When Novell Native File Access Protocols is properly configured, the Macintosh end users on your network will be able to perform the following tasks:
Macintosh users can use Chooser to access files and directories each time they are required or they can create an alias on the desktop that is retained after rebooting.
In Mac OS 8 or 9, click the
menu > > > .In Mac OS X, click
.Specify the IP address or DNS name of the NetWare® server, then click
.Specify the username and password, and then click
.Select a volume to be mounted on the desktop.
Although you now have access to the files, mounting the volume to the desktop does not make it available after rebooting.
(Optional) Create an alias to the desired volume or directory.
Aliases are retained after rebooting.
Click the NetWare server icon.
Click
> .The alias icon appears on the desktop.
If the network administrator has set up the Guest User object account as described in Creating a Guest User Account, Macintosh users can log in to the network as Guest with no password required.
In Mac OS 8 or 9, click the
menu > > > .In Mac OS X, click
> .Type the IP address or DNS name of the NetWare server, then click
.Click
> .The Guest user has rights to access network resources as configured by the network administrator.
Macintosh users can change their passwords. When they change their simple password, their eDirectory password is automatically synchronized.
In Mac OS 8 or 9, click the
menu > > > .In Mac OS X, click
> .Type the IP address or DNS name of the NetWare server, then click
.Specify the username.
Click
.Type the old password and the new password, then click
.A maximum of eight characters is allowed for passwords. Passwords longer than eight characters are truncated to eight characters.
NOTE:Native File Access for Macintosh (AFP) software keeps the simple password and the NetWare passwords synchronized. In other words, when a Mac user changes either password using the native client software, password synchronization is automatic and transparent.
Although using iManager or ConsoleOne from the Administrator workstation is the recommended method for managing rights, Macintosh users have some file sharing and management capability using Chooser/Finder.
For more information on how to use ConsoleOne to set up and manage rights, see the ConsoleOne 1.3.x User Guide, or view the ConsoleOne Online Help.
For more information on how to use iManager to set up and manage rights, see the Novell iManager 2.7.3 Administration Guide.
Using Chooser/Finder to access network files and folders is fairly consistent with the Macintosh environment, but there are some differences between NetWare and Macintosh file sharing. Macintosh users can view the sharing information about specific folders by clicking Get Info/Sharing.
The Macintosh file system uses either inherited rights (which use the enclosing folder's privileges) or explicit rights (which assign rights to a group or user). A folder in the Macintosh file system cannot have both inherited and explicit rights.
NSS uses both inherited and explicit rights to determine the actual rights that a user has. NSS allows a folder (or directory) to hold file rights for multiple groups and users. Because of these differences, Macintosh users will find that access rights to folders and files might function differently than expected.
NSS uses inherited rights, so the Macintosh Use Enclosing Folder’s Privileges option is automatically turned off. When a Macintosh user views the Get Info/Sharing dialog box for a NSS folder, only the User/Group assignments are visible if there is an explicit assignment on the folder. If the NSS folder inherits User/Group rights from a parent group or container, those rights are not displayed in the dialog box, nor will there be any indication that the folder is inheriting rights from a group or container.
Because NSS allows multiple groups and users to have rights to a single folder, users are not able to delete rights assignments using the Apple Macintosh interface. Users can add assignments to allow basic file sharing, but more complex rights administration must be done using the management utilities such as iManager or ConsoleOne.When specifying Owners, Users, and Groups, there is no way to select from current groups. You must specify the correct NetWare name and context (fully distinguished eDirectory name).
HINT:No context is required if the context is specified in the context search file.
In the Apple File Sharing environment, an owner is a user who can change access rights. In the NSS environment, users can change access rights if they have been granted the Access Control right for the folder. In NSS, an owner means the one who created the file. A NSS owner has no rights by virtue of ownership. In the NSS environment, the owner is the current user if he has access control rights to the folder.
If the user does not have access control rights, the NetWare owner will be shown if the NSS owner is not the current user. If the current user does not have rights to change access and is also the NSS owner, a message to "Use NetWare Utility" is displayed in the Owner field.
In Apple File Sharing, there can be more than one owner. If you change the owner, access control rights are added to the new owner, but are not removed from the current owner. In NSS, there are two ways to have access control rights: 1) have the Access Control right and 2) have the Supervisor right. Adding a new owner only adds the Access Control right, not the Supervisor right. If the current owner already has the Supervisor right added through other management utilities, that right will remain. The Supervisor right also gives full file access rights. This means that if you are the current user and have the Supervisor right, you also have read/write access and you cannot change those rights.
Display only allows for one owner. If multiple users have file access rights, only the current user is shown in the Owner field. This means you could change the owner (which in NetWare simply means adding the Access Control right to the new user) and when you open the file sharing dialog box again, you will be listed as the owner, even though you have just given ownership or the Access Control right to someone else.
Only one user/group can be displayed for a folder, although NSS allows multiple users and groups to be assigned file access rights. If both users and groups have access to a NSS folder, groups are displayed before users. The group with the most access rights is preferred over groups with lesser access rights. Only users or groups with explicit rights (not inherited rights) are shown in the User/Group field. Users and groups with inherited rights are not shown in the dialog box, nor is there any indication that there are users and groups with inherited rights.
Adding a group or user does not remove the current group or user; it simply adds the rights to the group or user specified. If the user specifies the wrong user or group name, the user gets no feedback. If multiple users or groups are assigned to the folder, it is possible that the user is unable to see the user or group that was just assigned. It could be very difficult to know if the rights assignment worked or not.
Rights set through this interface are inherited by the folder’s subfolders. It is impossible to manage all inherited rights from the Macintosh interface. (Although not recommended, you could set the inherited rights filters from the management utilities to turn off inherited rights.)
Assignment of rights to Everyone acts like the Macintosh user expects, with the exception that Everyone’s rights are inherited. In NetWare, the object that represents the rights of any authenticated user is used to set Everyone’s rights. Everyone’s rights can change from folder to folder, but once they are set, they are inherited by subfolders.