Page 1
Novell®
www.novell.com
Administration Guide
ClientTM for Linux
novdocx (en) 13 May 2009
AUTHORIZED DOCUMENTATION
2.0 SP3
November 2009
Novell Client 2.0 SP3 for Linux Administration Guide
Page 2
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export
approvals.
novdocx (en) 13 May 2009
Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied,
stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or
more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web page (http://www.novell.com/documentation).
Page 3
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (en) 13 May 2009
Page 4
novdocx (en) 13 May 2009
4 Novell Client 2.0 SP3 for Linux Administration Guide
Page 5
Contents
About This Guide 7
1 Understanding the Novell Client for Linux 9
1.1 Understanding How the Novell Client for Linux Differs from the Novell Client for Windows 2000/
XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.1.1 Installation and Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.1.2 Logging In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.1.3 User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.1.4 Login Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.1.5 Mapping Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.2 Understanding the Novell Client for Linux Virtual File System . . . . . . . . . . . . . . . . . . . . . . . . . 11
2 Configuring the Novell Client for Linux 13
novdocx (en) 13 May 2009
2.1 Using the Novell Client Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.1.1 Configuring Login Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.1.2 Configuring Map Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.1.3 Configuring Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.1.4 Configuring Tray Application Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.1.5 Configuring File Browser Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.1.6 Configuring OpenSLP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.2 Configuration Files for Preconfiguring the Novell Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.3 Server Side Configuration for Sending Messages from Client to Users and Groups. . . . . . . . 21
3 Managing Login 23
3.1 Setting Up Integrated Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.1.1 Installing and Enabling CASA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.1.2 Configuring Integrated Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.1.3 Enabling and Disabling Integrated Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.2 Setting Up Login Scripts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.3 Setting Up Login Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4 Using OpenSLP to Simplify Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.4.1 Setting Up SLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.4.2 Troubleshooting SLP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.4.3 Configuring SLP and the SUSE Firewall to Work with the Novell Client for Linux. . . 29
4 Managing File Security 33
4.1 Checking File or Folder Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.2 Changing Trustee Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.3 Adding a Trustee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.4 Removing a Trustee. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.5 Combining Multiple Trustees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5 Security Considerations 39
5.1 Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.2 Known Security Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Contents 5
Page 6
5.3 Security Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
5.3.1 Identification and Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.3.2 Authorization and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.3.3 Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.3.4 Security Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.4 New and Modified Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.4.1 Configuration Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.4.2 PAM Login Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.4.3 User Profile Startup Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.4.4 KDE and GNOME Desktop Startup Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.4.5 Installation Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.5 Other Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
6 Troubleshooting Tips 45
6.1 Novell Client tray sometimes displays an error message on logging in to a desktop on which LUM
is configured. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
A The Novell Client for Linux Command Line Utilities 47
A.1 Shell Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
A.2 GUI Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
A.3 Using the Novell Client for Linux Man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
novdocx (en) 13 May 2009
B Novell Client for Linux Man Pages 51
gnwlogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
login.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
mapdrives.conf. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
ncl_install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
ncl_man . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
ncl_tray. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
nwconnections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
nwcopy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
nwflag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
nwlogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
nwlogout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
nwmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
nwpurge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
nwrights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
nwsalvage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
nwsend. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
StartupLogin.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
StartupMaps.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
C Documentation Updates 89
C.1 September, 2009 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
C.2 August, 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
6 Novell Client 2.0 SP3 for Linux Administration Guide
Page 7
About This Guide
This guide describes how to configure the Novell® ClientTM for Linux software.
Chapter 1, “Understanding the Novell Client for Linux,” on page 9
Chapter 2, “Configuring the Novell Client for Linux,” on page 13
Chapter 3, “Managing Login,” on page 23
Chapter 4, “Managing File Security,” on page 33
Chapter 5, “Security Considerations,” on page 39
Chapter 6, “Troubleshooting Tips,” on page 45
Appendix A, “The Novell Client for Linux Command Line Utilities,” on page 47
Appendix B, “Novell Client for Linux Man Pages,” on page 51
Appendix C, “Documentation Updates,” on page 89
novdocx (en) 13 May 2009
Audience
This guide is intended for network administrators.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with this product. Please use the User Comments feature at the bottom of each page of the
online documentation, or go to www.novell.com/documentation/feedback.html and enter your
comments there.
Documentation Updates
For the latest version of this documentation, see the Novell Client online documentation (http://
www.novell.com/documentation/linux_client/index.html).
Additional Documentation
For information on installing the Novell Client for Linux, see the Novell Client 2.0 SP3 for Linux
Installation Quick Start (http://www.novell.com/documentation/linux_client/ncl20sp3_installqs/
data/ncl20sp3_installqs.html).
For information on the Novell Client tray application, see the Novell Client 2.0 SP3 for Linux User
Guide.
For information on login scripts, see the Novell Login Scripts Guide.
Documentation Conventions
In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and
items in a cross-reference path.
®
A trademark symbol (
trademark.
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
About This Guide 7
Page 8
When a single pathname can be written with a backslash for some platforms or a forward slash for
other platforms, the pathname is presented with a backslash. Users of platforms that require a
forward slash, such as Linux or UNIX, should use forward slashes as required by your software.
novdocx (en) 13 May 2009
8 Novell Client 2.0 SP3 for Linux Administration Guide
Page 9
1
Understanding the Novell Client
novdocx (en) 13 May 2009
for Linux
The Novell® ClientTM for Linux software allows users of Linux workstations or Linux servers to
access and use all of the services available on servers running Novell eDirectory
Client brings the full power, ease of use, manageability, and security of eDirectory to Linux
workstations and Linux servers. The Novell Client for Linux fully supports NetWare
eDirectory services and utilities on a Linux workstation or a Linux server, including security, file,
and print services through Novell iPrint.
This section contains the following information:
Section 1.1, “Understanding How the Novell Client for Linux Differs from the Novell Client
for Windows 2000/XP,” on page 9
Section 1.2, “Understanding the Novell Client for Linux Virtual File System,” on page 11
1.1 Understanding How the Novell Client for
Linux Differs from the Novell Client for Windows
2000/XP
Using the Novell Client for Linux differs in a few ways from using the Novell Client for Windows.
For users and network administrators who are familiar with the Novell Client for Windows,
knowing these differences can help the transition to Linux run more smoothly.
TM
. The Novell
®
, OES, and
1
Section 1.1.1, “Installation and Upgrades,” on page 9
Section 1.1.2, “Logging In,” on page 10
Section 1.1.3, “User Interface,” on page 10
Section 1.1.4, “Login Scripts,” on page 10
Section 1.1.5, “Mapping Volumes,” on page 10
1.1.1 Installation and Upgrades
The Novell Client for Linux can be installed and upgraded by using either YaST or an
installation script. For more information, see the Novell Client 2.0 SP3 for Linux Installation
Quick Start (http://www.novell.com/documentation/linux_client/ncl20sp3_installqs/data/
ncl20sp3_installqs.html).
There is no Automatic Client Upgrade available on Linux.
The Client Configuration Wizard lets you set up a configuration file that can be used to
preconfigure workstations during installation. For more information, see Section 2.2,
“Configuration Files for Preconfiguring the Novell Client,” on page 21.
Understanding the Novell Client for Linux
9
Page 10
1.1.2 Logging In
When a user logs in to a local workstation and then opens a remote SSH session and logs in as
the same user, the network resources that user has rights to are available to the user.
The Novell Client for Linux can use the NMAS
NMAS login is not integrated in to the Novell Client for Linux login screen, so the default
login sequence cannot be set in the Novell Client Login screen.
The Novell Client for Linux uses OpenSLP, whereas the Novell Client for Windows uses
Novell’s implementation of SLP. The network administrator must set up OpenSLP before users
can look up trees, contexts, and servers using the Browse buttons in the Novell Client Login
window. If OpenSLP is not set up, the user must enter a username, tree, and context to connect
to the network. See Chapter 3, “Managing Login,” on page 23 for more information.
Because Linux uses OpenSLP, the implementation is different and the user’s experience is
different. For more information, see Section 3.4, “Using OpenSLP to Simplify Login,” on
page 27.
The Novell Client for Linux does not use the Dynamic Local User or Location Profiles that are
available in Windows.
TM
login method to authenticate. However, the
novdocx (en) 13 May 2009
1.1.3 User Interface
Both a graphical user interface and command line utilities are available to complete client actions
such as mapping drives, setting trustee rights, and copying files.
For information on using the graphical user interface, see the Novell Client 2.0 SP3 for Linux User
Guide. For information on using the command line utilities, see Appendix A, “The Novell Client for
Linux Command Line Utilities,” on page 47 and Appendix B, “Novell Client for Linux Man Pages,”
on page 51.
1.1.4 Login Scripts
Novell has ported the vast majority of login script functionality to the Linux platform. This means
that the login scripts you create in your network can be used for both Windows users and Linux
users with very little difference in functionality.
Some differences do exist, however. For example, mapped drives are implemented by creating
symbolic links and search drives are not available on Linux. Other small differences are created by
the inherent difference between Windows and Linux. All the differences and issues are listed in the
Novell Login Scripts Guide.
1.1.5 Mapping Volumes
On Windows, mapping volumes enables users to browse through the entire eDir tree. However, on
Linux, only the servers in the eDir tree and their respective volumes are listed under them.
10 Novell Client 2.0 SP3 for Linux Administration Guide
Page 11
1.2 Understanding the Novell Client for Linux
Virtual File System
The Novell Client for Linux differs from previous Novell Clients to enable it to work on the Linux
platform. In Windows, the Novell Client loads a single binary that works on multiple operating
system platforms without modifications. The Novell Client on Linux uses a Virtual File System
provided by the base operating system itself which is a kernel module (
of the Linux kernel and a daemon (
running on the workstation for the client to connect to the network.
novfsd
) that runs in the user space. Both components must be
novfs.ko
) that runs as part
novdocx (en) 13 May 2009
Understanding the Novell Client for Linux 11
Page 12
novdocx (en) 13 May 2009
12 Novell Client 2.0 SP3 for Linux Administration Guide
Page 13
2
Configuring the Novell Client for
novdocx (en) 13 May 2009
Linux
This section explains two ways that you can configure the Novell® ClientTM for Linux settings on a
workstation. Both methods let you configure the file browser, protocol, login, tray application, and
SLP configuration settings available to Novell Client users.
Section 2.1, “Using the Novell Client Configuration Wizard,” on page 13
Section 2.2, “Configuration Files for Preconfiguring the Novell Client,” on page 21
Section 2.3, “Server Side Configuration for Sending Messages from Client to Users and
Groups,” on page 21
2.1 Using the Novell Client Configuration Wizard
The Novell Client for Linux includes a Novell Client Configuration Wizard to simplify the process
of configuring your Novell Client.
1 Launch the Novell Client Configuration Wizard by using either of the following methods:
Click > System Settings.
In YaST, click Network Services > Novell Client.
2 If you are not logged in as
root
, type the
root
password, then click OK.
2
3 Select the Client Configuration Wizard pages that contain the settings you want to configure.
You can configure the following settings:
Login
Configuring the Novell Client for Linux
13
Page 14
Map
Protocol
Tray Application
File Browser
Service Location Protocol (OpenSLP)
4 Click Start Wizard.
5 Follow the instructions in the left panel to configure Novell Client settings.
6 Click Finish.
7 Restart the workstation to ensure that the settings take effect.
If you made changes to the Protocol Settings page or the Service Location Protocol (OpenSLP)
Settings page, you must reboot the machine for those changes to take effect.
novdocx (en) 13 May 2009
Any changes you make to the Novell Client settings are written to a set of configuration (
files in the
/etc/opt/novell/ncl
directory.
.conf
IMPORTANT: When Novell Client software is uninstalled, these configuration files are also
removed.
2.1.1 Configuring Login Settings
Use the Login Settings page in the Novell Client Configuration Wizard to configure the settings
available to users in the Novell Login dialog box.
