4.2 Macintosh End User Tasks

When Novell Native File Access Protocols is properly configured, the Macintosh end users on your network will be able to perform the following tasks:

4.2.1 Accessing Network Files

Macintosh users can use Chooser to access files and directories each time they are required or they can create an alias on the desktop that is retained after rebooting.

  1. In Mac OS 8 or 9, click the Apple menu > Chooser > AppleTalk > Server IP Address.

    In Mac OS X, click Go > Connect to Server.

  2. Enter the IP address or DNS name of the NetWare® server, then click Connect.

  3. Enter the username and password, and then click Connect.

  4. Select a volume to be mounted on the desktop.

    Although you now have access to the files, mounting the volume to the desktop does not make it available after rebooting.

  5. (Optional) Create an alias to the desired volume or directory.

    Aliases are retained after rebooting.

    1. Click the NetWare server icon.

    2. Click File > Make Alias.

      The alias icon appears on the desktop.

4.2.2 Logging In to the Network As Guest

If the network administrator has set up the Guest User object account as described in Creating a Guest User Account, Macintosh users can log in to the network as Guest with no password required.

  1. In Mac OS 8 or 9, click the Apple menu > Chooser > AppleTalk > Server IP Address.

    In Mac OS X, click Go > Connect to Server.

  2. Type the IP address or DNS name of the NetWare server, then click Connect.

  3. Click Guest Login > Connect.

The Guest user has rights to access network resources as configured by the network administrator.

4.2.3 Changing Passwords from a Macintosh Computer

Macintosh users can change their passwords. When they change their simple password, their eDirectory password is automatically synchronized.

  1. In Mac OS 8 or 9, click the Apple menu > Chooser > AppleTalk > Server IP Address.

    In Mac OS X, click Go > Connect to Server.

  2. Type the IP address or DNS name of the NetWare server, then click Connect.

  3. Enter the username.

  4. Click Change Password.

  5. Type the old password and the new password, then click OK.

A maximum of eight characters is allowed for passwords. Passwords longer than eight characters are truncated to eight characters.

NOTE:Native File Access for Macintosh (AFP) software keeps the simple password and the NetWare passwords synchronized. In other words, when a Mac user changes either password using the native client software, password synchronization is automatic and transparent.

4.2.4 Assigning Rights and Sharing Files from a Macintosh Computer

Although using iManager or ConsoleOne from the Administrator workstation is the recommended method for managing rights, Macintosh users have some file sharing and management capability using Chooser.

For more information on how to use ConsoleOne to set up and manage rights, see the ConsoleOne 1.3.x User Guide or view the ConsoleOne Online Help.

For more information on how to use iManager to set up and manage rights, see the Novell iManager 2.5 Administration Guide.

NetWare Rights versus Macintosh Rights

Using Chooser to access network files and folders is fairly consistent with the Macintosh environment, but there are some differences between NetWare and Macintosh file sharing. Macintosh users can view the sharing information about specific folders by clicking Get Info/Sharing.

Inherited Rights and Explicit Rights

The Macintosh file system uses either inherited rights (which use the enclosing folder's privileges) or explicit rights (which assign rights to a group or user). A folder in the Macintosh file system cannot have both inherited and explicit rights.

NetWare uses both inherited and explicit rights to determine the actual rights that a user has. NetWare allows a folder (or directory) to hold file rights for multiple groups and users. Because of these differences, Macintosh users will find that access rights to folders and files might function differently than expected.

NetWare uses inherited rights, so the Macintosh Use Enclosing Folder’s Privileges option is automatically turned off. When a Macintosh user views the Get Info/Sharing dialog box for a NetWare folder, only the User/Group assignments are visible if there is an explicit assignment on the folder. If the NetWare folder inherits User/Group rights from a parent group or container, those rights are not displayed in the dialog box, nor will there be any indication that the folder is inheriting rights from a group or container.

Owner, User/Group, and Everyone Rights

Because NetWare allows multiple groups and users to have rights to a single folder, users are not able to delete rights assignments using the Apple Macintosh interface. Users can add assignments to allow basic file sharing, but more complex rights administration must be done using the NetWare utilities such as ConsoleOne.When specifying Owners, Users, and Groups, there is no way to select from current groups. You must enter the correct NetWare name and context (fully distinguished eDirectory name).

HINT:No context is required if the context is specified in the context search file.

Owner Rights

In the Apple File Sharing environment, an owner is a user who can change access rights. In the NetWare environment, users can change access rights if they have been granted the Access Control right for the folder. In NetWare, an owner means the one who created the file. A NetWare owner has no rights by virtue of ownership. In the NetWare environment, the owner is the current user if he has access control rights to the folder.

If the user does not have access control rights, the NetWare owner will be shown if the NetWare owner is not the current user. If the current user does not have rights to change access and is also the NetWare owner, a message to "Use NetWare Utility" is displayed in the Owner field.

In Apple File Sharing, there can be more than one owner. If you change the owner, access control rights are added to the new owner, but are not removed from the current owner. In NetWare, there are two ways to have access control rights: 1) have the Access Control right and 2) have the Supervisor right. Adding a new owner only adds the Access Control right, not the Supervisor right. If the current owner already has the Supervisor right through other NetWare utilities, that right will remain. The Supervisor right also gives full file access rights. This means that if you are the current user and have the Supervisor right, you also have read/write access and you cannot change those rights.

Display only allows for one owner. If multiple users have file access rights, only the current user is shown in the Owner field. This means you could change the owner (which in NetWare simply means adding the Access Control right to the new user) and when you open the file sharing dialog box again, you will be listed as the owner, even though you have just given ownership or the Access Control right to someone else.

User / Group

Only one user/group can be displayed for a folder, although NetWare allows multiple users and groups to be assigned file access rights. If both users and groups have access to a NetWare folder, groups are displayed before users. The group with the most access rights is preferred over groups with lesser access rights. Only users or groups with explicit rights (not inherited rights) are shown in the User/Group field. Users and groups with inherited rights are not shown in the dialog box, nor is there any indication that there are users and groups with inherited rights.

Adding a group or user does not remove the current group or user; it simply adds the rights to the group or user specified. If the user enters the wrong user or group name, the user gets no feedback. If multiple users or groups are assigned to the folder, it is possible that the user is unable to see the user or group that was just assigned. It could be very difficult to know if the rights assignment worked or not.

Rights set through this interface are inherited by the folder’s subfolders. It is impossible to manage all inherited rights from the Macintosh interface. (Although not recommended, you could set the inherited rights filters from the NetWare utilities to turn off inherited rights.)

Everyone

Assignment of rights to Everyone acts like the Macintosh user expects, with the exception that Everyone’s rights are inherited. In NetWare, the object that represents the rights of any authenticated user is used to set Everyone’s rights. Everyone’s rights can change from folder to folder, but once they are set, they are inherited by subfolders.