Novell Open Enterprise Server 11 SP3 Administration Guide

www.novell.com/documentation

Novell Apple Filing Protocol for Linux

Administration Guide

Open Enterprise Server 11 SP2

January 2014

Legal Notices

Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically

disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,

reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any

person or entity of such revisions or changes.

Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any

express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right

to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of

such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade

laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or

classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S.

export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use

deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade

Services Web page (http://www.novell.com/company/legal/exports/) for more information on exporting Novell software.

Novell assumes no responsibility for your failure to obtain any necessary export approvals.

a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc.

1800 South Novell Place

Provo, UT 84606

U.S.A.

www.novell.com

Online Documentation: To access the latest online documentation for this and other Novell products, see the Novell

Documentation Web page (http://www.novell.com/documentation/oes11).

Novell Trademarks

For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/trademarks/

tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

Contents 3

Contents

About This Guide 7

1 Overview of AFP 9

1.1 Understanding AFP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

1.1.1 AFP and Universal Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

1.2 AFP Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

1.3 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

1.4 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

2 What’s New or Changed in AFP 13

2.1 What’s New (OES 11 SP2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.2 What’s New or Changed in AFP (OES 11 SP1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

2.3 What’s New or Changed in AFP (OES 11) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

3 AFP Monitoring and Management 15

3.1 Overview of AFP Monitoring and Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

3.2 Using AFP Monitoring and Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

3.3 Monitoring Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

3.4 Monitoring Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

3.5 Monitoring Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

4 Planning and Implementing AFP 19

4.1 Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

4.2 Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

4.3 Antivirus Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

4.4 Unsupported Service Combinations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

4.5 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

5 Installing and Setting Up AFP 21

5.1 Installing AFP during OES 11 SP2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

5.2 Installing AFP after OES 11 SP2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

5.3 Installing AFP NMAS Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

5.3.1 Installing AFP NAMS Methods during a New Installation . . . . . . . . . . . . . . . . . . . . . . . . . .24

5.3.2 Installing AFP NAMS during an Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

5.3.3 Installing Patches for the AFP NMAS Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

5.4 Verifying the Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

5.4.1 Checking Files and Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

5.4.2 Verifying LSM Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

5.5 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

6 Administering the AFP Server 27

6.1 Prerequisite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

6.2 Selecting a Server to Manage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

4 OES 11 SP2: Novell AFP for Linux Administration Guide

6.3 Configuring General Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

6.3.1 Security and Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

6.3.2 Threads and Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

6.3.3 Version and Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

6.3.4 Other . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

6.3.5 Subtree Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

6.3.6 Rights to a File or Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

6.4 Configuring Volume Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

6.4.1 Adding a New Volume Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

6.4.2 Editing an Existing Volume Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

6.4.3 Deleting a Volume Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

6.4.4 Resetting the Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

6.5 Configuring Context Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36

6.5.1 Adding a Context. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36

6.5.2 Removing a Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

7 Migrating AFP to OES 11 SP2 39

8 Running AFP in a Virtualized Environment 41

9 Configuring AFP with Novell Cluster Services for an NSS File System 43

9.1 Benefits of Configuring AFP for High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

9.2 Volumes in a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

9.2.1 Volume Name Management in a Cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

9.3 Configuring AFP in a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

9.3.1 Identifying the Nodes to Host the AFP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

9.3.2 Installing Novell Cluster Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

9.3.3 Creating Shared NSS Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

9.3.4 Configuring the Monitoring Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

9.3.5 Reviewing Load and Unload Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

10 Working with Macintosh Computers 49