Figure 2-1 Login Settings Page
)
14 Novell Client 2.0 SP3 for Linux Administration Guide
Page 15
This page contains the following options:
novdocx (en) 13 May 2009
NMAS Authentication: Enables or disables Novell Modular Authentication Services
(NMAS
TM
) during login. NMAS authentication can add additional security to the network, but
if the network does not use NMAS, login might take additional time, so you can disable NMAS
authentication by disabling this setting. This option is selected by default.
Clear Previous User Name: Clears the previous username from the User Name field on the
Novell Login dialog box every time you open the dialog box.
Advanced Button: Enables or disables the Advanced button in the Login dialog box. This
option is selected by default.
Integrated Login: Enables the integrated login feature for the entire system. This is set by the
administrator and cannot be overridden by the user.
Display Integrated Login Results: When this option is disabled, all login scripts are run
silently and the script results window is not displayed, but login scripts are still processed.
Delete Integrated Login Profiles: Removes the existing login profiles for all users on this
workstation.
Default Tree: Specify the default tree that Login attempts to log in to. This setting is
overridden by the Login Dialog Tree history.
Default Context: Specify the default context that Login attempts to log in to. This setting is
overridden by the Login Dialog Context history.
For more information on using the Novell Login dialog box, see “Logging In to the Network” in the
Novell Client 2.0 SP3 for Linux User Guide.
2.1.2 Configuring Map Settings
Use the Map Settings page in the Novell Client Configuration Wizard to specify the directory on the
local workstation where symbolic links to network resources are created and to select the first letter
to use when creating these links.
Configuring the Novell Client for Linux 15
Page 16
Figure 2-2 Map Settings Page
novdocx (en) 13 May 2009
This page contains the following options:
Map Link Default Location: Specify the path to the directory where Map creates symbolic
links to network resources. A value of %HOME (the default) causes Map to create symbolic
links in the user’s home directory.
First Network Drive: Select the first letter for Map to use when creating symbolic links to
network resources. This setting is used in commands such a
Map *1
or
Map next
.
2.1.3 Configuring Protocol Settings
Use the Protocol Settings page in the Novell Client Configuration Wizard to determine the level of
enhanced security support, select the providers to perform name resolution, and enable the Client to
obtain configuration information from your DHCP server.
16 Novell Client 2.0 SP3 for Linux Administration Guide
Page 17
Figure 2-3 Protocol Settings Page
novdocx (en) 13 May 2009
This page contains the following options:
Name Resolution Providers: Select the providers to perform name resolution. Domain Name
System also uses the
in the active NCP
TM
/etc/hosts
connections. Service Location Protocol queries SLP for eDirectoryTM and
file. NetWare® Core ProtocolTM uses information contained
Bindery names.
NCP Signature Level: Specify the level of enhanced security support. Enhanced security
includes the use of a message digest algorithm and a per connection/per request session state.
The values are as follows:
0=Disabled
1=Enabled but not preferred
2=Preferred
3=Required
Changing the value of this setting to 2 or 3 increases security but decreases performance.
Dynamic Host Configuration Protocol (DHCP): If a DHCP server is set up on your network,
the DHCP server can inform the Novell Client of network-specific configuration information.
This information is made available when a user clicks the Tree, Context, or Server buttons on
the eDirectory tab of the Novell Login dialog box.
If you make changes to the Protocol Settings page, you must reboot the workstation for those
changes to take effect.
Configuring the Novell Client for Linux 17
Page 18
2.1.4 Configuring Tray Application Settings
Use the Tray Application Settings page in the Novell Client Configuration Wizard to automatically
launch the Novell Client Tray Application when the desktop starts and to determine which options
are available to users on the Tray Application menu.
Figure 2-4 Tray Application Settings Page
novdocx (en) 13 May 2009
This page contains the following options:
Launch Tray Application: Select this option to automatically launch the Novell Client Tray
Application.
Tray Application Menu Options: Enables or disables the options available to users on the
Tray Application menu.
For more information, see “Using the Novell Client Tray Application” in the Novell Client 2.0 SP3
for Linux User Guide.
2.1.5 Configuring File Browser Settings
Use the File Browser Settings page in the Novell Client Configuration Wizard to specify which
Novell Client options are available to users when they right-click Novell file system directories or
files in a file manager, and which tabs are available on the Novell File, Folder, and Volume
Properties pages.
18 Novell Client 2.0 SP3 for Linux Administration Guide
Page 19
Figure 2-5 File Browser Settings Page
novdocx (en) 13 May 2009
This page contains the following options:
Navigation Panel Icon (KDE only): Enables or disables the File Browser Navigation Panel
icon. This icon is displayed only in KDE.
Novell Properties: Enables or disables the Novell Properties menu option when users right-
click a Novell file system directory or file in a file manager.
Purge Novell Files: Enables or disables the Purge Novell Files menu option when users right-
click a Novell file system directory or file in a file manager.
Salvage Novell Files: Enables or disables the Salvage Novell Files menu option when users
right-click a Novell file system directory or file in a file manager.
File and Folder Information: Enables or disables the File Information and Folder
Information tabs on the File and Folder Properties pages (available when users right-click a
Novell file system directory or file in a file manager and then click Novell Properties).
Novell Rights: Enables or disables the Novell Rights tab on the File and Folder Properties
pages (available when users right-click a Novell file system directory or file in a file manager
and then click Novell Properties).
Vol u me I n fo r mat i on : Enables or disables the Volume Information tab on the Volume
Properties page (available when users right-click a Novell file system volume in a file manager
and then click Novell Properties).
Volume Statistics: Enables or disables the Volume Statistics tab on the Volume Properties page
(available when users right-click a Novell file system volume in a file manager and then click
Novell Properties).
Configuring the Novell Client for Linux 19
Page 20
2.1.6 Configuring OpenSLP Settings
Use the Service Location Protocol (OpenSLP) Settings page in the Novell Client Configuration
Wizard to specify where and how the Client requests network services.
In an IP-only network, the Novell Client needs a way to resolve the eDirectory tree, context and
server names to an actual IP address of an eDirectory server that can provide authentication. On a
simple LAN, the client can send an IP broadcast to discover this information, but on a multisite
WAN, the SLP scope and Directory Agents must be listed.
Figure 2-6 Service Location Protocol (OpenSLP) Settings Page
novdocx (en) 13 May 2009
This page contains the following options:
Scope List: Specify the scopes that a user agent (UA) or service agent (SA) is allowed when
making requests or registering, or the scopes that a directory agent (DA) must support.
Directory Agent List: Specify the specific DAs that UA and SA agents must use. If this
setting is not used, dynamic DA discovery is used to determine which DAs to use.
Broadcast Only: Select this option to use broadcasting instead of multicasting. This setting is
not usually necessary because OpenSLP automatically uses broadcasting if multicasting is
unavailable.
SLP is designed to use IP multicasting; however, if any SLP Agent does not implement IP
multicasting, then all Agents must use broadcasting to reach that Agent. If a DA does not
support multicasting, we recommend using the Directory Agent List to configure that Directory
Agent rather than using this option.
If the network does not contain a DA, IP servers must use their own SAs to specify the services
that are available. If the SA does not support multicasting and if there are any services
advertised by that SA that are needed by the UA on this machine, then use the Broadcast Only
option.
20 Novell Client 2.0 SP3 for Linux Administration Guide
Page 21
Broadcasting has the disadvantage of being limited to the local LAN segment.
Maximum Results: Specify a 32-bit integer giving the maximum number of results to
accumulate and return for a synchronous request before the time-out, or the maximum number
of results to return through a callback if the request results are reported asynchronously.
If you make changes to the Service Location Protocol (OpenSLP) Settings page, you must reboot
the workstation for those changes to take effect.
For more information, see Section 3.4, “Using OpenSLP to Simplify Login,” on page 27, SLP
Fundamentals (http://www.novell.com/documentation/edir873/qsedir873/data/aksciti.html), and the
OpenSLP (http://www.openslp.org) Web s ite.
2.2 Configuration Files for Preconfiguring the
Novell Client
novdocx (en) 13 May 2009
These configuration settings can be done using
client
Conf File Path and Name Configuration Settings
/etc/opt/novell/ncl/file_browser.conf
/etc/opt/novell/ncl/login.conf
/etc/novell/ncl/map.conf
/etc/opt/novell/ncl/protocol.conf
/etc/opt/novell/ncl/tray_app.conf
/etc/slp.conf
.
yast2
. It is handled by the rpm
File browser settings
Login settings
Map settings
Protocol settings
Novell Client Tray Application settings
SLP configuration settings
yast2-novell-
2.3 Server Side Configuration for Sending
Messages from Client to Users and Groups
For server side configuration, you must ensure the following:
If user groups are created in a context other than the default context, then the context must be
mentioned in the NDS configuration file
For instance, if a user group is created in the context
/etc/opt/novell/eDirectory/conf/nds.conf
xyz
(organization for example) but the
.
Configuring the Novell Client for Linux 21
Page 22
novdocx (en) 13 May 2009
default context for the tree is
administrator must add the following line in the nds.conf file:
context=o=xyz
abc
, then to search for the groups from Novell client, the eDir
n4u.nds.bindery-
You must ensure that the nds daemon is restarted after the changes to the config file is
completed. To do this, issue the following command:
rcndsd restart
NOTE: You may specify upto 16 different contexts with n4u.nds.bindery-context. Each
context must be separated by ";". For example,
context=o=xyz;ou=eng,o=acme
When you send a message to a group using the
.
n4u.nds.bindery-
nwsend
command, you must specify only the
groupname and not the FQDN of the groupname. For example, if a group named mygroup is
created in context mycontext, then the mygroup groupname must be specified with the
command instead of mygroup.mycontext.
nwsend
22 Novell Client 2.0 SP3 for Linux Administration Guide
Page 23
3
Managing Login
You can customize the client login environment with the following tasks to suit your network and
have greater control over what users can access during login:
Section 3.1, “Setting Up Integrated Login,” on page 23
Section 3.2, “Setting Up Login Scripts,” on page 26
Section 3.3, “Setting Up Login Restrictions,” on page 26
Section 3.4, “Using OpenSLP to Simplify Login,” on page 27
For more information, see “Logging In to the Network” and “Logging Out of a Network Location
(Server or Tree)” in the Novell Client 2.0 SP3 for Linux User Guide.
3.1 Setting Up Integrated Login
The Novell® ClientTM 2.0 for Linux provides a single, synchronized login to the SUSE® Linux
desktop or server and your Novell network. Users enter a name and password only once to access all
the resources they are authorized to use.
novdocx (en) 13 May 2009
3
IMPORTANT: The integrated login feature is not available if you log in as the
integrated login feature does not work if a workstation is set up to not ask for a password in the
display manager greeter.
For integrated login to work, the Novell Common Authentication Services Adapter (CASA) must be
installed and enabled. CASA is a common authentication and security package that provides a set of
libraries for application and service developers to enable single sign-on to an enterprise network.
Consider the following scenarios before setting up integrated login:
If Integrated Login is selected in Novell Client Configuration Wizard in YaST (System-Wide
Integrated Login) but the login profile is not saved by a user locally, then integrated login fails
as there is no profile to load at the time of login.
If System-Wide Integrated Login is selected and login profile is saved locally by the user, then
integrated login works.
If System-Wide Integrated Login is not explicitly enabled in YaST but login profile is saved
locally by the user, then integrated login works because the default behavior is to start
integrated login.
If System-Wide Integrated Login is disabled explicitly in YaST, then integrated login fails in all
scenarios.
If Integrated Login is enabled as mentioned in the above scenarios, then it will work after a system
reboot as well as after a logout and a login.
root
user, and the
Section 3.1.1, “Installing and Enabling CASA,” on page 24
Section 3.1.2, “Configuring Integrated Login,” on page 24
Section 3.1.3, “Enabling and Disabling Integrated Login,” on page 25
Managing Login
23
Page 24
3.1.1 Installing and Enabling CASA
CASA is installed by default with SUSE Linux Enterprise Desktop 10 SP3, but it is not enabled.
Installing CASA
1 Launch the YaST Control Center.
GNOME: Click Computer > More Applications > System > YaST.
KDE: Click the menu button > System > YaST.
novdocx (en) 13 May 2009
2 If you are not logged in as
root
, type the
root
password, then click Continue.
