As easy as it is to set up a workstation to log into an NDS network, there are times that it can be a real pain. Novell has realized that administrators have more important things to do than worry about setting up the right context for a particular workstation. Combine that with having different users from different containers logging in at the same workstation, and you can begin to see the benefits that contextless login can bring you.
Contextless login involves creating a catalog and loading an additional NLM on your NetWare 5 server. The server moves NDS-related login information into a catalog database file, which allows you to access directory information without having to walk the NDS tree. Installing and configuring the contextless login service is so simple that even if you’re running just one or two servers, you’ll see the benefits in a short period of time.
Installing Catalog Services
To begin, insert the NetWare 5 CD into your server’s CD-ROM drive. If the CD-ROM services aren’t active, type CDROM at the server’s console command prompt. Shortly after the modules load, you should see a message indicating that a volume has been raised to an active state. Write down the volume name—you’ll need to know it when you run NWCONFIG. If you miss the volume name, you can type VOLUMES at the server console command prompt and look for the newly added volume name.
At this point, load NWCONFIG.NLM. You can do so from the server’s console prompt from your administration workstation if you’re running RCONSOLE. In the Configuration Options window, highlight the Product Options menu choice and press [Enter]. Then, highlight the Install A Product Not Listed option and press [Enter]. In the next window, press [F3] and type NETWARE5: for the installation path, then press [Enter]. If the NetWare OS CD you use mounts with a different filename, or if you specified a different name to be used for the volume when the CD was mounted, substitute that for NETWARE5.
If you see a message indicating that a new file will downgrade an existing file, press [Enter], select Never Overwrite Newer Files, and press [Enter] again. You’ll then notice that NWCONFIG copies a series of files to your server. Next, you should see a NetWare 5 GUI (Graphical User Interface) window. Don’t be concerned if you think a reinstallation process is starting on your NetWare 5 server. It’s just part of the process to get the ball rolling for the installation of Catalog Services. Whatever you do, don’t try to stop the install by unloading NWCONFIG from the console command prompt window. If you do, you’ll run the risk of corrupting one or more files needed to run NWADMIN and configure Catalog Services.
Now, select NDS Catalog Services and click the Next button to continue. A Summary window will appear, indicating the option you have chosen to install. Click the Finish button to install the additional service. A series of messages will appear indicating that files are being copied. As with the NWCONFIG utility, if you see a file date conflict message, select the No, Do Not Replace ANY Of The Files That Cause A Conflict option and click OK.
Once all the files have been copied, you’ll see an Installation Complete window. Click the Close button. You should momentarily be returned to the NWCONFIG window where this installation process was started. If you’re prompted to reboot the server after the installation process is complete, click the No button. Then, exit NWCONFIG.NLM.
At the server console command prompt, type DSCAT to load the Catalog Service NLM. You should now see the Novell Directory Services Catalog Dredger window on your NetWare 5 server. Before you’ve finished working with the server, you’ll want to add the DSCAT command to the server’s AUTOEXEC.NCF file so that the Catalog Services will be automatically loaded the next time the server is started. Unlike some of the other Novell installation programs, no separate install process is required to install the NWADMIN snap-ins to manage the Catalog Services.
Creating the Catalog Services object
Once in NWADMIN, you’ll notice that two objects have been added to the NDS tree: NDSCat:Master Catalog and NDSCat:Slave Catalog. Just as you have more than one copy of your NDS partition(s), you should have more than one copy of the NDS Catalog Services running. Right-click on the context that you want the catalog to cover and then click the Create option. In the New Object window, double-click the NDSCat:Master Catalog object. Once the Create Catalog object appears, enter the name you want to use for the catalog (for example, UserCat), select the Define Additional Properties option, and click the Create button to create the object.
First, you’ll need to identify the host server that will be responsible for this catalog. Click the discovery or browse button to the right of the input field, browse the NDS directory until you see the correct server name, and double-click the server name. When you return to the Master Catalog properties window, you’ll see the full NDS name for the server filled in for you. If you decide to directly enter the server name instead of using the NDS browse option, remember that you’ll need to specify the server’s full NDS name.
Make the security for the Master Catalog object equivalent to another object so that it can browse the NDS tree to discover the information it will use to populate its database. It’s probably a safe idea to make the Master Catalog security equivalent to Admin. If your security folks balk at this idea, you can try another object, but watch the logs created by Catalog Services to make sure there are no problems.
The input fields allowing you to enter additional information, such as a description, location, department, and organization, are optional. In other words, if you don’t use those fields, it won’t affect the operation of Catalog Services.
Now, click the New button. This option allows you to further identify the catalog and specify which of the catalog(s) your users will use. After you’ve entered labels for both Primary and Secondary, click OK.
At this point, click the Filter button in the Master Catalog properties window. Click the Discovery button to the right of the Context Limits input field and double-click on the part of the tree where you want the information-gathering process to start. In our tree, we have an organization and an organizational unit. We entered the topmost container in the tree. Although this step is not required, it could help control the growth of a catalog as your tree grows.
You can specify that you want to search the entire subtree, or you can select the Search Immediate Subordinates option to search just one level down. If you’re using NDS alias objects, select the Search Aliases option so that information is properly recognized as the catalog is built.
Unless you’re having quite a bit of turnover in your company (and your NDS tree changes a lot with the creation or deletion of users), leaving the Catalog Dredger update set to manual (the default setting) may be the easiest way to go. Keep in mind that you’ll need to remember to perform a manual update of the Catalog Dredger before users will be able to log in without specifying the exact context they reside in. You also have the option of specifying the start time and date of the dredging process. Until you click the OK button at the bottom of the window to submit the changes to the UserCat catalog object, the Update button will be grayed out. Once you’ve created the object and returned to the properties page, the Update Now button will be functional. For the purposes of our Daily Drill Down, choose the manual update function.