10.1 Administrator Tasks for Macintosh. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

10.1.1 Configuring a Guest User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

10.1.2 Editing the Volume File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

10.1.3 Editing the Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

10.2 Macintosh End User Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

10.2.1 Accessing Network Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

10.2.2 Logging In to the Network as a Guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

10.2.3 Changing Passwords from a Macintosh Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

10.2.4 Changing Expired Passwords from a Macintosh Computer . . . . . . . . . . . . . . . . . . . . . . . .52

10.2.5 Assigning Rights and Sharing Files from a Macintosh Computer . . . . . . . . . . . . . . . . . . . .52

11 Monitoring the AFP Server 55

11.1 Understanding the Monitoring Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

11.2 Enabling Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

11.3 Viewing Logs through iManager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

11.4 Understanding Performance Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

12 Auditing the AFP Server 57

12.1 Understanding the Auditing Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

12.2 Enabling Auditing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

Contents 5

12.3 Viewing Auditing Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

13 Troubleshooting AFP 59

13.1 Known Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

13.1.1 Owner’s Name Not Displayed in the Macintosh Client . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

13.1.2 File Level Trustees Are Deleted When a File is Modified . . . . . . . . . . . . . . . . . . . . . . . . . .59

13.2 AFP Login Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

13.2.1 Cannot See the Login Dialog Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

13.2.2 AFP User Login to a Macintosh 10.5 Client Fails With a “Connection Failed” Error . . . . . . 60

13.2.3 Invalid Username and Password Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

13.2.4 Cleartext Authentication Fails on Mac Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

13.2.5 One-Way or Two-Way Random Exchange Authentication Fails on Mac Clients. . . . . . . . .61

13.2.6 Enabling Authentication Mechanisms for a Mac 10.7 Client . . . . . . . . . . . . . . . . . . . . . . . .61

13.3 Starting the AFP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

13.3.1 Starting the AFP Daemon Failed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

13.4 File Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

13.4.1 Failure to Create a File on a Macintosh Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

13.5 Displaying Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

13.5.1 Volumes Tab on a Macintosh 10.4 Client Displays an Empty Volume List . . . . . . . . . . . . .62

13.6 Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

13.6.1 NWDSResolveName failed to resolve supplied name <user name>. . . . . . . . . . . . . . . . . .62

13.6.2 zOpen on volume <VOLUME_NAME> failed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

13.6.3 zAFPCountByScanDir: scandir failed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

13.7 AFP Server Responds Slowly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

13.8 Operation Fails When a Macintosh Client Mounts an NSS Volume and Opens Files . . . . . . . . . . .63

13.9 Hard Links are Broken When Files Are Accessed from an AFP Mount Point . . . . . . . . . . . . . . . . . .63

13.10 AFP Subtree Search Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

13.11 Cannot Access an AFP Share by Using an Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

14 Security Guidelines for AFP 65

14.1 Recommended Authentication Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

14.2 Storing Credentials. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

14.3 Intruder Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

14.4 Timeout Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66

A Command Line Utilities for AFP 67

A.1 afpdtreset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

A.2 afpstat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

A.3 afptcpd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

A.4 afpbind . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

A.5 afpnames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

A.6 migafp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

B Comparing AFP on NetWare and AFP on Linux 71

C Documentation Updates 73

C.1 January 2014 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73

C.2 April 2012 (OES 11 SP1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73

6 OES 11 SP2: Novell AFP for Linux Administration Guide

About This Guide 7

About This Guide

This guide describes how to use the Novell Apple Filing Protocol (AFP) service on a Novell Open

Enterprise 11 SP2 server to access and manage Macintosh systems.

This guide is divided into the following sections:

 Chapter 1, “Overview of AFP,” on page 9

 Chapter 2, “What’s New or Changed in AFP,” on page 13

 Chapter 3, “AFP Monitoring and Management,” on page 15

 Chapter 4, “Planning and Implementing AFP,” on page 19

 Chapter 5, “Installing and Setting Up AFP,” on page 21

 Chapter 6, “Administering the AFP Server,” on page 27

 Chapter 7, “Migrating AFP to OES 11 SP2,” on page 39

 Chapter 8, “Running AFP in a Virtualized Environment,” on page 41

 Chapter 9, “Configuring AFP with Novell Cluster Services for an NSS File System,” on page 43

 Chapter 10, “Working with Macintosh Computers,” on page 49

 Chapter 11, “Monitoring the AFP Server,” on page 55

 Chapter 12, “Auditing the AFP Server,” on page 57

 Chapter 13, “Troubleshooting AFP,” on page 59

 Chapter 14, “Security Guidelines for AFP,” on page 65

 Appendix A, “Command Line Utilities for AFP,” on page 67

 Appendix B, “Comparing AFP on NetWare and AFP on Linux,” on page 71

 Appendix C, “Documentation Updates,” on page 73

Audience

This document is intended for network administrators. It is not intended for users of the network.