3 Click Software in the left column, then click Software Management in the right column.
4 Click Search in the Filter drop-down list.
5 Type
6 Select the
casa
in the Search field, then click Search.
casa
packages for installation.
7 Click Accept to install all of the selected packages.
YaST displays the progress of the package installation.
8 (Conditional) If a message informs you that other package selections have been made to
resolve dependencies, click Continue.
9 (Conditional) If a message prompts you to insert a CD, put the CD in the CD drive, then click
OK.
10 After all the packages have been installed, click Close to close the YaST Control Center.
Enabling CASA
1 Launch the YaST Control Center.
GNOME: Click Computer > More Applications > System > YaST.
KDE: Click the menu button > System > YaST.
2 Click Security and Users in the left column, then click CASA in the right column.
3 Click Configure CASA, then click OK.
4 Click Finish to close the CASA Configuration Wizard.
3.1.2 Configuring Integrated Login
1 Use one of the following methods to open the Novell Login dialog box:
Click > Novell Login.
GNOME: Click Computer > More Applications > Novell Login.
KDE: Click the menu button > Novell Login.
2 Enter your username and password, then click Advanced.
3 Specify the tree, context, and server information for the server you want to connect to.
4 Click the Startup tab, then make sure Run Novell Client Login at Session Startup is selected (it
is selected by default).
24 Novell Client 2.0 SP3 for Linux Administration Guide
Page 25
5 Select Save profile after the successful login to save the Novell Login dialog settings to be used
for all subsequent session logins.
You must have the User Name and Password fields and the Tree and Context fields on the
eDirectory tab filled out for this to be saved.
novdocx (en) 13 May 2009
IMPORTANT: An integrated login does not happen at the next session startup without a saved
profile.
6 (Optional) Click Load Profile to populate all fields in the dialog based on the saved settings.
7 (Optional) Click Clear Profile to remove the profile settings.
8 Click OK to log in to the server specified in Step 3.
The next time you log in to your SUSE Linux workstation, you also automatically log into the
Novell server specified in Step 3.
3.1.3 Enabling and Disabling Integrated Login
1 Launch the Novell Client Configuration Wizard by using either of the following methods:
Click > System Settings.
In YaST, click Network Services > Novell Client.
2 Select Login, then click Start Wizard.
3 On the Login Settings page, select or deselect Integrated Login.
This enables or disables the integrated login feature for the entire system. This is set by the
administrator and cannot be overridden by the user.
4 Select Display Integrated Login Results to display the Integrated Login Script Results window
when the user desktop is launched.
If this option is disabled, all login scripts are run silently and the Integrated Login Script
Results window is not displayed, but login scripts are still processed.
Managing Login 25
Page 26
5 Select Delete Integrated Login Profiles if you want remove the existing login profiles for all
users on this workstation.
6 Click Finish.
3.2 Setting Up Login Scripts
When a user successfully logs in to the network, one or more login scripts are executed that
automatically set up the workstation environment. Login scripts are similar to batch files and are
executed by Novell Login. You can use login scripts to map drives to Novell file system volumes
and directories, display messages, set environment variables, and execute programs or menus.
Login scripts were originally created for use with the Novell Client for Windows. However, the
Novell Client for Linux can take advantage of the majority of the functionality available in
Windows. This means that the login scripts you created for Windows workstations can also be used
with Linux workstations without modification, so you need to administer only one set of login
scripts.
Because login scripts are very flexible and dynamic, offer a high degree of customization, and are
cross-platform, you should customize the scripts to optimize workstation login to your network. For
more information on setting up login scripts, see the Novell Login Scripts Guide.
novdocx (en) 13 May 2009
3.3 Setting Up Login Restrictions
Login restrictions are limitations on user accounts that control access to the network. These
restrictions can be set by an administrator in Novell iManager for each user’s eDirectory
object and include the following:
Requiring a password
You can specify its minimum length, whether it must be changed and how often, whether it
must be unique, and whether the user can change it.
Setting the number of logins with an expired password and the number of incorrect login
attempts allowed
When a user violates login restrictions by entering an incorrect password or exceeding the
number of logins with an expired password, the account is disabled and no one can log in using
that username. This prevents unauthorized users from logging in.
Setting account limits such as an account balance or expiration date
Limiting disk space for each user by specifying the maximum blocks available for each user on
a volume
Specifying the number of simultaneous connections a user can have
Specifying (by node address) which workstations users can log in on
Restricting the times when users can log in (you can assign all users the same hours or you can
restrict users individually)
TM
User
To manage user login restrictions:
1 Launch iManager by entering the following in the Address field of a network browser:
http://server_IP_address/iManager.html
2 Log in using your username and password.
26 Novell Client 2.0 SP3 for Linux Administration Guide
Page 27
You have access only to those features you have rights to. To have full access to all Novell
iManager features, you must log in as Supervisor/Administrator of the tree.
3 Make sure you are in the Roles and Tasks view by clicking on the top button bar, then select
Users > Modify User in the navigation panel on the left.
4 Type the name and context of the User object you want to modify, or use the search feature to
find it, then click OK.
5 Click the Restrictions tab (or drop-down list, depending on the browser you are using).
novdocx (en) 13 May 2009
The following options appear. They open pages that display various properties:
Password Restrictions
Login Restrictions
Time Restrictions
Address Restrictions
Account Balance
Intruder Lockout
6 Make your changes, then click Apply to preview or OK to save.
3.4 Using OpenSLP to Simplify Login
The service location protocol (SLP) was developed so that networking applications such as the
Novell Client for Linux could discover the existence, location, and configuration of networked
services in enterprise networks. Without SLP, users must supply the hostname or network address of
the service that they want to access.
Managing Login 27
Page 28
Because SLP makes the existence, location, and configuration of certain services known to all
clients in the local network, the Novell Client for Linux can use the information distributed to
simplify login. For the Novell Client, having SLP set up allows users to see the trees, contexts, and
servers available to them when they use the Novell Client for Linux Login screen. When they click
the Browse button, a list of available trees, contexts, or servers appears and they can select the
appropriate ones. For example, instead of remembering an IP address or DNS name for a server,
users can select the server’s name from a list of available servers.
SLP must be activated and set up on your Novell servers in order for the Novell Client to take
advantage of it. For more information, see “SLP Services in the Network” in the SUSE LINUX
Enterprise Server Installation and Administration Guide (http://www.novell.com/documentation/
sles10/sles_admin/data/cha_slp.html).
SLP is not set up by default on Linux workstations. The Novell Client for Linux includes a Novell
Client Configuration Wizard to simplify the process of configuring your SLP and other Novell
Client configuration options. The Novell Client Configuration Wizard provides only basic SLP
configuration because this is all that is required by the client. However, if other applications on your
workstation require more advanced settings, you can modify the
/etc/slp.conf
file to set
advanced settings.
novdocx (en) 13 May 2009
For more information on advanced SLP configuration, see the OpenSLP Web site (http://
www.openslp.org). In addition, the
documentation on SLP, including a
/usr/share/doc/packages/openslp
README.SuSE
file containing the SUSE® Linux details, several
directory contains
RFCs, and two introductory HTML documents (An Introduction to SLP and OpenSLP User’s
Guide). RFC 2609 details the syntax of the service URLs used and RFC 2610 details DHCP via SLP.
Section 3.4.1, “Setting Up SLP,” on page 28
Section 3.4.2, “Troubleshooting SLP Configuration,” on page 29
Section 3.4.3, “Configuring SLP and the SUSE Firewall to Work with the Novell Client for
Linux,” on page 29
3.4.1 Setting Up SLP
1 Launch the Novell Client Configuration Wizard by using either of the following methods:
Click > System Settings.
In YaST, click Network Services > Novell Client.
2 Select Service Location Protocol (OpenSLP), then click Start Wizard.
3 Specify the following SLP information for your network:
Scope List: Specify the scopes that a user agent (UA) or service agent (SA) is allowed
when making requests or registering, or the scopes that a directory agent (DA) must
support.
Directory Agent List: Specify the specific DAs that UA and SA agents must use. If this
setting is not used, dynamic DA discovery is used to determine which DAs to use.
Broadcast Only: Select this option to use broadcasting instead of multicasting. This
setting is not usually necessary because OpenSLP automatically uses broadcasting if
multicasting is unavailable.
28 Novell Client 2.0 SP3 for Linux Administration Guide
Page 29
SLP is designed to use IP multicasting; however, if any SLP Agent does not implement IP
multicasting, then all Agents must use broadcasting to reach that Agent. If a DA does not
support multicasting, we recommend using the Directory Agent List to configure that
Directory Agent rather than using this option.
If the network does not contain a DA, IP servers must use their own SAs to specify the
services that are available. If the SA does not support multicasting and if there are any
services advertised by that SA that are needed by the UA on this machine, then use the
Broadcast Only option.
Broadcasting has the disadvantage of being limited to the local LAN segment.
Maximum Results: Specify a 32-bit integer giving the maximum number of results to
accumulate and return for a synchronous request before the time-out, or the maximum
number of results to return through a callback if the request results are reported
asynchronously.
4 Complete the Novell Client Configuration Wizard.
5 Restart the workstation.
3.4.2 Troubleshooting SLP Configuration
novdocx (en) 13 May 2009
If users cannot see a list of available trees, contexts, and servers when they use the Novell Client for
Linux Login screen, use
After you start
agents using the following command:
slptool findsrvs service:service-agent
This should display a list of the hosts that are running
successfully installed and working. If you do not get a list, OpenSLP is not installed correctly or is
not working. See Section 3.4.1, “Setting Up SLP,” on page 28 for more information.
slpd
slptool
(located in
, located in
/usr/sbin
/usr/bin
), you should be able to issue a query for SLP service
, to troubleshoot your SLP configuration.
slpd
, which indicates that OpenSLP is
3.4.3 Configuring SLP and the SUSE Firewall to Work with the
Novell Client for Linux
In order for the Novell Services button in your file browser to work correctly, both SLP and the
SUSE firewall must be configured properly. If OpenSLP is not installed, the SLP protocol is
disabled, or your firewall settings are turned on (as they are by default in SUSE Linux Desktop 10
SP3), a warning message is displayed when you try to scan for or access Novell services.
Managing Login 29
Page 30
Figure 3-1 SLP/Firewall Message
Click Configure SLP to open the Novell Client Configuration Wizard. Follow the instructions in
Section 3.4.1, “Setting Up SLP,” on page 28 to configure SLP.
novdocx (en) 13 May 2009
Click Configure Firewall to open the Firewall Configuration Wizard in YaST. You can turn the
firewall off, or manually configure the firewall to let SLP packets in and out. If your LAN interface
is defined as External in the SUSE firewall configuration, you can try adding SLP Daemon Rules as
an allowed service, or you can try changing your LAN interface definition to Internal.
“Turning Off the SUSE Firewall” on page 30
“Manually Configuring the SUSE Firewall” on page 30
“Adding SLP Daemon Rules for External or DMZ Firewall Zones” on page 31
“Changing Your LAN Interface Definition to Internal” on page 31
Turning Off the SUSE Firewall
1 Launch the YaST Control Center.
GNOME: Click Computer > More Applications > System > YaST.
KDE: Click the menu button > System > YaST.
2 Click Security and Users in the left column, then click Firewall in the right column.
3 Click Stop Firewall Now, then click Next.
4 Click Accept to close the Firewall Configuration Wizard.
The next time you click the Novell Services button in your file browser, you should be able to
scan for or access Novell services.
Manually Configuring the SUSE Firewall
To allow iptables to accept incoming unicasts from the DAs in your network, the following needs to
be added to the firewall as the first rule (or before anything is denied).
1 Modify the
/etc/sysconfig/SuSEfirewall2
Change the following lines from
30 Novell Client 2.0 SP3 for Linux Administration Guide
file.
Page 31
#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""
to
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
#FW_CUSTOMRULES=""
2 Modify the
/etc/sysconfig/scripts/SuSEfirewall2-custom
file.
novdocx (en) 13 May 2009
fw_custom_before_denyall()
In
iptables -I INPUT 1 -j ACCEPT -p udp --sport 427
add the following:
That will make SLP lookups work properly.
