Novell Netware 6 Documentation

NetWare 6 Readme
Novell
NetWare 6 ®
www.novell.com
6.0
README
October 25, 2001

Novell Confidential
Manual 99a 38 July 17, 2001
Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
This product may require export authorization from the U.S. Department of Commerce prior to exporting from the
U.S. or Canada.
Copyright © 2001 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied,
stored on a retrieval system, or transmitted without the express written consent of the publisher.
U.S. Patent No. 5,157,663; 5,349,642; 5,455,932; 5,553,139; 5,553,143; 5,572,528; 5,594,863; 5,608,903;
5,633,931; 5,652,859; 5,671,414; 5,677,851; 5,692,129; 5,701,459; 5,717,912; 5,758,069; 5,758,344; 5,781,724;
5,781,724; 5,781,733; 5,784,560; 5,787,439; 5,818,936; 5,828,882; 5,832,274; 5,832,275; 5,832,483; 5,832,487;
5,850,565; 5,859,978; 5,870,561; 5,870,739; 5,873,079; 5,878,415; 5,878,434; 5,884,304; 5,893,116; 5,893,118;
5,903,650; 5,903,720; 5,905,860; 5,910,803; 5,913,025; 5,913,209; 5,915,253; 5,925,108; 5,933,503; 5,933,826;
5,946,002; 5,946,467; 5,950,198; 5,956,718; 5,956,745; 5,964,872; 5,974,474; 5,983,223; 5,983,234; 5,987,471;
5,991,771; 5,991,810; 6,002,398; 6,014,667; 6,015,132; 6,016,499; 6,029,247; 6,047,289; 6,052,724; 6,061,743;
6,065,017; 6,094,672; 6,098,090; 6,105,062; 6,105,132; 6,115,039; 6,119,122; 6,144,959; 6,151,688; 6,157,925;
6,167,393; 6,173,289; 6,192,365; 6,216,123; 6,219,652; 6,229,809. Patents Pending.
Novell, Inc.
1800 South Novell Place
Provo, UT 84606
U.S.A.
www.novell.com
NetWare 6 Readme
October 2001
103-000171-001
Online Documentation: To access the online documentation for this and other Novell products, and to get
updates, see www.novell.com/documentation.
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Novell Trademarks
ConsoleOne is a trademark of Novell, Inc.
DirXML is a trademark of Novell, Inc.
eDirectory is a trademark of Novell, Inc.
GroupWise is a registered trademark of Novell, Inc. in the United States and other countries.
Hardware Specific Module and HSM are trademarks of Novell, Inc.
Internetwork Packet Exchange and IPX are trademarks of Novell, Inc.
IPX/SPX is a trademark of Novell, Inc.
Link Support Layer and LSL are trademarks of Novell, Inc.
Media Support Module and MSM are trademarks of Novell, Inc.
NetWare is a registered trademark of Novell, Inc. in the United States and other countries.
NetWare Core Protocol and NCP are trademarks of Novell, Inc.
NetWare Loadable Module and NLM are trademarks of Novell, Inc.
NMAS is a trademark of Novell, Inc.
Novell is a registered trademark of Novell, Inc. in the United States and other countries.
Novell BorderManager is a trademark of Novell, Inc.
Novell Certificate Server is a trademark of Novell, Inc.
Novell Client is a trademark of Novell, Inc.
Novell Cluster Services is a trademark of Novell, Inc.
Novell Directory Services and NDS are registered trademarks of Novell, Inc. in the United States and other
countries.
Novell Distributed Print Services is a trademark and NDPS is a registered trademark of Novell, Inc. in the United
States and other countries.
Novell iFolder is a trademark of Novell, Inc.
Novell Internet Messaging System and NIMS are trademarks of Novell, Inc.
Novell OnDemand Services is a trademark of Novell, Inc.
Novell Storage Services is a trademark of Novell, Inc.
Open Data-Link Interface and ODI are trademarks of Novell, Inc.
Sequenced Packet Exchange and SPX are trademarks of Novell, Inc.
Storage Management Services and SMS are trademarks of Novell, Inc.
Topology Specific Module and TSM are trademarks of Novell, Inc.
Transaction Tracking System and TTS are trademarks of Novell, Inc.
ZENworks is a trademark of Novell, Inc.
Third-Party Trademarks
All third-party trademarks are the property of their respective owners.
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a 37 June 14, 2001
Contents
NetWare 6 Readme 7
1 General Information 9
2 Installation and Upgrade 13
Before the Installation or Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
During the Installation or Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
After the Installation or Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3 ConsoleOne 1.3 21
4 DNS/DHCP 25
5 iManage 1.0 and iMonitor 1.5 for Novell eDirectory 8.6 27
iManage 1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
iMonitor 1.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
6 iPrint/NDPS 33
7 IPX Dependencies 37
8 NetWare Enterprise Web Server 39
9 NetWare FTP Server 41
10 NetWare Migration Wizard 6 43
11 NetWare WebAccess 45
12 NetWare Web Manager 47
13 NetWare Web Search Server 49
14 Novell Advanced Audit Service 51
15 Novell Certificate Server 55
16 Novell Client for Windows 57
17 Novell Cluster Services 59
Installation/Upgrade Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Other Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Contents 5
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
18 Novell Compatibility Mode Driver 63

19 Novell eDirectory 8.6 for NetWare 65
20 Novell GroupWise 67
21 Novell iFolder 69
22 Novell International Cryptographic Infrastructure (NICI) 71
23 Novell Modular Authentication Service (NMAS) 73
24 Novell Native File Access Protocols 75
General Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Macintosh / AFP Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Windows / CIFS Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
UNIX / NFS Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
25 Novell NetDrive 85
26 Novell NetStorage 87
27 Novell Storage Services 89
28 Novell TCP/IP 91
29 Pervasive.SQL 93
30 Scripting Products 95
31 Storage Management Services (SMS) 97
Backup and Restore Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Client Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Other Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
32 Third-Party Adapters, Drivers, and Applications 101
6 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
NetWare 6 Readme
This document provides information on known issues and limitations for

NetWare® 6. The issues are divided into sections based on product features.
Use the Table of Contents or the Search feature to locate the information you
need.
For information about additional issues discovered after the release, see the
Novell Support Knowlegebase (http://support.novell.com/search/
kb_index.jsp) and enter TID #10064501.
Complete information describing system requirements; installation,
configuration, and optimization procedures; and administration tasks is
available in the documentation provided on CD or online.
Documentation Conventions
In this documentation, a greater-than symbol (>) is used to separate actions

within a step and items in a cross-reference path.
Also, a trademark symbol (®, TM, etc.) denotes a Novell® trademark. An
asterisk (*) denotes a third-party trademark.
NetWare 6 Readme 7
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
8 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
1 General Information
This chapter contains general information about the NetWare® 6 release.

For information about additional issues discovered after the release, see the
Novell® Support Knowlegebase (http://support.novell.com/search/
kb_index.jsp) and enter TID #10064501.
NetWare 6 Contents
The NetWare 6 package consists of the following:

Operating System CD
Client CD
Novell ClientTM 4.81 for Windows* NT*/2000
Novell Client 3.31 for Windows 95/98
NMAS Client 2.0
NICI Client 1.5.7 for Windows
NICI Client 2.0.2 for Windows
Novell NetDrive Client 4.0
Novell ConsoleOneTM 1.3 with snap-ins
Documentation CD
NOTE: We welcome your feedback about the completeness, accuracy, and
accessibility of the NetWare 6 documentation. Please send your comments to
webdoc@novell.com (mailto:webdoc@novell.com?subject=NetWare%206) with
NetWare 6 in the subject line.
General Information 9
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a38 July 17, 2001
MP-Enabled Components
The following core NetWare 6 components are MP-enabled:

Core operating system
ODITM (including LSLTM, LAN, TSMTM, MSMTM, HSMTM)
TCP/IP
NCP/IP
Winsock (including NILE and BSD)
CLIB BSD calls
Novell Storage ServicesTM file system
Novell eDirectoryTM, including LDAP
Novell JVM for NetWare
Novell Modular Authentication Service (NMASTM)
Novell Cluster ServicesTM
NetWare Enterprise Web Server
NetWare Web Search
NetWare FTP Server
Scripting products (NSN, Perl, and UCS)
All other NetWare 6 components included with this release function in an MP
environment.
Compatibility with Other Novell Products
The following Novell products are compatible with NetWare 6:

Account Management 2.1 for Windows 2000
DirXMLTM 1.01
GroupWise® 5.5 Enhancement Pack 3 and GroupWise 6
iChain 1.5 and 2.0
Novell BorderManagerTM 3.6 Support Pack 1a
Novell Internet Messaging SystemTM (NIMSTM) 2.6 and 3.0
Novell OnDemand ServicesTM 1.0
10 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Novell Portal Services 1.0

Novell Single Sign-on 2.1
If you install Novell Single Sign-on to a NetWare 6 server that is not an
SD Key Server and you select No when prompted to make the server an
SD Key Server, you may see messages indicating that Novell Single Sign-
on did not successfully install. The messages and entries in the log file
(sys:system\sssi.log) falsely indicate that the SD Key Client and Secret
Store Service were not installed successfully.
Despite these messages, SSS.NLM is correctly installed, the schema is
extended, and Novell Single Sign-On should function properly in the tree.
Novell ZENworksTM for Desktops 3.0 Support Pack 1 and Novell
ZENworks for Desktops 3.2
Novell ZENworks for Servers 2 with the latest Support Pack
There are some compatibility issues using NetWare 6 with ZENworks for
Servers 2. For an explanation of the issues and their resolution, see the
ZENworks for Servers 2 online documentation (http://www.novell.com/
documentation/lg/zfs2/index.html).
NetWare 5.1 Products Not Included in NetWare 6

NIAS components that enable NetWare to function as a WAN or RAS
(dial-up) gateway
If you are upgrading from a previous version of NetWare, your INITSYS
files might need to be edited to remove WAN components that are
autoloaded.
Novell Servlet Gateway
This functionality is now provided by the Tomcat servlet engine.
IBM* WebSphere* application server
This has been replaced by the Tomcat servlet engine. If you are using a
previous version of WebSphere on NetWare, you can use the WebSphere-
to-Tomcat migration utility included with NetWare 6. For instructions on
using the utility, see Migrating from WebSphere to Tomcat in Getting
Results with Novell Web Services.
Collabra News Server and Novell Media Server
During an upgrade from a NetWare 5.1 server, these products are
removed without warning.
General Information 11
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Client DOS Utilities
Many DOS utilities have been removed from NetWare 6. The following
utilities are still included for your convenience, but they are not supported:
CAPTURE
CX
FILER
LOGIN
LOGOUT
MAP
NCOPY
NDIR
NetWare Administrator
NLIST
NPRINTER
RIGHTS
International Issues
Euro Character. There are several places throughout Netware 6 where the
euro character is displayed as its hex value “[20AC]”. This happens
because the server code page does not support some of the newer
extended characters, including the euro. Although the hex value of the
euro is displayed in a few locations, the integrity of the object containing
the euro character should remain intact.
Web Page Encoding Issue. To properly display international text in your
Web browser, the proper Code Page must be selected for that language.
From the main browser menu, click View > Encoding. Then select the
proper Code Page for the language you want to display. If the correct
Code Page is not selected, you might see question marks or corrupted
text.
12 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
2 Installation and Upgrade
This chapter contains the following subsections:

“Before the Installation or Upgrade” on page 13
“During the Installation or Upgrade” on page 16
“After the Installation or Upgrade” on page 18
You should also review the other sections of this Readme for additional
installation and upgrade issues.
For complete instructions on preparing the network and installing or
upgrading to NetWare 6, see the NetWare 6 Overview and Installation Guide.
IMPORTANT: Upgrades from any Beta version of NetWare 6 to the shipping
version of the product are not supported.
Before the Installation or Upgrade

Upgrading with NetWare Accelerated Upgrade
Do not use NetWare Accelerated Upgrade to upgrade the first server in the tree
to NetWare 6—you must use the NetWare 6 installation program. After you
upgrade or install the first NetWare 6 server using the installation program,
you can then use NetWare Accelerated Upgrade to upgrade other servers in the
tree.
NetWare Accelerated Upgrade is intended for use by network administrators
who are skilled at troubleshooting and installing NetWare networks.
Installation and Upgrade 13
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Upgrading NetWare 5 Servers with NDS 7 and NSS Volumes
A NetWare 5 server with NDS® 7 and NSS volumes is inaccessible after

completing the Prepare a Server with NDS 7 and NSS step in NetWare
Deployment Manager. For this reason, complete this step just before you
upgrade to NetWare 6.
Update NetWare 5 Servers Running NMAS before Installing Novell

Native File Access Protocols
Before installing Novell® Native File Access Protocols (as part of the
NetWare 6 installation or otherwise), all NetWare 5 and NetWare 5.1 servers
(in the tree) running NMAS must be updated to NMASTM 2.0.1, NICI 2.0.1,
and ConsoleOneTM 1.3.2.
NMAS 2.0.1, NICI 2.0.1, and ConsoleOne 1.3.2 updates and instructions are
available at www.novell.com/downloads.
NetWare 4.11 Upgrades
NetWare 4.11 requires that Support Pack 8 or later be installed before

upgrading. The requirement was accidentally omitted from the Upgrade to
NetWare 6 > Meet System and Software Requirements section of the printed
NetWare 6 Overview and Installation manual.
Mixed NDS Environments and Synchronization -628 Errors
If your network includes servers running NetWare 5 with NDS eDirectoryTM

8.5 (Build 85.00), NetWare 5 with NDS eDirectory servers in the same replica
ring with NetWare 4 servers, or NetWare 5 with NDS 7 servers, you must
update NDS before installing a NetWare 6 server. (You must also complete the
Network Preparation tasks in NetWare Deployment Manager.)
If you do not update NDS, -628 errors will occur during synchronization. For
information on updating NDS to the proper version number, see http://
support.novell.com/cgi-bin/search/searchtid.cgi?/10063534.htm (http://
support.novell.com/cgi-bin/search/searchtid.cgi?/10063534.htm).
NDS updates are available on the Novell Support Web site (http://
support.novell.com).
Prepare the Schema before Upgrading or Installing
Before you install or upgrade to NetWare 6 on an existing network, make sure

to complete all relevant steps in the "Network Preparation" section of NetWare
14 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Deployment Manager and specifically complete Step 3: Prepare for NDS

eDirectory 8.6. This step identifies and updates a server on the network that
holds the Master or Read/Write replica of the Root of the tree.
NetWare Deployment Manager (NWDEPLOY.EXE) runs on a Windows
workstation and is located on the NetWare Operating System CD.
For complete instructions on preparing the network, see the NetWare 6
Overview and Installation Guide.
Video Driver for NetWare Deployment Manager on Windows 2000
NetWare Deployment Manager might not run on Windows 2000 computers

with the Matrox G400 video driver. To fix the problem, download and install
the latest video driver from Matrox (http://www.matrox.com).
Using a Compaq ML530 Computer
NetWare 6 will not install on the Compaq* ML530 computer unless the
ML530 ROM has been flashed (updated) using Compaq's SmartStart 5.1 or
later. The ROM flash utility from Compaq's SmartStart 5.0 or earlier is not
sufficient. If the ROM is not updated, the NetWare 6 installation might hang
while configuring IP addresses.
Accelerated Upgrade: Removing Unsupported LAN Drivers
To avoid any problems, upgrade your LAN drivers before using NetWare
Accelerated Upgrade to upgrade your server to NetWare 6.
If you did not select the Auto-detect Computer Hardware after Rebooting
option, NetWare Accelerated Upgrade will not automatically update any old
LAN drivers and you might not be able to connect to your server. To correct
this problem, unload or remove any unsupported drivers and then load the
corresponding supported NetWare 6 drivers. After the upgrade is finished,
modify the AUTOEXEC.NCF file to reflect any name changes.
If you did not upgrade your LAN drivers before upgrading to NetWare 6 and
you have old hardware, select the Auto-detect Computer Hardware after
Rebooting option. If you do this, NetWare Accelerated Upgrade automatically
replaces any old LAN drivers with NetWare 6 LAN drivers.
NOTE: Some LAN driver hardware is no longer supported on NetWare 6.
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
During the Installation or Upgrade

Copying and Overwriting Existing Files
Because all the components of NetWare 6 have been tested as a whole, you
should select Overwrite on all files that report a new date conflict during an
upgrade.
Installing from a Bootable CD
If your server supports a bootable CD-ROM and you want to boot to the
NetWare Operating System CD, make sure that the machine boot order
specifies that the CD boots before the hard drive. This ensures that the CD is
available for booting and formatting the hard disk.
To boot to the NetWare Operating System CD, the server must have a ROM
BIOS that fully supports the El Torito specification. Booting on a machine
where the specification is not supported might result in hangs after starting
Caldera* DR DOS* or in messages such as “No operating system found.” If
your computer or storage adapter is not working, contact the vendor for an
updated BIOS.
If you boot the CD to install NetWare using an existing DOS partition, it must
not be a FAT32 partition. The DOS that boots on the CD does not recognize
FAT32 partitions and will not be able to write to the drive. To install with a
FAT32 partition, you must boot a FAT32-compatible DOS and then run
INSTALL.BAT either from the CD or a network drive.
Installing Only IPX
Most NetWare 6 services require IP. If you choose to install IPXTM only, you
will have very limited functionality. Installing IP as the default protocol is
highly recommended.
Installing IPX after Installing IP Only
If during the installation you select IP only, the server ID number is removed
from the AUTOEXEC.NCF at the end of the installation. It is used only for
IPX-needed configurations (IP/IPX and IP/SCMD). If you decide to add IPX
to your server later after initially installing IP only, you will need to add the
SERVERID xxxxxxxx line to your AUTOEXEC.NCF after the server name to
use IPX services on the server.
16 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Installing a NetWare 5.1 Server into a Tree with a NetWare 6 SDI

Server
When installing a NetWare 5.1 server into a tree with a NetWare 6 Security
Domain Infrastructure (SDI) server, the installation fails with a “125” error
due to a security upgrade.
The following error message is displayed:
Error while Contacting Security Domain Infrastructure Key
Server: NW6_1.Servers.RCH.TX.HCSC
Error #125
If the Security Domain Infrastructure server in the NDSPKI:SD Key Server

DN attribute in the Security.KAP.WO container is a NetWare 6 server, then a
NetWare 5.1 server installation into the tree will fail with this error.
This error happens during the final file copy and shows up as part of the Novell
Certificate ServerTM installation. To complete the installation of the NetWare
5.1 server, complete the following steps:
1 Install the NetWare 5.1 server standalone (into its own tree).
2 Delete the file SYS:SYSTEM\NICI\NICISDI.KEY.
3 Update the NetWare 5.1 server to NICI 2.0.1 or later.
You can download this version of NICI from the Novell download site.
4 Using NWCONFIG, uninstall eDirectory on the NetWare 5.1 server.
5 Using NWCONFIG, install eDirectory onto this server and specify to
install the server into the existing NetWare 6 tree.
6 Run the Novell Certificate Server installation either from the server
console or through the NetWare Deployment Manager.
The Certificate Server installation automatically creates the necessary
security objects.
7 Configure products that use SSL certificates, such as LDAP, Web Server,
etc., to use the new certificates.
Accelerated Upgrade: Installing Apache Web Server
Because NetWare Accelerated Upgrade does not install or update any

software applications outside of the core NetWare operating system, the
Apache Web server is not upgraded/installed during the upgrade. The
following products are dependent on Apache: Novell iFolder, NetWare Web
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Search, iManage, NetWare Web Access, and Novell NetStorage. If you plan
to install any of these products after the upgrade, make sure that you install the
Apache Web server first.
After the Installation or Upgrade

Missing Device Drivers
The server installation program copies to a startup directory

(C:\NWSERVER) only drivers (such as HAMs, CDMs and PSMs) for devices
that were auto-detected during the installation process. If you attempt to load
a HAM, CDM, or PSM that was not auto-detected during installation and it
fails to load, copy the appropriate driver from the C:\NWSERVER\DRIVERS
directory to the C:\NWSERVER directory and then load the driver again.
Status of Old LAN and WAN Files
After an upgrade to NetWare 6, old LAN and WAN files will not be deleted.
These old files might not be supported in a NetWare 6 environment.
To Speed Up the Post-Installation Utility
If performance of the post-installation utility and other Java* applications is

slow, then change the VM Cache Pool Percentage SET parameter by entering
the following command at the server console:
SET VM CACHE POOL PERCENTAGE = 30
Performance of the post-installation program and some Java applications is
significantly improved with this change. The changes are saved by the
operating system and remain even if the server is rebooted.
Update SMS Components
A new release of Storage Management Services (SMS) is available at the

Novell Support Web site (http://support.novell.com). This release contains
important fixes to the SMS components delivered with NetWare 6.
The fixes ensure compatibility between earlier versions of NetWare and the
NetWare 6 SMS modules. In addition, the patch includes updates to SMS
components (including SMDR and TSA), which have made the product more
stable and robust.
18 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
To maintain backup and restore services on NetWare 6 and your network, you
must install the patch. The patch will supersede the SMS modules installed by
default during the NetWare 6 installation.
For more information, see the Readme included with the patch.
Agent Installation for GroupWise 6 Replaces LDAP Files Needed by

iFolder
The Agent Installation program for GroupWise® 6 lets you overwrite LDAP
modules that consequently disable iFolder running on NetWare 6. To avoid
this problem, select No when prompted to overwrite the LDAP modules
during GroupWise Agent Installation. The LDAP module includes:
LDAPSDK.NLM
LDAPSSL.NLM
LDAPX.NLM
If these files are overwritten (by selecting Yes), you must manually copy the
files from the NetWare 6 Operating System CD before iFolder will run on
NetWare 6.
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
20 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
3 ConsoleOne 1.3
Installing the NICI Client
Some of the ConsoleOne snap-ins for NetWare 6 require the NICI Client. To
use those snap-ins, you must install NICI on every workstation where you will
use ConsoleOne.
IMPORTANT: Two versions of NICI are provided for Windows platforms: 1.5.7
and 2.0.2. We recommend that you install both versions.
NICI 1.5.7 is implemented as a kernel driver, while NICI 2.0.2 is implemented as a

shared DLL. Applications using NICI 1.5.7 will not work if only NICI 2.0.2 is
installed. Likewise, new applications will require at least NICI version 2.0.2. Both
NICI versions can be installed on the same Windows workstations, providing
support for all applications.
A Client CD containing the NICI client for Microsoft* Windows operating

systems is included with NetWare 6. NICI clients for Solaris* and Linux* can
be found on the Novell software download page (http://www.novell.com/
download).
To install the NICI client from the Client CD, insert the CD. An autorun
application begins. Select the NICI client from the list.
Running ConsoleOne on the NetWare Server Console
For best performance, we recommend that you install ConsoleOne on a

workstation. Use the NetWare 6 Client CD to install ConsoleOne and snap-ins
onto your workstation.
Losing Connection to ConsoleOne after Cluster
After a node in the cluster dies, you should log out and then log back in to see
the Cluster View in ConsoleOne.
ConsoleOne 1.3 21
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
ConsoleOne Is Not Refreshing Properly
With 3D mouse pointer software installed on a machine running ConsoleOne,

the screen might appear to not refresh properly.
To solve this problem, remove the 3D mouse pointers.
For more information on this issue, refer to Solution #10058840 (http://
ConsoleOne Does Not See the Tree
In a pure IP environment, ConsoleOne does not see the eDirectoryTM tree of

the server that ConsoleOne is running on.
To fix this, make the following changes in the AUTOEXEC.NCF file:
Add the statement LOAD SCMD.NLM after the LOAD and BIND
statements for TCPIP.
Add IPX to the serverID. For information on the serverID format, see
Chapter 7, “IPX Dependencies,” on page 37.
Then restart the server.
For more information on this issue, refer to Solution #2943528 (http://
Administering Volumes and Files Using Novell Client for Windows 95/
98
There is a defect in earlier versions of Novell ClientTM for Windows 95/98 that
causes problems when you try to administer volumes and files in ConsoleOne.
(This is not a problem with Windows NT or 2000.) This defect has been
resolved in the Novell Client that ships with NetWare 6.
If you are using an earlier version of the Client, you should disable caching on
Windows 95/98 by modifying several settings in the Client properties panel.
1 Right-click the red N in the system tray.
2 Click Novell Client Properties > Advanced Settings.
3 For each of the following options, adjust the setting as specified:
Option Setting
Cache Writes Change from On to Off.
Delay Writes Change from On to Off.
22 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Option Setting
File Cache Level Change from 3 to 0.
File Write Through Change from Off to On.
True Commit Change from Off to On.
4 Click OK.
Support for the Hong Kong Supplementary Character Set
This release of ConsoleOne does not support the Hong Kong Supplementary
Character Set (HKSCS). We are currently working on a patch to allow HKSCS
support in future releases of ConsoleOne.
ConsoleOne 1.3 23
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
24 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
4 DNS/DHCP
Known Issues
The Novell® iManage browser-based DNS/DHCP management utility
does not support the following:
IPV6.INT zones
Configuring DHCP Option 60
Pooled Mac addresses (Use the Java Management tool to manage
this feature.)
While importing the DHCP configuration, a default subnet address range
is automatically created. The DHCP Server reference is not automatically
updated; you can manually update the server reference later.
Special Instructions
For improved performance, configure the DNS/DHCP scope settings
before you start using the Novell iManage browser-based DNS/DHCP
management utility.
The recommended settings for the Novell iManage browser-based DNS/
DHCP management utility are as follows:
Display Settings Font Size Browser Text Size
800 * 600 Small Medium to Smallest
1024 * 768 Small Largest to Smallest
DNS/DHCP 25
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
While importing the DHCP configuration, if the subnet address range

contains a reference to an external DHCP server, this reference is
automatically replaced by a reference to the default DHCP server that you
specify.
The Novell DNS and DHCP servers are based on ISC BIND Version 4.9.6
and ISC DHCP Version 2.
26 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
5 iManage 1.0 and iMonitor 1.5 for

Novell eDirectory 8.6

“iManage 1.0” on page 27
“iMonitor 1.5” on page 31
iManage 1.0
Associating a Role to a Scope
If you add a member to a role and then try to associate that role to a scope that
does not exist, you will get an error message. Click OK to clear the error
message.
Creating Objects with European Characters
To create objects in iManage containing European characters, set your

browser locale to any European language. Even if you set your locale back to
English, you can now create and view objects containing European characters.
Using Internet Explorer 5.5, do the following:
1 Click Tools > Internet Options.
2 Click Language > Add.
3 Select a European language (such as Portuguese or German) and then
click OK.
iManage 1.0 and iMonitor 1.5 for Novell eDirectory 8.6 27
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Setting Up Encoding for Foreign Languages
If you are experiencing problems with correct character display in iManage,

you should verify that your browser's language and character set encoding are
configured properly.
To enable iManage to display information in the language you expect, you
need to
Set your browser's language preference to the appropriate language
Select the encoding that supports your browser's language
Setting Your Browser's Language

1 Click Tools > Internet Options to display the Internet Options dialog box.
2 On the General page, click Languages.
3 Add your language to the list and make your language the first language
in the list.
4 Click OK to save the changes and then close your browser.
5 Open your browser and log in to iManage.
Selecting the Correct Encoding
When your browser receives encoded iManage information, it uses the

currently selected character set encoding to display the information. For this
reason, you need to make sure that you've selected the correct character set
encoding for your browser's language.
1 Click View > Encoding to display the Encoding submenu.
2 Click the appropriate character-set encoding for your language.
IMPORTANT: On Windows workstations, iManage uses Windows encoding to
display characters. On other platforms, iManage uses ISO encoding. If both
encoding types are displayed, select the type that is appropriate for your platform.
Creating New Roles
If you have more than one rbsCollection in your tree and you create a new role
in one rbsCollection and assign tasks to that role from another rbsCollection,
users will not be able to see their assigned roles and tasks when they log in to
iManage.
28 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
When creating new rbsRole objects in iManage, the tasks for that role should
be assigned from the same rbsCollection container that the role was created in.
Out-of-Memory Errors
If you receive out-of-memory errors when running iManage (Error: 500 on

client browsers and OutOfMemory Java exception on the Server Login
Screen), edit the SYS:TOMCAT\33\BIN\TOMCAT33.NCF file and add the
following switch to the Java command line:
-Xmx128m
128 represents the heap memory (in MB) that Tomcat will use. You can go as
high as 400 for this parameter. To change the heap memory to 400 MB, your
Java command line would look similar to the following:
java -Xmx400m -envCWD=$TOMCAT_HOME -classpath
$TOMCAT_CLASSPATH -Dtomcat.home=SYS:\tomcat\33
org.apache.tomcat.startup.Main -f sys:/tomcat/33/conf/
nwserver.xml %1
To determine the heap memory that Tomcat is currently using, enter the
following at the server console:
: java -show
This command will return a process number such as 196.

The following command will show the heap memory setting as well as the
current usage for the heap and physical memory:
: java -showmemory196
Use the number returned from the Java -show command (196 in the above
example).
Deleting All Role Objects
If you delete all the rbsRole objects in iManage without also deleting the tasks,
you can create a new rbsRole object, but the task list will not show any of the
tasks.
You can create a role without any tasks and then modify the role to include
tasks. However, we recommend instead that you re-install the product
packages in order to re-create the removed roles. Use the Install Package task
in iManage to reinstall the product packages.
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Modifying the iManage Installation Path during a NetWare 6 Custom

Installation
You should not modify the iManage installation path during the NetWare
custom installation unless the container you specify in the installation field
already exists.
If you do specify a container that does not exist, you will receive -601 (No
Such Entry) errors on the following files:
.../BASE/EDIR.XML
.../DNSDHCP/DNSDHCP.XML
.../IPRINT/IPRINT.XML
.../NLS/NLS.XML
You will also receive the following error:
Failed to associate initial roles with user admin.
If you receive this error, you can associate the initial roles with the
administrator User object after the installation finishes by completing the
following steps:
1 In iManage, click the Configure tab.
2 Click Role Based Services Setup > Create rbsCollection.
3 Follow the online instructions to create an rbsCollection container.
4 To install the iManage plug-ins, click Role Based Services Setup > Install
Plug-in.
5 Associate each role with the Admin User object.
5a Click Role Management > Modify Role.
5b Click the icon in the Members column of a role.
5c Follow the online instructions to add the admin User object as a
member of the role.
Setting Inheritance Rights
In this release of iManage, the ability to set inheritance rights is not available.
Inheritance from the container chosen as the scope down through any
subcontainers is automatically set and cannot be changed. This allows only the
chosen container to be used as the scope and not the subcontainers as well.
30 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Performing a Post-installation of iManage
When performing a post-installation of iManage, you must restart both

Apache and Tomcat after the installation is complete in order for iManage to
work properly.
Granting Additional eDirectory Rights to Owners of rbsCollection

Containers
When you make a user an owner of an rbsCollection container, you should

grant that user the additional eDirectory rights needed to fully administer that
collection. This user should be given supervisor entry rights to the objects
needing modification (assign roles to, etc.).
Assigning a Container Object As a Member of a Role
When you assign a container object (Organization or Organizational Unit) as

a member of a role, only the users directly under the container will have access
to that role. Users in subcontainers under the one assigned will not be able to
use that role. This is the same way that assigning containers to Group objects
works in eDirectory.
iMonitor 1.5
Browsing for Objects Containing Extended Characters
When using iMonitor to browse an eDirectory tree for objects, an object with
extended characters in the name might not hyperlink to the object properties
correctly. This problem does not happen with any objects that contain double-
byte characters.
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
32 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
6 iPrint/NDPS
Installing Printers on Windows NT/2000
To install a printer on Windows NT/2000, you must have Administrator rights

or be a Power User.
Managing iPrint
iPrint can be managed with the Novell® iManage browser-based management

utility. Not all operations have been included in iManage. For those operations
that you cannot complete in iManage, you can use NetWare Administrator.
For information on setting up iManage, see the Novell iManager
Administration Guide.
IP Address Limitation
When using iPrint, IP addresses must be between 1 and 255 for the Network
ID and Host ID. Addresses that have a 0 (zero) in any of the four octets are not
currently supported. For example, 1.0.0.9 is not supported.
Using NDPS Gateways
When you use iManage to create an NDPS® Printer object and select the
Novell Gateway, the Novell Gateway (NDPSGW.NLM) is used.
When you use NetWare Administrator to create a Printer object and select the
Novell Gateway, the gateway comprised of PH.NLM and NDPDS.NLM is
used. This is the only version of the gateway that supports RP protocol and
local ports.
To use a third-party print vendor’s gateway, you must use NetWare
Administrator to create the NDPS Printer object.
iPrint/NDPS 33
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Running iPrint Map Designer
To have full functionality of the iPrint Map Designer, IPPSRVR.NLM must be

loaded before starting iPrint Map Designer.
Changing Printer Security Levels
If you change the printer agent security level to high and do not check the
Requires Security check box on the IPP Support page of the printer’s Client
Support Page in iManage, you will receive the following error:
Error message: iPrint Client - "The request requires user
authentication."
IMPORTANT: When you check the Requires Security check box, the URL for the
associated printer will change. Users who have already installed this printer will
have to delete and reinstall the printer in order to use the updated URL.
Invalid IP Address When Loading the NDPS Manager
When you load the NDPS Manager, you can specify an IP address or DNS
name. If you do not specify one, the NDPS Manager uses the address stored
in SYS:\ETC\HOSTNAME. If either the IP address or DNS name specified
on the command line or in the HOSTNAME file is invalid, you will receive
the following error:
IP Address xxx.xxx.xx.xxx, specified at load time, is not
bound. Program execution cannot continue normally. Press
Escape to continue.
To resolve the error, use a valid DNS Name or IP Address on the command
line, or edit the SYS:\ETC\HOSTNAME file to contain a valid address.
Using TTS on NSS Volumes
By default the Transaction Tracking SystemTM (TTSTM) is not enabled on NSS

volumes for NetWare 6 servers. To protect database integrity, NDPS requires
that TTS be enabled on the NDPS Manager's host volume before
NDPSM.NLM is loaded. If the NDPS Manager’s host volume is an NSS
volume, you should enable TTS by completing the following:
1 Enter
NSS /transaction=NDPS_Manager_host_volume_name
If you want to list the NSS volumes on a server, enter NSS volumes.
2 Dismount the NSS volume by entering
NSS /Deactivate=NDPS_Manager_host_volume_name
34 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
3 Remount the volume with TTS enabled by entering

mount NDPS_Manager_host_volume_name
iPrint Client Install Page Has No Link
When using a map generated by the iPrint Map Designer, if users click on a
printer from a workstation that does not have the iPrint client installed, they
might be redirected to an iPrint client install page that does not have the client
install link.
To resolve this, use a text editor to edit LOGIN\IPPDOCS\TOOLS.JS and
make the following changes to the Function: ProductNotInstalled section.
Replace the
" document.writeln(\"" +
parent.iprintclientinstallString + "<BR><BR>\");\n" +
line of code with these lines:

" document.writeln(\"" +
parent.iprintclientinstallString + "\");\n" +
" document.writeln(\"<BR>\");\n" +
" document.writeln(\"<BR>\");\n" +
iPrint/NDPS 35
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
36 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
7 IPX Dependencies
If you select TCP/IP as your only protocol during the NetWare® 6 installation,
IPX/SPXTM will no longer be available.
If you have problems loading IPX/SPX-dependent NLMTM programs, add the
following line after the Server Name in the AUTOEXEC.NCF file:
serverID XXXXXXXX
Replace XXXXXXXX with the internal IPXTM address you want to assign to
the server. This address can be numbers and letters A, B, C, D, E, F only
(serverID is a hex value).
For example, the serverID line could appear as follows:
serverID 12345abc
For the changes to take effect, you must restart your server after updating the
AUTOEXEC.NCF file.
IPX Dependencies 37
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
38 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
8 NetWare Enterprise Web Server
No NDS Replica on the Web Server
If the Web server does not have an NDS® replica, users cannot access private
pages through the Web server. Users are allowed to authenticate, but the page
access returns a 404 error.
To avoid this problem, make sure the Web server has an NDS replica.
Internet Explorer Issues
Folder operations in WebDAV have limitations. When you copy a folder to

another folder of the same name, Internet Explorer sends a request to delete
the original folder and its contents before it copies the new folder.
To update a folder and its contents with a folder of the same name in another
location, copy the contents of the folder rather than the folder itself to the
target destination.
ActiveX Controls
If icons such as those for Users, Groups, and Organizational Units are missing
from your My Network folder, check the security settings in Internet Explorer.
Security settings must allow ActiveX Controls to be downloaded and run.
When the following message appears, accept the module to allow it to run:
Novell DAVICONS.OCX Signed ActiveX Controls Being Downloaded
If your Web folders still do not display the icons, you must repair Internet
Explorer 5 by doing the following:
1 From your desktop, click Start > Settings > Control Panel.
2 Double-click Add/Remove Programs.
NetWare Enterprise Web Server 39
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
3 Click Microsoft Internet Explorer 5 > Change/Remove > Repair Internet

Explorer.
4 Restart your system if required.
INDEX.HTML Renamed
When upgrading to NetWare 6 from an earlier version of NetWare, the file

INDEX.HTML in the document root of the Enterprise Web Server
(volume:\NOVONYX\SUITESPOT\DOCS) might be renamed to
INDEX_ENTERPRISE.HTML. This occurs when the new NetWare 6 default
home page is installed as INDEX.HTML.
40 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
9 NetWare FTP Server
Intruder Detection
To disable intruder detection, both intruder detection parameters
(INTRUDER_HOST_ ATTEMPTS and
INTRUDER_USER_ATTEMPTS) must be set to zero (0).
To enable intruder detection, both intruder detection parameters
(INTRUDER_HOST_ ATTEMPTS and
INTRUDER_USER_ATTEMPTS) must be set to a value greater than
zero (0).
Login from FTP Client
When logging in from FTP client, the format of the user distinguished name
should be either username or .username.ou1....
Don’t use the format .cn=username.ou=ou1....
Use Home Icon Instead of Back Icon
From the Service Manager panel of the FTP Server, do not click the Back icon
in the navigation toolbar of the browser to return to the Service Selector panel
of NetWare Web Manager. Instead, click the Home icon in the Service
Manager panel to return to the Service Selector panel.
Configuring FTP Server with Cluster Services

When FTP Server is configured to run in the Active/Passive mode, add
only nwftpd to the end of load script and add only unload nwftpd to
the beginning of the unload script.
When FTP Server is configured to run in the Active/Passive mode, make
sure to comment the nwftpd entry in AUTOEXEC.NCF. Also, before
you bring the resource online, execute unload nwftpd to bring down
the FTP service already running.
NetWare FTP Server 41
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
42 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
10 NetWare Migration Wizard 6
NOTE: Additional Readme information is available at the end of the NetWare

Migration Wizard 6 installation. Once Migration Wizard is installed, you can also
view the Readme before you launch the wizard by clicking Start > Programs >
Novell > NetWare Migration Wizard > NetWare Migration Wizard Readme.
Migrating to NetWare 6 NSS Volumes
When migrating to NetWare 6 NSS volumes, trustee assignments might not be

fully restored to User and Group objects the first time you run the Finish NDS
Migration step. NSS volumes depend on the NDS® backlink process to create
ID information on objects before trustees can be associated with those objects.
Therefore, you must verify that the backlink process is complete before
running the Finish NDS Migration step.
If you have already run the Finish NDS Migration step and are missing
trustees, you can manually complete the backlink process and rerun the Finish
NDS Migration step. Reboot the server after this step completes.
To manually run the backlink process, enter the following commands at the
server console:
set dstrace=on
set dstrace=+blink
set dstrace=*b
If you switch to the Directory Services screen on the server, you can watch the
objects as they are processed. The above commands must be repeated until no
more User or Group objects appear in the backlinked list on the Directory
Services screen.
NetWare Migration Wizard 6 43
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
44 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
11 NetWare WebAccess
Do Not Run NetWare WebAccess and Novell Portal Services on Same

Server
NetWare WebAccess and Novell Portal Services cannot be run simultaneously

on the same server. NetWare WebAccess is based on Novell Portal Services
technology. Therefore, the limitation of not being able to run two instances of
Novell Portal Services on the same server also applies when attempting to run
NetWare WebAccess and Novell Portal Services on the same server.
Form Authentication Type Required for Some Lotus Notes Applets
In order for some Lotus* Notes* applets to display correctly, you must select
FORM as the authentication type when configuring the NetWare WebAccess
Email gadget using ConsoleOneTM. BASIC is the default Lotus Notes
authentication type.
WebAccess Object Name Change
An object in the WebAccess container in Novell® eDirectoryTM might be

referred to incorrectly in the documentation. The WebAccess_portalgroup
object should be WebAccess_Configuration_All_Users. This is the object
used to configure NetWare WebAccess gadgets in ConsoleOne.
NetWare WebAccess 45
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
46 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
12 NetWare Web Manager
Upgrading Products Accessible through NetWare Web Manager
If you are upgrading products accessible through NetWare Web Manager, new
configuration files will be written out and the old configuration files will be
backed up in their current location.
A “_BKddd” (where ddd is a number) will be appended to the old
configuration file. For example, MAGNUS.CONF will become
MAGNUS.CONF_BK000.
If another installation is done on top of this one, MAGNUS.CONF will
become MAGNUS.CONF_BK001. The count is incremented with each new
upgrade installation. If you want to restore the old settings, you can manually
merge the new and old files.
Using Internet Explorer
To view NetWare Web Manager with Internet Explorer, you must change a
setting in Internet Explorer to set the correct page caching option.
1 From the tool bar, click Tools > Internet Options > General > Settings.
2 Check the Every Visit to This Page check box so that the browser re-
requests a page and displays the appropriate information after you have
made new selections on the NetWare Enterprise Server forms.
NetWare Web Manager 47
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
48 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
13 NetWare Web Search Server
Web Search and Web Server Interaction
The NetWare Web Search installation program automatically detects and

registers itself with both the Apache and Enterprise Web servers if they are
installed on your server. However, the NetWare Web Search Manager
(AdminServlet) will be registered only with the Apache Web server, which is
the Web server used by all NetWare Web administration utilities (such as
NetWare Web Manager and NetWare Remote Manager). The Search and Print
servlets will be registered with both Web servers, if available.
IMPORTANT: Web Search uses the Enterprise server’s NLMTM programs when
authorizing rights-based search results. If the Enterprise Web server is not
installed, the rights-based search results feature will not work. However, Web
Search will continue to operate without this feature and will simply return all search
results.
Regenerating All Indexes after Installation
After upgrading from a previous installation of Web Search to the NetWare 6

version, you must regenerate the older indexes before they can be searched.
Indexes No Longer Listed on Default Search Page
After upgrading from previous versions of Web Search, the list of indexes
(formerly called collections) that appear on the default search page might
disappear. This is because subsequent versions of Web Search differentiate
between the indexes specified by a particular query versus those actually
available at the server.
NetWare Web Search Server 49
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
To fix this problem so that all available indexes display on the search page,
either use the templates that ship with the newer Web Search (located in the
\NSearch\Templates\Samples directory) or make the following changes to the
SEARCHTEMPLATE.HTML file that you are currently using as your search
page:
1. Change $$BeginCollectionsLoop to $$BeginServerCollectionsLoop.
2. Change $$EndCollectionsLoop to $$EndServerCollectionsLoop.
New Sample Web Search Templates
NetWare Web Search includes new sample search results templates. You
should always use the new templates as a basis for your templates.
If you install Web Search over a previous installation, your existing templates
will not be overwritten. The new templates will be copied into the
volume:\searchroot\TEMPLATES\SAMPLES directory.
To test the sample templates from a Web client machine, include the Theme
query parameter with the value Samples:
&theme=Samples&other_query_parameters
You can also temporarily change the TEMPLATES directory to the
SAMPLES directory in the Search Properties form in the NetWare Web
Search Manager.
Also, all of the template’s colors and fonts are now in the
volume:\searchroot\DOCS\TEMPLATE.CSS style sheet. This allows you to
easily modify fonts and colors across all of your templates to match the design
of your Web sites.
50 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
14 Novell Advanced Audit Service
Default Configuration
NAAS is not supported a mixed network environment containing NDS®
6.x, 7.x, and 8.x. NAAS enables auditing only for NetWare servers that are
running in pure NDS (Novell eDirectoryTM) 8.x networks. It does not
audit NetWare servers running NDS 8.x even if they are part of a mixed
network running NDS versions earlier than NDS 8.x. Therefore, you
should install and configure NAAS only in networks solely running
NDS 8.x.
The ConsoleOneTM-based NAAS default configuration utility cannot be
run from a NetWare 6 server console. Instead, you must run it from a
Windows workstation.
By default, NAAS searches only up to three levels up the tree to find a
policy of any type for an object. If a policy is not found in the three levels,
that object is not audited.
If the depth of the partition is greater than three, specific NAAS Search
Criteria policies should be associated with the objects with the search
level equal to the partition depth.
The NAAS default configuration utility fails to create NAAS objects if
the partition root is not an Organization Unit or Tree Root. Before using
this utility, manually create a NAAS container under the partition root.
If the NetWare server hosts two partitions, and the server partition root is
an ancestor of the other partition, explicitly give rights to the NAAS
Agents to the objects in the other partition.
The default configuration utility configures NAAS for a single partition
and, by default, the Audit Server generates reports only for the query
domains in the same partition.
If the Auditor Query Domain is in a partition other than that of the Audit
Server, you need to give specific rights to that NAAS Server Object.
Novell Advanced Audit Service 51
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
The default configuration utility can make a user Auditor for only one
partition.
To make the same user an Auditor for more than one partition, do the
following:
Manually configure NAAS.
Grant the auditor Read and Compare rights to the LDAP Server
attribute for the partition containing the User object.
Grant the auditor Read and Compare rights to the
LDAP:keyMaterialName attribute for the partition containing the
User object.
After generating a report for one naasAuditorQueryDomain, restart
ConsoleOne to generate a report for a second domain.
The NAAS schema for eDirectory does not get extended from the
NetWare 6 server if that server happens to be a nonreplica server.
Run the NAAS installation from a NetWare 6 server that is hosting a
Read/Write replica of Root.
Audit Data Commit
Automatic commit of audit cache on reaching the specified threshold is not

enabled. The size of the cache file will grow until the periodic commit is
scheduled.
NAAS Agent
Occasionally, the NAAS Agent might fail to commit data to the NAAS Server
due to communication failure. However, there is no loss of data and the data
is cached.
To resolve this, do the following:
1 Unload Java.
This unloads some of the NAAS Agent and NAAS server components.
2 Reload Java using the LOAD JAVA command at the system console.
3 Reload the unloaded NAAS components using the ST_AGENT and
ST_SRVR commands at the system console.
52 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Loading the Shims
If all three NAAS Shims are required to be loaded, the load order should be
FSSHIM.NLM
NSSSHIM.NLM
DSSHIM.NLM
eDirectory Auditing
Auditing is not enabled for the following events in Novell eDirectory:
DSE ADD MEMBER
DSE DELETE MEMBER
If the NetWare server hosts two partitions and the server partition is a
child partition of the other, only the server partition is audited.
Audit Report Generation

Generating a report for a large number of records takes more time than
generating a report for a small number of records. For example, it will
take approximately 15 minutes to generate a report containing 17,000
records.
Two or more Audit report queries cannot be processed simultaneously by
the Audit database, so auditors should generate one report at a time.
If event filters are created for NSS or NWFS, the Audit report will contain
events for both NSS and NWFS even when only one of the two is
selected. This happens only for events that are common to both NSS and
NWFS.
Novell Advanced Audit Service 53
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
54 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
15 Novell Certificate Server
Novell Certificate Server Dependencies
The Certificate Server ConsoleOneTM snap-in has the following dependencies:

Client NICI 2.0.2 or later for Windows
Novell LDAP SDK
Novell ClientTM version 4.8 or later for Windows NT/2000, or Novell
Client version 3.3 or later for Windows 95/98/ME
If any of the above dependencies are not met, Certificate Server functionality
will not be available and you will get one or both of the following error
messages:
NICI 2.0.2 or later is not installed on this client.
The Certificate Server snap-in will not function
until NICI is installed.
The dynamic link library ccsw32.dll could not be
found in the specified path.
These error messages will occur only once on the first object access.
You will typically not have LDAP SDK in your ConsoleOne distribution if
you obtained ConsoleOne directly from the Novell Web site. You should use
the version of ConsoleOne provided with NetWare 6. The ConsoleOne shell
is located on the Client CD at \CONSOLEONE\C1.EXE and the snap-ins are
located on the Client CD at \CONSOLEONE\NW6SNAPINS.EXE.
ConsoleOne and snap-ins are also available on an installed NetWare 6 server
at SYS:\PUBLIC\MGMT\CONSOLEONE\1.2\BIN\CONSOLEONE.EXE.
NICI 2.0.2 for Windows is available on the Client CD at
\NICI\WCNICIU0.EXE or from the Novell Free Download Site (http://
www.novell.com/download/).
Novell Certificate Server 55
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Browser Support
You must use the Internet Explorer 5 or later or the Netscape Navigator 4 or
later browser to use the certificates generated by Novell Certificate Server for
SSL or LDAP connections. Older browsers are not supported.
Removing a Server from NDS
When removing a server from NDS® and then reinstalling it into the same
context with the same name, a successful reinstallation occurs only if the SAS
Service object representing the removed server is also deleted, if it exists.
For example, for a server named MYSERVER, there could exist a SAS object
named SAS Service–MYSERVER located in the same container as the server.
This SAS object must be manually deleted (using ConsoleOne) after the
server is removed from the tree, but before the server is reinstalled into the
tree.
IMPORTANT: If the server is the Organizational CA or the SD Key server, you
must complete some additional steps. These steps are documented in TID
10056795 (entitled “Certificate Server Issues: Removing a Server from a Tree”).
You can search for this TID in the Novell Knowledgebase located at (http://
Verisign Certificates and Creating a Server Certificate (KMO)
If you use Verisign as the external Certificate Authority (CA) during the
creation of a Server Certificate (KMO), you no longer need to obtain
Verisign’s trusted root to paste into the Trusted Root field. You can now select
the option No Trusted Root Available, click Next, and then paste in the
certificate you received from Verisign.
When the certificate is installed, the server determines if the certificate you
pasted chains to a Verisign embedded root. If it does, the certificate and the
trusted root are added to the Server Certificate object in NDS.
56 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
16 Novell Client for Windows
See the Novell® ClientTM Readme (http://www.novell.com/documentation/lg/

noclienu/index.html) for issues related to the Novell Client for Windows 95/
98 and Novell Client for Windows NT/2000.
Novell Client for Windows 57
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
58 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
17 Novell Cluster Services

“Installation/Upgrade Issues” on page 59
“Other Issues” on page 60
Installation/Upgrade Issues
Perform Cluster Pre-upgrade from an NT Workstation
You must run the Deployment Manager option to prepare your cluster for an
upgrade from an NT workstation rather than from a Windows 9x workstation.
Also ensure that your cluster-enabled volumes are in the Running state. Use
Cluster View in ConsoleOneTM to check the state of each corresponding
cluster volume resource.
Shared Cluster Volumes Disabled in NetWare Deployment Manager
Shared volumes are disabled after you complete the Prepare a Novell Cluster
for Upgrade step in NetWare Deployment Manager. Once the upgrade to
NetWare 6 is complete, the shared volumes are re-enabled.
Do Not Create Traditional Volumes during Cluster Upgrade
Do not create new traditional volumes on NetWare 5 servers when upgrading

a cluster from NetWare 5 to NetWare 6.
After one NetWare 5 server in the cluster is upgraded to NetWare 6, upgraded
NSS volumes on shared storage might appear as free space in a traditional
partition. Creating a volume on the free space will corrupt the NSS volume.
Novell Cluster Services 59
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
NSS volume corruption occurs if all of the following conditions exist on your
system:
The Prepare a Novell Cluster for Upgrade option in the Deployment
Manager was run and completed.
At least one of the NetWare 5 servers in the cluster was upgraded to
NetWare 6.
One of the NetWare 5 servers not yet upgraded was rebooted and an
attempt was made on that server to create a traditional partition using
NWCONFIG.
Unable to Authenticate to a New Node during Installation
When using NetWare Deployment Manager to install a new node into a

cluster, you might not be able to authenticate to the new node. If this happens,
map a drive from the workstation running Novell Client software (right-click
the red N) to each node in the cluster and then repeat the NetWare Deployment
Manager steps to install the node into the cluster.
Directory Tree Not Visible during Installation
When running the Cluster Services installation, you occasionally might be

unable to see the eDirectoryTM tree you want to install into from the installation
browser. If this happens, type the name of the tree in the browser path:
treename/cluster.context.
Other Issues
Deactivate Shared NSS Pools
After creating shared NSS pools or volumes, you must deactivate them before
you bring the cluster resource online; otherwise, the resource will go comatose
because it is already active on the server where it was created.
Using DELAY.NLM in Cluster Resource Scripts
If you use DELAY.NLM to delay execution of commands in a cluster resource

load or unload script, do not use the load command in the script to load
DELAY.NLM. Instead, add a command to load DELAY.NLM to the
AUTOEXEC.NCF file on each server where the resource will run. Then
specify the amount of time you want to delay command execution by adding
the DELAY command to the load or unload script. For example, if you want
to cause a five-second delay, add DELAY 5 to the script.
60 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Do Not Use the Prepare Volume for Use by Novell Cluster Services
Option in NetWare Remote Manager
If you are using NetWare Remote Manager to create NSS pools and volumes
to use in your cluster, do not check the Prepare Volume for Use by Novell
Cluster Services check box. This feature does not work and will not correctly
cluster enable your newly created pool or volume.
Instead, go to the NetWare Remote Manager Cluster Config screen and use the
New Cluster Volume button to cluster enable the volume. You can also use
ConsoleOneTM to create and cluster enable NSS volumes.
Novell Cluster Services 61
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
62 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
18 Novell Compatibility Mode Driver
There is no control on the Designated Router Election process. To make any

migration agent a Designated Router, use INETCFG to assign it the highest
priority IP Address.
Novell Compatibility Mode Driver 63
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
64 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
19 Novell eDirectory 8.6 for NetWare
Installing into an Existing Tree
With this release, you cannot install a NetWare 6 server into a partition that
has all of its replicas on a NetWare 4 server if that server will get a replica of
the partition.
If you are installing into a tree that has NetWare 5 servers, each NetWare 5.0
server must be running NetWare 5.0 Support Pack 6a (http://
support.novell.com/misc/patlst.htm#nw) or later. Each NetWare 5.1 server
must be running NetWare 5.1 Support Pack 2a (http://support.novell.com/
misc/patlst.htm#nw) or later.
Distributing Proper Versions of DSREPAIR to All Servers in the Tree
For information on preparing an existing tree for a NetWare 6 installation, see

"Updating the eDirectory Schema for NetWare" in Chapter 1, "Installing and
Upgrading Novell eDirectory," of the Novell eDirectory Administration
Guide.
You can also use NetWare Deployment Manager to prepare your tree for
installation.
Installing into a NetWare 4 Tree
When installing a NetWare 6 server into a pure NetWare 4 tree, clicking the
Browse button on the eDirectory installation screen to search for a context will
not return a list of available containers. You must type the context where you
want to install the NetWare 6 server into the tree.
Persistent Search Operations
A persistent search operation might not retrieve the updated information if

entries in the eDirectory database change frequently.
Novell eDirectory 8.6 for NetWare 65
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Additional Readme Information
For information on additional eDirectory issues for this release, see TID
#10063534 (http://support.novell.com) in the Novell Support Connection
Knowledgebase.
66 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
20 Novell GroupWise
In order to use GroupWise® 5.5 Enhancement Pack WebAccess on NetWare®

6, you must download and install the WebAccess 5.5 EP SP4 Rev 3 patch or
later (FWAEP4C.EXE, FWAEP4D.EXE, etc.) available from Novell Support
Connection® Patches and Files (http://support.novell.com/filefinder). The
patch is a prerelease version (Field Test File) of GroupWise 5.5 Enhancement
Pack Support Pack 4. Your system must be running GW 5.5 SP3a before you
can install this patch. Follow the installation instructions provided with the
patch.
This patch resolves the following compatibility issues between GroupWise
5.5 Enhancement Pack WebAccess and NetWare 6:
If NetWare 6 is installed on a system where GroupWise 5.5 Enhancement
Pack WebAccess has already been installed, the NetWare 6 installation
program changes WebAccess from using the Novell® Servlet Gateway to
using the Tomcat Servlet Gateway. Your existing WebAccess software is
not designed to work with Tomcat. Therefore, you must install the
WebAccess patch for compatibility with NetWare 6 and Tomcat.
If you attempt to install GroupWise 5.5 Enhancement Pack WebAccess
on NetWare 6 without first obtaining the patch, the WebAccess
installation program will encounter problems. It will not be able to
automatically stop your Web server, WebSphere, or Java for you so that
the WebAccess installation can proceed. Although you can work around
these installation problems by manually stopping the listed programs and
then continuing the installation, you will still need to install the patch to
provide WebAccess compatibility with Tomcat.
Novell GroupWise 67
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
68 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
21 Novell iFolder
Selecting the Pre-migration Server Option
If you install iFolder via a Custom installation of the Pre-migration server

option available in NetWare 6, make sure NetWare Web Manager is also
selected to be installed. You will need to reboot your server after the
installation in order for iFolder to work properly.
Using a Proxy Server
If you plan to use a proxy server, set the following options on each workstation
where the iFolder client will be installed:
1 Open Internet Explorer and click Internet Options > Connections > LAN
Settings > Use a Proxy Server > Advanced.
2 Check the Use the Same Proxy Server for All Protocols check box.
Installing iFolder on NT 4 Workstations
If you install the iFolder client on an NT 4 workstation with NTFS volumes,

the iFolder client login will fail. To fix this, complete one of the following
procedures for each iFolder workstation.
Modify Workstation Permissions

1 Open Explorer and click Program Files > Novell > iFolder.
2 Right-click the iFolder folder and then click Properties > Security.
3 Make sure the user has Full Control permissions.
Novell iFolder 69
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Apply the iFolder Patch

1 Go to the Novell Support Web site (http://support.novell.com) and click
Patches and Files.
2 Enter
IFLDRCLA.EXE
The A is a variable and will change as the iFolder client is updated.
3 Double-click IFLDRCLA.EXE to begin the download process.
Creating a User Account
Before you can access your iFolder files from the iFolder Web site, you must
first download and install the iFolder client and then log in. The iFolder user
account can be created only by logging in from the iFolder client. After you
have logged in from the iFolder client, you will then be able to access your
iFolder files from the Java applet via a browser.
70 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
22 Novell International Cryptographic

Infrastructure (NICI)
Some of the ConsoleOneTM snap-ins for NetWare® 6 require the NICI Client.
To use those snap-ins, you must install NICI on every workstation where you
will use ConsoleOne.
IMPORTANT: Two versions of NICI are provided for Windows platforms: 1.5.7
and 2.0.2. We recommend that you install both versions.
NICI 1.5.7 is implemented as a kernel driver and NICI 2.0.2 is implemented as a

shared DLL. Applications using NICI 1.5.7 will not work if only NICI 2.0.2 is
installed. Likewise, new applications will require at least NICI version 2.0.2. Both
NICI versions can be installed on the same Windows workstations, providing
support for all applications.
The Client CD that is included with NetWare 6 contains the NICI client for
Microsoft Windows operating systems. NICI clients for Solaris and Linux can
be found on the Novell® software download page (http://www.novell.com/
download).
To install the NICI client from the Client CD, insert the CD. An autorun
application begins. Select the NICI client from the list.
Novell International Cryptographic Infrastructure (NICI) 71
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
72 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
23 Novell Modular Authentication

Service (NMAS)
NICI Client
You must have the NICI Client installed on each client that will run
ConsoleOneTM and NMAS. See “Novell International Cryptographic
Infrastructure (NICI)” on page 71 for more information.

Before installing Novell Native File Access Protocols (as part of the NetWare
6 installation or otherwise), all NetWare 5 servers (in the tree) running NMAS
must be updated to NMAS 2.0.1, NICI 2.0.1, and ConsoleOne 1.3.
NMAS and BorderManager Interoperability
In order for BorderManagerTM Enterprise Edition 3.5 (BMEE35) and NMAS

to coexist, the Login Policy Object must be created using the BMEE35
NetWare Administrator snap-ins.
In order to install BMEE35 in a tree with NMAS, complete the following
steps:
1 If a Login Policy Object already exists, delete it from the Security
Container.
2 Install BMEE35.
3 Create a new Login Policy Object using NetWare Administrator with the
BMEE35 snap-ins.
Novell Modular Authentication Service (NMAS) 73
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
4 Configure the BorderManager services to use the Login Policy Object.

Refer to the Border Manager documentation (http://www.novell.com/
documentation/) for details.
5 Run the NMAS installation from the server-side GUI.
6 Reinstall any NMAS Methods and re-create any NMAS login sequences.
Simple Password and Force Password Change
The Simple Password method is used for various authentication services in

NetWare 6. These include the Native File Access Pack that provides
authentication support for CIFS and AFP.
A problem might arise if you set or change a user's simple password from the
ConsoleOne administrative snap-ins using Force Password Change. If you
experience problems setting an initial password, you might need to check the
Force Password Change check box. If the user already has a password set,
Force Password Change might not work unless you remove the current
password and enter a new one.
Explicit Rights and Graded Authentication
You must give explicit rights to users with graded authentication. Inherited
rights do not work. For example, an administrator's Supervisor right is defined
at the [Root] container. Rights for the administrator are not defined in the
Volume object. So if the administrator changes the volume's security label
from Logged In to any other security label, the administrator cannot get the
appropriate rights. The administrator must assign explicit rights to the volume,
directories, or files in the volume.
74 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
24 Novell Native File Access Protocols

“General Issues” on page 75
“Macintosh / AFP Issues” on page 78
“Windows / CIFS Issues” on page 80
“UNIX / NFS Issues” on page 82
General Issues
Before installing Novell Native File Access Protocols (as part of the NetWare
6 installation or otherwise), all NetWare 5 servers (in the tree) running
NMASTM must be updated to NMAS 2.0.1, NICI 2.0.1, and ConsoleOneTM
1.3.2.
Beta Files Must Be Removed Prior to Installation
If you installed an earlier version of the AFPTCP or CIFS code (the Beta test
release), you need to completely remove it (including the login methods from
NDS®) before you reinstall.
Novell Native File Access Protocols 75
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Uninstalling the Software
To remove the software, complete the following steps on each server running
Novell Native File Access Protocol software.
1 Run Native File Access for Macintosh* (AFP) Uninstall using
NWCONFIG or the GUI Uninstall. Reboot the server or unload the
AFPTCP.NLM (AFPSTOP.NCF).
2 Run Native File Access for Windows (CIFS) Uninstall using
NWCONFIG or the GUI Uninstall. Reboot the server or unload the CIFS
NLMTM programs (CIFSSTOP.NCF).
3 Use ConsoleOne to remove the NMAS Login Server Methods from NDS.
3a Go to the root of the tree and select the Security object.
3b Right-click the Security object, select the Login Policy object, and
then click Properties.
3c Delete/deselect LSMAFP and LSMCIFS sequences from Selected
Login Methods.
3d Close the Properties window.
3e Select and delete the LSMAFP and LSMCIFS objects under
Security/Authorized Login Methods.
NOTE: The uninstall program removes references to CIFS and AFP from the
PRODUCTS.DAT and AUTOEXEC.NCF files. It does not remove the related NLM
programs (CIFS.NLM, AFPTCP.NLM) and configuration files (AFPVOL.CFG,
CTXS.CFG, CIFSCTXS.CFG, CIFS.CFG).
Intermittent Java Fatal Error
When the installation progress bar shows 100% copy and processing settings,
the following error might occur:
A fatal error has occurred. This program will terminate. You
may check sys:\ni\data\ni.log for more details after you
dismiss the dialog com/novell/admin/ns/nds/jndi/
ndsnamespaceImpl.
If this error occurs, terminate the installation and try again.
76 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Possible Login Error
If you encounter a login error while connecting to the server from a Macintosh
or Windows workstation, run ConsoleOne and verify that the Simple
Password, LSMCIFS, and LSMAFP login sequences are installed.
If the sequences are not installed, do the following:
1 Run ConsoleOne and locate the Security container.
2 Double-click the Security container.
3 Right-click the Login Policy icon and click Properties > New Sequence.
4 Enter simplepassword as the Sequence Name.
5 Select the SimplePassword Object from the left column and click the
arrow to add it to the right column.
6 Click Apply.
7 Repeat the above steps for the LSMAFP and LSMCIFS login sequences.
8 Restart the server.
NMAS.DLL Could Not Initialize Cryptographic Services (-1461)
If any of the following errors appear when launching ConsoleOne, you need
to install NICI Client 2.02 or later on the administrator workstation:
NMAS.DLL could not initialize cryptographic services or
cryptographic services are not available. (-1461)
NMAS.DLL is unloading b/c of errors during initialization.
The library NMASWrap could not be located.
NMAS PutLoginConfig -1460 error
You might see the following error while trying to assign a simple password in
ConsoleOne 1.2d1:
NMAS PutLoginConfig -1460 (NICI_E_NOT_FOUND error)
This error could be caused by either of the following:

NICI Client is not installed. You must install the client.
NICI Partition key is missing. You must reinstall NetWare.
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Macintosh / AFP Issues

AppleTalk Not Supported as a Transport Protocol
The legacy AppleTalk* protocol stack is not supported as a transport protocol

in this version of Novell Native File Access Protocols for Macintosh.
AppleTalk migration is targeted for a subsequent release.
Older Mac applications that have unique dependencies upon AppleTalk as a
transport protocol must be updated to a version that is known to work over
TCP/IP. The AppleTalk stack protocols (TLAP, ELAP, LLAP, DDP, RTMP,
AEP, ATP, NBP, ADSP, ZIP, ASP, and PAP) are not supported over TCP/IP by
Apple*.
Therefore, Novell does not support those legacy protocols either. Both Novell
and Apple have embraced TCP/IP as the Internet standard transport protocol.
IMPORTANT: Older NetWare for Macintosh and Prosoft versions of AFP.NLM and
APPLETLK.NLM are not supported. Do not attempt to mix old Mac support NLM
programs with the new AFPTCP.NLM.
Server MONITOR Does Not Register Mac Connections
The MONITOR.NLM on the server does not register Mac connections. Also,
the active connections’ Network Address list indicates “no address available.”
This is a known problem for connections other than NCPTM sessions.
User Authentication Method Not Found
Mac users receiving the following error message should check the AppleShare
folder in the Extensions folder and try again:
The UserAuthentication Method required by this server can't
be found
This error occurs because the new AFPTCP.NLM cannot coexist with prior
versions of the AFP.NLM.
To fix this error, do the following:
1 Unload the old AFP.NLM and remove it from the AUTOEXEC.NCF file.
2 Unload and delete the old AFPCON.NLM and do not use it again.
3 Delete the old AFPCON configuration file in
SYS:\SYSTEM\GLOBDATA.AFP if it exists.
4 Make sure that the user’s context is in the context search file CTXS.CFG.
78 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Mac OS 8.x Will Not Mount Volumes Checked to Mount at Startup
Mac OS 8.x will not mount volumes checked to mount at startup. To resolve
this, add the server volume's alias to the StartUp Items folder inside the
System Folder on the Mac's local startup disk.
Drag a NetWare Folder to the Trash and Errors Occur
When you drag a NetWare folder to the trash, an error occurs because it is
unable to leave the item in the trash and it will delete it immediately.
This happens on Mac OS 8.1 with NSS volumes. Also, Mac OS X running
with network volumes does not support the functionality associated with the
Trash icon.
0x01 Filenames and NSS Volumes
Certain extensions and control panels (such as MacAdministrator) use

filenames beginning with 0x01 to ensure that they load first. These filenames
will not work correctly on an NSS volume.
Unloading AFPTCP.NLM and WSPDSI.NLM Programs
The Winsock component used by the Macintosh Native File Access NLM
does not always clean up all open sockets. If you unload AFPTCP.NLM and
then explicitly unload WSPDSI.NLM, it might give you the following
warning in flashing red text:
WARNING!!!
1 active Winsock 2 DSI socket session(s)
Unloading WSPDSI.NLM with active session(s) will abend the
server.
Unload all Winsock 2 apps with active SSL socket session(s).
Unload module anyway?
Do not unload the module or the server will abend.
The warning is correct. WSPDSI thinks there are still active AFP sessions and
it will abend the server if you unload it. The last line of the warning should
read "Unload AFPTCP.NLM" but, because AFPTCP is already unloaded,
unloading AFPTCP will have no effect.
There is no need to unload WSPDSI manually. AFPTCP.NLM loads it
automatically on startup and AFPSTOP.NCF does not unload it. It remains
loaded. Under normal use, you should not see this warning.
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Volume ID
You might get pervasive errors in a clustered AFP environment when the
volume ID is set to higher than 32. To eliminate these errors, use ConsoleOne
to edit the cluster AFP/TCP volume resource and change the volume ID to 32
or lower. Remember to make the value you choose unique from other volume
IDs.
Windows / CIFS Issues

Problem with Microsoft Patch
Microsoft recently released a patch to its Windows NT 4.0 RPC service to

address a vulnerability to Denial-of-Service attacks. Although the CIFS
Import Users functionality does not cause or participate in any denial of
service attacks, the patch does change the Window NT 4.0 RPC interface
which, in turn, affects the CIFS Import Users functionality.
The interface changes are in the process of being tested, and we will release a
patch to correct this problem soon after NetWare 6 ships.
Workstations Might Not Be Able to Access a Windows 2000 Primary

Domain Controller
If the Primary Domain Controller (PDC) is a Windows 2000 server, Windows

workstations might not be able to access the CIFS server. To fix this, complete
the following steps:
1 Specify the following parameter in SYS:\ETC\CIFS.CFG:
-PDC PDC_name IP_address
For example:
PDC ONENET 130.57.66.134
2 Enter CIFSSTOP and then CIFSSTRT.
PDC and CIFS on Different Subnets
If the PDC and CIFS servers are on different subnets, the -PDCNAME option
(which uses DNS resolution) might not work. Use the -PDC option instead.
80 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Password Changes
Trying to change a password from a Windows 9x or NT4 client workstation

might fail if the default network username and password in the client's cache
is not a valid combination on the CIFS server where the password change was
attempted.
To avoid this problem, validate the username and password combination in the
client's cache on the CIFS server before attempting the password change. You
can validate by attempting to access the file system on the CIFS server by
browsing to Network Neighborhood.
Password Changes and Case Sensitivity
When the CIFS password (simple password) on NetWare server is changed

using the NET PASSWORD command on a Windows 9x client, the client
always sends the old and new passwords in upper case. As a result, the regular
NDS password update will not be successful if the old regular NDS password
contains lowercase letters. Also, the new password will be stored in upper
case.
For Windows NT/2000, the user should provide a case-sensitive password; if
not, the regular NDS password update will not be successful.
CIFS Server on NetWare Does Not Function As a Master Browser
If the CIFS server on NetWare is the only member of a workgroup, then the
workgroup will not appear under Network Neighborhood. However, it might
be possible to locate the server using the Find Computer feature.
Configuration File Options Not Supported
The -ASYNC, -OPLOCKS, and -UNICODE options are not supported with
this release. Make sure these options are set to Off.
CIFS Server Not Visible in Network Neighborhood
You might occasionally find that your CIFS server is not visible using
Network Neighborhood. This can happen if you have a domain that contains
only Windows 95/98 and no NT/2000/XP servers or clients. To correct this
problem, enter the server name or IP address in Find Computer.
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
MS Paint "Out of Memory" Error
CIFS users might occasionally see an Out of Memory error when using MS
Paint on a Windows NT workstation. This error message is incorrect and no
processes are out of memory. The error message will disappear if the data file
is first saved to local storage and then copied to the remote storage directory.
UNIX / NFS Issues

Upgrade Issues
Before beginning an upgrade from NetWare 5.0 with NetWare NFS
Services 2.4 installed, you must comment out the UNISTART entry in
AUTOEXEC.NCF.
Before rebooting the system after an upgrade from NetWare 5.1 with
ZENworksTM for Desktops 3.2 and PXE support installed, you must
change the load order in AUTOEXEC.NCF so that NFSSTART.NCF
comes before ZFDSTART.NCF.
Upgrading from NetWare 5.1 with NetWare NFS* Services 3.0 installed
removes the product but retains the NFS Server and NIS configuration.
After an upgrade from NetWare 5.1 with NetWare NFS Services 3.0
installed, you must remount the NetWare exports mounted on NFS
clients.
After upgrading from NetWare 5.1 with NetWare NFS Services 3.0
installed, the NFS Gateway component of NetWare NFS Services 3.0 will
not be functional; it is not supported on NetWare 6.
General
If the server holding the master eDirectoryTM replica is down, Native File
Access for UNIX* will not work on servers that have a Read-Only
replica, a Filtered replica, or no replica.
When Native File Access for UNIX is installed on a multiserver tree, the
UNIX profile of the NIS User object is not mapped to root. Therefore,
NFS Server fails to load.
Refer to the SYS:ETC\SCHINST.LOG file after the installation and run
schinst again if any errors are logged.
If the pkernel screen displays messages similar to the following, you can
ignore them (they do not affect functionality in any way):
RPC:svc_register failed for prog=186A4, vers=1
82 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
When Native File Access for UNIX is installed, the nfsstart entry is added
to AUTOEXEC.NCF, so the services are not automatically available after
installation.
To make Native File Access for UNIX available, run nfsstart after
installation or reboot the server.
ConsoleOne
If you administer NFS exports of multiple servers and switch between
them, it is possible that the data you view is for the previous server.
Click the corresponding Server object, right-click Exports, and then click
Refresh to display its data.
When managing the NFS server through ConsoleOne, if you try to export
a volume without logging in to the Novell eDirectory tree, the following
message displays erroneously: Config file is open.
To export a volume, log in to the Novell eDirectory tree.
When managing NFS Server through ConsoleOne, if a value that is out of
range or invalid is entered in NFS Server > Options > Parameters, a cursor
is placed in the next field and you cannot modify that field.
To modify the field, close the panel and open it again. Enter a valid
number that is in the range in the NFS Server > Options > Parameters
field.
When managing NIS through ConsoleOne, eDirectory objects of type
ipService and nisObject cannot be created.
When performing special map migration through ConsoleOne, the
complete path of the file is required (for example,
SYS:ETC\NIS\PHLIST).
Administering NetWare 5 NFS Services on NetWare 5 from ConsoleOne
on NetWare 6 is not supported.
NFS Server
If exported NSS volumes are deactivated and activated in a different
order, operations from an NFS client on these mount points will fail.
To ensure proper functionality, unload and reload the NFS Server
software and remount the exported path on the NFS client.
Hard links are not supported on exported NSS Volumes.
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Traditional volumes can be mounted only using NFS version 2.

