10.2 Making Directories Accessible Through NetStorage

NetStorage makes files on OES 2 servers available on the Internet. Directories can be made available as organizational needs dictate. For the exercises in this guide, we will focus on user home directories.

10.2.1 NCP Users Have Automatic Access to Their Home Directories

For users who have a home directory specified in eDirectory™ (on an NCP™ or NSS volume), access to that home directory is automatic.

By default, when users log in to NetStorage, they see a storage location named Home@TREE_NAME. This means that the ncp_*, the nss_* users, and the nw_edir user each see their home directories when they log into NetStorage.

The label that users see is configurable in the File Access (NetStorage) iManager plug-in by using the NetWare Storage Provider task. You can also specify home directories in additional trees if users log in to multiple trees. For more information, see NetWare Storage Provider in the OES 2 SP3: NetStorage for Linux Administration Guide.

HINT:The first time you access the NetWare Storage Provider task in iManager, the configuration is blank and the column headings are collapsed. To display the configuration, click Set Defaults, click another task, then click NetWare Storage Provider again. All of the columns are then displayed.

To make other directories on an OES 2 server available through NetStorage, including non-NCP/NSS home directories, you must create a Storage Location Object that points to the directory and then add the object to a Storage Location List as explained in the following sections.

10.2.2 Creating a Storage Location Object in iManager

A Storage Location object specifies an access protocol and points to a directory on either the NetStorage server itself or another accessible server. After object creation, users with rights to the directory can access storage location objects through NetStorage.

For connections to Storage Location objects, NetStorage supports both CIFS and SSH as alternatives to NCP (the default NetStorage protocol). Although they are used in this guide, SSH storage locations should only be used after certain security issues are understood and dealt with. (For more information, see SSH Security Considerations in the OES 2 SP2: Planning and Implementation Guide.)

Because the linux*_lum-edir users’ home directories are on a Linux traditional volume, there is no default access and you must create a Storage Location object for them to use.

Because the CIFS protocol on your lab server uses Novell CIFS, and because Novell CIFS provides access to only NSS volumes, the Storage Location object must use SSH.

To create an SSH Storage Location object:

  1. Start iManager by entering the following URL in a browser Address field:

    http://IP_or_DNS/nps

    where IP_or_DNS is the IP address or DNS name of your OES 2 server.

    If you receive a Tomcat error, see Section A.2, iManager Tomcat Error.

  2. Log in to iManager as the Admin user.

  3. Click the Roles and Tasks icon Roles and Tasks icon.

  4. Click File Access (NetStorage) > New Storage Location.

  5. In the Object Name field, type

    StorLoc_hostname

    where hostname is the name of your lab server. This is the name of the Storage Location object in eDirectory (for example, StorLoc_myserver).

  6. In the Display Name field, type

    Linux_Home_Directories

    This is the name that users see in the NetStorage directory access list.

  7. In the Directory Location field, type

    ssh://IP_or_DNS_Name/users

    where IP_or_DNS_Name is the IP address or full DNS name of your lab server (for example, cifs://myserver.mysite.company.example.com/users).

    IMPORTANT:Protocol designators, such as ssh and cifs, are case-sensitive on OES 2 servers. Make sure you don’t type the common uppercase (SSH or CIFS) out of habit.

  8. Click the Browse icon Browse icon next to the Context field.

  9. Browse to and select the SERVERS Organizational Unit object.

    The new Storage Location object will be created in the SERVERS organizational unit object.

  10. Click Create > OK.

10.2.3 Adding the Object to a Storage Location List

Storage Location Lists are required for granting access for users, groups, or containers (Organizational Unit objects) to Storage Location objects.

  1. In the list of tasks below File Access (NetStorage), click Assign Storage Location to Object.

  2. Click the Browse icon Browse icon next to the Object field.

    This field contains the user, group, or OU object that is granted access to the Storage Location object.

  3. Click USERS > OK.

  4. Click the Browse icon Browse icon next to the Storage Location Objects field.

  5. Click the down-arrow Down Arrow icon next to SERVERS.

  6. Click the StorLoc_hostname object for your lab server, then click OK.

    You could add multiple Storage Location objects to the list if needed, but we are only adding one.

  7. Click OK twice.

10.2.4 SSH and NetStorage Administration

Many network administrators prefer to use SSH for remote server administration. NetStorage includes a special SSH-based Storage Location object named NSS_Volumes that lets eDirectory Admin users administer NSS volumes on OES 2 through NetStorage. Admin users can assign trustees, administer NSS file and directory attributes, restrict directory size, and so on.

As a general security precaution, SSH services are not enabled by default on OES 2 servers. However, you enabled SSH services in Section 4.4, Allowing SSH Access, and then you enabled SSH as a LUM-enabled service, thus giving SSH access to LUM-enabled users.

The eDirectory Admin user has SSH access because it is a LUM-enabled user by default. This means that the Admin user can use SSH for remote server administration and it can administer the server’s NSS volumes through NetStorage.

NOTE:Unlike home directory access, which automatically connects all users in the tree with their NCP or NSS home directories no matter which server the directories are on, default administrative access is limited to the nssvolumes Storage Location object located in COMPANY. To provide administrative access to the HOME_NW volume on the LAB_NW NetWare® server, you would need to create an NCP Storage Location object that points to that volume.

Continue with Section 11.0, Getting Acquainted with OES.