Adding SLP Daemon Rules for External or DMZ Firewall Zones
1 Launch the YaST Control Center.
GNOME: Click Computer > More Applications > System > YaST.
KDE: Click the menu button > System > YaST.
2 Click Security and Users in the left column, then click Firewall in the right column.
3 Click Allowed Services in the left column to open the Firewall Configuration: Allowed
Services screen.
4 Select SLP Daemon from the Service to Allow drop-down menu, then click Add.
5 Click Next, then click Accept.
Changing Your LAN Interface Definition to Internal
1 Launch the YaST Control Center.
GNOME: Click Computer > More Applications > System > YaST.
KDE: Click the menu button > System > YaST.
2 Click Security and Users in the left column, then click Firewall in the right column.
3 Click Interfaces in the left column, double-click your LAN interface, then select Internal Zone
from the drop-down menu.
4 Click OK, then select Start-Up in the left panel.
5 Click Save Settings and Restart Firewall Now.
6 Click Next, then click Accept.
Managing Login 31
Page 32
novdocx (en) 13 May 2009
32 Novell Client 2.0 SP3 for Linux Administration Guide
Page 33
4
Managing File Security
Novell® Open Enterprise Server (OES) and NetWare® networks restrict access to network files and
folders based on user accounts. For example, a user connected to the network through the
Administrator account can delete or rename a file that other users can only open and edit.
The Novell file system keeps track of the rights that users have to files and directories on the
network. When users try to access any file on the network, Novell File Service (NFS) either grants
access or prohibits certain things that users can do with the file.
It is important to note that Linux file rights do not correlate with NFS file rights. When you copy a
file from a Linux workstation to a Novell server, the only right that is preserved is the Read-Only
attribute. This also occurs if you copy files from one server to another by using any method other
NCOPY
than
For more information on the specific rights on NetWare and OES servers, see “File Services” (http:/
/www.novell.com/documentation/oes/implgde/data/filesvcs.html) in the Novell OES Planning and
Implementation Guide.
at the command terminal.
novdocx (en) 13 May 2009
4
For additional information on file system attributes, see the File Systems Management Guide for
OES (http://www.novell.com/documentation/oes/stor_filesys/data/hn0r5fzo.html).
Rights are granted and revoked by creating trustee assignments. For more information, see
Section 4.2, “Changing Trustee Rights,” on page 35.
This section explains the following:
Section 4.1, “Checking File or Folder Rights,” on page 33
Section 4.2, “Changing Trustee Rights,” on page 35
Section 4.3, “Adding a Trustee,” on page 35
Section 4.4, “Removing a Trustee,” on page 36
Section 4.5, “Combining Multiple Trustees,” on page 36
4.1 Checking File or Folder Rights
1 In a file manager, right-click a Novell file system directory or file.
2 Do one of the following:
GNOME: Click Novell Properties.
KDE: Click Actions > Novell Properties.
3 Click the Novell Rights tab.
Managing File Security
33
Page 34
novdocx (en) 13 May 2009
4 View the information.
The Tru stees list shows the users or groups that have been granted rights to work with this file
or folder. The trustees rights to the folder also apply to all the files and subfolders it contains
unless the rights are explicitly redefined at the file or subfolder level.
The rights that each trustee has are shown by check marks under the letters. If you are viewing
the properties of multiple files, the trustees and rights shown are the combined trustees and
rights for all the files.
Effective Rights displays your rights for this file or folder. Users can receive rights in a number
of ways, such as explicit trustee assignments, inheritance, and security equivalence (see
eDirectory Rights Concepts (http://www.novell.com/documentation/edir88/edir88/data/
fbachifb.html) in the Novell eDirectory 8.8 Administration Guide for more information). Rights
can also be limited by Inherited Rights Filters and changed or revoked by lower trustee
assignments. The net result of all these actions—the rights a user can employ—are called
effective rights.
5 To view a list of rights and filters inherited by this file or directory, click Inherited Rights and
filters.
All rights assignments on directories are inheritable. You can block such inheritance on
individual subordinate items so that the rights aren’t effective on those items, no matter who the
trustee is. One exception is that the Supervisor right can’t be blocked.
6 Click OK.
34 Novell Client 2.0 SP3 for Linux Administration Guide
Page 35
4.2 Changing Trustee Rights
The assignment of rights involves a trustee and a target object. The trustee represents the user or set
of users that are receiving the authority. The target represents those network resources the users have
authority over. You must have the Access Control right to change trustee assignments.
1 In a file manager, right-click a Novell file system directory or file.
2 Do one of the following:
GNOME: Click Novell Properties.
KDE: Click Actions > Novell Properties.
3 Click the Novell Rights tabbed page.
4 In the Trustees list, select the trustee whose rights you want to change.
5 Select or deselect the rights you want to assign for this trustee.
For each trustee in the list, there is a set of eight check boxes, one for each right that can be
assigned. If a check box is selected, the trustee has that right. The following rights can be set
for each trustee:
novdocx (en) 13 May 2009
Read: For a directory, grants the right to open files in the directory and read the contents
or run the programs. For a file, grants the right to open and read the file.
Write: For a directory, grants the right to open and change the contents of files in the
directory. For a file, grants the right to open and write to the file.
Erase: Grants the right to delete the directory or file.
Create: For a directory, grants the right to create new files and directories in the directory.
For a file, grants the right to create a file and to salvage a file after it has been deleted.
Modify: Grants the right to change the attributes or name of the directory or file, but does
not grant the right to change its contents (changing the contents requires the Write right).
File Scan: Grants the right to view directory and file names in the file system structure,
including the directory structure from that file to the root directory.
Access Control: Grants the right to add and remove trustees for directories and files and
modify their trustee assignments and Inherited Rights Filters.
Supervisor: Grants all rights to the directory or file and any subordinate items. The
Supervisor right can’t be blocked by an Inherited Rights Filter. Users with this right can
grant or deny other users rights to the directory or file.
6 Click OK.
Trustee assignments override inherited rights. To change an Inherited Rights Filter, click Inherited
Rights and filters.
4.3 Adding a Trustee
When you add a trustee to a Novell file system directory or file, you grant a user (the trustee) rights
to that directory or file.You must have the Access Control right to add a trustee.
1 In a file manager, right-click the Novell file or directory that you want to add a trustee to.
2 Do one of the following:
GNOME: Click Novell Properties.
Managing File Security 35
Page 36
KDE: Click Actions > Novell Properties.
3 Click the Novell Rights tab.
4 In the tree diagram, locate the eDirectoryTM user object that you want to add as a trustee, then
click Add.
5 Set the rights for this user by selecting the boxes under the letters on the right of the Trustees
list.
The following rights can be set for each trustee:
Read: For a directory, grants the right to open files in the directory and read the contents
or run the programs. For a file, grants the right to open and read the file.
Write: For a directory, grants the right to open and change the contents of files in the
directory. For a file, grants the right to open and write to the file.
Erase: Grants the right to delete the directory or file.
Create: For a directory, grants the right to create new files and directories in the directory.
For a file, grants the right to create a file and to salvage a file after it has been deleted.
Modify: Grants the right to change the attributes or name of the directory or file, but does
not grant the right to change its contents (changing the contents requires the Write right).
File Scan: Grants the right to view directory and file names in the file system structure,
including the directory structure from that file to the root directory.
novdocx (en) 13 May 2009
Access Control: Grants the right to add and remove trustees for directories and files and
modify their trustee assignments and Inherited Rights Filters.
Supervisor: Grants all rights to the directory or file and any subordinate items. The
Supervisor right can’t be blocked by an Inherited Rights Filter. Users with this right can
grant or deny other users rights to the directory or file.
6 Click OK.
4.4 Removing a Trustee
When you remove a trustee of a Novell file system directory or file, you delete a user’s rights to that
directory or file. You must have the Access Control right to remove a trustee.
1 In a file manager, right-click the Novell file or directory whose trustee you want to remove.
2 Do one of the following:
GNOME: Click Novell Properties.
KDE: Click Actions > Novell Properties.
3 Click the Novell Rights tab.
4 In the Trustees list, select the trustee you want to remove.
5 Click Remove, then click OK.
4.5 Combining Multiple Trustees
As an administrator, you might need to apply the same trustee assignments to a group of selected
files. You can combine trustee assignments by selecting the Combine multiple Trustees option on the
Novell Rights page.
36 Novell Client 2.0 SP3 for Linux Administration Guide
Page 37
For example, Kim is a trustee of FILEA and FILEB. Kim has Read, File Scan, and Access Control
rights for FILEA and Read and File Scan rights for FILEB. Nancy has Read and File Scan rights for
FILEA.
If you give a new user named Michael the Read, Write, and File Scan rights for both FILEA and
FILEB and, at the same time, you want to give similar trustee rights to Kim and Nancy, you would
select Combine Multiple Trustees. The following would then be true:
Kim has Read and File Scan rights to both FILEA and FILEB. Her Access Control right is lost
because the combined rights are based on the rights given to Michael.
Nancy has Read and File Scan rights to both FILEA and FILEB. She has gained Read and File
Scan rights to FILEB because the combined rights are based on the rights given to Michael.
Michael has Read, Write, and File Scan rights to both FILEA and FILEB.
To combine multiple trustees:
1 In a file manager, select all the Novell files or directories that you want to combine rights for.
2 Right-click the files or directories, then select one of the following:
GNOME: Click Novell Properties.
KDE: Click Actions > Novell Properties.
novdocx (en) 13 May 2009
3 Click the Novell Rights tab.
4 Click Combine multiple Trustees, then click OK.
Managing File Security 37
Page 38
novdocx (en) 13 May 2009
38 Novell Client 2.0 SP3 for Linux Administration Guide
Page 39
5
Security Considerations
This section contains the following topics:.
Section 5.1, “Security Features,” on page 39
Section 5.2, “Known Security Threats,” on page 40
Section 5.3, “Security Characteristics,” on page 40
Section 5.4, “New and Modified Files,” on page 41
Section 5.5, “Other Security Considerations,” on page 44
5.1 Security Features
The following table contains a summary of the Novell® ClientTM for Linux security features:
Table 5-1 Novell Client for Linux Security Features
novdocx (en) 13 May 2009
5
Feature Yes/No Details
Users are authenticated Yes GUI and command line login utilities support
authentication of NCPTM and LDAP
connections via user authentication into
eDirectory
supported via RSA and LDAP authentication
is supported via SSL and Simple Bind
protocol.
Servers, devices, and/or services are
authenticated
Access to information is controlled Yes The product’s Virtual File System (VFS)
Roles are used to control access No No explicit use of roles is included in this
Logging and/or security auditing is done No Security logging and auditing features are not
Yes Connections to servers are authenticated via
user-supplied credentials. No device
authentication is supported directly by the
Client.
component (located in Linux Kernel space) is
the gatekeeper for enforcement of access
controls to Novell file systems.
product. eDirectory alias objects can be
created, but this is not considered true rolebased access and is not specifically supported
or administered through this product.
supplied by nor supported by this product.
TM
. NCP protocol authentication is
Data on the wire is encrypted by default No No wire encryption is supplied by this product.
Data stored is encrypted No This product does not provide long-term
storage of data.
Security Considerations
39
Page 40
Feature Yes/No Details
novdocx (en) 13 May 2009
Passwords, keys, and any other
authentication materials are stored
encrypted
Security is on by default Yes There are no configuration options to enable
FIPS 140-2 compliant No This product currently uses the ATB
Yes Passwords and other authentication materials
in temporary storage are encrypted to prevent
in-memory scanners.
or disable with the exception of packet
signing. Packet signing is enabled by default.
(authentication toolbox) instead of the Novell
NICI product. Therefore, this product is not
FIPS 140-2 compliant because ATB itself is
not FIPS-compliant.
5.2 Known Security Threats
The following section provides a list of known security threats for the Novell Client for Linux, an
indication of how difficult it would be to exploit the threat, and what the consequences would be for
a customer.
