Everyone knows that NetWare is a great platform for file and print services. But for some reason, it has also been slapped with the label as being ineffective for Internet services. This isn’t completely correct. FTP is one of the most popular Internet services out there. Best of all, using software that ships with NetWare 5, you can easily configure your NetWare 5 server as an FTP server on the Internet. In this Daily Drill Down, I’ll show you how to set up and configure an FTP server using NetWare 5, and I’ll throw in a few of the gotchas I encountered with my NetWare 5 FTP server.
An FTP server ships with intraNetWare as well as NetWare 5. Most of the information contained in this Daily Drill Down will also work with intraNetWare’s FTP services. There will be a few minor differences in commands and menu choices. Novell also included an FTP server with NetWare 5.1 that’s supposed to include several major improvements over earlier versions. I haven’t had a chance to test the FTP server on NetWare 5.1, but I will do so for an upcoming Daily Drill Down.
Why would I want an FTP server?
As you probably know, FTP stands for File Transfer Protocol. FTP is a very popular way to transfer files from one computer to another on the Internet. Although not as user-friendly as transferring files from a Web site using the HTTP protocol, FTP is much faster. Because it’s standards-based, an FTP server can store files for just about any operating system that can support an FTP client.
There are several reasons why you may want to configure an FTP client. First, if you’re running NetWare 5 in an IP-only environment, using an FTP server is the only way to share files with operating systems such as OS/2 that no longer have IP-Only NetWare clients.
Second, using an FTP server, you can share the files on your servers with users outside of your LAN. If your server is connected to the Internet, users on the outside can’t connect to it using their NetWare client, but they can if you’ve configured an FTP server. Although it’s not as handy as the direct connection the client provides, it still gives your users or customers a way to access files.
Installing FTP services on your server
In NetWare 4.11 and intraNetWare, Novell used to ship FTP services on a separate CD. With NetWare 5, the FTP services are buried and you have to do a bit of digging to find them. NetWare 5’s FTP services are included with the Novell Print Services for UNIX. Before you can install Novell Print Services for UNIX on your server, you’ll need to make sure your server meets the prerequisites. You’ll need at least 8 MB on your server’s SYS volume and 12 MB of RAM above and beyond the basic RAM requirements of your server.
Because FTP services run from your server, you must install them either at your server’s console or from your administrative workstation using Rconsole. To install FTP services, type load nwconfig at your server’s console prompt and press [Enter].
When the NetWare Configuration NLM loads, select Product Options from the Configuration Options menu. You’ll then see the Other Installation Actions menu. Select Choose An Item Or Product Listed Above from the Other Installation Actions menu. The highlight bar will then jump up to the Other Installation Items/Products menu. Next, highlight Install UNIX Print Services and press [Enter].
NetWare then prompts you for the location of the files. You’ll find the UNIX Print Services on your NetWare 5 CD-ROM. Put the CD-ROM in your server and press [Enter]. If the CD-ROM is located on another server, you’ll need to press [F3] to specify the workstation and path before pressing [Enter]. If you’ve copied the CD to another directory on your server, you’ll need to press [F4] and specify the new directory before pressing [Enter].
NWConfig copies a few files to your server and then displays the Product Installation screen. This screen first informs you that a README.TXT file exists for the UNIX Print Services installation. After you press [Enter] to clear the message, the Product Installation screen asks you if you want to view the README file. To do so, select Yes. To continue without reading the README, select No.
Next, the Product Installation screen begins checking your server’s configuration. First it asks for the Local Host name. This can be the name of your server or the name of your Internet domain that resolves to this specific server. Enter the host name in the Enter Local Host Name field and press [Enter].
The Product Installation screen then asks for the drive and path you use to boot NetWare. In the appropriate field, type the local DOS drive letter and directory where your server’s SERVER.EXE resides. If you’re unsure where this is, stop the installation and shut down your server to check.
After entering the pathname and pressing [Enter], NWConfig starts copying the files to your server. This may take awhile, depending on the speed of your server, CD-ROM drive, and other server activity.
