Giving Users Access to "Public" Programs Without Requiring Authentication
Novell Cool Solutions: Trench
By Mike Farrell
Digg This -
Posted: 15 Sep 2004
Ever have a situation where you must deploy a product that needs to send information back to a secure location, and users don't necessarily authenticate to anything? I did. (Using an open win2000 share is not allowed and dreadfully slow as well.)
Enter NetWare 6's Native File Access Protocol! Wonderful thing! To keep it short, if a directory on a volume needs to be accessed by all without user intervention, "Public" can have full rights to this folder. We all know this right? Of course we do.
Next, let's say that you need to run a program that scans each workstation for hardware, software, etc. (and you're unfortunate enough not to be using ZENworks), and that after the scan a result file needs to be sent back to a central repository. This is where the brilliance of NW6x comes in. The repository as mentioned before is our folder that the general "Public" can write to and read from. If the workstation has the NetWare client installed, the system will recognize it as being part of the general public. The client gives us the very basic authentication required for this task. It also connects through port 524, which is not typically blocked by firewalls. Hence, the result file will make it to your repository. Think of how mail works. The only difference is that the "Public" must have almost full privileges in order for the software to do what it needs to with the designated folder.
What if there is no client installed? Not a problem if you can write a script or a batch file to use some NETBIOS commands. If NETBIOS isn't entirely blocked at the Firewall level, then authentication can take place to the NW6x box. The good thing is that once authenticated, the connections are handled through ports 1038 and 1039 (if memory serves me correctly). Regardless, they're not handled through 137-139, the bad ones. Gotta love the fact that NW6x mimics a domain very well. See the examples below. This is the most flexible NOS ever! It definitely bridges the gap between mixed environments.
If you're dealing with multiple NDS /or eDirectory trees across the nation on your network, this should help you deploy whatever it is that you're trying to deploy.
Batch file: IF NOT EXIST C:\WINNT\SYSTEM32\LOGINW32.EXE GOTO NT ( )ELSE( GOTO START :START \\SERVERIP\VOLUME\NAME OF EXECUTABLE OR BATCH FILE EXIT :NT NET USE /USER:USERNAME \\SERVERIP\VOLUME\NAME OF EXECUTABLE OR BATCH FILE password ( exit
This is a very basic example of what I had to create to determine if the workstation had the NetWare client installed or not. The "IF NOT EXIST" command works much better than the "IF EXIST" command. You have to add at least three more lines to the initial portion to compensate for Win98 - WinXP.
Now, if you do not need to write the batch file because your users are actually logging into some sort of NetWare box, you can skip most of the DOS commands above. The flexibility of the NetWare login script is a beautiful thing. Notice the "Net use" commands in the second portion. It won't work with Win98 though. If the workstation is Win98 and is logging into a NetWare box, definitely use "IF OS = WIN95 OR WIN98" in the login script.
I've written this because believe it or not, there are environments that have individuals that skip the login process daily. Or, there is nothing to login to. Obviously my department is quickly changing this. This is also being written because I want to demonstrate that there are multiple ways to deploy something if your resources are sadly short.
Hope this helps someone out there. Cheers!
If you have any questions you may contact Mike at firstname.lastname@example.org
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com