Even though showmount shows the volumes as exported, they are not
mountable using NFS version 3. You need to explicitly mount the
exported traditional volumes specifying the mount version as 2.
If a Windows workstation user who has write permission to a file created
in a mounted volume by a UNIX user attempts to modify the file, the
ownership of the file will change from the UNIX user to the Windows
workstation user.
UnixWare* 7 NFS client access has issues with recursive delete and C file
compilation. Also, the ownership of a file will change if a nonowner user
with permissions to the file edits it.
NIS Server
No error message is displayed to convey that the NetWare server fails to
become a slave to the UnixWare 7 NIS Master.
To set the password for a user from a UNIX NIS client, use ypset to set
the default domain in the NetWare server.
NIS objects such as nisDomain, nisMap, and nisObject cannot have
names with more than 64 characters.
Unloading nisbind might take several minutes.
If maps are pushed to an NetWare NIS slave server using any map name
(for example, hosts.byname or hosts.byaddr), both maps are updated in
the slave server.
For Default maps, the pound sign (#) is not a valid comment character. If
you don’t want to migrate a particular record, remove it from the text file
before migrating.
The bootparam and netgroup maps are not supported in this release.
Using ypcat groups does not show the members of the group.
Migration
After a new user is created and the user's UNIX profile is set, if the group
corresponding to the user's GID exists, the user will be listed as a member
of that group. However, the rights of the group will not flow down to this
user. Remove the user from the members list and add it again.
While migrating domains using the -x option, edit the context parameter
by prefixing each of the dots in the Relative Distinguished Names with a
backslash ( \ ) to distinguish them from eDirectory (NDS) names.
84 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
25 Novell NetDrive
NetDrive supports HTTPS for WebDAV only on Windows NT 4.0 and

Windows 2000 workstations.
If your NetDrive client is behind a firewall regulated by a
BorderManagerTM server that is configured for FTP proxy and
authentication, NetDrive cannot map a network drive via FTP to any
servers that reside outside the firewall. To solve this problem, disable the
FTP proxy authentication on the BorderManager server.
Novell NetDrive 85
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
86 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
26 Novell NetStorage
Changing iFolder IP Address after NetStorage Installation
If you change the iFolderTM server IP address, DNS name, or port number after
NetStorage has been installed, you must either reinstall NetStorage or edit the
XSYNCNSP\IFOLDER SERVER registry setting to reflect the change.
NetStorage will not function properly without this change.
Changing Apache Port Numbers after NetStorage Installation
If you change the Apache Web server port numbers after NetStorage has been
installed, you must either reinstall NetStorage or edit the
XSYNCNSP\SECURE PORT registry setting to reflect the change.
NetStorage will not function properly without this change.
Logging In as a Different User
If you are using Windows 98 and Internet Explorer, and after logging in to
NetStorage you intend to log in again as a different user, you must first delete
Internet Explorer cookies and log out from Windows 98 or you will not be able
to log in again. This is necessary because Windows 98 retains user information
and NetStorage cookies are created that are user specific.
When using Windows 2000 and Microsoft Web Folders, you must enable the
Launch Folder Windows in a Separate Process option by doing the following:
1 Double-click My Computer and then click Tools > Folder Options >
View.
2 Check the Launch Folder Windows in a Separate Process check box.
Novell NetStorage 87
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Internet Explorer Unable to Open Some Web Folders
If you use Microsoft Web Folders with NetStorage to create a new folder, you
might not be able to open that folder using Internet Explorer.
Hosts File Not Usable by NetStorage
NetStorage cannot use the SYS:\ETC\HOSTS file to resolve DNS names. If

you have applications that can use DNS names (such as iFolder), your DNS
names must be registered with a valid DNS server which is identified in the
SYS:\ETC\RESOLVE.CFG file. The DNS server is normally registered
automatically during the NetWare 6 installation.
NetStorage Help Not Accessible When Using NetWare WebAccess
NetStorage online help is not accessible when both of the following conditions
exist:
You access NetStorage using NetWare WebAccess
NetStorage and NetWare WebAccess are installed on different servers
To make NetStorage help accessible, copy the SYS:NETSTORAGE directory
from the server where NetStorage is installed to the server where NetWare
WebAccess is installed and add the following lines to the
SYS:APACHE\CONF\ADMINSERV.CONF file on the NetWare WebAccess
server.
Alias /NetStorage "SYS:/webapps/NetStorage"
<Directory "SYS:/webapps/NetStorage">
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
Character Set Issues with Netscape
If you use the Netscape* browser to open NetStorage, square boxes will be
displayed in place of some characters. To resolve this, click View > Character
Set > Unicode (UTF-8) and then click View > Character Set > Set Default
Character Set.
88 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
27 Novell Storage Services
Previous NSS Volumes Not Automatically Upgraded
Previous NSS volumes are not automatically upgraded during the NetWare 6
installation process. After you install NetWare and reboot the server, you can
upgrade previous NSS volumes to the current NSS volume layout.
Before you upgrade previous NSS volumes, you must ensure that NDS® is up
and running and that the Backlink process is complete.
To upgrade previous NSS volumes, do the following at the server console:
To upgrade a single NSS volume, enter
nss /zlssvolumeupgrade=volume
To upgrade all NSS volumes, enter
nss /zlssvolumeupgrade=all
After you upgrade all the volumes, you can use the MOUNT ALL command
or mount the volumes individually.
Must Add Trustee Rights to SYS:LOGIN When Upgrading Volume

SYS:
You can use the Volume Conversion Utility (VCU) to upgrade a traditional
volume SYS: to the NSS volume SYS:. However, the implied trustee rights do
not transfer with this method. After you upgrade volume SYS:, you must
manually add a public trustee with read and file scan rights to the LOGIN
directory.
Novell Storage Services 89
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Modifying a Volume’s NDS Object When Converting Volumes
You can convert traditional volumes to NSS volumes after you upgrade to
NetWare 6. The following is an example of using the volume conversion
utility (VCU) when you want to modify the volume’s NDS object:
vcu TRAD NSSPOOL provo_tree\novell\provo ds_poolname ds_volName
DS tree: provo_tree
DS context:provo.novell
DS NSSPOOL name: ds_poolName
DS TRAD name: ds_volName
Do Not Create Traditional Volumes Still in Clusters
After you upgrade the first server in a cluster, the shared NSS volumes might
appear as free space in a traditional partition on the remaining NetWare 5
servers. Creating a volume in this space will corrupt the NSS volumes. For
more information, see Chapter 17, “Novell Cluster Services,” on page 59.
90 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
28 Novell TCP/IP
Missing INETCFG Information
If any information is missing from INETCFG after a new installation, it is

because no information was uploaded to the TCPIP.CFG file. Similarly, if
INETCFG information is missing or you get configuration error messages
after an upgrade, it is because no new information was uploaded to the
TCPIP.CFG file and some entries have become invalid. In either case, delete
the SYS:/ETC/TCPIP.CFG file and reconfigure through INETCFG.
Supernetting
Once the server is configured with a supernet mask, it behaves like an end
node when IP Forward gets disabled. It continues to behave like an end
node, even if the mask is changed to a non-supernet mask and the system
is reinitialized. To make it work like a router, change the state of the IP
packet forwarding or RIP or LAN Static Routing in INETCFG and
reinitialize the system.
With the CIDR mask on, some valid host IDs ending in .255/.0 cannot be
bound.
Fault Tolerance
Fault tolerance is supported on ODITM compliant drivers (such as
CE100B, IBMFE, PCNTNW,3C90XC, and N100).
Load balancing and fault tolerance features cannot be configured in the
protocols menu of INETCFG if the bindings are created by transferring
commands from AUTOEXEC.NCF. To resolve this problem, delete all of
the bindings from the Bindings menu and add them again.
Novell TCP/IP 91
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Load Balancing
Load balancing might not work when all the clients’ IP address are
mapped to a single server NIC and all the clients start data transfer
simultaneously.
Multihoming might not work in some cases where the hosts are
supernetted.
Viewing Bindings
You can discover and load drivers using NWCONFIG and subsequently bind
the boards to IP addresses through INETCFG. However, NWCONFIG does
not show the bindings. To see the drivers, unload the drivers from the system
console and reinitialize the system. NWCONFIG then shows the bindings
added through INETCFG.
Routing
EGP and OSPF are not completely functional in this release.
RAM
Ensure that at least 512 MB of RAM is available where the server is to be

stressed with heavy network operations.
IP Trace
Once the IP Trace is loaded, you cannot load anything from the console until
the Trace finishes. To load something, close the Trace screen.
Application Dependency
If the IP address used by an application is changed, it might stop working. For

more information, refer to the documentation for the particular application.
92 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
29 Pervasive.SQL
Pervasive.SQL 2000 Database Licenses
A permanent two-user license is installed during the NetWare 6 installation

process. If you are upgrading an existing NetWare server, an unlimited license
that will expire 90 days after installation is also installed.
The permanent two-user license is intended for use by the NetWare operating
system. If you have additional applications using Pervasive.SQL 2000 or
Pervasive.SQL 2000i, including the Btrieve* interface, you can use the
unlimited user count license for 90 days. If you have applications that need
access to the NetWare Pervasive.SQL 2000i database engine, you must
purchase an appropriate user count license from Pervasive Software before the
90-day evaluation period ends. Please allow adequate time before the end of
the evaluation period to receive your user count license.
For more information on Pervasive.SQL 2000i, features, documentation, or
information, see the following:
Internet: Pevasive Software Web site (http://www.pervasive.com)
Email: Salessupport@pervasive.com
Phone (U.S.):1-800-287-4383
Phone numbers for all international offices are available from the Contact Us
link (http://www.pervasive.com/company/contact/index.asp) on the Pervasive
Software Web site.
Pervasive.SQL 93
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Known Issues
So that Pervasive can update known issue reports periodically between

releases, all Known Issues are now published in the Pervasive Knowledge
Base (http://support.pervasive.com/eSupport/). Search on "Pervasive.SQL
2000 Service Pack 3 known issues".
You can also see a static list of known issues, including links to the associated
Knowledge Base articles, at their Fixed Defects and Known Issues Web page
(http://www.pervasive.com/support/updates/psql2kfixed.asp).
Technical Support
For technical support and discussions about Pervasive products, see their
DevTalk forum (http://www.pervasive.com/devtalk).
To file a support incident, submit an Electronic Support Incident (http://
www.pervasive.com/support/support_email.asp).
You can also visit the Pervasive Support Center (http://www.pervasive.com/
support/supportcenter.asp) for other contact information.
Useful Links
You can also check out the following:

Comprehensive list and details of Pervasive products (http://
www.pervasive.com/offerings).
Discussions about Pervasive development issues (http://
www.pervasive.com/devtalk).
Technical papers (http://www.pervasive.com/support/TechPapers.asp).
Online product manuals (http://www.pervasive.com/support/technical/
online_manuals.asp).
Support programs (http://www.pervasive.com/support/
support_programs.asp).
Pervasive Knowledge Base (http://support.pervasive.com/eSupport/).
Updates and patches (http://www.pervasive.com/support/updates/).
94 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
30 Scripting Products
Scripting Products Included
The following scripting products are included with NetWare 6. Readme

information can be found at the links provided.
Novell Script for NetWare (NSN) (http://www.developer.novell.com/
ndk/nscript.htm#readme)
Perl for NetWare (http://www.developer.novell.com/ndk/
perl5.htm#readme)
NetBasic* 6.0 (http://www.developer.novell.com/ndk/nb6.htm#readme)
Universal Component System (UCS) (http://www.developer.novell.com/
ndk/ucs.htm#readme)
Upgrading from NetWare 5.1 to NetWare 6

The NSN and NetBasic configuration files
(SYS:SYSTEM\NSNSYS.INI, SYS:UCS\UCX.INI, and
SYS:SYSTEM\NBSYS.INI) are overwritten during the upgrade. If you
previously made changes to the files, you might want to keep a copy of
them.
ScriptEase (SE) is not installed as part of NetWare 6. If the system is
upgraded from NetWare 5.1 to NetWare 6, SE will be available because
it was part of the NetWare 5.1 system. Note that Novell will not provide
customer support for SE in a NetWare 6 environment.
NSN Compiler
The NSN Compiler SDK is not included with NetWare 6. The NSN product
on the NDK Web site (http://www.developer.novell.com/ndk/nscript.htm) has
the latest version of the compiler.
Scripting Products 95
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Novell Script Pages
Novell® Script Pages (NSP) prevents any NSP page from being uploaded and
executed without the execute bit set on the NSP file itself or on the parent
directory.
To mark an NSP file or directory with the execute bit, do the following:
1 Access NDS® from the NetWare Web Manager General Administration
page.
2 Navigate to the NSP file or directory and display the access control rights
for that object.
3 Check the Execute check box and save your changes.
After the NSP page file or directory has been marked with the execute bit,
NSP will allow it to run.
96 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
31 Storage Management Services (SMS)

“Backup and Restore Issues” on page 97
“Client Issues” on page 98
“Other Issues” on page 99
Backup and Restore Issues

Update SMS Components
A new release of Storage Management Services (SMS) is available at the

Novell Support Web site (http://support.novell.com). This release contains
important fixes to the SMS components delivered with NetWare 6.
The fixes ensure compatibility between earlier versions of NetWare and the
NetWare 6 SMS modules. In addition, the patch includes updates to SMS
components (including SMDR and TSA), which have made the product more
stable and robust.
To maintain backup and restore services on NetWare 6 and your network, you
must install the patch. The patch will supersede the SMS modules installed by
default during the NetWare 6 installation.
For more information, see the Readme included with the patch.
DOS File Systems on NSS
TSADOSP.NLM, the target service agent for the DOS file system on NSS, is
no longer required. Instead, load DOSFAT.NSS and TSA600.NLM on the
server hosting the DOS partition. This enables the partition to be listed as an
NSS volume for backup or restore operations.
Storage Management Services (SMS) 97
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Exclude/Include Options for Workstation Restore
When Exclude/Include options are set for a workstation restore, only the
selected data sets are restored. The log file and the status window of the
session reports incorrect status. All the data sets are reported as restored,
whereas only the data sets matching the specified options are actually restored.
Hard Links Not Supported by NSS in NetWare 6
Hard links are not supported by NSS in NetWare 6. Therefore, existing hard
links in your data can no longer be restored to NSS.
Restoring Hard Links in a NetWare Traditional File System
Hard links in a NetWare Traditional File System cannot be restored to a

directory that does not exist on the volume. That is, if the hard link has to be
created in a directory that is different from the parent directory (where the file
was originally located), then the directory for the hard link should exist on the
volume before the hard link can be created. This is unlike a normal restore
operation wherein a new directory is created whenever the restore directory is
different from the parent directory.
Client Issues
Windows 2000 and NT Workstation Registration Using IPX/SPX
The Windows workstation will not register to the NetWare server if both are
configured to use only IPXTM/SPXTM.
Setting the Username and Password for Windows 2000 Workstation
Follow the procedure below to set the username and password on a Windows
2000 workstation. The TSAPrefs interface does not let you set these fields
while registering the workstation to a server.
1 From the Start Menu, click Settings > Control Panel, double-click
Administrative Tools > Computer Management, and then click Local
Users&Groups > Users.
2 Double-click a user from the list.
3 In the Member Of window, select the group that has the security policy,
click Act As Part of the Operating System, add the user as a member of
the group, and then click Apply > OK.
98 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
If you need to assign a security policy to a group, do the following:

Return to the Administrative Tools window and click Local Security
Policies > Local Policies > User Rights Assignment.
The list of policies and the local and effective settings are displayed.
Double-click Act As Part of the Operating System Security Policy to
display the Local Security Policy Setting dialog box.
Click Add, select the group that this policy is to be assigned to, and
then click Add > OK.
4 Restart the Windows NT Target Service Agent for the changes to take
effect.
5 Register the workstation to a server.
Other Issues
SBCON recognizes data only in the System Independent Data Format (SIDF).
If the media contains data in any format other than SIDF, the media must be
labeled before use.
Storage Management Services (SMS) 99
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
100 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
32 Third-Party Adapters, Drivers, and

Applications
Using Virus Scan Software with NetWare 6
When performing virus scans with Norton or McAfee software, you must
exclude the protected NSS volume named _ADMIN. Otherwise, the server
will abend.
ISA Adapters Are Not Supported on NetWare 6
For performance and scalability reasons, all ISA adapter drivers have been
removed from NetWare 6. There is a possibility that a family driver might
support adapters which run on more than one bus type (PCI and ISA). In this
case, any ISA adapter would be considered a noncertified driver and would
not be supported by Novell®.
CardBus and Mini-PCI LAN Drivers
There are no certified CardBus or Mini-PCI drivers in NetWare 6. However,

we have included drivers for adapters that use the 3COM* 3C1556.LAN
Mini-PCI driver and drivers for XIRCOM CardBus adapters, which use the
CE3ODI.LAN driver. These drivers are located in the
DRIVERS\UNSUPDRV directory on the Operating System CD or in the
NWSERVER\DRIVERS\UNSUPDRV directory, located in the DOS partition
after installation.
IMPORTANT: Although these drivers might work, they have been included only
for use in cases where laptop servers are needed for demonstration purposes.
They should be considered not supported by Novell. See the Readme in the
UNSUPDRV directory for details.
Third-Party Adapters, Drivers, and Applications 101
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
Suggested LAN Driver Substitution
In some cases there are no substitutes for LAN drivers. For example, Compaq
no longer supports the Netflex 3 LAN hardware associated with the
CPQNF3.LAN driver. 3Com provides limited support for their 3c90x LAN
card line to LAN cards starting with the 3c905b hardware and beyond.
Unsupported versions of these drivers are located on the NetWare 6 Operating
System CD and can be installed in the NWSERVER\DRIVERS\UNSUPDRV
directory.
Patches for Backup
Patches for backup and restore operations will be available on the Novell
Support Web site (http://support.novell.com) concurrent with the shipment of
NetWare 6.
WAN Support
WAN support is not included with NetWare 6. If you are upgrading from a
previous version of NetWare, your AUTOEXEC.NFC and STARTUP.NCF
files might need to be edited to remove WAN components that are autoloaded.
102 NetWare 6 Readme
NetWare 6 Readme
103-000171-001
October 25, 2001
Novell Confidential
QuickStart Rev 99a 44 August 22, 2001
To begin a QuickStart (English): Click in the box under the word Novell. Insert QuickStart and Title elements. 2. Type the product name. 3. Insert the HeadQS element and type
the title of your card. 4. Put in your product version: Click Special > Variable > select the variable named Version > Edit Definition > enter the version number > click Done > Done.
It will appear as background text replacing Version X.X.
For a single (stand-alone) card: Keep this master page, named “QS-Single.“ It shows the part number on the bottom right, since single cards don’t have front matter.
For a card that’s part of a booklet: Use Special > Master Page Usage to change to using “First” master page on the first page of the card. It doesn’t show the part number, since
part number will be noted in the front of the booklet.
Novell
NetWare 6
w w w. n o v e l l . c o m
Q U I C K S TA R T
Installation and Upgrade
MINIMUM SYSTEM REQUIREMENTS

A server-class PC with a Pentium* II or AMD* K7 processor
256 MB of RAM
A Super VGA display adapter
A DOS partition of at least 200 MB and 200 MB available space
2 GB of available disk space outside the DOS partition for volume SYS:
One network board
A CD drive
A USB, PS/2*, or serial mouse (recommended but not required)
RECOMMENDED SYSTEM REQUIREMENTS

A server-class PC with two-way Pentium III 700 MHz or higher processors
512 MB of RAM
A Super VGA or higher resolution display adapter
A DOS partition with 1 GB of available space
4 GB of available disk space outside the DOS partition
One or more network boards
A bootable CD drive that supports the El Torito specification
A USB, PS/2, or serial mouse
102-001442-001
Instructions for International. For SINGLE cards: 1. After importing SGML, click the BookQS element in the "Structure View" window. 2. Select QuickStart in the "Elements" window
and click Wrap. 3. Right-click the BookQS element in the "Structure View" to bring up menu, and select Unwrap. 4. Highlight the Front element in the "Structure View" and delete
it. 5. Right-click the nested QuickStart element in the "Structure View" to bring up menu, and select Unwrap. 6. You can continue with print prep and creating PostScript and PDF,
even though the file is not completely valid because the ID on the QuickStart element is missing. That’s okay—it will not affect the appearance of the document, so PostScript and
PDF will be correct. For cards in a booklet: To remove part number from f irst page, use the master page "First."
August 29, 2001

Novell Confidential
UPGRADE SYSTEM REQUIREMENTS

The server to be upgraded must be running one of the following:
NetWare 5.1 with Support Pack 2 or later
NetWare 5 with Support Pack 6 or later
A server-class PC with a Pentium II or AMD K7 processor
256 MB of RAM
A DOS partition with 35 MB of available space
2 GB of available disk space on volume SYS:
One network board
A CD drive
A USB, PS/2, or serial mouse (recommended but not required)
SOFTWARE AND OTHER REQUIREMENTS

NetWare 6 Operating System CD
NetWare 6 License/Cryptography diskette
Supervisor right at the [Root] of the eDirectoryTM tree
Supervisor right to the container where the server will be installed
Read right to the Security container object for the eDirectory tree
DOS and CD drivers (required if the computer does not boot from CD)
You can make a bootable floppy diskette using the MKFLOPPY.BAT program located in the
INSTALL directory of the NetWare 6 Operating System CD.
Client connection utilities (optional, for installing from a network):
Novell® ClientTM for DOS and Windows* 3.1x (optional, for installing from a NetWare
server running IPXTM).
IP Server Connection Utility (optional, for installing from a NetWare server running IP
only).
For instructions, see PRODUCTS\SERVERINST\IPCONN.TXT on the Novell Client CD.
102-001442-001
August 29, 2001
IP address and domain names (required for connecting to the Internet):
An IP address
An IP address of a domain name server
The name of your domain
Network board and storage device properties, such as the interrupt and port address
(required if not included in NetWare)
PREPARE THE NETWORK

1 Run NetWare Deployment Manager (NWDEPLOY.EXE), located on the NetWare 6 Operating
System CD.
2 Complete all relevant tasks in the Prepare the Network section.
START THE INSTALLATION

1 Access the NetWare 6 Operating System CD.
Boot from CD
Boot from DOS partition, access the CD, and enter INSTALL
Make sure that the CONFIG.SYS file contains the FILES=50 and BUFFERS=30
commands.
2 Select the type of installation.
Express Installation sets up a server using standard settings.
Custom Installation lets you specify settings for your environment.
SELECT SETTINGS AND DRIVERS

1 Select regional and server settings.
2 Select the mouse and video type.
3 Select a platform support module and storage adapter.
4 Select a storage device and a network board.
SET UP THE SERVER

1 Create volume SYS:.
2 Name the server.
3 Install the NetWare 6 server file system.
4 Install networking protocols.
102-001442-001
August 29, 2001
QuickStart Rev 99a44 August 22, 2001
5 Set up Domain Name Service (DNS).
6 Set the server time zone.
7 Set up Novell eDirectory.
8 License the NetWare server.
SELECT AND INSTALL ADDITIONAL PRODUCTS

Additional installation screens will appear depending on the products you select.
1 Set up Novell Certificate Server.
2 Configure LDAP.
3 Install Novell Native File Access Protocols.
4 Set up NetWare WebAccess.
5 Set up Novell iManage.
6 Install Novell iFolderTM.
7 Install Novell NetStorage.
REBOOT THE SERVER

1 Complete the installation/upgrade by rebooting the server when prompted.
2 Start the server.
If you chose to load the server on reboot, it will load automatically.
To load the server manually, change to the startup directory containing the NetWare
server files (C:\NWSERVER) and enter SERVER.
UPDATE NSS VOLUMES (UPGRADE ONLY)

If you upgraded from a NetWare 5.1 server with Novell Storage ServicesTM (NSS) volumes, you
must complete the following procedure to update NSS volumes.
1 When prompted at the end of the upgrade, reboot the computer.
2 Make sure that all processes relating to the NetWare 6 upgrade have completed.
3 At the server console, enter the following command
NSS /ZLSSVOLUMEUPGRADE=ALL
The NSS volumes can now be mounted on the NetWare 6 server.
102-001442-001
August 29, 2001
WHAT’S NEXT?
Although you have installed or upgraded to NetWare 6, you might need to configure products to
work in the new environment. Additionally, some products such as Novell Cluster ServicesTM can
be set up only after completing the server installation. You can install products using NetWare
Deployment Manager or from the GUI server console screen.
Copyright © 2001 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval
system, or transmitted without the express written consent of the publisher. eDirectory, iFolder, Internetwork Packet Exchange and
IPX, Novell Client, Novell Cluster Services, and Novell Storage Services are trademarks and NetWare and Novell are registered
trademarks of Novell, Inc. in the United States and other countries. All third-party products are the property of their respective
owners. A trademark symbol (®, TM, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark.
102-001442-001
August 29, 2001
NetWare 6 Overview and Installation Guide
Novell
NetWare 6 ®
www.novell.com
O V E RV I E W A N D I N S TA L L AT I O N G U I D E
August 30, 2001

Novell Confidential
Contents
Preface 9
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
User Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1 Welcome to NetWare 6 11
Make End Users More Effective with NetWare 6 . . . . . . . . . . . . . . . . . . . . . . . . . 11
Eliminate Client Software with Novell Native File Access Protocols . . . . . . . . . . . . . . 11
Print from Anywhere with Novell iPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Access and Manage Your Files From Anywhere with Novell iFolder. . . . . . . . . . . . . . 12
Use Novell NetStorage to Access Files with an Internet Browser . . . . . . . . . . . . . . . 13
Store and Retrieve Network Data With Novell NetDrive . . . . . . . . . . . . . . . . . . . . 13
Access Internet Services from a Centralized Location with NetWare WebAccess . . . . . . . 14
Manage the Network with NetWare 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Manage Your Network with NetWare Remote Manager . . . . . . . . . . . . . . . . . . . . 14
Manage eDirectory Objects from an Internet Browser with iManage. . . . . . . . . . . . . . 15
Manage the Network with ConsoleOne. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Manage IP Addresses with the Novell DNS/DHCP Administration Tool . . . . . . . . . . . . 16
Powering Net Services with Novell Web Services . . . . . . . . . . . . . . . . . . . . . . . 16
Publish Web Pages with NetWare Enterprise Web Server. . . . . . . . . . . . . . . . . . . 18
Run Applications on NetWare Using the Tomcat Servlet Engine . . . . . . . . . . . . . . . 18
Provide Custom Search Services with NetWare Web Search Server . . . . . . . . . . . . . 18
Manage UNIX and NetWare Networks with Network Information Services . . . . . . . . . . 18
Track Network Usage with Novell Advanced Audit Service . . . . . . . . . . . . . . . . . . 19
Track Application Licenses with Novell Licensing Services . . . . . . . . . . . . . . . . . . 19
Build on an Established Networking Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Increase Availability with Novell Cluster Services . . . . . . . . . . . . . . . . . . . . . . . 19
Manage Millions of Network Objects with Novell eDirectory . . . . . . . . . . . . . . . . . . 20
Manage Disk Storage Devices with Novell Storage Services . . . . . . . . . . . . . . . . . 21
Mint Digital Certificates with Novell Certificate Server . . . . . . . . . . . . . . . . . . . . . 21
Verify Identity with Novell Modular Authentication Service . . . . . . . . . . . . . . . . . . . 21
Back up Data with Storage Management Services. . . . . . . . . . . . . . . . . . . . . . . 22
Communicate with IP, the Protocol of the Internet . . . . . . . . . . . . . . . . . . . . . . . 22
Support IPX Applications with Compatibility Mode Driver . . . . . . . . . . . . . . . . . . . 22
Reduce Deployment Costs with NetWare 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Streamline the Server Installation with the NetWare 6 Express Installation . . . . . . . . . . 23
Customize the Server Configuration with NetWare 6 Custom Installation . . . . . . . . . . . 23
Contents 5

100-004725-001
August 30, 2001
Novell Confidential
Migrate Network Data to another Server with NetWare Migration Wizard . . . . . . . . . . . 23

Use Other Installation Options to Simplify the Move to NetWare 6 . . . . . . . . . . . . . . 24
Let’s Get Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Step 1: Decide What Solutions You Want . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Step 2: Install or Upgrade to NetWare 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2 Setting Up NetWare 6 27
Meeting System and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Software and Other Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Preparing the Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Preparing the Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Installing Computer and Networking Hardware . . . . . . . . . . . . . . . . . . . . . . . . 33
Creating and Formating a DOS Partition . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Accessing the Installation Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Installing the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Navigating in the Character-Based Screens . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Selecting the Type of Installation and Regional Settings . . . . . . . . . . . . . . . . . . . . . 35
Selecting the Language and Accepting the License Agreement . . . . . . . . . . . . . . . 36
Selecting the Type of Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Specifying Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Selecting the Regional Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Selecting the Mouse and Video Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Selecting a Platform Support Module and Storage Adapter. . . . . . . . . . . . . . . . . . . . 40
Selecting a Platform Support Module (If Required) . . . . . . . . . . . . . . . . . . . . . . 41
Selecting a PCI Hot Plug Module (If Required) . . . . . . . . . . . . . . . . . . . . . . . . 41
Selecting a Storage Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Selecting a Storage Device and a Network Board . . . . . . . . . . . . . . . . . . . . . . . . 42
Selecting a Storage Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Selecting a Network Board . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Loading a NetWare Loadable Module (If Required) . . . . . . . . . . . . . . . . . . . . . . 43
Creating a NetWare Partition and Volume SYS: . . . . . . . . . . . . . . . . . . . . . . . . . 44
Removing an Existing Volume SYS: (Conditional). . . . . . . . . . . . . . . . . . . . . . . 44
Creating Volume SYS: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Naming the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Enabling Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Installing the NetWare Server File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Understanding Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Creating Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Modifying Volumes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Deleting Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Mounting Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
6 NetWare 6 Overview and Installation Guide

100-004725-001
August 30, 2001
Novell Confidential
Installing Networking Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

About Internet Protocol (IP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
About IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Using Both IP and IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Setting Up Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Configuring a NetWare Server as a DNS Server (Optional) . . . . . . . . . . . . . . . . . . 57
Setting the Server Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Setting Up Novell eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Choosing the Type of eDirectory Installation . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Install the Server into an Existing eDirectory Tree . . . . . . . . . . . . . . . . . . . . . . . 59
Creating a New eDirectory Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Licensing the NetWare Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Install Networking Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Configuring IP-Based Services (Conditional). . . . . . . . . . . . . . . . . . . . . . . . . . 64
Installing Novell Certificate Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Configuring LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Installing Novell Native File Access Protocols . . . . . . . . . . . . . . . . . . . . . . . . . 67
Setting up NetWare WebAccess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Setting Up Novell iManage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Install Novell iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Install Novell NetStorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Customizing the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Completing the Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Updating NSS Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Installing Additional Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
3 Upgrade to NetWare 6 87
Meet System and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
System and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Software and Other Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Preparing the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Preparing the Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Backing Up the NetWare Server Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Preparing Application Files Prior to Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . 93
Verify a Valid DOS Partition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Access the Installation Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Contents 7

100-004725-001
August 30, 2001
Novell Confidential

100-004725-001
August 30, 2001
Novell Confidential
Preface
This book is divided into the following sections:

Chapter 1, “Welcome to NetWare 6,” on page 11 explains the features and
benefits of NetWare 6. It also includes descriptions of products that ship
with NetWare 6 and how they add value to your network.
Chapter 2, “Setting Up NetWare 6,” on page 27 explains the prerequisites
and instructions for installing a NetWare 6 server.
Chapter 3, “Upgrade to NetWare 6,” on page 87 explains the prerequisites
and instructions for upgrading to NetWare 6 from a NetWare 3, 4, or 5
server.
NetWare 6 online documentation and any relevant corrections or updates
are also available at the Novell Product Documentation Web site (http://
www.novell.com/documentation).
Novell Education offers a variety of courses that help you maximize your
investment in NetWare 6. For course descriptions, details, and locations
of training events, visit the Novell Education Web site (http://
www.novell.com/education/netware6).
Also, a trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk
(*) denotes a third-party trademark.
Preface 9

100-004725-001
August 30, 2001
Novell Confidential
User Comments
We want to hear your comments and suggestions about this manual and the
other documentation included with NetWare 6.
To contact us, send e-mail to webdoc@novell.com or send comments to:
Novell, Inc.
Product Documentation
MS PRV-E-232
Provo, UT 84606 USA
Fax (801) 861-3002

100-004725-001
August 30, 2001
Novell Confidential
1 Welcome to NetWare 6
NetWare® 6 provides your business and your network with new solutions,
updated products, and rock-solid applications that give you the power to
change.
NetWare 6 is the Net services software solution that adds tremendous value to
your company’s ability to communicate on your network and on the Internet.
With nonstop access, Net-ready security, and high availability, NetWare 6
delivers file storage, printing, directory, e-mail, and database resources that
can be accessed as one Net across all type of networks—corporate and public,
wired and wireless, storage systems and client desktops.
NOTE: This section contains several references to other pieces of NetWare 6
documentation. This documentation is available on the NetWare 6 Online
Documentation CD and on the NetWare 6 Product Documentation Web site (http:/
/www.novell.com/documentation/lg/nw6p).
Make End Users More Effective with NetWare 6

NetWare 6 provides solutions that simplify the system administration
responsibility while at the same time increasing the efficiency of the end user.
Several new products help end users access, synchronize, and print their files
from any location.
Eliminate Client Software with Novell Native File Access Protocols

Novell® Native File Access Protocols let Macintosh*, Windows*, and UNIX*
workstations access and store files on NetWare servers without having to
install any additional software—such as Novell ClientTM software. The
software is installed only on the NetWare server and provides “out of the box”
network access. Just plug in the network cable, start the computer, and you’ve
Welcome to NetWare 6 11

100-004725-001
August 30, 2001
Novell Confidential
got access to servers on your network. No more client configuration. No more

client software. No more problems.
For more information, see the Novell Native File Access Protocols Installation
and Administration Guide.
NetWare
Server
IP
CIFS AFP NFS
Windows MAC UNIX
Print from Anywhere with Novell iPrint

Novell iPrint allows mobile employees, business partners, and customers to
access printers from a variety of remote locations using existing Internet
connections. Users install printers and manage print jobs using a Web browser.
Administrators set up Web pages with a list of available printers or create
maps with printer locations to aid users in finding the printer closest to them.
For more information, see the iPrint Administration Guide.
Access and Manage Your Files from Anywhere with Novell iFolder
Novell iFolder is a file storage and management solution to the universal
problems associated with storing and retrieving data. With iFolder you have
the latest version of your data when you need it and where you need it from
any computer that you regularly use. And if you are not at a computer that you
regularly use, you can still access and manage your files if you have an
Internet connection and a Java*-enabled browser.
For more information, see the Novell iFolder Administration Guide.

100-004725-001
August 30, 2001
Novell Confidential
Laptop Office
Novell
iFolder
John Home Server John Home
LDAP Directory
Home
John Home
John Home
Your iFolder Files
Kathy Home
through a Browser
Sam Home
Use Novell NetStorage to Access Files with an Internet Browser

Novell NetStorage provides simple Internet-based access to file storage and
serves as a bridge between a company's protected Novell network and the
Internet. It allows users secure file access from any Internet location, with
nothing to download or install on the user's workstation. Files and folders on
a Novell network can be accessed using either a browser or Microsoft* Web
Folders.
For more information, see the NetStorage Overview and Installation quick
start.
Store and Retrieve Network Data With Novell NetDrive

Novell NetDrive is a file storage solution to the universal problems associated
with storing and retrieving data. With NetDrive, users can map a drive to a
Web or FTP server with only an Internet connection, thereby eliminating the
need to have a Novell Client. When connected to the Web or FTP server, they
can perform all the familiar file operations that they now use in Windows
Explorer.
For more information, see the Novell NetDrive Administration Guide.

100-004725-001
August 30, 2001
Novell Confidential
Access Internet Services from a Centralized Location with NetWare

WebAccess
NetWare WebAccess allows administrators to set up a Web page that lets users
access multiple network resources from their Web browser. Users do not need
a Novell Client or VPN client to access to their resources. They can access
these resources on the Web from any computer with a compliant browser.
Customized content is provided through gadgets. A gadget provides access to
specific content on the network. Gadgets communicate with the appropriate
back-end system to gather the necessary data for a particular user—and users
can access it all with a single password.
For more information, see NetWare WebAccess Overview and Installation.
Manage the Network with NetWare 6

NetWare 6 includes many new utilities to help you easily and effectively
manage your network. As a network administrator, you will find that these
utilities provide you with a host of solutions to simplify, secure, and manage
your network.
Manage Your Network with NetWare Remote Manager

NetWare Remote Manager lets you use a Web browser to securely access
NetWare servers from any workstation and perform specific server
management tasks. From Remote Manager, you can monitor the health of your
servers, their processes, and CPU usage.
You can also perform common server management tasks more quickly such as
mounting and dismounting volumes, managing server connections,
configuring SET parameters, viewing the configuration of the server,
accessing files on volumes and DOS partitions, and even shutting down,
restarting, and resetting your server. Through the Console Screens applet, you
can view and run all the console screens just as though you were using the
keyboard at the server console.

100-004725-001
August 30, 2001
Novell Confidential
For more information about NetWare Remote Manager, see the NetWare
Remote Manager Administration Guide.
Manage eDirectory Objects from an Internet Browser with iManage

iManage runs in an Internet browser and is used for administering, managing,
and configuring Novell eDirectory objects. iManage lets you assign specific
tasks or responsibilities to users and presents users with only the tools (and
accompanying rights) necessary to perform those tasks. In NetWare 6, you can
use iManage to administer iPrint, DNS/DHCP, and Novell Licensing Services.
For more information, see the Novell iManage Administration Guide.
Manage the Network with ConsoleOne

ConsoleOneTM is a Java-based administration tool that you can use to flexibly
manage Novell and third-party products on a variety of platforms. Running on
either a NetWare server or a Windows workstation, ConsoleOne provides a
single point of administration for your network resources, including
eDirectory objects, schema, partitions, replicas, and NetWare servers.
With ConsoleOne, you can modify properties of multiple files, folders,
objects, and volumes simultaneously. You can also use ConsoleOne to quickly
browse large eDirectory trees, manage user accounts, administer rights, and
extend eDirectory schema.

100-004725-001
August 30, 2001
Novell Confidential
Novell ConsoleOne
For more information, see the ConsoleOne 1.3 User Guide.
Manage IP Addresses with the Novell DNS/DHCP Administration Tool

The DNS/DHCP Administration Tool runs in an Internet browser and enables
network administrators to easily configure and manage DNS (Domain Name
System Service) and DHCP (Dynamic Host Configuration Protocol Service).
For more information, see the Novell DNS/DHCP Services Administration
Guide.
Powering Net Services with Novell Web Services

Novell Web Services is a collection of products such as Tomcat Servlet
Engine, NetWare Enterprise Web Server, Apache Web Server, and WebDAV,
technologies that enable Novell’s Net Services products to work.
The following diagram depicts the role that Novell Web Services plays as the
Web-enabling technology for Net Services Software such as iFolder, iPrint,
iLogin, and Web Search Server.

100-004725-001
August 30, 2001
Novell Confidential
Internet
Laptop PC
Firewall
iFolder iLogin eFrame etc.

Net Web
Services iPrint Portal
Search Services
Tomcat Enterprise Apache

Servlet Web Web HTTP
Engine Server Server Stack
Web
Sevices
NetWare
NetWare 6 lets you manage documents with WebDAV, transfer files using
FTP, and communicate with HTTP.
For more information, see Getting Results with Novell Web Services.
Manage Novell Web Services with NetWare Web Manager
NetWare Web Manager is the tool you use to manage all of your Novell Web
Services and to access other Web-based management tools. You can manage
your Novell Web Services from any place on the Internet using an Internet
browser.
For more information, see "Introducing NetWare Web Manager" in Getting

100-004725-001
August 30, 2001
Novell Confidential
Publish Web Pages with NetWare Enterprise Web Server

The NetWare Enterprise Web Server is optimized to run in the NetWare
environment. It serves up Web pages to the Internet, an intranet, or an extranet.
Use the NetWare Enterprise Web Server to communicate across departments
or throughout the world. Let customers, suppliers, vendors, or consultants
access specific information. Of course, you can publish information on the
Internet so that the whole world can see it and even contribute to it.
For more information, see "Putting the Web Server to Work" in Getting
Run Applications on NetWare Using the Tomcat Servlet Engine

If you have or develop java applications that run on a server, NetWare 6 can
run them using the Tomcat Servlet Engine.
For more information, see "Extending Your Server with Programs" in Getting
Provide Custom Search Services with NetWare Web Search Server

NetWare Web Search allows users to find the information they're looking for
on any of your public and private Web sites, your partners' sites, and any
number of additional Web sites across the Internet all from a single search
form on your Web page. You can easily modify the look and feel of any of the
For more information, see "Introducing NetWare Web Search Server" in
Getting Results with Novell Web Services.
Manage UNIX and NetWare Networks with Network Information

Services
Network Information Service (NIS) lets you use Novell eDirectoryTM to
manage UNIX computers by providing information about users, groups, and
hosts and other information that NIS client might require. It maintains all
information in the form of eDirectory objects organized under the eDirectory
tree. NIS supports standard NIS maps and user-defined (custom) NIS maps.
For more information, see the Novell Native File Access Protocols Installation
and Administration Guide.

100-004725-001
August 30, 2001
Novell Confidential
Track Network Usage with Novell Advanced Audit Service

Novell Advanced Audit Service (NAAS) is an Novell eDirectory enabled
robust, flexible, and scalable auditing framework. It can audit services, both
Novell and third-party, and can provide a single, unified view of audit data for
the entire Net. It provides a single point of management by storing
configurable audit policies in eDirectory.
It adds auditing capability to the Net and thus addresses the security-related
concerns of enterprises when their networks are thrown open to their
customers, suppliers, and partners.
For more information, see the Novell Advanced Audit Service Administration
Guide.
Track Application Licenses with Novell Licensing Services

Novell Licensing Services (NLS) is a distributed, enterprise network service
that enables administrators to monitor and control the use of licensed
applications on a network. NLS also provides a basic license metering tool, as
well as libraries that export licensing service functionality to developers of
other licensing systems. NLS is tightly integrated with the Novell eDirectory
technology and is based on an enterprise service architecture.
For more information, see the Novell Licensing Services Administration
Guide.
Build on an Established Networking Platform

NetWare 6 combines new technologies with a tried-and-true network
operating system, giving you a platform that meets the needs of your growing
business and network.
Increase Availability with Novell Cluster Services

NetWare 6 includes Novell Cluster ServicesTM, which ensures high
availability and manageability of critical network resources including data
(volumes), applications, server licenses, and services. It is a multinode
clustering product for NetWare that is enabled for Novell eDirectory and
supports failover, failback, and migration (load balancing) of individually
managed cluster resources.

100-004725-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Novell Cluster Services allows you to configure up to 32 NetWare servers into

a high-availability cluster, where resources can be dynamically switched or
moved to any server in the cluster. Resources can be configured to
automatically switch or be moved in the event of a server failure, or they can
be moved manually to troubleshoot hardware or balance the workload.
Network Hub
Network Server 1 Server 2 Server 3 Server 4 Server 5 Server 6

Fiber
Interface Channel
Card(s) Card(s)
Sys Sys Sys Sys Sys Sys
Fiber Channel
Switch Shared Disk
System
For more information, see Novell Cluster Services Overview and Installation.
Manage Millions of Network Objects with Novell eDirectory

Novell eDirectory is a full-service, platform-independent LDAP directory that
can store and manage millions of objects, such as users, applications, network
devices, and data.
Novell eDirectory provides replication and partitioning capabilities and serves
as the foundation for directory-enabled services such as automated business-
relationship management, supply-chain management, electronic store fronts,
automated provisioning, enhanced security, customer profiling, electronic
wallets, automated notification systems, customized Web interfaces, and
virtual private networks (VPNs).
For more information, see the Novell eDirectory 8.6 Administration Guide.

100-004725-001
August 30, 2001
Novell Confidential
Manage Disk Storage Devices with Novell Storage Services

Novell Storage Services (NSS) is a file storage and management system that
meets the needs of your growing file system requirements. NSS can take free
space from multiple storage devices and create unlimited volumes which can
store up to 8 trillion files (each up to 8 terabytes in size). You can quickly
mount as many as 255 volumes. NSS lets you mount, configure, and maintain
volumes without disrupting the work of end users.
For more information, see the Novell Storage Services Administration Guide.
Mint Digital Certificates with Novell Certificate Server

Novell Certificate Server allows you to mint, issue, and manage digital
certificates. When Novell Certificate Server is installed, it creates a Security
container object, an Organizational Certificate Authority (CA) object, and two
server certificates. The server certificates enable secure data transmissions
and is required for Web-related products such as NetWare Web Manager and
NetWare Enterprise Web Server.
For more information, see Novell Certificate Server.
Verify Identity with Novell Modular Authentication Service

Novell Modular Authentication Service (NMAS) is designed to help you
protect information on your network. NMAS brings together additional ways
of authenticating to Novell eDirectory and to Windows NT/2000 networks to
help ensure that the people accessing your network resources are who they say
they are.
For more information, see the Novell Modular Authentication Service

100-004725-001
August 30, 2001
Novell Confidential
Back up Data with Storage Management Services

Storage Management ServicesTM (SMSTM) is the data protection system for all
your storage requirements. SMS allows backup and restore of targets such as
eDirectory, the file system, or an individual workstation's hard disk onto a tape
device that can be stored offsite.
If you have a hardware failure, corrupted data, or incorrectly deleted or
changed data, you can recover a previous version of the data. New features of
SMS to look for are superior performance and support for cluster resources.
For more information, see the Storage Management Services Administration
Guide.
Communicate with IP, the Protocol of the Internet

Novell TCP/IP software allows connectivity between different hosts in an
Internet environment. The TCP/IP stack lets you group multiple boards using
a multihoming feature. It also allows you to balance the load across different
configured boards and to ensure minimum downtime in case of board failure.
It provides high security, performance, and reliability of the host in the
Internet environment.
Novell TCP/IP offers an extensive set of configurable parameters for all
supported protocols. You can use these parameters to modify the default
characteristics of the initial configuration and also to configure advanced
features and optimize host, router, and LAN performance options.
For more information, see the TCP/IP Administration Guide.
Support IPX Applications with Compatibility Mode Driver

The Compatibility Mode Driver (CMD) helps you access NetWare services
using the IP protocol. The CMD services are used only when the system uses
an IPXTM application or tries to establish connections between IP and IPX
systems. These drivers are automatically loaded on both the NetWare clients
and servers when installed as IP-only systems. The IPX Compatibility Driver
also allows IP systems to communicate with IPX systems by using Migration
Agents.
The Migration Agent is a migration component that enables communication
between IPX and IP systems and creates an IP backbone that connects IPX

100-004725-001
August 30, 2001
Novell Confidential
segments. The Migration Agent is used to migrate systems from IPX to IP in

a phased manner without losing connectivity.
For more information, see the Server Communications Administration Guide.
Reduce Deployment Costs with NetWare 6

NetWare 6 includes several options that help you install a new server, upgrade
a legacy NetWare server, or migrate from a Windows NT* server. Whether
you need to install one or a thousand servers, NetWare 6 has an installation
option that will help you get the job done.
Streamline the Server Installation with the NetWare 6 Express

Installation
NetWare 6 includes an installation option that lets you accept the
recommended default values and quickly install a server. Drivers for disks and
network boards are automatically discovered and loaded, volume SYS: is
automatically created, and default products are installed. Using the Express
Installation option, you’ll breeze through the task of installing a server.
Customize the Server Configuration with NetWare 6 Custom

Installation
If your networking environment requires a specific configuration, NetWare 6
lets you select which components and products will be installed and what
location they will be installed to. You can also make volumes and partitions as
large as you want. The NetWare 6 Custom Installation option gives you the
flexibility you require.
Migrate Network Data to another Server with NetWare Migration

Wizard
NetWare Migration Wizard is a solution to the difficulties associated with
upgrading your hardware and software. The Migration Wizard migrates data
from Windows NT and NetWare 3, 4, 5, or 6 to a computer running NetWare
5 or 6.
For more information, see the NetWare Migration Wizard 6 Administration
Guide.

100-004725-001
August 30, 2001
Novell Confidential
Use Other Installation Options to Simplify the Move to NetWare 6

Several other options are also available to help you install or upgrade to
NetWare 6.
Quickly upgrade with NetWare Accelerated Upgrade—You can run NetWare
Accelerated Upgrade from a Windows client workstation so that you don’t
need to be physically present at the server console. Although NetWare
Accelerated Upgrade is quicker than the standard installation process, it does
not install additional network products, licensing services, or license
certificates.
Automate the NetWare installation with a response file—Installing the
NetWare operating system software can be easier and more flexible when you
use a response file. When used with the graphical server installation, a
response file lets you set and display specific default values, bypass entire
sections of the installation, and automate the entire server installation process.
Use installation scripts to control the installation—NetWare installation
scripts let you alter or extend the NetWare installation process. You can use
installation scripts to install additional products on a server after the operating
system has been installed.
For more information on these options, see Other Installation Options.
Let’s Get Started

Now that you’re familiar with the power of NetWare 6, you can see that it
provides you with a lot of options. The next step is to decide what products
and solutions you want—and then install your NetWare 6 servers.
Step 1: Decide What Solutions You Want

Before installing your NetWare 6 servers, make sure that you read all about
your chosen solutions. Some products require that you install the server in a
specific way.
Step 2: Install or Upgrade to NetWare 6

You have several options for installing and upgrading to NetWare 6. Choose
the option that best meets your needs and follow the instructions provided.

100-004725-001
August 30, 2001
Novell Confidential
Installation Option Refer to
Add a NetWare 6 server to an Chapter 2, “Setting Up NetWare

existing network 6,” on page 27
Upgrade from NetWare 3, Chapter 3, “Upgrade to NetWare

NetWare 4, or NetWare 5 6,” on page 87
Migrate data from another NetWare Migration Wizard 6

NetWare server or NT Server Administration Guide
Use advanced installation/ Other Installation Options

upgrade options
All this information is available on the NetWare 6 Online Documentation CD

included with the NetWare 6 product and on the NetWare 6 Product
Documentation Web site (http://www.novell.com/documentation/lg/nw6p).

100-004725-001
August 30, 2001
Novell Confidential

100-004725-001
August 30, 2001
Novell Confidential
2 Setting Up NetWare 6
This chapter describes how to set up a NetWare® 6 server. The process

includes the following tasks:
Meet system and software requirements
Prepare the network and the computer
Determine the type of installation
Specify hardware and software settings
Create volume SYS:
Name the server and install the server file system
Install networking protocols
Set up Novell eDirectory
Install other networking products
Meeting System and Software Requirements
System Requirements
NetWare will run on the minimum system requirements listed below. For
optimal performance, the computer should meet the recommended
requirements.
Minimum System Requirements
NetWare 6 has the following minimum system requirements:

A server-class PC with a Pentium* II or AMD* K7 processor
256 MB of RAM
Setting Up NetWare 6 27

100-004725-001
August 30, 2001
Novell Confidential

A DOS partition of at least 200 MB and 200 MB available space
2 GB of available disk space outside the DOS partition for volume SYS:
One network board
A CD drive
A USB, PS/2*, or serial mouse (recommended but not required)
Recommended System Requirements
For optimal performance, NetWare 6 has the following recommended system

requirements:
A server-class PC with two-way Pentium III 700 MHz or higher
processors
NOTE: NetWare 6 can run on as many as 32 processors.
512 MB of RAM
A Super VGA or higher resolution display adapter
A DOS partition with 1 GB of available space
NOTE: To determine the optimal size of a boot partition, add the amount of server
memory to the minimum amount of the available disk space. The minimum amount
of available space is 200 MB, so a server with1024 MB RAM has an optimal boot
partition of 1224 MB (1024 MB + 200 MB = 1224 MB). This size will allow you to
do a core dump to the disk drive if required.
4 GB of available disk space outside the DOS partition

One or more network boards
A bootable CD drive that supports the El Torito specification
A USB, PS/2, or serial mouse
Software and Other Requirements

Depending on the network configuration, you might need one or all of the
following software and information:
Supervisor right at the [Root] of the eDirectoryTM tree

100-004725-001
August 30, 2001
Novell Confidential
Supervisor right to the container where the server will be installed

DOS and CD drivers (required if the computer does not boot from CD)
You can make a bootable floppy diskette using the MKFLOPPY.BAT
program located in the INSTALL directory of the NetWare 6 Operating
System CD.
Client connection utilities (optional, for installing from a network):
Novell ClientTM for DOS and Windows* 3.1x (optional, for installing
from a NetWare server running IPXTM).
IP Server Connection Utility (optional, for installing from a NetWare
server running IP only).
For instructions, see PRODUCTS\SERVERINST\IPCONN.TXT on
the Novell Client CD.
An IP address
For IP addresses and domain names, contact your network
administrator and Internet Service Provider.
Network board and storage device properties, such as the interrupt and
port address (required if not included in NetWare)
For more information, contact your computer hardware manufacturer.
Next, you should prepare the network for the NetWare 6 server. If this server
is not being integrated into an existing network, you can skip to “Preparing the
Computer” on page 33.

100-004725-001
August 30, 2001
Novell Confidential
Preparing the Network

Before you introduce a NetWare 6 server into an existing network, you must
run NetWare Deployment Manager to update the network.
To update the network for NetWare 6, you must do the following:
1 Log in from a Windows 95/98 or Windows NT/2000 workstation to your
existing network as a user with the Supervisor right.
If prompted to log into the network while using NetWare Deployment
Manager, you can enter the server name or click Details and specify the
IP address.
2 Run NetWare Deployment Manager (NWDEPLOY.EXE), located on the
NetWare 6 Operating System CD.
3 Double-click the Network Preparation folder to view the tasks and read
the Overview section to get an understanding of the tasks.
4 Back up any server data and Novell® eDirectory data following the
instructions in the Back Up Data step.

100-004725-001
August 30, 2001
Novell Confidential
5 Run the View and Update eDirectory Version program to update

eDirectory as required.
HINT: If you are prompted to log in again while running NetWare Deployment
Manager, you can enter the IP address of the server by clicking Details.
6 Run the Prepare for eDirectory program to extend the network schema.

100-004725-001
August 30, 2001
Novell Confidential
7 (Conditional) If you are upgrading a cluster of NetWare servers, run the

Prepare a Novell Cluster for Upgrade program.
8 (Conditional) If you are upgrading a NetWare 5 server running NDS® 7
that has NSS volumes, run the Prepare a Server with NDS 7 and NSS
program.
9 Follow the instructions in the Update Certificate Authority (CA) Object
step to create or update a Security container object and a Certificate
Authority (CA) object.
After you have completed the Network Preparation section of NetWare
Deployment Manager, read through the Installation / Upgrade Options section
to help you decide the option that best meets your needs.
After choosing an installation or upgrade option, you should now prepare the
computer to be a NetWare 6 server.

100-004725-001
August 30, 2001
Novell Confidential
Preparing the Computer

To prepare your computer for NetWare 6, do the following:
Install computer and networking hardware
Create and format a DOS partition
Access the installation files
Installing Computer and Networking Hardware

Follow the manufacturer’s instructions to install and connect the network
board and network cabling to your computer. Make sure that all storage
devices are properly attached to storage adapters.
Creating and Formating a DOS Partition

NetWare requires a DOS partition to start the computer and load NetWare. The
DOS partition contains the NetWare startup and server files.
HINT: You should increase the size of your DOS partition to accommodate your
specific configuration requirements. See “System Requirements” on page 27.
To create and format a DOS partition, complete the following steps.

1 Back up any desired data to another computer or offline storage media.
2 Insert the NetWare 6 Operating System CD and boot the computer.
3 Complete one of the following:
If the computer boots from the CD, follow the on-screen prompts to
create and format a partition. Skip to “Selecting the Language and
Accepting the License Agreement” on page 36.
If you will be installing from files located on another server, continue
with the following steps.
If the computer does not boot from the CD, continue with the
following steps.
4 Boot your computer with DOS 3.3 or later.
You can make a bootable floppy diskette using the MKFLOPPY.BAT
program located in the INSTALL directory of the NetWare 6 Operating
System CD. You can boot from the NetWare 6 License/Cryptography

100-004725-001
August 30, 2001
Novell Confidential
diskette. DOS 7 and all required DOS utilities are included on the diskette
and on the CD.
5 If the computer already has an operating system installed, such as
Windows or NetWare, you should completely remove the partitions and
the operating system.
Use FDISK to remove partitions.
6 Use FDISK to create an active DOS partition by entering FDISK.
Create a primary DOS partition and make it the active partition. See
“System Requirements” on page 23 for minimum requirements.
The computer will restart.
7 Format and transfer DOS system files to the partition by changing to drive
A: and entering FORMAT C: /S.
Your computer should now have an active DOS partition that meets or exceeds
the minimum requirements. Continue the installation by accessing the
installation files.
Accessing the Installation Files

NetWare 6 can be installed from the server’s local CD drive or from
installation files located on the network. To access the NetWare 6 installation
files, complete the following steps.
1 Install the DOS CD driver for your CD drive onto the DOS partition.
DOS CD drivers are provided by the CD drive manufacturer.
Make sure that the logical filename of your CD drive (specified in the
CONFIG.SYS and AUTOEXEC.BAT files) is not CDROM or CDINST.
2 Make sure that the CONFIG.SYS file contains the FILES=50 and
BUFFERS=30 commands.
3 (Conditional) If you are installing from files located on a network, install
the Novell Client for DOS and Windows 3.1x or IP Server Connection
Utility software located on the Novell Client CD.
After accessing the files for the installation program, you can begin the
installation.

100-004725-001
August 30, 2001
Novell Confidential
Installing the Software

To begin the installation, complete the following steps.
1 Insert the NetWare 6 Operating System CD, or log in to the network to
access the installation files on the network.
2 At the CD drive or network drive prompt, enter INSTALL.
Navigating in the Character-Based Screens

The initial screens of the installation program display in text-based mode.
Auto-detected and default settings appear on each screen.
You can accept the detected and default settings, or you can modify the
settings to meet the needs of your networking environment.
HINT: To continue the installation with the standard settings, use the arrow keys
to select Continue in the Options box and then press Enter.
To modify the settings, use the arrow keys to select Modify in the Options box and
then press Enter. Select the field to be modified and press Enter. Select or enter
the appropriate value.
Some screens require additional keystrokes in order to navigate through the

interface. Information about screen navigation appears at the bottom of each
screen.
Selecting the Type of Installation and Regional Settings

To select the type of installation and select regional settings, you must
Select the language and accept the License Agreement
Select the type of installation
Specify server settings
Select the regional settings
Select the mouse and video type

100-004725-001
August 30, 2001
Novell Confidential
Selecting the Language and Accepting the License Agreement

The installation program is available in several languages. You can install
other language options, such as the language for the operating system or for
users, later during the installation program.
Accepting each License Agreement means that you have read and you accept
terms and conditions contained in the License Agreement. Press F10 to accept.
Selecting the Type of Installation
Express Installation or Custom Installation
Express Installation
The Express Installation automatically detects drivers and installs the

NetWare server with default settings and default software programs.The
settings include the following
4 GB volume SYS: (Any remaining disk space will be left as free space.)
LAN and disk drivers: Auto-discovered and loaded
Default products installed
Country Code: 1
Codepage: 437
Video mode: VGA Plug N Play
Keyboard: United States
Mouse: Auto-discovered and loaded
Custom Installation
The Custom Installation allows you to choose specific configuration options

for your networking environment.

100-004725-001
August 30, 2001
Novell Confidential
New Server, Upgrade or Pre-Migration Server
You can install NetWare on a new computer or you can upgrade an existing
computer running NetWare 4 or NetWare 5.
New Server—Installs a new server. Creates a new NetWare partition but

does not delete system partitions or other partitions such as DOS, UNIX*,
or Windows.
If you select Express Installation, you can skip to “Naming the Server” on
page 46.
Upgrade—If you are upgrading an existing server from a previous
version of NetWare, select Upgrade. Upgrading retains all your server
data such as files, directory structures, partitions, and volumes.
If you select Upgrade, you will skip entire sections of this chapter,
depending on the configuration of the server.
Pre-Migration—A Pre-Migration server is used to migrate data from one
server to another using the NetWare Migration Wizard. For more
information, see the NetWare Migration Wizard 6 Administration Guide.
To select the type of installation, in the Options box, select Modify and press
Enter. Select the installation type and then return to the Options box to
continue.

100-004725-001
August 30, 2001
Novell Confidential
Specifying Server Settings

You can change the following default server settings for your networking
environment.
Server ID Number—A unique server identification number (up to eight
hexadecimal digits) identifies the server on the network. The server ID
number functions like an internal IPX number. Although a server ID
number is created automatically, you might need to enter a specific server
ID number if you are installing in either of the following conditions:
Filtered environment—Routers between network segments can be
configured to forward data only from specific computer addresses.
Data being sent from other computer addresses is not forwarded to
other segments.
NOTE: If you are accessing the installation files from a server on a different
network segment, you might not be able to reconnect to the server to
complete the installation unless you specify an unfiltered server ID number.
Numbering scheme—Some network administrators set up a

predetermined numbering scheme to identify servers in particular
locations or organizations. For example, all servers in building A
might begin with 0101, and all servers in building B might begin with
0102.
If you choose to install IP and not IPX, the SERVERID reference is not
used and is removed from the AUTOEXEC.NCF file. You can add IPX
after the server installation by adding the SERVERID
8_digit_number command after the SERVERNAME command in the
AUTOEXEC.NCF file.
Load Server at Reboot—Select No if you do not want the
AUTOEXEC.BAT and CONFIG.SYS files to contain the commands to
automatically load the server operating system when the computer
reboots. If you select Yes (default), the old AUTOEXEC.BAT and
CONFIG.SYS files are renamed and saved with a .00x extension.
Server SET Parameters—You might need to modify the SET
parameters for some device drivers, such as for network boards and
storage devices, in order to complete installation. SET parameters are
saved to the STARTUP.NCF file.
Startup Directory—The directory on the DOS partition that contains the
files to launch the NetWare server. (This field will display only during an
upgrade.)

100-004725-001
August 30, 2001
Novell Confidential
Selecting the Regional Settings
Choose the country, code page, and keyboard mapping for your language and
computer.
Selecting the Mouse and Video Type

100-004725-001
August 30, 2001
Novell Confidential
Mouse Type—Choose a mouse type, if available on the computer. The

installation program supports USB, PS/2 and serial mouse types, but a
mouse is not required.
Video Type—The NetWare installation program is optimized to display
with video display hardware that is VESA 2 compliant.
NOTE: The video type is not auto-detected by the installation program. You must
select the settings for the computer.
Selecting a Platform Support Module and Storage

Adapter
To select a platform support module and storage adapter, you must
Select a platform support module (if required)
Select a PCI Hot Plug module (if required)
Select and configure a storage adapter
To add a driver, in the Options box select Modify. Select the driver field and
press Enter. Press Insert to select from a list of drivers provided with NetWare.
Press Insert again to install a driver from diskette.

100-004725-001
August 30, 2001
Novell Confidential
To delete a driver, in the Options box select Modify. Select the driver field and
press Enter. Select the driver to delete and press Delete.
To modify a driver, in the Options box select Modify. Select the driver field
and press Enter. Select the driver to modify and press Enter. Select the
property to modify.
Selecting a Platform Support Module (If Required)

A platform support module (PSM) provides increased performance for
multiprocessor computers and some specific hardware configurations. If a
PSM driver is required, it will be auto-detected. If the installation program
does not detect a PSM driver, your computer does not need one.
NOTE: If a PSM driver is detected on a computer without multiple processors, you
can allow the driver to load without adversely affecting performance.
Selecting a PCI Hot Plug Module (If Required)

Computers that support PCI Hot Plug technology allow storage adapters and
network boards to be inserted and removed while the computer is on. If the
installation program does not detect a PCI Hot Plug support module, your
computer probably does not support the PCI Hot Plug technology.
Selecting a Storage Adapter

A storage adapter provides a link between the computer and one or more
storage devices. The storage adapter requires a software driver called a host
adapter module (HAM) in order to communicate with the computer (host).
Storage devices require a separate driver called a custom device module
(CDM).
NOTE: .DSK drivers are no longer supported. Instead, NetWare uses the
enhanced capability of NetWare Peripheral ArchitectureTM (NWPA). NWPA
requires a HAM and a CDM.
Because a single adapter can control more than one type of storage device,
your computer might require only a single HAM, even though it can have
more than one type of storage device—and therefore multiple CDMs.
The installation program auto-detects many types of storage adapters, such as
IDE and SCSI adapters. If your storage adapter is not detected, select the
appropriate driver from the list of available drivers provided with NetWare or
add a new driver from a diskette. HAMs can be obtained from the storage
adapter manufacturer.

100-004725-001
August 30, 2001
Novell Confidential
Editing the Properties of the Storage Adapter (If Required)
The storage adapter must be installed and configured correctly. Properties

such as interrupt, port value, and slot must not conflict with any other device
in the computer. If you need specific storage adapter properties, contact the
storage adapter manufacturer.
Selecting a Storage Device and a Network Board

To select a storage device and network board, you must
Select and configure the storage device
Select and configure the network board
Load a NetWare Loadable Module program (if required)
To add a driver, in the Options box select Modify. Select the driver field and
press Enter. Press Insert to select from a list of drivers provided with NetWare.
Press Insert again to install a driver from diskette.
To delete a driver, in the Options box select Modify. Select the driver field and
press Enter. Select the driver to delete and press Delete.
To modify a driver, in the Options box select Modify. Select the driver field
and press Enter. Select the driver to modify and press Enter. Select the
property to modify.

100-004725-001
August 30, 2001
Novell Confidential
Selecting a Storage Device

Storage devices such as hard disks, CD drives, and tape devices require a
software driver to communicate with the storage adapter. The software driver
for the storage device is called a custom device module (CDM). Each type of
storage device requires a CDM.
The installation program auto-detects many types of storage devices, such as
IDE drives, SCSI drives, CD drives, and tape drives. If your storage device is
not detected, select the appropriate driver from the list of available drivers
provided with NetWare 6 or add a new driver from a diskette. CDMs can be
obtained from the storage device manufacturer.
Selecting a Network Board

Network boards, such as the Novell NE3200TM board, require a software
driver in order to communicate with the network. The software driver for a
network board is called a LAN driver.
The installation program auto-detects many types of network boards. If your
network board is not detected, select the driver for the network board from the
list provided with NetWare 6 or add a new driver from a diskette. You can
obtain LAN drivers from the network board manufacturer.
Editing the Properties of the Network Board (If Required)
The network board must be installed and configured correctly. Properties such
as interrupt, port value, and slot must not conflict with any other device in the
computer. If you need specific network board properties, contact the network
board manufacturer.
Loading a NetWare Loadable Module (If Required)

Some server and network configurations require you to load a NetWare
Loadable Module (NLM) program before completing the server installation.
For example, you can load ROUTE.NLM for installing in a token ring
environment.

100-004725-001
August 30, 2001
Novell Confidential
Creating a NetWare Partition and Volume SYS:

Partitions correspond with operating systems, such as NetWare, DOS, or
UNIX. Partitions divide a large storage region into smaller, more manageable
sections. A single storage device can contain up to four partitions.
You can divide NetWare partitions into smaller sections called volumes. Each
NetWare partition can contain up to eight volumes.
To create a NetWare partition and volume SYS:, you must
Remove an existing volume SYS: (conditional)
Create a NetWare partition
Create volume SYS:
Set the size of the NetWare partition and volume SYS: (if required)
Modify the properties of volume SYS: (if required)
Removing an Existing Volume SYS: (Conditional)

If the computer already has a volume SYS: from a previous installation, the
volume and all its data will be deleted.
IMPORTANT: To retain the data on volume SYS:, you should exit and restart the
installation program and select Upgrade from the Type of Installation screen.

100-004725-001
August 30, 2001
Novell Confidential
When removing volume SYS: during a new server installation, you must
choose one of the following options:
Replace Volume SYS: and its NetWare Partition—This removes the
existing volume SYS: as well as the entire NetWare partition containing
volume SYS:. Any volume that is part of the NetWare partition that
contains volume SYS: is also removed—even if the volume spans to
other NetWare partitions.
Remove All NetWare Volumes and NetWare/NSS Partitions—This
removes all NetWare volumes and all NetWare/NSS partitions.
Remove All but Shared Volumes and Partitions—This option is
available only if shared storage has been detected on the server.
Any option will remove only NetWare partitions. Other types of partitions,
such as DOS, UNIX, and system/utility partitions will not be removed.
Creating Volume SYS:

During the initial stages of installation, the installation program guides you
through the steps to create a single NetWare partition containing volume
SYS:. It is created as a Novell Storage Services (NSS) volume, which has
many advantages over a traditional volume.
The NetWare 6 operating system requires a volume SYS: that meets the
requirements specified in “System Requirements” on page 27.

100-004725-001
August 30, 2001
Novell Confidential
Volume SYS: Size—The size that you specify for the NetWare partition will
be used for the size of volume SYS:.
To modify the volume SYS: size, in the Options box select Modify. Select the
appropriate storage device. Select the NetWare Partition Size field and press
Enter. Backspace over the current size. Type the new size and press Enter. The
size of volume SYS: will change accordingly. Press F10 to save the settings
and continue.
If you plan to have additional volumes on the server, remember to reduce the
size of the NetWare partition and volume SYS: so that the appropriate amount
of disk space is available for other volumes.
Additional volumes can be created later during the installation program or
after completing the installation using ConsoleOneTM.
HINT: Although an NSS volume SYS: is recommended for most server
installations, you can create a traditional volume SYS: by pressing F5.
Summary
NetWare system files will now be copied to volume SYS:.
If you are installing from the network, you will be prompted to reconnect to
the network. To continue the installation, enter the password for the user that
originally logged in.
The NetWare installation program will continue in graphical display mode.
Naming the Server

The NetWare server name must be unique from all other servers on the
eDirectory tree. The name can be between 2 and 47 alphanumeric characters
and can contain underscores (_) and hyphens (-), but no spaces. The first
character cannot be a period (.).
IMPORTANT: The server name must be different from the name that you plan to
use for the eDirectory tree.

100-004725-001
August 30, 2001
Novell Confidential
Although a mouse is recommended, you can use the keyboard commands in

Table 1 to navigate through the installation program. Use the arrow keys on
the numeric keypad for cursor movements.
HINT: NumLock (number lock) must be on in order for cursor movements to be
enabled on the keypad.
Table 1 Graphical Mode Keyboard Actions
Keystroke Action
Tab Move to next element
Shift+Tab Move to previous element
Enter Select
Ctrl+Tab Move to next text area
Up-arrow (keypad 8) Move cursor up
Down-arrow (keypad 2) Move cursor down
Right-arrow (keypad 6) Move cursor right
Left-arrow (keypad 4) Move cursor left

100-004725-001
August 30, 2001
Novell Confidential
Keystroke Action
Hold Shift while pressing Accelerate cursor movement

keypad
Keypad 5 Select or click an object
Keypad 0 Lock a selected object (for dragging)
Keypad . (period) Unlock a selected object (to drop)
Keypad + (plus) Double-click an object
Alt+F7 Move to next window
Alt+F8 Move to previous window
Enabling Cryptography
Some technologies require the use of cryptography. To enable cryptography,
you must provide a cryptographic file (.NFK) which is located on the NetWare
6 License/Cryptography diskette.
To enable cryptography, insert the NetWare 6 License/Cryptography diskette,

browse to the License directory, and select the .NFK file.

100-004725-001
August 30, 2001
Novell Confidential
Installing the NetWare Server File System

The server should now have a NetWare partition and one volume named SYS:.
If you have space available for creating additional partitions and volumes, you
can create them now.
NOTE: If you have allocated all available space to volume SYS:, you will not be
prompted for NetWare server file system information. You can skip to “Installing
Networking Protocols” on page 53.
When installing the NetWare file system, you can

Create additional volumes
Modify volumes
Delete volumes
Understanding Volumes
Volumes allow you to subdivide your partitions into more manageable
sections. Additional volumes can be created from any available free space on
a storage device. Volume names can be between 2 and 15 characters. Valid
characters include A through Z, 0 through 9, and characters _ ! - @ # $ % & (
). The volume name cannot begin with an underscore (_) or have two or more
consecutive underscores.
You can create two types of volumes—Novell Storage Services (NSS)
volumes or traditional volumes.
NSS volume—NSS is advanced file system technology that enhances the
management of large files, large volumes, namespaces, and storage
devices. The time required to mount large volumes is significantly
reduced with NSS.
Traditional NetWare volume—Although not recommended,
Traditional NetWare volumes might be required to use data migration,
File Transfer Protocol (FTP), VREPAIR, Network File System (NFS), or
file name locks.

100-004725-001
August 30, 2001
Novell Confidential
Creating Volumes
Volumes are created from free space. A large disk can be divided into several
volumes during installation. Conversely, a volume can be distributed over
multiple disks.
WARNING: Creating a volume that spans two or more storage devices is not
recommended. If a volume spans disk devices and one of the devices fails, all data
on the entire volume could be lost.

100-004725-001
August 30, 2001
Novell Confidential
To create a volume, select Free Space and click Create. Type the name of the
volume and click OK.
To allocate only a portion of the selected free space to the volume, type the
amount of space to use and click Apply to Volume.
Modifying Volumes
The size of any existing volume can be increased but not decreased. To
decrease the size of an existing volume, the volume must be deleted and re-
created.
To add to the size of a volume, select an additional free space, type the amount
of space to use, and click Apply to Volume.
Deleting Volumes
You can delete any volume you have created except volume SYS:. When a
volume is deleted, all data on the volume is lost.
Mounting Volumes
In order for volumes to be accessed by NetWare, they must be mounted.
Volumes can be mounted immediately or at the end of installation.

100-004725-001
August 30, 2001
Novell Confidential
Mount Volumes Now—You should mount volumes now if you plan to

install additional products and services, such as documentation, on
volumes other than volume SYS:. You should also mount volumes that
you might be moving forward from a previous NetWare server so they can
be updated.
Mount Volumes after Installation Completes—If you are installing
products and services on volume SYS: only, you can wait to mount
volumes after the installation program completes.
Upgrading a NetWare Server with NSS Volumes
If you are upgrading a NetWare server with NSS volumes, the NSS volumes
will not appear or mount until they are updated. Updating NSS volumes is
done after finishing the server upgrade by following the instructions in
“Updating NSS Volumes” on page 84.