After NWConfig finishes copying the files to your server, it launches Unicon. Unicon is the administration utility you’ll use to control access to the FTP server and other NetWare UNIX utilities. Unicon first asks you to log in to the server. You must provide the server’s name, the fully distinguished name for your admin account, and the admin password. For the server name, you must provide either the TCP/IP address to the server or the server’s DNS name. If you don’t have a DNS, then you must use the server’s TCP/IP address.
After you log in to the server, Unicon asks whether you want to install a local or remote NIS (Network Information Service). The NIS database provides access and rights information detailing what users and groups have rights to the UNIX services on the NetWare server. If you install Local NIS, Unicon creates an NIS on your NetWare server and populates it with user and group information from your NDS tree. If you select Remote NIS, you must know the TCP/IP address of the NIS server on your network. For this Daily Drill Down, I’m going to put the NIS server on my NetWare server by selecting Local NIS and pressing [Enter].
Next, Unicon asks you for configuration information for your NIS server on the Setup (Local NIS) Name Services screen. You must supply an NIS domain name and the name or IP address of your NIS server. Don’t confuse NIS domains with any NT domains that you may have on your network—they’re two different things. NIS domains merely act as a collection of NIS servers and don’t communicate with any other domains you have. You can call the domain anything you want, but it’s best if you give it a meaningful name.
You can either enter the name or TCP/IP address for your server in the NIS Server field. It’s best to enter the TCP/IP address, however, because that way you’ll be able to use Unicon whether or not your DNS goes down.
The Setup (Local NIS) Name Services screen also asks for your DNS domain and your DNS server. If you don’t have a DNS server on your network, you’ll need to configure one. You can put a DNS server on your NetWare server, although how you do so is outside of the scope of this Daily Drill Down. I’ll show you how to do that in upcoming Daily Drill Downs.
After you’ve entered all of the information, you may be tempted to press [Enter] to continue. However, this time, press [Esc] to go on. Unicon then asks you if you want to install NIS Services on your server. This gives you the opportunity to quit if you want to. Select Yes and press [Enter] to continue.
Unicon will then start to copy the files to your server. You may notice that the installation pauses a few times during installation. Don’t panic. Unicon is just displaying a few status screens to let you know what’s going on. Press [Esc] to bypass the screens and continue.
When Unicon finishes copying the files, it loads. You’ll notice that, by default, the only service that starts when Unicon first loads is NIS Services. You must add FTP services to the list of available UNIX services on your server. To do so, press [Ins], select FTP Server from the Available Options menu, and press [Enter]. After you’ve installed FTP services, you can quit by repeatedly pressing [Esc] to back out of Unicon and NWConfig.
After you exit Unicon and NWConfig, you should add the NFS name space to the volumes that you want to access from FTP. By default, unless you’ve installed the NFS name space, your FTP server will only display files names in the old DOS 8.3 filename format. If you’ve installed Support Pack 3 or later, your FTP server should work with the LONG name space, but you’ll still be safest to install support for the NFS name space.
To check what name spaces are already loaded on your volumes, type volumes at the server’s console prompt. You’ll then see a list of all of the volumes defined on your server along with their currently loaded name spaces. Typically, the only name spaces loaded on volumes are DOS and LONG. To add the NFS name space, type add name space NFS tovolumename where you replace volumename with the actual name of the volume you want to place the name space on.
If you’re installing the FTP services on your NetWare server after you’ve installed a Support Pack, you need to reapply the Support Pack. When you install the FTP server, it installs files from your original, unpatched NetWare CD. Reapplying the last Support Pack will correct any problems that Novell has fixed since the original release of the FTP server, as well as any files that NWConfig may have overwritten during the installation.
Configuring access to your FTP server
Now that you’ve installed FTP services on your NetWare server, it’s time to configure it to allow your users to access it. Unlike most NetWare administration tasks, to administer the FTP server, you don’t use NetWare Administrator. Instead, you must use Unicon.
As you know by now, you run Unicon from your server’s console. You can start it by typing load unicon either at the console or using Rconsole from your administration workstation. When the Unicon login screen appears, log in using your administrator user ID and password just like you did above.
