Configure FTP on your
NetWare 5 server
Everyone knows that NetWare is a great platform for file and print services.
But for some reason, it has been slapped with the label of being ineffective for
Internet services. This isn't completely correct. FTP is one of the most popular
Internet services out there. And using software that ships with NetWare 5, you
can easily configure your NetWare 5 server as an FTP server on the Internet. In
this Daily Drill Down, I'll show you how to set up and configure an FTP server
using NetWare 5, and I'll throw in a few of the gotchas I encountered with my
NetWare 5 FTP server.
Author's Note
An FTP server ships with intraNetWare as well as NetWare 5. Most of the
information contained in this Daily Drill Down will also work with
intraNetWare's FTP services. There will be a few minor differences in commands
and menu choices. Novell also included an FTP server with NetWare 5.1 that's
supposed to include several major improvements over earlier versions. I haven't
had a chance to test the FTP server on NetWare 5.1, but I will do so for an
upcoming Daily Drill Down.
Why would I want an FTP server?
FTP (file transfer protocol) is a popular way to transfer files
from one computer to another on the Internet. Although not as user-friendly as
transferring files from a Web site using the HTTP protocol, FTP is much faster.
Because it's standards-based, an FTP server can store files for just about any
operating system that can support an FTP client.
There are several reasons why you might want to configure an FTP client. First,
if you're running NetWare 5 in an IP-only environment, using an FTP server is
the only way to share files with operating systems such as OS/2 that no longer
have IP-Only NetWare clients.
Second, using an FTP server lets you share the files on your servers with users
outside of your LAN. If your server is connected to the Internet, users on the
outside can't connect to it using their NetWare client, but they can if you've
configured an FTP server. Although it's not as handy as the direct connection
the client provides, it still gives your users or customers a way to access
files.
Installing FTP services on your server
With NetWare 4.11 and intraNetWare, Novell used to ship FTP services on a
separate CD. With NetWare 5, the FTP services are buried and you have to do a
bit of digging to find them. NetWare 5's FTP services are included with the
Novell Print Services for UNIX. Before you can install Novell Print Services for
UNIX on your server, you'll need to make sure your server meets the
prerequisites. You'll need at least 8 MB on your server's SYS volume and 12 MB
of RAM above and beyond the basic RAM requirements of your server.
Because FTP services run from your server, you must install them either at your
server's console or from your administrative workstation using Rconsole. To
install FTP services, type load nwconfig at your server's console prompt
and press [Enter].
When the NetWare Configuration NLM loads, select Product Options from the
Configuration Options menu. You'll then see the Other Installation Actions menu.
Select Choose An Item Or Product Listed Above from the Other Installation
Actions menu. The highlight bar will then jump up to the Other Installation
Items/Products menu. Next, highlight Install UNIX Print Services and press
[Enter].
NetWare then prompts you for the location of the files. You'll find the UNIX
Print Services on your NetWare 5 CD-ROM. Put the CD-ROM in your server and press
[Enter]. If the CD-ROM is located on another server, you'll need to press [F3]
to specify the workstation and path before pressing [Enter]. If you've copied
the CD to another directory on your server, you'll need to press [F4] and
specify the new directory before pressing [Enter].
NWConfig copies a few files to your server and then displays the Product
Installation screen. This screen first informs you that a README.TXT file exists
for the UNIX Print Services installation. After you press [Enter] to clear the
message, the Product Installation screen asks you if you want to view the README
file. To do so, select Yes. To continue without reading the README, select No.
Next, the Product Installation screen begins checking your server's
configuration. First it asks for the Local Host name. This can be the name of
your server or the name of your Internet domain that resolves to this specific
server. Enter the host name in the Enter Local Host Name field and press
[Enter].
The Product Installation screen then asks for the drive and path you use to boot
NetWare. In the appropriate field, type the local DOS drive letter and directory
where your server's SERVER.EXE resides. If you're unsure where this is, stop the
installation and shut down your server to check.
After entering the pathname and pressing [Enter], NWConfig starts copying the
files to your server. This may take awhile, depending on the speed of your
server, CD-ROM drive, and other server activity.