100-004725-001
August 30, 2001
Novell Confidential
Installing Networking Protocols

NetWare 6 can process IP (Internet Protocol) network packets and traditional
IPX (Internetwork Packet ExchangeTM) packets. Both protocols can be
assigned to a single network board, which allows the server to communicate
using IP and IPX.
To install IP, click a network board and then check the IP check box. Enter the
required IP information. To install IPX, click a network board and then check
the IPX check box.
If you choose to install IP and not IPX, the SERVERID reference is not used
and is removed from the AUTOEXEC.NCF file. You can add IPX after the
server installation by adding the SERVERID 8_digit_number command
after the SERVERNAME command in the AUTOEXEC.NCF file.

100-004725-001
August 30, 2001
Novell Confidential
About Internet Protocol (IP)

Internet protocol (IP) lets your network share data with other IP networks,
including the Internet. Using IP requires a unique IP address, a subnet, and a
router or gateway address.
IP Address—Identifies each device on the network. The address consists
of 32 bits, which are represented as decimal values separated by periods,
such as 123.45.67.89.
If your server will connect to the Internet, you must obtain a unique IP
address. For information on receiving an IP address, contact your Internet
service provider (ISP).
Subnet Mask—Lets you break up your network into smaller networks.
Your network might have too many nodes or might be too geographically
dispersed to manage as a single network.
Dividing your network into smaller networks allows the network routers
to filter and reduce the network activity seen by any of the nodes.
However, dividing your network and using several network addresses
might not be appropriate on a large network that needs to appear to
network administrators as a single network.
Router (Gateway)—The address of the router that connects two different
environments, such as a LAN and the Internet.
You can enter a specific router (gateway) address or you can rely on the
network to automatically find the nearest router. If you specify the
address, remember that the router must exist on your network segment.
Installing IP will automatically bind to the Ethernet_II frame type.
When IP is selected, passive support for IPX is also provided. If an IPX
request arrives at the server, NetWare will process the IPX request. This
passive support for IPX is called Compatibility Mode and is automatically
enabled to provide service for applications that require IPX.
HINT: You can disable Compatibility Mode by removing the LOAD SCMD command
from the server’s AUTOEXEC.NCF file. When IPX Compatibility Mode is disabled,
the server will process only IP packets. Applications that require IPX will not
function properly.

100-004725-001
August 30, 2001
Novell Confidential
About IPX
Novell’s traditional protocol, Internetwork Packet Exchange (IPX), lets you
continue using IPX-based applications. If IPX, but not IP, is installed on your
server, it will actively process IPX packets and ignore packets using other
protocols, such as IP.
During the installation program, existing IPX frame types will be detected.
The installation program will detect one of the following conditions.
A single IPX frame type—If a single frame type is detected, it will be
installed.
Multiple IPX frame types—If detected, you will be prompted to choose
the frame types that you want to install.
No IPX frame types—If no frame types are detected, Ethernet_802.2
will be installed by default.
Using Both IP and IPX

If you have network clients or applications that require IPX and IP, you can
install both protocols. Both protocols can be bound to a single network board.
When selected, both IP and IPX protocols are actively supported. The server
will process IP requests using IP, and it will broadcast and reply to IPX
requests using IPX.
Setting Up Domain Name Service

The IP protocol identifies computers and systems by their assigned IP
addresses, such as 123.45.56.89. Domain Name Service (DNS) allows a
specific server on the network to maintain a list of simple, readable names that
match IP addresses. Applications (or protocols) that require IP addresses
rather than names can use a DNS server to translate from one form to another.

100-004725-001
August 30, 2001
Novell Confidential
HINT: If this server will not be available to the Internet, you can skip this screen
and ignore any associated error messages.
If you want this server to be available to the Internet, you must enter the
following:
Host Computer—The simple, readable name on the DNS server that
matches this NetWare server’s name (or the name that you have bound to
the network board).
HINT: Set up the host computer name on the DNS server to use the NetWare
server name.
Domain Name—The hierarchical name that represents the organization

of your network, such as acme.com.
Domain Name Server—The IP address of the DNS server that maintains
the list containing this NetWare server’s simple, readable name and IP
address. For more information, contact your network administrator or
Internet service provider.

100-004725-001
August 30, 2001
Novell Confidential
Configuring a NetWare Server as a DNS Server (Optional)

In addition to standard services, a NetWare server can be configured to
provide DNS services. The DNS Server setup is done after completing the
NetWare server installation.
Setting the Server Time Zone

The server time and time zone are important in order to synchronize network
events. Advanced time synchronization settings are available during the
Customize section of the installation.
Setting Up Novell eDirectory

Novell eDirectory provides global access to all networking resources.
eDirectory allows users with the proper access rights to log in to the network
and view and access network resources.
Network resources such as servers and printers are presented hierarchically in
an eDirectory tree. Users log in to the eDirectory tree with a single login name
and password instead of logging in to specific servers.

100-004725-001
August 30, 2001
Novell Confidential
Choosing the Type of eDirectory Installation

To set up eDirectory, you must choose one of the following options:
Install the server into an existing eDirectory tree
Create a new eDirectory tree
Before completing this task, you should understand the concepts relating to
eDirectory trees, containers, and context.
Tree Name—The top level of the available network resources and must
be unique from other eDirectory tree names on the network.
Containers—Much like subdirectories, containers contain network
objects. The server can be installed into two types of container objects:
Organization (O) and Organizational Unit (OU).
Context—The context, much like DOS directory paths, denotes the full
path of a network object in the eDirectory tree. For example, a NetWare
server might be installed into an Organizational Unit (OU) named Sales
under the Organization (O) named Acme. The context would be denoted
as OU=Sales.O=Acme or Sales.Acme.

100-004725-001
August 30, 2001
Novell Confidential
Install the Server into an Existing eDirectory Tree

Installing your server into an existing eDirectory tree incorporates the server
into your network.
The server can be installed in any Organization (O) or Organizational Unit
(OU) container in the eDirectory tree where you have the Supervisor right.
You can create containers during the installation program. You will be
required to log in and provide the context, username, and password for the
user with the Supervisor right to the container.
IMPORTANT: If this is the first NetWare 6 server to be installed into an existing
eDirectory tree, you should have already completed the Network Preparation
section of the NetWare Deployment Manager utility.
NetWare Deployment Manager (NWDEPLOY.EXE) is located on the NetWare 6

Operating System CD and is run from a Windows workstation.
If you have updated the eDirectory tree on all servers but have not yet prepared the
network for NDS 8, you will be prompted to modify the schema. When prompted,
you must provide the administrator name and password for the entire eDirectory
tree.
Creating a New eDirectory Tree

Create a new tree if you are creating a new network or if this server requires a
separate eDirectory tree. The resources available on the new tree will only be
available to users logged in to the new tree.

100-004725-001
August 30, 2001
Novell Confidential
Each eDirectory tree must have a name unique from other eDirectory trees on
the network. You will also be prompted to create a user (default name Admin)
with the Supervisor right, identify an eDirectory context, and assign a
password.
Summary
Now that you have created a new eDirectory tree or installed the server into
an existing eDirectory tree, the NetWare Server object and Volume objects
will be installed in the container you specified.

100-004725-001
August 30, 2001
Novell Confidential
If you have created a new eDirectory tree, a user (default name Admin) with
Supervisor rights to the eDirectory tree will be created in the same eDirectory
container as the NetWare Server object.
IMPORTANT: Record the administrator password and other relevant information
before proceeding.
Licensing the NetWare Server

NetWare 6 must have a valid license in order to function as a server. You can
install the license from the NetWare 6 License/Cryptography diskette or
browse to a directory that contains NetWare 6 licenses.
If you already installed a license at the beginning of the installation, you can
choose to use that license, or install a different one.
Install without Licenses—Although the server can be installed without a
license, the unlicensed server will allow only two user connections. After
installation, you can use the iManage utility to install additional licenses.

100-004725-001
August 30, 2001
Novell Confidential
If prompted, select where in the tree you want to install the license.
Install Networking Products

After completing the NetWare server portion of the installation, you can select
other networking products to install. Other networking products provide
enhanced functionality, such as network management and Internet access, to
NetWare 6.
NOTE: Some products can be installed only by using NetWare Deployment
Manager after the server installation is complete.

100-004725-001
August 30, 2001
Novell Confidential
Although you can choose which products to install, installing the products that
are already selected by default will ensure that you receive the features
recommended for NetWare.
For more information on NetWare products, see Chapter 1, “Welcome to
NetWare 6,” on page 11.
Depending on the products selected to be installed, you may need to complete
the steps in the following sections. Although the products are installed, many
require additional configuration after completing the server installation.
For more information on configuration requirements for specific products,
refer to each product documentation as part of the NetWare 6 documentation
at the NetWare 6 Documentation site (http://www.novell.com/documentation/
lg/nw6p/index.html).

100-004725-001
August 30, 2001
Novell Confidential
Configuring IP-Based Services (Conditional)

Make sure that port assignments and addresses do not conflict. Some port
number assignments in NetWare 6 can be reassigned from one service to
another. Other port numbers cannot be reassigned.
For information on default port assignments, which ports can be reassigned,

and which ports cannot be reassigned, see "Port Number Assignments" in
Getting Results with Novell Web Services.
Installing Novell Certificate Server

Novell Certificate Server enables secure data transmissions and is required for
Web-related products such as NetWare Web Manager and NetWare Enterprise
Web Server. It also allows you to mint, issue, and manage digital certificates
by creating a Security container object and an Organizational Certificate
If the network does not already have an Organizational CA object, the first
NetWare 6 server will automatically create and physically store the Security
container object and Organizational CA object for the entire eDirectory tree.
Both objects are created at, and must remain at the [Root] of, the eDirectory
tree.

100-004725-001
August 30, 2001
Novell Confidential
Only one Organizational CA object can exist in an eDirectory tree. Once the
Organizational CA object is created on a server, it cannot be moved to another
server. Deleting and re-creating an Organizational CA object will invalidate
any certificates associated with the Organizational CA.
Make sure that the server that you intend to permanently host the
Organizational CA object and will be a reliable, accessible, and continuing
part of your network.
To create the Security container object and the Organizational CA object, you
must be logged in as a user with rights at [Root] of the eDirectory tree.
If the Organizational CA object already exists on the network, the installation
program will find and reference the server that it. The installation program
will access the Security container and create a Server Certificate object.
To access the Security container and create a Server Certificate object, you
must be logged in as a user with the Read right to the existing Security
container object.
If an Organizational CA object is not available on the network, Web-related

products such as NetWare Web Manager and NetWare Enterprise Web Server
will not function.

100-004725-001
August 30, 2001
Novell Confidential
Configuring LDAP
TCP and SSL port numbers can be configured for LDAP services. You can
also configure ports after the server installation using ConsoleOne.
The default setting for the Allow Cleartext Passwords option (unchecked)
disallows cleartext passwords, effectively disabling eDirectory user binds on
non-SSL connections. Any sent password, however, is received by the server
before the bind fails. Therefore, it is possible for an eDirectory username and
password to be captured during a failed bind attempt.
By default, only passwords exchanged over SSL connections are encrypted.
Checking Allow Cleartext Passwords lets requests that include passwords be
transmitted over nonencrypted connections. Nonencrypted passwords can be
captured by network monitoring equipment; therefore, depending on the
environment, clear text passwords can pose a security risk.

100-004725-001
August 30, 2001
Novell Confidential
Installing Novell Native File Access Protocols

Novell Native File Access Pack lets Macintosh, Windows, and UNIX
workstations access and store files on NetWare servers without having to
install any additional software—such as Novell Client software. The software
is installed only on the NetWare server and provides "out of the box" network
access. Just plug in the network cable, start the computer, and you have access
to servers on your network. No client configuration, no client software, no
problem.
About Native Protocols
Novell Native File Access Pack software enables the NetWare server to use
the same protocol (referred to as "native") as the client workstation to copy,
delete, move, save, and open files. Windows workstations perform these tasks
using the native Common Internet File System (CIFS) protocol, and
Macintosh workstations use the native Apple* Filing Protocol (AFP). UNIX
computers use the NFS protocol.

100-004725-001
August 30, 2001
Novell Confidential
User Benefits of Novell Native File Access Protocols
Enabling native protocols on NetWare means that users can access files, map
network drives, and create shortcuts to NetWare servers using the native
methods available in their specific operating system. Windows users can use
their familiar Network Neighborhood. Macintosh users can use Chooser or the
Go menu to access network files and even create aliases. Because the NetWare
server is running native protocols, users can copy, delete, move, save, and
open network files—just like they would if they were working locally.
Setting Server Properties for Windows Workstations
You can decide how the NetWare server appears to Windows workstations by
configuring the NNFAP Server Name, NNFAP Server Comment, and
Unicode settings.
NNFAP Server Name
The name specified in the NNFAP Server Name field displays as the server
name when Windows workstations without Novell Client software browse the
network You can change the name but it must be different than the NetWare
Server name and no longer than 15 characters. The default NNFAP Server

100-004725-001
August 30, 2001
Novell Confidential
Name is the NetWare server name with an added underscore (_) and a W. For
example, a NetWare server named SERVER1 defaults to a NNFAP server
name of SERVER1_W.
NNFAP Server Comment
The text in the NNFAP Server Comment field displays when viewing details
of the NNFAP server from a Windows workstation.
Enabling Unicode
When enabled, this command enables Unicode characters (used in double-

byte languages). To support Unicode, an additional file named
UNINOMAP.TXT must be created and saved in the SYS:\ETC directory.
When UNICODE is enabled, the UNINOMAP.TXT file is used to resolve
Unicode-to-ASCII "no-map" problems. To specify "no-map" cases in the
UNINOMAP.TXT file, enter the first Unicode value to watch for and then the
second value representing the ASCII replacement code. For example:
0178 98
20AC CC
Save the values in the UNINOMAP.TXT file. If an unmappable character is

encountered, the system uses the ASCII substitution character specified in the
file.
Selecting an Authentication Method for Windows Workstations
Select one of the following:

If users will authenticate using NDS, select Local.
If users will authenticate using a Domain, select Domain.
For Windows users, there are two types of authentication methods available
with Novell Native File Access: Local and Domain. Local authentication
requires a simple password to log in to a NetWare server, but a simple
password is not required for Domain authentication.
Local Authentication
The server running Novell Native File Access Protocol software performs the
user authentication when clients are a member of a workgroup. With local
authentication, the username and password on NetWare must match the
username and password used to log in to the Windows workstation.

100-004725-001
August 30, 2001
Novell Confidential
Workgroup Name: The domain or workgroup that the server will belong to. In
this case, Workgroup and Domain are interchangeable.
WINS Address: Address of WINS server to be used to locate the primary
domain controller (PDC), if the PDC and server running Novell Native File
Access Protocols software are on different subnets.
Windows Internet Naming Service (WINS), part of the Microsoft Windows
NT and 2000 Servers, manages the association of workstation names and
locations with Internet Protocol (IP) addresses. WINS automatically creates
and maintains a computer name and corresponding IP address mapping entry
in a table. When a computer is moved to another geographic location, the
subnet part of the IP address is likely to change. Using WINS, the new subnet
information will be updated automatically in the WINS table.
Domain Authentication
A simple password is not required for domain authentication. Since the

password is kept on the Windows domain controller, it is not possible to use
Windows’ native Change Password feature to change the password. Instead,
you must use Windows’ domain management utilities. To work properly, the
username and password on the domain controller must match the username
and password used to log in to the Windows workstation.

100-004725-001
August 30, 2001
Novell Confidential
PDC Is On Same Subnet
Indicates that the PDC is on the same subnet.
Specify PDC Using DNS or WINS
Select this option to use DNS or WINS to specify the primary domain
controller.
PDC Name
A PDC server name and static IP address are needed if the PDC is on a
different subnet. This option should be used only when there is a valid reason
for overriding WINS or DNS.
PDC Address
The address of the PDC must be static; otherwise, if the PDC reboots and the
address changes, the server running Novell Native File Access Protocols
software will not be able to contact the PDC.

100-004725-001
August 30, 2001
Novell Confidential
Selecting IP Addresses to Service Windows Workstations
Although we recommend that you enable the CIFS protocol on all IP

addresses, you can specify which IP addresses will respond to CIFS protocol
requests.
Specifying Share Points for Windows Workstations
Any volume or directory on the server can be specified as a shared point and
made accessible via the Network Neighborhood or My Network Places. If no
share points are specified, then all mounted volumes are displayed.

100-004725-001
August 30, 2001
Novell Confidential
Directory
The path to the server volume or directory which becomes the root of the
sharepoint. Beginning at the volume name, the full path must be specified and
it must end with a backslash (\). For example:
VOL1:GRAPHICS\
Share Name
The name by which the sharepoint is displayed to Windows computers. For

example, if you enter Lots of Pics as the sharename associated with
VOL1\GRAPHICS, then Windows workstations browsing the network see
"Lots of Pics" instead of "VOL1\GRAPHICS."
Connections
The number of connections allowed to access the sharepoint.
Comment
A description for the sharepoint that appears in Network Neighborhood or My

Network Places.

100-004725-001
August 30, 2001
Novell Confidential
Set up Contexts for Windows Workstations
You must specify the NDS contexts of Windows users that require access to
the network. These contexts are saved in the context search file. When the
Windows user enters a username, the Novell Native File Access Protocol
software searches through each context in the list until it finds the correct User
object. For example if you had users with full NDS distinguished names such
as Bob.sales.acme, Sue.graphics.marketing.acme, Pat.graphics.marketing,
and Jo.marketing.acme, then you would enter the following contexts:
sales.acme
graphics.marketing.acme
marketing.acme
If User objects with the same name exist in different contexts, each user object
attempts authentication in order until one succeeds with the corresponding
password.
After server installation, you can add or remove contexts by editing the
context search file (CIFSCTXS.CFG) in the SYS:\ETC directory of the server
running Novell Native File Access Protocols.

100-004725-001
August 30, 2001
Novell Confidential
Next Steps for Novell Native File Access Protocols
After completing the installation of the Novell Native File Access Protocols,
you must create passwords for users before they can access the files on the
server. For more information, see the Novell Native File Access Protocols
Installation and Administration Guide.
Setting up NetWare WebAccess

NetWare WebAccess lets administrators set up a Web page that allows users
access to multiple network resources from their Web browser. Users do not
need a Novell Client or VPN client to access to their resources. They can
access these resources on the Web from any computer with a compliant
browser.
Customized content is provided through gadgets which provide access to

specific content on the network. Gadgets communicate with the appropriate
back-end system to gather the necessary data for a particular user—and users
can access it all with a single password. For more information, see NetWare
WebAccess Overview and Installation.

100-004725-001
August 30, 2001
Novell Confidential
Choose which gadgets you want to enable and configure now and which
gadgets you want to enable and configure later by checking or unchecking the
check boxes next to each gadget type. All gadgets are installed automatically
when you install NetWare WebAccess. This screen lets you choose whether to
enable and configure those gadgets now or later.
The default is to enable and configure gadgets later, because during a new
server installation, the applications accessed by the gadgets might not have
been installed yet. If you choose to enable and configure gadgets now, you
must specify the location (URL) that you want the gadgets to link to for each
application.
Mail Gadget
Type
If you choose to enable and configure the Mail gadget now, you will need to
specify your e-mail type. You can choose between GroupWise, Web-based E-
mail, Exchange, Notes, or NIMS.
Location
Specify the URL of the Web server running the service.

100-004725-001
August 30, 2001
Novell Confidential
For GroupWise®, the URL will be similar to http://IP_address or DNS

name/servlet/webacc. Substitute the IP address or DNS name of the Web
server running GroupWise WebAccess.
For Web-based e-mail, provide the URL you assigned either the IMAP or
POP3 server when you set it up.
For Microsoft Exchange, provide the URL for accessing your Exchange
server. The URL might be an IP address like http://192.168.0.1.
For Lotus* Notes*, provide the URL for accessing your Lotus Notes
server. The URL might be something like showcase2.notes.net.
For Novell Internet Messaging Services (NIMS), provide the URL to the
NIMS server. The URL was created when you installed and configured
NIMS, and might be something like https://webmail.myrealbox.com.
Print Gadget
If you choose to install the Print gadget now, you will need to specify the URL
to your iPrint Web page. The URL might be something like http://
myserver.com/iPrint/hongkong.htm.
NetStorage Gadget
If you choose to install the NetStorage gadget now, you will need to specify
the location of your NetStorage server. The URL might be something like
http://myserver.com. The NetStorage gadget requires the NetStorage
component of NetWare 6, so you must choose to install the NetStorage
component during the NetWare 6 installation.
Setting Up Novell iManage

iManage runs in an Internet browser and is used for administering, managing,
and configuring Novell eDirectory objects. iManage gives you the ability to
assign specific tasks or responsibilities to users and to present the user with
only the tools (with the accompanying rights) necessary to performs those sets
of tasks.
In NetWare 6, you can use iManage to administer iPrint, DNS/DHCP, and
Novell Licensing Services.

100-004725-001
August 30, 2001
Novell Confidential
During installation, roles and tasks are installed and associated with the
logged-in user (typically the Admin user) by default. These role and task
objects are stored in a new eDirectory container (rbsCollection). You can
select the location and name of the new container or use the defaults provided.
Location
Enter the path to the eDirectory container that you want to create the
rbsCollection container in, or use the default location.
Name
Enter a name for the rbsCollection or use the default name.

100-004725-001
August 30, 2001
Novell Confidential
Install Novell iFolder

Novell iFolder is a file storage and management solution to the universal
problems associated with storing and retrieving data. With iFolder you have
the latest version of your data when you need it and where you need it from
any computer that you regularly use. And if you are not at a computer that you
regularly use, you can still access and manage your files if you have an
Internet connection and a Java-enabled browser. For more information, see the
Novell iFolder Administration Guide
User Data
Enter the path to the directory where you want the iFolder user data to be
stored on the server.
Admin Names
Enter the names of all the administrators who need rights to modify iFolder
user account information via the Server Management Console. If you are
entering more than one name, separate the usernames with a semicolon (;). For

100-004725-001
August 30, 2001
Novell Confidential
example, if you wanted users JSmith and Admin to have rights to administer
the Server Management Console, you would enter admin;jsmith.
Network Domain
Enter the IP address or the DNS name of your iFolder server.
Install Novell NetStorage

Novell NetStorage provides simple Internet-based access to file storage and
serves as a bridge between a company's protected Novell network and the
Internet. It allows users secure file access from any Internet location, with
nothing to download or install on the user's workstation. Files and folders on
a Novell network can be accessed using either a browser or Microsoft Web
Folders.
DNS Name or IP Address of Primary eDirectory Server and Context
Specify the IP address or DNS name of a server in your eDirectory tree that
has the master replica or a read/write replica of eDirectory. The Primary
eDirectory Server URL is required for NetStorage to function properly. This

100-004725-001
August 30, 2001
Novell Confidential
does not necessarily have to be the IP address or DNS name of the server
where NetStorage is to be installed.
When a user attempts to log in, NetStorage searches the eDirectory database
on the server you specify for the User object. If the User object is found,
NetStorage attempts to authenticate the user to eDirectory.
If you know the eDirectory context for the users that will use NetStorage, you
can add that context to the URL by inserting a colon (:) between the IP address
or DNS name and the eDirectory context. The context is optional. If no
context is specified, NetStorage searches the entire eDirectory tree on the
primary eDirectory server for User objects. For example, if the IP address of
the server is 127.0.0.1 and the eDirectory context for your users is Personnel,
then you would add 127.0.0.1:personnel to the field.
DNS Name or IP Address of Alternate eDirectory Server and Context (Optional)
This optional text box is where you specify alternate IP addresses or DNS
names of other servers in your directory tree that have at least read/write
eDirectory replicas. You can add two alternate eDirectory server URL and
context settings.
These alternate settings can be used in the event that eDirectory authentication
cannot be accomplished using the primary eDirectory server URL and
context. The alternate URL and context settings are optional, but can help
provide users with an additional level of access to NetStorage.
DNS Name or IP Address and Port Number of iFolder Server (Optional)
Specify the IP address or DNS name and the port number that you assigned to
Novell iFolder. The iFolder DNS name or IP address and the port number are
optional but, if specified, will allow NetStorage users to access and
manipulate files and directories on the iFolder server.
HINT: Click Back to view the screen where the IP address and port number
assignments were made.

100-004725-001
August 30, 2001
Novell Confidential
Customizing the Installation

You can customize the installation of many products for your networking
environment.
To customize products and components, at the Summary screen click

Customize to access the Customize screen.

100-004725-001
August 30, 2001
Novell Confidential
Select the product to customize. Click Properties. Modify the product as

required. Click OK to return to the Summary screen.
Completing the Server Installation

The server installation program is now ready to copy files to your computer.
Depending on which products you are installing, you might be prompted for
additional information.
At the Summary screen, click Finish to begin copying the files to the server.
After all files are copied, the server must be rebooted in order for the settings
to take effect.

100-004725-001
August 30, 2001
Novell Confidential
After the files are copied, click Yes to reboot the server. If you chose to load
server on reboot, the NetWare 6 server software will automatically load when
the computer reboots.
If you chose not to load the server on reboot, you can load it manually. To load
the server manually, reboot the computer by clicking Yes. When the computer
reboots, change to the startup directory containing the NetWare server files
(C:\NWSERVER) and enter SERVER.
What’s Next?
Although you have installed or upgraded to NetWare 6, you may need to
configure products to work in the new environment. If you chose not to install
a product during the server installation, you can follow the instructions in
“Installing Additional Products” on page 84 to do it afterwards.
Updating NSS Volumes

If you upgraded from a NetWare 5.1 server with NSS volumes, you must
complete the following procedure to update NSS volumes.
NOTE: For more detailed information, see "Updating NSS Volumes" in the Novell
Storage Services Administration Guide.
1 When prompted at the end of the upgrade, reboot the computer.

2 Make sure that all processes relating to the NetWare 6 upgrade have
completed.
3 At the server console, enter the following command
The NSS volumes can now be mounted on the NetWare 6 server.
Installing Additional Products

You should now install and set up other networking products. For specific
product information, see the product documentation in the NetWare 6 Online
Documentation (http://www.novell.com/documentation/lg/nw6p). For brief
product descriptions, see Chapter 1, “Welcome to NetWare 6,” on page 11.
Although many products can be installed during the basic server installation,
some additional products such as Novell Cluster ServicesTM can be installed
only after completing the server installation. You can install additional

100-004725-001
August 30, 2001
Novell Confidential
products using NetWare Deployment Manager or from the GUI server console
screen.
Install Additional Products Using NetWare Deployment Manager

1 Log in to the network from a Windows workstation running Novell Client
software.
2 Run NWDEPLOY.EXE located at the root of the NetWare 6 Operating
System CD.
3 Click Post Installation Tasks > Install NetWare 6 Products.
4 Follow the on-screen instructions for adding the product.
HINT: Select the PRODUCT.NI file located at the root of the CD.
Install Additional Products Using the GUI Server Console Screen

1 Insert the NetWare 6 Operating System CD into the CD drive of the
server.
2 Go to the GUI server console screen.
Start the GUI server console screen by entering STARTX at the server
console.
3 Click Novell > Install > Add.
4 Specify the root directory of the CD and click OK.
5 Select the PRODUCT.NI file.
6 Follow the on-screen instructions for installing the product.
If you are running Novell Client software, you should now upgrade your
existing workstations. You can choose to run workstations without additional
software using Novell Native File Access Protocols. For more information,
see the NetWare 6 Online Documentation (http://www.novell.com/
documentation/lg/nw6p).

100-004725-001
August 30, 2001
Novell Confidential

100-004725-001
August 30, 2001
Novell Confidential
3 Upgrade to NetWare 6
The NetWare® 6 installation program can be used to upgrade an existing

NetWare 4 or NetWare 5 server to NetWare 6.
The upgrade process includes the following tasks:
Meet system and software requirements
Prepare the network and the computer
Specify hardware and software settings
Create additional disk volumes (if required)
Select and install networking protocols
Set up Novell® eDirectoryTM
Install other networking products
During the upgrade program, the server is upgraded to NetWare 6 by
automating the following tasks:
Device drivers and LAN drivers for the NetWare 6 operating system are
loaded. Outdated drivers are matched with and replaced by new drivers
included with NetWare 6.
eDirectory is upgraded.
NetWare 6 information is added to the AUTOEXEC.NCF and
STARTUP.NCF files.
The NetWare 6 files are copied to the server.
Upgrade to NetWare 6 87

100-004725-001
August 30, 2001
Novell Confidential
Meet System and Software Requirements

To upgrade to NetWare 6, your system must meet the minimum requirements
listed below.
System and Software Requirements

The server to be upgraded must be running one of the following:
NetWare 5 with Support Pack 6 or later
A server-class PC with a Pentium II or AMD K7 processor
256 MB of RAM
A DOS partition with 35 MB of available space
2 GB of available disk space on volume SYS:
One network board
A CD drive
A USB, PS/2, or serial mouse (recommended but not required)
Software and Other Requirements

Depending on the network configuration, you might need one or all of the
following software and information:
Supervisor right at the [Root] of the eDirectory tree
Supervisor right to the container where the Server object resides
CD drivers (required to access the CD)

100-004725-001
August 30, 2001
Novell Confidential
Client connection utilities (optional, for upgrading from another server):

Novell ClientTM for DOS and Windows* 3.1x (optional, for
upgrading from a NetWare server running IPXTM).
IP Server Connection Utility (optional, for installing from a NetWare
server running IP only).
For instructions, see PRODUCTS\SERVERINST\IPCONN.TXT on
the Novell Client CD.
An IP address
For IP addresses and domain names, contact your network
administrator and Internet Service Provider.
Network board and storage device properties, such as the interrupt and
port address (required if not included in NetWare).
For more information, contact your computer hardware manufacturer.
Next, you should prepare the network for the NetWare 6 server. If this server
is not part of an existing network, you can skip to “Preparing the Computer”
on page 93.
Preparing the Network

Before you introduce a NetWare 6 server into an existing network, you must
run NetWare Deployment Manager to update the network.
To update the network for NetWare 6, you must do the following:
1 Log in from a Windows 95/98 or Windows NT/2000 workstation to your
existing network as a user with the Supervisor right.
If prompted to log into the network while using NetWare Deployment
Manager, you can enter the server name or click Details and specify the
IP address.
2 Run NetWare Deployment Manager (NWDEPLOY.EXE), located on the
NetWare 6 Operating System CD.

100-004725-001
August 30, 2001
Novell Confidential
3 Double-click the Network Preparation folder to view the tasks and read
the Overview section to get an understanding of the tasks.
4 Back up any server data and Novell eDirectory data following the
instructions in the Back Up Data step.
5 Run the View and Update eDirectory Version program to update
eDirectory as required.

100-004725-001
August 30, 2001
Novell Confidential
6 Run the Prepare for eDirectory program to extend the network schema.
7 (Conditional) If you are upgrading a cluster of NetWare servers, run the

Prepare a Novell Cluster for Upgrade program.

100-004725-001
August 30, 2001
Novell Confidential
8 (Conditional) If you are upgrading a NetWare 5 server running NDS® 7

that has NSS volumes, run the Prepare a Server with NDS 7 and NSS
program.
9 Follow the instructions in the Update Certificate Authority (CA) Object
step to create or update a Security container object and a Certificate
After you have completed the Network Preparation section of NetWare
Deployment Manager, read through the Installation / Upgrade Options section
to help you decide the option that best meets your needs.
After choosing an installation or upgrade option, you should now prepare the
computer to be a NetWare 6 server.

100-004725-001
August 30, 2001
Novell Confidential
Preparing the Computer

To prepare your existing server for the NetWare 6 operating system, do the
following:
Back up the NetWare server files
Prepare application files
Verify a valid DOS partition
Access the upgrade program
Backing Up the NetWare Server Files

Make at least one backup of your NetWare server files, including files on the
DOS partition. Do not attempt an upgrade without a backup.
Preparing Application Files Prior to Upgrading

Some applications require that you prepare the files prior to upgrading.
Preparing IBM WebSphere Application Server for NetWare Files

(Conditional)
If the server has been running IBM* WebSphere Application Server for
NetWare, you must migrate your existing Web applications using the
migration utility included with NetWare 6. The utility migrates WebSphere
Web applications to Tomcat 3.3 Web applications.
Migrate WebSphere Applications
1 At the NetWare server system console, enter XMLCONFIG -EXPORT
volume_name:\websphere\migrate.xml adminNodeName
NodeName
NOTE: If you installed WebSphere to a different directory, specify that directory.
2 Complete the upgrade to NetWare 6.

3 After the upgrade, continue migrating the applications by following the
instructions in "Migrating from WebSphere to Tomcat in Getting Results
with Novell Web Services.

100-004725-001
August 30, 2001
Novell Confidential
Preparing Servers Running ZENworks for Server 2 (Conditional)
If the server is running ZENworks for Servers 2, you must install ZENworks
for Servers 2 Support Pack 1 prior to upgrading the server to NetWare 6.
ZENworks for Servers 2 Support Pack and related information can be
obtained from Novell Technical Support (htttp://support.novell.com).
Verify a Valid DOS Partition

Your NetWare server uses the DOS partition to start the computer and load
NetWare. Many of the existing NetWare startup files will be replaced with
new NetWare 6 files. In addition, the DOS partition must exceed the minimum
amount of available space to accommodate new NetWare 6 files.
If the DOS partition does not have enough available space, you cannot
upgrade the server. You must create a new DOS partition and install a new
server. See “Setting Up NetWare 6” on page 27.
HINT: If your computer does not meet the minimum requirements, you might try
using the Novell Migration Wizard utility to migrate data to another computer. For
more information, see www.novell.com/documentation.
Access the Installation Files

NetWare 6 can be upgraded from the server’s local CD drive or from
installation files located on the network. To access the NetWare 6 installation
files, complete the following steps.
1 Insert the NetWare 6 Operating System CD and boot the computer.
2 Complete one of the following:
If the computer boots from the CD, follow the on-screen prompts and
skip to “Selecting the Language and Accepting the License
Agreement” on page 36.
If the computer does not boot from the CD, continue with the
following steps.
3 Boot your computer with DOS 3.3 or later.
4 Access the NetWare 6 Operating System CD.
If you install CD drivers to the disk drive, make sure that the logical
filename of your CD drive (specified in the CONFIG.SYS and
AUTOEXEC.BAT files) is not CDROM or CDINST.

100-004725-001
August 30, 2001
Novell Confidential
5 Make sure that the CONFIG.SYS file contains the FILES=50 and
BUFFERS=30 commands.
6 (Conditional) To upgrade from NetWare 6 files located on a network,
install the Novell Client for DOS and Windows 3.1x or IP Server
Connection Utility software located on the Novell Client CD.
What’s Next
After accessing the NetWare 6 installation files, follow the instructions for
installing a server beginning with “Installing the Software” on page 35.
IMPORTANT: If you are upgrading a NetWare server with NSS volumes, the NSS
volumes will not appear or mount until they are updated. Updating NSS volumes is
done after finishing the server upgrade by following the instructions in “Updating
NSS Volumes” on page 84.
Because you are doing an upgrade, you are not prompted to provide all the
information normally required for a new server installation. The installation
program uses existing information to skip entire sections and complete the
upgrade to NetWare 6.
HINT: Don’t forget to select Upgrade as the type of installation.

100-004725-001
August 30, 2001
Novell Confidential

100-004725-001
August 30, 2001
Novell Confidential
Other Installation Options
Novell
NetWare 6 ®
www.novell.com
O T H E R I N S TA L L AT I O N O P T I O N S
August 30, 2001

Novell Confidential
doc_tpl.fm Rev 99a 17 28 October 99
Contents
Overview 9
Using NetWare Accelerated Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Automating the NetWare Installation with a Response File . . . . . . . . . . . . . . . . . . . . . 9
Using Installation Scripts for NetWare Installation . . . . . . . . . . . . . . . . . . . . . . . . . 10
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1 Using NetWare Accelerated Upgrade 11

How NetWare Accelerated Upgrade Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Upgrading to NetWare 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Prepare the Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Prepare a Staging Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Prepare the Target Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Prepare the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Run NetWare Accelerated Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Complete Post-Upgrade Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Specifying Disk Drivers Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Troubleshooting Server-to-Server Connections . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Disabling SAP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Detaching from Unauthenticated Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Setting the Target Server’s Gate Parameter to Its Default Router IP Address . . . . . . . . . 22
2 Automating the NetWare Installation with a Response File 25

Creating a Response File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Creating a New Response File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Editing a Response File from a Previous Server Installation . . . . . . . . . . . . . . . . . . 26
Using a Response File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Using a Response File during a Server Installation . . . . . . . . . . . . . . . . . . . . . . 27
Entering a Response File at the Command Line . . . . . . . . . . . . . . . . . . . . . . . . 27
Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
NetWare Sections and Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
[NWI:Product Information] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
[NWI:Language] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Contents 5

104-001234-001
August 30, 2001
Novell Confidential
doc_tpl.fm Rev 99a 28 October 99
[NWI:Install Options] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

[NWI:Server Settings] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
[NWI:Locale] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
[NWI:Mouse and Video] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
[NWI:Hardware] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
[NWI:Excluded From Detection] Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
[NWI:Multi-Processor System] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
[NWI:Storage Adapter n] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
[NWI:Storage Device n] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
[NWI:Network Adapter n] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
[NWI:Reserved Adapter n] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
[NWI:Hotplug System] Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
[NWI:NetWare Loadable Module] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
[NWI:File System] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
[NWI:Partition n] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
[NWI:Volume n] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
[NWI:Misc] Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
[NWI:File Server] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
[NWI:Protocols] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
[NWI:TCPIP] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
[NWI:IPX] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
[NWI:IPCMD] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
[NWI:SNMP] Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
[NWI:DNS] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
[NWI:Host Name] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
[NWI:Time Zone] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
[NWI:Time Synchronization] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
[NWI:NDS] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
[NWI:License] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
[NWI:Add to Startup] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
[NWI:Append To Autoexec.ncf] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
[NWI:Use NCF Settings] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Performing a Fully Automated Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
[Novell:NOVELL_ROOT:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Automating the Installation of Additional Products and Services . . . . . . . . . . . . . . . . . 79
[Selected Nodes] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Installing Multiple Products on a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Product Keys and Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Additional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
CD Boot and the Response File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Customizing the Installation Using Install Scripts . . . . . . . . . . . . . . . . . . . . . . . . . 87
[NWI:Install Script] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Performing a Factory Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
[NWI:Factory] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
[Novell:StartupDirectory:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
6 Other Installation Options

104-001234-001
August 30, 2001
Novell Confidential
[Novell:SYSDirectory:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
[Novell:ConfigDirectory:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
[Novell:LANFiles:1.0.0] Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
[Novell:SBDFiles:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
[Novell:portalzip:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
[Novell:Rconjzip:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
[Novell:Perl5zip:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
[Novell:beanszip:1.0.0] Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
[Novell:nscriptzip:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
[Novell:scripteszip:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
[Novell:console1zip:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
[Novell:ldapzip:1.0.0] Section. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
[Novell:wanmanzip:1.0.0] Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Install Command Line Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
3 Installation Scripts for NetWare 101

Using NetWare Installation Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Script Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Launching a Script File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Using a Script with NetWare 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Descriptors and Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
External Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Version 2.10 External Command Compatibility. . . . . . . . . . . . . . . . . . . . . . . . 125
External Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
External Command Programming Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
ICMDSetVar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
ICMDGetVar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
External Command Variable Substitution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Installation NLM Command Line Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
User-Documented Switches for NetWare Installation . . . . . . . . . . . . . . . . . . . . 158
Switches Helpful for Install Script Writers . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Other Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
NetWare 4.1 Remote Installation Wrapper. . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
NetWare Installation Command Version Availability . . . . . . . . . . . . . . . . . . . . . . . 161
NetWare Install Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
NetWare External Install Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Contents 7

104-001234-001
August 30, 2001
Novell Confidential

104-001234-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Overview
The following advanced options can help you upgrade or install NetWare®
servers.
Using NetWare Accelerated Upgrade

You can run NetWare Accelerated Upgrade from a Windows* client
workstation, so that you don’t need to be physically present at the server
console. Although NetWare Accelerated Upgrade is quicker than the standard
installation process, it does not install additional network products, licensing
services, or license certificates.
See Chapter 1, “Using NetWare Accelerated Upgrade,” on page 11.
Automating the NetWare Installation with a Response

File
Installing the NetWare operating system software can be easier and more
flexible when you use a response file. When used with the graphical server
installation, a response file lets you
Set and display specific defaults
Bypass entire sections of the installation
Automate the entire server installation process
A response file is a text file containing sections and keys (similar to a
Windows .INI file). You can create a response file using any ASCII text editor.
If you use a response file, the NetWare server installation reads the installation
parameters directly from the response file, replacing the default installation
values with response file values.
See Chapter 2, “Automating the NetWare Installation with a Response File,”
on page 25.
Overview 9

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Using Installation Scripts for NetWare Installation

NetWare installation scripts let you
Alter or extend the NetWare installation process
Install additional products or services on a NetWare server after the
operating system has been installed
See Chapter 3, “Installation Scripts for NetWare,” on page 101.

103-000143-001
August 30, 2001
Novell Confidential
1 Using NetWare Accelerated Upgrade
The NetWare® Accelerated Upgrade utility is an advanced utility that can be

used to upgrade a NetWare 4.11, NetWare 4.2, or NetWare 5 server to NetWare
6. NetWare Accelerated Upgrade is intended for use by network
administrators who are skilled at troubleshooting and installing NetWare
networks.
WARNING: Back up all data before using this utility. Although NetWare
Accelerated Upgrade can reduce the time required to upgrade multiple servers, it
must be used carefully. There are no backout procedures that will restore your
servers to their original configuration or restore trustee assignments if the upgrade
is unsuccessful.
Two advantages to using NetWare Accelerated Upgrade are that:

It runs on a Windows client workstation, so you don’t need to be
physically present at the server console. You also have the option of
customizing the NetWare Accelerated Upgrade script files, which allows
you the flexibility of customizing the NetWare 6 installation.
It is quicker than the standard installation process; however, it does not
install additional network products or licensing certificates.
How NetWare Accelerated Upgrade Works

NetWare Accelerated Upgrade requires a Windows client workstation, a
staging server, and a NetWare 4 or 5 server targeted for upgrade.
The staging server holds a copy of the NetWare 6 Operating System CD files.
From this one location, all targeted servers can be upgraded.
Using NetWare Accelerated Upgrade 11

103-000143-001
August 30, 2001
Novell Confidential
NetWare 4 or 5
targeted server
Logs in
-ROM files
File CD
copy
Windows
client workstation Logs in
running
NetWare Accelerated Upgrade Staging server
After the NetWare 6 Operating System CD files are copied to the staging
server, you will log in to a Windows workstation and launch the NetWare
Accelerated Upgrade utility (ACCUPG.EXE), located at the root of the
NetWare 6 Operating System CD. When NetWare Accelerated Upgrade
launches, you will log in to the target and staging servers.
During the upgrade, NetWare Accelerated Upgrade compares the existing
target server properties, such as the Directory Services version and the CLIB
version, with the minimum upgrade requirements for those properties.
If you meet the minimum requirements, NetWare Accelerated Upgrade copies
the NetWare 6 CD files from the staging server to the target server. After the
file copy, the target server reboots to complete the NetWare 6 server upgrade.
Before you begin upgrading the server, make sure that you have the following
software:
NetWare 6 License/Cryptography diskette for each server plus five
connections if you do not have an MLA

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Upgrading to NetWare 6
To run NetWare Accelerated Upgrade, complete the following tasks:
1. Prepare the Workstation (page 13)
2. Prepare a Staging Server (page 13)
3. Prepare the Network (page 17)
4. Prepare the Target Server (page 15)
5. Run NetWare Accelerated Upgrade (page 18)
6. Complete Post-Upgrade Tasks (page 20)
Prepare the Workstation

A Windows 95/98, Windows NT*, Windows 2000, or Windows ME
workstation with 50 MB of available disk space.
The Windows 95/98 and Windows ME workstations must be running
Novell® ClientTM version 3.3 or later and Support Pack 1 or later
The Windows NT and Windows 2000 workstations must be running
Novell Client for Windows version 4.8 or later and Support Pack 1
or later
PS/2* or serial mouse recommended, but not required.
Continue with the next section, "Prepare a Staging Server."
Prepare a Staging Server

The staging server holds a copy of the NetWare 6 Operating System CD files.
From this one location, all targeted servers can be upgraded. The staging
server can be any server other than the server you plan to upgrade and the
client workstation you are using to run NetWare Accelerated Upgrade.
1 Do one of the following:
Copy the NetWare 6 Operating System CD files to a volume on the
staging server. Make sure that all target servers can access the staging
server and the client workstation.
Mount the NetWare 6 Operating System CD as a volume on the
staging server.

103-000143-001
August 30, 2001
Novell Confidential
2 (Conditional) If you are upgrading a target server that does not have NICI
installed, copy the NetWare 6 NICI file to your target server. Do one of
the following:
If you copied the NetWare 6 CD files in Step 1 on page 13, create
directory named License at the root of the copied NetWare 6
Operating System CD and then copy the #.NFK file from the
NetWare 6 License/Cryptography diskette to the newly created
License directory.
If you mounted the NetWare 6 Operating System CD, rename the
#.NFK file to NICIFK (no extension is needed) and then copy the
#.NFK to the SYS:SYSTEM directory on every target server that you
plan to upgrade that does not have the NICI installed.
3 (Optional) Specify disk drivers manually.
Although not recommended, you can load disk drivers that are not
provided on the NetWare 6 Operating System CD or bypass the hardware
auto-detection used while running NetWare Accelerated Upgrade. For
more information, see “Specifying Disk Drivers Manually” on page 20.
4 (Optional) Customize the NetWare Accelerated Upgrade script files.
WARNING: Customizing the installation process could affect the way that
NetWare 6 is installed. This might result in an upgrade failure and might make your
server unusable.
Customizing script files lets you add more menu options or install
additional software or patches that are not standard features of the
NetWare 6 installation.
For information on using script files, see "Upgrading an Enterprise Using
the NetWare Accelerated Upgrade" (AppNotes, April 1999) at the Novell
Developer Net Web site (http://developer.novell.com/research/
completearchive.htm).
When the source server is ready, continue with the next section, "Prepare the
Target Server."

103-000143-001
August 30, 2001
Novell Confidential
Prepare the Target Server

The target server is the NetWare 4 or NetWare 5 server that you plan to
upgrade to NetWare 6. Make sure your target server meets the minimum
requirements listed below.
WARNING: Do not use NetWare Accelerated Upgrade to upgrade the first server
in your tree to NetWare 6. You must already have a server running NetWare 6 in
your tree in order to use NetWare Accelerated Upgrade. If you do not already have
a server running NetWare 6, do an inplace upgrade on a server in your tree, and
then upgrade the rest of the servers in your tree with NetWare Accelerated
Upgrade.
A server-class PC with Pentium* Pro or Pentium II or higher processor
with a minimum of 180 MB of RAM. 512 MG of RAM is recommended.
HINT: 180 MB is the minimum requirement. If you plan to install additional
products after the upgrade, you might want to take into account the additional
memory requirements those products will have and plan for them now.
Make sure the target server has enough disk space.

30 MB of available disk space on the DOS partition. The
recommended total size of the DOS partition is 100 MB.
1 GB minimum available disk space on volume SYS:. However, the
total recommended size of volume SYS: is 2 GB.
(Optional) Load the RSPX and REMOTE NLMTM programs (for the
IPXTM protocol) or the RCONJAG6.NLM program (for the IP protocol)
on the target server if you are using script files to upgrade your server and
you want to see and access the target server’s server console from the
client workstation.
(Conditional) If your target server is running ZENworksTM for Servers 2,
you must unload this application before upgrading your server. For more
information about upgrading servers with ZENworks, see ZENworks for
Server 2 Installation and Setup Guide (http://www.novell.com/
documentation/lg/zfs2/index.html) > Installing and Setting Up
Management and Monitoring Services > Setting Up Management and
Monitoring > Starting and Stopping Services.
To stop the Policy and Distribution Services, follow these steps:
Enter CTRL/ESC at the server console of the NetWare server to list
the processes that are currently running.
Select Distributor from the list.

103-000143-001
August 30, 2001
Novell Confidential
Prompt enter Exit, at the Distributor console.

Select Subscriber from the list.
Prompt enter Exit, at the Subscriber console.
Select ZENworks for Servers from the list.
Prompt enter Exit, at the ZENworks for Servers console.
Select Remote Web Console from the list.
Prompt enter Exit, at the Remote Web Console.
The following table lists the procedures that NetWare Accelerated Upgrade
does not support during a NetWare 4 or NetWare 5 upgrade.
Table 1 Unsupported Procedures When Upgrading a NetWare 4 or NetWare 5 Target Server
Not Supported during an Upgrade Recommendation
Adding the IP protocol during the Add the IP protocol after upgrading by
upgrade using NetWare 6 utilities such as
INETCFG, or use the NetWare 6
Installation program to upgrade.
Once you have met the hardware requirements, complete the following steps
to prepare your target server to be upgraded:
1 Update the target server with the latest NetWare Support Pack.
Support Packs are available at the Novell Support Web site (http://
www.support.novell.com/filefinder).
NetWare 4.11 and NetWare 4.2 require NetWare 4 Support Pack 8
(IWSP6A.EXE) or later
NetWare 5.0 requires NetWare 5 Support Pack 6 or later
NetWare 5.1 requires NetWare 5 Support Pack 2 or later
2 (Conditional) If you are upgrading a server in a multiserver tree that is
running NDS® 7 with NSS volumes, do the following:
2a Run the NetWare Deployment Manager utility (NWDEPLOY.EXE),
located at the root of the NetWare 6 Operating System CD.
2b Click Network Preparation > Prepare a Server with NDS 7 & NSS.

103-000143-001
August 30, 2001
Novell Confidential
3 (Conditional) If you are upgrading a server in a multiserver tree that is

clustered, do the following:
3a Run the NetWare Deployment Manager utility (NWDEPLOY.EXE),
located at the root of the NetWare 6 Operating System CD.
3b Click Network Preparation > Prepare a Novell Cluster for Upgrade.
4 Run DSREPAIR > Time Synchronization at the server console of the
target server. If you encounter any NDS® synchronization errors, make
sure you resolve these before continuing.
5 Mount all volumes.
If you have experienced disk errors in the past, you might want to run
VREPAIR on all of the volumes on the server to ensure that there are no
errors.
6 Verify that your target server can communicate with your staging server
and your client workstation.
IMPORTANT: Make sure that the client workstation, target server, and staging
server share the same protocol (IPXTM or IP).
If you have problems here, refer to “Troubleshooting Server-to-Server

Connections” on page 21.
7 Make sure that you have the Supervisor right to the container where the
target server resides.
When the target server is ready, continue with the next section, "Prepare the
Network."
Prepare the Network

Because you cannot use NetWare Accelerated Upgrade to upgrade the first
server in a multiserver tree to NetWare 6, you must do an inplace upgrade on
one server in your tree. Once there is a server in your tree running NetWare 6,
you can safely upgrade the rest of your servers using NetWare Accelerated
Upgrade.
For instructions on performing an inplace upgrade, refer to Chapter 3,
"Upgrade to NetWare 6" in the NetWare 6 Overview and Installation Guide.
If you are upgrading a server in a single-server tree to NetWare 6, you can use
NetWare Accelerated Upgrade; however, you will need to manually extend
the NDS schema after the upgrade. If you want the schema updated
automatically, it is best to do an inplace upgrade.
Continue with the next section, "Run NetWare Accelerated Upgrade."

103-000143-001
August 30, 2001
Novell Confidential
Run NetWare Accelerated Upgrade

1 From your workstation, log in to the staging server and double-click the
NetWare Accelerated Upgrade executable (ACCUPG.EXE), located at
the root of the NetWare 6 Operating System CD.
2 Read the Welcome screen and click the right-arrow.
3 Enter the location where you copied or mounted the NetWare 6 files to the
staging server and click the right-arrow.
4 Enter the password to the staging server (the server that holds the copy of
the NetWare 6 CD files) and click OK.
5 Select your target server from the list and click the right-arrow.
6 If prompted, enter the username, password, tree name and context for the
target server, and then click OK.
7 Click the right-arrow.
At this point, NetWare Accelerated Upgrade checks the target server to
make sure that the selected server meets the minimum software and
hardware requirements of NetWare 6. This might take a few minutes.
8 Review the critical requirement screen and make sure that the target
server meets the minimum NetWare 6 server requirements.
NOTE: If you have applied the Support Packs listed in the “Prepare the Target
Server” on page 15, you won’t have any problems meeting these requirements.
Some items appearing on the list are not critical requirements. But the
following requirements must be met before continuing:
NetWare server version
Directory Services version
CLIB version
HCSS is not loaded (NetWare 4 only)
SFTTM IIITM server is not used (NetWare 4 only)
Unsupported drivers are unloaded (NetWare 4 only)
If the target server does not meet a critical minimum requirement, the
server property will be listed in red. NetWare Accelerated Upgrade will
not allow you to continue until you have met all critical minimum
requirements.
IMPORTANT: If prompted to update your NICI file, follow the instructions in Step
2 on page 14 before continuing.

103-000143-001
August 30, 2001
Novell Confidential
9 Check any of the following options that you want NetWare Accelerated
Upgrade to automatically perform during the upgrade, and then click the
right-arrow:
Reboot the target server after the upgrade is completed.
Even if you checked this option, there might be an instance where
you might need to manually reboot the target server once the file
copy is complete.
Update the existing drivers on the target server to NetWare 6 LAN
and disk drivers.
Because NetWare Accelerated Upgrade has renamed the
STARTUP.NCF file to STARTUP.AUP, during auto-detection,
NetWare Accelerated Upgrade will restore the original
STARTUP.NCF and then loads the appropriate .HAM and .CDM
drivers that NetWare 6 supports.
If device drivers are not found for a device currently loaded in the
former STARTUP.NCF or AUTOEXEC.NCF files, the LOAD line
will be deleted or copied to the new file and then commented out.
WARNING: If the target server contains any disk drivers that are not
compatible with NetWare 6, they cannot be replaced during the hardware
auto-detection process and your server cannot be upgraded. To avoid this,
unload any drivers that are not compatible with NetWare 6 before you
complete the upgrade. NetWare Accelerated Upgrade automatically detects
unsupported drivers and will warn you about proceeding.
Remove any unsupported DOS utilities existing on the target server

(NetWare 4 servers only).
10 Review the list of products that NetWare Accelerated Upgrade is going to
install and click the right-arrow.
Once you click the right-arrow, you might need to wait a few minutes
before the Progress Screen appears.
11 Monitor the Progress Screen and click Close when the NetWare 6
Operating System files have been copied to the target server.
Your target server has now been upgraded to a NetWare 6 server. NetWare
Accelerated Upgrade does not install additional network products during
the upgrade. To install additional network products, see “Installing
Additional Networking Products” on page 20.
Continue with “Complete Post-Upgrade Tasks.”

103-000143-001
August 30, 2001
Novell Confidential
Complete Post-Upgrade Tasks
Installing Licensing Certificates
Because the NetWare Accelerated Upgrade utility does not install licenses,
use iManage via NetWare Web Manager to install license certificates on the
new NetWare 6 server.
NOTE: If licenses are installed at the [Root] of the NDS tree or you are on an MLA
account, you might not need to install additional licenses.
1 Go to NetWare Web Manager by entering the following into a Web
browser:
https://nw6serveripaddress:portnumber
2 Click the iManage icon.
3 Click License Management > Install Licenses.
4 Follow the on-screen instructions.
Installing Additional Networking Products
NetWare Accelerated Upgrade does not install additional products. If you

want to add network products, you can do so in one of two ways:
Through the server console by clicking the Novell icon on the servertop
and then Install.
Through Deployment Manager (located at the root of the NetWare 6
Operating System CD).
Specifying Disk Drivers Manually

You might want to change the behavior of hardware detection and the NDS
database upgrade. By replacing the -U option with the -MU option from the
lines that load HDETECT.NLM in the HWDETECT.ICS script file, you can
confirm or add new hardware devices during the upgrade.
To confirm or add new hardware devices during the upgrade, you must
physically be at the server console of the target server.
This procedure can also be used to load disk drivers that are not provided on
the NetWare 6 Operating System CD. This action might be beneficial when
upgrading multiple servers with identical hardware components. If you select

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
specific drivers manually, you must create and configure a \STARTUP

directory that contains the disk drivers and the STARTUP.NCF file.
1 Copy the NetWare 6 Operating System CD files to a volume on a staging
server.
IMPORTANT: Do not copy the files onto the target server that you are upgrading
or onto the client workstation.
2 Make sure that the target server can connect to the staging server.
3 Copy any additional .HAM and .CDM disk drivers that you need to the
\STARTUP directory on the staging server.
4 Continue with “Prepare the Network” on page 17.
Troubleshooting Server-to-Server Connections

If you could not make a server-to-server connection during NetWare
Accelerated Upgrade, try one or more of the possible solutions.
Disabling SAP Filtering

1 At the server console of the target server, enter
INETCFG
2 Select Protocols > IPX > Filtering Support.
If SAP filtering cannot be disabled, make sure that the client workstation is on
the same LAN segment as the target and staging servers.
Detaching from Unauthenticated Servers

1 From a Windows 95/98 or Windows NT client, right-click the red
Novell N.
2 Click NetWare Connections.
3 Select the server that you are not authenticated to.
4 Click Detach.
If you are still having problems communicating with the target server, reboot
the client workstation and try to log in to the target server again.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Setting the Target Server’s Gate Parameter to Its Default Router IP

Address
For a NetWare 4 Target Server
1 At the server console, enter
LOAD INSTALL
2 Select NCF Files Options > Edit AUTOEXEC.NCF File.
3 In the AUTOEXEC.NCF file, add
LOAD TCP/IP
4 Add a command that loads the network board and specifies the slot,
frame, and name of the network board (the AUTOEXEC.NCF file should
list this information).
For example, if you had a NE2000TM network board located in slot 3 with
an Ethernet_II frame, you would add a command similar to the following:
LOAD NE2000 Slot=3 Frame=ethernet_II Name=NE2000
5 Add a command that will load the network board and its IP address, mask
address, and gate parameter (set this to the default router IP address of the
target server).
For example, for the NE2000 network board with a default router IP
address of 137.33.172.1, the command would be similar to the following:
LOAD NE2000 addr=137.65.178.1 mask=255.255.255.0
gate=137.33.172.1
6 Add a command to bind IP to the network board, using the following
format:
BIND IP network_board_name
7 Next, add the IP address, mask address, and gate parameter for the target
server to the BIND IP command line.
For a NetWare 5 Target Server

NWCONFIG
2 Select NCF Files Options > Edit AUTOEXEC.NCF File.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
3 At the BIND IP command line, after the mask address, set the gate
parameter to the default router IP address for the target server.
For example, if your default router IP address was 137.65.178.1, at the
BIND IP command line you would enter the following after the mask
address:
gate=137.65.178.1

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
2 Automating the NetWare Installation

with a Response File
Installing the NetWare® operating system software can be easier and more
flexible when you use a response file. When used with the graphical server
installation, a response file lets you
Set and display specific defaults
Bypass entire sections of the installation
Automate the entire server installation process
A response file is a text file containing sections and keys (similar to a
Windows .INI file). You can create a response file using any ASCII editor.
If you use a response file, the NetWare server installation reads the installation
parameters directly from the response file, replacing the default installation
values with response file values. The installation program accepts the values
as they appear and continues to the next installation screen. Because the
installation program gets all the required information from the response file,
you can even skip the entire sequence of installation screens.
Using a response file to install NetWare can be very useful to a variety of
customers and vendors. Novell® customers who have established server
hardware standards in their enterprise can use the response file to rapidly
deploy multiple NetWare servers. They will also find the response file useful
for preconfiguring some of the NetWare installation, while leaving other
parameters to the local administrator. Resellers and OEMs will find the
response file useful for pre-installing NetWare prior to shipping a server to
their customers.
Automating the NetWare Installation with a Response File 25

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
This chapter contains the following sections:

“Creating a Response File” on page 26
“Using a Response File” on page 27
“Syntax” on page 28
“NetWare Sections and Keys” on page 33
“Performing a Fully Automated Installation” on page 78
“Automating the Installation of Additional Products and Services” on
page 79
“CD Boot and the Response File” on page 87
“Customizing the Installation Using Install Scripts” on page 87
“Performing a Factory Install” on page 90
Creating a Response File

You can create a new response file, or edit one from a previous server
installation.
NOTE: You should take care when using a response file from a previous
installation because it can contain advanced configuration options you don’t want
for your current installation.
Creating a New Response File

1 Open an ASCII editor such as EDIT.
2 Input parameters as described in “Syntax” on page 28.
Editing a Response File from a Previous Server Installation

You can generate a response file from a server installation or upgrade, and then
use it as input for additional server installations or upgrades. Using the
response file from another server installation works best when both servers
have the same hardware configurations.
1 Perform the first server installation, and then reboot the server by clicking
Yes on the closing screen of the installation.
2 Log in to the new server after it has been rebooted.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
3 Copy RESPONSE.NI from the SYS:NI\DATA directory to either a

diskette or to the new server.
4 Modify the file by adjusting the parameters and removing unwanted
sections.
See “Syntax” on page 28 for a description of the parameters
Using a Response File

A response file can be used during a server installation in one of two ways:
Identified during the server installation
Entered at the command line
Using a Response File during a Server Installation

1 Copy the response file to a diskette, hard disk, or network directory
accessible by the PC that you are installing NetWare on.
2 Enter INSTALL to start the server installation.
3 On the Install Options screen (the first screen after the language section),
press F3 for the response file window.
4 Enter the path for the response file, and then press Enter.
5 Continue with the rest of the server installation.
Entering a Response File at the Command Line

1 Copy the response file to a diskette, hard disk, or network directory
accessible by the server that you are installing NetWare on.
2 Start the server installation from CD, hard disk, or network directory by
entering
INSTALL /RF=response_file_DOS_path\filename
Replace response file DOS path with the path for the response file, and
filename with the name of the response file. For example, if you are
installing NetWare from a CD and the response file is on a diskette, enter
D:\INSTALL /RF=A:\RESPONSE.TXT

103-000143-001
August 30, 2001
Novell Confidential
Syntax
A response file is a Windows .INI-type file. Data items are identified as keys,
and keys have associated values (Key = value). These keys are grouped in
sections. For the NetWare installation program, each data input screen has one
or more sections associated with it. Section names of the installation generally
correspond to the function of the screens.
Section and key names are case sensitive. Values associated with keys are not
case sensitive. Semicolons placed at the beginning of a line indicate that the
line is a comment.
Sections can be placed in any order. However, if there are two or more sections
with the same section name, the first section listed in the response file will be
used and the other sections will be ignored.
The following sections apply to the NetWare server installation. They are
listed in the order they are used during installation.
Section Purpose
“[NWI:Product Information] Section” Identifies the specific product version the

on page 33 response file is associated with.
“[NWI:Language] Section” on page Specifies the languages to be installed on

34 the server.
“[NWI:Install Options] Section” on Corresponds to the first data input screen.

page 35
“[NWI:Server Settings] Section” on Corresponds to the server settings

page 37 screen.
“[NWI:Locale] Section” on page 38 Corresponds to the regional settings

screen.
“[NWI:Mouse and Video] Section” Corresponds to the video and mouse

on page 39 settings screen.
“[NWI:Hardware] Section” on page Corresponds to the hardware detection

40 and driver matching function of the
installation program. If drivers are found in
the Update directories, they will be used
instead of the drivers found on the
NetWare CD.

103-000143-001
August 30, 2001
Novell Confidential
Section Purpose
“[NWI:Excluded From Detection] Identifies what drivers will be excluded

Section” on page 44 from the auto-detection.
“[NWI:Multi-Processor System] Identifies the driver associated with the

Section” on page 44 processor system in the server.
“[NWI:Storage Adapter n] Section” Identifies the driver and its associated

on page 45 parameters for a specific storage adapter.
This Section can be duplicated for as
many adapters as are in the server. n
uniquely identifies the sequence of the
Section (for example, 1, 2, etc.).
“[NWI:Storage Device n] Section” on Specifies storage devices. This section

page 46 can be duplicated for as many devices as
are in the server. n uniquely identifies the
sequence of the Section (for example, 1,
2, etc.).
“[NWI:Network Adapter n] Section” Identifies the driver and its associated

on page 47 parameters for a specific network adapter.
This section can be duplicated for as many
devices as are in the server. n uniquely
identifies the sequence of the Section (for
example, 1, 2, etc.).
“[NWI:Reserved Adapter n] Section” Specifies the adapters that are to be

on page 50 reserved.
“[NWI:Hotplug System] Section” on Identifies the driver associated with the

page 50 processor system in the server.
“[NWI:NetWare Loadable Module] Identifies NLMTM programs that are to be

Section” on page 51 loaded with the hardware drivers.
“[NWI:Misc] Section” on page 59 Functions as a container of parameters

that do not correspond to a data input
screen.
“[NWI:File System] Section” on page Specifies the parameters for the partitions
51 and volumes.
“[NWI:File Server] Section” on page Specifies the parameters that uniquely

60 identify the server.

103-000143-001
August 30, 2001
Novell Confidential
Section Purpose
“[NWI:Protocols] Section” on page Controls whether the protocol screen is

61 displayed.
“[NWI:TCPIP] Section” on page 62 Specifies TCP/IP parameters.
“[NWI:IPX] Section” on page 63 Specifies IPXTM parameters.
“[NWI:IPCMD] Section” on page 64 Specifies Compatibility Mode parameters.
“[NWI:SNMP] Section” on page 65 Specifies Simple Network Management

Protocol parameters.
“[NWI:DNS] Section” on page 67 Specifies Domain Name Service (DNS)

parameters.
“[NWI:Host Name] Section” on page Specifies DNS Host Name for each IP
68 address.
“[NWI:Time Zone] Section” on page Corresponds to the time zone screen.

69
“[NWI:Time Synchronization] Specifies time server configuration.

Section” on page 70
“[NWI:NDS] Section” on page 70 Corresponds to the NDS® screen.
“[NWI:License] Section” on page 74 Identifies the location of the license file.
“[NWI:Add to Startup] Section” on Specifies lines to be added to the

page 76 STARTUP.NCF file.
“[NWI:Append To Autoexec.ncf] Specifies lines to be added to the

Section” on page 77 AUTOEXEC.NCF file.
“[NWI:Use NCF Settings] Section” Specifies whether to use the response file
on page 77 or the AUTOEXEC.NCF file for the server
name during an upgrade.
“[Novell:NOVELL_ROOT:1.0.0] Specifies full automation of installation.

“[Selected Nodes] Section” on page Specifies full automation of products and

80 services.
“[LDAP] Section” on page 83 Specifies full automation of products and

services.

103-000143-001
August 30, 2001
Novell Confidential
Section Purpose
“[Novell:DNS_DHCP:1.0.0] Section” Specifies full automation of products and

on page 85 services.
“[NWI:Install Script] Section” on Specifies full automation of products and

page 88 services.
“[NWI:Factory] Section” on page 91 Specifies full automation of factory install.
“[Novell:StartupDirectory:1.0.0] Specifies full automation of factory install.

“[Novell:SYSDirectory:1.0.0] Specifies full automation of factory install.

“[Novell:ConfigDirectory:1.0.0] Specifies full automation of factory install.

“[Novell:LANFiles:1.0.0] Section” on Specifies full automation of factory install.

page 93
“[Novell:SBDFiles:1.0.0] Section” on Specifies full automation of factory install.

page 94
“[Novell:portalzip:1.0.0] Section” on Specifies full automation of factory install.

page 94
“[Novell:Rconjzip:1.0.0] Section” on Specifies full automation of factory install.

page 95
“[Novell:Perl5zip:1.0.0] Section” on Specifies full automation of factory install.

page 95
“[Novell:beanszip:1.0.0] Section” on Specifies full automation of factory install.

page 96
“[Novell:scripteszip:1.0.0] Section” Specifies full automation of factory install.

on page 97
“[Novell:scripteszip:1.0.0] Section” Specifies full automation of factory install.

on page 97
“[Novell:console1zip:1.0.0] Section” Specifies full automation of factory install.

on page 97
“[Novell:ldapzip:1.0.0] Section” on Specifies full automation of factory install.

page 98
“[Novell:wanmanzip:1.0.0] Section” Specifies full automation of factory install.

on page 98

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The Prompt key is listed with each section that corresponds to a data input
screen and it
Controls whether the screen will be displayed.
Lets you use the response file to pass in the keys and values of the section.
Lets you bypass the screen.
If the value of Prompt is True, the screen will be displayed and the data
specified in the response file will be presented as default values. The screen
will not be displayed if the value of Prompt is False. If any of the required data
is missing in the response file, however, the screen will be shown regardless
of the Prompt value. For more information on each section’s keys, see
“NetWare Sections and Keys” on page 33.
In the following example, the data input screen will be displayed with the NDS
information already filled in:
[NWI:NDS]
Prompt = True
Tree Name = Novell
New Tree = True
Server Context = O=Utah
Admin Context = O=Utah
Admin Login Name = Admin
Admin Password = install
Display Summary = True
In the following example, the NDS input screen and the Summary screens will
not be displayed and the NetWare installation program will bypass them.
[NWI:NDS]
Prompt = False
Tree Name = Novell
New Tree = True
Server Context = O=Utah
Admin Context = O=Utah
Admin Login Name = Admin
Admin Password = install
Display Summary = False

103-000143-001
August 30, 2001
Novell Confidential
NetWare Sections and Keys

The NetWare installation sections and their associated keys are specified
below. Section names and Key names are in bold. Included with each key are
the default value, possible values, whether the Key is required for the NetWare
installation to run silently (for example, to create a new NDS tree without any
user input, New Tree=True must appear in the response file). Also included
with each Key is a short description of the Key’s purpose.
[NWI:Product Information] Section
Major Version = <string>
Default NetWare 6
Values (product name)
Key Required Yes
Example Major Version = NetWare 6
Purpose Specifies the name of the product that this response file is
associated with. If this value does not match that of the
NetWare default response file (normally found in the
INSTALL directory on the CD), the installation will not
continue.
Minor Version = <integer>
Default 10
Value 0-99
Key Required Yes
Example Minor Version = 10
Purpose Specifies the revision level of the product. If this value

does not match that of the NetWare default response file
(normally found in the INSTALL directory on the CD
image), the installation will not continue.
NOTE: The default value was inadvertently left at 0 for

the English version release. The error was corrected in
the international release.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Small Business = <string>
Default False
Value True or False
Key Required No
Example Small Business = True
Purpose Controls whether the Small Business licensing model is

used.
[NWI:Language] Section
Prompt = <string>
Default True
Values True or False
Key Required Yes
Example Prompt = True
Purpose Controls whether the screen is displayed.
Server Language = <integer>
Default 4 (English)
Values 1-100
Key Required Yes
Example Server Language = 4
Purpose Specifies the language that the screens of the installation

program will be displayed in and that will be the default
language of the server.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Additional Languages = <integers separated by commas>
Default (none)
Values 1-100 (values are specified in INSTALL\PROFILE.TXT)
Key Required No
Example Additional Languages = 5,6
Purpose Specifies additional languages that will be installed on the

server.
[NWI:Install Options] Section
Prompt = <string>
Default True
Key Required Yes
Upgrade = <string>
Default False
Key Required Yes
Example Upgrade = False
Purpose Specifies whether the installation will be an upgrade or a

new installation. False specifies a new installation rather
than an upgrade.

103-000143-001
August 30, 2001
Novell Confidential
Startup Directory = <string>
Default C:\NWSERVER
Values (existing DOS path up to 255 characters)
Key Required Yes
Example Startup Directory = C:\NWSERVER
Purpose Identifies the directory where the server’s initialization files

will reside on the Boot Partition.
Allow User response file = <string>
Default True
Key Required No
Example Allow User response file = True
Purpose Makes the F3 key available on the opening screen. It

allows a user to input a path to an additional response file.
NOTE: Values in a user response file will override the

values of other response files passed in previously to the
installation program.
Abort on Error = <string>
Default False
Key Required No
Example Abort on Error = True
Purpose Specifies whether the installation will halt when an error is

encountered during an unattended installation. The user will
normally see an error screen if this key is set to False.

103-000143-001
August 30, 2001
Novell Confidential
[NWI:Server Settings] Section
Prompt = <string>
Default True
Key Required Yes
NDS Version = <integer>
Default 8
Values 7 or 8
Key Required Yes
Example NDS Version = 8
Purpose Specifies the version of NDS to install on this server.
Load Server at Reboot = <string>
Default True
Key Required No
Example Load Server at Reboot = True
Purpose Adds new AUTOEXEC.BAT and CONFIG.SYS files that sets

a minimal DOS environment and automatically loads the
server. Pre-existing AUTOEXEC.BAT and CONFIG.SYS
files on the server will be renamed to *.000. If this value is set
to True and AUTOEXEC.000 already exists, then
AUTOEXEC.BAT will be renamed to AUTOEXEC.001, etc.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
CD Driver = <string>
Default NetWare
Values NetWare or DOS
Key Required No
Example Source Media Access = NetWare
Purpose Determines the driver type (DOS or server) used to access

the CD during installation.
[NWI:Locale] Section
Prompt = <string>
Default True
Key Required Yes
Country Code = <integer>
Default 001
Values (Values are specified in INSTALL\NLS\language

number\LOCALE.TXT)
Key Required Yes
Example Country Code = 001
Purpose Specifies the country-oriented settings for display.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Code Page = <integer>
Default 437
Values (values are specified in INSTALL\NLS\language

number\LOCALE.TXT)
Key Required Yes
Example Code Page = 437
Purpose Sets the character set for the server.
Keyboard = <string>
Default United States
Values (values are specified in INSTALL\NLS\<language

number>\LOCALE.TXT)
Key Required Yes
Example Keyboard = United States
Purpose Sets the keyboard type.
[NWI:Mouse and Video] Section
Prompt = <string>
Default True
Key Required Yes

103-000143-001
August 30, 2001
Novell Confidential
Mouse = <string>
Default PS/2
Values PS/2, Serial COM1, Serial COM2, No Mouse (values are

specified in INSTALL\NLS\language number\LOCALE.TXT)
Key Required Yes
Example Mouse = PS/2
Purpose Specifies the mouse type that will be used for the graphical
portion of the installation.
Use Super VGA = <string>
Default True
Key Required No
Example Use Super VGA = True
Purpose Indicates whether 256-color Super VGA is set for the

graphical portion of the installation. If set to False, 16-color
Standard VGA is set.
[NWI:Hardware] Section
Prompt = <string>
Default True
Key Required Yes

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Update Storage Driver Directory = <DOS path>
Default (none)
The Install always looks in C:\NWUPDATE as well.
Key Required No
Example Update Storage Driver Directory = F:\DRV\UPDATE
Purpose Specifies the directory path where updated storage (HAM and
CDM) drivers will be found; the directory should already exist
and be a local DOS path.
NOTE: Associated DDI files must accompany the storage

drivers in this directory.
Update Network Driver Directory = <DOS path>
Default (none)
The Install always looks in C:\NWUPDATE as well.
Key Required No
Example Update Network Driver Directory = F:\DRV\UPDATE
Purpose Specifies the directory path where updated network (LAN)

drivers will be found; the directory should already exist and be
a local DOS path.
NOTE: Associated LDI files must accompany the storage


103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Update PSM Driver Directory = <DOS path>
Default (none)
The Install always looks in C:\NWUPDATE as well
Key Required No
Example Update PSM Driver Directory = F:\DRV\UPDATE
Purpose Specifies the directory path where updated processor (PSM)

drivers will be found; the directory should already exist and be
a local DOS path.
NOTE: Associated PDI files must accompany the storage

Update Source Drive Type = <string>
Default (the type of the install source)
Values Floppy or CD or Network or Other
Key Required No, unless one or more of the Update keys above are set.
Example Update Source Drive Type = Network
Purpose Specifies the type of all source directories identified in the keys
above; all directories must be of the same type.
PSM Detection = <string>
Default True
Key Required No
Example PSM Detection = True
Purpose Controls whether driver matching is performed for the processor

system. If driver information is identified in the response file (see
Multi-Processor System section), detection can be set to False.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Storage Detection = <string>
Default True
Key Required No
Example Storage Detection = True
Purpose Controls whether detection of storage adapters and driver

matching is performed. If storage adapter and driver information
is identified in the response file (see Storage Adapter section),
detection can be set to False.
Network Detection = <string>
Default True
Key Required No
Example Network Detection = True
Purpose Controls whether detection of network adapters and driver

matching is performed. If network adapter and driver
information is identified in the response file (see Network
Adapter section), detection can be set to False.
Device Detection = <string>
Default True
Key Required No
Example Device Detection = True
Purpose Controls whether detection of storage devices and driver

matching is performed. If storage adapter and driver information
is identified in the response file (see Storage Device section),
detection can be set to False.