Table 5-2 Known Security Threats
Description Consequence Likelihood Difficulty
Repetitive password cracking
attempts
Intruder detection lockout Low Hard
“Stale” passwords Password expiration, grace login
enforcement
Attempted access out-of-hours or
from unauthorized locations
Port scanners Unsuccessful pass of Nessus* scans;
Man-in-the-middle attacks NCP request sequencing, packet signing Low Hard
Wire frame examination and
manipulation
Memory scanning for sensitive
data
Date/Time and Location restrictions at login Medium Easy
possible port hijacking
Same protections as with other Novell
products utilizing NCP and RSA-based
authentication
All buffers containing sensitive data
(passwords) are short-term in nature and
are zeroed and/or freed immediately after
use.
High Hard
Medium Possible
Low Hard
Low Hard
5.3 Security Characteristics
Section 5.3.1, “Identification and Authentication,” on page 41
Section 5.3.2, “Authorization and Access Control,” on page 41
Section 5.3.3, “Roles,” on page 41
Section 5.3.4, “Security Auditing,” on page 41
40 Novell Client 2.0 SP3 for Linux Administration Guide
Page 41
5.3.1 Identification and Authentication
This product uses XTier to authenticate users via user identity information stored in eDirectory and
resource authorization and access control provided by eDirectory. The product takes a user name
and password supplied directly by the user and transfers that information to XTier for use within its
supported authentication mechanisms (via XTier’s plug-in authentication module architecture). If
configured to do so, this product authenticates (using PAM NAM (Linux User Management)) to
eDirectory through SSL and LDAP Simple Bind Protocol.
This product does not itself authenticate to another product, system or service. No portion of this
product authenticates to another.
5.3.2 Authorization and Access Control
This product allows the protections supplied by eDirectory for access control to be fully realized for
those resources that are contained within eDirectory. Access to resources is protected based on user
identity (as stored within eDirectory). The VFS, daemon, and XTier work together to compare
ACLs for a given file system path or object retrieved from eDirectory to the identity and session
scope established for the identity that owns a given connection.
novdocx (en) 13 May 2009
The VFS acts as a proxy to the local file system (via redirection of its local mount point) to make
such decisions for network-based file system paths or objects.
5.3.3 Roles
This product does not define or manage roles. It simply makes use of roles that have already been
defined elsewhere and treats role access privileges in the same way as any user identity.
root
Because the product has a VFS module running in the kernel, it does not require
users to create mount points (as do NCPFS and other similar open source offerings to date). The
product does not require use of SETUID for any of its operations.
access for
5.3.4 Security Auditing
No security auditing is performed by this product.
5.4 New and Modified Files
The following sections describe the files that are added or modified during the installation of the
Novell Client for Linux.
Section 5.4.1, “Configuration Files,” on page 42
Section 5.4.2, “PAM Login Files,” on page 42
Section 5.4.3, “User Profile Startup Files,” on page 43
Section 5.4.4, “KDE and GNOME Desktop Startup Files,” on page 43
Section 5.4.5, “Installation Files,” on page 43
Security Considerations 41
Page 42
5.4.1 Configuration Files
Table 5-3 New and Modified Configuration Files
File New Modified Description
novdocx (en) 13 May 2009
$HOME/.novell/ncl/
StartupLogin.conf
$HOME/.novell/ncl/
MapDrives.con
/etc/opt/novell/ncl/
login.conf
f
X Local user autologin configuration file. All fields in the
Novell Login dialog box (except the password) are
stored in this file.
This user configuration file specifies the drive mapping
to run at startup. Integrated login is not required, but
credentials must be saved or the login dialog box is
displayed to get the password at desktop startup.
Optional global configuration file that overrides
defaults. This file is modified only by the
normally with YaST through the Novell Client
Configuration Wizard for the login page (click the
Novell Tray icon, select System Settings, and start the
Login wizard).
5.4.2 PAM Login Files
Table 5-4 New and Modified PAM Login Files
File New Modified Description
/lib/security/
pam_ncl_autologin.so
X This file queries CASA credentials, verifies if
autologin is allowed, verifies the user with
credentials, then authenticates. This file is used
in the context of integrated login.
root
user,
/etc/pam.d/xdm
/etc/pam.d/gdm
/etc/pam.d/kdm
/etc/pam.d/sshd
X PAM configuration file for the X Display Manager
X PAM configuration file for the GNOME* Display
X PAM configuration file for the KDE Display
X PAM configuration file for SSH login.
A “required” authentication module is added for each of the above GUI logins. The added text is
auth required pam_ncl_autologin.so
(if it exists).
Authentication is not added for the two console login authentication files,
/etc/pam.d/sshd
IMPORTANT: For the
. This modification is done at install time and is removed at uninstall time.
root
user, no tree authentication is performed, no automatic login scripts
are run, and no drives are mapped. Therefore, the
SUCCESSFUL, having done nothing for the
42 Novell Client 2.0 SP3 for Linux Administration Guide
login.
Manager login.
Manager login.
, which is added after the
pam_ncl_autologin.so
root
user.
pam_micasa.so
/etc/pam.d/login
module
module always returns
and
Page 43
5.4.3 User Profile Startup Files
Table 5-5 New and Modified User Profile Startup Files
File New Modified Description
novdocx (en) 13 May 2009
/etc/profile.d/novell-nclautologin.sh
X If integrated login is enabled, then this shell script
copies the
ncl_autologin.desktop
$HOME/.config/autostart
/opt/novell/ncl/bin/
ncl_autologin.desktop
This desktop file is copied to
autostart
directory to enable integrated login.
5.4.4 KDE and GNOME Desktop Startup Files
Table 5-6 New or Modified Desktop Startup Files
File New Modified Description
$HOME/.config/autostart/
ncl_autologin.desktop
/opt/novell/ncl/bin/
ncl_autologin
/opt/novell/ncl/bin/
nwlogin
/opt/novell/ncl/bin/
gnwlogin
X Common Startup file for ncl_autologin.
X Validates and runs
This existing file silently authenticates and
processes scripts.
X GUI for authentication, processing scripts, and
saving settings. This file adds a new tab (called
Startup) to the Novell Login dialog box, which
allows users to save their current login settings
for use during the next system startup to
automatically log in the user.
nwlogin
file to
directory.
$HOME/.config/
or
gnwlogin
.
When the user clicks Clear Profile on the Startup
tab, the
$HOME/.novell/ncl/
StartupLogin.conf
When the user clicks Save Current Profile, the
settings are used to authenticate the user (but not
run login scripts). If authentication is successful
(CASA stores those credentials), the current
settings are written to
5.4.5 Installation Files
Table 5-7 New Installation Files
File New Modified Description
/opt/novell/ncl/bin/
delete_login_profiles
X Run from YaST to purge all profiles.
file is deleted.
StartupLogin.conf
Security Considerations 43
.
Page 44
File New Modified Description
novdocx (en) 13 May 2009
/opt/novell/ncl/bin/
login_cfg_pam
/opt/novell/ncl/bin/
login_ucfg_pam
X Inserts
X Removes
pam_ncl_autologin
pam_ncl_autologin
5.5 Other Security Considerations
If
root
is compromised, all network access could also be compromised. For example, if a malicious
root
entity gets
with those credentials.
access, it might be able to steal user credentials and authenticate to the network
into PAM file.
from PAM file.
44 Novell Client 2.0 SP3 for Linux Administration Guide
Page 45
6
Troubleshooting Tips
This section describes some issues you might experience with Novell Client and provides
suggestions for resolving or avoiding them.
6.1 Novell Client tray sometimes displays an
error message on logging in to a desktop on
which LUM is configured.
After the user logs in to the desktop on which Linux User Management (LUM) is configured, Novell
Client tray might sometimes display the following error message:
The novfs kernel loadable module is not installed correctly
This occurs because namcd fails to start in the machine. Novell Client requires services such as
novell-xregd and namcd when they are configured. namcd fails to start because of one or more of
the following reasons:
novdocx (en) 13 May 2009
6
Cause: The remote LDAP server to which LUM is configured against is not responding.
Symptom: The following error is displayed in
ldap_initconn: LDAP bind failed (error = [81]), trying to connect to
alternative LDAP server
Solution: Ensure that the LDAP Server LUM is configured against is available and restart
namcd.
Cause: namcd is attempted to start before Network Manager is started.
Symptom: The following error messages are displayed in
network: If service network should wait until connection is established
network: then set /etc/sysconfig/network/config:NM_ONLINE_TIMEOUT
Solution: Setting an appropriate value for the variable
sysconfig/network/config
Network Manager to come up at least for the specified timeout duration. A suggested duration
is 20, which indicates a timeout of 20 seconds.
NOTE: Alternatively, namcd can be configured to start from the local cache itself. This will allow
the desktop to startup without the error even when network is not available. To do this, run the
following command:
namconfig cache-only=yes
will ensure that all other dependent services will wait for the
/var/log/messages
/var/log/messages:
NM_ONLINE_TIMEOUT
:
in the file
/etc/
After any of the above mentioned solutions is implemented, restart the following services:
1. Restart namcd by running the following command:
rcnamcd restart
2. Restart novell-xregd as root by running the following command:
Troubleshooting Tips
45
Page 46
rcnovell-xregd restart
3. Restart novfsd as root by running the following command:
rcnovfsd restart
4. Manually launch Novell Client tray application by running the command
bin/ncl_tray
either on the command line of a terminal window or in Run Application utility
that can be launched by pressing Alt-F2.
If any of these commands display any errors, restart the Linux* machine.
novdocx (en) 13 May 2009
/opt/novell/ncl/
46 Novell Client 2.0 SP3 for Linux Administration Guide
Page 47
A
The Novell Client for Linux
novdocx (en) 13 May 2009
Command Line Utilities
The Novell® ClientTM for Linux provides a set of command line utilities that let you start and stop
the Novell Client daemon, install and uninstall the Novell Client for Linux, load the Novell Client
for Linux tray application, list active connections for the currently logged-in user, copy files and
directories to and from Novell file systems, display or modify the attributes of files and directories
on Novell file systems, log a user in to or out of a Novell file server or eDirectory
file system to a remote file system on a Novell file server, and display or modify a user’s trustee
assignments or inherited rights filter for volumes, directories, or files.
The utilities are located in the
Section A.1, “Shell Commands,” on page 47
Section A.2, “GUI Utilities,” on page 48
/opt/novell/ncl/bin
directory, and include the following:
A.1 Shell Commands
Table A-1 The Novell Client for Linux Shell Commands
Utility Description Syntax
TM
tree, map a local
A
ncl_tray
nwconnections
nwcopy
nwflag
nwlogin
nwlogout
Loads the Novell Client for
Linux tray application and
allows customization of the
tray interface.
Lists active connections for the
currently logged-in user.
Copies files and directories to
and from Novell file systems.
Displays or modifies the
attributes of files and
directories on Novell file
systems.
Logs a user in to a Novell file
server or an eDirectory tree.
Logs the user out of a Novell
or eDirectory tree.
ncl_tray [--waitfortray <integer>] [-
-author] [--] [-v] [-h]
nwconnections [--] [-v] [-h]
nwcopy flags -p source_path -t
target_path
nwflag {-a|-n} {-w|-e eDir object|+|-
attr modifier} [-s] [-d|-f] [--] [-v]
[-h] URI1 {URI2} {URI3} ...
nwlogin [-u string] [-p string] [-t
string] [-c string] [-s string] [-r] [L path] [-P path] [-2 string] [-3
string] [-4 string] [-5 string] [--] [v] [-h]
nwlogout {-s string|-t string} [-f] [-] [-v] [-h]
The Novell Client for Linux Command Line Utilities
47
Page 48
Utility Description Syntax
novdocx (en) 13 May 2009
map
nwrights
Creates a mapping (mount)
from a local file system to a
remote file system on a Novell
file server.
Displays or modifies a user’s
trustee assignments or
inherited rights filter for
volumes, directories, or files.
A.2 GUI Utilities
Table A-2 The Novell Client for Linux GUI Utilities
Utility Description
gnwconnections
gnwlogin
Displays the Novell Connections dialog box, which lets you see what servers and
trees you are logged in to, refresh connections, set a specific tree as your
primary connection, or log out of a tree or server.
