Native File Access for Macintosh provides several ways to simplify your administration tasks and customize how Macintosh workstations interact with the network. Tasks and issues to:
You can create simple passwords for users one at a time using iManager or ConsoleOne®. The process for creating simple passwords is the same for Macintosh and Windows users. See Two Methods for Creating Simple Passwords for Windows Users for instructions on creating simple passwords.
If you want to create passwords for several Macintosh users at once, you can add the CLEARTEXT option to the LOAD AFPTCP command at the server console. For example:
LOAD AFPTCP CLEARTEXT
When the CLEARTEXT option is added to the AFPTCP command, users logging in to the server from a Macintosh workstation are prompted to provide their eDirectory® username and eDirectory password. After the eDirectory password is verified, a simple password is automatically created and stored in eDirectory. The simple password is the same as the eDirectory password.
The CLEARTEXT option is meant to be a temporary way to create simple passwords for many Macintosh users. After Macintosh users have created simple passwords, the AFPTCP NLM™ should be loaded without the CLEARTEXT option.
WARNING:The CLEARTEXT option allows unencrypted passwords to be sent over the network. If you are concerned about someone capturing your password over the network, you should not use this option. Instead, you should manage passwords using ConsoleOne on the Administrator workstation.
Administrators can enable or disable AFP on NetWare servers using iManager. AFP is enabled by default when NetWare 6.5 is installed.
In a Web browser, specify the following in the address (URL) field:
http://server_IP_address/nps/iManager.html
For example:
http://192.168.0.1/nps/iManager.html
At the login prompt, specify the server administrator username and password.
In the left frame, click then click .
Type the NetWare server name where you want to enable or disable AFP, or browse and select it.
Select or Deselect the check box to enable or disable AFP.
Click to save your changes.
Prior to NetWare 6.5 Support Pack 6, if the delete inhibit attribute was set on a directory such as a home directory, AFPTCP.NLM would by default send that information to MAC clients. The MAC OS 10.4.6 client would then enforce that attribute on the files contained within that directory. This resulted in users not being able to delete or rename files in their own home directory.
A new command line switch was added for AFPTCP called DeleteInhibitEmulation. The default if you do not specify this switch when loading AFPTCP.NLM is that AFPTCP does not send delete inhibit or rename inhibit information back to MAC clients. The Delete Inhibit and Rename Inhibit attributes are not enforced on MAC clients without this switch.
To have the Delete Inhibit and Rename Inhibit attributes enforced on MAC clients, load AFPTCP.NLM on the server using the following command:
load afttcp deleteinhibitemulation
You can also unload and reload AFPTCP.NLM without the switch to disable this functionality after enabling it.
A context search file allows Macintosh users to log in to the network without specifying their full context. The context search file contains a list of contexts that are searched when no context is provided or the object cannot be found in the provided context. When the Macintosh user species a username, the server searches through each context in the list until it finds the correct User object.
Macintosh allows only 31 characters for the username. If the full eDirectory context and username are longer than 31 characters, you must use a search list to provide access.
HINT:Macintosh users do not need to specify a context or have an entry in the context search file if their User objects are placed in the same container as the Server object.
If User objects with the same name exist in different contexts, the first one in the context search list will be used.
To edit the context search file, do the following:
Using any text editor, edit the ctxs.cfg file stored in the sys:\etc directory of the server running Novell Native File Access Protocols.
On separate lines, specify the contexts to search.
For example, if you had users with full eDirectory distinguished names such as Robert.sales.acme, Maria.graphics.marketing.acme, Sophia.graphics.marketing, and Ivan.marketing.acme, then you would specify the following contexts to the ctxs.cfg file:
Save the file in the sys:\etc directory.
The file is read the next time a Macintosh user logs in.
When Macintosh users log in, they specify only a username and a password. The system finds the User object in the context specified in the ctxs.cfg file.
Novell Native File Access Protocols let you create a Guest User object. Macintosh users are accustomed to being able to log in as Guest with no password required.
From the Administrator Workstation, use ConsoleOne to create a User object named Guest.
Determine and assign the appropriate rights to the Guest object by double-clicking Guest object and clicking .
Remove the ability for the user to change the password by clicking and deselecting .
Enable the Guest account by adding the full eDirectory context of the Guest object to the context search file as described in Editing the Context Search File.
Unload and reload the afptcp.nlm program with the GUESToption to make the button available on the login screen.
Any Macintosh user can now log in as Guest with no password and receive the access rights assigned to the Guest object.
Volumes can be renamed so that they appear in Chooser under a different name.
Using any text editor, create a file named afpvol.cfg.
On separate lines, specify the current name of the volume and, in quotes, the new name of the volume. For example:
NOTE:The pound sign (#) marks a line as a comment.
Save the file in the sys:\etc directory of the server running Novell Native File Access Protocols.
After the volume has been renamed, it keeps the name even if you delete the file and restart the server. To return to the previous name, repeat these steps and rename the volume to its original name.
For example:
System volume "server1.sys" .
Unload and reload the afptcp.nlm program.
Volumes will appear to Macintosh users with the new volume names.
Several server console commands are provided with AFP to help you perform certain AFP-related tasks. The following table lists the AFP-related server console commands and gives a brief description of each command. To execute an AFP console command, specify the command followed by any desired command line switches or parameters.
Table 4-1 AFP Console Commands