103-000143-001
August 30, 2001
Novell Confidential
HotPlug Detection = <string>
Default True
Key Required No
Example HotPlug Detection = True
Purpose Controls whether detection of Hot Plug devices and driver

matching is performed.
[NWI:Excluded From Detection] Section
Driver File = <filename>
Default (none)
Values (name of driver)
Key Required No
Example Driver File =AHA2940.HAM
Purpose Identifies the driver that will be excluded from auto-detection.
[NWI:Multi-Processor System] Section
Default (none)
Key Required No, unless PSM Detection=False
Example Driver File = MPS14.PSM
Purpose Identifies the driver to use for the server’s multiprocessor

system.

103-000143-001
August 30, 2001
Novell Confidential
[NWI:Storage Adapter n] Section
Example [NWI:Storage Adapter 1]
Description This section can be included for each storage adapter in the
server. Several Keys are described under this section which
are optional; if the driver is detectable by NetWare, only the
Driver File key is required for the section. The other Keys and
Values are varied and are extracted from the driver’s
corresponding DDI file.
Default (none)
Key Required No, unless Storage Detection=False
Example Driver File = AHA2940.HAM
Purpose Identifies the driver to use for the storage adapter.
SLOT = <integer>
Default (none)
Values (can be a 5-digit Hardware Instance Number assigned on

servers with buses that support detection—such as PCI)
Key Required No, unless the driver is for an ISA adapter
Example SLOT = 2
Purpose Specifies the bus slot of the storage adapter to which the
driver should be loaded.

103-000143-001
August 30, 2001
Novell Confidential
INT = <hexadecimal number>
Default (none)
Values 1-F
Key Required No, unless the driver is for an ISA adapter.
Example INT = F
Purpose Specifies the interrupt that the adapter is set to; this
parameter is commonly used for ISA bus adapters.
PORT = <number>
Default (none)
Values (3-digit memory address)
Example PORT = 170
Purpose Specifies the memory address the adapter is set to; this
[NWI:Storage Device n] Section
Example [NWI:Storage Device 1]
Description This section can be included for each storage device in the
server.
Default (none)
Key Required No, unless Device Detection=False
Example Driver File = IDECD.CDM
Purpose Identifies the driver to use for the storage device.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
[NWI:Network Adapter n] Section
Example [NWI:Network Adapter 1]
Description This section can be included for each network adapter in

the server. Several Keys are described under this section
which are optional; if the driver is detectable by NetWare,
only the Driver File Key is required for the section. The
other Keys and Values are varied and are extracted from
the driver’s corresponding LDI file.
Default (none)
Key Required No, unless Network Detection=False
Example Driver File = 3C59X.LAN
Purpose Identifies the driver to use for the network adapter.
SLOT = <integer>
Default (none)

Example SLOT = 10001
Purpose Specifies the bus slot of the network adapter to which the
driver should be loaded.

103-000143-001
August 30, 2001
Novell Confidential
INT = <hexadecimal number>
Default (none)
Values 1-F
Example INT = F
Purpose Specifies the interrupt that the adapter is set to; this
PORT = <number>
Default (none)
Values (3-digit memory address)
Example PORT = 170
Purpose Specifies the memory address the adapter is set to; this
Adapter Name = <string>
Default (none)
Values (text up to 255 characters)
Key Required No
Example Adapter Name = 3C59X_1
Purpose Specifies a unique name for this adapter.

103-000143-001
August 30, 2001
Novell Confidential
Frame Type n = <frame type>
Default (none)
Values (frame types supported by the driver are found in the

driver’s LDI file)
Key Required No
Example Frame Type 1 = Ethernet_802.2
Purpose Identifies the network frame type to be used when loading

the driver. There can be as many descriptions as there
are frame types supported by the driver—n uniquely
identifies the frame type (for example, 1, 2, etc.).
Logical Name n = <string>
Default (none)
Values (text combining the Frame Type with the Adapter Name)
Key Required No
Example Logical Name 1 = 3C59X_1_E82
Purpose Identifies the name to be used when binding a protocol to

a frame type on this adapter. There must be a logical
name for each frame type loaded with the driver—n
uniquely identifies the frame type (for example, 1, 2,
etc.).
Octet Bit Order = <string>
Default LSB
Values LSB or MSB
Key Required No
Example Octet Bit Order = LSB
Purpose Specifies the bit order (Least Significant Bit or Most

Significant Bit) that this network adapter uses for
deciphering the node address.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
[NWI:Reserved Adapter n] Section
Example [NWI:Reserved Adapter 1]
Description This section can be included for each slot in the server.
SLOT = <integer>
Default (none)

Example SLOT = 5
Purpose Specifies the bus slot that should be reserved. If an adapter

is found in this slot, an error is generated.
[NWI:Hotplug System] Section
Default (none)
Key Required No, unless HotPlug Detection=False
Example Driver File = CPQSBD.NLM
Purpose Identifies the driver to use for the Hot Plug system.

103-000143-001
August 30, 2001
Novell Confidential
[NWI:NetWare Loadable Module] Section
Default (none)
Values (name of NLM)
Key Required No
Example Driver File = ROUTE.NLM
Purpose Identifies the NLM to load during installation. This is

typically used for network support NLM programs.
[NWI:File System] Section
Prompt = <string>
Default True
Key Required Yes
Purpose Controls whether the character-based SYS Volume and

Partition screen is displayed.
Allow Volume Properties = <string>
Default True
Key Required No
Example Allow Volume Properties = True
Purpose Controls whether the F3 Volume Properties option is

displayed.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
GUI Prompt = <string>
Default True
Key Required Yes
Example GUI Prompt = True
Purpose Controls whether the File System screen is displayed during

the graphical portion of the install.
[NWI:Partition n] Section
Example [NWI:Partition 0]
Description This section allows partitions to be created on specific

devices in the system during installation. The devices are
specified by the key entries in the section. The zero-based
sequence number (n = 0, 1, 2, 3, ...) in the section heading
specifies the order in which the partitions are created. The
partition on which volume SYS is created must be defined in
[NWI:Partition 0].
Device Type = <string>
Default (none)
Values IDE or SCSI
Key Required No
Example Device Type = IDE
Purpose Identifies the type of the device the partition is to be placed

on.

103-000143-001
August 30, 2001
Novell Confidential
IDE Device Serial Number = <string>
Default (none)
Values (string of characters)
Key Required No
Example IDE Device Serial Number = AX8273430930.
Purpose Specifies the serial number of the device designated by the

manufacturer. (It is usually found on a sticker attached to the
device.)
IDE Device Channel = <integer>
Default (none)
Values 1 or 2 or 3 or 4
Key Required No
Example IDE Device Channel = 1
Purpose Identifies the channel on which the device is to be found.
IDE Device Type = <string>
Default (none)
Values Master or Slave
Key Required No
Example IDE Device Type = Master
Purpose Specifies the IDE type of the device on the channel.

103-000143-001
August 30, 2001
Novell Confidential
SCSI Device Adapter Slot = <integer>
Default (none)
Values 1 to16
Key Required No
Example SCSI Device Adapter Slot = 1
Purpose Identifies the physical slot number of the SCSI adapter
SCSI Device ID = <integer>
Default (none)
Values 0 to 15
Key Required Yes
Example SCSI Device ID = 0
Purpose Specifies the ID of the device on the SCSI chain
Partition Type = <string>
Default NSS
Values NetWare or NSS or Free
Key Required No
Example Partition Type = NSS
Purpose Identifies the type of partition to be created

103-000143-001
August 30, 2001
Novell Confidential
Partition Size = <integer> or <ALL FREE SPACE>
Default (none)
Values (up to the size of free space on the device in MB)
Key Required No
Example Partition Size = 1000
Purpose Identifies the size of the partition. Note that the number is
modified to align with a cylinder boundary. "ALL FREE
SPACE" specifies that all remaining free space on the
device will be used.
Partition HotFix Size = <integer>
Default (calculated on Partition Size)
Values 0 to 120 (in MB)
Key Required No
Example Partition HotFix Size = 20
Purpose Identifies the size of the redirection area on the partition
Mirror Partition = <integer>
Default (none)
Values (partition number)
Key Required No
Example Mirror Partition = 3
Purpose Identifies the partition that this partition will be mirrored to.

103-000143-001
August 30, 2001
Novell Confidential
[NWI:Volume n] Section
Example [NWI:Volume 0]
Description This section can be included for each volume defined on the
server. Note that SYS must be Volume 0. This section allows
volumes to be created on specific partitions in the system
during installation. The partitions are specified by the key
entries in the section. The zero-based sequence number (n
= 0, 1, 2, 3, ...) in the section heading specifies the order in
which the volumes are created. Volume SYS must be
defined in [NWI:Volume 0].
Volume Name = <string>
Default (none)
Values (valid volume name)
Key Required Yes
Example Volume Name = DATA
Purpose Identifies the name of the volume; follows naming

convention found in the NetWare user documentation.
Volume Type = <string>
Default NSS
Values NetWare or NSS or Free
Key Required No
Example Volume Type = NSS
Purpose Specifies the type of the volume to be created. Note that

volume types must be created on like partition types (e.g.,
NSS volume on NSS partition).

103-000143-001
August 30, 2001
Novell Confidential
Block Size = <integer>
Default (calculated on the size of the first segment of the volume)
Values 4 or 8 or 16 or 32 or 64
Key Required No
Example Block Size = 64
Purpose Identifies the volume’s block size. Note that this key does
not apply to NSS volumes.
Compression = <string>
Default True
Key Required No
Example Compression = True
Purpose Specifies whether compression is enabled on the

volume.
Suballocation = <string>
Default True (on NetWare volume types)
Key Required No
Example Suballocation = True
Purpose Specifies whether suballocation is enabled on the volume.

Note that this key does not apply to NSS volumes.

103-000143-001
August 30, 2001
Novell Confidential
Data Migration = <string>
Default False
Key Required No
Example Data Migration = True
Purpose Specifies whether data migration is enabled on the volume.

Note that this key does not apply to NSS volumes.
Mount = <string>
Default False
Key Required No
Example Mount = True
Purpose Specifies whether the volume should be mounted during

installation. This is useful if additional products and services
are to be installed on a volume other than SYS. Note that
mounting volumes will take additional time during the server
installation. Also, this key will be ignored if GUI Prompt =
False is not set in the NWI:File System section; this is to
avoid a conflict between this key and the mount volumes
screen during installation.
Segment n Partition = <integer>
Default (none)
Values (any value n previously defined in section [NWI:Partition

n])
Key Required Yes
Example Segment 1 Partition = 1
Purpose Identifies the partition on which the volume segment is to

be created. The number of segments n is limited from 1 to
8 for NetWare partitions and must be defined sequentially.

103-000143-001
August 30, 2001
Novell Confidential
Segment n Size = <integer> or <ALL FREE SPACE>
Default (none)
Values (up to free space on a partition in MB)
Key Required Yes
Example Segment 1 Size = 1000
Purpose Specifies the size of the volume segment. "ALL FREE

SPACE" specifies that all remaining free space on the
partition will be used.
[NWI:Misc] Section
Relogin Password = <string>
Default (none)
Values (text)
Key Required No, unless it is a network installation.
Example Relogin Password = Novell
Purpose Specifies the password for the user connection being

used while installing across the network. When this
section is properly used, the install bypasses the
reauthentication screen following the loading of the LAN
driver and prior to the preliminary file copy.

103-000143-001
August 30, 2001
Novell Confidential
[NWI:File Server] Section

NOTE: This is the first section used during the graphical portion of the installation.
Prompt = <string>
Default True
Key Required Yes
Servername = <string>
Default (none)
Values (text up to 47 characters—see NetWare documentation for

valid set of characters)
Key Required Yes
Example Servername = Novell
Purpose Specifies the name of the server. Note that a server is

brought up with temporary name until a valid Servername is
entered.
Server ID Number = <hexadecimal number>
Default (randomly generated)
Values 00000001-FFFFFFFF
Key Required Yes
Example Server ID Number = 01010101
Purpose Uniquely identifies the server for network communication

purposes. Note that this number should not conflict with
any existing IPXTM addresses on your network.

103-000143-001
August 30, 2001
Novell Confidential
[NWI:Protocols] Section
Prompt = <string>
Default True
Key Required Yes
Purpose Controls whether the protocols screen is displayed.
Single Network Adapter=<string>
Default False
Key Required No
Example Single Network Adapter=True
Purpose If this key is set to True then in the [NWI:TCPIP] and

[NWI:IPX] sections of the response file the "Logical Name
1" key is automatically filled in with the logical name of the
first network card found in the system. The logical name
will be bound to the TCPIP and IPX addresses specified
in the [NWI:TCPIP] and [NWI:IPX] sections of the
response file.
Default IP Frame Typer=<string>
Default (none)
Values (Frame types that are supported by a driver are found in the
driver’s LDI file
Key Required No
Example Default IP Frame Type=Ethernet II
Purpose Identifies the network frame type to be bound to the IP stack

when the "Single Network Adapter" is set to True.

103-000143-001
August 30, 2001
Novell Confidential
Default IPX Frame Typer=<string>
Default (none)
Values (Frame types that are supported by a driver are found in the
driver’s LDI file
Key Required No
Example Default IPX Frame Type=Ethernet 802.2
Purpose Identifies the network frame type to be bound to the IPX stack
when the "Single Network Adapter" is set to True.
[NWI:TCPIP] Section
Default (none)
Values (name identified in the Network Adapter sections of the

response file)
Key Required No, unless IP is to be bound.
Example Logical Name 1 = 3C59X_1_EII
Purpose Identifies the name of the adapter and frame type that the
protocol is to be bound to.
IP Address n = <decimal number>
Default (none)
Values (valid IP address)
Key Required No, unless Logical Name is set
Example IP Address 1 = 130.1.130.1
Purpose Specifies the IP address to be bound.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Subnet Mask n = <decimal number>
Default (none)
Key Required No, unless Logical Name is set.
Example Subnet Mask 1 = 255.255.255.0
Purpose Specifies the subnet. Divides the IP address into network

address and node address.
Gateway n = <decimal number>
Default (none)
Key Required No
Gateway 1 = 127.127.0.254
Purpose Identifies the gateway or router through which this server

can communicate outside the subnet.
[NWI:IPX] Section
Default (none)
Values (name identified in the Network Adapter sections of the

response file)
Key Required No, unless IPX is to be bound
Example Logical Name 1 = 3C59X_1_E82
Purpose Identifies the name of the adapter and frame type that the
protocol is to be bound to.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IPX Address n = <hexadecimal number>
Default (address detected by the installation program)
Key Required No, unless Logical Name is set
Example IPX Address 1 = 01010102
Purpose Specifies the IPX address to be bound.
[NWI:IPCMD] Section
IPX Compatibility = <string>
Default True
Key Required No
Example IPX Compatibility = True
Purpose Controls whether SCMD is loaded on this server.
Migration Agent = <string>
Default True
Key Required No
Example Migration Agent = True
Purpose Controls whether the Migration Agent (SCMD /MA) is loaded

on this server.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
CMD Net Number = <string>
Default (none)
Key Required No
Example CMD Net Number = 01010101
Purpose Specifies the network number.
Preferred IP Address = <decimal number>
Default (none)
Key Required No
Example Preferred IP Address = 130.1.130.1
Purpose Specifies the IP address.
[NWI:SNMP] Section
Hardware = <string>
Default (none)
Values Values (text)
Key Required No
Example Hardware = Personal Computer
Purpose Identification information that is sent with SNMP traps to

assist in troubleshooting.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Location = <string>
Default (none)
Values (text)
Key Required No
Example Location = Building A

Contact = <string>
Default (none)
Values (text)
Key Required No
Example Contact = John Doe

Trap Targets TCPIP = <decimal numbers separated by commas>
Default (none)
Values (valid IP addresses)
Key Required No
Example Trap Targets TCPIP = 127.1.127.3
Purpose Identifies IP address of a computer to which SNMP traps

are sent.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Trap Targets IPX = <MAC address separated by commas>
Default (none)
Values (8-character IPX address:12-character node number)
Key Required No
Example Trap Targets IPX = C9990111:000001B555555
Purpose Identifies MAC addresses of a computer to which SNMP

traps are sent.
[NWI:DNS] Section
Prompt = <string>
Default True
Key Required Yes
Purpose Controls whether the DNS screen is displayed.
Domain = <string>
Default (none)
Values (text)
Key Required No
Example Domain = novell.com
Purpose Specify a domain.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Nameservers = <decimal numbers separated by commas>
Default (none)
Values (valid IP addresses)
Key Required No
Example Nameservers = 131.1.131.1, 131.1.131.2
Purpose Identifies the servers to be used for name resolution.
[NWI:Host Name] Section
Prompt = <string>
Default True
Key Required Yes
Host Name n = <string>
Default (none)
Values (text)
Key Required No
Example Host Name 1 = install.novell.com
Purpose Specifies the host name associated with an IP address

already bound.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IP Address n = <decimal number>
Default (none)
Key Required No
Example IP Address 1 = 130.1.130.1
Purpose Specifies the IP address associated with a Host Name.

Note that Host Name 1 will be set as the Primary address.
[NWI:Time Zone] Section
Prompt = <string>
Default True
Key Required Yes
Purpose Controls whether the time zone screen is displayed.
Time Zone = <string>
Default (none)
Values (string—see COMOTHR.ILS)
Key Required Yes
Example Time Zone = (GMT-06:00) U.S. and Canada Central Time
Purpose Specifies the standard time zone. Note that the exact string
from COMOTHR.ILS (in INSTALL\NLS\4) must be used.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Use Daylight Saving Time = <string>
Default True, if Time Zone supports Daylight Saving Time
Key Required No
Example Use Daylight Saving Time = True
Purpose Controls whether daylight saving time is set.
[NWI:Time Synchronization] Section
Default Time Server Type = <string>
Default (Single if new tree, Secondary if existing tree)
Values Single, Primary, Secondary
Key Required No
Example Default Time Server Type = Single
Purpose Specifies the time server type.
[NWI:NDS] Section
Prompt = <string>
Default True
Key Required Yes
Purpose Controls whether the NDS screen is displayed.

103-000143-001
August 30, 2001
Novell Confidential
Tree Name = <string>
Default (none)
Values (text)
Key Required Yes
Example Tree Name = Novell
Purpose Specifies the tree name for either a new tree or an existing
tree to install the server into.
New Tree = <string>
Default False
Key Required Yes
Example New Tree = True
Purpose Specifies whether the NDS tree to be installed is a new tree

or install into an existing tree.
NOTE: This key is only used when Prompt = False.
Server Context = <string>
Default (none)
Values (NDS distinguished name)
Key Required Yes
Example Server Context = .install.novell
Purpose Identifies the NDS context that the server is to be installed

into.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Add Replica = <string>
Default (none)
Key Required No
Example Add Replica = True
Purpose Controls whether a replica is added to the server. This only

applies if the server is not one of the first three servers
added to an NDS tree (by default the first three servers
receive replicas).
Upgrade User Conflict Action = <string>
Default (none)
Values Delete, Merge, or Rename
Key Required No, unless it is an upgrade from NetWare 3.1x
Example Upgrade User Conflict Action = Merge
Purpose Determines what action is to be taken during the upgrade of

a NetWare 3.1x server when objects of the same name are
found during the conversion of the bindery to NDS.
Admin Login Name = <string>
Default (none)
Values (text)
Key Required Yes
Example Admin Login Name = Admin
Purpose Specifies the name for the server administrator.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Admin Context = <string>
Default (none)
Key Required Yes
Example Admin Context = .install.novell
Purpose Identifies the NDS context in which the server administrator

is to be installed into.
Admin Password = <string>
Default (none)
Values (text)
Key Required Yes
Example Admin Password = Novell
Purpose Specifies the password for the server administrator. Note

that for security purposes, this password is removed from
the response file after NDS is installed.
Admin Language = <integer>
Default 4 (English)
Values 1-100
Key Required Yes
Example Admin Language = 4
Purpose Specifies the language of the server administrator. User

objects created by the server administrator will be assigned
this language.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Display Summary = <string>
Default True
Key Required Yes
Example Display Summary = True
Purpose Controls whether the NDS Summary screen is displayed
[NWI:License] Section
Prompt = <string>
Default True
Key Required Yes
Purpose Controls whether the license screen is displayed.
Display License Agreement = <string>
Default True
Key Required Yes
Example Display License Agreement = False
Purpose Controls whether the license agreement screen at the

beginning of the server install is displayed

103-000143-001
August 30, 2001
Novell Confidential
Install Licenses Later = <string>
Default False
Key Required No
Example Install Licenses Later = True
Purpose Specifies that no licenses will be installed on the server. If

this key is set to True, all remaining licensing keys will be
ignored.
License File = <string>
Default (none)
Values (existing DOS path and envelope file name—up to 255

characters)
Key Required No, unless a license is to be installed
Example License File = C:\NWSERVER\0000001.NLF
Purpose Identifies the directory and filename of a license envelope

file.
NICI Foundation Key File = <string>
Default (none)
Values (existing DOS path and envelope file name—up to 255

characters)
Key Required No
Example NICI Foundation Key File = C:\LIC\92942492.NFK
Purpose Identifies the directory and filename of a region specific

cryptography module.

103-000143-001
August 30, 2001
Novell Confidential
Search For Existing License = <string>
Default True
Key Required Yes
Example Search For Existing License = False
Purpose Controls whether the licenses (such as MLA licenses) are

searched for in the tree. Used in conjunction with the next
key.
Auto Skip If License Found = <string>
Default False
Key Required Yes
Example Auto Skip If License Found = True
Purpose Controls whether the license that was found using the
previous key is used; this is particularly useful for MLA
accounts.
[NWI:Add to Startup] Section
Prepend Line n = <decimal number>
Default (none)
Values (decimal number)
Key Required No
Example Prepend Line 1 = SET IGNORE DISK GEOMETRY=ON
Purpose Adds the line to the beginning of the STARTUP.NCF file. If

multiple lines are listed, n should increment sequentially.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Append Line n = <decimal number>
Default (none)
Key Required No
Example Append Line 1 = LOAD NFS.NAM
Purpose Adds the line to the end of the STARTUP.NCF file. If

[NWI:Append To Autoexec.ncf] Section
Line n = <decimal number>
Default (none)
Key Required No
Example Line 1 = LOAD MONITOR
Purpose Adds the line to the end of the AUTOEXEC.NCF file. If

[NWI:Use NCF Settings] Section
Override NCF = <True or False>
Default (False)
Values (True or False)
Key Required No
Example Override NCF = True
Purpose During an upgrade, if set to True, the server name is

specified in the response file instead of the
AUTOEXEC.NCF file.

103-000143-001
August 30, 2001
Novell Confidential
Performing a Fully Automated Installation

The following parameters must be present to completely automate an
installation or upgrade. The syntax and values for the supplementary NetWare
installation sections and their associated keys are specified below. For a fully
automated installation to work, these sections must appear in the response file
in addition to all of the required keys listed in “NetWare Sections and Keys”
on page 33.
[Novell:NOVELL_ROOT:1.0.0] Section
closeScreen = <string>
Default (none)
Values SilentCloseScreen
Key Required Yes
Example closeScreen = SilentCloseScreen
Purpose When this parameter is set, the final installation screen is

not shown.
Reboot = <string>
Default (none)
Key Required Yes
Example Reboot = False
Purpose Controls whether the server is restarted after the final

screen of the installation is closed.

103-000143-001
August 30, 2001
Novell Confidential
allowSummary = <string>
Default True
Key Required Yes
Example allowSummary = False
Purpose Controls whether the installation Summary screen is

displayed.
silent = <string>
Default False
Key Required Yes
Example silent = False
Purpose Global key that controls whether the installation runs in

silent mode with no user interaction. Some sections do
not support this key. If this is the case, use a
"prompt=false" key instead.
Automating the Installation of Additional Products and

Services
As part of the overall NetWare installation, you can auto-install additional
products and services by including a [Selected Nodes] section in the response
file. Because this section of the response file is not as easy to configure as the
other sections are, we recommended the following:
1 Perform a manual installation, selecting the products you want to have
installed on the server.
2 Modify the resulting response file for use as input to future NetWare
installations.
3 Add a [Selected Nodes] section to the input response file.

103-000143-001
August 30, 2001
Novell Confidential
4 Add the following lines under the [Selected Nodes] section heading:
Novell:NetWare5:1.0.0=Novell:NetWare5OS:5.0.0,Novell:Products:1.0.0,Novell:NW
UpdateGroup:1.0.0
Novell:NetWare5OS:5.0.0=Novell:DiskCarver:1.0.0,Novell:Protocols:1.0.0,Novell
:DS_Install:1.0.0, Novell:LicensePrompt:1.0.0,Novell:NW:1.0.0,Novell:NDPS
Server Files:1.0.0
Novell:NW:1.0.0=Novell:Startup:1.0.0,Novell:SYS:1.0.0,Novell:DriverFiles:1.0.
0
Novell:Startup:1.0.0=Novell:StartupDirectory:1.0.0
Novell:SYS:1.0.0=Novell:SYSDirectory:1.0.0,Novell:ETCDirectory:1.0.0,Novell:P
ROFINST_NODE:1.0.0
Novell:DriverFiles:1.0.0=Novell:LANFiles:1.0.0,Novell:SBDFiles:1.0.0
Novell:NDPS Server Files:1.0.0=Novell:NDPS System:1.0.0,Novell:NDPS
Public:1.0.0
Novell:Products:1.0.0=Novell:NICIInstall:1.0.0
Novell:NICIInstall:1.0.0=Novell:NICIModule:1.0.0
Novell:NWUpdateGroup:1.0.0=Novell:NWUpdate:1.0.0
NOTE: You can add more lines according to your needs, but these represent the
minimum information that must be included in the [Selected Nodes] section.
[Selected Nodes] Section
Prompt = <string>
Default True
Key Required Yes
Purpose Controls whether the Additional Products and Services

screen is displayed.

103-000143-001
August 30, 2001
Novell Confidential
Product Selection = <string>
Default (none)
Values Default or Web
Key Required No
Example Product Selection = Web
Purpose Specifies which bundle of Additional Products and Services

to install. Default will install the Web Services bundle. Web
will install the Web Services bundle plus WebSphere*
Application Server. To specify a custom bundle of
Additional Products and Services, do not include this key,
and specify each product as described below.
Novell:Products:1.0.0 = <strings separated by commas>
Default Novell:NICIInstall:1.0.0
NOTE: This NICI install string must be included.
Values Novell:NDPS:2.0.0
Novell:IpLdapService:3.0.0
Novell:IpCatalogService:1.0.0
Novell:IpWanmanService:1.0.0
Novell:SecuritySASInstall:1.0.0
Novell:PKIInstall:1.0.0
Novell:NICIInstall:1.0.0
Novell:RAS:4.1.0
Novell:SMS:1.0.0
Novell:DNS_DHCP:1.0.0
Key Required Yes
Example Novell:Products:1.0.0=Novell:NICIInstall:1.0.0,Novell:NDP
S:2.0.0
Purpose Specifies the additional products and services to be

installed on the server.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Installing Multiple Products on a Server

To install multiple products on a server, make sure that the
Novell:Products:1.0.0 key has multiple values, separated by commas as
shown in the example above.
Product Keys and Values

In addition to identifying the product in the Novell:Products:1.0.0 key, each
product has its own keys and values for the [Selected Nodes] section. These
keys and values for each product are listed below. We recommended that you
reuse a response file from a previous installation rather than attempting to type
these keys and values into the file. If you do not enter them exactly as shown,
the NetWare Installation will fail abruptly with no information to help you
troubleshoot the problem.
Novell Distributed Print Services (NDPS)

Novell:NDPS:2.0.0=Novell:NDPS Server Files:1.0.0,Novell:NDPS Resource
Files:1.0.0
Novell:NDPS Resource Files:1.0.0=Novell:NDPS Banner:1.0.0,Novell:NDPS
Font:1.0.0,Novell:NDPS Prndef:1.0.0,Novell:NDPS Prndrv:1.0.0
Novell:NDPS Prndrv:1.0.0=Novell:NDPS Prndrv W31:1.0.0,Novell:NDPS Prndrv
W95:1.0.0,Novell:NDPS Prndrv NT4:1.0.0
LDAP Services
Novell:SecuritySASModule:1.0.0=Novell:SASFiles:1.0.0
Novell:PKIModule:1.0.0=Novell:PKIFiles:1.0.0
NDS Catalog Services

Novell:IpCatalogService:1.0.0=Novell:DfgCatalogService:1.0.0
WAN Traffic Manager Services

Novell:IpWanmanService:1.0.0=Novell:DfgWanmanService:1.0.0
Secure Authentication Services

Novell:SecuritySASInstall:1.0.0=Novell:SecuritySASModule:1.0.0,Novell:PKIModu
le:1.0.0,Novell:NICIModule:1.0.0
Novell:SecuritySASModule:1.0.0=Novell:SASFiles:1.0.0

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Novell PKI Services

Novell:PKIInstall:1.0.0=Novell:PKIModule:1.0.0,Novell:NICIModule:1.0.0
Novell Internet Access Server

Novell:RAS:4.1.0=Novell:RAS Server
Files:1.0.0,Novell:SVCDEF_NODE:1.0.0,Novell:SupportedOS:1.0.0,Novell:UpgradeF
rom:1.0.0
Novell:RAS Server Files:1.0.0=Novell:RAS System Connect:1.0.0,Novell:RAS System
Connect Scripts:1.0.0,Novell:RAS Public:1.0.0
Storage Management Services

Novell:SMS:1.0.0=Novell:SMSFiles:1.0.0
Novell:SMSFiles:1.0.0=Novell:SMSSystemFiles:1.0.0,Novell:SMSPublicFiles:1.0.0
Novell DNS/DHCP Services
No additional keys and values are used for the installation of this service.
Additional Services
Two of the additional services available with NetWare, LDAP Services and
Novell® DNS/DHCP Services, have data input screens for their configuration.
These services have response file sections that must be included in addition to
the keys and values mentioned above.
NOTE: Be sure to use the proper case (upper or lower) when entering any of these
keys and values.
[LDAP] Section
prompt = <string>
Default (none)
Values true or false
Key Required Yes
Example prompt=false
Purpose Controls whether the LDAP configuration screen is

displayed.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
adminID = <string>
Default (none)
Key Required Yes
Example adminID=.CN=admin.O=install
Purpose Identifies the Admin name and NDS context; this should
correspond with the Admin Login Name and Admin Context
identified in the NWI:NDS section of the response file. Note
the case of the characters in the string.
installCatalog = <string>
Default (none)
Key Required Yes
Example installCatalog=false
Purpose Controls whether an LDAP catalog is installed.

Corresponds to the question: Enable use of LDAP
catalog?
useCatalogOnly = <string>
Default (none)
Key Required Yes
Example useCatalogOnly=false
Purpose Controls whether the LDAP catalog is used exclusively for

searching. Corresponds to the LDAP screen prompt:
Catalog Usage for Searching.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
[Novell:DNS_DHCP:1.0.0] Section
Prompt = <string>
Default None
Key Required Yes
Example Prompt=false
Purpose Controls whether the DNS/DHCP configuration screen is

displayed.
TreeName = <string>
Default (none)
Values (text)
Key Required Yes
Example TreeName=Novell
Purpose Specifies the NDS tree name in which DNS/DHCP

Services will be installed.
UserName = <string>
Default (none)
Key Required Yes
Example UserName=.CN=admin.O=install
Purpose Identifies the Admin name and NDS context; this should
correspond with the Admin Login Name and Admin
Context identified in the NWI:NDS section of the response
file. Note the case of the characters in the string.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
ExtendDNIPSchema = <string>
Default (none)
Key Required Yes
Example ExtendDNIPSchema=true
Purpose Controls whether the schema is extended for DNS/DHCP

Services. Note that this should be set to true.
LocatorNDSContext = <string>
Default (none)
Key Required Yes
Example LocatorNDSContext=O=install
Purpose Identifies the NDS context that the Locator Object is to be

installed into.
GroupNDSContext = <string>
Default (none)
Key Required Yes
Example GroupNDSContext=O=install
Purpose Identifies the NDS context that the Group Object is to be

installed into.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
RootSrvrNDSContext = <string>
Default (none)
Key Required Yes
Example RootSrvrNDSContext=O=install
Purpose Identifies the NDS context that the RootSrvr Zone is to

be installed into.
In addition to the DNS/DHCP keys identified above, there must also be a line
in the [Settings] section with the entry: Novell:DNS_DHCP:1.0.0=
CD Boot and the Response File

There are two options available for passing a response file into the NetWare
installation: using the /RF switch at the command line, or from the Install
Options screen.
If you start the install by booting directly to the NetWare CD, you cannot pass
in the response file automatically unless you have a RESPONSE.TXT file in
the C:\NWUPDATE directory. When the NetWare CD is booted, the startup
utility checks for a RESPONSE.TXT file in the C:\NWUPDATE directory. If
such a file exists, the installation program bypasses the DOS partitioning
utility and uses RESPONSE.TXT as the input response file.
Customizing the Installation Using Install Scripts

In NetWare, install scripts are supported by the NWCONFIG utility and the
NetWare installation system.
NOTE: For more information on using install scripts, see Automating the NetWare
Installation with a Response File (http://www.developer.novell.com/research/
appnotes/1998/december/a1frame.htm) and More About Automating the NetWare
Installation with a Response File (http://www.developer.novell.com/research/
appnotes/1999/february/a3frame.htm).

103-000143-001
August 30, 2001
Novell Confidential
There are two places in the NetWare installation where you can use install
scripts:
At the end of the preliminary file copy (just prior to the launching of the
graphical portion of the install). An install script executed here can be
used for copying files from the DOS partition to the SYS volume.
At the end of the NetWare installation. It is called right after you answer
AOK@ or ANo@ on the closing screen and before the install cleanup
process. This script is useful if you want to manage files and launch NLM
programs (for example, those that install other products) as part of the
NetWare installation.
The following response file syntax is used to run install scripts during the
NetWare installation:
[NWI:Install Script] Section
Script Location = <string>
Default None
Key Required No
Example Script Location = C:\NWUPDATE\PRECOPY.IC?
Purpose Identifies the filename and path of an Install Script that will
be executed at the end of the preliminary file copy (prior to
the launching of the graphical portion of the install).
NOTE: Usage of the ? wildcard in the extension of the

filename will suppress an error if the specified file does not
exist.

103-000143-001
August 30, 2001
Novell Confidential
Support Pack Script = <string>
Default Support Pack Script = C:\spack\silent.ics
Key Required No
Example If the support pack image is located on the C: drive, use this
path: Support Pack Script=c:\nw51sp1\spack.ips
e=c:\facterr.log s=c:\nw51sp1
If the support pack image is on a mounted CDROM, use this

path: Support Pack Script=NW51:\spack.ips e=c:\err.log
s=NW51:\
If the support pack image is on a remote server, use this

path: Support Pack script=prv-
athena\images:nw5\cobra\sp1 128.524\spack.ips
TRANSPORT=IPX u="SITESTER2"
a=01010155:000000000001:0451 DS
c="CN=SITESTER2.OU=INSTALL.OU=DEV.O=NOVELL"
z=PRV-ATHENA-TREE e=C:\err.log s=PRV-
ATHENA\IMAGES:NW5\COBRA\SP1 128.524
be executed at the end of the install.
Close Script = <string>
Default None
Key Required No
Example Script Location = SYS:\OTHER.ICS
be executed when the final screen of the NetWare server
installation is closed.
NOTE: This script is executed just prior to some

housekeeping that is done by the Close Screen routine.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Performing a Factory Install

A Factory Install can reduce the complexity and time spent on an installation.
Much of the hardware configuration and file copy is done in the Factory so
that you only need to use the graphical portion of the NetWare installation to
complete the on-site configuration. Because the network operating system
files are pre-copied to the server, installation time is reduced to a few minutes.
A Factory Install splits the installation of NetWare into two phases:
Phase 1 performs the disk detection, disk partitioning, volume SYS
creation, and file copy portions of the install. This phase is meant to be
performed in a factory or configuration center.
Phase 2 focuses on user configuration. It includes the setting of the server
name, protocol binding, creation of volumes other than SYS, and
configuration of time zone, NDS, licensing, and other products. This
phase is meant to be performed by the customer at the server’s permanent
location.
Once Phase 1 is completed, the machine should be rebooted or powered off.
When the machine is powered on and the server is started, the
AUTOEXEC.NCF file will launch Java* for Phase 2 of the installation.
A Factory Install is implemented with the response file sections below. A
default Factory Install response file can be created by combining the
FACTORY.TXT and RESPONSE.TXT files found in the \INSTALL directory
of the NetWare Operating System CD.
he Preinstall key of the [NWI:Factory] section is the primary key that directs
the NetWare Installation to perform a factory install. The Precopy key of the
other sections specifies whether the file group should be recopied during the
final file copy routine of the NetWare Installation. If Precopy=True, the files
will be verified, but not copied. The Installation will appear, however, as if it
is copying the files because you will see each file name displayed in the copy
status box.
NOTE: The NetWare CD must be inserted in Phase 2 of the Factory Install in order
to perform this file verification.
All other required keys for an automated install must also be included in the
response file. See “Performing a Fully Automated Installation” on page 78 for
more information.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
[NWI:Factory] Section
Preinstall = <string>
Default True
Key Required Yes
Example Preinstall = True
Purpose Controls whether the Factory Install option of the NetWare

installation is invoked. If Preinstall=True, the remaining keys
are checked.
Copy Products to SYS = <string>
Default False
Key Required No
Example Copy Products to SYS = True
Purpose Controls whether the products directory of the NetWare

Installation CD is copied to volume SYS so that products can
be selected and installed during Phase 2 without the need for
a NetWare Operating System CD.
Remove Directory = <local path>
Default (none)
Key Required No
Example Remove Directory = SYS:\PRODUCTS
Purpose Removes a directory from the system at the end of Phase 2.

103-000143-001
August 30, 2001
Novell Confidential
[Novell:StartupDirectory:1.0.0] Section
Precopy = <string>
Default True
Key Required No
Example Precopy = True
Purpose Controls whether the files in the \STARTUP\NLS directory of

the install image and destined for the
C:\Startup_Directory\NLS directory are copied in Phase 2. If
Precopy = True, the files are not copied again in the final file
copy routine.
[Novell:SYSDirectory:1.0.0] Section
Precopy = <string>
Default True
Key Required No
Purpose Controls whether the files in the \STARTUP\NLS directory

of the install image and destined for the
C:\Startup_Directory\NLS directory are copied in Phase 2.
If Precopy = True, the files are not copied again in the final
file copy routine.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
[Novell:ConfigDirectory:1.0.0] Section
Precopy = <string>
Default True
Key Required No
Purpose Controls whether the files in the \CONFIG directory of the

install image, destined for volume SYS, are copied in
Phase 2. If Precopy = True, the files are not copied again
in the final file copy routine.
[Novell:LANFiles:1.0.0] Section
Precopy = <string>
Default True
Key Required No
Purpose Controls whether the LAN files in the \DRIVERS\LAN

directory of the install image, destined for the
SYS:SYSTEM directory, are copied in Phase 2. If Precopy
= True, the files are not copied again in the final file copy
routine.

103-000143-001
August 30, 2001
Novell Confidential
[Novell:SBDFiles:1.0.0] Section
Precopy = <string>
Default True
Key Required No
Purpose Controls whether the files in the \DRIVERS\SBD directory

of the install image, destined for the SYS:SYSTEM
directory, are copied in Phase 2. If Precopy = True, the files
are not copied again in the final file copy routine.
[Novell:portalzip:1.0.0] Section
Precopy = <string>
Default True
Key Required No
Purpose Controls whether the files in the zip file destined for volume
SYS are copied in Phase 2. If Precopy = True, the files are
not copied again in the final file copy routine.

103-000143-001
August 30, 2001
Novell Confidential
[Novell:Rconjzip:1.0.0] Section
Precopy = <string>
Default True
Key Required No
Purpose Controls whether the files in the zip file, destined for
volume SYS, are copied in Phase 2. If Precopy = True, the
files are not copied again in the final file copy routine.
[Novell:Perl5zip:1.0.0] Section
Precopy = <string>
Default True
Key Required No
Purpose Controls whether the files in the zip file, destined for volume
SYS, are copied in Phase 2. If Precopy = True, the files are

103-000143-001
August 30, 2001
Novell Confidential
[Novell:beanszip:1.0.0] Section
Precopy = <string>
Default True
Key Required No
[Novell:nscriptzip:1.0.0] Section
Precopy = <string>
Default True
Key Required No

103-000143-001
August 30, 2001
Novell Confidential
[Novell:scripteszip:1.0.0] Section
Precopy = <string>
Default True
Key Required No
[Novell:console1zip:1.0.0] Section
Precopy = <string>
Default True
Key Required No

103-000143-001
August 30, 2001
Novell Confidential
[Novell:ldapzip:1.0.0] Section
Precopy = <string>
Default True
Key Required No
[Novell:wanmanzip:1.0.0] Section
Precopy = <string>
Default True
Key Required No

103-000143-001
August 30, 2001
Novell Confidential
Install Command Line Options

The following command line options that can be used when initiating the
installation executable.
/SERVER_LOG = <string>
Default (none)
Key Required No
Example Install /LOG=C:\TMP\ERROR.LOG
Purpose Designates where an installation log file will be created.
/IIPX <decimal number> or /SERVER_ID <hexadecimal number>
Default (none)
Values 1 - FFFFFFFF
Key Required No
Example Install /IIPX 38483933 or Install\SERVER_ID

38483933
Purpose Allows a specific internal net address to be used for the

server being installed.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000143-001
August 30, 2001
Novell Confidential
3 Installation Scripts for NetWare
WARNING: This document describes software that is subject to change. Novell®

intends to keep it as current as possible, but the user must assume any inherent
risk in developing or maintaining code based on the information in this document.
Novell may discontinue or decline to support any software feature described within
this document at any time.
This chapter describes the installation script support for NetWare®. NetWare
installation scripts let you:
Alter or extend the NetWare pre-packaged installation process.
Install additional products or services onto a NetWare server after the
operating system has been installed.
Using NetWare Installation Scripts

NetWare installation scripts in NetWare 6 are processed by the
NWCONFIG.NLM program.
NOTE: NetWare 4 uses INSTALL.NLM to process script commands.
Script Files
Script files are ASCII text files. They can have any eight-character name with
one of the following extensions:
Extension Type of File
.IPS Individual product installation
.ICS Common functionality between scripts or non-language

specific scripts
.ILS Language-specific functionality
Installation Scripts for NetWare 101

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Launching a Script File

1 At the server console, enter NWCONFIG.NLM.
2 Click Products Options on the Configuration Options screen.
3 Click Other Installation Actions menu > Install a product not listed.
4 Press F3, and then specify the directory path to the script file.
The directory path is first checked for an .IPS file. If only one .IPS file exists,
it is executed. If more than one exists, only the first one found is executed. If
there is no .IPS file, PINSTALL.NLM will be loaded and executed. The first
@Other...@EndOther descriptor found in the .IPS file is displayed so that you
can confirm the product being installed.
The NetWare install program also loads any file that contains the command
line parameter “B=”. For example, a script can be launched by entering LOAD
NWCONFIG b=A:\myscript.IPS (where myscript stands for the name
of your .IPS file).
Using a Script with NetWare 6

There are two points in the installation where scripts can be launched:
At the end of the preliminary file copy just prior to the launching of the
graphical portion of the installation.
At the end of the installation.
See Using a Response File with NetWare for more information.
The NetWare installation program uses one installation script
(NETWARE.ILS) during the text-based file copy. You can modify this script
file to copy additional files or launch additional processes, but we do not
recommend it.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Descriptors and Commands

This section describes the descriptors and commands found in
NETMAIN.ILS and other installation script files. The product installation
script files you write contain the same types of descriptors and commands as
those in NETMAIN.ILS.
A descriptor is a keyword preceded by the @ character. The installation NLM
scans the descriptors and uses them to build linked lists and menus in memory.
Descriptors
Describe a configuration or presentation, but do not specify a procedure
or order.
Are typically block-oriented (with an @Command and an
@EndCommand statement), although some are single-line.
Are declarative in nature.
Cannot be nested.
A command is a keyword not preceded by the @ character. Commands are
Procedural, describing the method and order of installation (creating
directories, copying files, etc.).
Usually grouped within an @FileSet...@EndFileSet descriptor block
(although they can also exist independently).
Executed in order, according to the script file.
Script files can be natural-language-enabled by using text within double
quotes (in-line text). Such text is designated for language translation,
including text that will be displayed in menu items, help text, etc.
Syntax Conventions
Commands and arguments are not case-sensitive, but prompt strings are.
A script parser recognizes the following special characters:
= {} () , : - ; > < ! []
If a special character is used within a name, the entire name must be
surrounded by double or single quotation marks.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
ANSI escape sequences are recognized by the parser within double or

single quotes. For example, '\\', "\n", and '\t' represent a backslash, a new
line, and a tab, respectively.
A NULL character (ASCII value 0) is not allowed anywhere in the file.
Comments
Syntax
; <text>
Description
A comment (semicolon followed by text) exists for documentation purposes

only—it does not invoke a script file operation. Comment characters through
the end of a line are read and discarded.
Example
; THIS IS A COMMENT
Descriptors
@CDName
Syntax
@CDName <name>
Description
@CDName specifies the name of the CD-ROM volume being installed. This
name is passed to CDROM.NLM in a MOUNT command (CD MOUNT
<name>) to mount the CD-ROM as a NetWare volume. This descriptor should
only be used in a script on a CD-ROM. It should not be used in a diskette drive
installation script. Copy CDROM.NLM to the STARTUP directory as
specified in the BOOT fileset.
Example
@CDName NETWARE5
The installation will use the string NETWARE5 when trying to mount the
CD-ROM as a NetWare volume. After successfully loading CDROM.NLM, it
will issue CD MOUNT NETWARE5 at the system console.

103-000143-001
August 30, 2001
Novell Confidential
@DeletePartition
Syntax
@DeletePartition <comma-separated list of partition types>
Description
@DeletePartition deletes the existing partitions that you specify. In contrast,

the installation NLM’s automatic partition creation deletes (by default)
existing partitions of the first two types listed below. In both cases, all active
partitions are left untouched.
Partition Type Description Deleted?
64 NetWare 286 Yes
65 NetWare 386 Yes
01 DOS, 12-bit FAT No
04 DOS, 16-bit FAT No
05 Extended partition No
06 DOS Huge partition No
If any of these partitions should not be deleted, or if additional partitions need

to be added, use @DeletePartition to replace the list.
Example
If the following appears in NETMAIN.ILS, only NetWare 386 partitions are

eligible for deletion:
@DeletePartition 65

103-000143-001
August 30, 2001
Novell Confidential
@Driver
@EndDriver
Syntax
@Driver
Help: “Help description for finding drivers”
[Dir: <DSK | LAN>, <subdirectory name>, <vol label>,
<disk description>]
[Dir: <DSK | LAN>, <subdirectory name>, <vol label>,
<disk description>]
...
@EndDriver
Description
@Driver specifies help for finding drivers in maintenance-mode installations,

or finding disks and directories that contains drivers. <subdirectory name>
specifies the directory to read. For floppy or network installations, the
subdirectory will typically be NULL. For a CD-ROM, the subdirectory will
usually be the common directory where drivers are found. <vol label> is the
corresponding media volume name, and <disk description> specifies the
printed name on the media that contains the included file. Use @Driver in the
NETMAIN.ICS file.
Variable Description
<subdirectory name> Specifies the directory to read. For floppy or network

installations, the subdirectory is typically NULL. For a
CD-ROM, the subdirectory is usually the common
directory where drivers are found.
<vol label> Specifies the name of the corresponding media volume.
<disk description> Specifies the printed name on the media that contains
the include file.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Example
@Driver
Help: “If installing from a floppy, disk drivers will be
on disk NetWare-2 and LAN drivers will be on disk
NetWare-3. If installing from CDROM, all drivers will be
in the directory <cdrom drive>:\NW40\SERVER\DRIVERS.”
Dir: DDSK, '', 'NETWARE-2', 'NetWare-2'
Dir: LAN, '', 'NETWARE-3', 'NetWare-3'
@EndDriver
Disk NetWare-2 will be scanned for .DSK and .DDI files; disk NetWare-3 will
be scanned for .LAN and .LDI files.
@FileSet
@EndFileSet
Syntax
@FileSet
Description: “...[fileset description]...”
Class: {MANDATORY | CORE | OPTIONAL | OPTIONAL_OFF |
BOOT}
Name: <text name - no spaces allowed>
Bytes: <total transfer size for this fileset>
[DiskBytes: <total disk space for this fileset>]
[Attribute: <attribute1>, <attribute2>]
[Flags: <flags>]
<fileset commands...See “Syntax” on page 104.>
@EndFileSet
Description
@FileSet specifies a logically similar group of files to be copied and the

necessary commands for copying and installing those files.
The Description and DiskBytes information for OPTIONAL and
OPTIONAL_OFF classes of filesets is displayed in a menu before copying.
The description for all filesets are displayed during the file copy. Bytes are
used to update a status bar representing the total bytes to copy for all selected
filesets, which is used in displaying the status bar.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Class specifies how the fileset will be used:
File Action
MANDATORY Always executed.
CORE Always copied in a sequential install, but optionally

copied in the selective install/maintain mode.
OPTIONAL Displayed to the user for selection. They are defaulted

to on (selected for copy).
OPTIONAL_OFF Displayed for the user to choose, but are defaulted to

off.
BOOT Copied, depending on the kind of installation and

whether the server was launched from the directory
that the user is installing to.
For all classes, as the files are copied, the file group status is also displayed,
including the file being copied and the percent of all the filesets that have been
completed.
Name is used to relate logical filesets together, even when they are declared in
different included files. If multiple filesets exist with the same logical name,
there can be only one description and one class for all of them. For example,
if multiple filesets with the name OS2 are declared, and the class is
OPTIONAL, only one description entry for the OS2 files is presented for the
user to select. If the user selects it, all filesets with the name OS2 are copied.
BOOT files are files such as SERVER.EXE, SERVER.MSG,
NWCONFIG.NLM, NWCONFIG.MSG, NUT.NLM, and NUT.MSG. The
BOOT filesets are for internal use only: product files should not have any
BOOT fileset declarations. Boot files cannot be compressed or renamed.
Attribute value indicates the final file attributes.The default value for
attribute1 is 00060081 (Read Only, Shareable, Rename Inhibit, Delete
Inhibit).

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
For a DOS file:
Attribute1 Meaning
00000001 Read Only
00000002 Hidden
00000004 System
00000008 Volume Label
For a NetWare file:
Attribute1 Meaning
00000001 Read Only
00000002 Hidden
00000004 System
00000008 Execute
00000010 Subdirectory
00000020 Archive
00000080 Shareable
00000700 Smode
00001000 Transaction
00004000 Read Audit
00008000 Write Audit
00010000 Immediate Purge
00020000 Rename Inhibit
00040000 Delete Inhibit
00080000 Copy Inhibit

103-000143-001
August 30, 2001
Novell Confidential
The meaning for Attribute2 is 00000001 (do not decompress or process file).
The default for Attribute2 is zero, which should be used in all usual
circumstances.
Flag Meaning
00000001 Do only for a custom install.
00000002 Do in first-phase copy (bit reset = second-phase).
00000004 Do only if NetWare for OS/2*.
00000008 Do only if native (not SFT IIITM or NetWare for OS/2).
00000010 Do only if SFT III.
00000020 Do only for a simplified installation.
00000040 Do only for maintenance mode.
00000080 Do only for upgrade.
00000100 Do only if installing from front end (NWNSTLL.EXE).
00000200 Do only if not installing from front end

(NWNSTLL.EXE).
Example
@FileSet
Class: CORE
Name: SYSTEM_FILES
Description: “System Files”
Bytes: 10192463
CopyToServer 'SYSTEM', '*.*', 'SYSTEM-1', “NetWare
System-1 Files”
@EndFileSet
In this example, *.* files are copied from volume SYSTEM-1:, and the
percent of complete status for this fileset is displayed during copying.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
@IncludeFile
@EndIncludeFile
Syntax
@IncludeFile
File: <filename>
[DiskDescription: “...[disk description]...”]
[DiskVolume: 11 char vol name>]
@EndIncludeFile
Description
@IncludeFile specifies a file (<filename>) with additional commands to parse

and execute. DiskDescription specifies the printed name on the media that
shows where the include file is located; DiskVolume is the corresponding
media volume name.
The command file's directory is searched first. If the include file is not there,
the specified disk volume is checked. If <filename> is a <path>\<file>
combination, the command file directory is checked first for <file>, then the
disk volume at the <path> offset is checked. If <file> includes wildcard
characters, all files matching the pattern are included. If the filename has
wildcards but no files match, none are included, and no error results. If the
filename does not have wildcards, and the file is not present, an error occurs.
If the filename is in single quotes and contains %{NWLANG},
%{NWLANG} is replaced by the language number (4=English).
Example
For the NETMAIN.ILS file, where NETMAIN.ICS is not in the same

directory as NETMAIN.ILS:
@IncludeFile
File: NETMAIN.ICS
DiskDescription: '[1]'
DiskVolume: SYSTEM-1
@EndIncludeFile
The file is parsed just after the @EndIncludeFile statement. If the installation
cannot find NETMAIN.ICS in the directory where NETMAIN.ILS is, it
prompts for the CD, then reads and parses NETMAIN.ICS from the CD.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
@MessageFile
@EndMessageFile
Syntax
@MessageFile
File: <filename>
[Version: <message file version number>]
@EndMessageFile
Description
@MessageFile specifies a file, usually with the extension .MSG, containing

message strings. It is typically located in the same directory as the script file
or in an NLS subdirectory. When <message file version number> name
variables are encountered when the remainder of the script file is parsed
(including @Include files), the symbols are substituted with definitions from
the message file.
The search order of message files is:
1. The current directory.
2. The NLS directory corresponding to the current language.
3. The default definitions of <message file version number> “string.”
The Version number is eventually used to synchronize the script file with the
messages. If no version is specified, version checking is not performed.
Currently, no version checking is performed, regardless of whether the
@Version descriptor is present.
Example
Using the NETMAIN.ILS file (in the same directory as NETMAIN.MSG):

@MessageFile
File: NETMAIN.MSG
@EndMessageFile
NETMAIN.MSG is read into memory and used to dereference <message file

version number> strings.

103-000143-001
August 30, 2001
Novell Confidential
@StartAppObject
@EndAppObject
Syntax
@StartAppObject
AppPlatform: <Supported Platforms>
AppName: <Name of the object to create>
AppPath: <UNC Path to the executable>
[AppDescription: “...Text...”]
[AppContact: <List of contacts>]
[AppMapping: <List of drive mappings>]
[AppFlags: <>]
[AppIcon: <Filename of Icon>]
[AppCaption: “...Text...”]
[AppParameters: <List of Parameters for AppPath>]
[AppPrinter: <Printer Ports>]
[AppShutdownScript: <Filename of Script>]
[AppStartupScript: <Filename of Script>]
[AppWorkingDir: <Startup directory for App>]
[AppUser: <List of users>]
[AppAdminNotes: “...Text...”]
[AppFaultTolerance: <List of fallover apps>]
[AppLoadBalancing: <List of load balancing apps>]
@EndAppObject
Description
Use @StartAppObject to create NDS objects for use with the Novell®
Application LauncherTM (NAL) product. It is used with NetWare for Small
Business.
AppPlatform The list of supported platforms the Application object can

run on.
AppName The NDS name of the object as viewed in NetWare

Administrator.
AppPath The UNC path and filename of the executable to be

launched by the object.
AppDescription The description that shows on Novell Application

Launcher.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
AppContact The list of usernames to contact for resolving issues with

the Application object.
AppMapping A list of drive mappings that are made for the application
to run correctly.
AppIcon The filename and location of the applications icon.
AppWorkingDir The startup directory for the application.
AppUser A list of users authorized to run the application.
Example
@StartAppObject
AppPlatform: 3x 95 NT
AppName: “Netscape Install”
AppPath: “SYS\\PUBLIC\\NETSCAPE\\NTSCINST.EXE”
AppCaption: “Netscape Install”
AppDescription: “Install the Netscape Internet browser”
AppContacts: admin
AppFlags: “No Cleanup”
AppIcon: “sys:public\\netscape\\netscape.ico”
AppWorkingDir: “sys\\public\\netscape”
AppUsers: “All Users” Action Standard Desktop
@EndAppObject
This example creates an NDS Application object named Netscape* Install.

When NAL is run, this object will let the user install it to their desktop.
@Other
@EndOther
Syntax
@Other
Description: “...[text]...”
[DiskDescription: “...[disk description]...”]
[DiskVolume: <11 char vol name>]
[File: <filename>]
[Flags: <flags>]
@EndOther

103-000143-001
August 30, 2001
Novell Confidential
Description
Description is the menu description displayed for the @Other configuration

option. This label must be first in the set of labels for a particular @Other
option.
File specifies the *.IPS file to execute, or the NLM to load to install the
@Other option.
DiskDescription is the prompt name that will be displayed to the user to
prompt for another diskette.
DiskVolume is the volume name for the disk specified in DiskDescription. If
the DiskVolume label is present, the user is prompted for the specific volume
using DiskDescription from drive A: (the user can change the drive). This
continues until the file is found or the user cancels. If no DiskVolume is
present, Install prompts for another diskette in drive A: and continues until the
file is found (if File is present) or the user cancels. If File is not specified,
installation looks for any *.IPS or PINSTALL.NLM files.
Flag Meaning
00000001 Load product environment (clib, btrieve, product.dat).
00000002 Product included in product box (NETMAIN.ILS

description).
00000004 Display product should be displayed in simplified

installation.
00000008 Display product only in simplified installation.
00000010 Display product only in maintenance installation.
00000020 Display product only in upgrade.
00000040 Display product only in NetWare for OS/2 install.
00000080 Display product only in native installation.
00000100 Display product only in SFT III installation.
00000200 Display product only if started from front end

(NWNSTLL.EXE).
00000400 Display product only if not started from front end

(NWNSTLL.EXE).

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
If the other filename extension is .IPS, the file is assumed to be a script and is
interpreted. If the other filename extension is .NLM, the file is loaded and
executed as an NLM.
Example
@Other
Description: “Install NetWare for Macintosh”
DiskDescription: 'NWM System 1'
DiskVolume: 'MAC-1'
File: PINSTALL.NLM
Description: “Install TCP/IP Protocol”

DiskDescription: 'TCPIP System 2'
DiskVolume: 'TCPIP-2'
File: TCPIP.IPS
@EndOther
The Install NetWare for Macintosh* and Install TCP/IP Protocol menu items
are displayed. If NetWare for Macintosh is selected, the user is prompted for
the NWM System 1 CD, then PINSTALL.NLM on volume MAC-1: is
executed. If TCP/IP is selected, the user is prompted for the TCPIP System 2
CD, then the command file TCPIP.IPS is interpreted.
@SyntaxVersion
Syntax
@SyntaxVersion <major version>.<minor version>
Description
The SyntaxVersion string represents the version of the script file parser. The
SyntaxVersion string should be present for all script files, and the syntax
version of the parser must match that of the file.
Example
@SyntaxVersion 1.02
The internal syntax string in the installation utility will be compared with this
string. If they do not match, the installation will prompt for a different file. All
included scripts with a @SyntaxVersion descriptor will be checked for
matching version strings (see “@IncludeFile @EndIncludeFile” on page 111).

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
@StartSchemaMod
@EndStartSchemaMod
Syntax
@StartSchemaMod
SchemaFileName: <Filename>, <Description>
@EndSchemaMod
Description
@StartSchemaMod lets NDS schemas be extended through installation

scripts.
SchemaFileName specifies the filename for the schema file, along with a
Description for displaying to the screen during the modification.
Example
@StartSchemaMod
SchemaFileName: “sys:\\system\\schema\\nwadmin.sch”,
“NetWare Administrator”
@EndSchemaMod
In this example, the NWADMIN.SCH file extends the NDS schema and
displays “NetWare Administrator” on the screen during the installation of
Directory Services.
@TimeZone
@EndTimeZone
Syntax
@TimeZone
Description: <tz description>
Standard: <tz abb.>, <tz adj.>
[Daylight: <dst abb.>, <dst adj.>]
[DSTStart: <start rule>, <seq number>, <day number>,
<weekday number>, <month number>, <time>]
[DSTEnd: <end rule>, <seq number>, <day number>,
<weekday number>, <month number>, <time>]
@EndTimeZone
Description
Description specifies a time zone description to be displayed to the user during

time services installation.

103-000143-001
August 30, 2001
Novell Confidential
Standard specifies information to be displayed to the user once the time zone
has been selected. This includes the time zone abbreviation and the adjust +/-
x:xx:xx from GMT (Greenwich Mean Time) or UTC (Universal Coordinated
Time).
If Daylight exists, it specifies that daylight savings time exists for part of the
year. It also specifies the daylight abbreviation, and the adjust +/-x:xx:xx from
standard time.
DSTStart and DSTEnd specify the rule (w for weekday of month or d for day
of month), the sequence number (1-relative), day number (1-relative),
weekday number (1-relative), month number (1-relative), and time on a 24-
hour clock for daylight savings time.
Sequence number means:
1 First (ignore day number)
2 Second (ignore day number)
3 Third (ignore day number)
4 Fourth (ignore day number)
5 Fifth (ignore day number)
6 Last (ignore day number)
7 >= day number
8 <= day number
Example
@TimeZone
Description: “United States, Mountain Time Zone”,
Standard: “MST”, '7:00'
Daylight: “MDT”, '+1:00'
DSTStart: w, 1, 1, 1, 4, '2:00'
DSTEnd: w, 6, 1, 1, 10, '2:00'
Description: “United States, Central Time Zone”,

Standard: “CST”, '6:00'
Daylight: “CDT”, '+1:00'
DSTStart: w, 1, 1, 1, 4, '2:00'
DSTEnd: w, 6, 1, 1, 10, '2:00'
@EndTimeZone

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Two time zone descriptions are displayed. When one is selected, the time
parameters are filled in according to the above information, and the user can
verify or edit them.
@TranslateModule
@EndTranslateModule
Syntax
@TranslateModule
<old driver name1>,<new driver name1>,
<old driver name2>,<new driver name2>,
...
@EndTrandlateModuel
Description
@TranslateModule is used internally by NETMAIN.ILS. It specifies that a

disk or LAN driver name has been changed for the previous release. The name
will be changed in the STARTUP.NCF or AUTOEXEC.NCF file during an
upgrade.
@Version
Syntax
@Version <major version>.<minor version>
Description
The @Version string represents the version of the script file (and its
corresponding script data). For the NETMAIN.ILS script file, @Version must
be greater than or equal to the expected version of the installation NLM. If any
included script files contain version numbers, all the numbers must match.
@Version should be incremented each time a new script is released.
In product scripts, the version string is entirely optional. A version string in a
product script is not compared with the installation NLM, but all included
product scripts must have matching version strings.
Example
@Version 1.01
The version string in the installation is compared with this version string. If
they do not match, the installation prompts for a different file. All included
scripts with a @Version descriptor will be checked for matching version
strings (see “@IncludeFile @EndIncludeFile” on page 111).

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Commands
Command
Syntax
Command <command handler name>
Description
Command specifies the name of an optional command handler for commands

not included in this file. The command handler name must be eight characters
or less and correspond to the name of an NLM that exports external command
entry points.
Example
Command ICMD.NLM
ICMD.NLM provides external command support (see “External Command

Syntax” on page 126). It supports the command syntax described in this
document, plus additional commands.
CopyDriverToServer
Syntax
CopyDriverToServer <target_directory_path>, <file_spec>,
<source_volume>, <source_description>
Description
CopyDriverToServer replaces driver files in <target_directory_path> with

new driver files. The source files are assumed to be those on the distribution
CD (which might have been copied to a user-specified directory).
<file_spec> is the name of the file to be copied, and can be of the form *.LAN,
*.DSK, <directory>/*.LAN or <directory>/*.DSK. <source_volume>
specifies the name of a diskette volume label and <source_description>
specifies the string used to prompt for the diskettes. If the installation source
is a CD-ROM or network drive, <source_volume> and <source_description>
are ignored (although these fields must be present in the command).

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Example
CopyDriverToServer SYSTEM, '*.LAN', 'NETWARE-3', “NetWare
diskette [3]”
The *.LAN files are copied to the SYS:SYSTEM directory.
CopyDriverToStartup
Syntax
CopyDriverToStartup <file_spec>, <source_volume>,
<source_description>
Description
CopyDriverToStartup replaces driver files in the startup or boot directory

(where STARTUP.NCF is) with new driver files. The source files are assumed
to be those on the distribution CD (which might have been copied to a user-
specified directory). <file_spec> names the files to be copied, and can be
*.LAN, *.DSK, <directory>/*.LAN or <directory>/*.DSK.
<source_volume> specifies the name of a diskette volume label and
<source_description> specifies the string used to prompt for the diskette. If
the installation source is a CD or network drive, <source_volume> and
<source_description> will be ignored (although these fields must be present
in the command).
Example
CopyDriverToStartup '*.LAN', 'NETWARE-3', “NetWare
diskette [3]”
The *.LAN files are copied to the user-designated DOS startup directory
where the server boot files reside.
CopyToServer
Syntax
CopyToServer <target_directory_path>, <file_spec>,
<source_volume>, <source_description>
Description
CopyToServer specifies a file (or a group of files using wildcards) to copy to

the system volume of the server.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
<target_directory_path> is a directory path relative to SYS: where the files

will be copied. <file_spec> names the files to be copied; it might be in the
“directory/file” form to copy files from a subdirectory. <source_volume>
specifies the name of a diskette volume label and <source_description>
specifies the string used to prompt for the diskettes. If the installation source
is a CD-ROM or network drive, the <source_volume> and
<source_description> fields are ignored (although these fields must be
present in the command).
Example
CopyToServer 'SYSTEM', '*.*', 'SYSTEM-2', “NetWare
diskette [4]”
Files matching the DOS file specification (including DOS wildcard names)
are copied from the volume SYSTEM-2 (or from a user-specified hard disk or
network directory) to directory SYS:SYSTEM. If the volume SYSTEM-2 is
not present, the user will be prompted to insert the NetWare CD.
CopyToStartup
Syntax
CopyToStartup <file_spec>, <source_volume>,
<source_description>
Description
CopyToStartup copies files to the startup or boot directory (where

STARTUP.NCF is). The source files are assumed to be those on the
distribution diskettes (which might have been copied to a user-specified
directory).
<file_spec> names the files to be copied. To copy files from a subdirectory,
<file_spec> can be of the form “directory/file”. <source_volume> specifies
the name of a diskette volume label and <source_description> specifies the
string used to prompt for the diskettes. If the installation source is a CD or
network drive, <source_volume> and <source_description> are ignored
(although these fields must be present in the command).
Example
CopyToStartup 'SERVER.EXE', 'SYSTEM-3', “NetWare diskette
[3]”
SERVER.EXE is copied to the user-designated DOS startup directory where

the server boot files will reside.

103-000143-001
August 30, 2001
Novell Confidential
Exec
Syntax
Exec <filename>
Description
Exec issues the operating system command LOAD <filename>, pauses until
the child NLM unloads, then continues executing. To load from other
subdirectories of the system volume besides \SYSTEM, specify a filename
(SYS:/<directory>/<file> and <directory>/<file>).
Example
Exec MY.NLM
MY.NLM will be loaded and executed. Exec will follow the normal NLM
search path to find MY.NLM. Control will return to the installation after Exec
exits and unloads.
ProductRecord
Syntax
ProductRecord <product ID (string)>, <record type>, <record
data>
Description
ProductRecord creates a record in the product database with the ID string

<product ID> and the record type and data indicated.
Record Type Data
0 Version string (10 char max)
1 Product description (60 char max)
[2] Configuration NLM command line(255 char max)
[3] Configuration text file specification (255 char max)
[4] Un-install NLM command line (255 char max)
[5] Delete AUTOEXEC line (255 char max)

103-000143-001
August 30, 2001
Novell Confidential
Record Type Data
[6] Delete STARTUP line (255 char max)
[7] Delete file line (255 char max)
Example
ProductRecord MYPROD, 1, “Description for my product”
This creates a product description record for MYPROD with the quoted
description.
RegisterLanguage
Syntax
RegisterLanguage <language ID>, <language name>
Description
RegisterLanguage renames <language ID> to the respective name <language

name>. This exists typically to allow non-standard languages to be registered
when they are installed.
Example
RegisterLanguage 17, TURKISH
This command aliases TURKISH to ID 17.
SaveLanguageFile
Syntax
SaveLanguageFile <file>
Description
SaveLanguageFile copies <file> in the DOS startup directory to the directory

indicated by the old language ID <startup directory>/<old language ID>. This
might involve creating a new directory. If the directory path for the new file
does not exist, it will be created.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Example
SaveLanguageFile SERVER.MSG
If the current language ID is 4, SERVER.MSG in the DOS startup directory

(BOOT directory) is copied to the subdirectory 4 in the DOS startup directory.
Spawn
Syntax
Spawn <file name>
Description
Spawn issues the operating system command LOAD <file_name>, then the
installation continues to execute. See “Exec” on page 123.
Example
Spawn MY.NLM
The MY.NLM file is loaded and executed. Spawn follows the normal NLM
search path to find MY.NLM. The installation and the child NLM both
execute, sharing the CPU through context switches.
External Commands
This section describes commands provided by ICMD.NLM, a companion to
the NetWare Installation NLMs (INSTALL.NLM and NWCONFIG.NLM).
See “NetWare Installation Command Version Availability” on page 161 for a
table showing the ICMD versions that support these commands.
Version 2.10 External Command Compatibility

If you intend to use ICMD.NLM 2.18 or greater, do not copy this new version
to SYS:SYSTEM. Instead, copy it to a different directory and load it from
there.
For example, the script commands below will copy ICMD.NLM to a
temporary directory and load from there.
CopyToServer SYSTEM\TMP, ICMD.NLM, ““, ““
Command TMP\ICMD

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Using this method ensures that the ICMD.NLM version in SYS:SYSTEM is

the actual 4.10 version and that all built-in products that use it will work
properly. The new ICMD.NLM might still be fully backward-compatible, but
it has not yet been fully tested in that regard.
External Command Syntax

To use any of the external commands made available by the ICMD.NLM
command handler, include the statement command [<filepath>] ICMD in the
script file. Use CopyToServer to copy ICMD.NLM to a temporary directory
(for example, SYS:SYSTEM\TEMP), then use command to run it from there
(for example, command SYS:SYSTEM\TEMP\ICMD). This removes any
compatibility problems associated with using the standard ICMD.NLM in
SYS:SYSTEM. You can create then add additional commands to your own
version of ICMD.NLM (after you rename the file) to perform application-
specific functions.
Commands
Activate
Syntax
Activate
Description
Activate causes the installation screen to be activated.
Example
Activate
The installation screen will be displayed for further script processing.
AppendFile
Syntax
AppendFile <src var name>, <src file spec>, <src vol name>,
<src descr>, <dest var name>, <dest dir>, <dest vol name>,
<dest descr>

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Description
AppendFile appends the contents of the source file onto the destination file. It
creates a temporary file that is as large as the destination file, then renames that
file to the destination file. Wildcard characters for <src file spec> are not
allowed.
Example
AppendFile input, file1, 'NETWARE-1', “NW [1]”, output,
file2, '', ''
The user is prompted for diskette NW [1], which is verified by checking for
volume label NETWARE-1. The FILE1 on that diskette is appended to FILE2
in the directory corresponding to output.
AppendTextToFile
Syntax
AppendTextToFile <src var name>, <src file spec>, <src vol
name>, <src descr, <text>
Description
AppendTextToFile appends the contents of the literal text onto the destination
file. It also places a date timestamp with every entry. Wildcard characters for
<src file spec> are not allowed.
If the file is found, the value of variable NWSTATUS will be zero; otherwise
it will be non-zero.
Example
AppendTextToFile input, file1, ‘NETWARE-1’, “NW[1]”,
‘Installation Complete’
The user is prompted for disk NW[1], which is verified by checking for
volume label NETWARE-1. The FILE1 on that disk will be appended to
FILE2 in the directory corresponding to the output.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
CheckFile
Syntax
CheckFile <var name>, <file spec>, <vol name>, <description>
Description
CheckFile checks for the existence of <file spec> at a path determined by the
value of <var name>. If the path is a floppy, and <vol name> is non-null (not
''), the user will be prompted for disk <description> if it is not already in the
drive.
If the file is found, the value of variable NWSTATUS will be zero; otherwise
it will be non-zero.
Example
CheckFile NWSRC, file1.dat, '', ''
GotoIfNEqual '%{NWSTATUS}', 0, FileNotFound
File found
.
.
Label FileNotFound
In this example, a check is made for a file (FILE1.DAT). If the file is found at
the path determined by NWSRC, execution continues on the next line. If the
file is not found, control branches to label FileNotFound.
Config
Syntax
Config <flag>
Description
Config creates a configuration file with available default information from the
installation. If <flag> is 1, AUTOEXEC.NCF is created on SYS:SYSTEM; if
0, STARTUP.NCF is created in the server boot path.
Example
Config 1
This command creates AUTOEXEC.NCF, with server name, internal net

address, configured LAN driver load and bind commands, directory service

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
and time services information. The existing AUTOEXEC.NCF on

SYS:SYSTEM is overwritten.
Console
Syntax
Console <text>, <delay in seconds>
Description
Console enters the text on the system console screen and delays <delay in
seconds> before returning control back to the calling process. Because the
system installation process executes in a different thread from the console, it
is possible that the next command might finish before this Console command
does. If the delay is set at -1, Console will delay until the system console
screen has processed all the commands in its buffer.
Example
Console 'load ne2000 frame=ethernet_802.3 int=3 port=300',
10
Console 'bind ipx to ne2000 net=1240000', 3
These commands load and bind an NE2000TM driver to IPXTM.
CopyFile
Syntax
CopyFile <recurse flag>, <directory flag>, <empty flag>,
<attribute flag>, <attributes>, <src var name>, <src file
spec>, <src vol name>, <src descr>, <dest var name>, <dest
dir>, <dest vol name>, <dest descr>, [<conditional copy flag>]
Description
CopyFile copies files (wildcards are allowed in <src file spec>) from the
source path to the destination path.
<recurse flag> (0|1)
Value Description
0 Do not copy subdirectories recursively.
1 Copy subdirectories recursively.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
<directory flag> (0|1|2|3)
Value Description
0 Source is a file.
1 Source (including <src file spec>) is a directory; copy directory contents

to destination.
2 Source and the destination are files (file-to-file copy). <recurse flag>
must be 0 if <directory flag> is 2
3 Source (including <src file spec>) is a directory; copy directory contents

to destination only if that directory already exists on the destination.
<empty flag> (0|1)
Value Description
0 No error if no files are found.
1 Error if no files are found.
<attribute flag> (0|1|2)
Value Description
0 Use the default file set attributes.
1 Use the source file's attributes.
2 Use the attribute specified by <attributes> (must be used to copy to DOS

drive).