Next, click the Attributes/Indexes button to select the attributes you want to use for the contextless login process. If you use the default option (using all attributes), keep in mind that the catalog has the ability to grow quite large in proportion to the number of users and the amount of information you’ll capture from NDS.
The Log View button gives you the option of capturing the information that is normally returned to the NetWare console screen and being able to review it later. This information includes:
- the time of the dredge (also known as search) process
- confirmation that the process completed
- any errors that were encountered during the process
Until you become familiar with how the dredging process works, being able to capture the log information can prove to be a valuable debugging tool. Once you’ve adjusted the default size of the log file (0 Kbytes means that there will be no logging), click OK to finish creating the Master Catalog NDS object.
You need to perform one last step on the server: You must create a Slave Catalog capable of providing the same information to the clients running the contextless login process. You need this in case the Master Catalog is not available or can’t respond quickly enough to the client requests. To begin, right-click on the same level in the tree that you did when creating the Master Catalog option. Then, select the Create option. In the list of object classes, double-click NDSCat:Slave Catalog to start the creation process.
When the Create Catalog window appears, enter a name unique to this catalog, then select the Define Additional Properties option. Next, click the Create button. When the Slave Catalog properties window appears, click the discovery button to the right of the Master label and browse the NDS tree. Double-click the name of the Master Catalog object that you created earlier.
When you return to the Slave Catalog properties window, you’ll see the full NDS name of the Master Catalog object. You’ve now created the linking to the Master Catalog that will allow the information to be populated into the Slave Catalog.
You’ll notice that there are fewer option buttons on the right-hand side of the properties window compared to the Master Catalog properties window. Since you’re working with just a mirror image of the Master Catalog, there is no reason you’d want to change a setting. Click OK to create the Slave Catalog.
Returning to the Master Catalog NDS object, you should now see the name of the Slave Catalog displayed when you click the Slave Catalogs button on the properties page. You can specify additional Slave Catalogs to provide levels of redundancy.
To make sure that the Catalog objects can access the information needed to build the information repository they’ll be responsible for, right-click the highest container object that the objects need to get information from. Then, click the Trustees Of This Object menu option. When the Trustees properties window appears, click the Add Trustee button, browse the NDS tree to locate the Master Catalog NDS object, and double-click the object name to add it to the list. When you return to the Trustees properties window, you should see the Master Catalog object in the list of trustees, with Browse, Read, and Compare rights assigned to the trustee you just added. Click OK to close this window. Then, right-click the Master Catalog object and click the Trustees Of This Object menu option. Click the Add Trustee button, then double-click on the [Public] NDS object. When you return to the properties window, you should now see the [Public] object in the Trustees list, with Browse, Read, and Compare rights assigned to it. Click OK to close this window.
Testing the contextless login process
You’ll now need to test the contextless login process. For the purposes of this Daily Drill Down, I’ll use a Windows 95 Rev B client to log in with. Make sure that you’ve already installed the client that came with the NetWare 5 server.
First, right-click the Network Neighborhood icon on your desktop and select the Properties option. Double-click the Novell NetWare Client option, and you should see a Properties window. Select the Contextless Login tab, where you’ll configure the contextless login process.
Next, select the Enable option. If you want to allow the searching of user IDs in the catalog, select Wildcard Searching Allowed. The default value for Search Timeouts is 2 seconds. Unless your network is really busy and you’ve experienced other network-related timeout problems, leave this value set to the default. Change it only if you start having errors while trying to log in.
Although this step is optional, enter the tree name and fully distinguished name of the catalog object. Doing so allows for quicker turnaround of the information needed for the client to log in.
Once you’ve typed the requested information, the Add button will become active. Click this button to place this information into the registry for this client. Then click OK to exit the NetWare Client Properties window. Click OK again to exit back to the workstation desktop. Depending on the configuration of your workstation, you may see the usual process, where the workstation wants to add some files it already has. Answer any file version conflict messages that may appear (keep the file already present on the system) and then restart the computer when prompted for the client changes to take effect.
Once the workstation has rebooted and the Novell Client login window is in front of you, clear out the contents of the Username field and press the Tab button. If you’ve enabled wildcard searching, you should now see a complete listing of all NDS objects in the tree. To take it one step further, enter the first letter of one of the usernames on your network in the Username field and press the Tab key again. Unless only one object starts with that letter, you’ll see a list of all objects beginning with that letter. Log in as one of the users on the network and verify that everything works as expected. If you have any problems with the contextless login not working, look at Novell TID (technical information document) # 10011480 for information pertaining to the Windows registry settings that must be present. You’ll also find additional troubleshooting steps to get contextless login working for you.
As you can see, setting up contextless login isn’t that hard to do. If you’re running networks with multiple containers, using contextless login can be a real timesaver. This is just another example of how leveraging NDS can mean less work for you on a day-to-day basis.
Ronald Nutter is a senior systems engineer in Lexington, KY. He’s an MCSE, Novell Master CNE, and Compaq ASE. Ron has worked with networks ranging in size from single servers to multiserver/multi-OS setups, including NetWare, Windows NT, AS/400, 3090, and UNIX. He’s also the help desk editor for Network World. If you’d like to contact Ron, send him an e-mail. (Because of the large volume of e-mail that he receives, it’s impossible for him to respond to every message. However, he does read them all.)
The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.