4.1 Administrator Tasks for Native File Access for Macintosh Services

Native File Access for Macintosh provides several ways to simplify your administration tasks and customize how Macintosh workstations interact with the network. Tasks and issues to:

4.1.1 Creating Simple Passwords for Several Macintosh Users

You can create simple passwords for users one at a time using iManager or ConsoleOne®. The process for creating simple passwords is the same for Macintosh and Windows users. See Two Methods for Creating Simple Passwords for Windows Users for instructions on creating simple passwords.

If you want to create passwords for several Macintosh users at once, you can add the CLEARTEXT option to the LOAD AFPTCP command at the server console. For example:

LOAD AFPTCP CLEARTEXT

When the CLEARTEXT option is added to the AFPTCP command, users logging in to the server from a Macintosh workstation are prompted to provide their eDirectory® username and eDirectory password. After the eDirectory password is verified, a simple password is automatically created and stored in eDirectory. The simple password is the same as the eDirectory password.

The CLEARTEXT option is meant to be a temporary way to create simple passwords for many Macintosh users. After Macintosh users have created simple passwords, the AFPTCP NLM™ should be loaded without the CLEARTEXT option.

WARNING:The CLEARTEXT option allows unencrypted passwords to be sent over the network. If you are concerned about someone capturing your password over the network, you should not use this option. Instead, you should manage passwords using ConsoleOne on the Administrator workstation.

4.1.2 Enabling and Disabling AFP

Administrators can enable or disable AFP on NetWare servers using iManager. AFP is enabled by default when NetWare 6.5 is installed.

  1. In a Web browser, enter the following in the address (URL) field:

    http://server's_IP_address/nps/iManager.html
    

    For example:

    http://111.65.135.150/nps/iManager.html
    
  2. At the login prompt, enter the server administrator username and password.

  3. In the left frame, click File Protocols, then click Enable / Disable AFP.

  4. Type the NetWare server name where you want to enable or disable AFP, or browse and select it.

  5. Select or Deselect the AFP check box to enable or disable AFP.

  6. Click Apply to save your changes.

4.1.3 Enabling and Disabling Delete Inhibit Emulation

Prior to NetWare 6.5 Support Pack 6, if the delete inhibit attribute was set on a directory such as a home directory, AFPTCP.NLM would by default send that information to MAC clients. The MAC OS 10.4.6 client would then enforce that attribute on the files contained within that directory. This resulted in users not being able to delete or rename files in their own home directory.

A new command line switch was added for AFPTCP called DeleteInhibitEmulation. The default if you do not specifiy this switch when loading AFPTCP.NLM is that AFPTCP does not send delete inhibit or rename inhibit information back to MAC clients. The Delete Inhibit and Rename Inhibit attributes are not enforced on MAC clients without this switch.

To have the Delete Inhibit and Rename Inhibit attributes enforced on MAC clients, load AFPTCP.NLM on the server using the following command:

load afttcp deleteinhibitemulation

You can also unload and reload AFPTCP.NLM without the switch to disable this functionality after enabling it.

4.1.4 Editing the Context Search File

A context search file allows Macintosh users to log in to the network without specifying their full context. The context search file contains a list of contexts that are searched when no context is provided or the object cannot be found in the provided context. When the Macintosh user enters a username, the server searches through each context in the list until it finds the correct User object.

Macintosh allows only 31 characters for the username. If the full eDirectory context and username are longer than 31 characters, you must use a search list to provide access.

HINT:Macintosh users do not need to enter a context or have an entry in the context search file if their User objects are placed in the same container as the Server object.

If User objects with the same name exist in different contexts, the first one in the context search list will be used.

To edit the context search file, do the following:

  1. Using any text editor, edit the ctxs.cfg file stored in the sys:\etc directory of the server running Novell Native File Access Protocols.

  2. On separate lines, enter the contexts to search.

    For example, if you had users with full eDirectory distinguished names such as Robert.sales.acme, Maria.graphics.marketing.acme, Sophia.graphics.marketing, and Ivan.marketing.acme, then you would enter the following contexts to the ctxs.cfg file:

    • sales.acme
    • graphics.marketing.acme
    • marketing.acme
  3. Save the file in the sys:\etc directory.

    The file is read the next time a Macintosh user logs in.

When Macintosh users log in, they enter only a username and a password. The system finds the User object in the context specified in the ctxs.cfg file.

4.1.5 Creating a Guest User Account

Novell Native File Access Protocols let you create a Guest User object. Macintosh users are accustomed to being able to log in as Guest with no password required.

  1. From the Administrator Workstation, use ConsoleOne to create a User object named Guest.

  2. Determine and assign the appropriate rights to the Guest object by double-clicking the Guest object and then clicking Rights to Files and Folders.

  3. Remove the ability for the user to change the password by clicking Restrictions and then unchecking Allow User to Change Password.

  4. Enable the Guest account by adding the full eDirectory context of the Guest object to the context search file as described in Editing the Context Search File.

  5. Unload and reload the afptcp.nlm program with the GUESToption to make the Guest button available on the login screen.

Any Macintosh user can now log in as Guest with no password and receive the access rights assigned to the Guest object.

4.1.6 Renaming Volumes

Volumes can be renamed so that they appear in Chooser under a different name.

  1. Using any text editor, create a file named afpvol.cfg.

  2. On separate lines, enter the current name of the volume and, in quotes, the new name of the volume. For example:

    • server1.sys "System Volume"
    • server1.img "Graphics"
    • #The above volume contains image files.

    NOTE:The pound sign (#) marks a line as a comment.

  3. Save the file in the sys:\etc directory of the server running Novell Native File Access Protocols.

    After the volume has been renamed, it keeps the name even if you delete the file and restart the server. To return to the previous name, repeat these steps and rename the volume to its original name.

    For example:

    System volume "server1.sys".

  4. Unload and reload the afptcp.nlm program.

Volumes will appear to Macintosh users with the new volume names.