After NWConfig finishes copying the files to your server, it launches Unicon.
Unicon is the administration utility you'll use to control access to the FTP
server and other NetWare UNIX utilities. Unicon first asks you to log in to the
server. You must provide the server's name, the fully distinguished name for
your admin account, and the admin password. For the server name, you must
provide either the TCP/IP address to the server or the server's DNS name. If you
don't have a DNS, then you must use the server's TCP/IP address.
After you log in to the server, Unicon asks whether you want to install a local
or remote NIS (Network Information Service). The NIS database provides access
and rights information detailing which users and groups have rights to the UNIX
services on the NetWare server. If you install Local NIS, Unicon creates an NIS
on your NetWare server and populates it with user and group information from
your NDS tree. If you select Remote NIS, you must know the TCP/IP address of the
NIS server on your network. For this Daily Drill Down, I'm going to put the NIS
server on my NetWare server by selecting Local NIS and pressing [Enter].
Now, Unicon asks you for configuration information for your NIS server on the
Setup (Local NIS) Name Services screen. You must supply an NIS domain name and
the name or IP address of your NIS server. Don't confuse NIS domains with any NT
domains you may have on your network; they're two different things. NIS domains
merely act as a collection of NIS servers and don't communicate with any other
domains you have. You can call the domain anything you want, but it's helpful to
give it a meaningful name.
You can either enter the name or TCP/IP address for your server in the NIS
Server field. It's best to enter the TCP/IP address, however, because that way
you'll be able to use Unicon if your DNS goes down.
The Setup (Local NIS) Name Services screen also asks for your DNS domain and
your DNS server. If you don't have a DNS server on your network, you'll need to
configure one. You can put a DNS server on your NetWare server, although how you
do so is outside of the scope of this article. I'll show you how to do that in
upcoming Daily Drill Downs.
After you've entered all the information, you may be tempted to press [Enter] to
continue. However, this time, press [Esc] to go on. Unicon then asks you if you
want to install NIS Services on your server. This gives you the opportunity to
quit if you want to. Select Yes and press [Enter] to continue.
Unicon will then start to copy the files to your server. You may notice that the
installation pauses a few times during installation. Don't panic. Unicon is just
displaying some status screens to let you know what's going on. Press [Esc] to
bypass the screens and continue.
When Unicon finishes copying the files, it loads. You'll notice that by default,
the only service that starts when Unicon first loads is NIS Services. You must
add FTP services to the list of available UNIX services on your server. To do
so, press [Ins], select FTP Server from the Available Options menu, and press
[Enter]. After you've installed FTP services, you can quit by repeatedly
pressing [Esc] to back out of Unicon and NWConfig.
After you exit Unicon and NWConfig, you should add the NFS name space to the
volumes you want to access from FTP. By default, unless you've installed the NFS
name space, your FTP server will only display filenames in the old DOS 8.3
format. If you've installed Support Pack 3 or later, your FTP server should work
with the LONG name space, but you'll still be safest to install support for the
NFS name space.
To see what name spaces are already loaded on your volumes, type volumes
at the server's console prompt. You'll then see a list of all of the volumes
defined on your server along with their currently loaded name spaces. Typically,
the only name spaces loaded on volumes are DOS and LONG. To add the NFS name
space, type add name space NFS to volumename, replacing volumename
with the name of the volume you want to place the name space on.
If you're installing the FTP services on your NetWare server after you've
installed a Support Pack, you need to reapply the Support Pack. When you install
the FTP server, it installs files from your original, unpatched NetWare CD.
Reapplying the last Support Pack will correct any problems Novell has fixed
since the original release of the FTP server, as well as any files that NWConfig
may have overwritten during the installation.
Configuring access to your FTP server
Now that you've installed FTP services on your NetWare server, it's time to
configure it to allow your users to access it. Unlike most NetWare
administration tasks, you don't use NetWare Administrator to administer the FTP
server. Instead, you must use Unicon.
As you know by now, you run Unicon from your server's console. You can start it
by typing load unicon either at the console or using Rconsole from your
administration workstation. When the Unicon login screen appears, log in using
your administrator user ID and password just like you did above.