Displays the Novell Login dialog box. For more information on using this dialog
box, see “Logging In to the Network” in the Novell Client 2.0 SP3 for Linux User
Guide.
map -d drive -s server -v volume -f
filespec
or
map options | parameters drive:=path |
local_path:=remote_path
nwrights flags -r +|-rights_list -o
user_or_group_object -p network_path
gnwpurge
gnwsalvage
GUI utility to purge salvaged files.
GUI utility to salvage deleted files.
A.3 Using the Novell Client for Linux Man Pages
Each of the utilities has a man page associated with it that contains information on the utility, such as
a definition, usage, and samples. There is a known bug related to the MANPATH environment
variable on both SUSE
provided for convenience until the manpath bug is resolved. You should use the
(instead of the traditional
following in a terminal the first time you want to view a Novell Client for Linux man page:
/opt/novell/ncl/bin/ncl_man
This modifies the MANPATH to allow the Novell Client man pages to be displayed.You can then
access the man page for a specific Novell Client for Linux utility by entering the following:
ncl_man utility_name
For example:
ncl_man ncl_tray
In the man pages, use the PgUp and PgDn keys to move up and down. Use the Home and End keys
to move between the beginning and the end of a document. To exit a man page, press q. You can
learn more about the
®
Linux Enterprise Desktop and SUSE Linux. The
man
command) to view NCL-related man pages. To do this, enter the
man
command by entering
man man
in a terminal window.
ncl_man
ncl_man
utility has been
command
48 Novell Client 2.0 SP3 for Linux Administration Guide
Page 49
novdocx (en) 13 May 2009
You can also enter
utility_name --help
in a terminal window to access a help page for the
utility.
For more information, see Appendix B, “Novell Client for Linux Man Pages,” on page 51.
The Novell Client for Linux Command Line Utilities 49
Page 50
novdocx (en) 13 May 2009
50 Novell Client 2.0 SP3 for Linux Administration Guide
Page 51
B
Novell Client for Linux Man Pages
“gnwlogin(1)” on page 52
“login.conf(4)” on page 55
“mapdrives.conf(4)” on page 57
“ncl_install(8)” on page 59
“ncl_man(1)” on page 61
“ncl_tray(1)” on page 62
“nwconnections(1)” on page 63
“nwcopy(1)” on page 64
“nwflag(1)” on page 66
“nwlogin(1)” on page 69
“nwlogout(1)” on page 72
novdocx (en) 13 May 2009
B
“nwmap(1)” on page 74
“nwpurge(1)” on page 76
“nwrights(1)” on page 78
“nwsalvage(1)” on page 80
“nwsend(1)” on page 82
“StartupLogin.conf(4)” on page 83
“StartupMaps.conf(4)” on page 86
Novell Client for Linux Man Pages
51
Page 52
gnwlogin(1)
Name
novdocx (en) 13 May 2009
gnwlogin
- Logs a user in to a Novell file server or an eDirectory tree.
Syntax
gnwlogin [--author] [-x] [--auto] [--passenv] [-D] [-d] [-A] [-a] [-R][-r] [-L
<loginscript>] [-P <profilescript>] [-5 <value>] [-4 <value>] [-3 <value>] [-2
<value>] [--clearconn] [-c <context>] [-u <name>] [-s <server>] [-t <tree>] [-
-] [-v][-h]
Description
The gnwlogin utility allows a user to log in to a Novell file server or eDirectory tree. Running the
gnwlogin command launches the Novell Login dialog box. You can add variables and strings to run
additional scripts and modify variables.
You must specify the username, password, tree, context, and server.
Options
-c <context>, --context <context>
Specifies the context that the user is logging in to. This value is required.
-u <name>, --user <name>
Specifies the user's eDirectory username. This value is required.
-s <server>, --server <server>
Specifies the server that the user is logging in to. This value is required.
-t <tree>, --tree <tree>
Specifies the tree that the user is logging in to. This value is required.
--author
Show author information.
-x, --anotherapp
Running from another application indicator.
--auto
Automatically log in. You can use this option along with the --passenv option to keep the
Novell Login dialog box from pausing on the password prompt.
--passenv
Specifies the password via the NWPassword environment variable. You can set NWPassword
to be the password that you want login to use (when you pass it using -passenv) instead of
specifying the password on the command line.
52 Novell Client 2.0 SP3 for Linux Administration Guide
Page 53
For example:
export NWPassword=novell
gnwlogin -t mytree -c mycontext -u admin --auto --passenv
-D, --displayoff
Turns the display results window off.
-d, --displayon
Turns the display results window on.
-A, --closeoff
Close automatically off.
-a, --closeon
Close automatically on.
-R, --runoff
Any scripts associated with the specified username are not run.
novdocx (en) 13 May 2009
-r, --runon
Runs any scripts associated with the specified username.
-L <loginscript>, --loginscript <loginscript>
Runs the specified login scripts during login.
-P <profilescript>, --profilescript <profilescript>
Runs the specified Profile login scripts during login.
-5 <value>, --var5 <value>
Allows an additional parameter to be entered that the login utility passes to the login script.
There are four %n variables that can be specified during login (2, 3, 4, and 5). The utility then
substitutes these parameters for the %n variables in the login script.
The variables are replaced in the order specified, by selecting -2, -3, -4, or -5.
-4 <value>, --var4 <value>
Allows an additional parameter to be entered that the login utility passes to the login script.
There are four %n variables that can be specified during login (2, 3, 4, and 5). The utility then
substitutes these parameters for the %n variables in the login script.
The variables are replaced in the order specified, by selecting -2, -3, -4, or -5.
-3 <value>, --var3 <value>
Allows an additional parameter to be entered that the login utility passes to the login script.
There are four %n variables that can be specified during login (2, 3, 4, and 5). The utility then
substitutes these parameters for the %n variables in the login script.
The variables are replaced in the order specified, by selecting -2, -3, -4, or -5.
-2 <value>, --var2 <value>
Allows an additional parameter to be entered that the login utility passes to the login script.
Novell Client for Linux Man Pages 53
Page 54
There are four %n variables that can be specified during login (2, 3, 4, and 5). The utility then
substitutes these parameters for the %n variables in the login script.
The variables are replaced in the order specified, by selecting -2, -3, -4, or -5.
--clearconn
Clears existing server connections before logging in to the current server.
--, --ignore_rest
Ignores the rest of the labeled arguments following this flag.
-v, --version
Displays version information and exits.
--h, --help
Display usage information and exits.
Authors
novdocx (en) 13 May 2009
Copyright 2007-2009, Novell, Inc. All rights reserved. http://www.novell.com
See Also
nwlogin(1)
To report problems with this software or its documentation, visit http://bugzilla.novell.com
54 Novell Client 2.0 SP3 for Linux Administration Guide
Page 55
login.conf(4)
Name
novdocx (en) 13 May 2009
login.conf
- Novell Client for Linux system-wide configuration file.
Files
/etc/opt/novell/ncl/login.conf
Description
This file can be modified only by the
Configuration Wizard for the login page (click the Novell Tray icon, select System Settings, and start
the Login Wizard).
root
user, normally with YaST through the Novell Client
Usage
Each entry occupies a single line in the file. Lines that are blank, or that start with a pound sign (#),
are ignored.
Advanced_Button=[true or false]
Enables or disables the Advanced button on the Login dialog box.
Allow_Integrated_Login=[true or false]
Globally enables or disables automatic login for the workstation.
Allow_Integrated_LoginGUI=[true or false]
If authentication fails, calls gnwlogin so the user can reenter his or her password.
Clear_Username=[true or false]
Clears the previous username from the User Name field in the Login dialog box.
Debug_Level=[0-9]
Turns on syslog logging of warnings and debug for both the PAM authentication, login, and
root
mapping (no interface, must be edited by the
debug.
Default Context=<context>
Specify a default context to appear in the Context field on the eDirectory tab of the Login
dialog box.
Default_Tree=<tree>
Specify a default tree name to appear in the Tree field on the eDirectory tab of the Login dialog
box.
user). 0=(default) no debug, 9= highest
Examples
A sample
login.conf
file is given below:
Novell Client for Linux Man Pages 55
Page 56
Clear_Username=true
Allow_Integrated_Login=false
Default_Tree=mycompany
Default_Context=marketing
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
novdocx (en) 13 May 2009
56 Novell Client 2.0 SP3 for Linux Administration Guide
Page 57
mapdrives.conf(4)
Name
novdocx (en) 13 May 2009
mapdrives.conf
- Novell Client for Linux user configuration file.
Files
$HOME/.novell/ncl/MapDrives.conf
Description
Allows you to specify drive mappings to run at startup. Integrated Login is not required, but
credentials must be saved or the login dialog box appears to get the password at desktop startup.
Usage
Each entry occupies a single line in the file. Lines that are blank, or that start with a pound sign (#),
are ignored.
[/home/steve/Desktop/Q]
Location and name of drive link.
UserName=<username>
Tree= <name of tree>
Context=<context>
Append to UserName for a Fully Distinguished Name.
[/home/steve/Desktop/next_drive]
Examples
A sample MapDrives.conf file is given below:
n4u.base.tree-name=EXAMPLE-TREE
n4u.base.dclient.use-udp=0
n4u.base.slp.max-wait=30
n4u.nds.advertise-life-time=3600
n4u.nds.dibdir=/var/nds/dib
n4u.nds.server-name=SAMPLE-SERV
n4u.nds.server-context=O=sample
Novell Client for Linux Man Pages 57
Page 58
n4u.nds.external-reference-life-span=192
n4u.nds.inactivity-synchronization-interval=60
n4u.nds.synchronization-restrictions=off
n4u.nds.janitor-interval=2
n4u.nds.backlink-interval=7
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
novdocx (en) 13 May 2009
58 Novell Client 2.0 SP3 for Linux Administration Guide
Page 59
ncl_install(8)
Name
novdocx (en) 13 May 2009
ncl_install
- Install, uninstall, or verify the installation of Novell Client for Linux components.
Syntax
ncl_install [ install | upgrade | uninstall | verify | information | files ] [
force ]
Description
Allows you to install, upgrade, and uninstall the Novell Client for Linux packages. You can also run
it to verify the installation of the files.
root
You must be logged in as
to run this utility.
Options
install
Installs all Novell Client for Linux packages.
install force
Forces the installation of all Novell Client for Linux packages.
upgrade
Upgrades all Novell Client for Linux packages.
upgrade force
Forces the upgrade of all Novell Client for Linux packages.
uninstall
Uninstalls all Novell Client for Linux packages.
information
Displays the package information for all installed Novell Client for Linux packages.
files
Displays a list of all files related to the packages installed with Novell Client for Linux.
verify
Verifies installation of all installed Novell Client for Linux packages.
help
Displays help for ncl_install.
Novell Client for Linux Man Pages 59
Page 60
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
novdocx (en) 13 May 2009
60 Novell Client 2.0 SP3 for Linux Administration Guide
Page 61
ncl_man(1)
Name
novdocx (en) 13 May 2009
ncl_man
- Displays the Novell Client for Linux man pages.
Syntax
ncl_man <Novell Client man page name>
Description
The ncl_man utility modifies the MANPATH to allow the Novell Client man pages to be displayed.
If you enter
No manual entry for <Novell Client man page name>.
Entering
MANPATH and launches man, which displays the specified man page.
man <Novell Client man page name>
ncl_man <Novell Client man page name>
, the following error is displayed:
adds the Novell Client man path to the
Usage
ncl_man
Displays a list of all Novell Client man pages.
ncl_man <Novell Client man page name>
Modifies the MANPATH and launches man to display the specific man page.
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
Novell Client for Linux Man Pages 61
Page 62
ncl_tray(1)
Name
novdocx (en) 13 May 2009
ncl_tray
- Loads the Novell Client for Linux tray application.
Syntax
ncl_tray [--waitfortray <integer>] [--author] [--] [-v] [-h]
Description
Allows you to manually load the Novell Client for Linux tray application. This application provides
GUI access to Novell Client functionality such as login, logout, mapping drives, and many other
functions. It requires the X Windows System to be running, because it is a GUI application.
Options
Basic Options:
--waitfortray <integer>
Wait for tray (value required).
