Novell Doc: OES 2 SP3: Domain Services for Windows Administration Guide - Accessing Files by Using Native Windows Methods

16.1 Accessing Files by Using Native Windows Methods

IMPORTANT:Do not install the Novell Client for Windows on a workstation for which you plan to provide native Windows access to DSfW servers. Novell Client access and native Windows access to DSfW servers do not work well together on the same workstation.

This section discusses the following topics:

16.1.1 Prerequisites

The instructions in this section assume that you have already prepared your workstation for accessing the DSfW server by completing the instructions in these prior sections:

16.1.2 Samba: A Key Component of DSfW

One of the primary benefits of DSfW is that users can access files on OES 2 Linux servers without having any Novell client software installed. This is accomplished through Samba software that is installed on every DSfW server.

Samba is an open source software suite that lets Linux and other non-Windows servers provide file and print services to clients that support the Microsoft SMB (Server Message Block) and CIFS (Common Internet File System) protocols.

OES 2 SP3 customers actually have three Samba configuration options:

The open source Samba services that are provided with SUSE Linux Enterprise Server (SLES)10 SP4 and other Linux distributions.
The Novell Samba implementation that has always been included in OES to integrate eDirectory authentication with basic Samba file services.
The DSfW configuration of Samba.

The Section 16.1.3, Samba in the DSfW Environment explains key differences between the Novell Samba configuration in OES 2 SP3 and the configuration that is included with DSfW.

16.1.3 Samba in the DSfW Environment

When you install a DSfW server, Samba software is automatically installed on that server. This is the same Samba software that is included in OES 2 SP3, but it is configured differently as outlined in Table 16-1.

Table 16-1 Novell Samba in OES 2 SP3 vs. Samba in DSfW

Item	Novell Samba in OES 2 SP3	Samba in DSfW
Authentication	A Samba-compatible Password Policy is required for compatibility with Windows workgroup authentication.	No Samba-compatible Password Policy is required for DSfW users because the domain is set up as a trusted environment. DSfW uses Active Directory/Kerberos authentication to ensure that only authorized users can log in to the domain.
File system support	It is recommended (but not required) that you create Samba shares on NSS data volumes. NSS is fully integrated with eDirectory for easier management, and using an NSS volume allows you to take advantage of the rich data security model in NSS. You can use either iManager or the nssmu utility to create an NSS volume on an OES 2 Linux server. For instructions on how to set up an NSS volume, see stor_nss_lx in the stor_nss_lx
Samba enablement	Users must be enabled for Samba and assigned to a Samba group.	eDirectory users in the domain (eDirectory partition) are automatically Samba users and are enabled to access Samba shares. See Section 12.0, Creating Users. Domain users are set up with the necessary UID and default group (DomainUsers) membership. Every additional eDirectory group created within the domain is automatically Linux-enabled.
Username and password	The same username and password must exist on both the Windows workstation and in eDirectory.	eDirectory users in the domain (eDirectory partition) can log into any workstation that has joined the domain. There is no need for a corresponding user object on the workstation.

16.1.4 Creating Samba Shares in iManager

To manage Samba shares, iManager must be configured with the necessary plug-ins and role-based services. For information on how to configure iManager, see the iManager 2.7.3 Documentation

To create a Samba share in iManager:

Open a browser and point to http://ip_address_of_server/nps/iManager.html.
Provide the username, password, and tree information as requested and click Login.
In the Roles and Tasks view, select File Protocols > Samba.
Specify the IP address of the server you want to manage, or use the Object Selector to browse to and select the server.

The NCP Server objects for DSfW servers are located in .OESSystemObjects.domain_name.com.

The General page displays Samba-related information about the selected server.

NOTE:The LDAP Suffix setting does not apply to DSfW servers.
Click the Shares tab.
Click New and enter the share name, path, and comment (optional). Click OK.

The path you enter must already exist on the OES 2 Linux server’s file system. By default, NSS volumes are located in /media/nss/volume_name.

The example shown above creates a Samba share called Projects for the NSS volume named PROJECTS. The share name and volume name do not need to be the same, but making them identical can make share management easier. If you want, you can enter a more complete description of the share in the Comment field.

The new share is added to the list of shares for this Samba server.

Continue with Section 16.1.6, Assigning Rights to Samba Shares to assign users rights to access the new share.

16.1.5 Creating Samba Shares in the smb.conf File

If you prefer, you can create Samba shares by editing the /etc/samba/smb.conf file.

For example, to create a Samba share on an NSS volume named PROJECTS, you would create a share to the /media/nss/PROJECTS directory as follows:

Open the /etc/samba/smb.conf file in an editor.
Create a [projects] share in the smb.conf file by inserting the following lines:

[projects]

comment = Project folders

path = /media/nss/PROJECTS

browseable = Yes

read only = No

inherit acls = Yes
Save the file and restart Samba.

Continue with Section 16.1.6, Assigning Rights to Samba Shares to assign users rights to access the new share.

16.1.6 Assigning Rights to Samba Shares

For domain users to access the Samba shares you have created, you must assign the appropriate rights. You can assign rights to individual users or to groups. If you want all users in the domain to have the same rights to the share, you can assign the rights to the DomainUsers group.

Table 16-2 lists the management tools available for assigning rights to Samba shares created on various file systems.

Table 16-2 Tools for Managing File System Rights

File System	Rights Management Tools	Notes
Novell Storage Services (NSS)	iManager > Files and Folders > Properties > Rights rights command	For more information on assigning file system rights on NSS volumes in iManager, see stor_nss_lxin the stor_nss_lx The rights command available at the terminal prompt is for working with NSS volumes only. For online help, enter rights with no options. For more information, see stor_nss_lxin the stor_nss_lx
NCP Volume on Linux POSIX file systems (no NSS)	iManager > Flies and Folders > Properties > Rights ncpcon > rights	For more information on assigning file system rights on NCP volumes in iManager, see stor_nss_lx in the stor_nss_lx. The rights command in the ncpcon utility is for working with any NCP volume, including NSS volumes and NCP volumes defined on Linux POSIX file systems. For online help, run ncpcon and enter help rights. For more information, see stor_nss_lx in the stor_nss_lx.
Linux POSIX file systems (no NSS or NCP)	chmod chown chgrp	For information on assigning POSIX rights, see the SLES 10 Installation and Administration Guide.

File System

Rights Management Tools

Notes

Novell Storage Services (NSS)

iManager > Files and Folders > Properties > Rights

rights command

For more information on assigning file system rights on NSS volumes in iManager, see stor_nss_lxin the stor_nss_lx The rights command available at the terminal prompt is for working with NSS volumes only. For online help, enter rights with no options. For more information, see stor_nss_lxin the stor_nss_lx

NCP Volume on Linux POSIX file systems (no NSS)

iManager > Flies and Folders > Properties > Rights ncpcon > rights

For more information on assigning file system rights on NCP volumes in iManager, see stor_nss_lx in the stor_nss_lx. The rights command in the ncpcon utility is for working with any NCP volume, including NSS volumes and NCP volumes defined on Linux POSIX file systems. For online help, run ncpcon and enter help rights. For more information, see stor_nss_lx in the stor_nss_lx.

Linux POSIX file systems (no NSS or NCP)

chmod chown chgrp

For information on assigning POSIX rights, see the SLES 10 Installation and Administration Guide.

Example: Assigning Rights to Folders on an NSS Volume

The example below continues the steps described in Section 16.1.4, Creating Samba Shares in iManager and Section 16.1.5, Creating Samba Shares in the smb.conf File.

Beneath the /media/nss/PROJECTS folder, create subfolders for each project.

For example, you could create folders named doc and code.
Assign trustees to the project folders, using either iManager or the rights command at a terminal prompt.