You'll then see Unicon's Main Menu appear. Select Manage Services and press
[Enter] to display the Manage Services screen. It shows you all the available
UNIX services you currently have running on your NetWare server. Select FTP
Server and press [Enter].
You'll then see the FTP Administration screen, which enables you to control many
aspects of your NetWare server's FTP settings. Most of the menu choices are
self-explanatory. As you can probably guess, the View menu choices only display
information. Likewise, the Clear Log File menu choice also means exactly what it
says. The main two menu choices you'll deal with from the FTP Administration
screen are Set Parameters and Restrict FTP Access. If you select Set Parameters
from the FTP Administration screen and press [Enter]
The Maximum Number Of Sessions field controls the maximum number
of simultaneous FTP sessions your server can handle. The default setting is 32.
You can set the number of sessions to be anywhere from 1 to 9,999 logins. The
number of FTP logins your server can handle is unrelated to the size of the
license of your NetWare server. Therefore, if you only have a 25-user NetWare
license, you can set your Maximum Number of Sessions higher than 25 and still be
okay.
The Maximum Session Length field controls the amount of time each session can
spend on the FTP server. You can set the sessions in minute increments from one
minute to infinity. Unfortunately, this setting is universal to all sessions on
your server. You can't control session length for individual logins. To set an
infinite session length, put a value of –1 in the field.
The Idle Time Before FTP Server Unloads field controls the length of time the
FTP server remains loaded waiting for a connection. If no one makes an FTP
connection to the server within this amount of time, NetWare unloads it to
preserve memory. If someone later tries to connect, NetWare reloads the server.
Users won't know the FTP server isn't loaded. It will just seem a bit slow to
respond at first.
The Anonymous Access field controls whether you require a user ID and password
to access the FTP server. If you change the value of this field to Yes, Unicon
creates an Anonymous user in your NDS tree as well as your UNIX access list. You
can use the Anonymous account to provide blanket access to your FTP server.
Although most Anonymous accounts don't have passwords associated with them, you
can set one for the Anonymous account. I'll show you how in just a bit. If you
leave the Anonymous account disabled, the only accounts that can log on are
those defined in NDS.
The Default User's Home Directory field displays the home directory for a user
who doesn't have a home directory on the NetWare server. By default, NetWare
uses the root directory of your server's SYS volume. You may want to create a
special directory. Then, just enter the volume name and directory in this field.
As you can probably guess, the Anonymous User's Home Directory field controls
the home directory for the Anonymous account. Like the Default User's Home
Directory field, you just need to enter the volume and directory information in
this field.
The Default Name Space field controls the name spaces that the
FTP sessions rely on. The default setting is DOS. You can set this field to DOS,
LONG, or NFS. You can only use the DOS name space on any remote FTP servers that
you administer from this server. You should set the name space to LONG or NFS if
you have long filenames on your server. If you leave the default setting of DOS,
the FTP server will truncate the files to the DOS 8.3 file name convention for
display and file transfer purposes.
The Intruder Detection field allows you to control how the FTP server reacts to
suspected hackers. By default, this field is disabled. If you enable it, the FTP
server will temporarily lock out users who enter a user ID and password
incorrectly. You can determine the amount of tries a user is allowed by setting
the value in the Number Of Unsuccessful Attempts field. Finally, the Detection
Reset Interval field controls the amount of time an account remains inactive if
it has been turned off by intruder detection.
The last field on the FTP Server Parameters screen is the Log Level field. This
field controls the amount of activity that the server will record. By default,
your server doesn't keep a log of activity. You should change that field.
Options for changing this field include None, Statistics, Logins, and File. If
you select Statistics, the server only records the date, time, IP address, and
number of files transferred for each session. If you select Login, the server
only records logins. If you choose File, the server records all activity. If you
create logs, you should check and clear them regularly so you don't have to wade
through a great deal of old information.
The second main choice you have on the FTP Administration screen is Restrict FTP
Access. If you select this menu choice, you'll see the screen shown in Figure B.