You’ll then see Unicon’s Main Menu appear. Select Manage Services and press [Enter]. The Manage Services screen then appears. It shows you all of the available UNIX services that you currently have running on your NetWare server. Select FTP Server and press [Enter].
You’ll then see the FTP Administration screen, which enables you to control many different aspects of your NetWare server’s FTP settings. Most of the menu choices are self-explanatory. As you can probably guess, the View menu choices only display information. Likewise, the Clear Log File menu choice also means exactly what it says. The main two menu choices you’ll deal with from the FTP Administration screen are Set Parameters and Restrict FTP Access. If you select Set Parameters from the FTP Administration screen and press [Enter], you’ll see the FTP Server Parameters screen shown in Figure A.
The Maximum Number Of Sessions field controls the maximum number of simultaneous FTP sessions your server can handle. The default setting is 32. You can set the number of sessions to be anywhere from 1 to 9,999 logins. The number of FTP logins your server can handle is unrelated to the size of the license of your NetWare server. Therefore, if you only have a 25 user NetWare license, you can still set your Maximum Number of Sessions higher than 25 and still be okay.
The Maximum Session Length field controls the maximum amount of time each session can spend on the FTP server. You can set the sessions in minute increments from one minute to infinity. Unfortunately, this setting is universal to all sessions on your server. You can’t control session length for individual logons. To set an infinite session length, put a value of –1 in the field.
The Idle Time Before FTP Server Unloads field controls the amount of time the FTP server remains loaded waiting for a connection. If no one makes an FTP connection to the server within this amount of time, NetWare unloads it to preserve memory. If someone later tries to connect, NetWare reloads the server. Users won’t know the FTP server isn’t loaded. It will just seem a bit slow to respond at first.
The Anonymous Access field controls whether you require a user ID and password to access the FTP server. If you change the value of this field to Yes, Unicon creates an Anonymous user in your NDS tree as well as your UNIX access list. You can use the Anonymous account to provide blanket access to your FTP server. Although most Anonymous accounts don’t have passwords associated with them, you can set one for the Anonymous account. I’ll show you how in just a bit. If you leave the Anonymous account disabled, the only accounts that can log in are those defined in NDS.
The Default User’s Home Directory field displays the home directory for a user who doesn’t have a home directory on the NetWare server. By default, NetWare uses the root directory of your server’s SYS volume. You may want to create a special directory. Then, just enter the volume name and directory in this field.
As you can probably guess, the Anonymous User’s Home Directory field controls the home directory for the Anonymous account. Like the Default User’s Home Directory field, you just need to enter the volume and directory information in this field.
The Default Name Space field controls the name spaces that the FTP sessions rely on. The default setting is DOS. You can set this field to DOS, LONG, or NFS. You can only use the DOS name space on any remote FTP servers that you administer from this server. You should set the name space to LONG or NFS if you have long filenames on your server. If you leave the default setting of DOS, the FTP server will truncate the files to the DOS 8.3 file name convention for display and file transfer purposes.
The Intruder Detection field allows you to control how the FTP server reacts to suspected hackers. By default, this field is disabled. If you enable it, the FTP server will temporarily lock out users who enter a user ID and password incorrectly. You can determine the amount of tries a user is allowed by setting the value in the Number of Unsuccessful Attempts field. Finally, the Detection Reset Interval field controls the amount of time an account remains inactive if it has been turned off by intruder detection.
The last field on the FTP Server Parameters screen is the Log Level field. This field controls the amount of activity that the server will record. By default, your server doesn’t keep a log of activity. You should change that field. Options for changing this field include None, Statistics, Logins, and File. If you select Statistics, the server only records the date, time, IP address, and number of files transferred for each session. If you select Login, the server only records logins. If you choose File, the server records all activity. If you create logs, you should check and clear them regularly so you don’t have to wade through a great deal of old information.
The second main choice you have on the FTP Administration screen is Restrict FTP Access. If you select this menu choice, you’ll see the screen shown in Figure B. This screen enables you to edit the RESTRICT.FTP file. This file allows you to specify who can and can’t access the server. By default, this file lets everyone in. However, if you don’t want to muddle around with this text file, don’t panic. You can control user access in another part of Unicon.