Documentation Updates

For the most recent version of the Novell AFP for Linux Administration Guide, see the Novell Open

Enterprise Server 11 documentation.

Feedback

We want to hear your comments and suggestions about this guide and the other documentation

included with Novell OES. Please use the User Comment feature at the bottom of each page of the

OES 11 SP2 online documentation.

8 OES 11 SP2: Novell AFP for Linux Administration Guide

1

Overview of AFP 9

1

Overview of AFP

Novell Apple Filing Protocol (AFP) for Linux operating systems is provided with Novell Open

Enterprise Server (OES) 2 SP1 and later versions. AFP is a network protocol that offers file services

for Macintosh clients. OES 11 SP2 currently supports AFP version 3.1.

 Section 1.1, “Understanding AFP,” on page 9

 Section 1.2, “AFP Features and Capabilities,” on page 10

 Section 1.3, “Limitations,” on page 10

 Section 1.4, “What’s Next,” on page 11

1.1 Understanding AFP

Novell AFP (Apple Filing Protocol) lets Macintosh workstations access and store files on OES 11 SP2

server without installing any additional software. The AFP software is installed as part of OES and

provides out-of-the-box network access. Join the Macintosh computer to your enterprise network to

access files on the OES server.

Novell AFP enables the Linux server to use the same protocol as the client workstation to copy,

create, delete, move, save, and open files on a Macintosh workstation.

Figure 1-1 Novell AFP Overview

Macintosh users can use Chooser or the Go menu to access network files and even create aliases. The

native protocols that run on a Linux server enable the users to seamlessly copy, delete, move, create,

save, and open network files—just like they do when they work locally.

Apple PC

OES

Apple PC Apple PC

AFPAFPAFP

AFP

10 OES 11 SP2: Novell AFP for Linux Administration Guide

AFP also provides integration with NetIQ eDirectory. Consolidation of user management through

eDirectory simplifies network administration. All users who need access to the network are

represented in eDirectory through user objects, which enables you to easily and effectively assign

trustee rights, control access, and manage all user objects from a single location on the network.

IMPORTANT: Novell AFP is currently supported only on the NSS file system. It can be used for

accessing files on NSS volumes.

1.1.1 AFP and Universal Password

Universal Password helps to manage password-based authentication schemes. Each AFP user must

be Universal Password enabled to be able to log in to the AFP server.

The Universal Password is not enabled by default.

For details on Universal Password, see Novell Password Management.

1.2 AFP Features and Capabilities

AFP has many features that can help you manage users, workstations, and networks.

 AFP parameter configuration and administration through iManager. For more information, see

Chapter 6, “Administering the AFP Server,” on page 27.

 Support for Macintosh OS 10.3 and later.

 Integration with NetIQ eDirectory.

 Migration capability from NetWare to SUSE Linux Enterprise Server. For more information, see

Chapter 7, “Migrating AFP to OES 11 SP2,” on page 39.

 Cross-protocol file locking support between AFP, CIFS, and NCP. For more information, see

“Configuring Cross-Protocol File Locks for NCP Server” in the OES 11 SP2: NCP Server for Linux

Administration Guide.

 Auditing support for file operations and changes to AFP configuration. For more information,

see Chapter 12, “Auditing the AFP Server,” on page 57.

 Support for using the Bonjour protocol for the AFP service discovery.

 Auditing and Monitoring support. The Auditing framework helps you to monitor the

authentication process and the Monitoring framework helps you assess the performance of the

AFP server. For more information, see Chapter 12, “Auditing the AFP Server,” on page 57 and

Chapter 11, “Monitoring the AFP Server,” on page 55.

 Support for Unicode filenames.

 Support for Universal Passwords longer than 8 characters.

 Clustering support for high availability. For more information, see Chapter 9, “Configuring AFP

with Novell Cluster Services for an NSS File System,” on page 43.

 Support for subtree searching. For more information, see Section 6.3.5, “Subtree Search,” on

page 32

1.3 Limitations

 If you restart eDirectory, ensure that you restart the AFP service by using the

rcnovell-afptcpd

restart

command or through iManager.

Overview of AFP 11

 The Total, Used, and Free spaces displayed by the client will be the total Volume quota. It does

not consider User and Directory quotas set.

For example, set 1 TB as Volume quota, 1 GB as User quota, and 100 GB as Directory quota. The

disk usage (Total space, Used space, and Free space) visible to the user is 1 TB (Volume Quota).

 The following table illustrates the limitations associated with using dot notation in login names.

1.4 What’s Next

For information on new features in this release of AFP see, Chapter 2, “What’s New or Changed in

AFP,” on page 13

Login with Example Supported

Dot in user name component juan.garcia Yes

Full context without dot in user

name component

juangarcia.users.novell Yes

Full context with dot in user name

component

juan.garcia.users.novell No

Partial context without dot in user

name component

juangarcia.users No

Partial context with dot in user

name component

juan.garcia.users No

12 OES 11 SP2: Novell AFP for Linux Administration Guide

2

What’s New or Changed in AFP 13

2

What’s New or Changed in AFP

This section describes enhancements and changes in Novell AFP since the initial release Novell Open

Enterprise Server (OES) 11.

 Section 2.1, “What’s New (OES 11 SP2),” on page 13

 Section 2.2, “What’s New or Changed in AFP (OES 11 SP1),” on page 13

 Section 2.3, “What’s New or Changed in AFP (OES 11),” on page 13

2.1 What’s New (OES 11 SP2)

The AFP service in OES 11 SP2 has been modified to run on 64-bit SUSE Linux Enterprise Server

(SLES) 11 SP3. In addition to bug fixes, OES 11 SP2 provides the following enhancements and

changes for AFP:

Managing AFP Services

novafp

- A new command line utility to configure, monitor, and manage the AFP service (

afptcpd

daemon). You can also monitor and manage the AFP service using the Manage AFP Services menu

option provided in NRM. For more information, see “AFP Monitoring and Management” in the OES

11 SP2: Novell AFP for Linux Administration Guide.

2.2 What’s New or Changed in AFP (OES 11 SP1)

Novell AFP in OES 11 SP1 has been modified to run on 64-bit SUSE Linux Enterprise Server (SLES) 11

SP2. In addition to bug fixes, Novell AFP provides the following enhancements and behavior

changes in the OES 11 SP1 release:

Subtree Search

Subtree search feature is introduced for searching AFP users in subtrees in eDirectory. For more

information, see Subtree Search in the OES11 SP1: Novell AFP Administration Guide.

2.3 What’s New or Changed in AFP (OES 11)

Mac clients(10.5.x or later versions) can authenticate to AFP server using DHX2 authentication

mechanism.

14 OES 11 SP2: Novell AFP for Linux Administration Guide

3

AFP Monitoring and Management 15

3

AFP Monitoring and Management

In the Novell Open Enterprise Server 11 SP2 release, the new command line novafp utility lets you

manage open files and AFP connections.

3.1 Overview of AFP Monitoring and Management

You can close connections that are stale and persistent. With the file monitoring options, you can

view details of open files and close open files within a volume, by connection, and file handles

associated with a file.

3.2 Using AFP Monitoring and Management

novafp - A command line utility to configure, monitor, and manage the AFP service (

afptcpd

daemon). To run the

novafp

utility from the command line, the user must log in as root.

To know more about various options provided, enter

man novafp

at the command prompt.

You can also monitor and manage AFP service using the Manage AFP Services menu option provided

in NRM.

3.3 Monitoring Connections

Table 3-1 Connection Monitoring command options

Option Description

-Cl, --Conn --list

Lists all active connections.

-C, --Conn Displays the consolidated list of active and expired

connections.

-Cn CONNECTION_ID, --Conn --connection

CONNECTION_ID

Displays details of the specified connection number.

The Privileges field displaying Supervisor for the

logged in user implies that the user has Supervisor

privileges for Entry Rights over NCP Server object.

The user with such privileges gets full access to all the

mounted volumes irrespective of user rights at file

system level.

16 OES 11 SP2: Novell AFP for Linux Administration Guide

By querying or listing all open connections you can find how many sessions are opened at any

moment. The details include session ID, client IP address, user name, user login time, consolidated

list of read/write requests, access mode, and total number of other requests received.

You can also drill down to extract per-connection details such as the group the user is a member of.

If the connections are stale and persistent, for example, and if there is no activity for a considerable

amount of time, this session occupies a considerable amount of memory. If this happens, you can

close the connection/session based on the qualitative analysis of various connection parameters

dumped by the new commands and options.

IMPORTANT: Closing a connection by using this utility can leave the associated open files in an

incomplete state, so use this command sparingly.

3.4 Monitoring Files

Table 3-2 File Monitoring command options

-Clx, --Conn --list --exp

Lists all expired connections.

A session is called an expired session if there is no

request/response packet flow (not even a keep-alive

request DSI Tickle) between the server and the client

for 2 minutes. Normally expired sessions are cleared

by the server at intervals specified by the

RECONNECT_PERIOD configuration parameter.

-Ccn CONNECTION_ID, --Conn --clear

CONNECTION_ID

Closes the connection with the specified connection

number.

Option Description

-Flv VOLUME_NAME, --Files --list --

volume VOLUME_NAME

Lists all open files by the specified volume.

NOTE: Listing all files on a volume is a time-

consuming operation if too many files are open, so use

this option sparingly.

-Fln CONNECTION_ID, --Files --list --

connection CONNECTION_ID

Lists files opened by the user session with the

specified connection number.

-Flp FILE_PATH, --Files --list --path

FILE_PATH

Lists users who opened the file with the specified file

path.

-FCv VOLUME_NAME, --Files --Close --

volume VOLUME_NAME

Closes all open files with the specified volume.

-FCn CONNECTION_ID, --Files --Close --

connection CONNECTION_ID

Closes the files opened by the user session with the

specified connection number.

-FCp FILE_PATH, --Files --Close --path

FILE_PATH

Closes the file with the specified file path.

-Vl, --Vols --list

Lists all AFP configured volumes.

AFP Monitoring and Management 17

You use the file listing options to view the following:

 All open files within a particular volume

 All open files by connection

 All users who have open file handles for a particular file

You use the file closing options to close the following:

 All open files within a particular volume

 All open files by a particular connection

 All open file handles associated with a particular file

If a user tries to perform any operation on an open file that was closed by using this utility, the

changes might appear next time the file is opened. This depends on the application. The data that

was saved before the file was closed will be intact.

IMPORTANT: This is not the recommended way to close files. It is provided as a tool to

administrators to force close open files.

3.5 Monitoring Configuration Parameters

Use the following commands to set a particular configuration parameter of AFP:

Table 3-3 Configuration Parameters Monitoring command options

-Va VOLUME_NAME:ALIAS_NAME, --Vols --add

VOLUME_NAME:ALIAS_NAME

Add or modify entries in volume configuration file. An

alias name is optional.

Option Description

-o, --conf-params

Lists all AFP configuration parameters.

If you change the AFP server parameters through

iManager, reload the AFP service by running

rcnovell-afptcpd reload

command before you

run

novafp -o

or

novafp --conf-params

command options.

--uam=cleartext|random|two-way|DHX|DHX2

Sets an authentication method. The default

authentication mode is DHX2.

--minthreads=NO_OF_THREADS

Sets the minimum number of threads that should be

set for the

afptcpd

daemon to start. The number

should be between 3 and 32. The default value is 3.

--maxthreads=NO_OF_THREADS

Sets the maximum number of threads. The number

should be between 4 and 512. The default value is 32.