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
<attributes>
For a DOS file:
Attribute Meaning
00000001 Read Only
00000002 Hidden
00000004 System
00000008 Volume Label
For a NetWare file:
Attribute Meaning
00000001 Read Only
00000002 Hidden
00000004 System
00000008 Execute
00000010 Subdirectory
00000020 Archive
00000080 Shareable
00000700 Smode
00001000 Transaction
00004000 Read Audit
00008000 Write Audit
00010000 Immediate Purge
00020000 Rename Inhibit
00040000 Delete Inhibit
00080000 Copy Inhibit

103-000143-001
August 30, 2001
Novell Confidential
Reserved path names (<src|dest var name>) are NWSRC, NWDST and
NWBOOT, the standard source, destination and boot path for NetWare files.
<dest dir name> can be a null string.
<conditional copy flag>
Value Description
0 (or not present) Unconditionally copy this file.
1 Copy if destination file is not present.
2 Copy if destination file is not present; if it is, prompt user

(no version check).
3 Copy if destination file is not present or if the source file

version is newer than the destination file version.
4 Copy if destination file is not present or if the source file

version is newer than the destination file version;
otherwise, prompt the user.
5 Copy if destination file is present (no version check).
6 Copy if destination file is present and source file version is

newer than destination file version.
7 Copy if destination file is present and source file version is

newer than destination file version; otherwise, prompt the
user.
8 Copy if destination file is not present or if source file version

is newer than destination file version (refresh with new
files).
9 Copy only if destination file is present and source file

version is newer than destination file version (refresh
existing files).
Example
CopyFile 0, 0, 1, 0, 0, input, *.*, 'NETWARE-1', “NW [1]”,
output, '', '', ''
This is a continuation of the examples for “GetPath” on page 141. The user is
prompted for diskette NW [1], and the diskette is verified by checking for
volume label NETWARE-1. All files on the diskette are copied to the
subdirectory the user indicated for output.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
CopyFloppyImage
Syntax
CopyFloppyImage <floppy type flag>, <diskette name>, <src var
name>, <src file spec>, <src vol name>, <src descr>, <dest var
name>, <dest dir>, <dest vol name>, <dest descr>
Description
CopyFloppyImage copies a diskette image file sector by sector to the specified

drive (destination path which must be a diskette drive).
<floppy type flag> (0|1) 0 indicates a 3.5-inch high-density drive. 1 indicates

a 5.25-inch high-density drive.
<diskette name> The external label for the diskette.
Example
GetPath, dst, 2, 'A:', ''
CopyFloppyImage 0, “Disk 1", 3.5\WSDOS_1.IMG, '', '', dst,
'', '', ''
The floppy image specified by the source path is copied to the diskette in the
specified drive.
Delay
Syntax
Delay <delay in seconds>
Description
Delay relinquishes control for <delay in seconds> seconds before returning

control back to the calling process. If a negative value is used, the delay is a
random value from 0 to the absolute value of <delay in seconds>.
Example
Delay '-10'
This delays randomly from 0 to 10 seconds.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
DiskReset
Syntax
DiskReset <var name>
Description
DiskReset tells DOS to rescan the directories on the <var name> floppy drive.
This is necessary because the drive change interrupt is disabled while
NetWare has control.
Example
Assuming myDir corresponds with A:\

DiskReset myDir
Drive A:\will be rescanned.
Dismounted CD
Syntax
DisMountCD <CD Volume Name>
Description
DisMountCD is to be used with PromptForCD (below). It is used to dismount

a CD volume that has been mounted via the PromptForCD command.
Example
DisMountCD ‘CDVolumeName’
Display_Text_File
Syntax
Display_Text_File <Path>, <Filename>, <Completion Code>
Description
Display_Text_File displays an ASCII text file. The user can scroll the text in
any direction to read the entire contents of the file. Scroll bars automatically
display if needed. The maximum file size is 30 KB for the file.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Example
GetPath sys, 1, 'SYS:', ''
Display_Text_File sys, “license.txt”, ccode
The completion code will return a 0 (zero) for a successful return. Anything
else is an error.
Display
Syntax
Display <0|1|2>, “...<text>...”
Description
Display displays a message, accompanied by a beep if the first argument is 1.

If the argument is 2, the message is displayed as a copy status.
Example
Display 0, “Product XYZ installation is complete.”
The text is displayed (without a beep), and the user can press Enter to
continue.
DSInst
Syntax
DSInst <time zone name>, <time server type>, <daylight
flag>, <daylight start>, <daylight end>, <daylight
offset in seconds>, <tree name>, <tree address>,
<container object name>, <admin name>, <admin password>,
<replica flag>, <upgrade bindery flag>, <root server
flag>
Description
DSInst installs the directory with default time synchronization.
<time zone name> Time zone name (works as a system SET

parameter)
<time server type> Time server type (works as a system SET

parameter): single, reference, primary,
secondary

103-000143-001
August 30, 2001
Novell Confidential
<daylight flag> 1: Daylight savings time exists in this time

zone
0: Daylight savings time doesn't exist in this

time zone
<daylight start> “set parameter” daylight savings time start

string. For Example First Sunday of April at
2:00:00 a.m
<daylight end> “set parameter” daylight savings time end

string. For Example Last Sunday of October
at 2:00:00 a.m.
<daylight offset in seconds> Typically this is 3600 (seconds per hour), or

zero if daylight saving time is not applicable.
<tree name> DS tree name
<tree address> Internal IPX address of the SAP server for

the tree
<container object name> Full DN of container
<admin name> Full DN of Admin object (must have

supervisor rights on the container)
<admin password> Password for <admin name>
<replica flag> 1: Install a replica on this server; 0: don't

install
<upgrade bindery flag> 1: Upgrade the bindery if it exists; 0: don't

install
<root server flag> 1: Make this a new tree; 0: don't make this a
new tree
Example
DSInstMST7MDT, SECONDARY, 1, '(APRIL SUNDAY FIRST 2:00:00
AM)', '(OCTOBER SUNDAY LAST 2:00:00 AM)', 3600, URSA,
FACE3234, 'O=Novell', 'CN=Admin.O=Novell', '', 1, 1, 0
Time services will be installed with this server as a secondary server using
existing tree name URSA. Directory services will be installed, with this server
in container O=Novell. This server will have a replica installed, and its
bindery will be upgraded.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
EraseFile
Syntax
EraseFile <directory flag>, <var name>, <file spec>, <vol
name>, <vol descr>
Description
EraseFile recursively erases the file or directories indicated in <file spec>.

Wildcards are acceptable. In NetWare, files can be removed no matter what
their attributes; in DOS, only normal files can be removed.
IMPORTANT: Use this command with care to delete only the intended data.
If <directory flag> is 1, <file spec> must be a directory name; the contents of

the directory will be deleted, but the directory will not.
Example
If myDir corresponds to VOL1:\.

EraseFile 1, myDir, '', '', ''
The contents of directory VOL1:\ will be erased.
EditNCF
Syntax
EditNCF <ncf path var>, <ncf file name>, <backup ext>, <ccode>
Description
EditNCF edits the specified NCF file as follows:

Writes any lines in the EditNCF_ADDLINE list at the beginning of the
NCF file.
Deletes any lines that match lines in the addline list.
Comments out any lines containing keystrings in the
EditNCF_KEYSTRINGS list.
Any other lines are copied unchanged.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Example
GetPath startup, 1, 'C:\\NWSERVER', ''
EditNCF_KEYSTRING ''
EditNCF_KEYSTRING 'PK411.NLM'
EditNCF startup, 'startup.ncf', 'bak', ccode
The contents of C:\NWSERVER\STARTUP.NCF will be searched for a line

containing PK411.NLM and will be commented out by the EditNCF
command. Ccode will contain the following:
0 - Success
1 - Duplicate Extension
2 - Open Error
3 - Read Error
4 - Write Error
5 - NCF to Backup Extension Error
6 - Tmp to NCF Error
EditNCF_ADDLINE
Syntax
EditNCF_ADDLINE <LineToBeAdded>
Description
EditNCF_ADDLINE adds a line of text to the list of lines to be added at the

top of the file being edited with EditNCF.
Example
EditNCF_ADDLINE ''
EditNCF_ADDLINE 'LOAD PK411.NLM'
The first line will clear the ADDLINE list. The second line will add the string
“LOAD PK411.NLM” to the top of the STARTUP.NCF file.

103-000143-001
August 30, 2001
Novell Confidential
EditNCF_KEYSTRINGS
Syntax
EditNCF_KEYSTRINGS <keystring>
Description
EditNCF_KEYSTRINGS defines a list of keystrings to be used by EditNCF

when determining which lines to comment out. (A line will be commented out
if it contains any of the keystrings).
NOTE: The list must be terminated with a null string (empty quotes) for the last
entry. This command can be used multiple times. Each time replaces the previously
defined list.
Example
EditNCF_KEYSTRINGS ''
EditNCF_KEYSTRINGS 'PK411.NLM', 'ADTRSTFX', 'AUTODUMP',
'CLSSCRFX', 'EAPURGFX', 'EVNTRPFX', 'GETDIRFX', ''
The first line clears the KEYSTRING list. The second line adds the strings to
the list to be commented out of the STARTUP.NCF file.
ExtractVersionNumbers
Syntax
ExtractVersionNumbers <version string>, <major var name>,
<minor var name>, <revision var name>
Description
ExtractVersionNumbers parses a version string and returns the major version

number, minor version number, and revision number as integers. Version
string is parsed and leading non-digits are ignored. The variables are filled
with the major, minor, and revision values for the version string. If no revision
value is in the version string, a zero is returned. If the revision value is a non-
digit value, a numeric revision value is returned (i.e., A = 1, B = 2, etc.).
Example
SetVar version, “v2.11”
ExtractVersionNumbers version, major, minor, revision

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The variable version contain the string “v2.11”. ExtractVersionNumbers

returns a value of 2 in the variable major, a value of 11 in the variable minor.
And a value of 0 in the variable revision.
FileVersion
Syntax
FileVersion <src var name>, <src file spec>, <src vol name>,
<src descr>, <Module major number>, <Module minor number>,
<Module rev number>, <Module description>, <return code>
Description
FileVersion returns the major, minor, and revision numbers as well as the
description string of the NetWare Loadable Module (NLM, HAM, CDM,
LAN, etc.) as long as the return code is 0.
IMPORTANT: This works only for NetWare Loadable Modules ( that is, it does not
work with .EXE or .DLL files, etc.).
Example
GetPath1, 1, 'SYS:\\SYSTEM’
File Version path1, ‘DS.NLM’, ‘’,’’, DSMajor, DSMinor,
DSRev, DSDesc, DSCode
GetDOSServer
Syntax
GetDOSServer <var name>
Description
GetDOSServer returns the default DOS server number in <var name> on

SFT* III servers.
Example
GetDOSServer DOSServer
The value of the variable DOSServer will be either 0 or 1. If the value is

anything else, the server is not running SFT III.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
GetPath
Syntax
GetPath <var name>, <path type>, <default>, <prompt>, [<base
var name>]
Description
GetPath prompts the user for a path using the prompt. The prompt string will
be displayed, with “%s” (like C-language print formatting) being replaced by
the <default> string.
The keystrokes to modify will be added to your prompt. Trailing backslashes
are always removed before the path is displayed. <var name> is a variable
name that can be used later in a CopyFile command. If <prompt> is a null
string, the user is not prompted; the path variable is set. If <base var name>
exists, it will be used as a basis for the new variable (the remote connection
number will be maintained, etc.).
<path type>
Value Description
1 Allow any path.
2 Allow floppy only (including remote).
3 Allow DOS only (including remote).
4 Allow NetWare local path only.
5 Allow local floppy only.
Example
GetPath input, 1, 'A:', “Files will be copied from %s\\.”
The user will see the following prompts:

Files will be copied from A:\
Press <F3> to specify a different path.
Press <F4> to specify a remote path.
Press <Enter> to continue.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Goto
Syntax
Goto <label_name>
Description
Goto causes execution to continue at the first occurrence of label

<label_name>.
The scope of a label is always local to a file set. Therefore, a Goto statement
cannot transfer execution to a file set different from the current one.
Example
Goto Done
Label Done
The statement Goto Done will cause execution to continue at the label Done.
GotoIfEqual
Syntax
GotoIfEqual <larg1>, <arg2>, <label_name>
Description
GotoIfEqual causes execution to continue at the first occurrence of Label

<label_name> if <arg1> is equal in value to <arg2>. Both <arg1> and
<arg2> must be integers.
cannot transfer execution to a file set different than the current one.
Example
GotoIfEqual 0, 1, Error
Goto Done
Label Error
Since 0 is not equal to 1, execution will not continue at label Error.

NOTE: GotoIfEqual performs an integer comparison, not a string comparison.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
GotoIfNEqual
GotoIfGreater
GotoIfLess
GotoIfGrEqual
GotoIfLsEqual
Syntax
GotoIfNEqual <arg1>, <arg2>, <label_name>
GotoIfGreater <arg1>, <arg2>, <label_name>
GotoIfLess <arg1>, <arg2>, <label_name>
GotoIFGrEqual <arg1>, <arg2>, <label_name>
GotoIfLsEqual <arg1>, <arg2>, <label_name>
Description
These are identical to GotoIfEqual (page 142), except that execution branches
only if (respectively):
<arg1> not equal to <arg2>
<arg1> is greater than <arg2>
<arg1> is less than <arg2>
<arg1> is greater than or equal to <arg2>
<arg1> is less than or equal to <arg2>
cannot transfer execution to a file set different from the current one.
NOTE: GotoIf* performs an integer comparison, not a string comparison.
Is_NLM_Active
Syntax
Is_NLM_Active <NLM Name>, <Completion Code>
Description
Is_NLM_Active searches the loaded modules list and returns 1 if the NLM is
loaded, or 0 if the NLM is not present in memory.
Example
Is_NLM_Active “Monitor.nlm”, ccode

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IsSubString
Syntax
IsSubString <string>, <substring>, <index>
Description
IsSubString returns the zero based <index> of <string> where <substring>

starts, if <substring> is indeed contained within <string>, otherwise <index>
is -1.
Example
IsSubString ‘Little Miss Muffet sat on’, ‘Miss Muffet’,
index
In this example, <index> would return as 7.
Label
Syntax
Label <label_name>
Description
Label serves only as a target of a goto statement with <label_name>.

IMPORTANT: The scope of a label is always local to a file set. Therefore, a Goto
statement cannot transfer execution to a file set different from the current one.
Example
Goto Done
Label Done
The Goto Done statement will cause execution to continue at Label Done.
LangVar
Syntax
LangVar <default>, <lang var>, <src var dir name>, <src vol
name>, <src descr>

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Description
LangVar sets a variable to the number of a language. It starts with <src var dir
name>, then it looks for a subdirectory whose name is a number that matches
the current server language number. If the subdirectory is found, <lang var>
is set to that number; otherwise, <lang var> is set to <default>.
Example
Assuming the current language is 6:

LangVar 4, lang, NWSRC, '', ''
This command looks in the source install directory for a subdirectory named
6. Finding it, it sets lang to 6.
Menu
Syntax
Menu <var name>, <Prompt>, <# of menu options>, <default menu
option>, <first choice>, <first value>, <second option>,
<second value> [<third option>, <third value>,] [<fourth
option>, <fourth value>]
Description
Menu command will display a window with the <Prompt> showing in a

header area. The <choices> will display in a scrolling area below the header.
The <# of menu options> is 1 based. The <default menu option> is zero based.
The entire command is terminated without a comma after the final value.
Example
Menu done, “Are you ready to continue?”, 2, 0,

“Yes”, 1,
“No”, 0
The Menu command displays a box on the screen with the Prompt “Are you
ready to continue?” Below it the choices are “Yes” and “No.” The “Yes”
option is highlighted as the default option. Upon selecting the option, the value
will be placed in the variable. The values must be integers.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
NLMExec
NLMExecIO
Syntax
NLMExec <block flag>, <command line>
Description
NLMExec executes the NLM specified by <command line>. If <block flag>

is 1, NLMExec waits for the NLM to complete execution, then continues.
NLMExec is the external command version of the Exec (page 123) command.
NLMExecIO is identical to NLMExec except it executes the command line on
the default DOS server on a NetWare SFT III server. See “SetDOSServer” on
page 149 for more information.
Example
NLMExec 1, PINSTALL
This command executes PINSTALL.NLM and waits for it to finish.
Partitions
Syntax
Partitions <delete flag>
Description
Partitions creates NetWare partitions as needed on all available devices. If

<delete flag> is 1, all existing non bootable partitions will be deleted. If
<delete flag> is 0, they will be left intact. The minimum allowable partition
size is 1 MB, according to default rules (see “@DeletePartition” on page 105).
Example
For one existing device with a DOS (active) partition and a NetWare 286
partition:
Partitions 1
This deletes the 286 partition and creates a NetWare partition in the remaining
space.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
PromptForCD
Syntax
PromptForCD <CD Volume Name>, <seconds to mount>
Description
PromptForCD is to be used with DisMountCD (above). PromptForCD
will prompt the user to insert the CD labeled <CD Volume Name>
into the CD drive and then will attempt to mount the CD volume
within the <seconds to mount> time frame.
Example
PromptForCD ‘CD 1’, 30
Quit
Syntax
Quit
Description
Quit will exit the script processing at this point. No further processing will
take place.
Example
GotoIfEqual %{variable1}, %{true}, Continue_On
Quit
Label Continue_On
ReadProductRecord
Syntax
ReadProductRecord <productID>, <recordtype>,
<recorddatavarname>, <ccode>
Description
ReadProductRecord reads the record in the products database matching the

<productID> and <recordtype> specified and returns the corresponding data.

103-000143-001
August 30, 2001
Novell Confidential
This command is the counterpart to the ProductRecord command. See

“ProductRecord” on page 123 for more information on record types.
Example
ReadProductRecord MYPROD, 0, version, ccode
The command will search the products database and return the value for
<version> for product 'MYPROD'.
Read_Var_File
Syntax
Read_Var_File <path>, <filename>, <completion code>
Description
Read_Var_File will read the contents of the filename and create variables for
script processing. The file is an ASCII formatted file with the content as
follows:
“Variable1=true”
“Variable2=false”
“Variable3=Servername”
Example
Read_Var_File “sys:system”, “varfile.txt”, ccode
NOTE: Ccode will return the file open status. 0 is success, anything else is an
error. If the variable to the left contains any spaces, leading or trailing, the spaces
will become part of the variable name and must be included with the variable when
referencing it.
SetDir
Syntax
SetDir <var name>, <relative dir>, <vol name>, <vol descr>,
<attributes>, <0|1>, <rights>
Description
SetDir creates directories (if they do not already exist), according to the <var
name> obtained from GetPath (page 141). The <relative dir> value can be
null. <attributes> are the attributes to use when creating the directory; 0

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
indicates normal attributes. If the <0|1> argument is 1, the server container

object (or everyone) is given <rights> rights to the directory.
Example
If myDir corresponds to VOL1:\

SetDir myDir, DOC, '', '', 10, 1, 0
The directory VOL1:\DOC will be created and all applicable users will have
rights to it.
SetDOSServer
Syntax
SetDOSServer <engine number>, <ccode>
Description
SetDOSServer specifies the <engine number> to be made the default DOS

server (valid numbers are 0 and 1). This will set the default server used by the
OS APIs.
NOTE: DiskReset and GetPath can be directed to a particular IOEngine by first
setting the DOS server as needed. This allows you to essentially map a path
variable to a particular IOEngine. From that point on, that path variable will be
associated with that IOEngine regardless of what the default DOS server is set to.
Therefore, any commands that use path variables will target the IOEngine
associated with the path variable rather than the default.
Example
SetVar IOEngineNumber, 0
SetDOSServer IOEngineNumber, ccode
The server’s default IOEngine 0 will now be the default DOS server. Ccode
will have a 0 for its value on success and a -1 for a failure.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
SetLConfigLang
Syntax
SetLConfigLang <value>
Description
SetLConfigLang looks for the LCONFIG.SYS file in the server boot directory.
The default server language ID number is changed to <value>.
Example
SetLConfigLang 9
The default server language ID number in the LCONFIG.SYS file is changed

to 9 (Japanese).
SetVar
Syntax
SetVar <variable name>, <variable value>, [<Prompt>]
Description
SetVar sets a variable with <variable name> to the <variable value> string
value. If the value does not exist, one is created. The variable value cannot
exceed 127 characters in length.
Example
SetVar message, “Hello World!”
This causes a variable to be created with name “message,” and its value set to
the string “Hello World!”
NOTE: The Prompt option is only available in version 3.25+.

103-000143-001
August 30, 2001
Novell Confidential
SGotoIfEqual
SGotoIfNEqual
SGotoIfGreater
SGotoIfLess
SGotoIfGrEqual
SGotoIfLsEqual
The SGotoIf commands have the same options as the GotoIf commands. The
SGotoIf commands perform a string comparison instead of an integer
comparison.
SpaceCheck
Syntax
SpaceCheck <path var name>, <value>
Description
SpaceCheck looks at <path var name>. If it matches a NetWare volume,

SpaceCheck checks whether the volume is large enough for <value> bytes,
and whether the volume has enough free space for <value> bytes. If the
volume is not large enough, the installation aborts. If there is not enough free
space, the user is alerted and allowed to continue.
Example
Assuming srcVar corresponds to VOL1:\FILES

SpaceCheck srcVar, 1000000
Volume VOL1: will be checked for one million bytes of free space.
NOTE: ICMD.NLM versions 3.25 and older do not support SpaceCheck on DOS
drives. Newer versions support this drive option.

103-000143-001
August 30, 2001
Novell Confidential
SrchNCF
Syntax
SrchNCF <ncf path var>, <ncf file name>, <keystring>,
<foundline var name>
Description
SrchNCF searches an .NCF file for line containing a substring matching

<keystring> (non case-sensitive). If found, the line of text will be returned;
otherwise <foundline var name> will be empty.
NOTE: The same value as not found will be returned if an error is encountered (for
example, invalid filename, read error, etc). It is assumed that this command will be
used before calling EditNCF (page 137) which returns a more detailed completion
code that can be acted on as necessary.
Example
GetPath sys, 1, 'SYS:\\', ''
SrchNCF sys, 'SYSTEM\\AUTOEXEC.NCF', “Load Monitor”, ccode
The SrchNCF command will search the SYS:\SYSTEM\AUTOEXEC.NCF

file for the string 'Load Monitor' and return the line number in ccode if found.
ValueSet
ValueAdd
Syntax
ValueSet <var name>, <value>
Value Add <var name>, <value>
Description
ValueSet sets, and ValueAdd adds to, the numeric contents of variable <var
name>.
Example
ValueSet srcVar, 1
The variable srcVar is created if it did not exist and is set to 1.

103-000143-001
August 30, 2001
Novell Confidential
Volumes
Syntax
Volumes <minimum vol SYS: size in sectors>
Description
Volumes creates and mounts volumes on this server, with the volume SYS:
placed on the first device larger than <minimum volume SYS: size in sectors>
(512 bytes per sector). Additional volumes, named “VOL1”, “VOL2”, etc.,
will be created on other devices, one per device.
Example
For one existing device with 50 MB and a NetWare partition, but no volumes:
Volumes 51200; 25 MB minimum
This command creates volume SYS: on the device and mounts it. For more
information on creating and mounting NetWare volumes, see the Volume
Management API.
Write_Var_File
Syntax
Write_Var_File <path>, <filename>, <varname>, <var value>,
<completion code>
Description
Write_Var_File will write the varname and var value to the filename specified
by the path/filename. The file is an ASCII formatted file with contents as
follows:
“Variable1=true”
“Variable2=false”
“Variable3=Servername”
Example
Write_Var_File “sys:system”, “varfile.txt”, “Variable1”,
“true”, ccode
NOTE: Ccode will return the file open status. 0 is success, anything else is an
error. If the variable to the left contains any spaces, leading or trailing, they will be

103-000143-001
August 30, 2001
Novell Confidential
part of the variable name and must be included with the variable when referencing
it later. If the filename doesn't exist, it will be created. The varname and var value
will then be written. If the file does exist, the varname and var value will be
appended to the contents of the file.
External Command Programming Interface

The external command programming interface contains the functions
described below.
IMPORTANT: These functions require ICMD.NLM 2.18 or later.
ICMDSetVar
Use the ICMDSetVar function to set a script variable programmatically.
Function
int ICMDSetVar (char *variableName, char *variableValue)

*variableName: Pointer to name of variable to set
*variableValue: Pointer to string representing value of variable being set
Return
0 if successful; non-zero error code if unsuccessful.
Description
ICMDSetVar is a function exported by ICMD.NLM that another NLM can

call (for instance, in a blocking NLMExec command). This lets the NLM set
a variable within a script being executed by ICMD.NLM so the NLM can
communicate with the script, changing the control flow, etc.
Example
If MYNLM.NLM has code as follows:

ICMDSetVar(“mynlmvar”, “hello world”); exit();
and the script looks like this:

NLMExec 1, mynlm
Display 0, “Information: %{mynlmvar}”
then this popup text box would be displayed:

Information: hello world

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
ICMDGetVar
Use the ICMDGetVar function to get the value of a script variable.
Function
int ICMDGetVar (char *variableName, char *variableValue)

*variableName: Pointer to name of variable
*variableValue: Buffer containing value of variable; must be at least 128
bytes
Return
0 if successful; non-zero error code if unsuccessful or if variableName does

not exist.
Description
ICMDGetVar is a function exported by ICMD.NLM that another NLM can

call. This lets the NLM set a variable within a script being executed by
ICMD.NLM so the NLM can communicate with the script, changing the
control flow, etc.
Example
If a script looks like this:

SetVar myvar, “Hello”
NLMExec 1, mynlm
and if MYNLM.NLM has code as follows:

char buffer[128];
ICMDGetVar(“myvar”, buffer);
then the value in buffer would be the null-terminated string:

“Hello”.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
External Command Variable Substitution

A variable, such as the value returned by GetPath (page 141), can be used
inside any quoted string within an executed external command. The variable
is global. It goes out of scope only when the command processor is replaced
by a different one. The variable can be dereferenced explicitly by an
expression %{<var name>} within another string.
NWSERVER The name of the server the script is processing on.
NWSRC Source path where script is found.
NWDST Destination path (where server will boot from).
NWBOOT Current path (where server was booted from).
NWLANG Language number (4 = English, etc.).
COUNTRY Country ID (DOS country specifier).
CODEPAGE Codepage number (DOS code page specifier).
OSTYPE NetWare operating system type:

0 - Native
1 - OS/2
2 - SFT III
LOADERTYPE Type of loader used to start NetWare:

1 - DOS
2 - OS/2
3 - Windows 3.1
SERVCONFIGTYPE NetWare server configuration:

0 - Native
1 - SFT III I/O Engine
2 - SFT III MS Engine
SFTLEVEL Level of active System Fault Tolerance for NetWare.
OSMAJORVERSION The major version number for the NetWare OS.
OSMINORVERSION The minor version number for the NetWare OS.
OSREVISION The revision level for the NetWare OS.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
All path variables, including the predefined ones, allow subfield specifiers in
the form <path var>.<specifier>.
<path var> <specifier>
PATH String containing the actual path.
VOL Disk volume name.
PROMPT Disk volume prompt.
TYPE Path type.
SUBTYPE Path subtype.
CONN Connection number (hex).
ENGINE Engine number.
TYPE Values:
1 local server
2 remote server
3 local DOS
4 remote DOS (via RCONSOLE)
SUBTYPE Values:
0 unknown
1 floppy
2 cd
3 network
4 other
Example
NLMExec 1, 'Pinstall %{NWLANG} %{NWSRC.CONN}'
If the server language is English, and the connection number for NWRSC is
5, it is as if the following were typed on the system console:
'load PINSTALL.NLM 4 5'

103-000143-001
August 30, 2001
Novell Confidential
Installation NLM Command Line Options

Command line options can be preceded by '-', but this is not required.
IMPORTANT: These options are not intended for general distribution; they apply
only to the NetWare installation NLM. Other Switches are not guaranteed to be
supported in all versions.
User-Documented Switches for NetWare Installation
Switch Description
DSREMOVE Allows absolute removal of DS.
R Allows license replacement.
Switches Helpful for Install Script Writers
Switch Description
DELAY Wait until execution of AUTOEXEC.NCF is complete

before activating screen.
NOSTATUS Suppress status bar display in batch mode.
A= NNNNNNNN:OOOOOOOOOOOO:SSSS or
XXX.XXX.XXX
source path IPX address: N hex network (8 chars): O

hex node (12 chars): S hex socket
source path IP address: XXX decimal value (1-3 chars)
B= Batch file spec.
D= Destination path in DOS for SERVER.EXE, etc.
E= Error file spec.
O= Overwrite existing files flag; 1: always, 2: never

overwrite.
S= Source path DOS specifier.
W= Overwrite newer files flag; 1: always, 2: never

overwrite.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Other Switches
Switch Description
MDEBUG Memory debug.
TRANSPORT Transport layer type. (IPX is the default).
IPX
TCP
UDP
C= Source path remote context.
DS= Specifies that NDS authentication will be used.
If command is not present, the connection is made through

the bindery.
F= Front end flag.

Q simplified mode
T calculate file set totals
V suppressed delayed init (DELAY)
X allow more DS options
K= Default startup.ncf file spec.
L= Mode of installation.
N= Source path remote server spec.
P= Source path remote user password.
U= Source path remote user name.
Z= Source path remote tree.

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
NetWare 4.1 Remote Installation Wrapper

You can use NetWare installation to remotely install a product that was not
originally intended for remote installation.
1 Create a wrapper script that copies the associated files to the server before
executing PINSTALL.NLM.
Make sure the system volume is large enough to contain the scratch files,
even in local install cases.
In the example below, the directory layout is as follows on the diskette:
\ (root)
PINSTALL.IPS
PINSTALL.NLM
other files...
The contents of file PINSTALL.IPS appears as follows:
command icmd
getpath dest, 1, 'sys:system\\tmp', ''
copyfile 0, 0, 0, 0, 0, NWSRC, '*.*', '', '', dest, '', '', ''
; Additional copyfile commands might be needed to copy all diskettes
; See filedata.doc for details.
nlmexec 1, 'sys:system\\tmp\\pinstall'
erasefile 0, dest, '', '', ''
PINSTALL.IPS script causes ICMD.NLM to be loaded. A path variable
dest is set, all files are copied to that location, PINSTALL.NLM is
executed, then the files are erased.
2 Load INSTALL.NLM.
3 Click Product Options > Install a Product Not Listed.
4 Press F3.
5 Enter the remote path:
server_name\vol_name:path

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
NetWare Installation Command Version Availability

The following tables list the available NetWare installation and external
installation commands.
NetWare Install Commands
Command NetWare 4.10 NetWare 4.11 NetWare for Small NetWare 5 and
Business NetWare 6
@CDName X X X X
@DeletePartition X X X X
@Driver X X X X
@FileSet X X X X
@IncludeFile X X X X
@MessageFile X X X X
@Other X X X X
@StartAppObject X
@StartSchemaMod X X X
@SyntaxVersion X X X X
@TimeZone X X X X
@TranslateModule X X X X
@Version X X X X
Command X X X X
CopyDriverToServer X X X X
CopyDriverToStartup X X X X
CopyToServer X X X X
CopyToStartup X X X X

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Command NetWare 4.10 NetWare 4.11 NetWare for Small NetWare 5 and
Business NetWare 6
Exec X X X X
ProductRecord X X X X
RegisterLanguage X X X X
SaveLanguageFile X X X X
Spawn X X X X
NetWare External Install Commands
Command Version of ICMD.NLM
2.00 2.18 3.20 3.25
Activate X X X
AppendFile X X X X
CheckFile X X X
Config X X X X
Console X X X X
CopyFile X X X X
CopyFloppyImage X X X X
Delay X X X X
DiskReset X X X X
Display_Text_File X
Display X X X X
DSInst X X X X
EditNCF X X
EditNCF_Addline X X

103-000143-001
August 30, 2001
Novell Confidential
2.00 2.18 3.20 3.25
EditNCF_Keystrings X X
EraseFile X X X X
ExtractVersionNumbe X X
rs
GetDOSServer X X
GetPath X X X X
Goto X X X
GotoIfEqual X X X
GotoIfNEqual X X X
GotoIfGreater X X X
GotoIfLess X X X
GotoIfGrEqual X X X
GotoIfLsEqual X X X
Is_NLM_Active X
Label X X X
LangVar X X X X
Menu X X X
NLMExec X X X X
NLMExec_IO X X
Partitions X X X X
Quit X
ReadProductRecord X X
Read_Var_File X

103-000143-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
2.00 2.18 3.20 3.25
SetDir X X X X
SetDOSServer X X
SetLConfigLang X X X X
SetVar X X X X
SgotoIfEqual X X X
SgotoIfNEqual X X X
SgotoIfGreater X X X
SgotoIfLess X X X
SgotoIfGrEqual X X X
SgotoIfLsEqual X X X
SpaceCheck X X X X
SrchNCF X X
ValueAdd X X X X
ValueSet X X X X
Volumes X X X X
Write_Var_File X

103-000143-001
August 30, 2001
Novell Confidential
NetWare Migration Wizard 6 Administration Guide
Novell
NetWare Migration ®
Wizard 6 www.novell.com
A D M I N I S T R AT I O N G U I D E
August 29, 2001

Novell Confidential
Manual Rev 99a 38 July 17, 2001
Contents
Contents 5
NetWare Migration Wizard 6 Administration Guide 7
1 Migrating Data from NetWare 3 9

Preparing the Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Preparing the Source Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Preparing the Servers in the Destination NDS Tree . . . . . . . . . . . . . . . . . . . . . . 11
Creating a Template Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Run Novell NetWare Migration Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Model Your Migration Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Verify Your Migration Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Migrate Users and Data to the Destination NDS Tree . . . . . . . . . . . . . . . . . . . . . . . 17
Perform Post-Migration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2 Migrating Data from NetWare 4, 5, or 6 21

Preparing the Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Preparing the Source Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Preparing the Destination Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Run Migration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Copy Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Edit Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Begin NDS Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Finish NDS Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3 Migrating Data from Windows NT 33

Perform Prerequisite Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Creating a Template Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Creating ZENworks User Policy Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Registering the Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Run Migration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Model Your Migration Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Verify Your Migration Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Contents 5
NetWare Migration Wizard 6 Aministration Guide

103-000161-001
August 29, 2001
Novell Confidential
Migrate Users and Data to the Destination NDS Tree. . . . . . . . . . . . . . . . . . . . . . . 46

4 Troubleshooting 51
General Connection Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Workstation-to-Server Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Server-to-Server Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
File Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
SMDR Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Restoring Trustees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
NUWAGENT.NLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
NICI Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
NDS Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Restore Source Server to Its Original Configuration . . . . . . . . . . . . . . . . . . . . . . 56
Remove NDS from the Destination Server . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Remove NDS from the Source Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Restore NDS to the Source Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Reinstall the Destination Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6 NetWare Migration Wizard 6 Aministration Guide

103-000161-001
August 29, 2001
Novell Confidential
NetWare Migration Wizard 6 Administration Guide
Novell® NetWare® Migration Wizard 6 lets you copy data from a NetWare or
a Windows* NT* server to another NetWare server in your network.
Migrating Data from NetWare 3—Migration Wizard copies the NetWare 3 file
system and bindery objects to a destination NDS® tree. When the bindery
objects are copied to the destination NDS tree, they are automatically
converted to NDS objects.
Migrating Data from NetWare 4, 5, or 6—Migration Wizard migrates the file
system and NDS database from a NetWare 4, NetWare 5, or NetWare 6 source
server to a faster, more reliable NetWare destination server. After NDS is
migrated, the destination server replaces and assumes the identity of the
source server on the network. Valid destination servers must be ruuning
NetWare 5.0, 5.1, or 6.
Migrating Data from Windows NT—Migration Wizard migrates NT domain
users and local and global groups from a Windows NT 3.51 or 4 server to a
destination NDS tree. During the migration, the NT users and groups are
converted to NDS objects and placed in the destination NDS tree. NetWare
Migration Wizard 6 also migrates NT shared folders to a NetWare file system
while migrating and converting Windows NT permissions to NetWare trustee
rights.
NetWare Migration Wizard 6 Administration Guide 7

103-000161-001
August 29, 2001
Novell Confidential

103-000161-001
August 29, 2001
Novell Confidential
1 Migrating Data from NetWare 3
Novell® NetWare® Migration Wizard 6 copies and consolidates your NetWare

3 bindery and file system from one or more existing NetWare 3 servers to a
destination NDS® tree.
The following figure shows how the Migration Wizard manages the migration
of data from multiple NetWare 3 servers to a destination NDS tree.
NetWare 3 Destination
Servers NDS Tree
Data
files
volumes
objects
NetWare
Migration
Wizard
Windows 98
or
Windows NT 4.0/2000
Workstation
To migrate data from NetWare 3, complete the following tasks in the order
they are listed.
1. “Meet System and Software Requirements” on page 10
2. “Run Novell NetWare Migration Wizard” on page 12
Migrating Data from NetWare 3 9

103-000161-001
August 29, 2001
Novell Confidential
3. “Verify Your Migration Project” on page 17

4. “Migrate Users and Data to the Destination NDS Tree” on page 17
5. “Perform Post-Migration Tasks” on page 20

Log in to your destination NDS tree with a user that is listed in the bindery
context of the destination NDS tree. Make sure the user has the
Supervisor right to the destination servers that you are migrating file data
to and three available user licenses.
For more on how to enable the Supervisor right, see the ConsoleOneTM
Documentation (http://www.novell.com/documentation).
Make sure you have the Write right to all NDS containers and directories
that are receiving data from NetWare 3.
Preparing the Workstation

A Windows 98, Windows NT (4.0 or later), or Windows 2000
workstation with 50 MB of available disk space.
IMPORTANT: NetWare Migration Wizard 6 does not run on a Windows 95
workstation.
The Windows 98 workstation must be running Novell ClientTM for

Windows 98 version 3.3 or later.
The Windows NT/2000 workstation must be running Novell Client
for Windows NT/2000 version 4.8 or later.
To check your current Novell Client version, right-click the N icon on the
workstation toolbar, and then click Novell Client Properties > Client. If
you need to download the latest client, see the Novell Software
Downloads Web site (http://www.novell.com/download).
The IPXTM protocol running on your Novell Client workstation. Make
sure that your client workstation has an IPX connection to your source
server and destination tree.

103-000161-001
August 29, 2001
Novell Confidential
Preparing the Source Server

The source server is the existing server that contains the data that will be
copied to the destination NDS tree.
The source server must be running NetWare 3.11 or later.
Load the following NLMTM program at the server console of each
NetWare 3 source server that you are planning to migrate:
For NetWare 3.11, load TSA311.NLM
For NetWare 3.12 and 3.2, load TSA312. NLM
Use SYSCON to verify that you have the console operator right to the
source server.
Back up all data on the source server.
Preparing the Servers in the Destination NDS Tree

The destination NDS tree is the NDS tree that contains the servers that will
receive the data migrated from the NetWare 3 source server. After data is
copied from the source server, it appears in the destination NDS tree.
Make sure that all the servers that you are migrating data to in the destination
NDS tree have the following:
NetWare 4, NetWare 5, or NetWare 6 installed.
NOTE: NetWare Migration Wizard 6 does not migrate to NetWare 4.10 servers.
The IPX protocol running and bound to the network card of each NetWare
server in the destination NDS tree that you are migrating files to.
WARNING: If IPX is not bound and running on the destination server, the file
migration will fail. To check whether IPX is bound, enter CONFIG at the server
console of the destination server.
Continue with the next section, "Creating a Template Object."
Creating a Template Object

This is an optional prerequisite task. A Template object is used to define
additional NDS user attributes to NetWare 3 users during the migration. We
recommend that you use a Template object because it is an organized way to
migrate your NetWare 3 users to the NDS tree and manage them once they are
there.

103-000161-001
August 29, 2001
Novell Confidential
If there is a conflict between the properties of a Template object and properties

of a NetWare 3 user, the properties of the Template object will, in most cases,
take priority. For example, if a minimum password length of seven characters
is specified for the NetWare 3 user, Jeff, and a minimum password length of
nine characters is specified in the Template object, then when Jeff’s object is
migrated, the object will be created in NDS with a password length of nine
characters.
If you want to know what additional NDS attributes can be defined in a
Template object, run ConsoleOne and double-click a Template object to view
all of the existing properties.
The last name, full name, and description of every NetWare 3 object is always
migrated and these corresponding properties from the Template object are
overwritten.
If you decide to use a Template object, you can create one in ConsoleOne by
clicking File > New > Object > Template.
Continue with the next section, "Run Novell NetWare Migration Wizard."
Run Novell NetWare Migration Wizard

1 Download and install NetWare Migration Wizard 6 from the NetWare
section of the Novell Software Downloads Web site (http://
www.novell.com/download/).
2 Run Migration Wizard from the location where you installed it.
The installation program, by default, installs Migration Wizard at this
location: Start Menu > Programs > Novell > Netware Migration Wizard
> NetWare Migration Wizard.
3 Read the Welcome screen and click OK.
4 Click Create a New Project > OK.
5 Click NetWare 3 > OK.
6 Click the View Setup Tasks button.
This launches your default Web browser and takes you to the NetWare
Migration Wizard 6 online documentation.
7 Browse to Chapter 1, “Migrating Data from NetWare 3,” on page 9 and
make sure you have completed the system and software requirements in
"Meet System and Software Requirements." Then close your browser.

103-000161-001
August 29, 2001
Novell Confidential
8 Click Next.
9 Name your migration project, choose a place to save it, and then click
Next.
By default, Migration Wizard saves your project in C:\Program
Files\Novell\NetWare Migration Wizard.
10 Select the source servers that you want to migrate.
Only servers that you are already logged in to appear in the Selected
Servers text box. To log in to a server, click the Server icon. When you
are finished selecting your servers, click Next.
11 Select your destination NDS tree and click Next.
12 Decide whether you want Migration Wizard to find any NetWare 3 and
NDS User objects that have the same name, click Yes or No, and then
click Next.
If you choose to do this, Migration Wizard will look for duplicate
usernames in the destination NDS tree and on the NetWare 3 source
servers. Migration Wizard will then display its findings and you can
choose to merge the matching User objects.
13 To create and save your project, click Create.
When a project is created and saved, Migration Wizard also creates
success and error logs which contain the details of what took place during
the migration.
14 If you clicked No in Step 12, skip the rest of these steps and continue with
“Model Your Migration Project” on page 15. If you clicked Yes in Step
12, continue with the next step.
15 Complete the following tasks:
15a Click the Browse button to select an NDS container on the
destination NDS tree.
Migration Wizard will search this container and all subcontainers for
matching NDS usernames.
15b Browse the tree and select an NDS container, and then click OK.
15c Click Next to begin searching for duplicate usernames.
15d Decide how to handle duplicate usernames.
The following screen is an example of the username table in
Migration Wizard. Carefully review this screen. If you do not make

103-000161-001
August 29, 2001
Novell Confidential
any changes, Migration Wizard will automatically merge the

NetWare 3 user with the displayed NDS user.
Figure 1 Merging Your NetWare 3 Users with Duplicate NDS Users
You have the following options for each NetWare 3 user:

Merge the NetWare 3 user with the displayed NDS user
Simply leave the NetWare 3 user displayed as it is in the table
and continue with the next user.
Merge an NDS user other than the currently displayed NDS user
Click the arrow by the NDS username to view a drop-down list
containing all the NDS users that have the same username
(including contexts) as the adjacent NetWare 3 user. Select one
of the NDS names and continue with the next NetWare 3 user.
Do not merge any of the NDS users with the NetWare 3 user
If you know that none of the listed NDS users represents the
same person as the adjacent NetWare 3 user, click the arrow by
the NDS username and then click Don’t Merge.

103-000161-001
August 29, 2001
Novell Confidential
15e Once you have made a decision for each listed NetWare 3 user, click
Finish.
The NetWare 3 users that you chose to merge with NDS User objects
appear automatically as dropped objects in the destination NDS tree.
Continue with the next section, "Model Your Migration Project."
Model Your Migration Project

Most of your work will be done in the Project Window, where you can drag
and drop NetWare 3 bindery objects and volume data into NDS containers in
the destination NDS tree.
The Project Window is a place to model different migration scenarios before
you begin the actual migration. The source server’s bindery objects and
volume data are shown in the left side of the Project Window, and the
destination NDS tree is displayed in the right side of the Project Window. All
of the planning in the Project Window is done offline, meaning that items
moved and created in the Project Window are not actually moved or created
until you begin the migration.
The Project Window and the Using the Project Window dialog box appear
once you have created the migration project. The following figure is an
example of the Using the Project Window dialog box that appears on top of
the Project Window.

103-000161-001
August 29, 2001
Novell Confidential
Figure 2 Using the Project Window Dialog Box
The three basic steps outlined in this dialog box should be performed for each
migration project. Once you are familiar with the tasks that you will be
performing, click Close to access the Project Window and begin modeling
your migration.
Complete the following tasks:
1 Determine which NetWare 3 bindery objects and volume data will be
copied to which containers in the destination server’s NDS tree.
2 If needed, create new objects in the destination NDS tree.
To create a new NDS Organizational Unit (also called a container),
right-click the parent of the Organizational Unit.
To create a new folder, right-click an existing folder or volume.
3 Drag and drop NetWare 3 bindery objects, folders, and volumes into NDS
containers.
Continue with the next section, "Verify Your Migration Project."

103-000161-001
August 29, 2001
Novell Confidential
Verify Your Migration Project

Once you have modeled your migration in the Project Window, you should
verify that the proposed locations for these new objects do not conflict with
existing names in the destination NDS tree.
Remember, dragged-and-dropped items appearing in the NDS tree are merely
assigned to be copied to that area in the NDS tree. Objects will not actually be
migrated until you begin the migration.
Once you have modeled your migration project, you can run a standalone
verification wizard or you can verify and migrate at the same time. Running
the standalone verification wizard prior to migration is not mandatory;
however, catching any critical errors or warnings before you begin your
migration will speed up the verification process during the migration.
1 To run the standalone verification wizard, click Project > Verify Project.
2 Follow the procedure in the next section “Migrate Users and Data to the
Destination NDS Tree” on page 17, starting with Step 2.
Migrate Users and Data to the Destination NDS Tree

Although you have selected the volumes and containers where the NetWare 3
data will be copied, no data has been migrated. When migrated, NetWare 3
User objects are converted to NDS objects and placed in the destination NDS
tree. To begin the migration, do the following:
1 From the Migration Wizard toolbar, click Project > Verify and Migrate
Project.
IMPORTANT: If you are notified during the verification that certain NLM files are
outdated on your NetWare 3 source server, you must update those files. To update
the files, copy them from the Products\NW3X directory. It is important that you copy
only the NLM files that Migration Wizard prompts you to. After copying the NLM
files, reboot the NetWare 3 source server and launch Migration Wizard again.
The Products\NW3X directory is located in the same directory where Migration

Wizard was installed (C:\Program Files\Novell\Novell NetWare Migration
Wizard\Products\NW3X).
2 Read the Welcome Screen and then click Next.

3 (Conditional) If you are migrating more than one server, choose the order
that you want your servers migrated in and then click Next.
This matters only if you have duplicate User objects among your source
servers.

103-000161-001
August 29, 2001
Novell Confidential
4 If prompted, select what volume you want to migrate your NetWare 3

print queue volume to, and then click Next.
5 If you want to apply a Template object to newly created users, browse the
tree, select the Template object from the tree view and then click Next.
If you do not want to use a Template object, uncheck the check box and
click Next.
IMPORTANT: Home directories are not automatically migrated. To migrate them,
you must drag and drop the NetWare 3 directory that lists the home directories into
the destination NDS tree. Then use a Template object when migrating your
NetWare 3 users to the destination NDS tree and make sure that the specified
home directory path in the Template object points to the location where you
dropped the NetWare 3 directory in the destination NDS tree.
HINT: If you have not created a Template object but you want to use one now,
save the project, go to ConsoleOne, and create the Template object. Next, run
Migration Wizard again and click Open Last Project. Then restart the migration
procedure beginning with Step 1 on page 17.
6 Decide how you want to handle any duplicate filenames between the
NetWare 3 source servers and the destination NDS tree. Select one of the
following and then click Next:
Don’t Copy Over Existing Files
Copy the Source File If It Is Newer
Always Copy the Source File
7 If you are migrating this NetWare 3 server for the first time, click Yes >
Next. If you are continuing with a previous migration, click No > Next.
When you migrate users and groups from NetWare 3, Migration Wizard
stores a table in the bindery of each source server of the NDS names that
it associates with the migrated NetWare 3 users as they are migrated to the
destination NDS tree. This way, you can migrate a few users at different
times and Migration Wizard will remember where you migrated them to.
Also, by storing this information, Migration Wizard can assign the correct
file permissions to the appropriate users.
8 Enter the password for the destination NDS tree and click Next.
9 Enter the password for the source server that you are migrating and then
click Next.
If you are migrating multiple servers at one time, you will see this screen
for every source server that you are migrating.

103-000161-001
August 29, 2001
Novell Confidential
10 Click Next to verify that you have enough disk space on the destination
volume to accommodate your NetWare 3 file system.
Migration Wizard will also scan the contents of all dropped folders and
verify that you have sufficient rights to migrate them.
11 If prompted, resolve any naming conflicts between different-type objects,
and then click Next.
You can choose to rename different-type objects or to not migrate them.
If you are migrating multiple servers at one time, you will see this screen
for every source server that you are migrating.
12 If prompted, resolve any naming conflicts between same-type objects,
You can choose to merge same-type objects or to not migrate them. If you
are migrating multiple servers at one time, you will see this screen for
every source server that you are migrating.
13 Verify that you do not want to migrate the listed NetWare 3 users, and
then click Next.
You will see this screen for every source server that you are migrating. If
you have made a mistake, click Cancel to return to the Project Window
and drag and drop the users that you want to migrate.
14 Verify that you do not want to migrate the listed NetWare 3 groups, and
then click Next.
You will see this screen for every source server that you are migrating. If
you have made a mistake, click Cancel to return to the Project Window
and drag and drop the users that you want to migrate.
15 Resolve any critical errors and click Next.
Warnings, or noncritical errors, can be resolved after the migration. To
resolve a critical error or warning, read the description in the text field
located beneath it. This description should give you a good idea of what
could be the possible cause of the error and a suggestion for fixing it.
If you are only verifying your project at this point, read the
Verification Summary, click Finish, and follow the instructions in
“Migrate Users and Data to the Destination NDS Tree” on page 17 to
begin the actual migration.
If you are actually migrating at this point, read the Verification
Summary and click Proceed to start the actual migration.

103-000161-001
August 29, 2001
Novell Confidential
17 (Migration only) View the Error Log and the Success Log.
Continue with the next section, "Perform Post-Migration Tasks."
Perform Post-Migration Tasks

After you’ve migrated the bindery objects and file system to the destination
server, complete the following tasks:
Modify the print configuration if you want to convert your queue-based
printing to NDPS®.
For more information, see the Novell Documentation Web site (http://
www.novell.com/documentation/lg/nw51/docui/index.html) >
Additional Documentation > Print Services > Novell Distributed Print
Services.
Make sure that applications have migrated correctly.
After migration, if you want to install additional network products and
services, you can do so from the servertop by clicking the Novell icon >
Install.
Make sure that each migrated user has the correct Novell Client
properties to log in to the destination NDS tree.
Modify user login scripts to accommodate the new location of data in the
NDS tree.
For more information, see the Novell Documentation Web site (http://
www.novell.com/documentation/lg/nw51/docui/index.html) >
Additional Documentation > Novell Clients > Novell Client for Windows
> Setting Up Client Login > Setting Up Login Scripts.
Reassign home directories if they were not migrated.

103-000161-001
August 29, 2001
Novell Confidential
2 Migrating Data from NetWare 4, 5, or 6
When you migrate data from a NetWare® 4, NetWare 5, or NetWare 6 source

server to a NetWare destination server, Novell® NetWare Migration Wizard 6
copies the file system and NDS® database from the source server to the newly
installed NetWare destination server.
After the source server’s file system and NDS database is migrated to the
destination server, the source server is automatically brought down and the
destination server reboots and assumes the name and identity of the source
server on your existing network.
Existing
Temporary NDS Tree
NDS Tree
Temporary
Server Name replaces
and
assumes
the identity
NetWare
Destination Server of
Source Server
Before you can migrate your data, you must first install a destination NetWare
server in a temporary NDS tree. A temporary tree is simply a tree that contains
one server with a basic installation of NetWare and no additional products
installed (other than SMSTM or any other default products).
Migrating Data from NetWare 4, 5, or 6 21

103-000161-001
August 29, 2001
Novell Confidential
To migrate data from NetWare 4, NetWare 5, or NetWare 6, complete the

following tasks in the order they are listed.
2. “Run Migration Wizard” on page 25
Preparing the Workstation

Make sure your workstation has the following:
A Windows 98 or Windows NT 4/2000 workstation with 50 MB of
available disk space.
The Windows 98 workstation must be running Novell ClientTM for
Windows 98 version 3.3 or later.
IMPORTANT: NetWare Migration Wizard 6 does not run on Windows 95
workstations.
The Windows NT 4/2000 workstation must be running Novell Client

for Windows NT version 4.8 or later.
If migrating from NetWare 4, the IPXTM protocol should be configured on
your Novell Client workstation.
For better performance, it is strongly recommended that the source server,
destination server, and client workstation be running on a common LAN
segment.
Preparing the Source Server

The source server is the NetWare server that contains the files, volumes, and
NDS objects that will be copied to the NetWare destination server. Valid
source servers can be running NetWare 4.11, 4.2, 5.0, 5.1, or 6.
Use ConsoleOneTM to verify that you have the Supervisor right to the
source server’s file system and the source server itself.
Update the source server with the latest NetWare Support Pack.
Updates are available at the Consolidated Support Pack Home Page
(http://support.novell.com/csp/csplist.html).

103-000161-001
August 29, 2001
Novell Confidential
(Conditional) If you are migrating data from NetWare 4, make sure that
the source server’s volumes are running long name space support on all
volumes to be copied.
To add long name space support to a NetWare 4.11 or NetWare 4.2
volume, enter the following at the server console: LOAD LONG and then
ADD NAME SPACE LONG TO volumename.
Load DSREPAIR and run the following three options:
Unattended Full Repair
Time Synchronization
Report Synchronization Status
Make sure that these finish with no errors.
Back up NDS and all data.
Preparing the Destination Server

The destination server is the new computer that will receive the data from the
source server. This server must be installed into a temporary tree.
After data is migrated from the source server to the destination server, the
destination server reboots and Migration Wizard automatically modifies the
destination server’s AUTOEXEC.NCF file to include the source server’s
name and internal IPXTM number/server ID. You don’t have to modify these
manually.
Valid destination servers can be running NetWare 5.0, 5.1, and 6. Migration
Wizard does not migrate to NetWare 4 destination servers.
Review the following tasks before installing the NetWare operating system on
the destination server:
Use ConsoleOne to verify that you have the Supervisor right to the
destination server’s file system and the destination server itself.
Make sure you create a temporary NDS tree with a temporary NDS tree
name.
IMPORTANT: The temporary name and temporary NDS tree name must not be
the same as the source server’s name or NDS tree name; otherwise, the
destination server will not assume the identity of the source server after the
migration.

103-000161-001
August 29, 2001
Novell Confidential
During the installation, create volumes on the destination server that are
the same size as, or larger than, volumes on the source server.
Volume names on the destination server must be the same as the volume
names on the source server.
Migration Wizard migrates compressed volumes. If you are migrating
compressed volumes to uncompressed volumes, Migration Wizard
decompresses the volumes during the migration. Make sure you have
enough room on the uncompressed volume to accommodate the source
volumes once they are decompressed.
If migrating from NetWare 4, install and configure the IPX protocol.
The IPX protocol must be bound to the destination server for the
migration to work. (You can remove IPX after completing the migration.)
IMPORTANT: IP addresses for the source server will not be migrated. For more
information on changing your IP addresses, see Step 3 on page 28.
Install the destination server with the NetWare operating system that you
are migrating to.
For instructions on installing NetWare 5, see the NetWare 5
Overview and Installation Guide (http://www.novell.com/
documentation/lg/nw5/docui/index.html).
Make sure that you select the New Server option on the Additional
Products and Services screen during the NetWare 5 installation, and
deselect all products except SMS.
For instructions on installing NetWare 5.1, see the NetWare 5.1
Installation Guide (http://www.novell.com/documentation/lg/nw51/
docui/index.html).
Make sure that you select the custom option on the Installation
Options screen during the NetWare 5.1 installation, and deselect all
deselectable products except SMS. Don’t worry about any default
products that you can’t deselect.
For instructions on installing NetWare 6, see the "NetWare 6
Overview and Installation Guide".
Make sure that you select the Pre-migration server option during the
NetWare 6 installation. And then select the custom option so that you
can verify that you have enough room on your destination server to
accomodate your source server data.
Continue with the next section, "Run Migration Wizard."

103-000161-001
August 29, 2001
Novell Confidential
Run Migration Wizard

1 Download and install NetWare Migration Wizard 6 from the NetWare
section of the Novell Software Downloads Web site (http://
www.novell.com/download).
2 Run Migration Wizard from the location where you installed it.
The installation program, by default, installs Migration Wizard at this
location: Start Menu > Programs > Novell > Netware Migration Wizard
> NetWare Migration Wizard.
3 Read the Welcome screen and click OK.
5 Click NetWare 4, 5, or 6 > OK.
7 Browse to Migrating Data from NetWare 4, 5, or 6 and make sure you
have completed the system and software requirements in "Meet System
and Software Requirements." Then close your browser.
8 Click Next.
9 Name the project, choose a place to save it, and then click Next.
By default, Migration Wizard saves all projects to C:\Program
10 Select the NDS tree that contains your source server and click Next.
11 Select your source server from the NDS tree and click Next.
12 Select the NDS tree that contains your destination server and click Next.
13 Select your destination server from the destination NDS tree and click
Next.
14 To save your project and access the Project Window, click Create.
The Project Window now appears.
Continue with the next section, "Copy Volumes."

103-000161-001
August 29, 2001
Novell Confidential
Copy Volumes
1 In the Project Window, click Copy Volumes.
Before Migration Wizard starts copying files, it backs up your directory
and file trustees and saves them in files located on the source and the
destination server. Once the NDS migration is complete, Migration
Wizard restores the trustees from the files it stored on the destination
server.
You do not need to copy all volumes at once. You can select volumes to
copy now and then copy other volumes later by reopening the project file.
Remember that open files are not migrated.
IMPORTANT: If you choose to copy your volumes in phases, at the final volume
copy, make sure you select all volumes that you previously copied and then click
Cancel. Otherwise, Migration Wizard will restore trustee assignments only to the
last volumes that were copied.
2 Select each volume name from the text field and then click Yes or No.
If you decide not to copy any of the volumes, select No for all volumes,
click Next, and then continue with “Edit Configuration Files” on page 28.
If you selected Yes for one or more of the volumes, continue with Step 3.
If you have big volumes or slow LAN connections, or if you want to
reconfigure your data by putting existing directories into different folders
on the destination server, you should consider using a backup tape to copy
your volumes.
IMPORTANT: If you using tape backup, do not restore the source server’s
standard SYS: directories to the destination server if you are upgrading your
NetWare operating system to a higher version. The standard SYS: directories, like
SYS:SYSTEM and SYS:PUBLIC, were created for you during the NetWare
installation.
If you are only migrating your existing data to new hardware and keeping the same
version of NetWare, restore the source server’s standard SYS: directories to the
destination server.
If you decide to use tape backup, select No for all volumes on the Select
Volumes to Copy screen, click Next, and continue with “Edit
Configuration Files” on page 28.
3 Decide if you want to copy the source server’s SYS: directories to the
destination server’s SYS:MIG directory, and then click Next.
Migration Wizard never overwrites the SYS: directories on the
destination server. If you choose to migrate the source server’s SYS:

103-000161-001
August 29, 2001
Novell Confidential
directories, Migration Wizard migrates them to the SYS:SYS.MIG

directory on the destination server.
If there are files in the source server’s SYS: directories that you want to
utilize on the destination server, after the NDS migration is completed,
copy the files from the SYS:SYS.MIG directory into the appropriate
SYS: directory on the destination server.
Remember, any applications that have NLM programs in this directory
will need to be reinstalled after the migration.
source server and the destination NDS tree. Select one of the following
and then click Next:
5 Determine how you would like to copy your volumes and then click Next.
You have the following two choices:
Copy volumes with users logged in
Disable login
Migration Wizard does not copy open files. If you disable user login, you
can be sure that no other users will log in to the network and open files
during the file copy.
6 Enter the passwords for the source and destination trees, and then click
Next.
7 If prompted, resolve any critical errors or warnings, and then click Next.
8 To copy the file system to the destination NDS tree, click Migrate.
9 Review the error and success logs, and then click Done.
Continue with the next section, "Edit Configuration Files."

103-000161-001
August 29, 2001
Novell Confidential
Edit Configuration Files

1 In the Project Window, click Edit Configuration Files.
Migration Wizard lets you modify any .NCF or .CFG files on the
destination server. These files contain default LOAD statements and
parameters.
IMPORTANT: If you are editing your AUTOEXEC.NCF, make sure the file is
closed before you migrate your NDS database.
2 In the text box, select the configuration file that you want to edit and then
click Edit File.
3 Copy and paste the commands from the configuration file on the source
server to the corresponding configuration file on the destination server.
When you are finished, click Save & Close.
If you intend to change the IP address on your destination server to be the
same as the IP address of your source server, you must edit your
configuration files and change the IP address in two places:
AUTOEXEC.NCF and SYS:ETC/HOSTS.
Copy the source server’s IP address and paste it into the destination
server’s AUTOEXEC.NCF file. (This works only if your IP LOAD and
BIND statements are located in the AUTOEXEC.NCF.) You also need to
go to the server console of the destination server and change the IP
address in the SYS:ETC\HOSTS file. Look for the original name of the
destination server.
If you use INETCONFIG to assign IP addresses, change the IP addresses
after the migration is complete.
4 (Conditional) If you are using configured time sources
(TIMESYNC.CFG), then copy and paste your timesync information from
the source server’s TIMESYNC.CFG file to the destination server’s
TIMESYNC.CFG file.
5 Close the Compare Configurations dialog box.
Continue with the next section, "Begin NDS Migration."

103-000161-001
August 29, 2001
Novell Confidential
Begin NDS Migration

1 In the Project Window, click Begin NDS Migration.
2 Back up all volumes that you are not planning to migrate and complete
the following tasks before continuing:
Make sure all volume data migrated successfully.
Make sure all critical errors from the file copy are resolved.
Make sure the servers in your source NDS tree are in time sync and
that NDS is synchronized. For more information, see Step 2 on page
31.
3 Click Next.
4 Insert the licensing diskette, browse to or enter the path to the licensing
file, and then click Next.
If you have an MLA, you also have the option of selecting the MLA
instead of inserting the licensing diskette.
5 Select Yes or No to update the source server’s schema.
Migration Wizard will update the source server’s schema to include the
NDS classes of the default applications that are installed on the
destination server.
If you select No, by default the Yes radio button is enabled, which causes
Migration Wizard to compare the source and destination schemas. This
comparison will help you determine how to extend your schema in
preparation for the migration.
6 Before continuing, verify that you have run the DSREPAIR procedures in
Step 2 on page 31 to verify that the NDS tree containing the source server
is functioning correctly, click Yes or No to acknowledge that your tree is
healthy, and then click Next.
Migration Wizard does not prevent you from continuing if you have not
run DSREPAIR to verify the health of your tree. However, if your tree is
unhealthy before you begin the migration, the migration might not
complete successfully.
7 If you are migrating from NetWare 4 running Border Manager, NetWare
5, or NetWare 6, you will be prompted to copy and transfer the NICI
configuration files from the source server to the destination server. Just
follow the on-screen instructions and when the NICI configuration is
complete, continue with the next step.

103-000161-001
August 29, 2001
Novell Confidential
IMPORTANT: If you are getting NICI errors when NDS is trying to load or when
you are copying the NICI files, you should first check and see if PKI.NLM will load
on the destination server. If PKI.NLM won’t load, see “NICI Errors” on page 55.
8 Delete all user connections (except your own) to the source and
destination servers, and then click Next.
9 Enter the passwords for the source and destination trees, and then click
Next.
10 Resolve any critical errors or warnings on the Migrate NDS Verification
Results screen, and then click Next.
11 Click Migrate to begin the NDS migration.
At the end of this the migration process, the source server is brought down
and the destination server reboots and takes over the name and identity of
the source server.
Migration Wizard automatically modifies the following items in the
destination server’s AUTOEXEC.NCF file:
The file server name is changed to the name of the source server
The time zone is changed to the time zone stored in the source
server’s AUTOEXEC.NCF file
The server ID is changed to the IPX internal net value or server ID
stored in the source server’s AUTOEXEC.NCF file
The default time server type is changed to the value stored in the
source server’s AUTOEXEC.NCF file
The bindery context is changed to the bindery context stored in
source server’s AUTOEXEC.NCF file
IMPORTANT: During the migration, the source server’s timesync information is
not automatically migrated.
12 View the Error and Success logs, and then click Done.
Use the Error Log to see a listing of all errors that occurred during the
migration. If there were errors, use the Success Log to determine how far
the migration got before the error occurred.
If the NDS migration failed, see “NDS Migration” on page 56 for
instructions on how to restore your servers to their original configuration.
13 Check the former destination server and verify that it has restarted and
taken on the name of the source server.

103-000161-001
August 29, 2001
Novell Confidential
14 Reboot your workstation and log in to the former destination server.

If you can’t log in, refer to “Workstation-to-Server Connections” on page
52.
Continue with the next section, "Finish NDS Migration."
Finish NDS Migration

1 In the Project Window, click Finish NDS Migration.
2 Read the Continue NDS Migration screen and make sure that
The former destination server has restarted and taken on the name
and identity of the source server
Licensing is installed
NDS is synchronized on all servers in the tree
To check NDS synchronization status, enter DSREPAIR at the server
console and run the Report Synchronization Status and Time
Synchronization options.
If the destination server does not contain a Read/Write or Master
replica, you must check NDS synchronization by running
DSREPAIR on another server in the NDS tree that has one of these
replicas.
3 Click Yes or No to verify that you have completed the tasks in "Step 2,"
4 Enter the password for the source tree and click Next.
5 Resolve any warnings or errors and click Next.
6 To finish the NDS migration, click Continue.
During this stage, Migration Wizard is restoring the file trustees and
updating the Volume objects in the tree.
7 View the error and success logs, and then click Done to close the current
project.
Continue with the next section, "Perform Post-Migration Tasks."

103-000161-001
August 29, 2001
Novell Confidential

1 Run DSREPAIR on the destination server and select Unattended Full
Repair.
2 Make sure that user information migrated successfully.
3 Reinstall any applications that have files or NLM programs associated
with the following volume SYS: directories: SYSTEM, PUBLIC, MAIL,
ETC, and NETBASIC.
IMPORTANT: Because the source server’s identity will replace the destination
server, all NDS objects on the destination server, including those representing
applications, are removed and replaced by the NDS objects that exist on the
source server. However, the NLM programs associated with the destination
server’s applications will still exist. Because you cannot manage applications
without their corresponding NDS objects, you must reinstall the applications to
restore their NDS objects to the NDS tree.
If your destination server was running NetWare 5.1, you might see warnings on
your server referring to SMS, LDAP, Novell Certificate Server, or NetWare
Management Portal. Just ignore the warnings and reinstall the products after NDS
has been migrated.
To reinstall these network products and services, go to the NetWare

Deployment Manager utility (NWDEPLOY.EXE) located on the
NetWare Operating System CD, or go to the GUI interface and click the
Novell icon on the servertop.
4 Install the latest NetWare Support Pack.
This will ensure that you get the latest code for the applications that you
are reinstalling. The latest Support Packs are available at the Novell
Support Web site (http://www.support.novell.com/misc/patlst.htm).
5 Run DSREPAIR > Time Synchronization to verify that your source server
is synchronized with the rest of your servers.

103-000161-001
August 29, 2001
Novell Confidential
3 Migrating Data from Windows NT
Novell® NetWare® Migration Wizard 6 automates key tasks, such as

migrating users and their file permissions, assigning passwords, and migrating
the NT file system to a designated NDS® tree. This automation eliminates the
need to choose from various utilities that would help you perform these tasks
individually.
Windows NT 3.51/4 NetWare

Server Server
Data
File System
and
NT Objects
NetWare
Migration
Wizard
Windows NT 4.0 Workstation,

Windows NT 2000 Workstation,
or Windows NT 4.0 Server
Although many tasks are automated in Migration Wizard, you should consider
the following issues before you get started.
First, you should plan your migration by answering the following questions:
Which NT users are accessing which NT files and directories, and where
are those files and directories located?
Migrating Data from Windows NT 33

103-000161-001
August 29, 2001
Novell Confidential
This information will help you decide which NT servers to migrate first
and how many servers you will need to migrate at one time. When you
migrate your users and groups, you will want to migrate all files and
directories that they have access to at the same time that you migrate their
User objects.
Which NetWare servers and volumes are you going to migrate your NT
folders to?
You should plan which servers and volumes in your destination NDS tree
will receive each of your NT folders. You can select a separate location
for each NT folder, if desired. In order to plan effectively, you will need
to become familiar with the file structure on the NetWare servers in your
Which NT users and groups are you going to migrate? Which NDS
containers on the destination NDS tree are you going to migrate them
into?
Decide which NT user and groups you are going to migrate, and then
determine whether you will need to create separate containers for your
NT users and groups in the destination NDS tree. When you model your
migration in the Project Window, you can create any additional NDS
containers you might need by right-clicking an NDS Organizational Unit.
Do any existing NDS User objects represent the same person in your NT
domain?
Determine whether any of your NT users already have an NDS account.
During the migration you will be asked if you want to search the NDS tree
for duplicate usernames. When Migration Wizard finds identical
usernames, it will display these in a table where you can choose to merge
the listed NT user with a NDS User object.
What will you do with any applications that do not run on NetWare?
Migration Wizard does not migrate applications. After the migration, you
will have to reinstall your applications. If you have some applications that
do not run on NetWare, you can keep an NT server intact and use it as an
application server.
How do you want to migrate information about your users and groups?
Do you want to use a Template object, ZENworksTM User Policy
Packages, or both?
For information, see “Creating a Template Object” on page 36 and
“Creating ZENworks User Policy Packages” on page 37.

103-000161-001
August 29, 2001
Novell Confidential
Do you have any trusted domains?

If so, you must reassign any trusted domain permissions to the
appropriate NT user and groups after the migration is complete. Use
ConsoleOneTM to reassign all lost trusted domain permissions.
Once you have planned your migration, you’re ready to begin your NT
migration. Complete the following tasks in the order they are listed.
2. “Perform Prerequisite Tasks” on page 36
3. “Run Migration Wizard” on page 39
4. “Model Your Migration Project” on page 42
5. “Verify Your Migration Project” on page 45
6. “Migrate Users and Data to the Destination NDS Tree” on page 46

You can run Migration Wizard either from the Windows NT 4 server that you
are migrating data from or from a Windows NT 4 or Windows 2000
workstation. However, the migration is faster if you run Migration Wizard
from the server rather than from the workstation because the files are copied
directly from server-to-server rather than via the client workstation.
Make sure you have the following NT permissions:
Write/Modify permission to the NT Domain and the Registry of the PDC
Read permission to all folders and files you are migrating
Log in to the NT domain with a user that has administrative rights to the
NetWare destination server
Make sure you have the Supervisor right to the NetWare destination server.
The following table lists the hardware and software requirements for the
workstation or server that you are using to run Migration Wizard.