For example, suppose you want user1 to have full rights to doc but only read and filescan rights to code, and you want user2 to have full rights to code but only read and filescan to doc. You could assign the rights by using the following commands:

rights -f /projects/doc -r rwemafc trustee user1.full_edir_context

rights -f /projects/doc -r rf trustee user1.full_edir_context

rights -f /projects/doc -r rwemafc trustee user2.full_edir_context

rights -f /projects/doc -r rf trustee user2.full_edir_context

Because Samba access to NSS volumes is controlled by Novell trustee rights, user1 and user2 can now work in their respective project folders, and they can see but not change the contents of the project folder belonging to their coworker. Adjusting POSIX permissions is not required.

16.1.7 Adding a Network Place

From a Windows 2000 or XP workstation, you can add a Network Place (also known as a Web folder) that points to a share on the DSfW server.

IMPORTANT:The directory you are linking to must already exist on the DSfW server and fall within the scope of a defined share.

Share names and the server directories they point to are defined by using the Samba Management plug-in for iManager or by editing the /etc/samba/smb.conf file on the OES 2 Linux server. For more information and setting up shares, see Section 16.1.4, Creating Samba Shares in iManager and Section 16.1.5, Creating Samba Shares in the smb.conf File.

Log in to your Windows workstation.
From your desktop, access My Network Places.

For example, click Start My > Computer > My Network Places.
Click Add Network Place.
On Windows XP, do the following:
1. In the Add Network Wizard dialog box, click Next.
2. Select Choose another network location, then click Next.
3. Click Browse.
4. Click Entire Network > Microsoft Windows Network.
5. Click the domain, then click the DSfW server.
6. Click the share you want to add.
  
  Share names and the server directories they point to are defined in the /etc/samba/smb.conf file on the OES Linux server. For more information and for instructions on setting up shares, see Section 16.1.4, Creating Samba Shares in iManager.
7. Click OK > Next.
8. (Optional) modify the name of the Network Place to a more intuitive name, such as My Home Directory.
9. Click Next.
10. Click Finish.
  
  The folder opens, ready for access.
On Windows 2000, do the following:
1. Click Browse.
2. Double-click Entire Network > Microsoft Windows Network.
3. Double-click your domain name > your DSfW server.
4. Click the share you want to add.
  
  Share names and the server directories they point to are defined in the /etc/samba/smb.conf file on the OES Linux server. For more information and for instructions on setting up shares, see Section 16.1.4, Creating Samba Shares in iManager.
5. Click OK > Next.
6. (Optional) modify the name of the Network Place to a more intuitive name, such as My Home Directory.
7. Click Finish.
  
  The folder opens, ready for access.

Network Places are persistent and are automatically made available in Network Neighborhood each time the user logs in.

16.1.8 Adding a Web Folder

You can use the Internet Explorer browser to add a Web folder that points to a share on the DSfW server.

IMPORTANT:The directory you are linking to must already exist on the DSfW server and fall within the scope of a defined share.

Log in to your Windows workstation.
Open Internet Explorer.
Click File > Open.
Click Open as Web Folder.
In the Open field, type the DSfW server name and share name as follows:

DNS_Name_or_IP\share_name

where DNS_Name_or_IP is the IP address or DNS name of the Samba server and share_name is a share name specified in the /etc/samba/smb.conf file (the most common share name is homes).

For example, to access the homes share on a server with the host name myserver, you would type \\myserver.full.dns.name\homes in the Location field.
Click OK.
To make the folder automatically available, click Favorites > Add to Favorites > OK.

16.1.9 Mapping Drives to Shares

From a Windows 2000 or XP workstation, you can map a network drive letter that points to a share on the DSfW server.

IMPORTANT:The directory you are linking to must already exist on the DSfW server.

Log in to your Windows workstation.
From your desktop, access My Computer > Tools > Map Network Drive.
From the Drive drop-down menu, select an unused drive letter.
Click Browse and browse to Entire Network > Microsoft Windows Network.
Browse to your domain > the DSfW server > the share you want to map the drive to.
Click OK.
Click Finish.

The folder opens, ready for access.