Controlling user access to the FTP server
Although you can control access to the FTP server by using the RESTRICT.FTP file, there’s an easier way to do it. You can grant login rights to individual users for the FTP server just as you do for the main file and print portion of your NetWare server—by using NWAdmin.
By default, your NetWare users can access the FTP server using the same NDS login they use to connect directly to the server when they use the Novell client from their workstation. The FTP server will recognize their user ID and password and grant rights accordingly. This means you can use NetWare Administrator to control access to your FTP server without doing any additional work.
If you enable Anonymous access in Unicon, Unicon will create an Anonymous account in the default context in your NDS tree. You can then use NWAdmin to set the file and group rights for Anonymous if you want to grant it special rights. Watch out for the Anonymous account, however. It may provide back-door access to your NetWare server at the LAN using traditional NetWare clients.
Novell’s documentation claims that the Anonymous account doesn’t validate passwords. Therefore, you may think that you can set a password in NetWare Administrator to lock out local access. It won’t work. If you set a password in NDS, Anonymous FTP users will be forced to use that password as well. However, if you don’t put a password on the Anonymous account, local users can use it to nose around your network. Of course, they’ll only be able to see what Anonymous FTP users can see, so it may not be that big of a deal.
NetWare FTP server quirks
After you install the FTP server, everything works great. Usually. I’ve noticed a few quirks with NetWare’s FTP server that I’ve been unable to resolve and thought you should be aware of.
The main problem comes from accessing the FTP server. Ideally, you should be able to access the FTP server from any workstation, running any operating system, using any FTP client. That didn’t happen for me when I started accessing the FTP server on my test machines.
Whenever I tried accessing the FTP server using a browser such as Netscape or IE, I had no problems. My NetWare server’s FTP program recognized me and displayed the proper access.
However, whenever I tried to use a dedicated client such as CuteFTP or WS-FTP 6.0, I encountered problems. Likewise, when I tried to access the NetWare FTP server using gFTP on Linux or EmTech FTP on OS/2, I had problems. EmTech would actually trap every time we tried to access the NetWare FTP server. Conversely, I had no problems using a console FTP client on Red Hat or OS/2’s native FTP-PM client.
With CuteFTP, the client would connect normally, but wouldn’t list the files available for transfer. Instead, it displayed a 550 No Such File Or Directory error. After some investigating, I was able to get CuteFTP to access the FTP server if I clicked the Advanced tab on the Edit Host or Quick Connect window and cleared the Resolve Links check box. I believe the problem stems from the way that NetWare’s FTP server resolves symbolic links—or rather, doesn’t resolve these links. Some FTP clients don’t give you the option of working without them. And some of them don’t appear to work properly if the links don’t exist.
The WS-FTP 6.0 client connected properly, but displayed garbage instead of filenames or directories. I was able to resolve this problem by changing the host type from Automatic Detect to WFTPD. Surprisingly, I had the garbage display problem when I set the host type to both NetWare v4 and Novell LWP.
I couldn’t find any settings on the FTP server that I could change to resolve the problems for the other clients. Nor could I find a source for the problems on Novell’s Technical Support Web site.
Novell has reported a problem with Macintosh clients that use Fetch 3.0. Fetch clients appear to lock up rather than transfer data when the client is set for PASSIVE FTP. Instead, you should make sure that Fetch 3.0 is configured for active FTP transfers.
Sometimes it’s handy to have an FTP server on your network. Fortunately, NetWare 5 comes with its own FTP server. In this Daily Drill Down, I’ve shown you how to install and configure NetWare 5’s FTP server.
John Sheesley has been supporting networks since 1986, when he got his hands on NetWare 2.2. Since then, he’s worked with the Jefferson County Police Department in Louisville, KY and the Genlyte-Thomas Group. John’s been a technical writer for several leading publishers, including TechRepublic, The Cobb Group, and ZDJournals. If you’d like to contact John, send him an e-mail .
The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.