103-000161-001
August 29, 2001
Novell Confidential
Platform Hardware Software
Windows NT 4 and Minimum hardware Novell ClientTM for

Windows NT 2000 requirements of Windows Windows NT 4 and 2000
workstations NT 4 and 2000 version 4.8 or later
workstations
Microsoft* Service Pack
6 or later
Windows NT 4 server Minimum hardware Novell Client for

requirements of Windows Windows NT version 4.8
NT 4 or later
Microsoft Service Pack 6

or later
To check the Microsoft Service Pack version, click Start > Run, type winver
in the text field, and then click OK. To download and install Microsoft Service
Packs, see the ZDNet Web site (http://updates.zdnet.com/products/
pr_13616.htm).
To check your current Novell Client version, right-click the N icon on your
workstation and click Novell Client Properties > Client. To download the
Novell Client, see the Novell Download Web site (http://www.novell.com/
download).
Continue with the next section, "Perform Prerequisite Tasks."
Perform Prerequisite Tasks
Creating a Template Object

The first prerequisite task is to determine whether you want to use a Template
object to migrate your NT users to the destination NDS tree.
A Template object is used to define additional NDS User attributes for NT
users during the migration. Template objects are especially useful for defining
additional attributes that are not found in the Windows NT domains. We
recommend that you use a Template object because it is an organized way to
migrate your NT users to the NDS tree and manage them once they are there.
IMPORTANT: In order to migrate home directories, you must use a Template
object.

103-000161-001
August 29, 2001
Novell Confidential
If there is a conflict between the properties of a Template object and an NT

policy, the properties of the Template object will, in most cases, take priority.
For example, if a minimum password length of seven characters is specified
for user Jeff in an NT policy and a minimum password length of nine
characters is specified in the Template object, then when Jeff’s object is
migrated, the object will be created in NDS with a password length of nine
characters.
If you want to know what additional NDS attributes can be defined in a
Template object, run ConsoleOne and double-click a Template object to view
all of the existing properties.
The last name, full name, and description of every NT object is always
migrated and these corresponding properties from the Template object are
overwritten.
If you decide to use a Template object, you can create one in ConsoleOneTM
by clicking File > New > Object > Template.
Creating ZENworks User Policy Packages

The next prerequisite task is to decide whether to use ZENworksTM User
Policy Packages.
ZENworks User Policy Packages help control the appearance and
functionality of a user’s desktop. Migration Wizard associates ZENworks
User Policy Packages only with groups.
If you decide to use ZENworks, you can determine the appearance of all
workstations belonging to the users associated with a particular NDS group.
When you associate a ZENworks User Policy Package with an NDS group,
the properties you apply in the policy package allow you to control
workstation attributes by setting a certain workstation backdrop, restricting
rights to the control panel, and modifying the workstation’s sound and color
scheme for users within that group.
NOTE: Migration Wizard does not migrate Microsoft NT 3.51 roaming profiles.
If you want to use ZENworks, install ZENworks Full 2.0 in your destination
NDS tree. ZENworks Full 2.0 can be installed from the NetWare 5.0 or 5.1
product CD. ZENworks 3.0 is not supported.

103-000161-001
August 29, 2001
Novell Confidential
To create ZENworks User Policy Packages in ConsoleOne, do the following:

1 In NetWare Administrator, right-click an NDS Organizational Unit in the
tree view and then click Create > Policy Package.
The type of workstation you have in your NT network (Windows NT/
2000, Windows 95/98, or both) will determine whether you want to create
WINNT-2000 user policy packages, WIN 95-98 policy packages, or both.
2 In ConsoleOne, click the user policy package icon in the toolbar. If you
don’t know which icon it is, mouseover the icons to see a short
description.
For more information about installing and using ZENworks, see the Novell
Product Documentation Web site (http://www.novell.com/documentation).
Registering the Workstation

If you are running Migration Wizard from a workstation, make sure that the
workstation is registered within the domain that you want to migrate. If it is
registered properly, continue with “Run Migration Wizard” on page 39.
If you want to change the domain that your workstation is registered in,
complete the following instructions for Windows NT or Windows 2000.
IMPORTANT: Migration Wizard does not run on a Windows 95 workstation.
Windows NT Workstations
1 At the workstation, right-click Network Neighborhood and then click
Properties.
2 Click the Identification tab and then click Change > Domain.
3 Specify the appropriate domain, enter your Administrator name and
password, and then click OK.
4 Reboot the workstation and launch Migration Wizard again; then
continue with the next section, "Run Migration Wizard."
Windows 2000 Workstations

1 At the workstation, right-click My Network Places, and then click
Properties.
2 Click the Network Identification link.

103-000161-001
August 29, 2001
Novell Confidential
3 Click Properties and enter the computer name and appropriate domain,
and then click OK.
4 Reboot the workstation and launch Migration Wizard again; then
continue with the next section, "Run Migration Wizard."
Run Migration Wizard

1 Download and install Migration Wizard from Novell Software
Downloads (http://www.novell.com/download) > NetWare > NetWare
Migration Wizard 6 or from the NetWare 6 Operating System CD. Follow
the download and installation instructions.
2 Launch Migration Wizard from the Start menu by clicking Programs >
Novell > NetWare Migration Wizard > NetWare Migration Wizard.
4 Click Microsoft Windows NT 3.51/4 Server > OK.
6 Make sure you have completed the system and software requirements in
“Meet System and Software Requirements” on page 35 of the online
documentation. Then close your browser.
7 Click Next.
8 Verify that the NT domain that appears in the grayed-out text field is the
domain that you want to migrate.
Migration Wizard automatically displays the NT domain that your
workstation or server is a member of.
If you are running Migration Wizard from a workstation, you can change
the domain that it is registered in. To do this, exit Migration Wizard and
follow the instructions in “Registering the Workstation” on page 38.
9 Name your migration project, choose a place to save it, and then click
Next.
By default, Migration Wizard saves your project in C:\Program
10 Select your destination NDS tree from the drop-down list and then click
Next.

103-000161-001
August 29, 2001
Novell Confidential
The destination NDS tree is the NDS tree that you want to migrate your
NT data to.
If you are not logged in to your NDS tree, the NDS tree name will not
appear in the drop-down list. If this is the case, click the Browse button to
log in to your NDS tree. Once you are logged in, the NDS tree name
automatically appears in the drop-down list.
11 Decide whether you want Migration Wizard to find any User objects in
your NT domain and in the destination NDS tree that have the same name,
and then click Yes or No.
12 Click Create to create and save your migration project.
When a project is created and saved, Migration Wizard creates a file that
contains the success and error logs of your project; these logs contain the
details of what took place during the migration.
13 (Conditional) If you clicked Yes in Step 11, continue with Step 13a. If you
clicked No, skip the rest of the steps in this procedure and go to “Model
Your Migration Project” on page 42.
13a Click the Browse button to select an NDS container on the
13b Browse the tree and select an NDS container, and then click OK.
13c Click Next to begin searching for duplicate usernames.
13d Decide what you want to do with NT users that have the same name
as NDS users.
The following screen is an example of the username table in
Migration Wizard. Carefully review this screen. If you do not make
any changes, Migration Wizard will automatically merge the
displayed NDS user with the adjacent NT user.

103-000161-001
August 29, 2001
Novell Confidential
Figure 3 Merging Your NT Users with Duplicate NDS Users
You have the following options for each listed NT user:

Merge the NT user with the displayed NDS user. Simply leave
that user as it is displayed in the table and continue with the next
listed NT user.
Merge an NT user with a different NDS user. Click the arrow by
the NDS username to view a drop-down list containing all the
NDS users that have the same username (including contexts) as
the adjacent NT user. Select one of the NDS names and continue
with the next listed NT user.
Do not merge the NT user with any of the matching NDS users.
Right-click the NDS user and click Don’t Merge. Select this
option if you know that none of the listed NDS users represents
the same person as the adjacent NT user.
13e Once you have made a decision for each listed NT user, click Finish.
The Project Window will now appear and the NT users that you
chose to merge with NDS User objects appear automatically as
dropped objects in the destination NDS tree.
Continue with the next section, "Model Your Migration Project."

103-000161-001
August 29, 2001
Novell Confidential
Model Your Migration Project

Most of your work will be done in the Project Window, where you can drag
and drop NT User and Group objects into NDS containers, and NT folders and
volumes into any volume or folder in the destination NDS tree.
The Project Window is a place to model different migration scenarios before
you begin the actual migration without affecting your NT domain or your
destination NDS tree. All of the planning in the Project Window is done off-
line, meaning that items moved and created in the Project Window are not
actually moved or created until you begin the migration.
HINT: For information on shared NT folders that end with a dollar sign ($), click
anywhere on your Windows desktop, press F1, click the Index tab, and then enter
$shares in the keyword text field.
The Project Window and the Using the Project Window dialog box appear
once you have created the migration project.
The following figure is an example of the Using the Project Window dialog
box that appears on top of the Project Window.
Figure 4 Using the Project Window Dialog Box
The three basic steps outlined in this dialog box should be performed for each
migration project. Once you are familiar with the tasks that you will be

103-000161-001
August 29, 2001
Novell Confidential
performing, click Close to access the Project Window and begin modeling
your migration project.
Using the Project Window
Review the following tips to help you organize your migration project and use
the Project Window more effectively.
Creating a New NDS Organizational Unit or Folder—To create a new
NDS Organizational Unit (OU), right-click the parent NDS
Organizational Unit or folder and then click New Organizational Unit or
New Folder. The following figure is an example of this task in the Project
Window.
Figure 5 Right-clicking Organizational Units in the Project Window
You can create new NDS OUs in the NDS tree and then migrate your NT
information to those OUs. This keeps the NT information organized and
in one place in the NDS tree. You can also choose to migrate the NT data
to existing OUs; just remember that you can always create a new OU in
the NDS tree if you need to.
If you add new containers or names to the destination tree, the names you
choose must adhere to the following NDS naming conventions:
Names must be unique. For example, Debra Jones and Daniel Jones
cannot both be named DJONES if they are in the same container.
The following special characters are allowed only if they are
preceded by a backslash (\): plus sign (+), equal sign (=), and period
(.).

103-000161-001
August 29, 2001
Novell Confidential
Uppercase and lowercase letters, underscores, and spaces are not

acknowledged by NDS. For example, Manager_Profile and
MANAGER PROFILE are considered identical names in NDS.
Setting the Context—To set the context, right-click an NDS
Organizational Unit and then click Set Context.
When you set the context, you can designate what part of the NDS tree
will appear in the right side of the Project Window. This is useful if you
have a large NDS tree with many objects.
Setting the context at a specific container will eliminate the need to scroll
down or collapse objects in your NDS tree. Once the context is set, this
container will appear as the top object in the right side of the Project
Window.
Viewing a Description of the Objects in the Project Window—To see
a short description of what an icon represents in the Project Window,
right-click an NDS object and then click What’s This?
Backing Out a Dropped Object—To return a dropped object to its
original position, right-click a dropped NT object in the NT domain or the
destination NDS tree and then click Back Out Dropped Object.
The following screen is an example of how a dropped object appears in
the NDS tree, along with the right-click menu.
Figure 6 Right-clicking Objects in the Project Window

103-000161-001
August 29, 2001
Novell Confidential
Finding Out Where a Dropped NT Object Came From—To find out

where a dropped object was located in the NT domain, right-click an NT
object and then click Where Did It Come From? When dragging and
dropping a large number of objects, this will help you remember where a
dropped object was previously located in the NT domain.
Once you feel comfortable with where you have dropped your NT folders,
users, and groups in the NDS tree, verify your migration project to resolve any
potential problems before migrating your NT data.
Continue with the next section, "Verify Your Migration Project."
Verify Your Migration Project

Once you have modeled your migration in the Project Window, you should
verify that the proposed locations for these new objects do not conflict with
existing names, rights, name spaces, etc., in the NDS tree.
Remember, dragged-and-dropped items appearing in the NDS tree are merely
assigned to be copied to that area in the NDS tree. Objects will not actually be
copied until you begin the migration process.
Because a similar verification process is run when you begin the actual NT
migration, running the standalone verification process prior to migration is not
mandatory; however, catching any critical errors or warnings now will speed
up the verification process during the migration.
You must resolve all critical errors before you begin to actually migrate your
migration project. Warnings can be resolved after the migration.
1 From the Migration Wizard toolbar, click Project > Verify Project, or
click the Verification button on the toolbar and then click Next.
2 Follow the procedure in the next section, "Migrate Users and Data to the
Destination NDS Tree," starting with Step 2.

103-000161-001
August 29, 2001
Novell Confidential
Migrate Users and Data to the Destination NDS Tree

Although you have selected the volumes and containers where the NT data
will be copied, no data has yet been migrated. When migrated, NT User
objects are converted to NDS objects and placed in the destination NDS tree.
To begin the migration, do the following:
1 From the Migration Wizard toolbar, click Project > Verify and Migrate
Project.
2 Read the Welcome screen and then click Next.
3 If you want to apply a Template object to newly created NDS users,
browse the tree, select the Template object from the tree view and then
click Next.
If you do not want to use a Template object, uncheck the check box and
click Next.
IMPORTANT: To migrate home directories, you must use a Template object when
migrating your NT users to the destination NDS tree. Make sure a Home Directory
property is defined for the Template object you are using.
HINT: If you have not created a Template object but you want to use one now,
save the project, go to ConsoleOneTM, and create the Template object. Next, run
Migration Wizard again and click Open Last Project. Then restart this migration
procedure again starting with Step 1.
4 (Conditional) If ZENworks is installed, complete the following steps:

4a Browse the destination NDS tree and select any of the ZENworks
User Policy Packages that you want to associate with your NT
groups, and then click Next.
4b Select a ZENworks User Policy Package from the drop-down list,
and then select the NT groups that you want to associate with each
ZENworks User Policy Package. Click the right-arrow to move the
associated groups to the Associate NT Groups window, and then
click Next.
HINT: If you selected both WINNT-2000 and WIN 95-98 policy packages in
the previous dialog box, you will first see a dialog box dealing only with your
WINNT-2000 policy packages, followed by another dialog box dealing only
with your WIN 95-98 policy packages. If you selected only one type of policy
package, you will see only one dialog box.
The drop-down list contains all the ZENworks User Policy Packages
that you selected in the previous step. You can associate as many NT
groups as you want with each policy package.

103-000161-001
August 29, 2001
Novell Confidential
4c Review the NT groups that you chose to associate with specific

ZENworks User Policy Packages, and then click Next.
If you want to change an association, click Back and follow the
instructions in Step 4b.
HINT: This screen will not appear if you are using ZENworks 3.0.
Microsoft NT domain and the destination NDS tree. Select one of the
following and then click Next:
6 Decide how you want to handle passwords for your NT users. Select one
of the following and then click Next:
Assign the Same Password to All Users—Migration Wizard will
assign the same password to all migrated users.
Assign a Randomly Generated Password to All Users—Migration
Wizard will randomly generate passwords, assign them, and then
store the passwords it assigns in a file that it creates, named
project_name_OUT.TXT. This file is saved in the same directory
where your migration project is located.
Read Passwords from a File—Migration Wizard will migrate the
current NT passwords to the destination NDS tree by reading them
from a text file. You must create the text file containing the NT
passwords before you begin the migration.
For more information on how to create this file, click the Help
button.
7 Set NT migration options by checking or unchecking the check boxes
next to the following options and then click Next:
Migrate File Permissions—Normally, Migration Wizard migrates
file and directory permissions. If, for some reason, you want to
reassign file and directory permissions, you can choose to not copy
the file and directory permissions here and then assign them later
with ConsoleOne.
Migrate Everyone Permissions—The NDS container that you drop
the NT Domain Info object into will be assigned the permissions that
were associated with group Everyone. If you are migrating the

103-000161-001
August 29, 2001
Novell Confidential
Everyone permissions, be sure to drop the NT Domain Info object

high enough in the NDS tree so that all NT users will inherit those
permissions.
HINT: Every new folder that is created in the NT domain automatically
receives the Everyone permissions by default.
Restart Option—Normally, this information is not erased; however,

if you have previously run a migration and deleted the NDS objects
from the destination tree, and you are planning to start over and
migrate the same domain again, check this check box.
When you migrate users and groups from NT, Migration Wizard
stores a table of NT names and associated NDS usernames in the
registry of the Primary Domain Controller (PDC). Migration Wizard
then uses this information when migrating the file system so that it
can remember where each user and group has been migrated to in the
destination NDS tree. By storing this information, Migration Wizard
can assign the correct file permissions to the appropriate users.
8 (Conditional) If you are running the standalone verification process, you
will now be asked if you want to check for rights and volume size on the
destination server. Check Yes if you want to check these things now, and
then click Next.
Since this process is quite time-consuming, you might not want to do this
every time you verify your migration project. But it is very useful if you
want to verify that you have enough space on the destination volume to
accommodate your NT file system.
Migration Wizard will also scan the contents of all dropped folders and
verify that you have sufficient rights to migrate them.
NOTE: NT can filter supervisory privileges. If you have all rights at the root of a
directory structure, this does not guarantee that you have these rights throughout
the directory structure.
9 In the Verify NT to NetWare Project window, click Next to begin the

verification.
10 If prompted, resolve any naming conflicts between different-type objects,
You can choose to merge different-type objects or to keep them as they
are.
11 If prompted, resolve any naming conflicts between same-type objects,
You can choose to merge same-type objects or to keep them as they are.

103-000161-001
August 29, 2001
Novell Confidential
12 If prompted, verify that you do not want to migrate the listed NT users and
groups, and then click Next.
This procedure must be done three times—once for all your NT local
groups, NT global groups, and NT users that were not dragged and
dropped into the destination NDS tree. If you migrated all of your users
and groups, you will not see this dialog box.
If you have made a mistake, click Cancel. This will return you to the
Project Window. Drag and drop the objects, go to the toolbar, click
Project > Start Migration, and then restart this procedure with Step 1 on
page 46.
13 Resolve any critical errors.
Warnings or noncritical errors, can be resolved after the migration. To
resolve a critical error or warning, read the description in the text field
located beneath it. This description should give you a good idea of what
could be the possible cause and a suggestion for fixing it.
If you are actually migrating at this point, click Proceed to start the
actual migration.
If you are only running the standalone verification process at this
point, click Finish and then follow the instructions in “Migrate Users
and Data to the Destination NDS Tree” on page 46 to begin the actual
migration.
15 (Migration only) View the Error and Success Logs.
Continue with the next section, Perform Post-Migration Tasks.

103-000161-001
August 29, 2001
Novell Confidential

After you’ve migrated your NT data to the destination NDS tree, complete the
following tasks:
Install the latest Novell Client software on any workstations that it was
not previously installed on.
You can download the client from the Novell Software Download Web
site (http://www.novell.com/download). For instructions on installing the
Novell Client on multiple workstations at the same time, see the Novell
Client Documentation at (http://www.novell.com/documentation).
Use ConsoleOne to make sure that your NT users and groups have been
migrated to the correct place in the destination NDS tree and have the
correct file and shared permissions.
HINT: If you end up with more or fewer permissions than you planned for, enter
CACLS/? at the DOS prompt and follow the on-screen instructions. Permissions
are sometimes hidden in Microsoft utilities; therefore, running this command at the
DOS prompt lets you see all of the permissions associated with your NT objects,
even the hidden ones.
At the destination NetWare server, use ConsoleOne to view the volume

that you migrated your data to and verify that it was done correctly.
Set up your printer mappings in NDPS®. For instructions, go to the online
documentation (http://www.novell.com/documentation) of the operating
system that you are running on the destination server and click Print
Services > Novell Distributed Print Services.
Check the migrated users’ home directories to make sure that they were
migrated the way you expected them to be.
Distribute the new NDS passwords to all of your users. The passwords are
located in a password file that Migration Wizard created for you named
project_name_OUT.TXT. This file is located in the same directory where
you saved your migration project.

103-000161-001
August 29, 2001
Novell Confidential
4 Troubleshooting
Refer to the appropriate section if you are having trouble with any of the
following:
General Connection Problems (page 51)
Workstation-to-Server Connections (page 52)
Server-to-Server Connections (page 53)
File Copy (page 53)
SMDR Errors (page 54)
Restoring Trustees (page 54)
NUWAGENT.NLM (page 55)
NICI Errors (page 55)
NDS Migration (page 56)
General Connection Problems

To eliminate unneccessary connection problems, make sure that
The source and destination servers have enough available server and
workstation licenses to do the migration.
The NDS® user that you are using to do the migration has no concurrent
connection limitations. To check this, do the following:
Run ConsoleOneTM on the workstation.
Edit the properties of the NDS User object.
Click the Login Restrictions tab.
Uncheck the Limit Concurrent Connections check box.
Troubleshooting 51

103-000161-001
August 29, 2001
Novell Confidential
The NDS user that you are using to do the migration has the Supervisor
right to the source server’s NDS object. Use ConsoleOneTM to verify that
the NDS object of the NDS user is listed in the source server’s Operators
list.
Workstation-to-Server Connections
If you have problems establishing or maintaining connections between your
servers and workstations, try one or more of these troublshooting suggestions:
Reboot the client workstation to clear the cache in the Novell® ClientTM.
Map a drive to the server instead of logging in. This is especially useful
when connecting with the IPXTM protocol.
Search for the server by its IP or IPX address instead of its name. Enter
the IP or IPX address in the Server field of the Novell Login dialog box.
Try connecting to the server and not the NDS tree by entering only the
name of the server and leaving the tree name and context blank.
Clear all unauthenticated connections. To do this, right-click the N icon
and click NeWare Connections. Detach from all servers and trees that you
are not authenticated to, and then try logging in again.
Make sure your Preferred NetWork Protocol is set correctly by doing the
following:
Right-click the N icon.
Click Novell Client Properties > Protocol Preferences.
Select the desired preferred network protocol and click OK.
Reboot the workstation.
Unbind the protocol you are not using from the destination server. For
example, if you are using IPX for the migration, but IP is bound on the
destination server, unbind the IP protocol on the destination server during
the migration.

103-000161-001
August 29, 2001
Novell Confidential
Server-to-Server Connections
If you have problems establishing or maintaining connections between your
servers, try one or more of these troublshooting suggestions:
Do not remove the source or destination server from the NDS tree. The
servers must be able to communicate with the other servers in the tree
during the migration.
Make sure the destination and source servers can communicate with each
other.
For IPX connections, enter DISPLAY SERVERS at the server console.
For IP connections, enter PING at the server console.
If you are using IPX, make sure the frame type and the IPX network
number/server ID are consistent between the source and destination
servers. For IP connections, verify that you have corresponding
addressing, subnet mask, and gateway information.
Reboot the destination server.
File Copy
There are a few common troubleshooting procedures you can try if you are
having problems during the file copy:
Enable login on both the destination and source servers. If you have
disabled login before you started the file copy, the servers can’t log in to
each other in order to migrate the files.
NOTE: If you have selected to do so, Migration Wizard disables login for you
during the migration.
If files are copying very slowly, make sure that the servers and
workstation are configured at the lowest common LAN speed. Verify that
the NICs and anything in between are all hard coded to either
communicate half-duplex or full-duplex; they need to be the same
throughout. If there are problems with full-duplex, use half-duplex.
If compressed files are migrated to uncompressed volumes, file copy
might be slower.
Troubleshooting 53

103-000161-001
August 29, 2001
Novell Confidential
SMDR Errors
Sometimes the SMDR.NLM program that is running on the destination server
can’t make a connection to the source server. To correct this problem, try one
or more of the following:
Reboot the source server.
Unbind the protocol you are not using from the destination server. For
example, if you are using IPX for the migration, but IP is bound on the
destination server, unbind the IP protocol on the destination server during
the migration.
If Migration Wizard can’t load the appropriate TSA.NLM on your
destination server, manually load it from the destination server console
and following the onscreen instructions. Or, enter SMDR NEW at the
server console to re-create the SMDR object.
Load SMDR.NLM at the destination server console and then enter SMDR
NEW at the destination server console to solve SMSTM problems.
Make sure the latest NLMTM programs are loaded.
Migration Wizard automatically copies the required NLMs to the source
and destination servers. To verify that you have the latest NLMs loaded,
check the files in the NetWare Migration Wizard\Products\NW3x
directory. You might have to load TSA312 manually.
Check your primary connections. Right-click the N icon in the system
tray and click NetWare Connections. Make sure the destination tree and
server are marked as "primary."
If you are migrating from NetWare 3, make sure the bindery context is set
on the destination server. If you are migrating to NetWare 6, enter set
bindery context = o=[context] on the destination server
console.
Restoring Trustees
If the trustees fail to restore and you get a 0xfffffffb error, this means that
you did not modify your IP address in all the necessary places. For more
information, see “Edit Configuration Files” on page 28.
If you need to restore trustees, in the Migration Wizard, you can click the
Finish NDS Migration button or select Restore Trustees from the toolbar.

103-000161-001
August 29, 2001
Novell Confidential
NUWAGENT.NLM
NUWAGENT.NLM is the NLM program that the Migration Wizard uses to do
much of its work. If you get errors that the NUWAGENT.NLM won’t load, try
the following:
Manually load NUWAGENT.NLM from the server console.
Enter SMDR NEW at the destination server console. This re-creates the
SMDR configuration and allows NUWAGENT.NLM to load.
NICI Errors
If you are gettting NICI errors when NDS is trying to load or when you are
copying the NICI files in the Migration Wizard, this might mean that your
NICI files are corrupt. To correct the problem, follow these steps on the server
that is getting NICI errors:
1 Copy the *.NFK file from server’s license diskette to the server’s
SYS:SYTEM directory.
2 Rename the *.NFK file that you just copied to NICIFK (this has no
extension).
3 Go to the Novell Support Web site (http://support.novell.com/filefinder)
and download NREPAIR3.EXE.
4 Extract NREPAIR3.EXE and locate NREPAIR.NLM.
5 Run NREPAIR.NLM on the server, clicking Yes at all the prompts.
6 Reboot the server.
7 Load PKI.NLM on the server and verify that you are no longer getting
NICI errors.
If you still see NICI errors, go to the Novell Support Home Page (http://
www.support.novell.com/search/kb_index.jsp) and search for TID
10025666.
Troubleshooting 55

103-000161-001
August 29, 2001
Novell Confidential
NDS Migration
If the migration fails during the NDS Migration step, you need to restore the
source and destination servers to their original configuration before you can
retry the NDS migration. The instructions for restoring the servers to their
original configurations are different depending on when the migration of data
failed.
If Begin NDS Migration, button 3, failed and the destination server did not
reboot and take on the name and identity of the source server, complete the
steps in “Restore Source Server to Its Original Configuration” on page 56.
If Begin NDS Migration, button 3, successfully completed and the destination
server has already rebooted and taken on the name and identity of the source
server, complete the steps in the following sections:
1. “Remove NDS from the Destination Server” on page 57
2. “Remove NDS from the Source Server” on page 58
3. “Restore NDS to the Source Server” on page 59
4. “Reinstall the Destination Server” on page 60
Restore Source Server to Its Original Configuration

If Begin NDS Migration, button 3, failed and the destination server did not
reboot and take on the name and identity of the source server, you need only
restore NDS to the source server. Once NDS has been restored, you have
restored the source server to its original configuration and you are ready to try
the NDS migration again.
1 Enter one of the following at the server console of the source server:
If your source server is running NetWare 4, enter LOAD INSTALL.
If your source server is running NetWare 5 or later, enter
NWCONFIG.
2 Select Directory Options > Directory Backup and Restore > Restore
Local DS Information after Hardware Upgrade.
3 Press F3 and enter SYS:SYSTEM\NUW30\NDSBU when promted for
the location of the backup files.
NDS has now been restored to the source server.
IMPORTANT: Do not reboot the destination server. Since the destination server
did not take over the identity of the source server, no other action is required prior
to performing the NDS migration again.

103-000161-001
August 29, 2001
Novell Confidential
4 To perform the NDS migration again, launch Migration Wizard and open
the project you were previously working on. When the project opens and
you see the Project Window, click the Begin NDS Migration button and
follow the instructions in “Begin NDS Migration” on page 29.
Remove NDS from the Destination Server

If Begin NDS Migration, button 3, successfully completed and the destination
server has already rebooted and taken on the name and identity of the source
server, you must remove NDS from the destination server before you can
restore NDS to the source server.
1 At the destination server console, enter NWCONFIG.
2 Select Directory Options > Remove Directory Services from This Server.
3 Press Enter when you see a warning instructing you to not remove
Directory Services.
Ignore any other errors during the removal of NDS.
4 Select Yes to Remove Directory Services.
5 Enter the Admin username and password.
6 Press Enter to reference a different object.
This object is used when NDS is restored back to the source server.
WARNING: Do not press Esc. If you do, the server references you entered will not
be saved or restored to the server.
7 Enter the full Admin username as the placeholder object distinguished

name.
8 Enter [Root] as the distinguished name to change from.
9 If the information about single reference time source appears, review the
information and press Enter.
10 If your server holds the Master copy of a replica, you will see a warning.
Press Enter.
11 Designate another server to hold the Master replica. You can choose to let
NWCONFIG randomly select another server, or you can designate one
yourself.
12 Return to the NWCONFIG utility and verify that NDS has been removed
by selecting Remove Directory Services from This Server.
Troubleshooting 57

103-000161-001
August 29, 2001
Novell Confidential
If the message appears saying that NDS has already been removed, bring
the destination server down and continue with the next section, "Remove
NDS from the Source Server."
If NDS was not successfully removed, exit NWCONFIG and enter
NWCONFIG -DSREMOVE at the destination server console.Then follow
this procedure again, beginning with Step 2.
Remove NDS from the Source Server

Once NDS has been removed from the destination server, remove NDS from
the source server.
1 Restart the source server by entering Server at the DOS command
prompt.
2 Enter LOAD INSTALL -DSREMOVE.
This command will instruct INSTALL or NWCONFIG to ignore any
warnings or errors during the removal of NDS.
If your source server is running NetWare 4, enter LOAD INSTALL -
DSREMOVE.
If your source server is running NetWare 5 or later, enter NWCONFIG -
DSREMOVE.
3 Select Directory Options > Remove Directory Services from This Server.
4 Press Enter to skip past any warning screens.
5 Select Yes to remove NDS.
6 Press Enter to skip the error message warning you that NDS is locked.
Ignore, but keep track of, any additional NDS error messages that appear.
7 When the INSTALL or NWCONFIG menu appears again, select Remove
Directory Services again.
If a message indicates that NDS is already removed, continue with the next
section, "Restore NDS to the Source Server."
If NDS was not properly removed, contact Novell Technical Support at 1-800-
858-4000.

103-000161-001
August 29, 2001
Novell Confidential
Restore NDS to the Source Server

By removing NDS from the source server, you removed the server from any
replica rings that held a partition of the source server. Now you must complete
the following procedure to restore NDS to the source server.
1 Enter one of the following at the server console:
If your source server was running NetWare 4, enter LOAD
INSTALL.
If your source server was running NetWare 5 or later, enter LOAD
NWCONFIG.
2 Select Directory Services > Install Directory Services onto This Server.
3 Select the NDS tree where the source server existed prior to migration.
4 Select a time zone and time configuration parameters.
Ignore any warnings or errors that appear during the restoration of NDS,
but make a note of the errors before pressing ESC.
5 Enter the Admin name and password.
6 Enter the context where the source server existed prior to migration and
press F10.
7 Save the NDS (Directory) information.
8 Wait while the server synchronizes with the NDS tree, which might take
a while.
9 Return to the INSTALL or NWCONFIG utility and select Directory
Options > Select Directory Back Up and Restore > Restore Local DS
Information after Hardware Upgrade > Restore Reference from another
Object to This Server.
This will restore all references to the Server object that you assigned
when you removed NDS from the destination server.
10 Press Enter.
11 Enter the full Admin username as the placeholder object distinguished
name, and then enter [Root] as the distinguished name to change from.
12 Exit the NWCONFIG or INSTALL utility.
13 At the server console of the source server, enter LOAD DSREPAIR.
14 Select Unattended Full Repair > Advanced Options > Check Volume
Objects and Trustees.
Troubleshooting 59

103-000161-001
August 29, 2001
Novell Confidential
15 Enter the Admin username and password.

16 Exit DSREPAIR.
17 At the workstation where you performed the migration, open your
project.
18 From the Migration Wizard Tools menu, click Restore Trustees to restore
the trustee assignments.
19 If the source server held the master replica of any partitions and you want
to restore these partitions prior to doing the NDS migration again, use
DSREPAIR to re-create them.
The source server is now restored to its original configuration.
Continue with the next section, "Reinstall the Destination Server."
Reinstall the Destination Server

To perform the migration again, you must reinstall the operating system on the
destination server.
HINT: If you had your server imaged, you can just restore the image rather than
reinstall.
1 Bring down the destination server.

2 Install NetWare and follow the on-screen instructions during the
installation.
After NetWare is installed on the destination server, you are ready to perform
the NDS migration again. Go to “Begin NDS Migration” on page 29.

103-000161-001
August 29, 2001
Novell Confidential
Novell Client for Windows
Novell
Client for Windows
www.novell.com
I N S TA L L AT I O N A N D A D M I N I S T R AT I O N G U I D E
December 7, 2001
Novell Confidential
doc_tpl.fm Rev 99a 28 22 June 00
Contents
Novell Client Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

1 Installing Novell Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Preparing to Install the Client Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Checking Server Protocols and Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 13
Downloading the Latest Client Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Checking for a Valid Network Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Checking for Client Workstation Incompatibilities . . . . . . . . . . . . . . . . . . . . . . . 16
Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Installing Novell Client at the Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring Network Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Installing Clients from the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Creating a Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Copying Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Granting Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Modifying the ACU Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Updating the Platform-Specific Configuration Files. . . . . . . . . . . . . . . . . . . . . . . 22
Creating or Modifying the Login Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
What Users See . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Upgrading a Client Workstation to Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . 26
Upgrading a Client Workstation to Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2 Setting Up Client Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Setting Up Login Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Where Login Scripts Should Be Located . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Creating or Modifying Login Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Creating Login Scripts from a Sample or Existing Login Script. . . . . . . . . . . . . . . . . 34
Printing Login Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Setting Up Login Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Setting Up Location Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Removing a Location Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Customizing the Novell Login Dialog Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Contents 5

Place Part Number Here
December 7, 2001
Novell Confidential
doc_tpl.fm Rev 99a 22 June 00
Logging In to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Logging Out of the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Setting Up Passwords in Windows NT/2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3 Setting Client Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Setting Properties before Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Setting Properties on a Single Workstation after Installation . . . . . . . . . . . . . . . . . . . 42
Setting Properties on Multiple Workstations after Installation . . . . . . . . . . . . . . . . . . . 42
Using DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Using DHCP Like an NDS Server Name Service Provider . . . . . . . . . . . . . . . . . . 43
Using DHCP to Distribute SLP Configuration Information . . . . . . . . . . . . . . . . . . . 43
Using DHCP to Distribute IPX Compatibility Information . . . . . . . . . . . . . . . . . . . 43
4 Managing Novell Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Common Networking Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
NetWare File Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Checking File or Folder Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Changing Trustee Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Combining Multiple Trustees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Setting Up AutoAdminLogon for Windows NT/2000/XP. . . . . . . . . . . . . . . . . . . . . . 47
AutoAdminLogon Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Setting the AutoAdminLogon Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Changing Passwords in NetWare Login with AutoAdminLogon . . . . . . . . . . . . . . . . 50
Uninstalling Novell Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5 Printing to a Network Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Attaching to a Network Printer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Setting Up Network Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Specifying Capture Settings with Windows Printing . . . . . . . . . . . . . . . . . . . . . . 54
Setting Up Point and Print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Printing DBCS Characters from DOS in Windows NT/2000. . . . . . . . . . . . . . . . . . . . 56
Disabling NetWare Login Dialog Boxes Brought Up by the Print Provider . . . . . . . . . . . . 57
Windows NT/2000/XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Windows 95/98 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
A Login Script Commands and Variables . . . . . . . . . . . . . . . . . . . . . 59

Login Script Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Using Identifier Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Login Parameters with %n Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Login Scripts Commands by Task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Network Connection and Access to Resources . . . . . . . . . . . . . . . . . . . . . . . . 66
Login Script Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Workstation Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

December 7, 2001
Novell Confidential
Text File Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Other . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
# . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
@. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
ATTACH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
BREAK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
CONTEXT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
DISPLAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
DRIVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
EXIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
FDISPLAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
FIRE or FIRE PHASERS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
GOTO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
IF...THEN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
INCLUDE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
LASTLOGINTIME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
MAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
NO_DEFAULT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
PAUSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Contents 7

December 7, 2001
Novell Confidential
PROFILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
REMARK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
SCRIPT_SERVER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
SET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
SET_TIME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
SHIFT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
TERM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
TREE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
WRITE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
B Sample Login Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Sample Container Login Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Sample Profile Login Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Sample User Login Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Sample Default Login Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
C Troubleshooting Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Windows 95/98 Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Dial-Up Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Windows NT/2000/XP Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Login Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Printing Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Remote Access Services Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
IPX Compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Software Compatibility Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

December 7, 2001
Novell Confidential
Novell Client Documentation
This documentation includes information on installing and configuring

Novell® ClientTM for Windows* XP version 4.82, Novell Client for Windows
NT*/2000 version 4.81, and Novell Client for Windows 95/98 version 3.31
and later software.
If you are using a previous version of Novell Client software, you should
update it to the latest version (http://www.novell.com/download). If you are
using a previous version of Novell Client software, some of the information in
this documentation might not apply.
This documentation includes the following information:
Chapter 1, “Installing Novell Clients,” on page 13
Chapter 2, “Setting Up Client Login,” on page 29
Chapter 3, “Setting Client Properties,” on page 41
Chapter 4, “Managing Novell Client,” on page 45
Chapter 5, “Printing to a Network Printer,” on page 53
Appendix A, “Login Script Commands and Variables,” on page 59
Appendix B, “Sample Login Scripts,” on page 93
Appendix C, “Troubleshooting Issues,” on page 97
Novell Client Documentation 11

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
1 Installing Novell Clients
This chapter explains how to install Novell® ClientTM for Windows XP,
Novell Client for Windows NT/2000, and Novell Client for Windows 95/98
software on one workstation or across the network. It describes the following
tasks:
Preparing to Install the Client Software (page 13)
Installing Novell Client at the Workstation (page 17)
Installing Clients from the Network (page 19)
Upgrading a Client Workstation to Windows 2000 (page 26)
Upgrading a Client Workstation to Windows XP (page 27)
Preparing to Install the Client Software

Before installing the client software, make sure the server and workstations
have sufficient resources and the required software. The hardware and
software setup for the server and client workstations require you to complete
the following tasks:
Checking server protocols and requirements
Locating the latest Novell Client software
Checking for a valid network connection
Checking client workstation requirements
Installing Novell Clients 13

103-000159-001
December 7, 2001
Novell Confidential
Checking Server Protocols and Requirements

You must prepare your servers to work with the Novell Client software. You
must know what protocols you use on the server and make sure that the servers
are configured to support long filenames. NetWare® 5 or later automatically
supports long filenames and does not need to have the name space added to it.
However, you must add long filename support to NetWare 3 and NetWare 4
servers.
You can install Novell Client with one of the following protocol options:
IP Only (NetWare 5 or later)
Installs the IP protocol stack, which allows the client to run in IP-only
networks; the workstation cannot communicate with IPXTM servers.
IP with IPX Compatibility Mode (NetWare 5 or later)
Installs IP and includes Compatibility mode, which allows IPX
applications to run in IP-only networks by converting IPX packets into IP
packets. IPX Compatibility mode allows the client to communicate with
services in IPX-only networks if the Migration Agent is installed on any
NetWare 5 or later servers. IPX Compatibility mode requires Service
Location Protocol (SLP) on the server.
IMPORTANT: Workstations using IPX Compatibility Mode cannot have an IPX
internal network number configured. If you have configured an IPX internal
network number on your workstation and you are planning to install the Novell IP
Client with IPX Compatibility Mode, then remove the IPX internal network number
before installing the client.
IP and IPX (default for new installations)

Allows the client to run in both IP and IPX networks. The workstation
uses the same protocol as the server it is communicating with.
IPX Only
Allows the client to run in IPX-only networks. This option does not install
IP.
If you are upgrading Novell Client software and you are keeping the same
protocol option, you do not need to select a protocol option. The previous
protocol configuration remains unchanged unless you choose a different
protocol.

103-000159-001
December 7, 2001
Novell Confidential
Adding Long Name Space
Make sure that long filename support is installed on NetWare 3 or NetWare 4

servers. NetWare 5 or later servers automatically support long filenames.
IMPORTANT: Each name space added to a volume requires additional server
memory. If you add name space support to a volume on a server without sufficient
memory, that volume cannot be mounted. Once a name space is added to a
volume, the name space can be removed from the volume only by deleting the
volume and re-creating it, or by using VREPAIR.
1 Load the long name space.
At the server console prompt, enter
LOAD LONG.NAM
NOTE: On versions of NetWare earlier than NetWare 4.11, use the OS/2* name
space, OS2.NAM. For NetWare 3.11 servers, use OS2OPNFX.NML for long
filenames. This NLMTM is a part of 311PTD.EXE and is available on the Novell
Web site.
2 Add the long name space.

At the server console prompt, enter
ADD NAME SPACE LONG TO VOLUME volume_name
Downloading the Latest Client Software

Novell Client software is shipped on CD and is also available from the Novell
Web site. You should install the latest version of the software. To download
the latest Novell Client software, complete the following steps.
1 Create an installation directory.
2 At the Novell Web site (http://www.novell.com/download), click the
client software that you want to download.
3 Follow the download instructions provided with the files on the Web site.
Checking for a Valid Network Connection

To check for a valid network connection from a Windows 95/98, Windows
NT/2000, or Windows XP workstation:
1 Open Network Neighborhood or My Network Places (NT/2000/XP).
2 Make sure that the networks you expect to see actually appear in the
window.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
If you have never installed a client or created a network connection, you might
not have access to Network Neighborhood or My Network Places. Therefore,
you must install the client software from CD-ROM. See “Installing Novell
Client at the Workstation” on page 17.
Checking for Client Workstation Incompatibilities
Windows 95/98
The following network components are not compatible with Novell Client for
Windows 95/98:
Microsoft Client for NetWare networks
Microsoft file and printer sharing for NetWare networks
Microsoft Service for NDS® software
Novell NetWare workstation shell 3.x (NETX)
Novell NetWare workstation shell 4.0 and later (VLMTM) clients
Novell IPX ODI protocol 16-bit module for the NETX and VLM clients
If any of these network components are installed, the client installation
program detects the conflict and removes the conflicting network
components.
Windows NT/2000/XP
Novell Client cannot be installed on Windows 2000 or Windows XP if the

Local Area Connection Properties Page is open. Close this page before
running the Novell Client install.
IPX Compatibility and Novell NetWare/IP Adapter will not be upgraded from
Windows NT to Windows 2000.
Some Windows NT 4.0 printer drivers are incompatible with Windows 2000
and XP and will not install. Contact Microsoft for more information.
For up-to-date information about software incompatibilities, see the Novell
Client Readme.

103-000159-001
December 7, 2001
Novell Confidential
Additional Information
“Installing Novell Client at the Workstation” on page 17
“Installing Clients from the Network” on page 19
Installing Novell Client at the Workstation

If you plan to install Novell Client software on a small number of
workstations, or if the workstations are not yet connected to a network, install
from the Novell Client CD or download it from the Novell Web site (http://
www.novell.com/download).
HINT: If you are installing or upgrading Novell Client software on several
workstations on the network, consider using the network installation explained in
“Installing Clients from the Network” on page 19.
The Novell Client Setup utility installs Novell Client software on workstations
running Windows. This utility lets you select the client that you want to install
from a list of available clients. Administrative options are also available.
HINT: The Typical Install only installs the basic Novell Client components. If you
want to install additional services such as NDPS, use the Custom Installation. If
you are upgrading Novell Client software, the same custom components are
installed unless you choose different ones.
ZENworksTM for Desktops Remote Management requires that you install

Workstation Manager components during the Novell Client installation.
To install at the workstation, complete the following:

Download the latest Novell Client software and then follow the
installation instructions included on the download page.
See “Downloading the Latest Client Software” on page 15.
Insert the Novell Client CD.
If the Novell Client Setup utility does not automatically launch, run
WINSETUP.EXE from the root of the CD.
If you require special accessibility settings, click Start > Run and enter the
/508 option to retain your monitor settings. Then, follow the onscreen
instructions.
For Windows 95/98, enter path_to_the_software/SETUP.EXE
/508

103-000159-001
December 7, 2001
Novell Confidential
For Windows NT/2000/XP, enter path_to_the_software/

SETUPNW.EXE /508
2 Click a language, a platform, and then the software you want to install.
3 Follow the on-screen instructions.
Once Novell Client is installed, check your network protocol configuration.

See “Configuring Network Protocols” on page 18.
Configuring Network Protocols

After you install Novell Client, make sure that it is configured correctly for
your network.
WARNING: Before you configure network protocols, make sure you have the
correct information and any addresses needed. If you configure protocols
incorrectly, the workstation will not be able to connect to the network, or it might
conflict with other workstations using the same address.
Windows 95/98 and Windows NT: Right-click Network Neighborhood,
click Properties, select the protocol that you want to configure, and then
click Properties.
Windows 2000 and XP: Right-click My Network Places, click
Properties, right-click Local Area Connection, select the protocol that
you want to configure, and then click Properties.
2 Configure the protocol options in each tab, then click OK.
For example, if your network uses DHCP to assign IP addresses
automatically, click the IP Address tab and then click Obtain IP Address
Dynamically. Or, if you must use a static IP address, click Specify an
Address and enter a valid IP address.
HINT: Click the question mark in the upper-right corner and then click in any field
for more information.
3 Click OK to make the changes.

You might be prompted to supply the Windows operating system CD. If
you do not have access to the correct files, you might not be able to create
a network connection.
You should now set the Novell Client properties for the workstation. See
Chapter 3, “Setting Client Properties,” on page 41.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Installing Clients from the Network

You can install Novell Client software on multiple workstations from the
network by copying files to the server and modifying the login script. This
installation is sometimes referred to as an Automatic Client Upgrade (ACU).
HINT: You can install the Novell Client using the Application Launcher component
of ZENworks. Application Launcher lets you distribute applications such as the
client software to workstations and manage those applications as objects in the
NDS tree. For more information, see the ZENworks for Desktops documentation.
On Windows XP, you can install the client software from the network on
workstations running the Microsoft Client Service for NetWare. Run the
install by logging into the server using bindery emulation.
You can install and upgrade the client software on all platforms when users
log in. The process involves six tasks:
1. Creating a folder on the server.
2. Copying Novell Client files and other required files to the new folder.
Workstations can then read the files during login.
3. Granting rights to the new folder.
4. Modifying the ACU configuration file.
5. (Optional) Creating or update the platform-specific configuration files.
6. Creating or modifying the login script. (A sample login script is
included.)
When the login script runs, ACU.EXE determines if the client needs to be
upgraded. This initial check saves network bandwidth during login because
the setup utility is run only if the client needs to be updated.
Creating a Folder
1 Log in to a server as Admin or as a user with Admin equivalence.
Make sure that you have rights to copy files to a network folder that all
users can access, as well as rights to modify login scripts.
2 Create a folder in SYS:PUBLIC.
For example:
SYS:\PUBLIC\CLIENT

103-000159-001
December 7, 2001
Novell Confidential
Copying Files
From the Novell Client CD, copy the WINNT or WIN95 directories
to the new folder.
If you are installing only one platform, you need to copy only the
platform directory (WINNT or WIN95) for the platform you will
install.
If you are installing the client in only one language or if your network
does not have enough space to accommodate multiple language
directories, you can delete the language directories that you do not
need from the NLS directory under each client directory. To ensure
that you have all necessary files, copy the entire client directory and
then delete only the extra language directories.
Copy the downloaded Novell Client software files to the new folder.
See “Downloading the Latest Client Software” on page 15.
2 (Conditional) If you are installing Novell Client for Windows 95/98, copy
the Windows 95 and/or Windows 98 .CAB files to the WIN95 directory.
The files are on the Microsoft Windows 95 or Windows 98 CD (and
Upgrade CD) in the respective WIN95 or WIN98 folder.
Granting Rights
1 Create a Group object in the NDS tree.
2 Place into that group users whose workstations need to be installed or
upgraded.
3 Make sure that the group has the Read and File Scan rights to the folder
that you created.
If you created a folder in SYS:PUBLIC, the new folder should have Read
and File Scan rights already associated with it, but you should make sure
that these rights have not been changed.
4 (Conditional) If you want the results of the installation to be added to a
status log file, make sure that the group has the Write right to that file.
A status log file records the success or failure of the installation. As each
workstation completes its installation, the status log file is appended to
include information on that workstation. Enable status logging in the
ACU configuration file.

103-000159-001
December 7, 2001
Novell Confidential
If you did not create the status log file prior to running the network
installation, you must give users the Create and Write rights to the
directory.
Modifying the ACU Configuration File

The Automatic Client Upgrade utility (ACU.EXE) determines whether the
client needs to be updated and allows you to specify several installation
options.
Option Description Settings
[LAUNCHINSTALL] Specifies whether the platform- Launch=Yes | No

specific setup utility will be launched (default: Yes)
once ACU.EXE determines that the
installation is necessary.
[DISPLAYDIALOG] Specifies whether users will be Display=Yes | No

prompted to begin the upgrade. (default: Yes)
[UNATTENDFILE] Specifies whether a platform- Use=Yes | No

specific configuration will be used (default: No)
and where it is located.
File=configuration_file_path
[STATUS Specifies whether a status log will Use=Yes | No

LOGGING] be created and where it will be (default: No)
located.
File=log file path
If you did not create a status log file
prior to installation, it will be created
and placed in the installation
directory on the network or in the
directory specified in the File
setting.
[ADMINISTRATOR Specifies additional text that will Message=the message you

MESSAGE] appear when the user is prompted want to appear
to start an ACU.

103-000159-001
December 7, 2001
Novell Confidential
Option Description Settings
[CLIENTLOCAL Specifies whether the installation LocalInstall=Yes | No

INSTALL] will be copied to a specified local (default: No)
directory and run locally.
LocalDirectory=directory
where you want the
installation copied
(default:
C:\Novell\ClientLocalInstall)
DeleteLocalInstall=Yes | No
(default: No)
HINT: If you want to delete

the files after the installation
is complete, set the
DeleteLocalInstall parameter
to Yes.
To customize ACU, do the following:

1 Open the ACU.INI file located in the folder that you created on the server.
2 Modify the configuration options.
IMPORTANT: We recommend that you use the ACU.INI file instead of the
command line switches used in previous versions of Novell Client. ACU.INI
simplifies the installation process. If you choose to use switches, they will override
ACU.INI options.
Updating the Platform-Specific Configuration Files

NOTE: If you are installing the client with the default settings, you do not need to
create or modify the configuration files. Skip this process and proceed to Chapter
3, “Setting Client Properties,” on page 41.
IMPORTANT: If you use a platform-specific configuration file to configure Novell
Client and you are using ACU.EXE, you must change the [UNATTENDFILE] option
to Yes in the ACU.INI file.
Each platform-specific installation utility reads a configuration file generated

by Novell Client Install Manager in order to configure the client properties.
This file provides information such as where to copy drivers during
installation and the most recent version number. This file must be placed in
the same folder as the installation utility.

103-000159-001
December 7, 2001
Novell Confidential
IMPORTANT: If you are configuring Windows 95/98 workstations, options that

were set in the NWSETUP.INI file or on the command line in previous versions of
Novell Client (such as Display First Screen or CAB FIX) are now set up in Novell
Client Install Manager.
To create a configuration file, do the following:

1 Start Novell Client Install Manager (NCIMAN.EXE).
Windows 95/98: Novell Client Install Manager is located in the
WIN95\IBM_language \ADMIN folder that you copied to the server.
Windows NT/2000/XP: Novell Client Install Manager is located in the
WINNT\I386\ADMIN folder that you copied to the server.
2 Click File > New, select the platform, and then click OK.
3 Modify the installation options as needed.
3a In the Installation Options list box, double-click the configuration
option that you want to modify.
3b In the property pages, set the parameters and then click OK.
The values that you set appear in the right list box.
HINT: You can import the settings from a workstation that has been previously
configured and save them to the configuration file. Once you set up the
workstation, click File > Import Registry to import the settings.
4 Click File > Save.

You can use any filename (for example, UNATT_95.TXT or
UNATT_NT.TXT).
5 Copy this file to one of the following directories:
Windows 95/98: WIN95\IBM_language
Windows NT/2000/XP: WINNT\I386
IMPORTANT: The path to the text file cannot contain long filenames.

103-000159-001
December 7, 2001
Novell Confidential
Creating or Modifying the Login Script

You need to modify login scripts for users whose workstations will be
upgraded.
To upgrade workstations for users in a container, modify that container’s login
script.
To upgrade workstations for users in a profile, modify that profile’s login
script.
To upgrade specific users’ workstations, modify those users’ login scripts.
To upgrade a workstation running bindery-based client software (such as
Microsoft Client for NetWare Networks which ships with Windows 95 or
Windows 98), edit the system login script (SYS:PUBLIC\NET$LOG.DAT).
Creating or Modifying a Login Script Using ConsoleOne

1 Double-click the object whose login script you want to create or modify.
2 Click Login Script.
3 Enter the login script commands and information into the login script text
box.
For a sample of the login script commands that you need to add to the
scripts, see “Sample Client Installation Login Script (Windows 95/98 and
NT/2000 Only)” on page 25.
IMPORTANT: Make sure that you edit the sample login script to match the server
names, directory paths, and specifications of your own network.
For additional information on all login script commands, see “Login

Script Commands and Variables” on page 59.
4 To save the login script and close the Details dialog box, click OK.
If the login script that you just created was a container or user login script,
you’re finished and the client software will be installed or updated the
next time users log in.
If the login script that you just created was for a Profile object, you must
associate the User object with the Profile object and make the User object
a trustee of the Profile object.
For additional information on all login scripts, see “Creating or
Modifying Login Scripts” on page 32.

103-000159-001
December 7, 2001
Novell Confidential
Sample Client Installation Login Script (Windows 95/98 and NT/2000 Only)
The following sample shows the commands that you add to the login script in
order to install the client software from the network. The sample includes text
for installing across an internal network.
HINT: In this sample, the text that is necessary to the script is represented in
uppercase letters. The information that you should customize for your network is in
lowercase letters.
REM ***** Windows 95/98 *****

IF (OS = "WIN95") OR (OS = "WIN98" AND OS_VERSION <> "V4.90")
THEN
WRITE "Updating Novell Client for Windows 95/98."
#\\server1\sys\public\client\win95\ibm_enu\acu.exe
IF "%ERROR_LEVEL" = "1" THEN
EXIT
END
END
IF OS = "WINNT" AND OS_VERSION <> "V5.01" THEN

WRITE "Updating Novell Client for Windows NT/2000."
#\\server1\sys\public\client\winnt\i386\acu.exe
IF "%ERROR_LEVEL" = "1" THEN
EXIT
END
END
At this time, you cannot use a login script to install Novell Client for Windows
XP version 4.82. This feature will be available in a future release.
NOTE: If you are using this sample script to replace the Microsoft Client with Novell
Client for Windows95/98, some user intervention is necessary. Due to Microsoft
Client’s limited scripting capabilities, users must close an open DOS box before the
workstation is rebooted and the installation is completed.
What Users See

If this is a new client software installation, or if it is an upgrade from older
client software, the software is installed or upgraded when users log in and
restart the workstation. Users might see system messages as their workstations
are upgraded, depending on how you set up the installation.

103-000159-001
December 7, 2001
Novell Confidential
Upgrading a Client Workstation to Windows 2000

You can upgrade a Windows 95/98 or Windows NT 4.0 workstation with
Novell Client software to Windows 2000 without uninstalling the client
software.
NOTE: IPX Compatibility and Novell NetWare/IP Adapter will not be upgraded
from Windows NT to Windows 2000.
Some Windows NT 4.0 printer drivers are incompatible with Windows 2000 and will
not install. Contact Microsoft for more information.
Windows 95/98 to Windows 2000: Installs Novell Client version 4.51 from
the Windows 2000 CD.
Windows NT to Windows 2000: Detects the version of Novell Client
software installed and does one of the following:
If the Novell Client version is 4.6 or earlier, Windows 2000 installs the
Novell Client version 4.51 from the Windows 2000 CD.
If the Novell Client version is 4.7 or later, Windows 2000 leaves it intact
but removes all installed components and changes the protocol selection.
After the migration to Windows 2000 is complete, Novell Client will reinstall
the previously installed components and restore the previously selected
protocols.
IMPORTANT: In order to complete the reinstallation of the components and
protocols, the user who logs in to the workstation after the migration must have
Administrator rights.
Novell Client version 4.51 on the Windows 2000 CD has limited

functionality. Therefore, you will want to upgrade to the latest Novell Client
version once you have completed the upgrade. You can either access the latest
client software from a product CD or download it from www.novell.com/
download. Once you have set up the Automatic Client Upgrade (see
“Installing Clients from the Network” on page 19), Novell Client will run an
ACU from one of the following places:
The path pointed to by the NWCLIENTDIR environment variable in the
login script or at the command line
The path were Novell Client was installed from
Drive Z: on the network
You can choose to skip the Automatic Client Upgrade by setting the
NWCLIENTDIR environment variable to NULL in the login script.

103-000159-001
December 7, 2001
Novell Confidential
For more information on Automatic Client Upgrade, see “Installing Clients

from the Network” on page 19.
For more information on installing Novell Client on individual workstations,
see “Installing Novell Client at the Workstation” on page 17.
Upgrading a Client Workstation to Windows XP

If you are upgrading your Windows operating system on workstations that
already have the Novell Client installed, you must first uninstall the Novell
Client to ensure a clean upgrade.
1 Uninstall Novell Client.
See “Uninstalling Novell Client” on page 51.
2 Upgrade the Windows operating system to Windows XP.
3 Install Novell Client for Windows XP version 4.82.
See “Installing Novell Client at the Workstation” on page 17.
HINT: On Windows XP, you can install the client software from the network
on workstations running the Microsoft Client Service for NetWare. Run
the install by logging into the server using bindery emulation.
NOTE: Novell Client cannot be installed on Windows XP if the Local Area
Connection Properties Page is open. Close this page before running the Novell
Client install.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000159-001
December 7, 2001
Novell Confidential
2 Setting Up Client Login
You can customize the client login environment to suit your network and have
greater control over what users can access during login. This chapter contains
information about the following:
Setting Up Login Scripts (page 29)
Setting Up Login Restrictions (page 36)
Setting Up Location Profiles (page 36)
Customizing the Novell Login Dialog Box (page 38)
Logging In to the Network (page 40)
Logging Out of the Network (page 40)
Setting Up Login Scripts

When a user successfully logs in to the network, one or more login scripts are
executed which automatically set up the workstation environment. Login
scripts are similar to batch files and are executed by the Novell® LOGIN
utility.
You can use login scripts to map drives and search drives to directories,
display messages, set environment variables, and execute programs or menus.
Login scripts are properties of specific NDS® objects.
There are four types of login scripts:
Container sets the general environments for all users in that container.
Container login scripts are execute first and can be associated with
Organization or Organizational Unit objects. A user can use only one
container login script.
NOTE: A container login script replaces the system login script from NetWare® 3.
Setting Up Client Login 29

103-000159-001
December 7, 2001
Novell Confidential
Profile sets environments for several users at the same time. Profile login
script are executed after the container login script and are associated with
Profile objects. A user can be assigned only one profile login script but
can choose other profile login scripts.
User sets environments (such as printing options or an e-mail username)
specific to a single user. User login script are executed after any container
and profile login scripts and are associated with User objects. A user can
have only one user login script.
Default contains only essential commands, such as drive mappings to
NetWare utilities, and cannot be edited. The default login script runs if a
user (including user Admin) doesn’t have a user login script, even if a
container or profile login script exists.
HINT: If you don’t want to create any user login scripts and you don’t want the
default login script to execute for any users, you can disable the default login script
by including the NO_DEFAULT command in the container or profile login script.
Maintaining many user login scripts can be time consuming. Therefore, you
should try to include as much customization information as possible in the
container and profile login scripts, which are fewer in number and easier to
maintain.
For example, if all users need access to the NetWare utilities in the same
volume, put the search drive mapping to that volume in a single container
login script rather than in every user login script.
Create profile login scripts if several users have identical login script needs.
Profile login scripts are sometimes thought of as group login scripts.
Finally, in user login scripts, include only those individual items that can’t be
included in profile or container login scripts.
IMPORTANT: Because up to three login scripts can execute whenever a user logs
in, conflicts can occur and drive mappings can be overwritten by consecutive login
scripts. It is important to note that the last login script to execute (usually the user
login script) overrides any conflicting commands in a previous login script.
HINT: In Windows NT and Windows 2000, all drive mappings created using
NetWare LOGIN are root mapped. Because of this, programs cannot access
directories above the directory that the drive is mapped to. If necessary, you can
turn off the default by adding SET MAPROOTOFF="1" as the first line in the login
script. This will globally force all NT/2000 workstations using the login script to not
map root drives.
WARNING: Don’t delete the login directory (SYS:LOGIN) created during network
installation. It contains the Novell LOGIN and NLIST utilities. If users run command
line utilities, they can use these utilities to log in and view a list of available NetWare
servers.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Where Login Scripts Should Be Located

Login scripts are properties of objects. Consequently, only certain objects can
contain login scripts. This, in turn, largely determines where login scripts can
be located.
The following figure shows how the different types of login scripts can reside
in an NDS tree and how they affect users.
In the figure, there are three users: ESAYERS, SWILLIAMS, and

MRICHARD. The following explains which login scripts execute when each
of these users logs in:
User ESAYERS: The SALES_PV container login script executes first,
followed by ESAYERS’s user login script.
User SWILLIAMS: The SALES_PV container login script executes first,
followed by the default login script.
User MRICHARD: The ACCOUNTING container login script executes,
followed by the CLERKS’ profile login script, and then MRICHARD’s
user login script.
Container login scripts affect only users immediately below the Organization
or Organizational Unit that contains the login script.

103-000159-001
December 7, 2001
Novell Confidential
For example, in the previous figure, although there are two levels of container
objects above users ESAYERS and SWILLIAMS, only the script for the
container they’re in (OU=SALES_PV) executes when they log in.
If the SALES_PV Organizational Unit had no container login script defined,
no container login script would execute for ESAYERS and SWILLIAMS,
even though a container login script exists at a higher level.
Because user SWILLIAMS has no user login script defined, the default login
script executes after the container login script.
Because user MRICHARD belongs to the profile CLERKS, the CLERKS
profile login script executes before MRICHARD’s user login script. Users can
be assigned to only one Profile object, but there are ways to get around this
restriction. See “Getting around the One Profile Login Script Restriction” on
page 34.
Creating or Modifying Login Scripts

You can use ConsoleOneTM to create login scripts from scratch or from a
sample login script that is provided for you. Using a sample login script can
help reduce syntax errors and thus reduce the time it takes to create login
scripts.
All four types of login scripts use the same conventions, commands, and
variables. For more information, see “Login Script Commands and Variables”
on page 59.
The main difference in creating container, profile, and user login scripts is the
object that you select to contain the login scripts. The default login script is
not assigned to any object.
Container login scripts are assigned to container objects (Organization or
Organizational Unit objects).
Profile login scripts are assigned to Profile objects. In order for a User
object to use a profile login script, you must select that User object and
assign it to the Profile object.
User login scripts are assigned to User objects.
IMPORTANT: Before you create or modify login scripts, you must have the Write
property right to the object that will contain the login script. In addition, the
Organization, Organizational Unit, Profile, or User object that you plan to assign the
login script to must already exist.

103-000159-001
December 7, 2001
Novell Confidential
To create or modify a login script using ConsoleOne, complete the following

steps:
1 Double-click the object whose login script you want to create or modify.
3 Enter the login script commands and information into the login script text
box.
For a sample, see “Sample Login Scripts” on page 93.
For additional information on all login script commands, see “Login

Script Commands and Variables” on page 59.
4 To save the login script and close the Details dialog box, click OK.
you’re finished and the client software will be installed or updated the
next time users log in.
If the login script that you just created was for a Profile object, you must
associate the User object with the Profile object and make the User object
a trustee of the Profile object. See the next section, “Associating the User
Object with a Profile Object.”
For additional information on all login scripts, see “Creating or
Modifying Login Scripts” on page 32.
Associating the User Object with a Profile Object

1 In ConsoleOne, double-click the User object that needs to use the profile
login script.
3 Enter the name of the Profile object in the Default Profile field located
under the login script text box, and then click OK.
4 To add the User object as a trustee of the Profile object, double-click the
Profile object.
5 Click NDS Rights > Trustees of this Object > Add Trustee.
6 Enter the name of the User object that uses this Profile object.
7 Make sure that the Browse object and the Read property check boxes are
checked, and then click OK to assign these rights to the User object.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The User object is now a trustee of the Profile object and has the rights
necessary to run the profile login script.
Repeat these steps for all additional users who need to use this script.
Getting around the One Profile Login Script Restriction
Users can belong to only one profile login script and so, as a rule, only one
profile login script can be executed for any user. There are ways to run the
equivalent of different or multiple profile login scripts by specifying other
profile login scripts.
For example, to specify a different profile login script for a user at the
command line, use the following command:
LOGIN username /p profile_object
You can also specify a different profile login script using ConsoleOne. On the
user’s Login Script page, browse until you find the profile login script that you
want to associate with the user, select it, and then click OK. For more
information on associating a profile login script with a user, see the
ConsoleOne help.
You can also assign users to more than one Group object. Use the MEMBER
OF group identifier variable to execute different parts of a login script,
depending on the Group objects that the user belongs to. To accomplish this,
use the If...THEN command (see “IF...THEN” on page 75) and the MEMBER
OF group identifier variable (see “Using Identifier Variables” on page 62).
To view an example of the IF...THEN command used with the MEMBER OF
group identifier variable, see “Sample Login Scripts” on page 93.
Creating Login Scripts from a Sample or Existing Login Script

To create a login script from any of the samples included in this
documentation or from an existing login script, complete the following steps:
1 Locate the sample or existing login script that you want to modify.
For sample login scripts included in this documentation, see “Sample
Login Scripts” on page 93.
2 Copy the sample or existing login script.
3 In ConsoleOne, open the login script, copy the sample and then paste it
into the login script.

103-000159-001
December 7, 2001
Novell Confidential
4 Make necessary changes to the sample login script to customize it for

your network.
5 Click OK to save the new login script.

you’re finished. If the login script that you just created was for a Profile
object, you must associate the User object with the Profile object and
make the User object a trustee of the Profile object. See “Associating the
User Object with a Profile Object” on page 33.
Printing Login Scripts

To print a login script from the command line, use the NLIST command and
redirect the output to a file or a printer. You must be in an object’s parent
container to see and print the login script of that object.
IMPORTANT: You must have a workstation running DOS 3.30 or later and the
Read and File Scan property rights to the object to be printed.
To print a user’s login script, enter

NLIST user=username show "login script">LPT1
To print a container’s login script, enter

NLIST "organizational unit"="ou name" show "login
script">LPT1
NOTE: Any option in the NLIST command that includes a space in its name must
be enclosed in quotes.

103-000159-001
December 7, 2001
Novell Confidential
Setting Up Login Restrictions

Login restrictions are limitations on user accounts that control access to the
network. These restrictions can be set in ConsoleOne for each user and include
the following:
Requiring a password (you can specify its minimum length, whether it
must be changed and how often, whether it must be unique, and whether
the user can change it)
Setting the number of logins with expired password and the number of
incorrect login attempts allowed
Setting account limits such as an account balance or expiration date
Limiting disk space for each user by specifying the maximum blocks
available for each user on a volume
Specifying the number of simultaneous connections a user can have
Specifying, by node address, which workstations users can log in on
Restricting the times when users can log in (you can assign all users the
same hours, or you can restrict users individually)
When a user violates login restrictions, the account is disabled and no one can
log in using that username. This prevents unauthorized users from logging in.
Setting Up Location Profiles

Location profiles allow you to save the information from a user’s specific
login into a location profile. When the user selects this profile during login,
the profile automatically sets up login information such as the user’s name,
server, tree, context, login script, and other applicable information so that the
user does not have to type this information.
Location profiles are especially powerful for users who log in from multiple
places. Users can have separate profiles for the office, home, laptop, or any
other workstation they use. This simplifies the login process so that users do
not have to remember their login information for each workstation. Using
multiple location profiles also gives you control over what users can access
from each workstation.
You can create a location profile on a single workstation or you can create
location profiles for multiple workstations by using the ZENworksTM
Workstation Configuration policy packages.

103-000159-001
December 7, 2001
Novell Confidential
HINT: To create and then distribute location profiles that will be used by multiple
workstations, use the Novell Client Configuration policy created in the Workstation
Configuration policy package in ConsoleOne.
For more information on using ZENworks for Desktops policy packages, see the
ZENworks for Desktops documentation. If you have questions while setting up a
policy package, click Help.
To create a location profile on a specific workstation, complete the following

steps:
1 Open the Client property pages.
Right-click the N icon in the system tray and then click Novell Client
Properties > Location Profiles.
or
Right-click Network Neighborhood and then click Properties > Location
Profiles.
2 Type the name of the profile that you want to add, and then click Add.
3 From the Service menu, select one of the following:
Login Service to configure login settings
Connection Service to configure your dial-up connection settings
4 From the Service Instance menu, do one of the following:
Select an existing service instance
Type a name for a new service instance and then click Add to specify
the settings for this service in the Novell Client Login window or
Connection Services window.
5 When you have finished creating the location profile, click OK.
HINT: When storing the profile through an NDS login, you can use a File System
Pointer. This allows multiple users to use the same profile, provided they all use
the same path as the file system pointer.
IMPORTANT: When storing the profile from a Windows NT 4.0 workstation on a
NetWare server, that server volume must support long filenames. In versions of
NetWare earlier than NetWare 4.11, the OS/2 name space was required for long
filename support. In NetWare 4.11 and NetWare 5 or later, the LONG.NAM name
space is required on the server.

103-000159-001
December 7, 2001
Novell Confidential
Removing a Location Profile

You might need to remove a location profile once it has been created. If you
are removing a location profile created on an individual workstation, complete
the procedure below. If you want to remove a location profile created in a
Client Configuration policy, you can either delete the Client Configuration
policy or change the associations of specific users with this policy.
1 Right-click the N icon in the system tray and then click Novell Client
Properties > Location Profiles to open the Novell Client property pages.
2 Select the name of the profile that you want to remove and then click
Remove.
Customizing the Novell Login Dialog Box

The Novell Login dialog box can be customized to show the features that you
want users to have access to. Customizing gives you control over the
following:
The choice of NDS or bindery connection
The Location field at the top of the dialog box
Hiding the Location field is especially useful if you have set up only one
location profile for a workstation. In this case, the Location field is not
useful and might confuse or distract the user.
The Advanced button
If you have set up several location profiles and do not want users to
change the data in various login fields (such as tree, context, server, and
run scripts), you can hide the Advanced button.
The Variables button on the Script tab
If you use %2, %3, %4, or %5 in the login script, you might want to set
these values in the location profile but not allow the user to change them.
In this case, it might be helpful to hide the Variables button.
The Clear Connections check box on the NDS and Bindery tabs
If you want all connections to be cleared every time the user logs in, or if
you don’t want any connections to be cleared, you can set the value in the
location profile and then hide the Clear Connections check box.
NOTE: The Clear Connections check box is never visible during initial login,
because an initial login automatically clears all connections.

103-000159-001
December 7, 2001
Novell Confidential
The Workstation Only check box that appears under the Password field
during an initial NT/2000 login
If you do not want to allow workstation-only logins—for example, if you
want to require that the user log in to NetWare in order to use the
workstation—you can hide the Workstation Only check box.
The Run, Display, and Automatically Close properties of login scripts
RAS options, if installed on the workstation
These additional features of the Novell Login dialog box should also be
considered:
If Dialup is not installed on the workstation, the fields on the Dialup tab
are disabled.
If the Novell Login dialog box is being used to log in to a specific tree,
the Tree field is disabled to prevent the user from changing the tree.
If the Novell Login dialog box is being used to log in to a specific NDS
server, the Server and Tree fields on the NDS tab are disabled to prevent
the user from changing them.
If the Novell Login dialog box is being used to log in to a specific bindery
server, the Server field on the Bindery tab is disabled to prevent the user
from changing the server.
The Novell Login dialog box can be customized to control the availability of
certain login options. This gives you control over how users log in.
HINT: You can also customize the Novell Login dialog box for multiple
workstations using the Novell Client Configuration policy created in the Workstation
Configuration policy package in ConsoleOne (ZENworks for Desktops 3) or
NetWare Administrator (ZENworks for Desktops 2).
For more information on using ZENworks for Desktops policy packages, see the
ZENworks for Desktops online documentation. If you have questions while setting
up a policy package, click Help.
To show or hide any login dialog box options, complete the following steps:
Properties > Location Profiles to open the Novell Client property pages.
2 Click Advanced Login.
3 In the Show On Login section of the Advanced Login property page,
check the check boxes for the items that you want to appear and uncheck
those that you do not want to appear.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Logging In to the Network

IMPORTANT: We recommend that users do not use the command line LOGIN
utility.
There are several ways to initiate a Novell Client Login once users have
already logged in to NetWare or to the local workstation:
Right-click the red N icon in the System Tray and then click NetWare
Login.
Right-click Network Neighborhood and then click NetWare Login.
Click Start > Programs > Novell (Common) > Novell Login.
In Network Neighborhood, double-click the tree or server to log in to; the
Novell Login will load automatically.
In Network Neighborhood, right-click on the desired tree or server and
then click either Authenticate or Login.
Run LOGINWIN32.EXE from the DOS command prompt.
Logging Out of the Network

To log in to new NetWare services while logging out of other servers or
clearing the current connections, use the NetWare Client Login and check the
Clear Current Connections check box.
If you want to log out of both the Windows NT/2000 workstation and
NetWare, press Ctrl+Alt+Del and then click Logout.
To log out of a specific server, right-click Network Neighborhood, click
NetWare Connections, select the server or tree, and then click Detach.
IMPORTANT: We recommend that users do not use the LOGOUT.EXE
command. If you use this command, specify a server name (LOGOUT
server_name).
Setting Up Passwords in Windows NT/2000

We recommend that you configure NT workstations to not use any of the
Microsoft password restrictions available in User Manager. Novell Client for
Windows NT works best if password restrictions are set in NDS.

103-000159-001
December 7, 2001
Novell Confidential
3 Setting Client Properties
You can optimize Novell® ClientTM for your network by using property pages
to configure installation options and protocol support, optimize performance,
configure optional client parameters, and set a variety of other parameters.
By default, the client is configured for high speed with moderate use of
memory and data protection. You can adjust the client to optimize its
performance in any of these areas. However, optimizing the client in one area
might lessen performance in other areas.
HINT: A new Advanced Menu Settings tab has been added to the Novell Client
Property Page. This tab lets you set menu options and control settings such as the
ability to send messages to the server console or how Network Neighborhood is
configured. A short description of each setting is available in the Description field
when you select the option.
Also, additional information on the Advanced Settings is available in an April 1999

AppNotes® article (http://developer.novell.com/research/appnotes/1999/april/03/
index.htm).
You can set properties for a single workstation, or you can set them for
multiple workstations simultaneously.
Setting Properties before Installation

Use Novell Client Install Manager to set properties for one or more
workstations before an unattended install. This method saves you from having
to set each workstation individually.
1 Start the Novell Client Install Manager.
Novell Client Install Manager is located on the CD-ROM or in the Novell
Client download in the WIN95\IBM_language >ADMIN directory.
2 Click File > New File > your operating system.
Setting Client Properties 41

103-000159-001
December 7, 2001
Novell Confidential
3 Modify the installation options as needed.

