3.2 Using the NetWare FTP Server from an FTP Client

This section discusses the following:

3.2.1 Starting an FTP Session

To start an FTP session from a workstation running the FTP client software, use the following format:

ftp hostname | IP Address [Port Number]

Table 3-1 FTP session start parameters

Parameter

Description

hostname | IP address

Name of the server in the DNS or IP address of the NetWare server running the FTP service.

Port number

The port where the server is listening for connection requests.

Use with the open command.

When you enter this command, the FTP client prompts for a username and password.

Logging In to the eDirectory Tree

You can log in to the NetWare FTP Server in one of the following ways:

  • Specify the username with full context, including a leading dot (.).

    For example:

    .user1.sales.company.
    

    If you do not specify the context, the NetWare FTP Server searches for the user only in the current session context.

  • Specify the context relative to the default context (which is the context of the NetWare server where FTP is running).

    Relative contexts do not include leading dots.

    For example, if the default context of NetWare FTP Server is .company, then the user1 located in the .sales.company container can log in using the following format:

    user1.sales
    
  • When logging in for the first time only with a username without specifying the context, the NetWare FTP Server searches for the user in the following sequence:

  1. Default FTP context.

  2. The first bindery context of the server, if it is set.

    1. The context of the NetWare Server object, if the bindery context is not set.

    2. The contexts listed in the SEARCH_LIST parameter of the configuration file ftpserv.cfg, in the order listed.

When a user login is successful, the NetWare FTP Server context gets set to the user’s context. Therefore, when a user is logged in to an FTP session and decides to authenticate as another user (without specifying a context) with the command USER username, this new username is searched for under the context of the user who previously logged in successfully. If the user is not found here, the user is searched in the order of contexts listed in the SEARCH_LIST parameter of ftpserv.cfg.

If a user with an expired password attempts to log in to the NetWare FTP Server, a message stating that the password has expired displays after the user logs in. Logging in with an expired password uses the grace logins. If all the grace logins of the user expire, the user cannot log in and receives an error message.

User Home Directory

After the user logs in, the NetWare FTP Server places the user in the user’s eDirectory home directory (if it is defined) and attaches the user to the server where the home directory resides.

If the home directory is not defined or cannot be located, the NetWare FTP Server places the user in the default user home directory specified in the configuration file.

To specify the name of the server where the default user home directory is located, use the DEFAULT_USER_HOME_SERVER parameter. If the parameter is not specified, by default the NetWare FTP Server considers the default user home directory to be on the server where the NetWare FTP Server is running.

A user is placed in the default user home directory under the following conditions:

  • If IGNORE_HOME_DIR = Yes.

  • If IGNORE_REMOTE_HOME = Yes, and the user's home directory is on a remote server.

  • If the remote server on which the home directory exists is down.

The user without a home directory is placed in the Default_Home_Server\Default_User_Home directory. If this fails (either because the home server is down or the home directory is not present on the home server), then the user is placed in Local_server\Default_User_Home. If that fails too, (because Default_User_Home is not present in the local server also), then the user is placed in Local_server\Sys:\public.

Logging In to a Server Running an IBM Operating System

To log in to a remote Server running an IBM* operating system, the user must have a user account on that server.

To log in to the IBM server from FTP client, start an FTP session using FTPHost. Give the username in the following format:

@IBMservername.username

To log in to an IBM server from a browser, use the following format:

ftp //+IBMserver+username:password@FTPHost

To log in as an anonymous user, the user name and password can be omitted:

ftp //+IBMservername@FtpHost

After logging in to an IBM server, the user is placed in the home directory of that IBM server.

While logging in to an IBM server, the user is not authenticated to the eDirectory tree. This means, navigation between IBM servers and eDirectory servers is not possible.

3.2.2 Security Extensions

Security extensions enable secure FTP clients that support the SSL and TLS mechanisms to establish secure connections with the server.

SSL and TLS are similar to the encryption system used by HTTPS Web pages. SSL and TLS provides a secure method for sending sensitive information across connections. The control and data connections are fully encrypted so no one can view the FTP commands, username, password, and data transferred as is possible with all non-encrypted FTP sessions.

After successful negotiation of the SSL/TLS mechanism, all the commands and replies are encrypted.

Netware FTP server supports the following mechanisms and commands related to security extensions:

  • SSL encryption mechanism

  • TLS encryption mechanism

  • Command channel encryption and data channel encryption.

  • The following security extension commands:

    • AUTH Mechanism Name

    • PBSZ Protection Buffer Size

    • PROT Protection Level

FTP Clients

If you are using security extensions, use FTP clients that support SSL/TLS mechanism.

The following list gives a representative list of such FTP Clients:

SmartFTP V1.0 This is a secure GUI FTP client. You can download it from the SmartFTP Web site.

ftps This is a command line FTP client from FreeBSD* that can be installed in Windows* and UNIX* machines. You can download bsdftpd-ssl-1.1.0.tar.gz file from the FreeBSD Web site.

Secure FTP 2 This is a command line Secure FTP client. You can download it from the Glub Tech Inc. Web site.

3.2.3 Accessing a Remote Server

After logging in to the eDirectory™ tree, users can access files and directories on a remote NetWare server whether or not the server is running NetWare FTP Server software. The remote server can be another NetWare server or an IBM server, if they are in the same tree.

The NCP™ protocol lets you transfer files and navigate to and from remote eDirectory servers.

Figure 3-1 How a NetWare FTP Server Accesses Remote NetWare Servers

To navigate to remote servers, use the following format:

cd //remote server name/volume/directory pathname

File operations such as get, put, and delete can be used on the remote server, even without changing directory path to that server. For example:

get //remote_server_name/volume/directory path/filename

The double slash (//) indicates that the user wants to access a remote server. After the double slash, the first entry must be the name of the remote server.

During remote server navigation, to check the server to which you are doing FTP operations, execute the quote stat command. This displays the current server in the statistics listing.

NOTE:Quote command is not case sensitive, if entered from the FTP client.

If the current directory is on a remote server and the remote server goes down, the user is placed in the home directory in the home server. If the home server is not available, the user is placed in the default user home directory.

3.2.4 Path Formats

Table 3-2 NetWare FTP Server path formats

Task

Command Format

Specifying the volume and directory path name

//server_name/volume_name/directory_path

Navigating to different volumes

cd /volume_name

Switching back to the home directory

cd ~

Switching to home directory of any user

cd ~ user_name

Switching to the root of the server

cd /

IMPORTANT:NetWare FTP Server does not support wildcards at the root of the server.

3.2.5 SITE Commands

The SITE command enables FTP clients to access features specific to the NetWare FTP Server.

NOTE:SITE command is not case sensitive, if entered from an FTP client.

The SITE command has the following syntax:

SITE [SLIST | SERVER | HELP | CX {CONTEXT} | LONG | DOS | OU]

NOTE:The settings done through SITE commands are valid only for current session.

These commands are unique to the NetWare FTP service and are not standard FTP commands.

The following table provides the list of SITE commands along with their descriptions:

Table 3-3 NetWare FTP SITE commands

Command

Description

SLIST

Lists all the NetWare servers within the eDirectory tree.

SERVER

Lists all NetWare servers in the current eDirectory context and its sub-OUs.

For example, SITE SERVER displays all NetWare servers in the current context.

HELP

Displays the help file related to the SITE commands. It gives the syntax, and description of all SITE commands.

CX

CX without a context displays the current context of the NetWare FTP Server

CX with a context as an argument sets the current eDirectory context to a given value. For example:

To change to an OU named "test" within the current context, use cx ou=test (which specifies a relative context).

cx .ou=test.o=acme sets the context to the OU test using the absolute context

CX with the argument ~ resets the context back to user's context

OU

Displays all the organizational units relative to the current context

OU enables users to display the eDirectory organizations (containers) below the current eDirectory context.

LONG

Changes the configured name space to the LONG name space.

DOS

Changes to the configured name space to the DOS name space.

DOS changes the configured name space to the DOS name space. This change takes place only for the current session. All NetWare volumes support the DOS name space.

3.2.6 Name Space and Filenames

NetWare FTP Server software supports DOS and LONG name space. The default name space is configured in the configuration file. FTP users can also change it dynamically by using the SITE DOS command or the SITE LONG command.

NOTE:The name space changed by using SITE command is in effect only in the current session.

The default configured name space is LONG.

When the user changes the name space, the change affects only those volumes that support the specified name space. If the LONG name space is not supported on a specific volume, users must follow the DOS file naming conventions of using no more than eight characters for the name plus no more than three additional characters for the extension.

In both name spaces, the user views the response to the ls or Dir command in the NetWare format only. Format of the directory listing is as follows:

type rights owner size time name

where the above variables stand for the following:

  • Type: Type of file, where (-) indicates a file and (d) indicates a directory.

  • Rights: The file owner’s effective NetWare rights of this file or directory.

  • Owner: NetWare user who created this file or directory. If the object mapping and the owner’s name are not found, the object ID is displayed.

  • Size: The size, in bytes, of the file or directory. For a directory, it is always 512.

  • Time: The modification date and time of the file or directory.

  • Name: The name of the file or directory in the current name space.