10.2 Making Directories Accessible Through NetStorage
NetStorage makes files on OES 2 servers available on the Internet. Directories can be made available as organizational needs dictate. For the exercises in this guide, we will focus on user home directories.
10.2.1 NCP Users Have Automatic Access to Their Home Directories
For users who have a home directory specified in eDirectory™ (on an NCP™ or NSS volume), access to that home directory is automatic.
By default, when users log in to NetStorage, they see a storage location named Home@TREE_NAME. This means that the ncp_*, the nss_* users, and the nw_edir user each see their home directories when they log into NetStorage.
The label that users see is configurable in the iManager plug-in by using the task. You can also specify home directories in additional trees if users log in to multiple trees. For more information, see NetWare Storage Provider
in the OES 2 SP3: NetStorage Administration Guide.
HINT:The first time you access the task in iManager, the configuration is blank and the column headings are collapsed. To display the configuration, click , click another task, then click again. All of the columns are then displayed.
To make other directories on an OES 2 server available through NetStorage, including non-NCP/NSS home directories, you must create a Storage Location Object that points to the directory and then add the object to a Storage Location List as explained in the following sections.
10.2.2 Creating a Storage Location Object in iManager
A Storage Location object specifies an access protocol and points to a directory on either the NetStorage server itself or another accessible server. After object creation, users with rights to the directory can access storage location objects through NetStorage.
For connections to Storage Location objects, NetStorage supports both CIFS and SSH as alternatives to NCP (the default NetStorage protocol). Although they are used in this guide, SSH storage locations should only be used after certain security issues are understood and dealt with. (For more information, see SSH Security Considerations
in the OES 2 SP3: Planning and Implementation Guide.)
Because the linux*_lum-edir users’ home directories are on a Linux traditional volume, there is no default access and you must create a Storage Location object for them to use.
Because the CIFS protocol on your getting-started lab server uses Novell CIFS, and because Novell CIFS provides access to only NSS volumes, the Storage Location object must use SSH.
To create an SSH Storage Location object:
-
Start iManager by entering the following URL in a browser Address field:
http://IP_or_DNS/nps
where IP_or_DNS is the IP address or DNS name of your OES 2 server.
If you receive a Tomcat error, see Section A.2, iManager Tomcat Error.
-
Log in to iManager as the Admin user.
-
Click the icon
.
-
Click > .
-
In the field, type
StorLoc_hostname
where hostname is the name of your getting-started lab server. This is the name of the Storage Location object in eDirectory (for example, StorLoc_myserver).
-
In the field, type
Linux_Home_Directories
This is the name that users see in the NetStorage directory access list.
-
In the field, type
ssh://IP_or_DNS_Name/home
where IP_or_DNS_Name is the IP address or full DNS name of your getting-started lab server (for example, ssh://myserver.mysite.company.example.com/home).
IMPORTANT:Protocol designators, such as ssh and cifs, are case-sensitive on OES 2 servers. Make sure you don’t type the common uppercase (SSH or CIFS) out of habit.
-
Click the icon
next to the field.
-
Browse to and select the SERVERS Organizational Unit object.
The new Storage Location object will be created in the SERVERS organizational unit object.
-
Click > .
10.2.3 Adding the Object to a Storage Location List
Storage Location Lists are required for granting access for users, groups, or containers (Organizational Unit objects) to Storage Location objects.
-
In the list of tasks below File Access (NetStorage), click .
-
Click the icon
next to the field.
This field contains the user, group, or OU object that is granted access to the Storage Location object.
-
Click > .
-
Click the icon
next to the field.
-
Click the down-arrow
next to .
-
Click the StorLoc_hostname object for your getting-started lab server, then click .
You could add multiple Storage Location objects to the list if needed, but we are only adding one.
-
Click twice.
10.2.4 SSH and NetStorage Administration
Many network administrators prefer to use SSH for remote server administration. NetStorage includes a special SSH-based Storage Location object named NSS_Volumes that lets eDirectory Admin users administer NSS volumes on OES 2 through NetStorage. Admin users can assign trustees, administer NSS file and directory attributes, restrict directory size, and so on.
As a general security precaution, SSH services are not enabled by default on OES 2 servers. However, you enabled SSH services through the firewall in Section 4.4, Allowing SSH Access, and then you enabled SSH as a LUM-enabled service, thus giving SSH access to LUM-enabled users.
The eDirectory Admin user has SSH access because it is a LUM-enabled user by default. This means that the Admin user can use SSH for remote server administration and it can administer the server’s NSS volumes through NetStorage.
NOTE:Unlike home directory access, which automatically connects all users in the tree with their NCP or NSS home directories no matter which server the directories are on, default administrative access is limited to the nssvolumes Storage Location object located in COMPANY. To provide administrative access to the HOME_NW volume on the LAB_NW NetWare® server, you would need to create an NCP Storage Location object that points to that volume.
Continue with Section 11.0, Getting Acquainted with OES.