• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1575
  • Last Modified:

Netware access to Windows 2003 64-bit server

We are running a Windows 2003 server (64-Bit) and need file / volume access to a Netware 6.5 server.
A 64-bit client is current not available from Novell and apparently Novell will not be releasing a 64-bit client for Windows.
Is there anyway that we can access files from the Netware server without a Netware 64-bit client?

Someone said that there should be a way to join the Novell server to the Windows domain?  Which is also a dark-area to me.
0
Rupert Eghardt
Asked:
Rupert Eghardt
  • 5
  • 3
  • 3
2 Solutions
 
alextoftCommented:
Enable CIFS on the Netware server, then you can mount it natively as you would any other Windows server - \\servername\volumename

Edit sys:/etc/cifsctxs.cfg and put in the context(s) of the users in the order you want them to be searched for usernames

ou=britain.ou=europe.o=company
ou=france.ou=europe.o=company

etc... then you can login without a distinguished name - fbloggs instead of fbloggs.britain.europe.company. Then make sure the users have a simple password set, add CIFSSTRT to your autoexec.ncf and off you go.

Netware 6.5 only employs the PDC/BDC NT model so I wouldn't try and join it to the domain. When OES2 comes in shortly that has a massively upgraded Domain Services for Windows which is the best Samba style functionality you'll get anywhere outside Redmond. That said, Windows "networking" still remains years behind Netware/eDirectory in almost every respect.
0
 
ShineOnCommented:
What you've heard about a 64-bit Windows client is partially true.

There will not be a Windows XP 64-bit client.  That would cover Windows Server 2003 as well, since they're essentially the same OS. The demand for 64-bit Windows has been so small it's not worth the effort, especially since it's a dead-end anyway, because Microsoft will EOL Windows XP and Windows Server 2003 as fast as they can, to promote the sale of Vista and Server 2008.

The Vista Client will work in either the 32-bit or 64-bit Vista environments, and, since it's based on the same code-base, the upcoming Windows Server 2008 will probably be supported by the Vista Client.

The workaround alextoft gave you is the only way to connect 64-bit XP or 64-bit Server 2003 to NetWare - via NetWare 6.5's version of NFAP/CIFS.

NetWare 6.5 with CIFS can act as a legacy (NT4-type) domain controller, but cannot be part of an Active Directory forest - except in a mixed-mode AD.  If you're running AD in "native 2003" mode, you can't join the NetWare server to the AD domain - authentication has to happen using simple or universal password, to the CIFS service, and whatever users need "share" access to NetWare have to be given rights to the volume/directory the normal NetWare/eDirectory way - those rights will translate to CIFS "permissions."
0
 
Rupert EghardtProgrammerAuthor Commented:
Hi Alex, ShineOn,

Thanks for your suggestions, I honestly think the CIFS module will resolve our problem.  I will be testing the scenario later today, and will give feedback ASAP.
Is there any down-side / disadvantage of loading CIFS on the Novell file server, or using it for that matter?

Thanks, Rupert
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
alextoftCommented:
Not huge ones. You won't have the password change facility, as you have no client, and you won't be able to set Netware file permissions. Standard network drive access, consistent with existing (albeit translated) file permissions should be no different to accessing a Windows server (except maybe faster :)
0
 
ShineOnCommented:
Plus, you'll get dynamic inheritance instead of static ACL's so you won't have the drawbacks of NTFS, like write permissions moving along with files to folders where users and groups aren't assigned to inherit write permissions.

It won't behave fully like a Windows/NTFS "share" - even though it's CIFS, it doesn't have the little goofy things that Microsoft has determined will be Windows-only by design, despite their claim of CIFS being a "standard."

If it's just for "normal" file access, just because you don't have a Novell client for the specific version of Windows on a device or 2, it's fine, I guess.

The biggest drawback is, if you use Simple Password instead of Universal Password, the password is sent clear-text, just like with NT4, so if you have someone sniffing your network for password traffic, it can be intercepted.

Although theoretically possilble with Universal Password, it's much less likely.
0
 
alextoftCommented:
There are a number of ways of reversing a universal password (try using the delimited text IDM driver to dump CN & nspmDistrubutionPassword to a text file using IDM), but since the client uses NICI to encrypt it for transmission over the wire you'd need the server's private key to decrypt the transmission. If you've already got that it's pretty much game over anyway, as it would be if you had rights to configure the aformentioned IDM driver.
0
 
ShineOnCommented:
There has to be a number of ways to reverse a universal password, otherwise it wouldn't be universal... ;)

I didn't say it was "impossible" to reverse, just "less likely" that someone sniffing the LAN will be able to.

Only "real" NetWare passwords are un-crackable (except by brute-force, which is thwarted pretty effectively by intruder lockout)
0
 
Rupert EghardtProgrammerAuthor Commented:
I managed to load CIFSSTRT on the netware server and created a "share folder".
Also included this in the AUTOEXEC.NCF
The CIFS SHARE command indicates that the "share-folder" was successfully been created.

The problem I am experiencing is to log in from the Windows side.  After accessing the share-folder, Windows pops-up a login window, but no combination of user-context seems to work.

I have created a new user with "native Windows password control"
I've checked the cifsctxs.cfg file and confirmed that the context is listed
Even tried logging in "context.user" & "password" failed

What is the correct context to use from the Windows workstation?

A few alternatives that I've also tried:

Novell support suggested installing a new squence via ConsoleOne,
Right-click Login Policy under Security, Properties, sequence name:  simplepassword
But the SimplePassword Object wasn't on the "left" to move to the "right"
Don't know if this could create any problem ...

As our Windows 2003 server is in domain mode, I followed article 10084607 on Novell support:
Enabling the CFIS signatures and updating the Domain Controller Security Policy
- Microsoft network server:  Digitally sign communications (always) value = disabled
- Network security:  LAN manager authentication level value = Send LM & NTL use NLMv2 session ...

Please help!
0
 
ShineOnCommented:
You should be able to just use the userID without context if you followed the instructions alextoft pointed you to, to set search contexts.

It sounds like you've got a simple password issue.

If you don't have "simple password" available in your login policy lists, you need to do something else.

Look higher in your tree, in console one, just below the tree name object.  You should have a grey padlock in a red box labeled "Security."  That's the security container.

Do you have an object in the security container that's a skeleton-key on a blue box, labeled "Authorized Login Methods?"

If so, expand that and see if one of the methods shown is "Simple Password."  If not, you need to install some NMAS methods, including Simple Password.  If you don't know how to do that, please post back.
0
 
Rupert EghardtProgrammerAuthor Commented:
The "Siimple Password" method is not there ..
The only methods listed is:  
"Challange Response", "Macintosh Native file access", "NDS" en "Windows Native File Access"
I tried adding a new method, but it only gives a list of TXT files.  The Novell support site refers to installation CD 10, path:  nmas\nmasmethods
please advise whether this is the correct way to add the method ... "Simple Password"

Regards, Rupert
0
 
ShineOnCommented:
Hmmm.  I wonder if "Windows Native File Access" is the functional equivalent of turning on Simple Password.  I don't have 6.5, so I can't tell from experience.  All I can do at this point is point you to the documentation.

http://www.novell.com/documentation/oes/native/data/acccz0a.html#acccz0a
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now