?
Solved

Netware access to Windows 2003 64-bit server

Posted on 2007-08-04
12
Medium Priority
?
1,570 Views
Last Modified: 2013-11-29
We are running a Windows 2003 server (64-Bit) and need file / volume access to a Netware 6.5 server.
A 64-bit client is current not available from Novell and apparently Novell will not be releasing a 64-bit client for Windows.
Is there anyway that we can access files from the Netware server without a Netware 64-bit client?

Someone said that there should be a way to join the Novell server to the Windows domain?  Which is also a dark-area to me.
0
Comment
Question by:Rupert Eghardt
  • 5
  • 3
  • 3
11 Comments
 
LVL 19

Assisted Solution

by:alextoft
alextoft earned 800 total points
ID: 19631722
Enable CIFS on the Netware server, then you can mount it natively as you would any other Windows server - \\servername\volumename

Edit sys:/etc/cifsctxs.cfg and put in the context(s) of the users in the order you want them to be searched for usernames

ou=britain.ou=europe.o=company
ou=france.ou=europe.o=company

etc... then you can login without a distinguished name - fbloggs instead of fbloggs.britain.europe.company. Then make sure the users have a simple password set, add CIFSSTRT to your autoexec.ncf and off you go.

Netware 6.5 only employs the PDC/BDC NT model so I wouldn't try and join it to the domain. When OES2 comes in shortly that has a massively upgraded Domain Services for Windows which is the best Samba style functionality you'll get anywhere outside Redmond. That said, Windows "networking" still remains years behind Netware/eDirectory in almost every respect.
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 1200 total points
ID: 19632861
What you've heard about a 64-bit Windows client is partially true.

There will not be a Windows XP 64-bit client.  That would cover Windows Server 2003 as well, since they're essentially the same OS. The demand for 64-bit Windows has been so small it's not worth the effort, especially since it's a dead-end anyway, because Microsoft will EOL Windows XP and Windows Server 2003 as fast as they can, to promote the sale of Vista and Server 2008.

The Vista Client will work in either the 32-bit or 64-bit Vista environments, and, since it's based on the same code-base, the upcoming Windows Server 2008 will probably be supported by the Vista Client.

The workaround alextoft gave you is the only way to connect 64-bit XP or 64-bit Server 2003 to NetWare - via NetWare 6.5's version of NFAP/CIFS.

NetWare 6.5 with CIFS can act as a legacy (NT4-type) domain controller, but cannot be part of an Active Directory forest - except in a mixed-mode AD.  If you're running AD in "native 2003" mode, you can't join the NetWare server to the AD domain - authentication has to happen using simple or universal password, to the CIFS service, and whatever users need "share" access to NetWare have to be given rights to the volume/directory the normal NetWare/eDirectory way - those rights will translate to CIFS "permissions."
0
 

Author Comment

by:Rupert Eghardt
ID: 19636686
Hi Alex, ShineOn,

Thanks for your suggestions, I honestly think the CIFS module will resolve our problem.  I will be testing the scenario later today, and will give feedback ASAP.
Is there any down-side / disadvantage of loading CIFS on the Novell file server, or using it for that matter?

Thanks, Rupert
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 19

Expert Comment

by:alextoft
ID: 19637579
Not huge ones. You won't have the password change facility, as you have no client, and you won't be able to set Netware file permissions. Standard network drive access, consistent with existing (albeit translated) file permissions should be no different to accessing a Windows server (except maybe faster :)
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 19639984
Plus, you'll get dynamic inheritance instead of static ACL's so you won't have the drawbacks of NTFS, like write permissions moving along with files to folders where users and groups aren't assigned to inherit write permissions.

It won't behave fully like a Windows/NTFS "share" - even though it's CIFS, it doesn't have the little goofy things that Microsoft has determined will be Windows-only by design, despite their claim of CIFS being a "standard."

If it's just for "normal" file access, just because you don't have a Novell client for the specific version of Windows on a device or 2, it's fine, I guess.

The biggest drawback is, if you use Simple Password instead of Universal Password, the password is sent clear-text, just like with NT4, so if you have someone sniffing your network for password traffic, it can be intercepted.

Although theoretically possilble with Universal Password, it's much less likely.
0
 
LVL 19

Expert Comment

by:alextoft
ID: 19640103
There are a number of ways of reversing a universal password (try using the delimited text IDM driver to dump CN & nspmDistrubutionPassword to a text file using IDM), but since the client uses NICI to encrypt it for transmission over the wire you'd need the server's private key to decrypt the transmission. If you've already got that it's pretty much game over anyway, as it would be if you had rights to configure the aformentioned IDM driver.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 19640325
There has to be a number of ways to reverse a universal password, otherwise it wouldn't be universal... ;)

I didn't say it was "impossible" to reverse, just "less likely" that someone sniffing the LAN will be able to.

Only "real" NetWare passwords are un-crackable (except by brute-force, which is thwarted pretty effectively by intruder lockout)
0
 

Author Comment

by:Rupert Eghardt
ID: 19641047
I managed to load CIFSSTRT on the netware server and created a "share folder".
Also included this in the AUTOEXEC.NCF
The CIFS SHARE command indicates that the "share-folder" was successfully been created.

The problem I am experiencing is to log in from the Windows side.  After accessing the share-folder, Windows pops-up a login window, but no combination of user-context seems to work.

I have created a new user with "native Windows password control"
I've checked the cifsctxs.cfg file and confirmed that the context is listed
Even tried logging in "context.user" & "password" failed

What is the correct context to use from the Windows workstation?

A few alternatives that I've also tried:

Novell support suggested installing a new squence via ConsoleOne,
Right-click Login Policy under Security, Properties, sequence name:  simplepassword
But the SimplePassword Object wasn't on the "left" to move to the "right"
Don't know if this could create any problem ...

As our Windows 2003 server is in domain mode, I followed article 10084607 on Novell support:
Enabling the CFIS signatures and updating the Domain Controller Security Policy
- Microsoft network server:  Digitally sign communications (always) value = disabled
- Network security:  LAN manager authentication level value = Send LM & NTL use NLMv2 session ...

Please help!
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 19641981
You should be able to just use the userID without context if you followed the instructions alextoft pointed you to, to set search contexts.

It sounds like you've got a simple password issue.

If you don't have "simple password" available in your login policy lists, you need to do something else.

Look higher in your tree, in console one, just below the tree name object.  You should have a grey padlock in a red box labeled "Security."  That's the security container.

Do you have an object in the security container that's a skeleton-key on a blue box, labeled "Authorized Login Methods?"

If so, expand that and see if one of the methods shown is "Simple Password."  If not, you need to install some NMAS methods, including Simple Password.  If you don't know how to do that, please post back.
0
 

Author Comment

by:Rupert Eghardt
ID: 19653184
The "Siimple Password" method is not there ..
The only methods listed is:  
"Challange Response", "Macintosh Native file access", "NDS" en "Windows Native File Access"
I tried adding a new method, but it only gives a list of TXT files.  The Novell support site refers to installation CD 10, path:  nmas\nmasmethods
please advise whether this is the correct way to add the method ... "Simple Password"

Regards, Rupert
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 19666828
Hmmm.  I wonder if "Windows Native File Access" is the functional equivalent of turning on Simple Password.  I don't have 6.5, so I can't tell from experience.  All I can do at this point is point you to the documentation.

http://www.novell.com/documentation/oes/native/data/acccz0a.html#acccz0a
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question