windows 3.x, Windows 95/98, and Windows NT/2000/XP. Note the three groupings, and note that Windows 3.x requires DOS. Benefits of Client 32 architecture are listed:

  • Increased connectivity speed
  • Ease of maintenance and upgrade
  • Automatic reconnection if servers go down and come back up. Eliminates the need to reboot the workstation.
  • Caches frequently used data, increasing response time.
  • Support access to multiple trees.

Client service types are divided into two varieties, as noted above:

  • Bindery Service Connection - Services based on individual servers. The bindery was a two dimensional database of network resources (NetWare 3.x), with each server having its own bindery. You can set a bindery context for a client, usually the container that the user object is in, allowing that container to act like a bindery if needed. Setting the bindery context in current Novell clients will allow those clients to make a bindery connection to a NetWare 3.x server.
  • eDirectory Connection - Services based on connection to eDirectory, a relational database of objects and rights in the network. The text tells us that we must use 32-bit clients and NetWare 6 (or later) servers for authentication. It uses RSA encryption, a method used on Internet sites, involving private and public keys.

As covered in a previous course, login scripts are used to establish drive mappings, print setups, and other network services when users log in to the network. (The capture and queue commands may be needed if using NetWare 4.x servers or using applications written for that environment.) Remember that the login script property only exists for containers, profiles, and users in eDirectory. When a user logs in, the scripts pertaining to the user execute in that order: container, profile, and user.

Three types of users are described, based on their network access needs:

  • Network user - users commonly use one workstation, which may use wired or wireless technology. Manage them with container login scripts.
  • Mobile user - users frequently use different hardware in different locations to access the network. These users need access to their usual network resources, as well as those at their current location. An example would be a technician who travels to remote sites on service calls, or an auditor who needs to print documents at each office visited. Manage them by teaching them to specify their distinguished user name and context on login, or by creating an alias object for them high in the tree, to make login easier.
  • Remote user - users typically have their own mobile computer, and connect by dial up or Virtual Private Network connection. These users typically do not need access to the local resources at their current location. They are simply network users at a different location.

The Novell Client software has several components:

  • NWFS.SYS - works as an interface to the network, intercepting requests that would be made to the workstation operating system. The text now describes this function as acting as a "redirector", meaning that the intercepted requests are redirected to the network.
  • LAN drivers and Communications Protocols - Novell's ODINSUP module serves as an interface between two major families of products: Microsoft products typically use NDIS (Network Driver Interface Specification) drivers, while Novell products use ODI (Open Data-link Interface) drivers. The portion of the client serves as a bridge between the two.
  • GINA (Graphical Identification and Authentication) Module - A user normally logs in to a Windows 32 bit workstation using the Windows component WinLogon. WinLogon is composed of components, one of which is GINA (Graphical Identification and Authentication). The standard GINA is MSGINA.DLL, which the Novell Client replaces with NWGINA.DLL. The Windows registry is modified to use the Novell DLL instead of the Microsoft DLL.
Update Novell Client Software

Novell client software can be upgraded automatically on workstations using login scripts and the Automatic Client Upgrade (ACU) utility on the server. Note that this method cannot be used for the initial client installation, and Novell recommends that it be used for users in one container at a time. It requires that a program, ACU.EXE be run, which will examine the client on a workstation, and upgrade if it is older than the one stored on the server.

The text breaks down a project using ACU into five tasks:

  1. Create a directory on the server - Create it under the Public directory of your server, which users will have rights to at the time of logging in. You only need one directory if you are installing to one kind of workstation, otherwise make one for each client version needed.
  2. Copy Novell client files to the directory - If you have a Novell client CD, copy from it, otherwise, download from the Novell web site. You will also need the ACU.INI file for this client. The text cautions that for Windows 95/98, you should also copy the CAB files from the Windows installation CD to the directory you have set up for the client for that platform.
  3. Modify the ACU configuration file - You can modify the default behavior of ACU by modifying the settings in ACU.INI with the NCIMAN.EXE utility. Setting choices depend on whether you want to offer choices to the user, or just install when needed. Settings in this file affect installations on all platforms.
  4. Update the platform-specific configuration files - Like the options for modification of the ACU.INI file, however, changes in these files are specific to the platforms they are for.
  5. Modify the container login script - The login script code must reference the correct version of ACU stored on the server. Examine the examples in the text, which we will go over in class.