ncpfs—Novell Netware Connectivity for Linux
Today's networks are becoming increasingly complex and diverse. Often a system administrator is forced to face a network of more than one operating systems, and sometimes even more than one communication protocols. Not surprisingly, one platform that manages to adjust in these harsh conditions is Linux. Linux supports a very wide array of networking protocol, and software exists to tap into virtually any network server, and even become a server for non-Unix clients. Samba provides client/server for Windows 3.11/95/NT networks, Netatalk takes care of Macintosh's Appletalk, and in this article I will discuss yet another program that allows any Linux machine to become a full-fledged Novell client.
Novell networks are among the most popular ones in the world. Therefore, it is no surprise that some means of interacting with Novell servers has evolved. A typical Novell network consists of one Novell server, usually running dedicated to Novell, and many clients (PCs usually running DOS/Windows). Unlike NFS Unix networks, there is a very big software difference between the Novell server (usually running a special OS) and the clients (usually running DOS/Windows with Novell drivers). While commercial products exist that enable interaction between Novell and Unix systems, ncpfs provides a powerful, easy and free way of doing it.
ncpfs is a suite of programs created and maintained by Volker Lendecke (lendecke@namu01.Num.Math.Uni-Goettingen.de) that let you access a Novell server in various ways. The primary service a Novell server provides is its files. A Novell server holds several volumes, each usually corresponding to a hard drive or CD-ROM. ncpfs lets you easily mount a Novell server—the directory used to mount the server will contain a directory for each volume accessible on that server, and in those directories will be the actual directories and files. Note that a Novell server allows you to see only what you have permission to see.
Get the latest version of ncpfs from: ftp.gwdg.de:/pub/linux/misc/ncpfs or from: sunsite.unc.edu:/pub/Linux/system/Filesystems/ncpfs. Untar it, and compile the tools by typing make and make install. Consult the README file, if you have any problems.
ncpfs utilizes the NCP (Novell Core Protocol) protocol, which sits on top of IPX (Internetworking Packet eXchange). First, make sure that IPX support is available in the kernel (or as a loadable module). Then, you must configure the IPX interface. ncpfs comes with the Linux IPX tools, which allow you to create an IPX interface and a route, somewhat like ifconfig and route. The easiest way to configure your IPX system is by doing this:
ipx_configure --auto_interface=on \ --auto_primary=on
This attempts to automatically determine everything about your interface, and to set it as the primary one. If this doesn't work, you will have to try to configure manually. For more information consult the man pages for ipx_configure, ipx_interface, ipx_internal_net and ipx_route. Now you are ready to run ncpfs utilities.
All the ncpfs tools work in a similar fashion. Since each operation requires accessing a Novell server, almost each command execution requires that three things be supplied: the server name, the user name and the password. There are two ways to do so:
Use command-line parameters: <command> -S <server name> -U <user name> -P <password>. This is usually a tiresome method since EVERY command needs to have these three switches fed to it.
The file ~/.nwclient may contain information about servers. Each line may contain information in the following syntax: <server_name>/<user_name> <password>
If you specify the -S command-line parameter, the program will automatically get the user name and password from the appropriate line of this file. If not, it will use the first line.
To cut straight to the interesting stuff, in order to mount a Novell server, simply type:
Again, add switches for the server, user and password or use ~/.nwclient.
Your mount point will contain a directory for each volume, containing the actual files, in the Novell server. ncpmount also provides many options to control the mounting, such as the UID and GID of the file hierarchy. Consult ncpmount.8 for more details. Note that a Novell server can be mounted several times from the same computer. Note also that ncpmount and ncpumount do NOT have to be setuid, which enables any normal user to mount their accounts on a Novell server, opening yet more possibilities for ncpfs application in the real world. For example, to access the file \LOGIN\LOGIN.EXE on volume SYS, on the Novell server MYSERV on /mnt, as the user supervisor with the password 12345 (let's hope there aren't many of these out there), execute:
ncpmount -S MYSERV -U supervisor -P 12345 /mnt
OR have the following line in ~/.nwclient:
MYSERV/supervisor 12345and execute:
ncpmount /mntOnce the Novell server is mounted, the file LOGIN.EXE will be represented as /mnt/sys/login/login.exe.
In order to print to a Novell server, simply execute:
nprint -q <queue_name> <file>
This will contact the specified printer queue on the server and send it <file> as a print job. See nprint.1 for more details. Note that ncpfs also provides a print server, allowing Linux to connect to a Novell server's queues and transfer jobs to the Linux printing system; see pserver.1 for more information.
Another important functionality provided by ncpfs is direct access to the bindery. The bindery is the database where a Novell server keeps all information about users, groups, and just about everything else. Unfortunately, the bindery can normally be accessed only by using tools provided by Novell. While these tools are usually very colorful and user-friendly, when it comes to manipulating hundreds of users and groups they don't pack the punch. In Unix this problem is solved by providing direct access to the database—/etc/passwd, for example, and using general-purpose tools such as sed, awk and perl. ncpfs provides tools to access the bindery and modify it, allowing the savvy system administrator to write flexible shellscripts to modify a Novell server's bindery. So, for example, if you wish to change every single user's name so that the third letter is x, you can do so quite easily. This ability means that even if you don't need to access a Novell server from a Linux machine you might still find a use for ncpfs for administrative purposes.
The tools nwbocreate, nwbols, nwboprops and nwborm allow you to manipulate bindery objects (such as users, groups, print queues, etc.); the tools nwbpadd, nwbpcreate, nwbprm, nwbpset and nwbpvalue will change the properties of objects. These base-functionality programs open up endless possibilities for Novell management utilities for Linux, even more diverse than the ones that exist for DOS/Windows, since no programming libraries are normally provided with Novell Netware. See their man pages for additional information.
Some more nifty tools provided by ncpfs are:
nwrights, nwgrant, nwrevoke allow the modification of file access rights like Unix's chmod)
nsend sends a message to a user via the Novell server (note that if the recipient is also using ncpfs, their computer must run kerneld to receive the message)
slist lists the Novell servers available on the network;
nwpasswd changes the password of a user;
pqlis lists the print queues available on a Novell server;
nwuserlist lists the users logged into the server and their hardware addresses
ncopy copies files within a Novell server without sending them through the network
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Humble Hacker?
- Server Hardening
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- ACI Worldwide's UP Retail Payments
- Open-Source Project Secretly Funded by CIA
- Varnish Software's Hitch
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide