Novell Open Enterprise Server 11 SP3 Administration Guide

Category
Software manuals
Type
Administration Guide
www.novell.com/documentation
Novell Apple Filing Protocol for Linux
Administration Guide
Open Enterprise Server 11 SP2
January 2014
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically
disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any
person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any
express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right
to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of
such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade
laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or
classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S.
export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use
deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade
Services Web page (http://www.novell.com/company/legal/exports/) for more information on exporting Novell software.
Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2005-2014 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on
a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc.
1800 South Novell Place
Provo, UT 84606
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see the Novell
Documentation Web page (http://www.novell.com/documentation/oes11).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/trademarks/
tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
Contents 3
Contents
About This Guide 7
1 Overview of AFP 9
1.1 Understanding AFP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
1.1.1 AFP and Universal Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
1.2 AFP Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
1.3 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
1.4 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
2 What’s New or Changed in AFP 13
2.1 What’s New (OES 11 SP2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2 What’s New or Changed in AFP (OES 11 SP1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
2.3 What’s New or Changed in AFP (OES 11) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
3 AFP Monitoring and Management 15
3.1 Overview of AFP Monitoring and Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
3.2 Using AFP Monitoring and Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
3.3 Monitoring Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
3.4 Monitoring Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
3.5 Monitoring Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
4 Planning and Implementing AFP 19
4.1 Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
4.2 Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
4.3 Antivirus Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
4.4 Unsupported Service Combinations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
4.5 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
5 Installing and Setting Up AFP 21
5.1 Installing AFP during OES 11 SP2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.2 Installing AFP after OES 11 SP2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
5.3 Installing AFP NMAS Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
5.3.1 Installing AFP NAMS Methods during a New Installation . . . . . . . . . . . . . . . . . . . . . . . . . .24
5.3.2 Installing AFP NAMS during an Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
5.3.3 Installing Patches for the AFP NMAS Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
5.4 Verifying the Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.4.1 Checking Files and Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
5.4.2 Verifying LSM Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.5 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
6 Administering the AFP Server 27
6.1 Prerequisite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
6.2 Selecting a Server to Manage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
4 OES 11 SP2: Novell AFP for Linux Administration Guide
6.3 Configuring General Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
6.3.1 Security and Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
6.3.2 Threads and Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
6.3.3 Version and Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
6.3.4 Other . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
6.3.5 Subtree Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
6.3.6 Rights to a File or Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
6.4 Configuring Volume Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
6.4.1 Adding a New Volume Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
6.4.2 Editing an Existing Volume Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
6.4.3 Deleting a Volume Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
6.4.4 Resetting the Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
6.5 Configuring Context Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
6.5.1 Adding a Context. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
6.5.2 Removing a Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
7 Migrating AFP to OES 11 SP2 39
8 Running AFP in a Virtualized Environment 41
9 Configuring AFP with Novell Cluster Services for an NSS File System 43
9.1 Benefits of Configuring AFP for High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
9.2 Volumes in a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
9.2.1 Volume Name Management in a Cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
9.3 Configuring AFP in a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
9.3.1 Identifying the Nodes to Host the AFP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
9.3.2 Installing Novell Cluster Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
9.3.3 Creating Shared NSS Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
9.3.4 Configuring the Monitoring Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
9.3.5 Reviewing Load and Unload Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
10 Working with Macintosh Computers 49
10.1 Administrator Tasks for Macintosh. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
10.1.1 Configuring a Guest User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
10.1.2 Editing the Volume File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
10.1.3 Editing the Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
10.2 Macintosh End User Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
10.2.1 Accessing Network Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
10.2.2 Logging In to the Network as a Guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
10.2.3 Changing Passwords from a Macintosh Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
10.2.4 Changing Expired Passwords from a Macintosh Computer . . . . . . . . . . . . . . . . . . . . . . . .52
10.2.5 Assigning Rights and Sharing Files from a Macintosh Computer . . . . . . . . . . . . . . . . . . . .52
11 Monitoring the AFP Server 55
11.1 Understanding the Monitoring Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
11.2 Enabling Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
11.3 Viewing Logs through iManager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
11.4 Understanding Performance Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
12 Auditing the AFP Server 57
12.1 Understanding the Auditing Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
12.2 Enabling Auditing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Contents 5
12.3 Viewing Auditing Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
13 Troubleshooting AFP 59
13.1 Known Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
13.1.1 Owner’s Name Not Displayed in the Macintosh Client . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
13.1.2 File Level Trustees Are Deleted When a File is Modified . . . . . . . . . . . . . . . . . . . . . . . . . .59
13.2 AFP Login Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
13.2.1 Cannot See the Login Dialog Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
13.2.2 AFP User Login to a Macintosh 10.5 Client Fails With a “Connection Failed” Error . . . . . . 60
13.2.3 Invalid Username and Password Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
13.2.4 Cleartext Authentication Fails on Mac Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
13.2.5 One-Way or Two-Way Random Exchange Authentication Fails on Mac Clients. . . . . . . . .61
13.2.6 Enabling Authentication Mechanisms for a Mac 10.7 Client . . . . . . . . . . . . . . . . . . . . . . . .61
13.3 Starting the AFP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
13.3.1 Starting the AFP Daemon Failed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
13.4 File Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
13.4.1 Failure to Create a File on a Macintosh Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
13.5 Displaying Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
13.5.1 Volumes Tab on a Macintosh 10.4 Client Displays an Empty Volume List . . . . . . . . . . . . .62
13.6 Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
13.6.1 NWDSResolveName failed to resolve supplied name <user name>. . . . . . . . . . . . . . . . . .62
13.6.2 zOpen on volume <VOLUME_NAME> failed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
13.6.3 zAFPCountByScanDir: scandir failed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
13.7 AFP Server Responds Slowly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
13.8 Operation Fails When a Macintosh Client Mounts an NSS Volume and Opens Files . . . . . . . . . . .63
13.9 Hard Links are Broken When Files Are Accessed from an AFP Mount Point . . . . . . . . . . . . . . . . . .63
13.10 AFP Subtree Search Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
13.11 Cannot Access an AFP Share by Using an Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
14 Security Guidelines for AFP 65
14.1 Recommended Authentication Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
14.2 Storing Credentials. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
14.3 Intruder Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
14.4 Timeout Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
A Command Line Utilities for AFP 67
A.1 afpdtreset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
A.2 afpstat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
A.3 afptcpd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
A.4 afpbind . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
A.5 afpnames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
A.6 migafp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
B Comparing AFP on NetWare and AFP on Linux 71
C Documentation Updates 73
C.1 January 2014 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
C.2 April 2012 (OES 11 SP1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
6 OES 11 SP2: Novell AFP for Linux Administration Guide
About This Guide 7
About This Guide
This guide describes how to use the Novell Apple Filing Protocol (AFP) service on a Novell Open
Enterprise 11 SP2 server to access and manage Macintosh systems.
This guide is divided into the following sections:
Chapter 1, “Overview of AFP,” on page 9
Chapter 2, “What’s New or Changed in AFP,” on page 13
Chapter 3, “AFP Monitoring and Management,” on page 15
Chapter 4, “Planning and Implementing AFP,” on page 19
Chapter 5, “Installing and Setting Up AFP,” on page 21
Chapter 6, “Administering the AFP Server,” on page 27
Chapter 7, “Migrating AFP to OES 11 SP2,” on page 39
Chapter 8, “Running AFP in a Virtualized Environment,” on page 41
Chapter 9, “Configuring AFP with Novell Cluster Services for an NSS File System,” on page 43
Chapter 10, “Working with Macintosh Computers,” on page 49
Chapter 11, “Monitoring the AFP Server,” on page 55
Chapter 12, “Auditing the AFP Server,” on page 57
Chapter 13, “Troubleshooting AFP,” on page 59
Chapter 14, “Security Guidelines for AFP,” on page 65
Appendix A, “Command Line Utilities for AFP,” on page 67
Appendix B, “Comparing AFP on NetWare and AFP on Linux,” on page 71
Appendix C, “Documentation Updates,” on page 73
Audience
This document is intended for network administrators. It is not intended for users of the network.
Documentation Updates
For the most recent version of the Novell AFP for Linux Administration Guide, see the Novell Open
Enterprise Server 11 documentation.
Feedback
We want to hear your comments and suggestions about this guide and the other documentation
included with Novell OES. Please use the User Comment feature at the bottom of each page of the
OES 11 SP2 online documentation.
8 OES 11 SP2: Novell AFP for Linux Administration Guide
1
Overview of AFP 9
1
Overview of AFP
Novell Apple Filing Protocol (AFP) for Linux operating systems is provided with Novell Open
Enterprise Server (OES) 2 SP1 and later versions. AFP is a network protocol that offers file services
for Macintosh clients. OES 11 SP2 currently supports AFP version 3.1.
Section 1.1, “Understanding AFP,” on page 9
Section 1.2, “AFP Features and Capabilities,” on page 10
Section 1.3, “Limitations,” on page 10
Section 1.4, “What’s Next,” on page 11
1.1 Understanding AFP
Novell AFP (Apple Filing Protocol) lets Macintosh workstations access and store files on OES 11 SP2
server without installing any additional software. The AFP software is installed as part of OES and
provides out-of-the-box network access. Join the Macintosh computer to your enterprise network to
access files on the OES server.
Novell AFP enables the Linux server to use the same protocol as the client workstation to copy,
create, delete, move, save, and open files on a Macintosh workstation.
Figure 1-1 Novell AFP Overview
Macintosh users can use Chooser or the Go menu to access network files and even create aliases. The
native protocols that run on a Linux server enable the users to seamlessly copy, delete, move, create,
save, and open network files—just like they do when they work locally.
Apple PC
OES
Apple PC Apple PC
AFPAFPAFP
AFP
10 OES 11 SP2: Novell AFP for Linux Administration Guide
AFP also provides integration with NetIQ eDirectory. Consolidation of user management through
eDirectory simplifies network administration. All users who need access to the network are
represented in eDirectory through user objects, which enables you to easily and effectively assign
trustee rights, control access, and manage all user objects from a single location on the network.
IMPORTANT: Novell AFP is currently supported only on the NSS file system. It can be used for
accessing files on NSS volumes.
1.1.1 AFP and Universal Password
Universal Password helps to manage password-based authentication schemes. Each AFP user must
be Universal Password enabled to be able to log in to the AFP server.
The Universal Password is not enabled by default.
For details on Universal Password, see Novell Password Management.
1.2 AFP Features and Capabilities
AFP has many features that can help you manage users, workstations, and networks.
AFP parameter configuration and administration through iManager. For more information, see
Chapter 6, “Administering the AFP Server,” on page 27.
Support for Macintosh OS 10.3 and later.
Integration with NetIQ eDirectory.
Migration capability from NetWare to SUSE Linux Enterprise Server. For more information, see
Chapter 7, “Migrating AFP to OES 11 SP2,” on page 39.
Cross-protocol file locking support between AFP, CIFS, and NCP. For more information, see
Configuring Cross-Protocol File Locks for NCP Server” in the OES 11 SP2: NCP Server for Linux
Administration Guide.
Auditing support for file operations and changes to AFP configuration. For more information,
see Chapter 12, “Auditing the AFP Server,” on page 57.
Support for using the Bonjour protocol for the AFP service discovery.
Auditing and Monitoring support. The Auditing framework helps you to monitor the
authentication process and the Monitoring framework helps you assess the performance of the
AFP server. For more information, see Chapter 12, “Auditing the AFP Server,” on page 57 and
Chapter 11, “Monitoring the AFP Server,” on page 55.
Support for Unicode filenames.
Support for Universal Passwords longer than 8 characters.
Clustering support for high availability. For more information, see Chapter 9, “Configuring AFP
with Novell Cluster Services for an NSS File System,” on page 43.
Support for subtree searching. For more information, see Section 6.3.5, “Subtree Search,” on
page 32
1.3 Limitations
If you restart eDirectory, ensure that you restart the AFP service by using the
rcnovell-afptcpd
restart
command or through iManager.
Overview of AFP 11
The Total, Used, and Free spaces displayed by the client will be the total Volume quota. It does
not consider User and Directory quotas set.
For example, set 1 TB as Volume quota, 1 GB as User quota, and 100 GB as Directory quota. The
disk usage (Total space, Used space, and Free space) visible to the user is 1 TB (Volume Quota).
The following table illustrates the limitations associated with using dot notation in login names.
1.4 What’s Next
For information on new features in this release of AFP see, Chapter 2, “What’s New or Changed in
AFP,” on page 13
Login with Example Supported
Dot in user name component juan.garcia Yes
Full context without dot in user
name component
juangarcia.users.novell Yes
Full context with dot in user name
component
juan.garcia.users.novell No
Partial context without dot in user
name component
juangarcia.users No
Partial context with dot in user
name component
juan.garcia.users No
12 OES 11 SP2: Novell AFP for Linux Administration Guide
2
What’s New or Changed in AFP 13
2
What’s New or Changed in AFP
This section describes enhancements and changes in Novell AFP since the initial release Novell Open
Enterprise Server (OES) 11.
Section 2.1, “What’s New (OES 11 SP2),” on page 13
Section 2.2, “What’s New or Changed in AFP (OES 11 SP1),” on page 13
Section 2.3, “What’s New or Changed in AFP (OES 11),” on page 13
2.1 What’s New (OES 11 SP2)
The AFP service in OES 11 SP2 has been modified to run on 64-bit SUSE Linux Enterprise Server
(SLES) 11 SP3. In addition to bug fixes, OES 11 SP2 provides the following enhancements and
changes for AFP:
Managing AFP Services
novafp
- A new command line utility to configure, monitor, and manage the AFP service (
afptcpd
daemon). You can also monitor and manage the AFP service using the Manage AFP Services menu
option provided in NRM. For more information, see “AFP Monitoring and Management” in the OES
11 SP2: Novell AFP for Linux Administration Guide.
2.2 What’s New or Changed in AFP (OES 11 SP1)
Novell AFP in OES 11 SP1 has been modified to run on 64-bit SUSE Linux Enterprise Server (SLES) 11
SP2. In addition to bug fixes, Novell AFP provides the following enhancements and behavior
changes in the OES 11 SP1 release:
Subtree Search
Subtree search feature is introduced for searching AFP users in subtrees in eDirectory. For more
information, see Subtree Search in the OES11 SP1: Novell AFP Administration Guide.
2.3 What’s New or Changed in AFP (OES 11)
Mac clients(10.5.x or later versions) can authenticate to AFP server using DHX2 authentication
mechanism.
14 OES 11 SP2: Novell AFP for Linux Administration Guide
3
AFP Monitoring and Management 15
3
AFP Monitoring and Management
In the Novell Open Enterprise Server 11 SP2 release, the new command line novafp utility lets you
manage open files and AFP connections.
3.1 Overview of AFP Monitoring and Management
You can close connections that are stale and persistent. With the file monitoring options, you can
view details of open files and close open files within a volume, by connection, and file handles
associated with a file.
3.2 Using AFP Monitoring and Management
novafp - A command line utility to configure, monitor, and manage the AFP service (
afptcpd
daemon). To run the
novafp
utility from the command line, the user must log in as root.
To know more about various options provided, enter
man novafp
at the command prompt.
You can also monitor and manage AFP service using the Manage AFP Services menu option provided
in NRM.
3.3 Monitoring Connections
Table 3-1 Connection Monitoring command options
Option Description
-Cl, --Conn --list
Lists all active connections.
-C, --Conn Displays the consolidated list of active and expired
connections.
-Cn CONNECTION_ID, --Conn --connection
CONNECTION_ID
Displays details of the specified connection number.
The Privileges field displaying Supervisor for the
logged in user implies that the user has Supervisor
privileges for Entry Rights over NCP Server object.
The user with such privileges gets full access to all the
mounted volumes irrespective of user rights at file
system level.
16 OES 11 SP2: Novell AFP for Linux Administration Guide
By querying or listing all open connections you can find how many sessions are opened at any
moment. The details include session ID, client IP address, user name, user login time, consolidated
list of read/write requests, access mode, and total number of other requests received.
You can also drill down to extract per-connection details such as the group the user is a member of.
If the connections are stale and persistent, for example, and if there is no activity for a considerable
amount of time, this session occupies a considerable amount of memory. If this happens, you can
close the connection/session based on the qualitative analysis of various connection parameters
dumped by the new commands and options.
IMPORTANT: Closing a connection by using this utility can leave the associated open files in an
incomplete state, so use this command sparingly.
3.4 Monitoring Files
Table 3-2 File Monitoring command options
-Clx, --Conn --list --exp
Lists all expired connections.
A session is called an expired session if there is no
request/response packet flow (not even a keep-alive
request DSI Tickle) between the server and the client
for 2 minutes. Normally expired sessions are cleared
by the server at intervals specified by the
RECONNECT_PERIOD configuration parameter.
-Ccn CONNECTION_ID, --Conn --clear
CONNECTION_ID
Closes the connection with the specified connection
number.
Option Description
Option Description
-Flv VOLUME_NAME, --Files --list --
volume VOLUME_NAME
Lists all open files by the specified volume.
NOTE: Listing all files on a volume is a time-
consuming operation if too many files are open, so use
this option sparingly.
-Fln CONNECTION_ID, --Files --list --
connection CONNECTION_ID
Lists files opened by the user session with the
specified connection number.
-Flp FILE_PATH, --Files --list --path
FILE_PATH
Lists users who opened the file with the specified file
path.
-FCv VOLUME_NAME, --Files --Close --
volume VOLUME_NAME
Closes all open files with the specified volume.
-FCn CONNECTION_ID, --Files --Close --
connection CONNECTION_ID
Closes the files opened by the user session with the
specified connection number.
-FCp FILE_PATH, --Files --Close --path
FILE_PATH
Closes the file with the specified file path.
-Vl, --Vols --list
Lists all AFP configured volumes.
AFP Monitoring and Management 17
You use the file listing options to view the following:
All open files within a particular volume
All open files by connection
All users who have open file handles for a particular file
You use the file closing options to close the following:
All open files within a particular volume
All open files by a particular connection
All open file handles associated with a particular file
If a user tries to perform any operation on an open file that was closed by using this utility, the
changes might appear next time the file is opened. This depends on the application. The data that
was saved before the file was closed will be intact.
IMPORTANT: This is not the recommended way to close files. It is provided as a tool to
administrators to force close open files.
3.5 Monitoring Configuration Parameters
Use the following commands to set a particular configuration parameter of AFP:
Table 3-3 Configuration Parameters Monitoring command options
-Va VOLUME_NAME:ALIAS_NAME, --Vols --add
VOLUME_NAME:ALIAS_NAME
Add or modify entries in volume configuration file. An
alias name is optional.
Option Description
Option Description
-o, --conf-params
Lists all AFP configuration parameters.
If you change the AFP server parameters through
iManager, reload the AFP service by running
rcnovell-afptcpd reload
command before you
run
novafp -o
or
novafp --conf-params
command options.
--uam=cleartext|random|two-way|DHX|DHX2
Sets an authentication method. The default
authentication mode is DHX2.
--minthreads=NO_OF_THREADS
Sets the minimum number of threads that should be
set for the
afptcpd
daemon to start. The number
should be between 3 and 32. The default value is 3.
--maxthreads=NO_OF_THREADS
Sets the maximum number of threads. The number
should be between 4 and 512. The default value is 32.
--recon=NO_OF_MINUTES
Sets the number of minutes the AFP server waits
before attempting to reconnect. The minimum waiting
time is 2 minutes and can extend to 1440 minutes. The
default value is 1440 minutes.
18 OES 11 SP2: Novell AFP for Linux Administration Guide
--afp-version=2.2|3.0|3.1|ALL
Sets the AFP versions that the AFP server can
support. The default value is All.
-r all|default|no, --
rights=all|default|no
Sets the sharing rights. The default option is no.
--log=no|status|debug|error|all
Sets the log levels for the AFP server to log messages.
-g yes|no, --guest-login=yes|no
Allows guest login.
-U USER_NAME, --guest-user=USER_NAME
Sets a guest user name.
-w yes|no, --no-manage-world-
rights=yes|no
Enables or disables No Manage World Rights.
--audit=yes|no
Enables or disables the AFP server to audit and log
authentication process and configuration parameters
changes.
-e yes|no, --export-all-volumes=yes|no
Enables or disables NSS volume export.
-s yes|no, --subtree-search=yes|no
Enables or disables subtree search. By default, this
option is disabled.
Option Description
4
Planning and Implementing AFP 19
4
Planning and Implementing AFP
This section describes requirements and guidelines for using the Novell Apple Filing Protocol (AFP)
for Novell Open Enterprise Server (OES) 11 SP2.
Section 4.1, “Supported Platforms,” on page 19
Section 4.2, “Requirements,” on page 19
Section 4.3, “Antivirus Support,” on page 20
Section 4.4, “Unsupported Service Combinations,” on page 20
Section 4.5, “What’s Next,” on page 20
4.1 Supported Platforms
Macintosh 10.3 or later
4.2 Requirements
The install administrator must have Compare, Read, and Write right on ACL Attribute to add
the Common Proxy user as a trustee of AFP user contexts selected at the time of installation.
The AFP proxy user must have inheritable Read and Compare rights on CN attribute of user
contexts.
The AFP administrator must have Compare, Read, and Write rights on ACL Attribute of user
contexts being added for authentication.
If your eDirectory replica is stored on an eDirectory server earlier than 8.8.3, make sure that you
upgrade the server by using the Security Services 2.0.6 patch.
The AFP server requires at least one Read/Write replica in an eDirectory tree with NMAS
version 3.2 or later.
Ensure that the Novell AFP NMAS method is installed and synchronized across the eDirectory
tree:
1. Install
novell-afp-nmasmethods.rpm
.
2. Execute the
/opt/novell/afptcpd/bin/install_afp_lsm.sh
script.
For more information on installing AFP NMAS methods during a new installation or an
upgrade , see Section 5.3, “Installing AFP NMAS Methods,” on page 24.
20 OES 11 SP2: Novell AFP for Linux Administration Guide
4.3 Antivirus Support
The Apple Filing Protocol (AFP) support for NSS files is implemented via a technology that bypasses
the real-time scanning employed by most OES antivirus solutions.
To protect NSS files that are shared through an AFP connection, set up an antivirus solution that
supports on-demand scanning on the OES 11 SP2 server, or real-time and on-demand scanning on
the Apple client. For information about antivirus solution providers for OES 11 SP2, see the Novell
Partner page (http://www.novell.com/products/openenterpriseserver/partners_communities.html).
4.4 Unsupported Service Combinations
Do not install any of the following service combinations on the same server with Novell AFP.
Although the combinations might not cause pattern conflict warnings, Novell does not support any
of the combinations shown.
Netatalk
Novell Domain Services for Windows
Xen Virtual Machine Host Server
DST Shadow Volumes
DFS Junction
4.5 What’s Next
To proceed with installation of AFP, see Chapter 5, “Installing and Setting Up AFP,” on page 21.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74

Novell Open Enterprise Server 11 SP3 Administration Guide

Category
Software manuals
Type
Administration Guide

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI