7.2 Understanding the NetStorage Configuration Settings

This section includes information on all configuration settings that can be set. The settings are organized according to the link in the left column where they appear. This information is also available if you click Help.

Most configuration settings have a Set Defaults button. If you click the Set Defaults button, the value is set to whatever value appears in the Default Value column. If there is no value in the Default Value column, the value is set to blank (no value).

7.2.1 Authentication Domains

Lets you change or add the NetIQ eDirectory server URLs and contexts that are required by NetStorage. It also lets you add support for dotted usernames, e-mail address names, and universal passwords, as well as giving you the option to change the eDirectory server that is designated as the Primary.

Table 7-1 Authentication Domain Setting and Description

Setting

Description

Dotted Names

Allows the use of a dot in a username. Some usernames contain dots (for example: john.doe). Enabling this option allows usernames containing dots to authenticate through NetStorage.

If this option is disabled, usernames containing dots can still authenticate through NetStorage by adding a forward slash (/) in front of the dot in the username (for example: john/.doe).

eMail Address Names

Allows the use of the At symbol (@) in a username. Some usernames are e-mail address names and contain the At symbol. Enabling this option allows usernames containing this character to authenticate through NetStorage. If this option is disabled, NetStorage reads the username up to the At symbol and then tries to authenticate with that much of the name.

Universal Password

Allows universal passwords to be used for NetStorage Authentication.

Universal password functionality is disabled by default. If you have enabled universal passwords, enable this option to let users with universal passwords authenticate through NetStorage.

If universal passwords have not been configured and enabled, selecting this option has no effect. NetStorage uses whatever password type is configured.

See Deploying Universal Passwords for information on configuring universal passwords.

Add Domain

Adds another eDirectory server IP address or DNS name. Users are authenticated to this eDirectory server.

Make Primary

Makes the eDirectory server URL listed above the button the Primary.

Remove Domain

Removes the eDirectory server URL from the list of URLs used by NetStorage.

Add Context

Adds a context that NetStorage searches when authenticating users. Use periods to separate the context. For example, ou=users.o=digitalair.

If the user is not located in the first context, any additional contexts added here are searched. If the user is not found in any context listed, an LDAP search of all subdirectories is performed.

If clear-text passwords are not enabled on the server, this search fails.

Remove Context

Removes the context (if there is one) from the eDirectory server URL.

Add Host

Lets you list additional hosts for an Authentication Domain. Clicking the Add Hosts button lets you create a list of alternative hosts for the domain.

If the Middle Tier server cannot reach the host specified in the domain, it searches the Other Hosts list specified in the Value field to find another server to use for authentication. Specify DNS names or IP addresses of alternate servers, separated by a comma delimiter, in the Value field.

For example, you could enter a string similar to either of the following:


Middletier.boston.digitalair.com,Middletier1.boston.digitialair.com

or


192.168.33.4,192.168.33.41

Context Priority

Lets you specify a priority for the context assigned to the eDirectory server URL. Adding a context priority lets you specify the order you want the different contexts searched.

If no context priority is specified, the default priority is used, which is 0. The priority range is from 0 (lowest) to 9999999.

7.2.2 Current Sessions

Displays a report with information on the current NetStorage sessions.

7.2.3 Files

Displays the NetStorage Web page. This provides a way to access NetStorage from iManager, without entering the NetStorage URL. See Section 6.0, Using NetStorage for more information on the NetStorage Web page.

7.2.4 iFolder Storage Provider

This option is not functional on OES. However, it does function on NetWare 6.5 SP3 or later.

7.2.5 NetWare Storage Provider

NOTE:The name fields should not contain any special characters that are misinterpreted as separators in any type of path or URL string. The characters includes /, :, and \.

Table 7-2 NetWare Storage Provider Settings and Description

Settings

Description

Home Name

This text is displayed on the NetStorage Web page and is followed by the tree name and path to the user’s home directory. The user might have home directories in multiple trees, in which case multiple paths are displayed.

The default is Home@. You might want to change this if you want to reference home directories with a different word or in a language other than English. See the Alternate Tree Name listing below for more information on configuring NetStorage to display multiple home directories.

Drive Name

This text is displayed on the NetStorage Web page and includes the drive letter being referenced, followed by the path to the mapped drive. The user’s login script on the Primary tree is parsed by NetStorage to gather information on mapped drives.

Public Directory Name

This registry key provides a way for any NetStorage user to make documents or files available to other NetStorage users.

A public directory can be automatically created in each user’s home directory by NetStorage. If public directories are created by NetStorage, all users in the same eDirectory context have Read and File Scan rights to the other users’ public directories.

If you don’t want public directories created in users’ home directories, leave this field blank (the default).

If you want public directories created in users’ home directories, specify the name for the public directories. For example, if you specify My Public Files as the name for the public directories, a folder named My Public Files is created at the root of each user’s home directory the first time the user logs in through NetStorage.

To access a public directory, users need to add ~username at the end of the URL used to access NetStorage. For example if you want to access the public directory for a user named jsmith, you might specify a URL similar to http://file.i-login.net/oneNet/NetStorage/~jsmith.

Alternate Tree Name

When a user’s home directory is displayed by NetStorage, the name of the eDirectory tree is also displayed. With this configuration field, you can change the tree name that users see in NetStorage to something that might be more intuitive. For example, if the tree name is SERVICES 2 and you want users to see i-Login, you would type SERVICES2/i-Login in this configuration field. The eDirectory tree name and the substitute name are separated with a slash (/).

NetStorage can access user home directories in multiple eDirectory trees. If you want to substitute eDirectory tree names in more than one tree, separate those tree name substitutions with a comma. An example of this is SERVICES2/i-Login,SERVEME2/Staging.

Container Search Height

Specifies the number of container levels (from where the User object is located) that NetStorage searches up the eDirectory tree for the container login script. The default is 1, which is the same level used by Novell Client software.

If you specify a number greater than the number of container levels in the eDirectory tree, NetStorage searches up to and including the root container in the tree. If you specify 0, NetStorage only searches the container where the User object is located.

Home Dirs

Specifies if home directories are to be processed. The default is 1, meaning that they are processed. If you specify 0, no home directories are processed or displayed to the user.

Check MAP Drives

Specifies if mapped drives (from login script MAP statements) are checked when the user logs in. The default is 0, meaning that mapped drives are not checked and all mapped drives are displayed to the user. If the user attempts to access a mapped drive pointing to a directory that does not exist or that the user does not have access rights to, an error occurs.

If you specify 1, each mapped drive is checked at login and map drives that do not exist or that the user does not have access to are not displayed.

LoginScripts

Specifies if login scripts are to be processed. The default is 1, meaning that they are processed. If you specify 0, no login scripts are processed, so no user object details associated with them are displayed.

Storage Locations

Specifies if storage locations are to be processed. The default is 1, meaning that they are processed. If you specify 0, no storage locations are processed, or displayed to the user.

Shared Directory

Specifies if shared directories are to be processed. The default is 1, meaning that they are processed. If you specify 0, no shared directories are processed or displayed to the user.

7.2.6 NetStorage Options

Table 7-3 NetStorage Settings and Description Options

Settings

Description

Proxy Username and Proxy Password

The Admin username and password that you entered when you installed NNLS. If you want the Middle Tier Server to use a different username and password for administrator access, specify them in the fields provided.

If you click the Set Defaults button, the value is set to whatever value appears in the Default Value column. If there is no value in the Default Value column, the value is set to blank (no value).

Location

The registered location you want users to enter as part of the NetStorage URL to access NetStorage. The default is oneNet.

If you change this registry setting, you must also edit the etc/opt/novell/xtier/xsrv.conf file and change the /oneNet setting in the Location section (first section) to the same setting you specified in iManager.

Session Timeout

The amount of time (in seconds) that the session remains idle before it is terminated. If there is no NetStorage activity for this amount of time, the user is required to log in again to NetStorage before being allowed file access.

Janitorial Interval

This setting should not be changed except under direction from Novell.

Persistent Cookies

This setting can be turned on or off. Persistent Cookies is turned off (the default) if there is no value or if the value is set to 0. You can turn Persistent Cookies on by changing the value to 1.

With Persistent Cookies turned off, the NetStorage session ends when the user closes the current browser or Web folder. Also, if the user has a current instance of NetStorage running in a browser window or Web folder and starts up a new browser instance or Web folder, the user is required to reauthenticate.

Turning off Persistent Cookies can be beneficial if you have workstations that are shared, because as long as the browser instance is closed, the next user of the workstation cannot accidentally or intentionally obtain access to your network through NetStorage.

Leaving Persistent Cookies turned on can be beneficial if your workstations are not shared, because users are not required to unnecessarily reauthenticate.

If the user selects the Logout option in NetStorage, the session ends regardless of whether Persistent Cookies is turned on or off.

LDAP Port

Lets you change the LDAP port number if there is a conflict between Active Directory and eDirectory for LDAP requests.

This conflict exists because the back end is acting as a domain controller, which has Active Directory installed on it. The conflict is created by both eDirectory and Active Directory attempting to use the same default port (number 389). Active Directory normally wins the conflict. The Proxy User object type exists in eDirectory but not in Active Directory. Because of this, when the Middle Tier server tries to bind as a Proxy User, the bind attempt fails. This is also the reason LDAP lookups fail.

Cookieless

The Cookieless option can be turned either on or off. With the value set to 0, Cookieless authentication is turned off (the default). Cookieless authentication can be turned on by setting the value to 1.

Cookieless authentication is needed for some clients that use versions of WebDav that don’t support cookies. For example, Apple clients use a WebDav version that does not support cookies.

If Cookieless authentication is turned on, you must close all browser instances to log out.

7.2.7 NetStorage Statistics

Displays a report with information about server up time, login failures, number of NetStorage sessions, etc.

7.2.8 Resource Usage

Displays a detailed report of resource utilization for NetStorage.

7.2.9 WebDAV Provider

Table 7-4 WebDAV Provider Settings and Description

Settings

Description

Moniker

The location of the NetStorage WebDAV provider (xdav.nlm). It is the location you want users to specify as part of the NetStorage URL to access NetStorage. The default is NetStorage.

Template Directory

The directory for the HTML interface. This setting should not be changed except under direction from Novell.

7.2.10 Storage Location

You can create a Storage Location object to display a specified name for a network directory in the NetStorage directory access list displayed through Microsoft Web Folders or a Web browser. Creating a Storage Location object is useful if users expect the directory to have a certain name. Unlike directories that are displayed from a login script, or Home directories that have a name that cannot be altered, you can specify the Storage Location object name.

After you have created a Storage Location object, you must associate this object with a User, Group, Location, or Container object. Users see the directory associated with the object the next time they log in.

Creating a Storage Location Object

  1. Start your browser (Internet Explorer 5 or later, Mozilla, etc.) and specify the URL for iManager.

    The URL is http://server_ip_address/nps/imanager.html. Replace server_ip_address with the IP address or DNS name of the Linux server running NetStorage or the IP address for Apache-based services.

  2. Type your username and password.

  3. In the left column, click File Access, then click New Storage Location.

  4. Specify the object name, display name, directory location, context, and a comment.

    The object name is the name of the object in the eDirectory tree.

    The display name is the name to be displayed in the NetStorage directory access list. This is the shortcut name and is seen by users. If you use the same display name for two different Storage objects, a digit is added to the names to make each name unique.

    The directory location is the location of the directory on the file system. The location is a URL that includes the file system type, server name, volume, and directory path.

    If the storage being accessed is on a NetWare server, the URL must be in the following format:

    ncp://server_name/volume/path_to_directory

    For example:

    ncp://server1.digitalair.com/mktg/reports

    or

    ncp://192.168.3.4/mktg/reports

    If the storage being accessed is on a Linux server, the URL must be in one of the following formats:

    • ncp://server_name/volume/path_to_directory

      This method requires that the NCP Server component of OES be installed on your Linux server.

    • cifs://server_name/cifs_share_name

      This method can be used if you have configured a CIFS or Samba share (cifs can be interchanged with smb).

    • ssh://yourserver.yourcompany.com/home/youruser

      This method allows access to files on Linux systems that don’t support either NCP or CIFS (SMB) protocols.

      IMPORTANT:NetStorage storage location objects defined with the SSH protocol do not function unless SSHD has been enabled for LUM users.

      If you want to access local files or files on another server in the same eDirectory tree by using the SSH file access method, you must select the SSHD check box during the OES installation or enable SSHD afterwards by using YaST. The check box is in the Linux User Management configuration section on the OES installation.

    If the file system is omitted, it is assumed that it is NCP.

    The context is the directory context that the Storage Location object resides in. Click the object selector to select the context.

    The comment is entered by the administrator and is not displayed to users.

  5. Click Create, then click OK.

Creating or Modifying a Storage Location List

After you create a Storage Location object, you must create a list of Storage Location objects that can be used with a specified User, Group, Profile, or Container object. Users see the directory associated with the object the next time they log in. After this list is created, you can modify it from the same window by assigning additional Storage Location objects to the list or by deleting Storage Location objects from the list.

  1. Start your browser (Internet Explorer 5 or later, Mozilla, etc.) and specify the URL for iManager.

    The URL is https://server_ip_address/nps/imanager.html. Replace server_ip_address with the IP address or DNS name of the Linux server running NetStorage or the IP address for Apache-based services.

  2. Type your username and password.

  3. In the left column, click File Access, then click Assign Storage Location to Object.

  4. Click the Object Selector button; select the User, Group, Profile, or Container object that the list is to be created for; then click OK.

    IMPORTANT:If you enter an invalid object name in the Object field and click OK, you are directed back to the Home page instead of going to the next page.

  5. Click the Object Selector button, select the Storage Location objects you want included in this list, then click OK.

    You can select multiple Storage Location objects in the Object Selector window. When you select multiple Storage Location objects, they appear in the Selected Objects list. If the list already contains Storage Location objects and you want to add more, ensure that the original objects are still in the list before clicking OK.

  6. (Optional) Remove existing storage locations by deleting their names from the list before clicking OK.

  7. When you are finished creating or modifying the list, click OK.

Modifying a Storage Location Object

  1. Start your browser (Internet Explorer 5 or later, Mozilla, etc.) and specify the URL for iManager.

    The URL is https://server_ip_address/nps/imanager.html. Replace server_ip_address with the IP address or DNS name of the Linux server running NetStorage or the IP address for Apache-based services.

  2. Type your username and password.

  3. In the left column, click File Access, then click Edit Storage Location.

  4. Click the Object Selector, then select the Storage Location object that you want to modify.

  5. Modify the display name, display location, or comment, then click OK.

    If you need to modify the object name or eDirectory context, you must delete this object and create a new Storage Location object.

  6. Click OK.

Deleting a Storage Location Object

  1. Start your browser (Internet Explorer 5 or later, Mozilla, etc.) and specify the URL for iManager.

    The URL is https://server_ip_address/nps/imanager.html. Replace server_ip_address with the IP address or DNS name of the Linux server running NetStorage or the IP address for Apache-based services.

  2. Type your username and password.

  3. In the left column, click File Access, then click Delete Storage Location.

  4. Click the Object Selector button, then select the Storage Location object that you want to delete.

  5. Click OK.