--author
Shows author information.
--, --ignore_rest
Ignores the rest of the labeled arguments following this flag.
-v, --version
Displays version information and exits.
-h, --help
Displays version information and exits.
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
62 Novell Client 2.0 SP3 for Linux Administration Guide
Page 63
nwconnections(1)
Name
novdocx (en) 13 May 2009
nwconnections
- Lists active connections for the currently logged-in user.
Syntax
nwconnections [--] [-v] [-h]
Description
The nwconnections utility lets you view all active connections for the currently logged-in user. Use
the nwmap utility to detach from listed connections.
Options
--, -ignore_rest
Ignores the rest of the labeled arguments following this flag.
-v
Displays the version for the package that supplies the nwconnections utility.
-h, -help
Displays the help strings.
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
See Also
nwmap(1)
To report problems with this software or its documentation, visit http://bugzilla.novell.com
Novell Client for Linux Man Pages 63
Page 64
nwcopy(1)
Name
novdocx (en) 13 May 2009
nwcopy
- Copies files and directories to and from Novell file systems.
Syntax
nwcopy [-f] [-c] [-s] -t <target_path> -p <source_path> [--] [-v] [-h]
Description
The nwcopy utility allows you to copy files and directories to and from Novell file systems. Using
nwcopy preserves Novell file system attributes.
NOTE: The source and target must be Novell file system (Netware traditional file system or Novell
storage services).
Options
-f, --force
Rewrites existing targets.
-c, --compress
Retains the Novell compression attribute if it is supported.
-s, --subdir
Traverses the subdirectories.
-t <string>, --target <string>
Specifies the target path where you want the files copied to.
-p <string>, --source <string>
Specifies the source path of the files you want to copy.
--, --ignore_rest
Ignores the rest of the labeled arguments following this flag.
-v, --version
Displays the version for the package that supplies the nwconnections utility.
-h, --help
Displays usage information and exits.
Examples
nwcopy -c -p . -t my_vol
Copies all files in the current working directory to
my_vol
(retaining Novell compression).
64 Novell Client 2.0 SP3 for Linux Administration Guide
Page 65
nwcopy -s -p my_vol -t your_vol
novdocx (en) 13 May 2009
Recursively copies all files and directories from
my_vol
to
your_vol
.
nwcopy -f -p my_vol -t your_vol
Copies all files or directories from
my_vol
to
your_vol
and rewrites the existing targets.
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
Novell Client for Linux Man Pages 65
Page 66
nwflag(1)
Name
novdocx (en) 13 May 2009
nwflag
- Displays or modifies the attributes of files and directories on Novell file systems.
Syntax
nwflag {-a|-n} {-w|-e <eDir object>|<+|-> <attr modifier>} [-s] [-d|-f] [--]
[-v] [-h] <URI1> {URI2} {URI3} ...
Description
The nwflag utility allows you to display and modify the attributes of files or directories.
Type
Displays or sets either the attributes or the owner flag information.
-a, --attributes
Displays or sets attribute flags.
-n, --owner
Displays or sets owner flags.
Options
-s
Traverse subdirectories.
-d, --directories
Displays or modifies directories only.
-f, --files
Displays or modifies files only.
--, --ignore_rest
Ignores the rest of the labeled arguments following this flag.
-n, --owner
Sets the file owner.
-v, --view_owner
Displays files that a user owns.
-h, --help
Displays the help strings.
66 Novell Client 2.0 SP3 for Linux Administration Guide
Page 67
Attributes
For additional information on file system attributes, see the File Systems Management Guide for
OES at http://www.novell.com/documentation/oes/stor_filesys/data/hn0r5fzo.html.
In this guide, the “Understanding File System Access Control for NSS and NetWare Traditional File
Systems” section provides information on flags. See http://www.novell.com/documentation/oes/
stor_filesys/data/bs3fih1.html.
o=Read-only
w=Read-write
c=Compressed
h=Hidden
y=System
k=Can't Compress
p=Purge
novdocx (en) 13 May 2009
a=Archive Needed
m=Migrated
d=Delete Inhibit
r=Rename Inhibit
s=Shareable
t=Transactional
i=Copy Inhibit
x=Execute Only
q=Don't Migrate
e=Immediate Compress
f=Don't Compress
b=Don't Suballocate
l=All
n=Normal
Examples
nwflag -a -f -e +o //MYSERVER/SYS/PUBLIC/TES
Gives all files in the
nwflag -a -s -d -e +d //MYSERVER/SYS/PUBLIC/TEST
Sets all child directories of the
TEST
directory a read-only attribute.
TEST
directory to Delete Inhibit.
Novell Client for Linux Man Pages 67
Page 68
nwflag -a -e +p
Sets the current directory to Purge.
nwflag -a -s -f -e +a+e //MYSERVER/SYS //MYSERVER/USER
Sets all files on vol SYS: and USER: to Archive Needed and Immediate Compress.
nwflag -n -e -s -f adam.cont.org
Makes user ADAM the owner of the files in the current directory and subdirectories.
nwflag -n -w -s -f //MYSERVER/USER | grep -i “adam.cont.org”
Lists all files owned by user ADAM on volume USER.
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
novdocx (en) 13 May 2009
68 Novell Client 2.0 SP3 for Linux Administration Guide
Page 69
nwlogin(1)
Name
novdocx (en) 13 May 2009
nwlogin
- Logs a user in to a Novell file server or an eDirectory tree.
Syntax
nwlogin [-c <string>] [-t <string>] [-p <string>] [-u <string>] [-s <string>]
[-r] [-L <string>] [-P <string>] [-2 <string>] [-3 <string>] [-4 <string>] [-5
<string>] [--clearconn] [--] [-v][-h]
Description
The nwlogin utility allows a user to log in to a Novell file server or eDirectory tree from a terminal.
When you execute the
scripts and modify variables.
You must specify the username, password, tree, context, and server.
nwlogin
command, you can add variables and strings to run additional
Options
-c <string>, --context <string>
Specifies the context that the user is logging in to. This value is required.
-t <string>, --tree <string>
Specifies the tree that the user is logging in to. This value is required.
-p <string>, --password <string>
Specifies the user's eDirectory password. This value is required.
-u <string>, --user <string>
Specifies the user's eDirectory username. This value is required.
-s <string>, --server <string>
Specifies the server that the user is logging in to. This value is required.
-E, --passenv
Specifies the password via the NWPassword environment variable. You can set NWPassword
to be the password that you want login to use (when you pass it using -passenv) instead of
specifying the password on the command line.
For example:
export NWPassword=novell
nwlogin -r -t mytree -s myserver -u admin -c mycontext --passenv
-r runscripts
Runs any scripts associated with the specified username.
Novell Client for Linux Man Pages 69
Page 70
-L <string>, --LoginScript <path to login script file on local workstation>
Runs the specified login scripts during login.
-P <string>, --ProfileScript <path to a login script file on local workstation>
Runs the specified Profile login scripts during login.
-2 <string>, --variable2 <string>
Allows an additional parameter to be entered that the login utility passes to the login script.
There are four %n variables that can be specified during login (2, 3, 4, and 5). The utility then
substitutes these parameters for the %n variables in the login script.
The variables are replaced in the order specified, by selecting -2, -3, -4, or -5.
-3 <string>, --variable3 <string>
Allows an additional parameter to be entered that the login utility passes to the login script.
There are four %n variables that can be specified during login (2, 3, 4, and 5). The utility then
substitutes these parameters for the %n variables in the login script.
The variables are replaced in the order specified, by selecting -2, -3, -4, or -5.
novdocx (en) 13 May 2009
-4 <string>, --variable4 <string>
Allows an additional parameter to be entered that the login utility passes to the login script.
There are four %n variables that can be specified during login (2, 3, 4, and 5). The utility then
substitutes these parameters for the %n variables in the login script.
The variables are replaced in the order specified, by selecting -2, -3, -4, or -5.
-5 <string>, --variable5 <string>
Allows an additional parameter to be entered that the login utility passes to the login script.
There are four %n variables that can be specified during login (2, 3, 4, and 5). The utility then
substitutes these parameters for the %n variables in the login script.
The variables are replaced in the order specified, by selecting -2, -3, -4, or -5.
--clearconn
Clears existing server connections before logging in to the current server.
--, --ignore_rest
Ignores the rest of the labeled arguments following this flag.
-v, --version
Displays version information and exits.
-h, --help
Displays usage information and exits.
Examples
nwlogin -s MYSERVER -u MYUSER -c MYCONTEXT -t MYTREE -p MYPASSWORD -2
MYVARIABLE L P r
nwlogin -u MYUSER -p MYPASSWORD -t MYTREE -c MYCONTEXT -s MYSERVER
70 Novell Client 2.0 SP3 for Linux Administration Guide
Page 71
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
See Also
nwlogout(1), nwconnections(1)
To report problems with this software or its documentation, visit http://bugzilla.novell.com
novdocx (en) 13 May 2009
Novell Client for Linux Man Pages 71
Page 72
nwlogout(1)
Name
novdocx (en) 13 May 2009
nwlogout
- Logs the user out of a Novell or eDirectory tree.
Syntax
nwlogout {-s <string>|-t <string>|-a} [-f] [--] [-v] [-h]
Description
The nwlogout utility allows a user to log out of a specific Novell file server or eDirectory tree or to
log out of all trees and servers.
Options
Required:
-s <string>, --server <string>
Specifies the server the user is logging out of. This value is required if either the tree or closeall
option is not used.
-t <string>, --tree <string>
Specifies the tree that the user will be logged out of. This value is required if either the server or
closeall option is not used.
-a, --closeall
Closes all open connections. This value is required if either the server or tree option is not used.
Optional:
-f, --forceall
Forces all confirmations.
--, --ignore_rest
Ignores the rest of the labeled arguments following this flag.
-v, --version
Displays the version of the package that nwlogout is a part of.
--help, --help
Display the help strings.
Examples
nwlogout -s MYSERVER
nwlogout -t MYTREE
72 Novell Client 2.0 SP3 for Linux Administration Guide
Page 73
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
See Also
nwlogin(1)
To report problems with this software or its documentation, visit http://bugzilla.novell.com
novdocx (en) 13 May 2009
Novell Client for Linux Man Pages 73
Page 74
nwmap(1)
Name
nwmap
- Creates a mapping (mount) from a local file system to a remote file system on a Novell file
server.
Syntax
map -d drive <-s server> -v volume <-f filespec>
or
map <<options> | <parameters> drive:=<path> | local_path:=<remote_path>>
Description
The nwmap utility creates a mapping (similar to a mount point) to a remote path on a Novell file
server.
novdocx (en) 13 May 2009
NOTE:
If you are already authenticated using a
authenticate. However, if you want to run
authenticate, you can either pass the username, password as a parameter or use the
will take an environment variable
nwmap
is a symbolic link to the map.You can use
nwlogin
nwmap
NWPassword
nwmap
command to map a remote volume.
command,
on a new machine and you want
as the password.
nwmap
will not require you to re-
nwmap
-E
Options
-d, --drive <drive letter or path>
Specifies the drive letter or path that you are mapping to.
The path can be in the following forms:
//server/volume/path
server/volume:
server/volume:/path
.directory_object_name.fully_distiguished_eDirectory_path (such as a cluster volume--for
example, my_dir.usrs.accnt.mycompany)
-s, --server <string>
Specifies the server that you are mapping to.
-v, --volume <string>
Specifies the volume that you are mapping to.
itself to
switch which
-f, --filespec
Specifies any remote file system folders that are relative to the volume or folder you have
specified.
74 Novell Client 2.0 SP3 for Linux Administration Guide
Page 75
-display <on|off>
Determines whether or not the results of this specific Map command are displayed at the
command terminal.
-errors <on|off>
This does not function in Linux. It is included for script compatibility only.
-h, --help
Displays the help strings.
Parameters
INS or INSERT
This does not function in Linux. It is included for script compatibility only.
DEL or DELETE
Deletes a drive mapping, making that drive letter available for other mapping assignments.
novdocx (en) 13 May 2009
R or ROOT
This does not function in Linux. It is included for script compatibility only.