This screen enables you to edit the RESTRICT.FTP file. This file allows you to
specify who can and can't access the server. By default, this file lets everyone
in. However, if you don't want to muddle around with this text file, don't
panic. You can control user access in another part of Unicon.
Controlling user access to the FTP server
Although you can control access to the FTP server by using the RESTRICT.FTP
file, there's an easier way to do it. You can grant login rights to individual
users for the FTP server just as you do for the main file and print portion of
your NetWare server—by using NWAdmin.
By default, your NetWare users can access the FTP server using the same NDS
login they use to connect directly to the server when they use the Novell client
from their workstation. The FTP server will recognize their user ID and password
and grant rights accordingly. This means you can use NetWare Administrator to
control access to your FTP server without doing any additional work.
If you enable Anonymous access in Unicon, Unicon will create an Anonymous
account in the default context in your NDS tree. You can then use NWAdmin to set
the file and group rights for Anonymous if you want to grant it special rights.
But watch out for the Anonymous account. It may provide back-door access to your
NetWare server at the LAN using traditional NetWare clients.
Novell's documentation claims that the Anonymous account doesn't validate
passwords. Therefore, you may think that you can set a password in NetWare
Administrator to lock out local access. It won't work. If you set a password in
NDS, Anonymous FTP users will be forced to use that password as well. However,
if you don't put a password on the Anonymous account, local users can use it to
nose around your network. Of course, they'll only be able to see what Anonymous
FTP users can see, so it may not be that big a deal.
NetWare FTP server quirks
After you install the FTP server, everything works great. Usually. But I've
noticed a few quirks with NetWare's FTP server that I've been unable to resolve
and thought you should be aware of.
The main problem comes from accessing the FTP server. Ideally, you should be
able to access the FTP server from any workstation, running any operating
system, using any FTP client. That didn't happen for me when I started accessing
the FTP server on my test machines.
Whenever I tried accessing the FTP server using a browser such as Netscape or
IE, I had no problems. My NetWare server's FTP program recognized me and
displayed the proper access.
However, whenever I tried to use a dedicated client such as CuteFTP or WS-FTP
6.0, I encountered problems. Likewise, when I tried to access the NetWare FTP
server using gFTP on Linux or EmTech FTP on OS/2, I had problems. EmTech would
actually trap every time I tried to access the NetWare FTP server. Conversely, I
had no problems using a console FTP client on Red Hat or OS/2's native FTP-PM
client.
With CuteFTP, the client would connect normally, but wouldn't list the files
available for transfer. Instead, it displayed a 550 No Such File Or Directory
error. After some investigating, I was able to get CuteFTP to access the FTP
server if I clicked the Advanced tab on the Edit Host or Quick Connect window
and cleared the Resolve Links check box. I believe the problem stems from the
way NetWare's FTP server resolves symbolic links—or rather, doesn't resolve
these links. Some FTP clients don't give you the option of working without them.
And some of them don't appear to work properly if the links don't exist.
The WS-FTP 6.0 client connected properly but displayed garbage instead of
filenames or directories. I was able to resolve this problem by changing the
host type from Automatic Detect to WFTPD. Surprisingly, I had the garbage
display problem when I set the host type to both NetWare v4 and Novell LWP.
I couldn't find any settings on the FTP server that I could change to resolve
the problems for the other clients. Nor could I find a source for the problems
on Novell's Technical Support Web site.
Novell has reported a problem with Macintosh clients that use Fetch 3.0. Fetch
clients appear to lock up rather than transfer data when the client is set for
PASSIVE FTP. Instead, you should make sure that Fetch 3.0 is configured for
active FTP transfers.
Conclusion
Sometimes, it's handy to have an FTP server on your network. Fortunately,
NetWare 5 comes with its own FTP server. In this Daily Drill Down, I've shown
you how to install and configure NetWare 5's FTP server.
John Sheesley has been supporting networks since 1986, when he got his hands
on NetWare 2.2. Since then, he's worked with the Jefferson County Police
Department in Louisville, KY, and the Genlyte-Thomas Group. John's been a
technical writer for several leading publishers, including TechRepublic, The
Cobb Group, and ZDJournals.