3a Double-click the configuration option that you want to modify in the
Installation options list box.
3b In the property pages, set the parameters and then click OK.
The values that you set appear in the right list box.
HINT: You can set up one workstation the way you want other workstations to be
set up, and then use Novell Client Install Manager to import the settings from that
workstation’s registry and save them to the configuration file you will use during the
ACU install. Once you set up the workstation, click File > Open Registry to import
the settings into Novell Client Install Manager.
For information about setting properties on a single workstation, see “Configuring

Network Protocols” on page 18.
4 Click File > Save.

You can save the file with any filename that you want to use. For
example, you could rename the file NOVELL.TXT and then use it in
conjunction with the ACU.
Setting Properties on a Single Workstation after

Installation
1 At the user’s workstation, right-click the N icon in the system tray.
2 Click Novell Client Properties.
3 Set the properties that you want to change.
4 Click OK to make the changes and close the property pages.
Setting Properties on Multiple Workstations after

Installation
Beginning with ZENworksTM for Desktops 3 or later and NetWare® 5 or later,
you can use ConsoleOne to configure client properties for multiple
workstations. The properties that you set in ConsoleOneTM or NetWare
Administrator are pushed down to the client workstations at scheduled times
or when specified events occur, such as when a user logs in.
To set the properties on multiple workstations after installation, refer to the
corresponding ZENworks for Desktops documentation at Novell’s
documentation Web site (http://www.novell.com/documentation/) for more
information.

103-000159-001
December 7, 2001
Novell Confidential
Using DHCP
If a DHCP server is set up on your network, the DHCP server can inform
Novell Client of network-specific configuration information.
You can easily configure Novell DHCP servers (NetWare 5 and later) to
distribute this information to the clients. See the server configuration
documentation for your NetWare product.
Clients obtain configuration information from DHCP even when you
statically configure the client’s IP address or even when the DHCP server used
to supply the information is different from the DHCP server supplying an IP
address to the client.
Using DHCP Like an NDS Server Name Service Provider

You can set up a DHCP server to inform Novell Client workstations that use
the IP protocol about an NDS® tree name and the IP addresses of servers that
are on that tree. When using this feature, it is best to specify the IP addresses
of the closest NDS servers containing partitions with the user information.
Using DHCP to Distribute SLP Configuration Information

You can configure the following SLP parameters through DHCP:
IP Address of SLP Directory Agents
SLP Scopes
Using DHCP to Distribute IPX Compatibility Information

You can configure the following IPXTM Compatibility parameters through
DHCP:
IP Address of Migration Agents
CMD Network Number
Migration Agent List Stale Time
Setting Client Properties 43

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
4 Managing Novell Client
Managing Novell® ClientTM requires that you manage users’ network

connections, passwords, rights and other security issues, etc. All of these
features are available from the Novell Client desktop.
Common Networking Tasks

Novell Client software is integrated with Windows. Features are integrated
into standard Windows interfaces such as My Computer, Network
Neighborhood, Control Panel, and the N icon in the system tray.
Instructions for performing common client tasks are provided under the N
menu:
1 Right-click the N icon.
2 Click Novell Client Help > Novell Client User Guide.
NetWare File Security

NetWare® networks restrict access to network files and folders based on user
accounts. For example, a user connected to the network using the
Administrator account might be able to delete or rename a file that other users
can only open and edit.
The NetWare file system keeps track of the rights that users have to files and
directories on the network. When users try to access any file on a NetWare
network, NetWare either grants access or prohibits certain things that users
can do with the file.
Rights are granted and revoked by creating trustee assignments. For more
information, see “Changing Trustee Assignments” on page 46.
Managing Novell Client 45

103-000159-001
December 7, 2001
Novell Confidential
File rights apply only to the file that they are assigned to. The rights can be
inherited from the folder that contains the file. Folder rights apply not only to
the folder but also to the files and folders it contains.
Checking File or Folder Rights

1 In Windows Explorer or Network Neighborhood, right-click the file that
you want to check.
2 Click Properties > NetWare Rights.
3 In the Trustees box, click the user account. The rights to the file or folder
will be displayed on the right-hand side.
Changing Trustee Assignments

You must have the Supervisor right to change trustee assignments.
1 In Windows Explorer or Network Neighborhood, right-click the file that
you want to check.
3 Add trustees, remove trustees, or change the rights granted to trustees as
needed.
Trustee assignments override inherited rights.
To change an Inherited Rights Filter, click the Inherited Rights and Filters
button on the NetWare Rights property page.
Combining Multiple Trustees

As an administrator, you might need to apply the same trustee assignments to
a group of selected files. You can combine trustee assignments by checking
the Combine Multiple Trustees check box on the NetWare Rights page.
1 In Windows Explorer or Network Neighborhood, click a file.
2 Press and hold Control while clicking additional files.
3 Right-click the selected files.
The Combine Multiple Trustees check box is enabled.

103-000159-001
December 7, 2001
Novell Confidential
This check box is available only if you’re viewing the NetWare rights for
multiple files or folders. Additionally, at least one of the files or folders
must have at least one trustee assignment. The trustees and rights shown
are the combined trustees and rights for all the files.
5 Check or uncheck the check box.
If you check Combine Multiple Trustees, the trustee assignments that are
shown will apply to all selected files after you click OK or Apply.
6 Click OK.
For example, Kim is a trustee of FILE_A and FILE_B. Kim has Read, File
Scan, and Access Control rights for FILE_A and Read and File Scan rights for
FILE_B. If you select FILE_A and FILE_B and view their properties, Kim is
shown as a trustee with Read, File Scan, and Access Control rights.
If you check Combine Multiple Trustees and then click OK, Kim is given the
Access Control right for FILE_B. Therefore, Kim now has Read, File Scan,
and Access Control rights for both FILE_A and FILE_B.
Setting Up AutoAdminLogon for Windows NT/2000/XP

Windows NT, Windows 2000, and Windows XP can automate the logon
process by storing passwords and other pertinent information in the Registry
database.
WARNING: There is a security risk to using the AutoAdminLogon feature.
Usernames and passwords in the registry are visible to users. This feature also
allows other users to start the computer and use the account to automatically logon
even if the workstation is locked. Refer to the Microsoft recommendations on when
to use AutoAdminLogon.
Use Registry Editor (REGEDIT.EXE) to add the needed logon information.

WARNING: Using Registry Editor incorrectly can cause serious, systemwide
problems that might require reinstalling Windows NT or Windows 2000 to correct
them.
HINT: To bypass the AutoAdminLogon process, and to log in as a different user,
hold down the Shift key after a logout or after a Windows NT restart.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
AutoAdminLogon Options
This section lists the options that you can choose from when setting
AutoAdminLogon. To set the options, use the procedure in “Setting the
AutoAdminLogon Options” on page 50.
Additional information on AutoaAdminLogon may also be available in
Technical Information Document # 10052847 on the Novell Technical
Support Web site (www.support.novell.com).
AutoAdminLogon for Windows Workstation Only
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Key: HKEY_LOCAL_MACHINE\SOFTWARE\Novell\

WindowsNT\CurrentVersion\Winlogon Login
AutoAdminLogon=1 AutoAdminLogon=0
DefaultDomain or Local WorkstationName=Name of

Domain or Local Workstation
DefaultUserName=Windows User Name
DefaultPassword=Windows Password for the

DefaultUserName specified above
AutoAdminLogon for Windows Workstation and NetWare

DefaultDomain or Local WorkstationName=Name of DefaultLocationProfile=Name of the Location

Domain or Local Workstation Profile that contains the information about the
Novell User to log in to the NetWare network such
DefaultUserName=Windows User Name as Username, Tree, Context, Server, etc.
DefaultPassword=Windows Password for the DefaultPassword=Novell Password for the
DefaultUserName specified above DefaultUserName specified in the Location Profile
Location profiles allow you to save a user’s specific login information. The
profile automatically sets up login information such as the user’s name, server,
tree, context, login script, and other applicable information so that the user

103-000159-001
December 7, 2001
Novell Confidential
does not have to type this information. For more information, see “Setting Up
Location Profiles” on page 36.
NOTE: The NT Credential information in the Location Profile will not be used. The
NT user information in the registry will be used instead.
AutoAdminLogon for NetWare Only Using Dynamic Local User (DLU) for Windows

DefaultLocationProfile=Name of the Location

Profile that contains the information about the
as Username, Tree, Context, Server, etc.
DefaultPassword=Novell Password for the

DefaultUserName specified in the Location Profile
Location profiles allow you to save a user’s specific login information. The
profile automatically sets up login information such as the user’s name, server,
tree, context, login script, and other applicable information so that the user
does not have to type this information. In this case, the location profile must
specify an NDS user with Dynamic Local User (DLU) privileges on the
Windows NT or Windows 2000 workstation. For more information, see
“Setting Up Location Profiles” on page 36.
AutoAdminLogon for Windows and Query for NetWare

DefaultDomain or Local WorkstationName=Name of AutoAdminQueryNDS=1

Domain or Local Workstation
DefaultUserName=Windows User Name
DefaultPassword=Windows Password for the

DefaultUserName specified above

103-000159-001
December 7, 2001
Novell Confidential
AutoAdminLogon for NetWare under Terminal Server

AutoAdminLogon=1
DefaultLocationProfile=Name of the Location

Profile that contains the information about the
as Username, Tree, Context, Server, etc.
DefaultPassword=Novell Password for the

DefaultUserName specified in the Location Profile
Turn Off AutoAdminLogon

Setting the AutoAdminLogon Options

1 Start Registry Editor (REGEDIT.EXE).
2 Locate the specified Registry keys and set the values as indicated.
If a value does not exist, click Edit > New > String Value, type the name
of the value, and then press Enter.
IMPORTANT: If no DefaultPassword string is specified, the value of the
AutoAdminLogon key is automatically changed from 1 (true) to 0 (false), disabling
the AutoAdminLogon feature.
3 Exit the Registry Editor and log out of Windows NT or Windows 2000.
Changing Passwords in NetWare Login with AutoAdminLogon

If AutoAdminLogon is enabled, be careful when running the NetWare Login
utility from the icon in the NetWare (Common) group. When run as a
standalone utility from the icon, NetWare Login does not recognize that the
workstation is running AutoAdminLogon.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
If the primary connection’s password expires when running NetWare Login

from the icon, the user will be given the chance to synchronize all NetWare
and NT passwords. Make sure that users do not synchronize the NT password,
because NetWare Login does not update the Registry setting for
AutoAdminLogon.
Uninstalling Novell Client

You can uninstall the Novell Client by using the uninstall utility or by
selecting Remove in Network Properties.
For Windows 95/98, double-click the uninstall utility (UNC32.EXE)
located in the WIN95\language_directory\ADMIN directory.
For Windows NT, in the Network Properties, click Services > Novell
Client for Windows NT/2000 > Remove, and then click Yes.
For Windows 2000/XP, right-click My Network Places, click Properties,
right-click Local Area Connection, and then Properties > Novell Client >
Uninstall.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000159-001
December 7, 2001
Novell Confidential
5 Printing to a Network Printer
Printer setup can be automated so that users’ workstations attach to the

network printers they use each time users log in to the network. Users can use
the network printers without having to manually connecting to the printer
every time they want to print.
After connecting to a network printer, users can select the printer from any
application that they are using. See the application’s documentation for
information on using printers.
Attaching to a Network Printer

A printer driver for each type of printer must be installed on the workstations.
Users can set up network printing on a workstation by specifying the name of
the printer in any of the following programs:
Windows Add Printer Wizard
Novell® Capture Printer Port
The following can automate printer connections so that the computer connects
to network printers each time a user log in:
NetWare® Login Script
NT/2000 Restore Connections
NT/2000 Logon Script
Printing to a Network Printer 53

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Setting Up Network Printing

1 Click Start > Settings > Printers.
2 Double-click Add Printer.
3 Click Network Printer Server > Next.
4 Select a printer you want to use from the Shared Printers box.
For NetWare 4 or later (NDS®) networks, double-click Novell
Directory Services® and find the context for the printer. Then select
a Printer object from the list.
For NetWare 3.x and bindery networks, double-click NetWare
Servers. Then, double-click the name of the server that supports the
queues you want to use and select the queue.
5 Click OK.
6 (Conditional) If a dialog box prompts you to install a driver for the
printer, click OK and install it.
6a Select the name of the printer from the Driver box and then click OK.
6b Enter the path to the printer driver and then click OK.
7 Run an application and select the network printer when you print.
Specifying Capture Settings with Windows Printing

Windows does not require captured printer ports to print to a network printer.
Windows can use print devices that are associated with network printers. This
allows applications to print directly to a network printer.
The CAPTURE utility does not affect Windows printer devices.
Captures are global. If you capture a printer port, the port is available for
network printing from anywhere in Windows.
Use the Capture Settings dialog box to specify printer settings for print
captures created with Windows. This can be useful if you want to use a DOS
or Windows 3.x application that relies on print captures and you can’t put the
capture in a login script.
To access the Capture Setting dialog box, complete the following steps:
1 Right-click the N icon in the system tray.
2 Click Novell Capture Printer Port.

103-000159-001
December 7, 2001
Novell Confidential
3 Enter the correct information in the dialog box.

4 Click Settings.
These settings apply only to printer ports that are captured from Windows.
Printer ports that are captured in a login script or from the command line do
not use these settings.
These settings do not apply to printers that appear in the Windows Printers
folder.
Changing the printer settings for a specific captured printer port does not
change the default printer settings.
Setting Up Point and Print

1 Get the printer driver files.
Get the Windows operating system CD-ROM or the Windows printer
driver files supplied by the printer’s manufacturer.
2 Log in as Admin or as a user with Admin-equivalent rights for the printer
or print queue.
3 Select a printer or print queue in the Windows Explorer or Network
Neighborhood.
4 Click File > Properties > Setup Point and Print.
5 Specify the path for the printer driver files.
You must be logged in to the tree or server where the path is located. You
must also have sufficient rights for the specified directory to copy the files
there. Users need Read and File Scan rights for the specified directory.
6 Click Select Printer Model.
7 Select the manufacturer of the printer.
8 Select the model of the printer.
9 Click OK.
The printer driver files are copied to the path specified in Step 5.
10 Click OK again.

103-000159-001
December 7, 2001
Novell Confidential
Printing DBCS Characters from DOS in Windows NT/

2000
In Windows NT and Windows 2000, the default command window runs as a
32-bit process. In order to use the existing DOS printer driver for DOS-
intrinsic commands, you must use a 16-bit command window.
This allows DOS-intrinsic commands such as COPY, TYPE, etc., to use the
print driver.
The following instructions explain how to set up NT to support this. These
instructions also set up the NT system to support the printer driver for DOS
applications.
1 Edit the AUTOEXEC.NT file, found in the
%SYSTEMROOT%\SYSTEM32 directory, adding the DOS printer
driver for your specific printer. Add the printer driver after the following
line:
%SYSTEMROOT%\SYSTEM32\VLMSUP.EXE
Make sure that you copy the printer driver to the path you specify in the
AUTOEXEC.NT file.
2 Save a copy of the WINNT_DIRECTORY\SYSTEM32\CONFIG.NT file
with another filename, such as CONFIG.PRT.
3 Edit the new CONFIG file, adding the DOSONLY command to the file.
4 Continue the setup process using the instructions for your specific version
of Windows NT.
4a Create a shortcut to the COMMAND.COM program, found in the
WINNT_DIRECTORY\SYSTEM32 directory.
4b Right-click the shortcut icon and then click Properties.
4c On the Program property page, click Windows NT and enter the
paths for the CONFIG and AUTOEXEC files that you created in
Steps 1 and 2.
4d Double-click the shortcut icon. A DOS window will open.
Only DOS applications can be run from this window, but anything that is
printed will be rendered by the printer driver that you installed. Any DOS
commands that affect the print driver must be entered in this window. DOS
applications can be started by any method.

103-000159-001
December 7, 2001
Novell Confidential
Disabling NetWare Login Dialog Boxes Brought Up by

the Print Provider
If users log in to a workstation but do not log in to NetWare and they have
NetWare printers installed, they will be prompted to log in to NetWare once
by the QMS print provider and once by the NDPS® print provider. These login
dialog boxes can be disabled if desired.
Windows NT/2000/XP
Windows NT/2000/XP has two registry setting options for disabling login
dialog boxes:
If you set
HKLM\SOFTWARE\Novell\Print\Delay Login\Delay Login=1
the print provider tells Windows that the printer is a NetWare printer even
though the user is not authenticated. Then, the provider waits for an action
that requires authentication is detected before displaying a login dialog
box.
If you set
HKLM\SOFTWARE\Novell\Print\Never Login\Never Login=1
the print provider never displays the NetWare login dialog, and print jobs
sent prior to authentication fail. A message similar to the following is
displayed:
"Error writing to \\TREE\QUE.context: A write fault
occurred on the network. Do you wish to retry or cancel
the job?"
Windows 95/98
Windows 95/98 has two registry setting options for disabling login dialog
boxes:
If you set
HKLM\SOFTWARE\Novell\Print\Never Login\Never Login=1
the print provider never displays the NetWare login dialog. Print jobs will
succeed, but the printer will go offline. To print, you must log in to

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
NetWare and then manually turn the printer online by opening the
Printers folder, right-clicking the printer, and deselecting Print Offline.
If you set
HKLM\SOFTWARE\Novell\Print\Never
Login\UserDialupSettings=1
the print provider sets Never Login to the dial-up connection settings and
attempts to print.
NOTE: This functionality is available only in Windows 95B or later.

103-000159-001
December 7, 2001
Novell Confidential
A Login Script Commands and

Variables
This appendix lists login script commands alphabetically and by the type of
tasks the commands perform. It also contains a list of identifier variables used
in login scripts.
Before implementing any commands or variables, make sure you understand
basic login script conventions. See “Login Script Conventions” on page 59
and “Using Identifier Variables” on page 62.
NOTE: Commands that work only on DOS or Windows 3.x workstations have not
been included. These commands include CLS, COMSPEC, DOS VERIFY,
MACHINE, NOSWAP, and SWAP. For information on using these commands, see
the help file that accompanies the Novell® ClientTM for DOS and Windows 3.x
software.
Login Script Conventions

The following table explains the conventions you should follow when creating
login scripts.
Convention Explanation
Minimum login script No minimum. All types of login scripts are optional. Login scripts
can vary from one line to many. There are no required
commands.
Case Either uppercase or lowercase is accepted. Exception: identifier

variables enclosed in quotation marks and preceded by a
percent sign (%) must be uppercase. See “Using Identifier
Variables” on page 62.
Login Script Commands and Variables 59

103-000159-001
December 7, 2001
Novell Confidential
Characters per line Maximum 512 characters per line, including any variables after
they are replaced by their values; 78 characters per line
(common screen width) is recommended for readability.
Punctuation and symbols Type all symbols (#, %, ", _) and punctuation exactly as shown
in examples and syntax.
Commands per line Use one command per line. Start each command on a new line;
press Enter to end each command and start a new command.
Lines that wrap automatically are considered one command.
Sequence of commands Generally, enter commands in the order that you want them to
execute, with the following restrictions:
ATTACH commands (NetWare® 3 only) must precede related

MAP commands to avoid prompting the user for a username/
password during login (see “ATTACH” on page 69).
If you use # (see “#” on page 67) or @ (see “@” on page 68) to
execute an external program, the command must follow any
necessary MAP commands. If sequence is not important, group
similar commands, such as MAP and WRITE commands,
together to make the login script easier to read.
Blank lines Blank lines don’t affect login script execution. Use them to
visually separate groups of commands.
Remarks (REMARK, REM, Lines beginning with REMARK, REM, an asterisk (*), or a
asterisks, and semicolons) semicolon (;) are comments, which don’t display when the login
script executes (see “REMARK” on page 83).
Use remarks to record the purpose of each command or group

of commands or to temporarily keep certain lines from
executing.
Identifier variables Type identifier variables exactly as shown. To display the value
of an identifier variable as part of a WRITE command, you must
enclose the identifier in quotation marks and precede it by a
percent sign (%). See “Using Identifier Variables” on page 62.

103-000159-001
December 7, 2001
Novell Confidential
NDS Attribute Values Any NDS® attribute value can be read from a login script,
including extended names. The syntax for accessing NDS
attributes is identical to common script variables with a few
exceptions:
The NDS attribute must be at the end of the string.
If multiple variables are required, they must be in separate
strings.
You must use the actual NDS attribute value names. You
cannot use localized names or nicknames. Some common
NDS attribute names are listed in “Using Identifier Variables”
on page 62.
You must have the Read right to read the value of objects
other than values associated with your own User object.
If the name contains a space, you can replace it with an

underscore (_) but it is not required. Both of the following
examples are correct syntax:
map n %home directory
map n %home_directory.
NDS Object Mappings NDS objects such as cluster-enabled volumes can be mapped
in the login script using the object’s fully distinguised name and
context preceeded by a leading dot (.).
To map to a cluster-enabled volume, you would use the

following syntax:
MAP N:= .NDS object's fully distinguished name

including context
For example:
MAP N:= .cluster2_vol1.xyz.provo.novell
For more information on mapping, see “MAP” on page 80.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Using Identifier Variables

Many login script commands allow you to take advantage of identifier
variables to make login scripts more efficient and flexible.
Use identifier variables to enter a variable (such as LAST_NAME) rather than
a specific name (such as Smith) in a login script command. When the login
script executes, it substitutes real values for the identifier variables.
By using the variable, you can make the same login script command
applicable to multiple users.
When using variables within login script commands, observe the following
conventions:
Type the variable exactly as shown.
To use environment variables as identifiers, enclose them in angle
brackets (< >).
Identifier variables are used most often with commands such as
IF...THEN, MAP, and WRITE. They can also be used with commands
that you can specify a path for, such as COMSPEC.
Identifier variables can be placed within literal text strings in a WRITE
statement. However, the identifier variable must be in uppercase letters
and preceded by a percent sign. (Literal text is the text that is displayed
on the screen, such as “Sales report is due today.” Literal text must be
enclosed in quotation marks.)
For example, using the %LAST_NAME variable substitutes the user’s actual
last name for the LAST_NAME variable in the command when the user logs
in. For example,
WRITE "HELLO, "%LAST_NAME
displays the following message on Bob Smith’s workstation screen when he

logs in:
Hello, SMITH
Using the %GREETING_TIME variable displays the time of day. If Bob

Smith logs in during the morning, both of the following lines display the same
message (Good morning, SMITH) on his screen:
WRITE "Good "; GREETING_TIME;", "; LAST_NAME
WRITE "Good %GREETING_TIME,%LAST_NAME"

103-000159-001
December 7, 2001
Novell Confidential
The following table lists the identifier variables.
Category Identifier Variable Function
Date DAY Day number (01 through 31)
DAY_OF_WEEK Day of week (Monday, Tuesday, etc.)
MONTH Month number (01 through 12)
MONTH_NAME Month name (January, February, etc.)
NDAY_OF_WEEK Weekday number (1 through 7; 1=Sunday)
SHORT_YEAR Last two digits of year (99, 00, 01)
YEAR All four digits of year (1999, 2000, 2001)
Time AM_PM a.m. or p.m.
GREETING_TIME Time of day (morning, afternoon, evening)
HOUR Hour (12-hour scale; 1 through 12)
HOUR24 Hour (24-hour scale; 00 through 23)
MINUTE Minute (00 through 59)
SECOND Second (00 through 59)
User CN User’s full login name as it exists in NDS
LOGIN_ALIAS_CONTEXT "Y" if REQUESTER_CONTEXT is an alias
FULL_NAME User’s unique username. It is the value of the

FULL_NAME property for both NDS and bindery-
based NetWare. Spaces are replaced with
underscores.
LAST_NAME User’s surname in NDS or full login name in

bindery-based NetWare
LOGIN_CONTEXT User’s context
LOGIN_NAME User’s unique login name (long names are

truncated to eight characters)

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
User (cont’d.) MEMBER OF "group" Group object that the user is assigned to
NOT MEMBER OF "group" Group object that the user is not assigned to
PASSWORD_EXPIRES Number of days before password expires
REQUESTER_CONTEXT Context when login started
USER_ID Number assigned to each user
Network FILE_SERVER NetWare server name
NETWORK_ADDRESS The internal number assigned by the network

specifying where a device can be located in the
network cabling system
Workstation MACHINE Type of computer (IBM_PC, etc.)
NETWARE_REQUESTER Version of the NetWare RequesterTM for OS/2 or

VLMTM users
OS Type of operating system on the workstation
OS_VERSION Operating system version on the workstation
P_STATION Workstation’s node number (12-digit

hexadecimal)
PLATFORM Workstation’s operating system platform
SHELL_TYPE Version of the workstation’s DOS shell; supports

NetWare 2 and NetWare 3 shells and NetWare 4
Requester for DOS.
SMACHINE Short machine name (IBM*, etc.)
STATION Workstation’s connection number
WINVER Version of the workstation’s Windows operating

system
NetWare DIALUP 0 = Not using dialup

MobileTM
1 = Using NetWare Mobile Client dialup profile
OFFLINE 0 = Not offline
1 = Disconnected login

103-000159-001
December 7, 2001
Novell Confidential
DOS <variable> Any DOS environment variable can be used in

Environment angle brackets. To use a DOS environment
variable in MAP, COMSPEC, and FIRE
PHASERS commands, add a percent sign (%) in
front of the variable.
Miscellaneous ACCESS_SERVER Shows whether the access server is functional

(TRUE = functional; FALSE = nonfunctional)
ERROR_LEVEL An error number (0 = no errors)
%n Replaced by parameters the user enters at the

command line with the login utility
See “Login Parameters with %n Variables” on

page 65.
Object Properties property_name You can use property values of NDS objects as
variables. Use the property values just as you do
any other identifier variable. If the property value
includes a space, enclose the name in quotation
marks.
To use a property name with a space within a

WRITE statement, you must place it at the end of
the quoted string:
WRITE"Given name=%GIVEN_NAME"
IF"MESSAGE SERVER"="MS1" THEN MAP INS
S16:=MS1\SYS:EMAIL END
Login Parameters with %n Variables

Some variables in a login script can be indicated by a percent sign (%)
followed by a number from 0 through 9.
NOTE: Only four variables (%2 through %5) can be changed in the login screen.
When a user logs in, additional parameters can be entered that the login utility
passes to the login script. The login utility then substitutes these parameters
for any %n variables in the login script. These variables are replaced in order
by the parameters the user entered when logging in.
The %0 variable is replaced by the name of the NetWare server entered in the
login dialog box, and %1 is replaced by the user’s fully distinguished login

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
name. The remaining variables change, depending on what the user types
when executing the login utility. The %n variables must precede all command
line options.
The “SHIFT” on page 86 login script command allows you to change the order
in which these %n variables are substituted.
Login Scripts Commands by Task

This list identifies which specific login script commands to use, depending on
what you need your login scripts to accomplish.
Network Connection and Access to Resources

ATTACH (page 69)
CONTEXT (page 70)
DRIVE (page 71)
MAP (page 80)
TREE (page 89)
Login Script Execution

BREAK (page 70)
FIRE or FIRE PHASERS (page 73)
GOTO (page 74)
IF...THEN (page 75)
INCLUDE (page 78)
NO_DEFAULT (page 82)
PAUSE (page 82)
PROFILE (page 83)
SCRIPT_SERVER (page 84)
SHIFT (page 86)

103-000159-001
December 7, 2001
Novell Confidential
Workstation Environment
SET (page 84)
SET_TIME (page 86)
Text File Usage

@ (page 68)
# (page 67)
DISPLAY (page 71)
EXIT (page 72)
FDISPLAY (page 72)
TERM (page 88)
WRITE (page 90)
Other
LASTLOGINTIME (page 80)
REMARK (page 83)
#
Use the # command to execute a program that is external to the login script.
The # command executes an external program and waits until it is finished
running before continuing with other login script commands.
This command fails when
The given directory is invalid
Proper security rights are lacking
The executable file cannot be found
Insufficient workstation memory is available to load the file
IMPORTANT: Use the @ command instead of the # command to run an external
program from a login script if that external program will remain open for any length
of time. Otherwise, the login script will remain open until that external program is
closed. (Login scripts cannot be edited while they are open.)

103-000159-001
December 7, 2001
Novell Confidential
Command Format
# [path] filename [parameter]
Replace path with a drive letter or, if you have specified NOSWAP on the
command line or in the login script, you can replace variable with a full
directory path beginning with the NetWare volume name.
Replace filename with an executable file (files that end in .EXE, .COM, or
.BAT, for example). It isn’t necessary to include the extension, but doing so
can speed up the execution of the external program.
Replace parameter with any parameters that must accompany the executable
file.
Example
You can use Automatic Client Update (ACU) to update Novell ClientTM
software without having to physically visit each workstation and manually
update the software.
ACU uses a text file that can be called from the login script. To call this file
from the login script for a workstation running Novell Client for Windows
NT/2000, place one of the following commands in the login script:
#Z:\PUBLIC\INSTALL\NTCLIENT\SETUPNW.EXE /ACU
or
#\\[SERVER]\[VOLUME]\PUBLIC\INSTALL\NTCLIENT\SETUPNW.EXE
/ACU
@
Use the @ command to execute a program that is external to the login script
and then continue with the script (similar to the Startup group). Enter the @
command followed by the name of the file that you want to execute.
IMPORTANT: Use the @ command instead of the # command to run an external
program from a login script if that external program will remain open for any length
of time. Otherwise, the login script will remain open until that external program is
closed. (Login scripts cannot be edited while they are open.)
This command fails when

The given directory is invalid
Proper security rights are lacking

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The executable file cannot be found

Insufficient workstation memory is available to load the file
Command Format
@ [path] filename [parameter]
Replace path with a drive letter.

Replace filename with an executable file (files that end in .EXE, .COM, or
.BAT, for example). Do not include the extension.
Replace parameter with any parameters that must accompany the executable
file.
Examples
If you want to start the GroupWise® program from within the login script, you
must have a search drive mapped to where the GroupWise application is
stored. Enter the following command in the login script:
@GRPWISE5
You do not need to enter a path in this case, because the executable program
file for GroupWise 5 (GRPWISE5.EXE) is located in a search drive.
If you do not have a search drive mapped to the directory where the program
is located, include the path to that directory in the command. For example, if
the program to run GroupWise 5 is located in the APPS directory on drive G,
use the following command:
@SYS:\APPS\GRPWISE5
ATTACH
Establishes a connection between a workstation and a NetWare server. If the
server is not in the current tree, a bindery connection is made.
In networks running NetWare 3 or earlier versions, use the ATTACH
command to connect to multiple file servers. In NetWare 4 and later, users no
longer need to attach separately to multiple servers and do not need to use the
ATTACH command. If users want to connect to multiple trees, use the TREE
command (see “TREE” on page 89).
HINT: To create persistent drive mappings, use the MAP command (see “MAP” on
page 80).

103-000159-001
December 7, 2001
Novell Confidential
BREAK
Use BREAK ON to allow the user to terminate execution of the login script.
The default is BREAK OFF. If BREAK ON is included in a login script, the
user can press Ctrl+C or Ctrl+Break to abort the normal execution of the login
script.
NOTE: When the BREAK option is ON, type-ahead keyboard input is not saved to
the buffer.
Command Format
BREAK ON|OFF
CONTEXT
Use CONTEXT to set a user’s current context in the NDS tree. Similar to the
CX utility in DOS, you can enter a complete name to move down through the
context, or you can use periods to move up toward the root of the tree.
However, CONTEXT does not support all options that the CX workstation
utility does; CONTEXT only sets the context.
Command Format
CONTEXT context
To change the current NDS context, replace context with the context that you
want the user to see after login.
Example
To change the context to the Organizational Unit SALES, under the
Organization NOVELL_US, add the following line to the login script:
CONTEXT .SALES.NOVELL_US
You can type a single period instead of a container name to indicate that you
want to move up one level.
For example, if you are in the context SALES.NOVELL_US and you want to
move up one level to the context NOVELL_US, add the following line to the
login script.
CONTEXT .
To move up two levels, enter two periods, etc.

103-000159-001
December 7, 2001
Novell Confidential
DISPLAY
Use DISPLAY to show the contents of a text file when the user logs in.
When you use DISPLAY, all characters in the file, including any printer and
word processing codes, appear. This command works best with an ASCII file.
To display only the text and suppress codes, use “FDISPLAY” on page 72.
NOTE: If the given path does not exist or if the file is not found, no error message
appears on the screen when the user logs in.
Command Format
DISPLAY [path] filename
Replace path with either a drive letter or a full directory path beginning with
the NetWare volume name.
Replace filename with the complete name (including the extension) of the file
that you want to display.
Example
Suppose you put messages in a file called SYSNEW.TXT in the
SYS:PUBLIC\MESSAGES directory, and you want your users to see the
messages when they log in on Monday. Add the following lines to the
container login script:
IF DAY_OF_WEEK="Monday" THEN
DISPLAY SYS:PUBLIC\MESSAGES\SYSNEWS.TXT
END
DRIVE
Use DRIVE to change the default drive while the login script is executing.
If this command is not included in the login script, the default drive will be set
to the first network drive, which is often assigned to the user’s home directory
upon login.
If you don’t want the default drive to be the first network drive, map a drive
in the login script to the directory you want to be the default; then use the
DRIVE command to change the default drive.

103-000159-001
December 7, 2001
Novell Confidential
Instead of specifying a drive letter such as F: or G:, you can use an asterisk
followed by a number n to represent the nth network drive (for example, *3).
This allows drive letters to reorder themselves automatically if previous drive
mappings are deleted or added.
Command Format
DRIVE [drive |*n]
Replace drive with a local or network drive letter, or replace n with a drive
number. The use of either is dependent on their already being assigned within
the login script.
Example
Suppose a user will be working on only one project for several days and the
files for that project are located on drive S:. Use the DRIVE command to set
the default drive to S: so that the user doesn’t have to change the default drive
manually after each login.
First, make sure drive S: is mapped to the correct directory in the user’s login
script. Then enter the following command in the login script:
DRIVE S:
EXIT
Use EXIT to terminate execution of the login script.
IMPORTANT: You cannot use EXIT in a login script to stop the login script and
execute a program. EXIT only terminates the execution of the login script. If you
want to execute a program after exiting the login script, you must use two
commands: “#” on page 67 or “@” on page 68 followed on the next line by EXIT.
FDISPLAY
Use FDISPLAY to show the text of a word processing file when the user logs
in.
To display both the text and the printer and word processing codes of a file, or
to display an ASCII file, see “DISPLAY” on page 71.
When you use FDISPLAY to display a word processing file, the text is filtered
and formatted so that only the text is displayed. FDISPLAY will not display
tabs.

103-000159-001
December 7, 2001
Novell Confidential
NOTE: If the given path does not exist or if the file is not found, no error message
appears on the screen when the user logs in.
Command Format
FDISPLAY [path] filename
Replace path with either a drive letter or a full directory path beginning with
the NetWare volume name.
Replace filename with the complete name (including the extension) of the file
that you want to display.
Examples
Suppose you put messages in a file called SYSNEWS.TXT in the
SYS:PUBLIC\MESSAGES directory, and you want your users to see this file
on their screens when they log in on Monday.
Add the following lines to the container login script:
IF DAY_OF_WEEK="Monday" THEN
FDISPLAY SYS:PUBLIC\MESSAGES\SYSNEWS.TXT
END
FIRE or FIRE PHASERS

FIRE or FIRE PHASERS emits a phaser sound by playing the
PHASERS.WAV sound file.
Use this command to generate the phaser sound whenever a user logs in. Use
FIRE or FIRE PHASERS with the IF...THEN command to make the sound
execute a different number of times depending on the circumstances of the
login.
Command Format
FIRE n soundfile
Replace n with the number of times that you want this sound to occur.
Replace soundfile with the name of the sound file that you want to play when
this command is executed. (The sound file variable cannot be used on DOS
workstations.) You can use any .WAV or platform-compatible sound file.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Examples
The following line executes the phaser sound four times upon login:
FIRE 4
The following line executes the rifle sound three times upon login:
FIRE 3 RIFLE.WAV
To use a variable as the number of times to fire, use % before the variable, as
follows:
FIRE %variable
For more information about using variables, see “Using Identifier Variables”
on page 62.
GOTO
Use GOTO to execute a portion of the login script out of the regular sequence.
Set BREAK ON in your login script before experimenting with GOTO loops
so that you can break out of a login script if necessary. See “BREAK” on page
70.
IMPORTANT: Do not use GOTO to enter or exit a nested IF...THEN (page 75)
statement. This usage causes problems for the program.
Command Format
GOTO label
Use label to indicate where the login script should continue executing.
Example
To execute a loop of commands, include the following lines in the login script.
In this case, the commands to be executed are labeled AGAIN (as indicated in
the second line).
SET X="1"
AGAIN:
SET X=<X> + "1"
;see compound strings for this
WRITE <X>
IF <X> < "9" THEN GOTO AGAIN

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The GOTO command looks at the value of <X> (a DOS environment

variable). If the value of <X> is less than 9, then <X> increments by 1 and
GOTO loops back to the AGAIN label. When <X> gains the value of 9, the
IF...THEN test becomes false, the GOTO is ignored, and the script continues
normally.
IF...THEN
Use IF...THEN to perform an action only under certain conditions.
An example of a conditional statement is
IF MEMBER OF "CLERKS"
In this statement, some action is performed if the user who logged in belongs
to the Group object named CLERKS.
The following is a different type of conditional statement:
IF DAY_OF_WEEK="MONDAY"
In this statement, the equal sign (=) indicates the relationship between the
variable (DAY_OF_WEEK) and its value (Monday). Note that the value
(Monday) is inside quotation marks.
When using IF...THEN statements, be aware of the following syntax rules:
Use AND or OR to include two or more conditionals in an IF...THEN
statement.
Values of conditional statements must be enclosed in quotation marks.
Values of conditional statements are compared with the assumption that
the values are characters, not numeric values. The value of 21, therefore,
would be considered greater than the value of 100 when comparing these
two characters. To ensure the system properly calculates numeric values
instead of character values, use the VALUE modifier in the IF...THEN
statement.
The ELSE statement is optional.
IF, ELSE, and END must be on separate lines. THEN does not need to be
on a separate line.
If you include a WRITE command as part of the IF...THEN command,
the WRITE command must be on a separate line.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IF...THEN statements can be nested (up to 10 levels). However, GOTO

should not be used in a nested IF...THEN statement to enter or exit from
the body of an IF...THEN statement.
If your IF...THEN statement consists of only one line, you do not need to
include END even if that line wraps. If your IF...THEN statement must
be on more than one line (for example, if you used ELSE or WRITE,
which must be on separate lines), you must include END.
Six relationships are possible between the elements of an IF...THEN
statement. Represent these relationships with the following symbols:
= Equals
< > Does not equal
> Is greater than
>= Is greater than or equal to
< Is less than
<= Is less than or equal to
Command Format
IF conditional [AND|OR [conditional]] THEN
commands
[ELSE
command]
[END]
Replace conditional with identifier variables. For information about identifier

variables, see “Using Identifier Variables” on page 62.
Replace commands with any login script commands that you want to be
executed if the specified condition is true.
Examples
If you place the following command in a login script, the message Status
report is due today appears when the user logs in on Monday and
Have a nice day! on other days:
IF DAY_OF_WEEK="MONDAY" THEN
WRITE "Status report is due today."
ELSE
WRITE "Have a nice day!"
END

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The following lines mean “If the hour (on a 24-hour scale) is greater than or
equal to 12, then write ‘afternoon’”:
IF VALUE HOUR24>="12" THEN
WRITE "afternoon"
END
The following command executes the CAPTURE utility on the fourth day of
the week (Wednesday):
IF NDAY_OF_WEEK="4" THEN
#CAPTURE Q=FAST_Q NB TI=10 NFF
END
The following example shows nested IF...THEN statements. Notice that there
are two IF statements, so each one must have its own END statement:
IF DAY_OF_WEEK="MONDAY" THEN
MAP *6:=VOL1:APPL\WP
IF MEMBER OF CLERKS THEN
WRITE "Your report is due immediately!"
END
END
Conditionals can be joined with commas, the word AND, or the word OR to
form compound conditionals.
The first line of the following IF...THEN statement is a compound conditional
that means “If it is the evening of the first day of the month”:
IF GREETING_TIME="EVENING" AND DAY="01" THEN
WRITE "The system will be backed up tonight."
END
An IF...THEN statement can include several commands that must be executed

if the conditional is true.
The following example shows two commands that are executed on Tuesdays:
a WRITE command that displays a message about a staff meeting, and an
INCLUDE command that tells the login script to process any commands or
messages contained in the file SYS:PUBLIC\UPDATE.TXT.
IF DAY_OF_WEEK="TUESDAY" THEN
WRITE "Staff meeting today at 10 a.m."
INCLUDE SYS:PUBLIC\UPDATE.TXT
END

103-000159-001
December 7, 2001
Novell Confidential
INCLUDE
Use INCLUDE to execute independent files or another object’s login script as
a part of the login script currently being processed.
These subscripts can be text files that contain valid login script commands
(any of the commands explained in this appendix) or login scripts that belong
to a different object you have rights to.
Text files that contain login script commands, as well as other objects’ login
scripts, can be used as subscripts. Use these subscripts to supplement the main
login script.
You can create and edit text file subscripts using any text editor. Subscripts do
not need to have any particular filenames or extensions.
The INCLUDE command executes the login script commands contained in
the subscript. It does not display the text of the subscripts.
INCLUDE nesting is limited only by available memory. This means that one
subscript file can include another subscript file, which can include yet another
subscript file, etc. In DOS, however, the maximum number of subscript files
that you can nest is 10.
If the subscript is a text file, users must have at least File Scan and Read rights
to the directory containing the subscript.
If you are using another object’s login script as a subscript, users must have
the Browse right to the object whose script you are including and the Read
right to the object’s Login Script property.
Command Format
INCLUDE [path]filename
or
INCLUDE object_name
To use a text file as a subscript, replace path with either a drive letter or a full
directory path beginning with the NetWare volume name.
Replace filename with the complete name (including the extension) of the text
file.
To execute another object’s login script as part of a login script, replace
object_name with the name of the object whose login script you want to use.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Examples
To execute a text file called SCRIPT.NEW (located in volume VOL1) as a
subscript, add the following line to your main login script:
INCLUDE VOL1:ADMIN\USERS\SCRIPT.NEW
Suppose you are creating a container login script for all users under the
Organizational Unit object SALES_LA. You recently created a container
login script for users under the Organizational Unit object SALES_PV.
You’ve decided that the SALES_LA users could use the same login script as
the SALES_PV users, but with a few more drive mappings.
In the SALES_LA login script, you could add the additional drive mappings
and then use the INCLUDE command to execute the entire SALES_PV login
script as a part of the SALES_LA login script, as follows:
1. Create an alias for the SALES_PV Organizational Unit in the
SALES_LA Organizational Unit.
2. Add this line to the SALES_LA Organizational Unit’s login script:
INCLUDE .SALES_PV_ALIAS.SALES.NOVELL_US
The following figure illustrates how the INCLUDE command executes the
SALES_PV login script as part of the SALES_LA login script.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
LASTLOGINTIME
Use LASTLOGINTIME to display the last time the user logged in.
If you include this command in the login script, the time of the last login is
displayed on the workstation screen.
Command Format
LASTLOGINTIME
MAP
Use MAP to map drives and search drives to network directories or to map to
NDS objects such as cluster-enabled volumes.
If you use MAP to automate drive map assignments during execution of the
login script, users don’t need to map drives every time they log in.
If you do not want the result of each mapping to be displayed as it is executed,
add the MAP DISPLAY OFF command at the beginning of the login script.
When all drive map assignments have been completed, add the line MAP
DISPLAY ON and MAP to your login script. This sequence provides a
cleaner display for users as they log in.
Instead of specifying drive letters such as F: or G:, you could use an asterisk
followed by a number n to represent the nth network drive. For example, if the
first network drive is F: then using MAP *3:= would assign H: {1 2 3 = F G
H}. Or, if the first network drive is D:, then using MAP *4:= would assign G:
{1 2 3 4 = D E F G}.
This allows drive letters to reorder themselves automatically when local
drives are removed or added or when the first network drive is changed. This
also allows users to log in from workstations with a different number of local
drives than their regular workstation.
You can map a local drive (usually A: through C:) to a network directory, but
you cannot access the local drive until you remove the network drive mapping.
Do not map over the local drive containing the Windows directory.
Do not map a drive to a network drive such as a CD-ROM drive.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Command Format
MAP [[options]|[parameters][drive:=path]
Replace drive with any valid network drive letter, local drive letter, or search
drive number.
Replace path with either a drive letter, a full directory path, a Directory Map
object, or an NDS object such as a cluster-enabled volume.
More than one command can be on the map line if the commands are separated
by a semicolon ( ; ), as shown in the following example:
MAP *1:=SYS:PUBLIC;*2:=SYS:PUBLIC\DOS
When mapping a drive to a directory on an NDS server, begin the path with
either the Volume object name or server\volume.
When mapping to a directory on a bindery-based server or to an NDS server
that isn’t the current server, begin the path with the server’s name.
When mapping to an NDS object, use the object’s fully distinguised name
preceeded by a leading period (.).
Replace option with one of the following:
DISPLAY ON|OFF determines whether drive mappings are displayed on
the screen when the user logs in. The default setting is ON. This option is
valid only in login scripts.
ERRORS ON|OFF determines whether MAP error messages are
displayed when the user logs in. MAP ERROR OFF must be placed
before MAP commands in the login script. The default setting is ON. This
option is valid only in login scripts.
Replace parameter with one of the following:
INS inserts a drive mapping between existing search mappings.
DEL deletes a drive mapping, making that drive letter available for other
mapping assignments.
ROOT or R maps a fake root. Windows NT and Windows 2000 are
always mapped to the root. Some applications require their executable
files to be located in a root directory.
Because you might not want users to have rights at the root directory, you
can map a fake root to a subdirectory instead.

103-000159-001
December 7, 2001
Novell Confidential
The Windows NT/2000 native environment forces a map root on all

drives. To prevent a forced map root in a Windows NT/2000
environment, set the MAP ROOT OFF = 1 environment variable. All
drives are then mapped as specified, and only explicit map root drives are
rooted.
C (CHANGE) changes a search drive mapping to a regular mapping or a
regular mapping to a search drive mapping.
P (PHYSICAL) maps a drive to the physical volume of a server rather
than to the Volume object’s name.
A Volume object name might conflict with a physical volume name. (For
example, object ACCT is an Accounting volume, but there is also a
physical volume named ACCT.) Therefore, if you prefer to map a drive
to the physical volume name, use MAP P.
N (NEXT) maps the next available drive when used without specifying a
drive number or letter.
NO_DEFAULT
Use NO_DEFAULT in a container or profile login script if you do not want
the default user login script to run and you do not want to create any user login
scripts.
NOTE: If you have created a user login script for a user, that login script executes
whether or not the NO_DEFAULT command is in the container or profile login
script.
Command Format
NO_DEFAULT
PAUSE
Use PAUSE to create a pause in the execution of the login script.
You can add PAUSE to the login script following a message so that the user
has time to read the message before it scrolls off the screen.
If you include PAUSE, the message Strike any key when ready...
appears on the workstation screen. NetWare Login then waits for a key to be
pressed before it executes the rest of the login script.

103-000159-001
December 7, 2001
Novell Confidential
Command Format
PAUSE
PROFILE
Use PROFILE in a container script to set or override a user’s assigned or
command line-specified profile script. This is useful when defining a group
profile.
Command Format
PROFILE profile_object_name
Example
To override the profile script assigned to a user, and to cause the user to
execute a PROFILE script called team_profile, use the following command:
PROFILE team_profile
REMARK
To include explanatory text in the login script or to keep a line from being
executed during testing, begin a line with REMARK, REM, an asterisk ( * ),
or a semicolon ( ; ). Any text that follows these symbols is ignored when
NetWare Login executes the login script. Remarks do not appear on the
screen.
IMPORTANT: This command and its associated text must be the only entry on a
line. Placing remarks on the same line as other login script commands can cause
errors.
If a remark is several lines long, begin each line with the remark keyword.
Command Format
REM[ARK] [text]
or
* [text]
or

103-000159-001
December 7, 2001
Novell Confidential
; [text]
Replace text with the comment you want to include in the login script.
Example
The following are examples of explanatory text that you might use with the
REMARK command and its variants:
* This is Richard’s login script
; Mapped network drives follow:
REM The next mapping is a fake root.
REMARK This login script is for new users.
SCRIPT_SERVER
NetWare 2 and NetWare 3 users can use SCRIPT_SERVER to set a home
server where the bindery login script is read from.
SCRIPT_SERVER has no effect on NetWare 4 and later users.
Command Format
SCRIPT_SERVER server_name
SET
Use SET to set an environment variable to a specified value.
When you use SET in a login script, you must enter quotation marks (" ")
around values.
If a variable is set to a path that ends in a backslash and double quote (\"), these
two characters are interpreted as an embedded quote preceded by an escape
character. To avoid this problem, use two backslashes before the ending
double quotes (\\").
You do not need to include SET commands in login scripts. For example, you
might decide place some SET commands in the workstation’s
AUTOEXEC.BAT file. Where you use SET commands depends upon your
individual needs.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
This command does not work in a login script if the DOS workstation’s
environment is too small. In this case, you should set the environment size in
the CONFIG.SYS file.
After you use the SET command to set a value for an environment variable,
you can use that variable in other login script commands.
To include an environment variable as an identifier variable in a command,
enclose the name of the variable in angle brackets (for example, <emailuser>).
Command Format
[TEMP] SET name="value"
Replace name with an environment parameter that identifies the environment

you want to change.
Replace value with identifier variable substitutions. Values must be enclosed
in quotation marks.
To change the environment for the login script, but not for the workstation
itself after the login script has finished executing, use the optional keyword
TEMP.
Examples
You can use SET to make a prompt display the current directory path (such as
F:\HOME\MARY>) rather than just the drive letter. To do this, add the
following line to the login script:
SET PROMPT="$P$G"
“$P” lists the current directory path and “$G” displays a greater-than sign (>).
To set a path for a program called DAILY, which is in the REPORTS
subdirectory under drive G:, you would add the following line:
SET PATH="G:\REPORTS\DAILY"
This sets the variable PATH to G:REPORTS\DAILY.

Setting the variable PATH in the login script removes any search drives
previously assigned. Use SET PATH only before you map search drives. SET
PATH also overwrites any paths set in the user’s AUTOEXEC.BAT file.
To display this path, you can include PATH as an identifier variable in a
WRITE command by enclosing the variable (not the value) in angle brackets.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
For example, the following line displays My path is

G:\REPORTS\DAILY:
WRITE "My path is ";path
To include an environment variable in a MAP command, precede the variable

with a percent sign (%). For example, you could include the following lines in
a login script to set and map a drive to the variable NWS:
SET NWS="C:\XYZ"
MAP S16:=%<NWS>
SET_TIME
Use SET_TIME to set the workstation time equal to the time on the NetWare
server that the workstation first connects to.
If you set SET_TIME to OFF in the login script, the workstation time does not
update to the server’s time.
Command Format
SET_TIME ON|OFF
SHIFT
Use SHIFT to change the order in which %n variables are interpreted in the
login script. SHIFT allows users to enter login parameters in any order. For
more information on %n variables, see “Login Parameters with %n Variables”
on page 65.
You can shift up to 10 login script variables from %0 to %9.
When users execute NetWare Login, they can include additional parameters.
Each of these parameters is assigned a %n variable; in this way, the
parameter’s real value can be substituted for the %n variable that appears in
the login script.
In the login script, you can add SHIFT with a positive or negative number to
move the variables in either direction. For example, SHIFT -3 moves each %n
variable three positions to the right.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Command Format
SHIFT [n]
Replace n with the number of places that you want the variable to shift. The
default is SHIFT 1.
Examples
When Mary logs in, she wants to access her word processing program, change
the way it is set up, and map a drive to her work directory called ACCNTS.
Mary also has a command in her login script to map a drive to her
DATABASE directory, but she does not need it today. The commands in
Mary’s login script are shown here:
:LOOP
IF "%2"="WP" THEN
SET WP="\U-CML\B-10\D"
MAP S16:=SYS:APPL\WP\SETUP
END
IF "%2"="ACCNTS" THEN MAP G:=SYS:ACCNTS
IF "%2"="DATABASE" THEN MAP S16:=SYS:APPL\DATABASE
SHIFT
IF "%2"<>"" THEN GOTO LOOP
(In the last line,

IF "%2" < >
is followed by closed quotation marks, which means “If %2 isn’t blank”.)

With these commands in her login script, and assuming a command line login,
Mary can log in to the primary file server (named FS1) using her username,
MARY, as follows:
LOGIN FS1\MARY WP ACCNTS
The parameters in Mary’s login command are given the following values:
%0=FS1
%1=MARY
%2=WP
%3=ACCNTS
Mary’s login script looks for %2, which is WP, and sets the word processing
environment. Then the login script shifts the variables one to the left so that

103-000159-001
December 7, 2001
Novell Confidential
%2 now becomes ACCNTS. Upon executing the loop, the login script maps a
drive to the ACCNTS directory.
Mary could also change the order of her login command without affecting the
way her work environment is set up, as follows:
LOGIN MARY ACCNTS WP
The parameters in this login command are given the following values:
%0=FS1
%1=MARY
%2=ACCNTS
%3=WP
In this case, Mary’s login script looks for %2, which is now ACCNTS. The
login script maps a drive to the ACCNTS directory. Then the login script shifts
the variables to the left so that %2 now becomes WP.
Upon executing the loop, the login script sets the word processing
environment.
TERM
This command is normally used only for Application Launcher scripts, a
component of ZENworksTM for Desktops.
You can use the TERM command in a login script to stop the login script and
return an error code.
You can also use TERM in an IF...THEN statement, so that the login script
stops and an error code is returned only if an IF statement is true (that is, a
certain condition exists). If the IF statement is false (that is, a condition
doesn’t exist), the login script skips the TERM command and continues
executing.
Because TERM stops the login script, be sure to put this command either at
the end of the login script or at a point within the script where you intend
execution to stop. Do not nest the TERM command in the login script.
If you add TERM to a container login script, it prevents other profile or user
login scripts from running. If you put TERM in a profile login script, it
prevents the user login script from running.

103-000159-001
December 7, 2001
Novell Confidential
Command Format
TERM nnn
Replace nnn with an error level. Any error level between 000 and 999 is valid.
Example
If you want the login script to exit and return an error code of 718, you can add
the following statement to the login script:
TERM 718
TREE
The TREE command can be used only with clients that support multiple NDS
tree attachments.
Use TREE to attach to another NDS tree within the network and to access its
resources.
The TREE command changes the “focus” of the login script so that all NDS
object references in subsequent script commands (for drive mappings, print
captures, etc.) apply to the NDS tree specified in the TREE command.
You can include multiple TREE commands within a login script, either to
attach to additional trees or to switch the login script’s “focus” back to a tree
that the user is already attached to.
Command Format
TREE tree_name[/complete_name[;password]]
Replace tree_name with the name of the NDS tree that you want the user to
attach to.
Replace complete_name with the user’s complete name (Distinguished Name)
for the NDS tree that the user is attaching to. The complete name establishes
the user’s context in the tree. If you do not include the complete name, the user
is prompted for a complete name when the TREE command is executed from
the login script.
Replace password with the correct password for that user and tree. If the
username and password are the same as the primary login username and
password, you can omit the password and not be prompted for it.

103-000159-001
December 7, 2001
Novell Confidential
IMPORTANT: Use caution when including passwords in a login script. It is more

secure to eliminate the password. Then, at the point in the login script where the
TREE command is executed, the user is prompted for the password.
Example
To attach the user with the complete name MRICHARD.ACME (whose
password is BUTTERFLY) to an NDS tree named CORP, add the following
line to the login script:
tree corp/.mrichard.acme;butterfly
WRITE
Use WRITE to display messages on the workstation screen when a user logs
in to the network. Text that you want to display must be enclosed in quotation
marks (" ").
There are several ways to display variables in the text message. The way you
enter the variable in the WRITE command determines the display format, as
follows:
If you type the identifier variable as shown, with no special punctuation,
only the variable is displayed on the screen.
If you enclose the identifier variable inside quotation marks, precede the
variable with a percent sign (%) and type it in uppercase letters. This
method is often used to combine regular text with an identifier variable,
because both the text and the variable can be enclosed in the same
quotation marks.
To join several text strings and identifier variables into a single display
without enclosing the variables in quotation marks, use a semicolon (;)
between the text and the variables.
If you have several WRITE commands, each one appears on a separate
line on the user’s workstation. However, if you put a semicolon at the end
of all but the last WRITE commands, the commands all appear as one
continuous sentence or paragraph (although they might wrap onto
additional lines on the workstation’s screen).

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Text strings can include the following special characters:
Character Meaning
\r Causes a carriage return
\n Starts a new line of text
\" Displays a quotation mark on the screen
\7 Makes a beep sound
In addition to the semicolon, you can use other operators to form compound
strings (in other words, to join text and identifier variables into one command).
These operators are listed in the following table, in order of precedence:
Operator Meaning
*/% Multiply, divide, modulos
+- Add, subtract
>> << Shift left or right (1000 >> 3 becomes 1)
Command Format
WRITE "[text][%identifier]" [;][identifier]
Replace text with the words you want to display on the screen.
Replace identifier with a variable you want to display, such as a user’s login
name. See “Using Identifier Variables” on page 62 for a complete list of
variables.
Examples
To display the message Hello, add the following line to the login script:
WRITE "Hello"
To display the user’s surname along with a greeting, add the identifier
LAST_NAME to the command. To do this, either join the text and the
identifier with a semicolon (;) or include the variable in the quotation marks
with the text.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
For example, either of the following lines displays Hello, Smith when
user Bob Smith logs in:
WRITE "Hello, ";%LAST_NAME
WRITE "Hello, %LAST_NAME"
To make a beep sound occur while the phrase Good morning appears on
the screen, add the following line to the login script:
WRITE "Good %GREETING_TIME \7"

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
B Sample Login Scripts
You can create login scripts from these sample login scripts using NetWare®
Administrator. Using a sample login script can help reduce syntax errors,
reducing the time it takes you to create your login scripts.
For more information on how to create login scripts, see “Creating Login
Scripts from a Sample or Existing Login Script” on page 34.
IMPORTANT: You must modify these sample login scripts to match the server
Sample Container Login Script

The container login script should contain any information that applies to all
users. By using some or all of the commands included in the following sample
container login script, you might find it easier to plan and create your own
container login scripts.
For more detailed information about each type of login script command, see
“Login Script Commands and Variables” on page 59.
MAP DISPLAY OFF
MAP ERRORS OFF
MAP *1:=%HOME_DIRECTORY
IF "%1"="ADMIN"THEN MAP *1:SYS:SYSTEM
IF OS = "WIN95" THEN
MAP P:=SYS:PUBLIC
ELSE
MAP INS S1:=SYS:PUBLIC
MAP INS S2:=SYS:PUBLIC\%MACHINE\%OS\%OS_VERSION
END
Sample Login Scripts 93

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IF OS = "WINNT" THEN
MAP P:=SYS:USERS\%LOGIN_NAME\WINNT
MAP INS S16:=SYS:APPS\WINAPPS\WINNT
SET TEMP = "P:\USERS\%LOGIN_NAME\WINNT\TEMP"
END
MAP INS S16:=VOL1:APPL\LOTUS

MAP INS S16:=SYS:EMAIL
MAP M:=VOL1:SHARED
MAP N:=VOL1:MODEMS
MAP O=SYS:DOC
IF MEMBER OF "MANAGERS" THEN

MAP *3:=VOL1:PROJECTS\REPORTS
END
Sample Profile Login Script

If you have groups of users with identical login script needs, you can create a
Profile object and then create a login script for it. Then you can assign each
user to be a member of that object.
The following sample login script shows an example of a profile login script
you might create for users in the Profile object ACCOUNTING. This profile
login script would execute after the container login script had executed.
MAP DISPLAY OFF
MAP ERRORS OFF
MAP INS S16:=VOL1:APPL\DB
MAP *5:=VOL1:ACCOUNTS\NEW
MAP *6:=VOL1:ACCOUNTS\RECORDS
@GRPWISE5
MAP DISPLAY ON
MAP
WRITE
IF DAY_OF_WEEK="FRIDAY" THEN
WRITE "Weekly progress report is due today."
FIRE 2
END

103-000159-001
December 7, 2001
Novell Confidential
Sample User Login Script

The following sample login script is an example of a login script created for
user Mary. The user login script executes after the container and profile login
scripts have executed. In addition, a user login script prevents the default login
script from executing for this specific user.
Therefore, you should consider whether any commands in the default login
script are necessary for setting the user’s environment. If so, determine
whether those commands should be placed into one of the other login scripts
(container, profile, or user).
MAP DISPLAY OFF
MAP ERRORS OFF
MAP *7:=VOL1:MARY\PROJECTS\RESEARCH
MAP *8:=VOL1:FORMS
REM Mary needs access to FORMS while she’s on the
REM troubleshooting team.
SET WP="/u-mjr/b-5"
SET USER="mrichard"
#SEND /A=N
Sample Default Login Script

The default login script executes the first time User object Admin logs in. It
also executes for any users who do not have user login scripts.
You can’t modify the default login script because it is coded into the Novell®
LOGIN utility. Instead, you can create container, profile, or user login scripts.
The following sample of the default login script lists its contents and lets you
find out more information about each command in the default login script.
MAP DISPLAY OFF
MAP ERRORS OFF
MAP *1:=%FILE_SERVER\SYS:
MAP *1:=%FILE_SERVER\SYS:%LOGIN_NAME
IF "%LOGIN_NAME"="SUPERVIS" OR "%LOGIN_NAME"="ADMIN" THEN
MAP *1:=%FILE_SERVER\SYS:SYSTEM
MAP INS S1:=%FILE_SERVER\SYS:PUBLIC
MAP INS S2:=%FILE_SERVER\SYS:PUBLIC\%MACHINE\%OS\%OS_VERSION
MAP DISPLAY ON
MAP
Sample Login Scripts 95

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000159-001
December 7, 2001
Novell Confidential
C Troubleshooting Issues
This appendix provides troubleshooting information for known issues.

HINT: If you do not find a solution to your issue here, check the Readme file that
accompanied the software as well as the Novell® Support Connection® information
database (http://www.support.novell.com).
Windows 95/98 Issues

The following issues will help you troubleshoot Novell ClientTM for Windows
95/98. For additional issues, check the Novell Client Readme.
Installation
Drag-and-Drop Operations Do Not Work Immediately after Installation
Drag-and-drop operations between applications on the desktop might not

work immediately after the client is installed and the workstation is rebooted.
To solve this problem, reboot again to ensure proper registration of the
ActiveX* controls included in the client.
NDPS Required on NetWare 5.1
An update to NDPS® is required to solve a client hang. Install the

DPRPCNLM.NLM file, dated 22Nov2000 or later. This update is included in
NetWare® 5.1 Support Pack 3. Refer to TID 10062546.
Update Required on NetWare 4.11 and NetWare 4.2 Servers
NetWare 4.11 and NetWare 4.2 servers require an update on the server prior
to the installation of this Novell Client. The server update information is
Troubleshooting Issues 97

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
located in TID 2952441. This update addresses an issue in which a file opened
once by different threads (one open in each thread) in an application and then
closed leaves an instance of the file open, even after exiting the application.
This problem could cause the server to run out of memory or hang.
IP with IPX Compatibility Dependency
When using the IP with IPXTM Compatibility client configuration, make sure
that the TCP/IP stack has been configured with a TCP/IP gateway. This can
be configured through DHCP or defined locally. The IPX Compatibility
driver and IP routing will not work properly without a TCP/IP gateway
configured. Under Windows 95/98, the gateway can be configured by opening
the TCP/IP Properties page from the Network Properties page. If your network
is configured to use DHCP, you do not need to configure the gateway locally.
IP with IPX Compatibility Needs Migration Agent
If you are using the IP with IPX Compatibility configuration on the client and
are trying to connect to servers running IPX only, make sure that you have
configured a Migration Agent (MA) on the network.
For more information on setting up a Migration Agent on the network, see the
NetWare® 5 documentation (www.novell.com/documentation). To
troubleshoot a Novell Client’s MA visibility or configuration, enter
CMDINFO at the DOS prompt. This command should list all configured or
discovered MAs, depending on the IPX compatibility configuration.
ZENWorks for Desktops 2 Remote Management Does Not Work after Upgrading to Novell
Client for Windows 95/98 Version 3.31
If you upgraded Novell Client software and chose to update Remote

Management during installation, Remote Management will not function if you
do not have ZENworksTM for Desktops 3. If you have inadvertently upgraded
Remote Management and do not have ZENworks 3 for Desktops, do the
following:
1 Uninstall Novell Client for Windows 95/98 version 3.31.
2 Install a previous version (with the Remote Management option selected)
of Novell Client for Windows 95/98.
This replaces the Remote Management functionality.
3 Install Novell Client for Windows 95/98 version 3.31 without selecting
Remote Management.

103-000159-001
December 7, 2001
Novell Confidential
Installing ZENWorks for Desktops 2 Remote Management and Novell Client Software
Version 3.31 on a New Workstation
If you have new workstations that require ZENworks for Desktops 2 Remote
Management and Novell Client for Windows 95/98 version 3.31, do one of the
following.
Install Remote Management Using an Application Object

Remote Management.
2 Use the NAL Remote-OS Application Object to install Remote
Management.
Install Remote Management Using a Previous Version of the Client

1 Install a previous version of Novell Client for Windows 95/98.
This installs the Remote Management functionality.
Remote Management.
Login
MFC42.DLL Error
Novell Client runs with MFC42.DLL version 4.21.7022 or later. MFC42.DLL

version 6.00.8267.0 is installed when you install Novell Client. If an older
version is installed over the version installed by Novell Client, the client login
fails with an error message similar to the following:
The ordinal 6453 could not be located in the dynamic link
library MFC42.DLL.
The actual message might vary, depending on the version of MFC42.DLL you
are using.
To recover from this error, reinstall the correct version of MFC42.DLL. You
can find the correct file on the ZENworks CD at
D:\PRODUCTS\WIN95\IBM_ENU\MFC42.DLL
Copy the .DLL to the following directory on your workstation:
C:\WINDOWS\SYSTEM

103-000159-001
December 7, 2001
Novell Confidential
Login Restrictions Set for IPX/SPX Prevent User from Logging In
Symptom: Login restrictions are set for IPX/SPXTM and the node address.
When the administrative workstation is reset, the new client files are
automatically updated and the reboot prompt is displayed. After restarting, the
workstations that are placed in the restriction list as being able to log in as
Admin and which now have the new client cannot log in and no administration
of the server can be done.
Cause: This is a problem with preferring the IP protocol. The allowed
addresses assigned in NDS® are IPX addresses. If the server is bound to IP,
the clients are designed to prefer this protocol by default. The result is that the
client is attempting to log in to the server using IP but the address is restricted
to only allow IPX addresses, causing an authentication failure. This is due to
the IP address not being stored in NDS.
Solution: Do not bind IP to the server until static IP addresses have been
assigned. Or, change your protocol preference to IPX.
Dial-Up Networking
Dial-Up Networking over IP: SLP Configuration
In order to use SLP name resolution with dial-up networking, you must add
the directory agent’s IP address to the directory agent list on the Novell
NetWare Client Properties Service Location tab.
Properties.
2 Click the Service Location tab.
3 Add the directory agent IP address to the directory agent list and then
click OK.
Dial-Up Networking over IP: Unable to See the Network
If you are using dial-up networking on the client and are unable to log in or
browse the network, do the following:
1 Make sure that you can resolve NetWare 5 or later IP server names.
For dynamic discovery of servers, make sure that your client can locate
an SLP Directory Agent. The agent can be configured statically or it can
be configured through DHCP if your dial-up host supports DHCP and is
configured with the proper Discovery Agent.

103-000159-001
December 7, 2001
Novell Confidential
By default, the client uses DHCP to locate a Discovery Agent. (This

assumes that a Discovery Agent is configured on the dial-up host
network.)
The client uses an NWHOST file, if present, which contains server names
and their addresses. This might be a preferred way to run your client. (The
file is created in the NOVELL\CLIENT32 directory on the workstation.)
The client also supports DNS names. After connecting to the dial-up host,
make sure that your DNS server is working properly by attempting to
ping your server using its DNS name. If the ping was successful, then use
that same DNS name as your server name in the login dialog.
HINT: Isolate the problem down to name resolution by using an IP address
instead of the server name. If the login works, the problem is in name resolution.
2 Make sure that the IP stack is still functioning properly by pinging known
active IP nodes that are on the dial-up host network.
3 If you are using IP with Compatibility Mode on the client and cannot see
any IPX servers, make sure that the clients Migration Agent is configured
properly.
See “Dial-Up Networking with Compatibility Mode” on page 101.
Dial-Up Networking with Compatibility Mode
In order to use Compatibility Mode to locate IPX services over a dial-up

connection, you should statically configure the Migration Agent on the
Compatibility Mode Driver property page.
NOTE: If your dial-up host supports DHCP Inform requests and is configured to
hand out Migration Agents, you shouldn’t need to set the Migration Agent statically.
1 Click Start > Settings > Control Panel.

2 Double-click Network > Compatibility Mode Driver (CMD).
3 Uncheck the Use DHCP check box and then add a Migration Agent, using
an IP address in dotted format (for example: 137.65.1.5).
You can also use a DNS name, keeping in mind the dial-up environment
that you are using.
4 Press OK to save the changes.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Printing
Do Not Configure a Local NPRINTER with Interupts
Do not configure a local NPRINTER with interrupts. Use the default Polled
Mode instead.
Windows NT/2000/XP Issues

The following issues will help you troubleshoot Novell Client for Windows
NT/2000 and Novell Client for Windows XP. For additional issues, check the
Novell Client Readme.
Installation
IPX Compatibility Mode and the IPX Internal Network Number
Workstations using IPX Compatibility Mode cannot have an IPX internal

network number configured. If you have configured an IPX internal network
number on your workstation and you plan to install the Novell IP Client with
IPX Compatibility Mode, then remove the IPX internal network number
before installing the client.
(Windows NT-Only) Errors Resulting from a Custom Installation of Novell Client for
Windows NT
We recommend that you use the Typical Installation option for most
installations of Novell Client software. If you are installing Novell Client and
you select Custom Installation, note that the Novell IP gateway is not
compatible with NetWare IP or CMD (IPX Compatibility Mode Driver).
Using Remote Management with ZENworks for Desktops
If you plan to use Remote Management, make sure that Workstation Manager
is installed on all workstations that will be managed remotely.
NDPS Required on NetWare 5.1
An update to NDPS is required to solve a client hang. Install the

DPRPCNLM.NLM file, dated 22Nov2000 or later. This update is included in
NetWare 5.1 Support Pack 3. Refer to TID 10062546.

103-000159-001
December 7, 2001
Novell Confidential
Update Required on NetWare 4.11 and NetWare 4.2 Servers
NetWare 4.11 and NetWare 4.2 servers require an update on the server prior
to the installation of this Client. The server update information is located in
TID 2952441. This update addresses an issue in which a file opened once by
different threads (one open in each thread) in an application and then closed
leaves an instance of the file open, even after exiting the application. This
problem could cause the server to run out of memory or hang.
TCP/IP Source Path Parameter for Unattended Installation
The TCP/IP Source Path parameter has been added to the unattended network
installation. This parameter is not included in Novell Client Install Manager.
To use this parameter, you must add it manually to the UNATTEND.TXT file:
!TCPIP_SOURCE_PATH = path
This parameter is used with Automatic Client Upgrade (ACU) to upgrade an

IP client. Specify the full path to the source files for the Microsoft TCP/IP
installation files. If this parameter is not specified, the location where the ACU
was run from will be used as the default.
Additionally, all parameters to configure TCP/IP are available as well. These
are the same parameter names that are specified by Microsoft for use during
an unattended operating system install. They should be added under the
Novell Client section of the unattend file.
For more information on unatteded network installations, see “Installing
Clients from the Network” on page 19.
Password Issues
We recommend that administrators configure NT workstations to not use any

of the Microsoft password restrictions available in User Manager. Novell
Client for Windows NT/2000/XP works best if password restrictions are left
up to NDS.