--recon=NO_OF_MINUTES

Sets the number of minutes the AFP server waits

before attempting to reconnect. The minimum waiting

time is 2 minutes and can extend to 1440 minutes. The

default value is 1440 minutes.

18 OES 11 SP2: Novell AFP for Linux Administration Guide

--afp-version=2.2|3.0|3.1|ALL

Sets the AFP versions that the AFP server can

support. The default value is All.

-r all|default|no, --

rights=all|default|no

Sets the sharing rights. The default option is no.

--log=no|status|debug|error|all

Sets the log levels for the AFP server to log messages.

-g yes|no, --guest-login=yes|no

Allows guest login.

-U USER_NAME, --guest-user=USER_NAME

Sets a guest user name.

-w yes|no, --no-manage-world-

rights=yes|no

Enables or disables No Manage World Rights.

--audit=yes|no

Enables or disables the AFP server to audit and log

authentication process and configuration parameters

changes.

-e yes|no, --export-all-volumes=yes|no

Enables or disables NSS volume export.

-s yes|no, --subtree-search=yes|no

Enables or disables subtree search. By default, this

option is disabled.

Option Description

4

Planning and Implementing AFP 19

4

Planning and Implementing AFP

This section describes requirements and guidelines for using the Novell Apple Filing Protocol (AFP)

for Novell Open Enterprise Server (OES) 11 SP2.

 Section 4.1, “Supported Platforms,” on page 19

 Section 4.2, “Requirements,” on page 19

 Section 4.3, “Antivirus Support,” on page 20

 Section 4.4, “Unsupported Service Combinations,” on page 20

 Section 4.5, “What’s Next,” on page 20

4.1 Supported Platforms

Macintosh 10.3 or later

4.2 Requirements

 The install administrator must have Compare, Read, and Write right on ACL Attribute to add

the Common Proxy user as a trustee of AFP user contexts selected at the time of installation.

 The AFP proxy user must have inheritable Read and Compare rights on CN attribute of user

contexts.

 The AFP administrator must have Compare, Read, and Write rights on ACL Attribute of user

contexts being added for authentication.

 If your eDirectory replica is stored on an eDirectory server earlier than 8.8.3, make sure that you

upgrade the server by using the Security Services 2.0.6 patch.

 The AFP server requires at least one Read/Write replica in an eDirectory tree with NMAS

version 3.2 or later.

 Ensure that the Novell AFP NMAS method is installed and synchronized across the eDirectory

tree:

1. Install

novell-afp-nmasmethods.rpm

.

2. Execute the

/opt/novell/afptcpd/bin/install_afp_lsm.sh

script.

For more information on installing AFP NMAS methods during a new installation or an

upgrade , see Section 5.3, “Installing AFP NMAS Methods,” on page 24.

20 OES 11 SP2: Novell AFP for Linux Administration Guide

4.3 Antivirus Support

The Apple Filing Protocol (AFP) support for NSS files is implemented via a technology that bypasses

the real-time scanning employed by most OES antivirus solutions.

To protect NSS files that are shared through an AFP connection, set up an antivirus solution that

supports on-demand scanning on the OES 11 SP2 server, or real-time and on-demand scanning on

the Apple client. For information about antivirus solution providers for OES 11 SP2, see the Novell

Partner page (http://www.novell.com/products/openenterpriseserver/partners_communities.html).

4.4 Unsupported Service Combinations

Do not install any of the following service combinations on the same server with Novell AFP.

Although the combinations might not cause pattern conflict warnings, Novell does not support any

of the combinations shown.

 Netatalk

 Novell Domain Services for Windows

 Xen Virtual Machine Host Server

 DST Shadow Volumes

 DFS Junction

4.5 What’s Next

To proceed with installation of AFP, see Chapter 5, “Installing and Setting Up AFP,” on page 21.

Page is loading ...

Novell Open Enterprise Server 11 SP3 Administration Guide

Novell Open Enterprise Server 11 SP3 Administration Guide

Related papers

Other documents