C or CHANGE
This does not function in Linux. It is included for script compatibility only.
P or PHYSICAL
This does not function in Linux. It is included for script compatibility only.
N or NEXT
Maps the next available drive when used without specifying a drive number or letter.
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
Novell Client for Linux Man Pages 75
Page 76
nwpurge(1)
Name
novdocx (en) 13 May 2009
nwpurge
- Purges deleted files and directories from Novell file system.
Syntax
nwpurge {-l|-a|-r|-f <string> ... } [--] [-v] [-h] <FileSystem objects
to perform operations with> ...
Description
The nwpurge utility enables you to purge deleted files and directories from Novell file system.
Options
-l, --list
Displays the objects to be purged.
-a, --purgeall
Purges all file system objects at the current level.
-r, --subdirectories
Purges subdirectories.
-f <string>, --files <string>
Purges listed files. This option accepts multiple values.
--, --ignore_rest
Ignores the rest of the labeled arguments following this flag.
-v, --version
Displays version information and exits.
-h, --help
Displays usage information and exits.
<FileSystem objects to perform operations with>
Accepts multiple file system objects.
NOTE: It is mandatory to use either of the following options with the nwpurge utility: -l, -a, -r, -f.
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
76 Novell Client 2.0 SP3 for Linux Administration Guide
Page 77
See Also
nwsalvage(1)
To report problems with this software or its documentation, visit http://bugzilla.novell.com
novdocx (en) 13 May 2009
Novell Client for Linux Man Pages 77
Page 78
nwrights(1)
Name
novdocx (en) 13 May 2009
nwrights
directories, or files.
- Displays or modifies a user's trustee assignments or inherited rights filter for volumes,
Syntax
nwrights {-t|-f <+|->rights_list |-r <+|->rights_list} {-m <+|>rights_list |-w|-e} [-o <string>] [-s] [--] [-v] [-h] <FileSystem objects to
perform operation with> ...
Description
The nwrights utility allows you to display and give rights to files and directories on a Novell server.
Rights can be given directly or through inherited rights filters.
Options
-w
View the trustees, inheritance filter, or effective rights.
-e
Remove Trustee.
-s
Traverse subdirectories.
-r <+|-><rights>
Allows you to add (+) or delete (-) specified rights to or from the rights list. The rights are:
s=Supervisor
r=Read
w=Write
c=Create
e=Erase
m=Modify
f=File Scan
a=Access Control
n=No Rights
l=All rights except Supervisor
-t
Displays the trustee rights.
78 Novell Client 2.0 SP3 for Linux Administration Guide
Page 79
-m
Removes the specified trustee rights.
-f
Displays or modifies the inherited rights filter.
-i
Displays or modifies the inherited rights filter.
-o <user or group object name>
Specifies the User or Group object that you want to change the rights for.
-p <network path>
Specifies the network path to the file.
-v
Displays version information and exits.
-h
Displays the help strings.
novdocx (en) 13 May 2009
Examples
nwrights -t -w dir1
Displays the trustees on a directory named dir1.
nwrights -r -w dir1
Displays the effective rights.
nwrights -f -w dir1
Displays inheritance filter.
nwrights -t -e -o "abc.xyz" dir1
Removes the trustee abc.xyz.
nwrights -t -m +r -o "abc.xyz" dir1
Assigns read access to the trustee abc.xyz.
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
Novell Client for Linux Man Pages 79
Page 80
nwsalvage(1)
Name
novdocx (en) 13 May 2009
nwsalvage
- Restores deleted files and directories on Novell file system.
Syntax
nwsalvage {-l|-a|-f <string> ... } [--] [-v] [-h] <FileSystem objects
to perform operations with> ...
Description
The nwsalvage utility enables you to salvage deleted files and directories from Novell file system.
In a hierarchical directory structure, you must use this utility to salvage files or directories at each
level of the directory structure before proceeding to the next level.
Options
-l, --list
Displays the objects to be salvaged.
-a, --salvageall
Salvages all file system objects at the current level.
-f <string>, --files <string>
Salvages listed files. This option accepts multiple values.
--, --ignore_rest
Ignores the rest of the labeled arguments following this flag.
-v, --version
Displays version information and exits.
-h, --help
Displays usage information and exits.
<FileSystem objects to perform operations with>
Accepts multiple file system objects.
NOTE: It is mandatory to use either of the following options with the nwsalvage utility: -l, -a, -f.
Examples
The following examples describe the usage of nwsalvage command when the user working directory
is a mapped volume:
nwsalvage -l .
80 Novell Client 2.0 SP3 for Linux Administration Guide
Page 81
Lists the set of files and directories that can be salvaged in the current directory.
nwsalvage -a .
Salvages all the files and directories in the current directory.
nwsalvage -f file1 file5 dir1 dir3
Salvages only the specified objects.
The folowing examples describe the usage of nwsalvage command when the user working directory
is not a mapped volume:
nwsalvage -l /home/localuser1/VKNSSVOl1
Displays the objects to be salvaged.
nwsalvage -a /home/localuser1/VKNSSVOl1
Salvages all file system objects at the current level.
nwsalvage -f file1 /home/localuser1/VKNSSVOl1/Salvage1/Salvage12/
novdocx (en) 13 May 2009
Salvages only the specified objects.
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
See Also
nwpurge(1)
To report problems with this software or its documentation, visit http://bugzilla.novell.com
Novell Client for Linux Man Pages 81
Page 82
nwsend(1)
Name
novdocx (en) 13 May 2009
nwsend
a message to the server console.
- Sends messages to users or groups who are currently connected to a Novell server or sends
Syntax
nwsend <flags> -s <target_server> -o <fully_distinguished_user_name> -m
<message_text>
Description
The nwsend utility allows you to send messages to users or groups who are currently connected to a
Novell server, or allows you to send a message to the server console.
NOTE: When you send a message to a group, you must specify only the groupname and not the
FQDN of the groupname.
Options
-g <message>
Sends messages to groups.
-c <message>
Sends a message to the server console.
-c <message>
Sends a message to the server console.
-s <server_name>
Specifies the server.
-o <string>
Specifies the user's fully distinguished eDirectory user name.
-m <message>
Specifies the message sent to a specific person.
-h, --help
Displays the help strings.
Authors
Copyright 2005-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
82 Novell Client 2.0 SP3 for Linux Administration Guide
Page 83
StartupLogin.conf(4)
Name
novdocx (en) 13 May 2009
StartupLogin.conf
- Novell Client for Linux user configuration file.
Files
$HOME/.novell/ncl/StartupLogin.conf
Description
All the current fields in the Novell Login dialog box (except the password) are stored in this
configuration file. This file uses the same format as the
login.conf
file.
Usage
Each entry occupies a single line in the file. Lines that are blank, or that start with a pound sign (#),
are ignored.
UserName=<username>
The user's eDirectory username. This line is required.
Tree=<tree name>
The name of the eDirectory tree the user is logging in to. This line is required.
Context=<context>
The location of the User object in the eDirectory tree. This line is required.
Server=<server name>
The name or IP address of the server the user is logging in to.
ClearConnections=[true or false]
Clears any existing connections to servers before logging in. The default is false.
RunScripts=[true or false]
Runs the user's login script. The default is true.
DisplayResults=[true or false]
Displays the results of the log in script in a window during login. The default is false.
CloseAutomatically=[true or false]
Closes the login script display window after login. The default is true.
LoginScript=<DEFAULT>/<user defined text>
Specify a login script for the user. The default is <DEFAULT>.
ProfileScript=<DEFAULT>
Specify a profile login script for the user. The default is <DEFAULT>.
Novell Client for Linux Man Pages 83
Page 84
Variable2=<user defined text>
%2 variable. When a user logs in, additional parameters can be entered that the LOGIN utility
passes to the login script. The utility then substitutes these parameters for any %n variables in
the login script. These variables are replaced in order by the parameters the user entered when
logging in.
Variable3=<user defined text>
%3 variable. When a user logs in, additional parameters can be entered that the LOGIN utility
passes to the login script. The utility then substitutes these parameters for any %n variables in
the login script. These variables are replaced in order by the parameters the user entered when
logging in.
Variable4=<user defined text>
%4 variable. When a user logs in, additional parameters can be entered that the LOGIN utility
passes to the login script. The utility then substitutes these parameters for any %n variables in
the login script. These variables are replaced in order by the parameters the user entered when
logging in.
Variable5=<user defined text>
%5 variable. When a user logs in, additional parameters can be entered that the LOGIN utility
passes to the login script. The utility then substitutes these parameters for any %n variables in
the login script. These variables are replaced in order by the parameters the user entered when
logging in.
novdocx (en) 13 May 2009
AllowLoginGUI=[true or false]
The default is true. If eDirectory authentication fails, display Novell Login dialog during
session startup (after initial login).
Examples
A sample
[Startup]
UserName = admin
Tree = MYCOMPANY_TREE
Context = novell
Server =
LastSessionID = 1
RunScripts = yes
DisplayResults = yes
CloseAutomatically = yes
LoginScript = <DEFAULT>
StartupLogin.conf
file is given below:
ProfileScript = <DEFAULT>
Variable2 =
84 Novell Client 2.0 SP3 for Linux Administration Guide
Page 85
Variable3 =
Variable4 =
Variable5 =
Authors
Copyright 2007-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
novdocx (en) 13 May 2009
Novell Client for Linux Man Pages 85
Page 86
StartupMaps.conf(4)
Name
novdocx (en) 13 May 2009
StartupMaps.conf
- Novell Client for Linux configuration file.
Files
$HOME/.novell/ncl/StartupMaps.conf
Description
Specify drive mappings to run at startup. Integrated Login is not required, but credentials must be
saved or the login dialog box appears to get the password at desktop startup.
Usage
Each entry occupies a single line in the file. Lines that are blank, or that start with a pound sign (#),
are ignored.
[/home/<username>/Desktop/<drive_link>]
Location and name of drive link.
UserName=<username>
A valid eDirectory username.
Tree= <tree name>
The eDirectory tree.
Context=<context>
Append to UserName for a fully distinguished name.
Mapped=<filesystem_path>
For example: Mapped = \\mycompany\sys:
[/home/<username>/Desktop/next_drive]
Examples
A sample
[/home/mycompany/Desktop/xyzzy]
UserName = admin.novell
Tree = MYCOMPANY_TREE
Context =
Mapped = \\mycompany\sys:
StartupMaps.conf
file is given below:
86 Novell Client 2.0 SP3 for Linux Administration Guide
Page 87
[/home/mycompany/Desktop/pub]
UserName = admin.novell
Tree = MYCOMPANY_TREE
Context =
Mapped = \\mycompany\SYS:PUBLIC\
Authors
Copyright 2007-2009, Novell, Inc. All rights reserved. http://www.novell.com
To report problems with this software or its documentation, visit http://bugzilla.novell.com
novdocx (en) 13 May 2009
Novell Client for Linux Man Pages 87
Page 88
novdocx (en) 13 May 2009
88 Novell Client 2.0 SP3 for Linux Administration Guide
Page 89
C
Documentation Updates
novdocx (en) 13 May 2009
C
This section contains information on documentation content changes made in this guide since the
initial release of the Novell
updates to the documentation.
The documentation was updated on the following dates:
Section C.1, “September, 2009,” on page 89
Section C.2, “August, 2008,” on page 89
®
ClientTM for Linux. The information will help you keep current on
C.1 September, 2009
Added integrated login scenarios Section 3.1, “Setting Up Integrated Login,” on page 23.
Added section on server side configuration Section 2.3, “Server Side Configuration for
Sending Messages from Client to Users and Groups,” on page 21.
Modified man pages for nwpurge nwpurge(1) (page 76).
Modified man pages for nwsalvage nwsalvage(1) (page 80).
Modified man pages for nwrights nwrights(1) (page 78).
Added a note in the manpages for nwcopy nwcopy(1) (page 64)
C.2 August, 2008
Updated the title page in the PDF version of the guide.
Documentation Updates
89
Page 90
novdocx (en) 13 May 2009
90 Novell Client 2.0 SP3 for Linux Administration Guide
Loading...