Chapter Two: Implementing eDirectory Services Hands-On Novell NetWare 6.0/6.5, Enhanced Edition

Objectives After reading this chapter and completing the exercises, you will be able to: Configure a workstation to communicate with the network by using both Microsoft and Novell Client software Describe the function and purpose of eDirectory and use distinguished and relative names to access network objects

Objectives After reading this chapter and completing the exercises, you will be able to: Install and use NetWare management utilities to work with the eDirectory tree Install and use NetWare Administrator, ConsoleOne, and iManage to browse the eDirectory tree, view object properties, and create new objects Use ConsoleOne to view and work with partitions and replicas

Implementing the Client To communicate and access network services, a user’s computer requires a network interface card (NIC) along with client and protocol software components, as shown in Figure 2-1 The NIC driver controls the network interface card so that it can send and receive packets over the network cable system

Client Protocols

Implementing the Client An important part of Novell’s OneNet strategy is to provide network services that are compatible with the variety of clients shown in Figure 2-2 To make accessing NetWare file services simpler in a multi-client environment, NetWare 6 includes Novell’s new Native File Access (NFAP), which enables NetWare 6 servers to process file service requests formatted by non-Novell clients, such as Microsoft, Apple, and Unix As shown in Table 2-1, accessing certain eDirectory or application services on a NetWare server still requires Novell Client to be installed on the workstation

NetWare Client Options

Web Browser Clients Web browsers, such as Internet Explorer and Netscape, are clients that use the HTTP and WebDAV protocols to make requests to Web servers Many Internet applications are now written to access data and services from Web browsers

Using the Microsoft Client The Microsoft client is needed to access shared resources and services from other Windows-based computers This client is optional on Windows 9x, but is automatically installed with the Windows 2000 operating system When a computer running a Microsoft client attempts to access a NetWare 6 server running NFAP, the Windows client submits its local user name and password to the NetWare server in the same way it would attempt to log on to a Microsoft server In addition to the user’s eDirectory password that Novell Client needs, NetWare keeps a separate password for each user account to use when logging on from Microsoft clients

The Microsoft Client Service for NetWare Users who use both the Novell and Microsoft clients to log in must maintain two passwords An alternative to installing Novell Client on Windows computers is to use Microsoft NetWare client Windows 9x and 2000 come with an optional NetWare client—Microsoft Client Service for NetWare—to access services on NetWare 6 servers

The Novell Client Novell Client offers the following advantages over the Microsoft NetWare client when logging in to the UASHOST servers:  Easy access to network services through the addition of the Novell menu in the taskbar and extra NetWare options in the My Computer, Network Neighborhood, and Explorer menus  More secure passwords  The ability to use NetWare utilities, such as ConsoleOne and NetWare Administrator  Support for Z.E.N. works application services

Novell Clients

The Novell Client As a network administrator, you can select any of the following methods to install Novell Client, depending on the workstation’s configuration and your personal preferences:  Install from CD-ROM  Install from the network  Automatic Client Upgrade (ACU)

Novell eDirectory Services Starting with NetWare 4, Novell pioneered a directory service, using a global database of network objects, called Novell Directory Services (NDS) NDS was based on an industry-standard naming system called X.500

eDirectory Components The eDirectory system uses a tree structure to organize network components, called objects, in a way that is very similar to how files and directories are organized on a hard disk The eDirectory database consists of three major types of objects:  The [Root] object  Container objects  Leaf objects

eDirectory Components The [Root] object is important because it represents the beginning of the network directory service tree, in much the same way the root of a disk volume represents the beginning of the disk storage space on a drive Container objects are used to group and store other objects

eDirectory Components eDirectory supports three major types of container objects:  Country  Organization  Organizational Unit Country container objects must be assigned a valid two- digit country code and can exist only within the root of a directory service tree

eDirectory Components Organization container objects must exist within a Country container or directly under the root of the directory service tree Organizational Unit (OU) container objects, which must exist within an Organization container or within another OU container, divide users and other leaf objects into appropriate workgroups, such as company divisions or departments

eDirectory Components Figure 2-6 illustrates the sample eDirectory tree for UAS Leaf objects represent network entities, such as users, groups, printers, and servers A property is a field that can contain information about an object

eDirectory Object Types

eDirectory Components Admin is an important user object because it has the Supervisor right to the entire eDirectory tree, allowing the Admin user to create and manage all other objects in the tree structure

Directory Context The location of an object within the eDirectory tree is referred to as its context Each object in the eDirectory database can be uniquely identified by its distinguished name, which consists of the object’s name along with its complete context, leading to the root of the eDirectory tree A context specification that includes the object abbreviations is referred to as a typeful name

Directory Context A distinguished name that does not contain the object type abbreviations is referred to as a typeless name The location of your client computer within the eDirectory tree is referred to as its current context If your client computer’s current context is set to one of the containers specified in the distinguished name, you can save keystrokes by using a relative name A relative distinguished name, often referred to as just a relative name, starts with the current context and is specified by omitting the leading period

Designing an eDirectory Tree Structure The first step is to define and document all users and other objects in the network After identifying all the network objects, your next step was to determine what containers would be needed When grouping objects, you should keep the design as simple as possible to reduce the number of containers that will be needed A general rule is to avoid containers with fewer than 10 users unless the objects are in separate geographical areas with their own server and independent resources

A Simple eDirectory Tree Design

Designing an eDirectory Tree Structure

Introduction to NetWare Management Utilities To work with the eDirectory tree, you need to become familiar with Novell’s management utilities In NetWare 5, Novell introduced the ConsoleOne utility, which was written using the Java language so that it could run on multiple platforms, including the NetWare server’s console With NetWare 6, in addition to NetWare Administrator and ConsoleOne, Novell introduced a new network management tool called iManager

Introduction to NetWare Management Utilities With iManager, network administrators can manage their eDirectory trees from a Web browser, such as Internet Explorer, instead of requiring a workstation with the Novell client Because it does not require the Novell client running on a Windows-based computer, the iManager utility is an integral part of Novell’s OneNet vision, allowing network management from any client on a connected network Each utility has its advantages and disadvantages

Using NetWare Administrator To run NetWare Administrator, you need a Windows 9x or 2000 workstation with at least 64 MB of RAM and the Novell Client software Although the Microsoft client allows users to access NetWare file and print services, it does not have the necessary components to run ConsoleOne or NetWare Administrator

Installing and Using ConsoleOne ConsoleOne remains the primary utility for managing most aspects of the NetWare 6 eDirectory tree In addition to having Novell Client installed, ConsoleOne requires a workstation to have at least 128 MB of RAM and a 300 MHz processor to run effectively

Implementing the eDirectory Tree Your classroom eDirectory tree has been set up to allow you to create your own version of the Universal AeroSpace structure in your assigned ##UAS Organization (the ## represents your assigned student number) Initially, your ##UAS Organization contains only your ##Admin administrator name that was created during the classroom server’s setup The actual NetWare server and SYS volume objects are located in the UAS Organization

Creating Alias and Volume Objects An alias object is a pointer to the real object located in another container Alias objects are useful when you need to access physical resources, such as files and printers, from different contexts (several departments in a company, for instance) Volume objects point to the physical data volumes on the server and are used to access data and store volume configuration and status information When a new volume is created on the server, a corresponding volume object is created in the server’s eDirectory container

Creating Organizational Units with iManager By default, the Admin user of the tree has the necessary rights to use iManager to perform all tasks, but by creating administrative roles, the administrator can grant rights to other users to perform certain management tasks in iManager You could easily create your remaining OUs with NetWare Administrator, but in the activity on page 62 through 64, you practice using iManager to create container objects in your ##UAS Organization

Completing the Tree Structure with ConsoleOne When you log in with the Admin user name, you risk accidentally changing the system configuration or erasing or corrupting server files In addition, if the workstation from which you’re logging in has a computer virus in memory, the virus could infect program files on the server, causing the virus to quickly spread throughout the network

eDirectory Partitioning and Replicating Each record in a database represents a single network object. The database itself is a hidden file stored on the NetWare server when the first server is installed on the network When the new server is added, NetWare 6 will automatically place a copy of the entire eDirectory database on the new server, as shown in Figure 2- 20

eDirectory Partitioning and Replicating The copy of the eDirectory database placed on the new server is called a replica There are five types of replicas:  Master– Read/Write  Filtered– Read-Only  Subordinate Filtered replicas are similar to R/W replicas, except that you can use a filter to specify what types of objects are included in the replica

eDirectory Partitions A directory partition is a division of the eDirectory database that enables a network administrator to replicate only a part of the entire eDirectory tree Initially, the eDirectory tree contains only one partition that starts at the root of the tree: the [Root] partition With NetWare 6, the ConsoleOne utility is used to view, create, move, or merge partitions As shown in Figure 2-22, the ConsoleOne utility enables you to identify which partitions exist in the eDirectory tree and determine on which servers the partition replicas are stored

Partitioning the eDirectory Database

The Partition and Replica View in ConsoleOne

Summary Using Native File Access Protocol, NetWare 6 can process requests for file services for Microsoft, Apple, and Unix clients One of NetWare’s major features is the global eDirectory database, which allows NetWare servers to share access to a common set of network objects that can be organized into a hierarchical tree structure The location of an object within the eDirectory tree is called its context

Summary The location of the client computer within the eDirectory tree is called the current context, which can be used to make access to objects easier by simply entering the object’s common name NetWare 6 has two graphical Windows-based utilities for managing eDirectory objects: ConsoleOne and NetWare Administrator Replicas are copies of the eDirectory database placed on NetWare servers; they provide fault tolerance if a server is down and enable faster access to network resources