103-000159-001
December 7, 2001
Novell Confidential
Login
MFC42.DLL Error
Novell Client runs with MFC42.DLL version 4.21.7022 or later. MFC42.DLL

version 6.00.8267.0 is installed when you install Novell Client. If an older
version is installed over the version installed by Novell Client, the client login
fails with an error message similar to the following:
The ordinal 6453 could not be located in the dynamic link
library MFC42.DLL.
The actual message might vary, depending on the version of MFC42.DLL you
are using.
To recover from this error, reinstall the correct version of MFC42.DLL. You
can find the correct file on the ZENworks CD at:
D:\PRODUCTS\WINNT\I386\LIBS32\MFC42.DLL
Copy the .DLL to the following directory on your workstation:
%SystemRoot%\system32
Copying MFC42.DLL will fail if some component is using the file. If the copy
fails, try renaming %SYSTEMROOT%\SYSTEM32\MFC42.DLL to
%SYSTEMROOT%\SYSTEM32\MFC42.OLD and then try copying the new
version again.
Login Restrictions Set for IPX/SPX Prevent User from Logging In
Symptom: Login restrictions are set for IPX/SPX and the node address. When
the administrative workstation is reset, the new client files are automatically
updated and the reboot prompt is displayed. After restarting, the workstations
that are placed in the restriction list as being able to log in as admin and which
now have the new client cannot log in and no administration of the server can
be done.
Cause: This is a problem with preferring the IP protocol. The allowed
addresses assigned in eDirectoryTM are IPX addresses. If the server is bound
to IP, the clients are designed to prefer this protocol by default. The result is
that the client is attempting to log in to the server using IP but the address is
restricted to only allow IPX addresses, causing an authentication failure. This
is due to the IP address not being stored in eDirectory.
Solution: Do not bind IP to the server until static IP addresses have been
assigned. Or, change your protocol preference to IPX.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Login Script
CAPTURE Execution in a Login Script
If you use a login script that contains an external CAPTURE command using
CAPTURE.EXE, the screen might go blank with a blinking cursor in the
upper-left corner. The capture eventually executes and the screen returns to
normal.
This happens if Windows NT or Windows 2000 is set to “full screen” when
the CAPTURE command is executed from the login script. Although the
system might be working correctly, a slow server performing the capture with
a blank screen may make it appear otherwise.
To correct this problem, do the following:
1 Double-click My Computer and then click Control Panel > MS-DOS
Console.
2 In the Console Windows Properties dialog box, click the Options tab.
3 From the Display Options group, click Window.
Login Script Command SET_TIME ON/OFF Behaves Differently on NT
Novell Client for Windows NT/2000/XP Properties > Advanced Settings

contains a Set Station Time property.
When this setting is On, the workstation time is always synchronized with the
network during GINA Login. The login script SET_TIME command has no
effect on time synchronization, because the time is being synchronized before
the script command is processed.
When the setting is Off, the SET_TIME ON script command will have an
effect when scripts are run and the workstation time will be synchronized with
the network.
Windows 2000 and XP both ignore the SET_TIME script command
regardless of the client property setting Set Station Time=On|Off' and update
the time/date to the Netware Server Time/Date at Gina Login only.
Subsequent script executions do not make any difference as the script
command seems to be ignored.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
MAP.EXE
The MAP.EXE utility might function improperly if the computer’s DOS

environment size is too small. If you encounter problems while running
MAP.EXE, increase the DOS environment size by adding or editing the
SHELL= line in the WINNT\SYSTEM32\CONFIG.NT file. For example:
SHELL=%SYSTEMROOT%\SYSTEM32\COMMAND.COM /E:2048
MAP.EXE was not designed as a Windows NT/2000/XP executable and,

therefore, does not recognize drives mapped to NT servers as network drives.
Consequently, MAP will not list NT network drives. The Windows NT NET
USE command can be used to correctly connect and list network drives for
both NetWare and NT servers.
MAP.EXE Might Fail When Mapping a Drive to a Novell eDirectory Object on Windows NT
MAP.EXE is not IP-aware for eDirectory objects. As a result, MAP.EXE

might fail if you try to use it to map a drive to an eDirectory object—for
example, with a command like the following:
MAP N .mydir.organization.company
The failure will result in a message such as the following:

MAP-4.13-195: Directory [N .mydir.organization.company cannot
be located
This error can be avoided by using one of the following solutions:

Use MAP N SERVER\VOL:\DIRECTORY instead of MAP N
.mydir.organization.company.
Unbind IP from the server that the eDirectory object points to.
Configure the Protocol Preferences of Novell Client property page to use
IPX only.
Drive Mappings Automatically Root Mapped
In Windows NT/2000, all drive mappings made using the NetWare Login are
root mapped. Because of this, programs cannot access directories above the
directory that the drive is mapped to. This feature affects only MAP
commands performed in a login script. Once Windows NT has been started,
NT allows you to map only to the root.

103-000159-001
December 7, 2001
Novell Confidential
You can turn off the default by adding SET MAPROOTOFF="1" as the first
line in the login script. This will globally force all NT workstations using the
login script to not map root drives.
Or, you can perform the following procedure on a local workstation:
1 Right-click My Computer.
2 Click Properties > Environment.
3 Enter MAPROOTOFF as a variable.
4 Set the value of the MAPROOTOFF variable to 1.
5 Click Select.
Errors When Reconnecting Permanent Drive Mappings to Servers in Different Directory

Trees
In Windows NT 4.0, users might encounter an error when restoring permanent

drive mappings to NetWare servers in different trees. These mappings will be
authenticated through Novell eDirectory. The user might get an Invalid
Password prompt when restoring these drives. This is not because the
password is invalid but because the client does not have a valid context for the
secondary tree.
If this problem occurs, enter the default context for all eDirectory trees on the
Client tab of the Novell Client Configuration page. This is accessed by right-
clicking Network Neighborhood and then clicking Properties > Services >
Novell Client for Windows NT > Properties.
Permanent Connections
If you have a permanent drive mapping that conflicts with a drive mapping
made in your login script, a dialog box appears indicating that an error
occurred while reconnecting the drive and that the local device name is
already in use. One of the options in this dialog box has some confusing
results. If you check Do Not Try to Restore the Connection in the Future, and
then click Yes or OK, the drive mapping made from your login script is
removed.
If you do not check this check box, the drive mapping from your login script
is preserved. This is a bug in Windows NT. By default, Windows NT removes
any mappings on that drive letter without checking to see whether the existing
drive mapping is the same path as the permanent connection.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Printing Issues
NDPS and NetWare 5
You might experience difficulties printing through NDPS if your network

connection is dropped and later auto-reconnects. You could receive the
following error messages:
Error writing to <printer>: Space to store the file waiting
to be printed is not available on the server.
A write fault occurred while printing.
To resolve this problem, you must download and install NetWare 5 Support
Pack 2 or later. Then complete the following:
1 At the server console, load NDPSM.NLM to load NDPS Manager on the
server.
2 From the NDPS Manager main menu, click Printer Agent List.
3 Select a Printer Agent.
4 Once the Printer Agent information is displayed, click Configuration:
(See Form).
5 From the configuration screen, change the Security Level from High to
Medium.
Remote Access Services Issues
Supporting a Large Number of Remote Access Services (RAS) Users
If you support a large number of RAS users in your network and you
experience problems with users not being able to log in because of insufficient
NetWare connections, try setting the Watchdog configuration parameters so
that connections time out quickly when RAS connections terminate
abnormally.
SLP Requirements for Server Name Resolution from RAS Clients
If you rely on SLP to provide the resolution of server names to IP addresses in

your network and your RAS server does not forward IP multicast packets
between the client and the network, then you must set up and configure SLP
Directory Agents.
You can configure SLP Directory Agents through the Novell Client property
pages or through DHCP.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IPX Compatibility Requirements for RAS Client
IPX Compatibility Mode requires the services of SLP. For more information,
see “SLP Requirements for Server Name Resolution from RAS Clients” on
page 108.
Before installing the Novell IP Client with IPX Compatibility support, make
sure that the RAS Client is configured to perform only IP networking over the
RAS connections.
Restoring RAS Connections and IPX Compatibility
You must restart your workstation before re-establishing a RAS connection if

The RAS server assigns your client a different IP address during each
RAS connection
You are using IPX Compatibility Mode to run IPX applications or to
connect to IPX servers from your Novell IP Client
You can avoid the changing address problem over RAS connections if you
statically configure the IP address that your workstation uses over the dial-up
adapter.
IPX Compatibility
IPX Compatibility and Multiple Network Attachments
You should be aware that limitations of the IPX stack present in Windows NT
and limitations of 16-bit IPX/SPX applications complicate operations of
multihomed workstations. These limitations impose additional configuration
requirements to make use of the services of IPX Compatibility from your
multihomed Novell IP Client.
Workstations connected to the network through more than one network
attachment are considered to be multihomed workstations. LAN connections
and RAS connections qualify as network attachments.
On Windows NT, the IPX stack does not allow IPX applications to detect
more than one network attachment to segments with the same network
number. This limitation forces you to configure different IPX Compatibility
Network Numbers (also known as CMD Network Numbers) for each adapter
used by your workstation to access the network if you want to allow your
Novell IP Client to simultaneously access IPX Servers through each one of the
adapters. For example, you could allow IPX Compatibility to use the default

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IPX Compatibility Network Number over the LAN adapter but configure a
different network number for IPX Compatibility to use over the RAS
connection (WAN adapter). You should be aware that nodes utilizing IPX
Compatibility on the same network should be configured to use the same
network number in order to directly communicate when using Client/Server
IPX applications.
The IPX stack arbitrarily selects a network attachment for 16-bit IPX/SPX
applications because those applications expect to operate on workstations with
only one network attachment. For this reason, you might find that your 16-bit
IPX/SPX applications are capable of communicating over your LAN adapter
only when you also have a RAS connection over a WAN adapter.
If you have a multihomed Novell IP Client and you want to use the service of
IPX Compatibility over only one of the network attachments and you are
getting unwanted results, then you can disable IPX Compatibility over the
other network attachments. For example, if you have a workstation connected
to the corporate network through LAN adapter A and connected to a lab
network through LAN adapter B, and IPX Compatibility only seems to work
over LAN adapter B, you can force IPX Compatibility to work over LAN
adapter A by opening the IPX Compatibility property page, selecting LAN
adapter B, and unchecking the Enabled check box.
IPX Compatibility and Changing IP Addresses
When the IP address of a given interface changes, you might not be able to
restore the connections that you had to IPX servers from your Novell IP
Client, or your IPX/SPX applications might stop working. If this occurs, you
will have to restart your workstation to recover.
IP interface addresses can change because of TCP/IP manual configuration
changes, because a DHCP lease expires and is renewed with a different
address, or because your network connection goes down and then back up
(such as when you re-establish a RAS connection).
You can avoid the changing address problem over RAS connections if you
statically configure the IP address that your workstation uses over the dial-up
adapter.
DOS Utilities Supported Only When Used with IPX or IP Compatibility Mode
DOS utilities (CX, MAP, CAPTURE, etc.) are supported only when used with
IPX or IP Compatibility Mode. Use the equivalent GUI-based utilities when
accessing resources that are available only from IP servers.

103-000159-001
December 7, 2001
Novell Confidential
Software Compatibility Issues
Microsoft SMB Client Support over IPX
Novell Client for Windows NT/2000/XP coexists with the Microsoft SMB
Client over IPX networks. The Microsoft SMB Client utilizes NetBIOS when
communicating over IPX, which increases the utilization of your network.
If you want to prevent the Microsoft SMB Client from communicating over
NetBIOS, modify your workstation configuration by unbinding the
workstation and server from NWLink NetBIOS in the Network Properties
page.
Microsoft File and Print Services
Novell Client for Windows NT software does not work with Microsoft File
and Print Services for NetWare (FPNW). This is because FPNW advertises
itself as a NetWare 3.12 server but does not emulate a NetWare 3.12 server. It
more closely emulates a NetWare 2.2 server. When the client attaches, it
attempts to use features that are available on NetWare 3.12 servers. Since
FPNW does not support these features, the client is unable to use FPNW.
A fix is available from Microsoft, but Novell testing indicates that the fix still
does not provide a complete solution.

103-000159-001
December 7, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000159-001
December 7, 2001
Novell Confidential
Novell Licensing Services Administration Guide
Novell
NetWare 6 ®
www.novell.com
N O V E L L L I C E N S I N G S E RV I C E S
August 30, 2001

Novell Confidential
Contents
Overview 7
1 Understanding Novell Licensing Services 9

Key NLS Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Examples of NLS Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
How NLS Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2 Installing Novell Licensing Services 21

Guidelines for Installing NLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Installing NLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Verifying That NLS Is Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3 Using Novell Licensing Services 23

Managing License Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
About Single Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
About Envelopes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Installing License Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Deleting a License Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Moving a License Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Assigning Licenses to a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Modifying or Deleting Server Assignments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Viewing Information about License Certificates and Containers . . . . . . . . . . . . . . . . . 26
Using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
About SNMP and NLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Why You Need a Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Three Configuration Files for SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Implementing SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4 Troubleshooting Novell Licensing Services 31

Tips. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Unable to get a server base license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
No access to license units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
The system erroneously reports duplicate licenses . . . . . . . . . . . . . . . . . . . . . . 32
Error Codes and System Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Error Code C0001002 Displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Error Code C0001005 Diplays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
TIDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Contents 5

103-000138-001
August 30, 2001
Novell Confidential
6 Novell Licensing Services Administration Guide

103-000138-001
August 30, 2001
Novell Confidential
Overview
Novell® Licensing Services (NLS) that ships with NetWare® 6 supports the
User Access License (UAL) model. User objects gain access to network
services by connecting to the network instead of to servers. These User objects
receive a permanent license unit that allows them to access network services
at any time and from any workstation attached to the network.
For information on NLS concepts and how NLS works, see “Understanding
Novell Licensing Services” on page 9.
For information on the User Access Model, see User Access Licensing for
NetWare.
When you install or upgrade to NetWare, the server installation software
automatically installs NLS, but not the license certificates. You must install
the license certificates either during the installation or at a later time.
For information on installing or upgrading NLS, see “Installing Novell
Licensing Services” on page 21.
License certificates enable users to access network resources, including
NetWare servers. Typically, the server installation program installs license
certificates for NetWare and other selected NLS-enabled products. You can
use iManage, Novell’s browser-based management tool, to install additional
license certificates and to manage license units for NLS-enabled products.
You can also create metered certificates and then use ZENworksTM to manage
applications that are not NLS-enabled.
To set up and configure iManage to install and maintain licensing, see
iManage 1.0 and iMonitor 1.5 for Novell eDirectory 8.6 for more information.
For information on troubleshooting, see “Troubleshooting Novell Licensing
Services” on page 31.
Overview 7

103-000138-001
August 30, 2001
Novell Confidential
This documentation does not cover information about policy managers and
license certificates for specific products. Refer to product-specific
documentation for that information.

103-000138-001
August 30, 2001
Novell Confidential
1 Understanding Novell Licensing

Services
Since NLS is integrated with eDirectoryTM, you need to be familiar with the
basics of eDirectory, especially eDirectory objects, partitions, and replicas of
partitions.
“Key NLS Terms” on page 9
“How NLS Works” on page 17
Key NLS Terms

Understanding the following terms will help you maintain licensing and
license units on your network.
Novell Licensing Services (NLS)—Software components and
technology that provide a balance between your company’s need to
manage and access license units and a software manufacturer’s need for
enforcement of licensing requirements.
NLS consists of the following components:
License Service Providers (LSPs)
NLS clients
eDirectory objects (License Service Provider objects, License
Certificate objects, and License Container objects)
License Service Provider (LSP)—Licensing software that you install
and run on NetWare® servers. This software is contained in the
NLSLSP.NLM program running on a NetWare 4.11 or later server.
Understanding Novell Licensing Services 9

103-000138-001
August 30, 2001
Novell Confidential
An license service provider provides the actual licensing service. It

handles requests from NLS clients and maintains the license certificates,
which are stored within eDirectory.
When you install NetWare and licensing certificates, NLS
Installs the license service provider software on the server
Creates an License Service Provider object (NLS_LSP_servername)
in the eDirectory tree
You can also use NetWare Deployment Manager to accomplish these two
tasks.
IMPORTANT: You must have an license service provider running on a server with
a writable replica of each partition. This requirement applies to partitions that
contain—or will contain—License Certificate objects. If a partition does not—or will
not—contain a license certificate, that partition does not require a server running
an license service provider.
The replica can be a master or read/write replica. You can run license service
providers on other servers without replicas as long as they can communicate with
the license service provider that has a writable replica. The server with the writable
replica can make changes to the eDirectory database on the other server's behalf.
NLS_LSP_servername—An object in eDirectory.

This object’s existence in the tree is one indication that NLS is configured
to run on a server and that a server is a license service provider.
Both the NetWare server installation software and NetWare Deployment
Manager install the license service provider software on the server and
create a corresponding License Service Provider object
(NLS_LSP_servername) in the eDirectory tree.
License service provider objects are created in the same context as the
server running the license service provider software (NLSLSP.NLM).
The License Service Provider object stores configuration information
about an license service provider running on the server: a transaction
database name, information about how to search for a license certificate
(whether to search to the partition root or to the root of the tree),
notifications concerning unlicensed access and service problems, and
other associated data.
NLS adds an attribute on the NCP Server object. This attribute points to
the license service provider so that NLS has a link between the NCPTM
Server object and the license service provider.

103-000138-001
August 30, 2001
Novell Confidential
NLS client—Software that requests licensing services from license

service providers.
An NLS client runs on client workstations and on NetWare servers. (The
client can run on either a workstation or a server or on both the
workstation and the server.) This software supports 32-bit Windows* and
NetWare Loadable ModuleTM (NLMTM) platforms. When you install NLS
on a server, all of the files that enable an application to use NLS are
copied to the SYS:\PUBLIC and SYS:\SYSTEM directories on the
server.
Other than the client software, no additional files need to be installed on
client workstations. Applications written to use NLS load client libraries
that communicate with NLS components running on a NetWare server.
If a 32-bit Windows NLS client has an existing connection to a NetWare
server running an license service provider, the client communicates
directly with the license service provider. If the client does not already
have a connection to a server running an license service provider, the
client searches from the server’s context upward in the eDirectory tree for
an license service provider.
An NLM client does not search. It simply examines the current
connection.
See “Examples of NLS Clients” on page 16 for more information.
License unit—A component of a license certificate.
When you purchase a product, you purchase one or more license units for
it. For example, a 100 Additive User License for Novell
BorderManagerTM Firewall Services 3 contains 100 license units,
allowing 100 users to access BorderManager services.
NLS supports digital license units that are available from installed
License Certificate objects. NLS also supports metered license
certificates that are managed through ZENworksTM functionality.
License certificates are installed from files. Typical filename extensions
are
.NLF (for NetWare, BorderManager, and other Novell products)
.CLS (for NetWare for Small Business)
.KEY (activation keys)
IMPORTANT: A license unit or a license certificate is not the license itself.
Licenses are specified in your license agreement. Although NLS helps you stay in
compliance with the license agreement, you are bound by the terms and conditions
of your software agreement.

103-000138-001
August 30, 2001
Novell Confidential
License Certificate object—An object in eDirectory; represents a

license certificate.
License certificates correspond to the printed license statement that is
typically included in the packaging for software products. The icon for a
License Certificate object looks like a single sheet of paper representing
a license certificate. When you view the object in iManage, the object
typically displays the serial number or certificate name, as shown below:
Certificates can be secure or unsecure:

A license certificate is a digital license that is secured by secrets. For
additional security, NetWare license certificates are digitally signed.
They cannot be modified. License certificates usually come from a
software vendor.
A metered certificate does not have secrets; it is an unsecure license
certificate. ZENworks functions as the NLS client and requests
license units on behalf of applications. Metered certificates are
usually created by network administrators.
NLS creates a License Certificate object when you install license
certificates for NLS-enabled applications or when you create metered
certificates.
When you install or create a license certificate, you choose the context
(location in an eDirectory tree) for this object.
License certificates contain policies and are managed by a policy
manager.
Activation Key—A sequence of numbers and letters; allows you to
complete the installation of a license certificate for a product you
purchased.
All license certificates require an activation key. Software vendors
usually include the activation key in a .KEY file along with the certificate.
This combination enables the Activation Key to be installed
automatically during installation. However, if the installation program
can't locate an Activation Key, a prompt allows you to enter it.
Envelope—An .NLF file that contains one or more license certificates; a
convenient way of packaging multiple license certificates to be
distributed as a single file.

103-000138-001
August 30, 2001
Novell Confidential
Because multiple license certificates can exist in an envelope, envelopes

allow you to install several license certificates at the same time.
Envelopes can contain an embedded activation key for license
certificates.
A sample envelope file is 4234171D.NLF.
License Container object—An object in eDirectory; contains one or
more License Certificate objects.
A License Container object is a special container object in eDirectory.
(Other container objects include [Root] or Tree, Country, Organization,
and Organizational Unit.)
License Container objects are named using publisher, product, and
version. For example, Corel* WordPerfect* version 9 could appear as
follows in a tree:
When you install a license certificate or create a metered certificate, NLS

creates a License Container object and a License Certificate object. (If a
license container already exists, NLS places the additional license
certificate in that existing container.)
Using iManage, you can view License Container objects as they appear
in the eDirectory tree.
Licensing model—The way a vendor allows its customers to use its
licensed products.
NLS can support many models of licensing. For example:
Nonconcurrent connections in BorderManager
Server Connection Licensing (SCL) in NetWare 4 and NetWare 5
User Access Licensing (UAL) for Novell Cluster ServicesTM and
NetWare 6
For information about the licensing model for the product that you use,
refer to the product-specific documentation.

103-000138-001
August 30, 2001
Novell Confidential
Policy—An electronic representation of a term or condition in your

license agreement. Policies are contained in license certificates. For
example, a certificate for a company could include the following tags for
policies:
Each license unit is consumable.
Each license unit allows nodal reuse. (A user can use it multiple
times from different workstations.)
The certificate does not require an license service provider
assignment.
Duplicate certificates can be installed (an important tag for Master
License Agreement accounts).
The certificate is an evaluation license certificate.
The certificate has a soft stop. (The policy allows users to use the
service even though a license unit is not available. However, a
network administrator receives notification that the company is out
of compliance.)
The certificate uses secrets.
The certificate is digitally signed.
A policy is tied to a license certificate and a policy manager, not to the
licensing service. A policy can be flexible, simply by changing (or
replacing) a license certificate.
Policy Manager (Gatekeeper)—Code that makes decisions based on
requests from a licensing service.
A policy manager
Is part of the application
Makes the application NLS-enabled
Requests licenses from NLS
Receives responses from NLS regarding availability of license units
Decides whether to grant access to certain program functionality
Informs the license service provider when a license unit is no longer
being used
Contains mechanisms (policy) for handling errors concerning failed
requests for license units

103-000138-001
August 30, 2001
Novell Confidential
Each NLS-enabled product has its own policy manager. The policy
manager for NetWare differs from the policy manager for
BorderManager. Both of these policy managers differ from the policy
manager for a third-party software manufacture’s application.
Because each application or service supports a different policy, you might
have many policy managers running on a network.
Notification—A message that informs you about the licensing service or
a problem concerning your compliance with the terms and conditions
licensing agreement.
System Alert notifications inform a designated person that one of the
following has occurred:
An eDirectory communication error related to the licensing service
An eDirectory schema error related to the licensing service
A transaction logging error
Out of Compliance notifications inform a designated person that your
company is out of compliance with the terms and conditions of your
licensing agreement.
By default, the designated person is whoever installs the license
certificate. You can modify (change, delete, add) objects that receive
notifications. Multiple network users or groups can receive notifications.
Notifications are sent through the NetWare Broadcast utility and
(optionally) SNMP.
Unlicensed access—An allowance beyond the number of license units
purchased.
Software manufacturers can allow unlicensed access (a grace condition)
on their license certificates. This functionality allows users to continue
using the product while you purchase and install more license certificates.
NOTE: Unlicensed access does not grant licenses. The terms and conditions of
your license agreement specify how the product is to be used.
To see how a product handles unlicensed access, refer to the product-

specific documentation.
Stop—A policy in a License Certificate object.
A hard stop policy informs users that they are out of compliance with
the terms and conditions of the license agreement. A hard stop
prevents users from accessing a license unit. The hard stop could
result from all available license units already being in use.

103-000138-001
August 30, 2001
Novell Confidential
NOTE: NLS is a service. The terms and conditions of your license agreement
determine how the product is to be used.
A soft stop policy informs users that they are out of compliance but
allows them to continue using license units under certain conditions.
A no stop policy ignores situations in which no license units are
available. NLS keeps track of the overage by logging the
noncompliance, but does not inform or warn the user.
Examples of NLS Clients
Example 1: NLS Client Software on a Client Workstation
At your Windows 2000 workstation you want to use OptionsPlus, an NLS-

enabled application. After you click the icon for OptionsPlus, that application
loads on your client workstation.
OptionsPlus then requests a license unit. The NLS component (a .DLL file
linked to OptionsPlus software) locates a license service provider (an NLS
component running on a server). That license service provider searches
eDirectory for a License Certificate object that has license units available.
The license service provider responds to the NLS client in OptionsPlus and
allows you to use the application.
Example 2: NLS Client Software on a Server
When starting a server, NetWare loads and runs eDirectory and license service
provider, two necessary components of the NLS system.
Before completing its bootup, NetWare’s policy manager uses NLS client
software (an NLM library for NLS) to request a server base license from the
license service provider.
The license service provider then queries eDirectory for a license certificate.
If a license unit is available, the license service provider then grants the
request for the policy manager, and the NetWare server is allowed to run.
NLS itself does not enforce licensing. Instead, it checks out a license unit or
returns the appropriate error condition to the application. The policy manager
part of the application then determines whether the user can use the
application or how the error condition is reported.

103-000138-001
August 30, 2001
Novell Confidential
Example 3: Metering
A client workstation requests an application that is not NLS-enabled.

ZENworks, integrated with NLS, requests a license unit on behalf of the
application.
Depending on the response from NLS, Application Launcher in ZENworks
chooses whether or not to load the application. Therefore, Application
Launcher can be configured to request license units for applications that are
not NLS-aware.
How NLS Works

The following figure illustrates how NLS Works.
1 2
The LSP searches the eDirectory
Licensing-enabled software
tree for a License Container
requests a license.
object with available licenses.
License Container object

License Certificate
License Service
Provider
The LSP checks out a license
The LSP indicates license from a License Container object
availability. for software to use.
4 3
The following list describes how License Service Providers (license service
providers) handle requests from NLS clients by interacting with the
eDirectory database.
1. An application issues a request to the NLS client.
In NetWare, for example, the server requests a license unit on behalf of
the user that is connecting to the server. The server issues this request to
the NLS client.
2. The NLS client library packages the request from the application and
submits it to an license service provider.

103-000138-001
August 30, 2001
Novell Confidential
In NetWare, for example, the NLS client communicates with the license
service provider on that server.
3. The license service provider examines the request and determines
whether it can fill the request. It does this by checking the eDirectory
context of the requesting client for the specific information or license unit
being requested.
In NetWare, for example, the license service provider searches the user’s
context for a NetWare license unit.
4. If the requested resource is available, the license service provider fills the
request. If the license service provider cannot fill the request, it searches
for a resource. Where an license service provider starts its search for a
resource depends on what the requesting application has specified.
The license service provider can check the next-higher context in
eDirectory for the requested resources. The license service provider
continues to search until it reaches the [Root] or Tree of the partition or
the top of the tree, depending on how the license service provider is
configured.
In NetWare, for example, the license service provider starts in the user’s
context and searches up the eDirectory tree for a user license.
The following figure illustrates how an license service provider searches
for a license certificate in the User Access Licensing model.

103-000138-001
August 30, 2001
Novell Confidential
License
certificate
B C
Server
D E
Begins
searching
here
User
In this example, the user accesses the network from context .E.C.A. To
search for a license unit, the license service provider begins its search in
the user’s context—.E.C.A The license service provider searches up the
tree to context A and finds an available license unit.
5. The license service provider returns status to the client library.
In NetWare, for example, if the license service provider finds a NetWare
license unit, it returns a successful status to the library. Otherwise, it
returns an error code.
6. The library returns status to the application.
In NetWare, for example, the library returns licensing status to the server.
7. The application determines action based upon the status of license units.
In NetWare, for example, the server determines an action. If the status is
successful, the server allows a connection to the server. Otherwise, the
server allows a grace connection if one is available, or denies service if a
grace connection isn’t available.

103-000138-001
August 30, 2001
Novell Confidential

103-000138-001
August 30, 2001
Novell Confidential
2 Installing Novell Licensing Services
This chapter discusses

“Guidelines for Installing NLS” on page 21
“Installing NLS” on page 22
“Verifying That NLS Is Installed” on page 22
Guidelines for Installing NLS

Prepare the network.
If you are upgrading a server, the server should have a read/write replica
of the partition where the NetWare® 6 server will be installed.
Provide fault tolerance.
Two servers running NLS in a partition provide fault tolerance. If one
server goes down, the other provides required licensing services.
We recommend that the master replica be on one of these servers.
Upgrade existing NLS.
Before installing NetWare 6, ensure that your servers have the following
Support Packs installed.
NetWare Version Support Pack
NetWare 4 NetWare 4 Support Pack 6a or later
NetWare 5.0 NetWare 5.0 Support Pack 4 or later
NetWare 5.1 NetWare 5.1 Support Pack 2 or later
Installing Novell Licensing Services 21

103-000138-001
August 30, 2001
Novell Confidential
NOTE: If you are running NetWare for Small Business or NetWare for Growing
Business, you should install the corresponding Support Pack before upgrading to
NetWare 6.
Know where to install NLS.

For more information, see Guidelines for Installing License Certificates
in the User Access Licensing for NetWare Guide.
Installing NLS
When you install or upgrade to NetWare 6, NLS is automatically installed. For
a NetWare 6 server in a new eDirectory tree, no other action concerning the
licensing service is required.
For fault tolerance, you should have NetWare 6 (or NLS) running on a second
server in same partition as the other server.
NLS-enabled applications can use the licensing service. See the product-
specific documentation for information about implementing the licensing
services for that product.
Verifying That NLS Is Installed

1 At the server console GUI, click Novell > Install, and then look for an
NLS entry.
If NLSLSP.NLM is running on the server, enter the following at the
server console:
modules nls*
If NLS_LSP_servername is a leaf object in eDirectory, vew this
object in iManage.

103-000138-001
August 30, 2001
Novell Confidential
3 Using Novell Licensing Services
You can manage NLS functionality in iManage, the Novell® browser-based

management tool, to complete the following tasks:
“Managing License Certificates” on page 23
“Deleting a License Certificate” on page 25
“Moving a License Certificate” on page 25
“Modifying or Deleting Server Assignments” on page 26
“Viewing Information about License Certificates and Containers” on
page 26
You can still use NetWare Administrator to administer NLS.
You can also use SNMP to view information about your network and
licensing. See “Using SNMP” on page 27.
Managing License Certificates

You can install license units contained within a single license certificate or an
envelope.
About Single Certificates

When a certificate for an NLS-aware application is installed, NLS adds a
License Container object to the tree and a License Certificate object to that
container object. You select the context or location in the eDirectoryTM tree for
that License Container object.
You install license certificates by accessing envelope files (.NLF).
Using Novell Licensing Services 23

103-000138-001
August 30, 2001
Novell Confidential
If you purchase and install additional license certificates, they will also be
added to the eDirectory tree as objects in the appropriate License Container
object.
About Envelopes
An envelope is an .NLF file containing one or more license certificates. (The
envelope might have just one certificate because it also contains other
information associated with the product—for example, information for NIS-
enabled installations.)
Envelopes let you install more than one license certificate at a time into
License Container objects. For example, if you have purchased three products
in a suite, you can use an envelope to simultaneously install license certificates
for all three products.
When adding license certificates to the eDirectory tree, you should know
where in the tree you want to install the license certificate. This location or
context will determine who can use the license units associated with that
license certificate. For more information on placing licenses, see Guidelines
for Installing License Certificatesin User Access Licensing for NetWare.
Installing License Certificates

1 In iManage, click License Management > Install License.
2 Navigate to and select a license file, and then click Next.
The file might be on a diskette in drive A: or on a CD-ROM.
A sample path and filename for a license certificate is
A:\LICENSE\43D211.NLS. A sample path and filename for an envelope
is A:\LICENSE\.43D23E.NLF.
The file, usually linked to an activation file (key), automatically retrieves
the password (if one is available).
3 Select the licenses to install, and then click Next.
Each license includes the user licenses and a server license. Each server
must have a server license associated with it.
If the licenses are to be installed in different contexts, you should install
the licenses one at a time.
If you choose to install a server license and one is already assigned to the
server, the server license install will fail.

103-000138-001
August 30, 2001
Novell Confidential
4 Fill in the following fields:

Location: Browse to or enter the context where you want the licenses
installed. User licenses should be installed at or above the user's context.
You might want to install the licenses high in the tree so that they will be
available to more users. Server licenses should be installed at or above the
server's context.
Server Assignment: If you are installing a server base license, the Server
Assignment field displays. Browse to or enter the fully distinguished
name of the Server object you want the license assigned to.
Enter an Activation Key: This field displays only if you are required to
provide an activation key to unlock a license. You can either enter the key
as text or select an activation key file to be read from a disk.
The results of installing the licenses appears.
5 To install another license or to reinstall a license that failed, click
Continue; otherwise, click Done.
Deleting a License Certificate

1 In iManage, click License Management > Delete License.
2 Navigate to and select a license to delete, and then click Next.
3 Confirm that this is the license to delete and click OK.
Moving a License Certificate

1 In iManage, click License Management > Move a License.
2 Navigate to and select a license to move, and then click Next.
3 Navigate to and select the context where you want to move the license to,
A results screen displays showing the result of the moving the certificate.
4 Click OK.

103-000138-001
August 30, 2001
Novell Confidential
Assigning Licenses to a Server

Each server needs a server license. You need to install a server license only if
you did not install licenses during the installation process or if the server
license was deleted. To install a server license certificate, follow the steps in
“Installing License Certificates” on page 24.
Modifying or Deleting Server Assignments

1 In iManage, click License Management > Manage License Properties.
Enter the fully distinguished name of the Server object you want the
license assigned to.
Delete a server assignment by removing the server information from
the field.
4 Click Done.
Viewing Information about License Certificates and

Containers
When you install a license certificate or create a metered certificate, a License
Certificate object is added to the eDirectory database. NLS also adds a License
Container object, if one doesn't already exist, and places the License
Certificate object in that container.
Using iManage, you can view information about licenses and their usage for
the License Certificate container or license.
1 In iManage, click License Management > Manage License Properties.
3 Select a tab to display the information you want to view.

103-000138-001
August 30, 2001
Novell Confidential
Using SNMP
You can use SNMP to find out about licensing service events on your network.
About SNMP and NLS

SNMP is a management interface and high-level protocol. General-purpose
protocols such as IPXTM, TCP/IP, and UDP can host SNMP. NLS takes events
and errors, wraps them in one of these protocols, and sends them to a
management utility or console.
For example, suppose you instruct SNMP to raise an event whenever a license
unit is conveyed to a User object. Every time a license unit is conveyed,
SNMP sends a packet to a management console. The console registers that
event. As network administrator, you can view these packets at the
management console.
With SNMP, you can send out a wide variety of different events. NLS
provides a list of events and errors that the licensing service can send out
notifications on. As network administrator, you choose the events that you are
interested in. You can turn off all events, turn them all on, or turn on selected
events.
For example, NLS sends broadcast messages. Using SNMP, you can send an
SNMP message with the same content to a management console.
In short, SNMP enables you to be aware of what's happening on the network.
Why You Need a Management Console

An SNMP management product—for example, OpenView* or
ManageWise®— resides on the network and registers itself as the
management console. An SNMP agent (SNMP.NLM) runs on a NetWare
server. The SNMP pieces on each server send the SNMP datagrams to the
console. You use the console to track what's happening on the network.
You can place the management console anywhere on the network. This
console reads the SNMP packets and displays their contents to you, as the
network administrator. Typically these consoles are run on client computers
for convenience, but that functionality can be implemented on any computer
on the network.

103-000138-001
August 30, 2001
Novell Confidential
Three Configuration Files for SNMP

NLS uses three configuration files for SNMP. The configuration files allow
the various systems which provide SNMP information to tailor that
information to your needs as you manage the network. All three files are
installed into SYS:\ETC.
SNMP.CFG lets you add descriptive strings that might be included in SNMP
packets. These packets provide you with specific information, such as server
name, computer hardware description, location, and whom to contact in case
of an issue.
NLSTRAP.CFG lets you specify which NLS events and errors you want to
track. NLSTRAP.CFG has a list of all possible events that NLS could ever
send out. The file contains two lines for each event. The first line is a
description. The second line enables or disables notification for that event. If
the line begins with a pound sign (#), no message is sent.
By default, all lines (events) are commented out. To see an event, you edit
NLSTRAP.CFG. The file contains a description at the top about the format and
what to do with each value. You just turn on what you want to see.
If NLSTRAP.NLM detects an event that is enabled in the NLSTRAP.CFG file,
NLSTRAP.NLM calls routines provided by SNMP.NLM to place the SNMP
packet on the network.
TRAPTARG.CFG lets you specify all targets (or receivers) that are to receive
SNMP trap messages generated by the SNMP agent (SNMP.NLM). It pairs
targets with a protocol for SNMP packet addressing. For example, a server
named PUFFIN in the IPX section of TRAPTARG.CFG instructs NLS to send
SNMP messages to server PUFFIN using IPX.
Implementing SNMP
1 Edit NLSTRAP.CFG to set events that you want to monitor.
Specify parameters by using a parameter keyword followed by the
desired parameter value. Then unload and reload NLSTRAP.NLM. (The
changes won't take effect until you reload NLSTRAP.NLM.)
2 Edit SNMP.CFG.
3 Edit TRAPTARG.CFG to specify all targets that are to receive SNMP trap
messages.
4 Run the management console.

103-000138-001
August 30, 2001
Novell Confidential
5 Load SNMP.NLM on a server.

SNMP.NLM (the SNMP agent) provides the APIs and framework to
allow SNMP to work on NetWare. SNMP.NLM traps events, generates
SNMP messages about the trapped events, and sends the messages to the
management console.
6 At the management console, view the SNMP messages.

103-000138-001
August 30, 2001
Novell Confidential

103-000138-001
August 30, 2001
Novell Confidential
4 Troubleshooting Novell Licensing

Services
This chapter contains tips, information about system messages and error
codes, and a list of Technical Information Documents.
“Tips” on page 31
“Error Codes and System Messages” on page 33
“TIDs” on page 34
Tips
Unable to get a server base license

Problem: The server console displays “Unable to get a Server Base license.”
Action: Delete and reinstall the license certificate. If you use iManage, you
must manually make a server assignment during the installation of the licenses
certificate. (If you are an MLA account, do not make a server assignment.)
No access to license units

If License Service Provider objects are not well placed in the eDirectoryTM
tree. Some NLS clients might not have access to licensing services
Place license certificates as close as practical to the actual users but high
enough in the eDirectory tree so that everyone who needs to access them can
do so.
Consider the following guidelines:
Troubleshooting Novell Licensing Services 31

103-000138-001
August 30, 2001
Novell Confidential
Place server license certificates so that NLS servers do not have to

traverse slow WAN links to access license units.
Place user certificates so that NLS dos Not have to traverse WAN links
when users are authenticating to the tree.
Place at least one License Service Provider object in a container near the
root of the tree. Also, consider loading license service provider software
on servers that many or most users log in to in the eDirectory tree. These
two actions distribute requests for license units.
Identify license certificates that many users throughout the eDirectory
tree will use. Place these license certificates in a context near the root of
the eDirectory tree.
Identify license certificates that a small group will use. Place these license
certificates in the same eDirectory context as those users' objects.
Identify license certificates that larger groups will use. Place these
certificates in the eDirectory context that represents the root-most context
for the group.
The system erroneously reports duplicate licenses

Problem: The system reports that duplicate licenses are installed in the
eDirectory tree.
Possible cause: In a using earlier versions of NLS, you installed a license
certificate, deleted it, and then reinstalled it elsewhere in the eDirectory tree.
When the earlier NLS dredge process walks the eDirectory tree and looks for
certificates, the dredge encounters the deleted certificate and considers it a
duplicate.
Solution: If that license certificate was the only certificate in the License
Container object, delete the License Container object where the certificate was
installed and deleted. (Don’t delete the License Container object if it contains
other license certificates.)
Solution: Deploy the current version of NLS by installing the NetWare 4
Support Pack 6a and NetWare 5 Support Pack 4 on you servers.

103-000138-001
August 30, 2001
Novell Confidential
Error Codes and System Messages

Many messages for Novell® Licensing Services are self-documenting;
information that you need appears on-screen with the message. Additional
information about error codes are provided below. Other error codes are
provided in NLSLSP Messages in System Messages.
Error Code C0001002 Displays
Possible Problem Possible Solutions
You removed and reinstalled See TID 2941280.

eDirectoryTM.
The Server object and [Public] don’t Make sure that the Server object
have enough rights. (NLS_LSP_server) has the Browse
right to the License Certificate objects.
Make sure that the Server object has

the Read property right to “All
Properties.”
Make sure that [Public] has the Browse

right to the License Container object
where the license certificates are
stored. See TID 2943750.
You deleted the server base license (a Reinstall the license certificates. See
License Certificate object). TID 2943405.
You removed the read/write replica See TID 2949634.

from the NLS server. (The NLS server
is running NLSLSP.NLM. It’s the server
that shows up in NetWare Administrator
as NLS_LSP_server.)
Two NetWare 5 servers contain a See TID 2950971.

replica of the [Root] or tree partition.
Troubleshooting Novell Licensing Services 33

103-000138-001
August 30, 2001
Novell Confidential
Error Code C0001005 Diplays
Possible Problem Possible Solution
The license certificate requires a server Assign a server. See “Modifying or

assignment but doesn’t have one. Deleting Server Assignments” on page
26.
TIDs
The following TIDs might help you resolve some issues relating to NLS on
your network. The TIDs are available at www.support.novell.com/servlet/
knowledgebase.
TID Description
2943405 What to do when the server is unable to obtain a valid server

base license
2944797 Installing MLA certificates
2925689 Renaming a server
2943157 Moving a server to a different NDS context
2949634 Responding to a C0001002 message

103-000138-001
August 30, 2001
Novell Confidential
Novell
iFolder
www.novell.com
1.0
November 21, 2001

Novell Confidential
Contents
Contents 5
Novell iFolder Administration Guide 7
1 Welcome to Novell iFolder 9

What Is Novell iFolder? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2 Installing Novell iFolder on NetWare 5.1 13

Server Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Client Workstation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Browser Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Installing Novell iFolder on NetWare 5.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3 Installing Novell iFolder on NetWare 6 19

Installing Novell iFolder on NetWare 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Post-Installation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Subcontainer Searches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
LDAP over SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Port 389 and Clear Text Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4 Installing Novell iFolder on Windows NT 4.0 or Windows 2000 25

Installing Novell iFolder on Windows NT 4.0 or Windows 2000 . . . . . . . . . . . . . . . . . . 26
Configuring the iFolder Web Site on Windows NT 4.0 . . . . . . . . . . . . . . . . . . . . . 30
Configuring the iFolder Web Site on Windows 2000 . . . . . . . . . . . . . . . . . . . . . . 30
5 Installing Novell iFolder on Novell Cluster Services 33

Post-Installation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
6 Using Novell iFolder 37

Managing Novell iFolder Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Using the Conflict Bin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Contents 5

103-000132-001
November 21, 2001
Novell Confidential
Using the Server Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Removing an iFolder Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Restoring a User’s Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Changing LDAP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Optimizing Your iFolder Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
6 Novell iFolder Administration Guide

103-000132-001
November 21, 2001
Novell Confidential
Novell® iFolderTM 1.0 is a file storage and management solution to the

universal problems associated with storing and retrieving data. With iFolder
you have the latest version of your data when you need it and where you need
it from any computer that you regularly use. And if you are not at a computer
that you regularly use, you can still access and manage your files if you have
an Internet connection and a Java-enabled browser.
Novell iFolder Administration Guide 7

103-000132-001
November 21, 2001
Novell Confidential

103-000132-001
November 21, 2001
Novell Confidential
1 Welcome to Novell iFolder
Novell® iFolderTM gives you automatic, secure, and transparent

synchronization of files between your hard drive and the iFolder server, which
results in easy access to personal files anywhere, anytime.
Being able to access your files from any computer from any location
eliminates the editing mistakes and menial updating tasks that frequently
occur when your local machine is not accessible from different access points.
The following figure illustrates how the iFolder server is accessed from
different computers or locations.
Laptop Office
Novell
iFolder
John Home Server John Home
LDAP Directory
Home
John Home
John Home
Your iFolder Files
Kathy Home
through a Browser
Sam Home
Welcome to Novell iFolder 9

103-000132-001
November 21, 2001
Novell Confidential
What Is Novell iFolder?

There are three components to Novell iFolder:
iFolder server software
iFolder runs on NetWare® 5.1, NetWare 6, Windows NT* 4.0, and
Windows 2000 servers.
Once you have installed the iFolder server software on your server, your
users can install the iFolder client in order to access their iFolder files, and
you can access the Server Management Console and the default iFolder
Web site to manage your iFolder user accounts.
From the Server Management Console, you can perform administrative
tasks for all your iFolder user accounts. From the iFolder Web site, your
iFolder users will download the iFolder client software. It is also where
you can access the Java* applet and view your iFolder files from a
browser. The iFolder Web site is meant to be customized to fit your
company’s look, feel, and business needs.
iFolder client software
Novell iFolder client is compatible with Windows* 95, 98, 2000, NT, and
ME workstations.
The iFolder client must be installed on every workstation that you will use
to access your iFolder files.
The following three items are created when iFolder is installed on the
workstation:
A shortcut pointing to your iFolder directory (located in My
Documents\iFolder\userid\Home) appears on your desktop.
The iFolder icon looks like this:
The iFolder directory, located on your computer’s hard drive, is

where you will keep your files. Once a file is placed in the iFolder
directory and synchronized out to the iFolder server, you can see it
from all workstations that you are logged in to that have the iFolder
client installed. Applications associated with the files in the iFolder
directory must be installed at the local workstation. For example, if
you have a Microsoft* Word document in your iFolder directory, you

103-000132-001
November 21, 2001
Novell Confidential
need to have the application installed on your workstation in order to

access that file. Any changes that are made in this directory, from any
workstation, are uploaded to the iFolder server. The frequency of the
uploading can be determined by either the user or the network
administrator.
The iFolder icon appears in the system tray of your workstation.
When you right-click the iFolder icon located in the system tray, you
get a menu giving you access to your iFolder preferences and an
activity status screen displaying what transactions are taking place
between the client workstation and the iFolder server. The activity
screen can also be accessed by double-clicking the iFolder icon. If
the iFolder client is in the process of transfering files to or from the
iFolder server, the icon will look like a folder with a moving arrow,
indicating the direction of the transfer.
A user account is automatically created on your iFolder server.
This account is created the first time the user logs in to the iFolder
server. When the account is created, iFolder asks you for a username
and a password. Next, iFolder asks you if you want to encrypt your
data. If you decide to encrypt your data, you are then prompted for a
pass phrase. This pass phrase is used to encrypt files that are
uploaded or downloaded to the server.
If you uninstall the iFolder client, the user account is never deleted
on the server. This must be done via the Server Management
Console. For more information, see “Using the Server Management
Console” on page 38.
iFolder Java applet
The iFolder Java applet runs in Internet Explorer or Netscape*. From the
browser, you can access your iFolder files from a computer that does not
have the iFolder client installed.
These three pieces—the iFolder server software, the iFolder client software,
and the Java applet— work together seamlessly to provide you with instant
access to any iFolder files stored on your hard drive from anywhere in the
world.
If you are installing Novell iFolder on NetWare 5.1, follow the instructions in
Chapter 2, “Installing Novell iFolder on NetWare 5.1,” on page 13.
If you are installing Novell iFolder on NetWare 6, follow the instructions in
Chapter 3, “Installing Novell iFolder on NetWare 6,” on page 19.
Welcome to Novell iFolder 11

103-000132-001
November 21, 2001
Novell Confidential
If you are installing Novell iFolder on Windows NT 4.0 or Windows 2000,

follow the instructions in Chapter 4, “Installing Novell iFolder on Windows
NT 4.0 or Windows 2000,” on page 25.
If you are installing Novell iFolder on Novell Cluster Services, follow the
instructions in Chapter 5, “Installing Novell iFolder on Novell Cluster
Services,” on page 33.

103-000132-001
November 21, 2001
Novell Confidential
2 Installing Novell iFolder on NetWare

5.1
Before you begin the iFolderTM installation, make sure that you have met the
following iFolder server, client, and browser requirements.
Server Requirements
NetWare® 5.1 server with Support Pack 3 installed.
NetWare Support Packs are available at the Consolidated Support Pack
Home Page (http://support.novell.com/csp/csplist.html).
An LDAP v3 enabled directory, such as NDS® eDirectoryTM 8.5. (Other
LDAP v3 compliant directories will also work.)
If you are using the same server for LDAP and iFolder, you must install
NDS eDirectory 8.5 or later on your server.
10 MB of free space on the SYS: volume where you plan to install
iFolder.
256 MB of RAM.
If your LDAP server is not the same server as your iFolder server, and you
want LDAP over SSL, copy the trusted root certificate (usually called
ROOTCERT.DER) from your LDAP server to the SYS:Public directory
of your iFolder server. (Remember where you copied this because you
will be prompted for its location during the iFolder installation.)
If you have a DNS name configured for your iFolder server, verify that
the DNS name and its corresponding IP address are in the
SYS:ETC\HOSTS file of your iFolder server.
Installing Novell iFolder on NetWare 5.1 13

103-000132-001
November 21, 2001
Novell Confidential
Client Workstation Requirements

Novell® iFolder is compatible with Windows 95, 98, 2000, NT, and ME
workstations. The iFolder client is very small and will take only about 2 MB
of free space on your workstation.
IMPORTANT: If you are installing the iFolder client on a Windows 95 workstation,
you must have the Winsock 2 update from Microsoft installed. This update can be
downloaded from the Microsoft Web site (http://www.microsoft.com/Windows95/
downloads/contents/WUAdminTools/S_WUNetworkingTools/W95Sockets2/
Default.asp).
Browser Requirements
You can use either Netscape 4.7 or later or Internet Explorer 5 or 5.5 to
download the iFolder client. Netscape 6 is not supported with this release.
IMPORTANT: Although you can use either Netscape or Internet Explorer (IE) to
download the iFolder client, IE 5 or 5.5 must be installed on every workstation
where you plan to install the iFolder client.
Installing Novell iFolder on NetWare 5.1

Novell iFolder uses the Apache Web server version 1.3.20. Apache uses port
80, which happens to be the same port that NetWare Enterprise Web server
(the default NetWare Web server) uses. In order to run the Apache Web server,
you must unload the NetWare Enterprise Web server before you can install
iFolder. If you want to run both the Apache Web server and the NetWare
Enterprise Web server, you must set the secondary IP address prior to the
iFolder installation and assign either the Apache or Enterprise Web server to
that secondary IP address.
1 On your workstation, map a Novell drive to the SYS: volume on the
server where you plan to install iFolder and Apache.
IMPORTANT: Apache must be installed on the SYS: volume.
2 Locate the iFolder software that you downloaded and double-click the
iFolder Apache server executable (ApacheiFolderServer.EXE) for
NetWare.
3 Read the Welcome screen and click Next.
4 Click Yes to accept the licensing agreement.

103-000132-001
November 21, 2001
Novell Confidential
5 Enter your username and the name of your company, and then click Next.
6 Browse to the drive letter that you mapped in Step 1 and then click Next.
HINT: In order to install Novell iFolder on multiple servers from the same
workstation, you must delete the directory that represents your last installation. To
do this, go to C:\Program Files\Installshield Installation Information. If there are
multiple directories, look at the their creation timestamps and delete the one that
was created at the time that you performed your last installation. After you delete
this directory, you should be able to install Novell iFolder on another server from
the same workstation.
7 (Conditional) If Apache is already installed on your server, choose one of

the following options and then click Next:
Overwrite the existing Apache installation on your server and install
Apache and iFolder.
Leave the existing Apache installation on your server and install only
iFolder.
Exit the install.
8 (Conditional) If you chose to overwrite an existing Apache installation,
or if Apache was not previously installed on your server, enter the DNS
name or the IP address of the server, your e-mail address, and then click
Next.
9 Enter the IP address of your LDAP server in the LDAP Host field.
10 Enter the LDAP port you want to use.
If you are using port 389, the LDAP Group object must be marked to
Allow Clear Text Passwords. To verify this, launch ConsoleOneTM and
locate the context where your server resides, right-click the LDAP Group
object, click Properties, and check Allow Clear Text Passwords.
HINT: Choose port 389 if you want to use LDAP without SSL encryption or if your
LDAP server does not support SSL. Port 389 is also a good choice if iFolder and
LDAP are running on the same server (no communication or data is being
transferred across the wire, so no encryption is necessary).
Choose port 636 if you want to use SSL, which provides your network with
encryption and security when data is transferred across the wire. If you choose port
636, make sure you have copied the ROOTCERT.DER file from your LDAP
server’s SYS:PUBLIC directory to your iFolder server prior to the iFolder
installation.
11 (Conditional) If you have chosen port 636, enter the path to the LDAP
trusted root certificate.

103-000132-001
November 21, 2001
Novell Confidential
This will be the path to the SYS:Public directory where you copied the
ROOTCERT.DER prior to the installation. For more information, see
“Server Requirements” on page 13.
12 Enter the LDAP login DN context.
This is the context of the container where your User objects are located.
iFolder allows you to enter multiple contexts. After each context, insert a
semicolon. Do not put any spaces between the contexts.
13 (Optional) If you want iFolder to search all subcontainers below the
specified LDAP login DN context, make sure you check the Subcontainer
Search check box.
14 (Conditional) If you checked the Subcontainer Search check box, you
must do one of the following:
Assign the CN property to the Public object.
To assign the CN property to the Public object, continue with the next
step.
Create an LDAP proxy user.
To create an LDAP proxy user, follow the instructions in Step 16 on
page 17.
15 (Conditional) Assign the CN property to the Public object.
IMPORTANT: Any rights assigned to the Public object are automatically inherited
by all other objects in the NDS tree. You might not want to assign the CN property
to the Public object if these rights will cause a security risk. If your iFolder server
is outside the firewall and you do not want the CN property assigned to all objects
in your NDS tree, you can also use an LDAP Proxy Username to search the
subcontainers of your tree.
15a Launch ConsoleOne.

15b Right-click your Tree object and then click Properties.
15c Click NDS Rights > Public object > Assigned Rights > Add Property.
15d Check the Show All Properties check box located at the bottom of the
screen, select the CN property from the list, and then click OK.
15e Check the Inheritable check box and then click OK > Apply > Close.
Continue with Step 17.

103-000132-001
November 21, 2001
Novell Confidential
16 (Conditional) Create an LDAP proxy user.

16b Create a user without a password.
16c Right-click your Tree object and then click Properties > NDS Rights
> Add Trustee.
16d Select the User object you just created and then click OK.
16e When the Rights Assigned to Selected Object dialog box appears,
click Add Property.
16f Check the Show All Properties check box, select the CN property
from the list, and then click OK.
16g Click OK > Apply > Close.
16h Right-click the LDAP Group object in your NDS tree and then click
Properties > General.
16i Click the Browse button next to the Proxy Username field, select the
user that you just gave trustee rights to, and then click OK.
The user now appears in the Proxy Username field.
16j Click Apply > Close.
17 Click Next in the iFolder setup.
18 (Conditional) If you are using a secondary LDAP server, enter the LDAP
information for that server.
Fill in this information only if you have two LDAP directories that
contain usernames that need iFolder accounts. For example, suppose you
have one LDAP directory that contains all your employee usernames and
another LDAP directory that contains all your vendor usernames and you
want the users from both directories to have iFolder accounts. You would
enter the information for a secondary LDAP server.
19 Enter the path to the directory where you want the iFolder user data to be
20 Enter the names of all the administrators who need rights to modify
iFolder user account information via the Server Management Console
HINT: The Admin names must have user accounts in your LDAP directory.
If you are entering more than one name, separate the usernames with a
semicolon, not spaces. For example, if you wanted users jsmith and

103-000132-001
November 21, 2001
Novell Confidential
admin to have rights to administer the Server Management Console, you

would enter admin;jsmith.
21 If prompted, enter the IP address or the DNS name of your server and then
click Next.
22 Click Finish to complete the installation.
If you are using only one IP address, to start Novell iFolder you can
reboot your server (this will run the edited AUTOEXEC.NCF) or
enter the following commands at the server console:
search add sys:\Apache
search add sys:\Apache\iFolder\Server
STARTIFOLDER
If you are using two IP addresses, edit the AUTOEXEC.NCF file and
enter the following lines after the search add
sys:\Apache\iFolder\Server command line:
set command line prompt default choice=on
set command line prompt time out=60
Also enter ? in front of the STARTIFOLDER command line.
Once you have edited the AUTOEXEC.NCF, to start Novell iFolder
you can reboot your server (this will run the edited
AUTOEXEC.NCF) or enter the following commands at the server
console:
search add sys:\Apache
search add sys:\Apache\iFolder\Server
STARTIFOLDER
Novell iFolder is now installed on your NetWare 5.1 server. To learn more
about Novell iFolder, go to Chapter 6, “Using Novell iFolder,” on page 37.

103-000132-001
November 21, 2001
Novell Confidential
3 Installing Novell iFolder on NetWare 6
Server Requirements
10 MB of free space on the SYS: volume where you plan to install
iFolder.

IMPORTANT: If you are installing the iFolder client on a Windows 95 workstation,
you must have the Winsock 2 update from Microsoft installed. This update can be
Default.asp).
Installing Novell iFolder on NetWare 6 19

103-000132-001
November 21, 2001
Novell Confidential
Installing Novell iFolder on NetWare 6

1 Do a Custom install of NetWare 6.
For instructions on installing NetWare 6, see the NetWare 6 Overview and
Installation Guide.
2 During the NetWare 6 installation, select iFolder as one of the products
that you want to install.
3 (Conditional) If prompted, resolve port conflicts or assign secondary IP
addresses.
If you are installing iFolder with no other Web products, you will not see
this screen.
4 When prompted, enter the following information:
User data
Enter the path to the directory where you want the iFolder user data
to be stored on the iFolder server.
Admin names
Enter the names of all the administrators who need rights to modify
iFolder user account information via the Server Management
Console.
HINT: The Admin names must have user accounts in your LDAP directory.
If you are entering more than one name, separate the usernames with
a semicolon, not spaces. For example, if you wanted users jsmith and
admin to have rights to administer the Server Management Console,
you would enter admin;jsmith.
Network domain
Enter the IP address or the DNS name of your server.
Admin’s e-mail addresses
5 At this point, if you do not want to configure any LDAP settings, you can
finish the NetWare 6 installation. No post-installation tasks are required.
To learn more about iFolder once it is installed, see Chapter 6, “Using
Novell iFolder,” on page 37.
If you would like to configure your LDAP settings, continue with Step 6.

103-000132-001
November 21, 2001
Novell Confidential
6 (Optional) Continue with the NetWare 6 installation until you get to the
Summary screen at the end of the NetWare 6 installation.
The Summary screen lists all the products that you have selected to install
with NetWare 6.
7 At the Summary screen, click NetWare 6 > iFolder > Configure > Primary
LDAP Settings.
8 Enter the following LDAP information for your primary LDAP server:
LDAP Host
Enter the IP address of your LDAP server in the LDAP Host field.
IMPORTANT: If you change your IP address here and your LDAP server is
configured with SSL encryption, there will be some post-installation
configuration required after the NetWare 6 installation. For more information,
see “LDAP over SSL” on page 24.
LDAP Port
Enter the LDAP port you want to use.
Allow Clear Text Passwords. For more information, see “Port 389
and Clear Text Passwords” on page 24.
HINT: Choose port 389 if you want to use LDAP without SSL encryption or if
your LDAP server does not support SSL. Port 389 is also a good choice if
iFolder and LDAP are running on the same server (no communication or data
is being transferred across the wire, so no encryption is necessary).
encryption and security when data is transferred across the wire. If you
choose port 636, there will be some post-configuration required after the
NetWare 6 installation. For more information, see “LDAP over SSL” on page
24.
LDAP Login DN Context

This is the context of the container where your User objects are
located. iFolder allows you to enter multiple contexts. After each
context, insert a semicolon. Do not put any spaces between the
contexts.
Subcontainer Search
If you want iFolder to search all subcontainers below the specified
LDAP login DN context, check this option.
IMPORTANT: If you selected to do subcontainer searches, there will be
some post-installation configuration required after the NetWare 6 installation.
For more information, see “Subcontainer Searches” on page 22.

103-000132-001
November 21, 2001
Novell Confidential
9 (Conditional) If you have a secondary LDAP server, click Secondary

LDAP Settings.
10 Enter the settings for the secondary LDAP server.
HINT: You will fill in the same information for the secondary LDAP server as you
did for your primary LDAP server. To review the primary LDAP server instructions,
see Step 8 on page 21.
11 Finish the NetWare 6 installation and then reboot your server.

12 (Conditional) If you have a DNS name configured for your iFolder server,
verify that the DNS name and its corresponding IP address are in the
SYS:ETC\HOSTS file of your iFolder server.
If you chose to do subcontainer searches, port 389, or if you want LDAP over
SSL, continue with the next section, Post-Installation Tasks.
IMPORTANT: These post-installation tasks are not optional. If you disreguard
them, iFolder will not function properly.
If your iFolder selections do not require post-installation tasks, see Chapter 6,

“Using Novell iFolder,” on page 37 to learn more about Novell iFolder.
Post-Installation Tasks
Complete the appropriate post-installation tasks.
Subcontainer Searches
To allow iFolder to do a subcontainer search, you must do one of the
following:
Assign the CN property to the Public object
Create an LDAP proxy user

103-000132-001
November 21, 2001
Novell Confidential
Assign the CN Property to the Public Object

IMPORTANT: Any rights assigned to the Public object are automatically inherited
by all other objects in the Novell® eDirectoryTM tree. You might not want to assign
the CN property to the Public object if these rights will cause a security risk. If your
iFolder server is outside the firewall and you do not want the CN property assigned
to all objects in your eDirectory tree, you can also use an LDAP Proxy Username
to search the subcontainers of your tree.
1 Launch ConsoleOneTM.
2 Right-click your Tree object and then click Properties.
3 Click NDS Rights > Public object > Assigned Rights > Add Property.
4 Check the Show All Properties check box located at the bottom of the
screen, select the CN property from the list, and then click OK.
5 Check the Inheritable check box and then click OK > Apply > Close.
Novell iFolder is now installed and running on your NetWare 6 server. To

learn more about Novell iFolder, go to Chapter 6, “Using Novell iFolder,” on
page 37.
Create an LDAP Proxy User

1 Launch ConsoleOne.
2 Create a user without a password.
3 Right-click your Tree object and then click Properties > NDS Rights >
Add Trustee.
4 Select the User object you just created and then click OK.
5 When the Rights Assigned to Selected Object dialog box appears, click
Add Property.
6 Check the Show All Properties check box, select the CN property from
the list, and then click OK.
7 Click OK > Apply > Close.
8 Right-click the LDAP Group object in your NDS tree and then click
Properties > General.
9 Click the Browse button next to the Proxy Username field, select the user
that you just gave trustee rights to, and then click OK.
The user now appears in the Proxy Username field.
10 Click Apply > Close.

103-000132-001
November 21, 2001
Novell Confidential
Novell iFolder is now installed and running on your NetWare 6 server. To

learn more about Novell iFolder, go to Chapter 6, “Using Novell iFolder,” on
page 37.
LDAP over SSL

If your LDAP server is not the same server as your iFolder server, and you
want LDAP over SSL, you need to export your LDAP server’s trusted root
certificate and then copy it to your iFolder server.
This certificate (ROOTCERT.DER) should be located in your LDAP server’s
SYS:PUBLIC directory. Copy the trusted root certificate to the
SYS:Apache\iFolder\Server directory on your iFolder server.
For instructions on exporting a trusted root certificate, see the Novell
Certificate Server Administration Guide (http://www.novell.com/
documentation/lg/crt221ad/index.html) > Managing Novell Certificate Server
> Exporting a Trusted Root or Public Key Certificate.
Port 389 and Clear Text Passwords

1 Launch ConsoleOne and locate the context where your server resides.
2 Right-click the LDAP Group object and then click Properties > Allow
Clear Text Passwords.

103-000132-001
November 21, 2001
Novell Confidential
4 Installing Novell iFolder on Windows

NT 4.0 or Windows 2000
Server Requirements
A Windows NT 4.0 server with Service Pack 6A or later installed or a
Windows 2000 server with Service Pack 1 installed.
Microsoft Service Packs are available at the Microsoft Web site (http://
updates.zdnet.com/products/pr_13616.htm).
IIS 4 or later installed.
An LDAP v3 enabled directory, such as NDS® eDirectoryTM 8.5. (Other
LDAP v3 compliant directories will also work.)
256 MB of RAM.
If you want to have LDAP over SSL encryption when the iFolder server
communicates with the LDAP server:
For NetWare, go to the SYS:PUBLIC directory of your LDAP server
and copy the LDAP Root Certificate, ROOTCERT.DER, to your
iFolder server.
For other operating systems, export the LDAP server’s root
certificate and then copy it to your iFolder server.
Get an SSL certificate and install it onto your iFolder server.
Installing Novell iFolder on Windows NT 4.0 or Windows 2000 25

103-000132-001
November 21, 2001
Novell Confidential
You can do this in either of two ways: 1) If you have your own certificate
server, such as Novell Certificate Server, then you can get a certificate
from your server, or 2) You can go to a certificate vendor, such as Entrust*
or VeriSign*, and purchase a certificate from them.
For more information on installing and creating SSL certificates for IIS 4,
go to the Microsoft Product Support Services Web site (http://
support.microsoft.com/support/kb/articles/Q228/9/91.ASP).
For information on SSL certificates for IIS 5, go to the Microsoft Product
Support Services Web site (http://support.microsoft.com/support/kb/
articles/Q228/8/36.ASP).

IMPORTANT: If you are installing on a Windows 95 workstation, you must have
the Winsock 2 update from Microsoft installed. This update can be downloaded
from the Microsoft Web site (http://www.microsoft.com/Windows95/downloads/
contents/WUAdminTools/S_WUNetworkingTools/W95Sockets2/Default.asp).
Installing Novell iFolder on Windows NT 4.0 or Windows

2000
1 Stop the Internet Information Server (IIS).
For Windows NT 4, go to Control Panel > Services > IIS Admin
Services > Stop.
For Windows 2000, go to Control Panel > Administrative Tools >
Services > IIS Admin Service > Stop.

103-000132-001
November 21, 2001
Novell Confidential
2 Locate the iFolder software that you downloaded and double-click the
iFolder IIS server executable (IISiFolderServer.EXE).
3 Read the Welcome screen and click Next.
4 Click Yes to accept the licensing agreement.
5 Enter your username and the name of your company, and then click Next.
6 Browse to the location where you want iFolder to install the setup files
7 Enter the IP address of your LDAP server in the LDAP host field.
8 Enter the LDAP port you want to use.
Allow Clear Text Passwords. To verify this, launch ConsoleOneTM and
locate the context where your server resides, right-click the LDAP Group
object, click Properties, and check Allow Clear Text Passwords.
HINT: Choose port 389 if you want to use LDAP without SSL encryption. Port 389
is also a good choice if LDAP and iFolder are running on the same server or if your
LDAP server does not support Secure Socket Layer (SSL).
encryption and security when data is transferred across the wire. If you choose port
636, you must create and install an SSL certificate for your iFolder server prior to
the iFolder installation. For more information, see “Server Requirements” on page
25.
9 If you have chosen port 636, enter the path to the LDAP Root Certificate.
This is the path to the place where you copied the SSL certificate prior to
the installation. For more information, see “Server Requirements” on
page 25.
10 Enter the LDAP login DN context.
11 Enter the context of the container where your User objects are located.
iFolder lets you enter multiple contexts. After each name, insert a
semicolon. Do not put any spaces between the names.
12 (Optional) If you want iFolder to search all subcontainers below the
LDAP login DN context, make sure you check the Subcontainer Search
check box.
13 (Conditional) If you are doing a subcontainer search, you must assign the
CN property to the Public object or create an LDAP proxy user.

103-000132-001
November 21, 2001
Novell Confidential
If you are assigning the CN property to the Public object, continue

with the next step.
Any rights assigned to the Public object are automatically inherited
by all other objects in the NDS tree. You might not want to assign the
CN property to the Public object if these rights will cause a security
risk. If your iFolder server is outside the firewall and you do not want
the CN property assigned to all objects in your NDS tree, you can
also use an LDAP Proxy Username to search the subcontainers of
your tree.
If you are creating an LDAP proxy user, continue with step Step 15.
14 (Conditional) To assign the CN property to the Public object, follow these
instructions:
14b Right-click your NDS Tree object and then click Properties.
14c Click NDS Rights > Public object > Assigned Rights > Add Property.
14d Check the Show All Properties check box, select the CN property
from the list, and then click OK.
14e Check the Inheritable check box.
14f Click Apply > OK.
Continue with Step 16.
15 (Conditional) To create an LDAP proxy user, follow these instructions:
15b Create a user without a password.
15c Right-click your NDS tree object and click Properties > NDS Rights
> Add Trustee.
15d Browse to your NetWare server, select the LDAP Group object, and
click Apply > OK.
HINT: When you add this user as a trustee of the tree, just accept the default
Compare and Read rights.
15e Right-click the LDAP Group object and then click Properties >
General.
15f Click the Browse button next to the Proxy Username field and
browse to the user that you just gave trustee rights to.

103-000132-001
November 21, 2001
Novell Confidential
15g Double-click the user so that the name appears in the Proxy
Username field.
15h Click Apply > OK.
16 Click Next in the iFolder setup.
17 (Conditional) If you are using a secondary LDAP server, enter the LDAP
information for that server.
18 Enter the path to the directory where you want the iFolder user data to be
19 Enter the names of all the administrators who need rights to modify
iFolder user account information via the Server Management Console
If you are entering more than one name, separate the usernames with a
semicolon, not spaces. For example, if you wanted John Smith and user
Admin to have rights to administer the Server Management Console, you
would enter admin;jsmith.
20 If prompted, enter the IP address or the DNS name of your server.
21 Click Finish to complete the installation.
22 Restart the IIS server.
After Novell iFolder is installed, you have a few things left to configure
through the Internet Services Manager in order for the iFolder Web site and
the Java applet to work correctly.
If your iFolder server is running Windows NT 4.0, follow the instructions in
“Configuring the iFolder Web Site on Windows NT 4.0” on page 30.
If your iFolder server is running Windows 2000, follow the instructions in
“Configuring the iFolder Web Site on Windows 2000” on page 30.

103-000132-001
November 21, 2001
Novell Confidential
Configuring the iFolder Web Site on Windows NT 4.0

1 Launch the Internet Services Manager by clicking Start > Windows NT
4.0 Option Pack > Microsoft Internet Information Server > Internet
Service Manager.
2 Right-click the Default Web Site icon and then click Properties > Home
Directory.
3 Set the local path.
For example, if you installed iFolder on your C: drive, then you would
enter
C:\inetpub\wwwroot\iFolder\DocumentRoot
HINT: Enter this path in exactly as you see it, except for the drive letter. What drive
letter you enter depends on where you installed iFolder.
4 From the Permissions drop-down box, select Script.

5 Click Documents.
6 Check the Enable Default Documents check box and then click Add.
7 Enter index.html into the text field and click OK.
Novell iFolder in now installed on your Windows NT 4.0 server. For more
information about Novell iFolder, go to Chapter 6, “Using Novell iFolder,” on
page 37.
Configuring the iFolder Web Site on Windows 2000

1 Launch the Internet Services Manager by clicking Start > Settings >
Control Panel > Administrative Tools > Internet Services Manager.
2 Right-click the Default Web Site icon and click Properties > Home
Directory.
3 Set the local path.
For example, if you installed iFolder on your C: drive, then you would
enter
C:\inetpub\wwwroot\iFolder\DocumentRoot
HINT: Enter this path in exactly as you see it, except for the drive letter. What drive
letter you enter depends on where you installed iFolder.
4 Check the Script Source Access check box.

5 From the Execute Permissions drop-down box, select Scripts Only.

103-000132-001
November 21, 2001
Novell Confidential
6 Click the Documents tab.

7 Check the Enable Default Documents check box.
8 Click the Add button.
9 Enter index.html into the text field and click OK.
Novell iFolder in now installed on your Windows 2000 server. For more
information about Novell iFolder, go to Chapter 6, “Using Novell iFolder,” on
page 37.

103-000132-001
November 21, 2001
Novell Confidential

103-000132-001
November 21, 2001
Novell Confidential
5 Installing Novell iFolder on Novell

Cluster Services
Before you set up Novell® iFolderTM on Novell Cluster ServicesTM, you should
already have a basic understanding of how Novell Cluster Services works. A
short overview is provided in the Novell Cluster Services Overview and
Installation Guide (http://www.novell.com/documentation/lg/ncs/
index.html).
NOTE: Novell Clustering Services runs only on NetWare.
To configure Novell iFolder on Novell Cluster Services, complete the

following steps:
1 Meet the iFolder NetWare server, client, and browser requirements.
For NetWare 5.1, follow the instructions beginning with “Server
Requirements” on page 13.
For NetWare 6, follow the instructions beginning with “Server
Requirements” on page 19.
2 Install iFolder on all NetWare servers in the cluster that you want to run
iFolder.
For NetWare 5.1, follow all steps of the procedure in Chapter 2,
“Installing Novell iFolder on NetWare 5.1,” on page 13.
For NetWare 6, follow all steps of the procedure in Chapter 3,
“Installing Novell iFolder on NetWare 6,” on page 19.
Once iFolder is installed on your clustered servers, continue with the next
section, Post-Installation Tasks.
Installing Novell iFolder on Novell Cluster Services 33

103-000132-001
November 21, 2001
Novell Confidential
Post-Installation Tasks
For NetWare 5.1 servers, create an NSS volume on your shared
storage disk system, commonly referred to as a storage area network
or SAN.
This is the volume that will contain all your iFolder user data and
accounts. The size of this volume will vary according to how many
iFolder users you plan to have and the amount of data they will be
storing.
For more information, see NetWare Cluster Services (http://
www.novell.com/documentation/lg/ncs/index.html) > Installation
and Setup > Settting Up NetWare Cluster Services > Create Cluster
Volumes.
For NetWare 6 servers, create an NSS volume on a pool. If a pool
already exists, make sure there is enough space on the pool for the
NSS volume that you plan to make.
For more information on creating pools and NSS volumes, see
Novell Cluster Services (http://www.novell.com/documentation/lg/
ncs6p/index.html).
For NetWare 5.1 servers, cluster-enable the NSS volume that you just
created.
This involves assigning an IP address to the cluster-enabled volume.
Remember this IP address; you’ll need it later.
For more information, see NetWare Cluster Services (http://
www.novell.com/documentation/lg/ncs/index.html) > Installation
and Setup > Settting Up NetWare Cluster Services > Create Cluster-
Enabled Volumes.
For NetWare 6 servers, cluster-enable the pool you created in Step 1.
(cluster-enabling the pool automatically custer-enables the NSS
volume that you created on the pool).
This involves assigning an IP address to the cluster-enabled pool.
Remember this IP address; you’ll need it later.

103-000132-001
November 21, 2001
Novell Confidential
For more information, see Novell Cluster Services (http://

www.novell.com/documentation/lg/ncs6p/index.html) > Installation
and Setup > Setting Up Cluster Services.
3 Create a folder on the cluster-enabled volume.
4 Choose one iFolder server in the cluster and go to the
SYS:Apache\iFolder\Server directory and edit the
HTTPD_NW_ADDITIONS.CONF file.
The following parameters for the LDAP Host, iFolderServerRoot, and the
Virtual Host must be modified in two places in the
HTTPD_NW_ADDITIONS.CONF file. One listing is for the unsecured
port (usually 80) and the other listing is for the secured port (usually 443).
Both parameters must be modified.
Make the following adjustments:
Set the LDAP Host to the IP address or DNS name that you assigned
to the cluster-enabled volume.
Set the iFolderServerRoot to the folder that you created on the
cluster-enabled volume.
For example, if your cluster-enabled volume was called
SHAREDVOL and you had created a folder on that volume called
NIFDIR, you would set the iFolderServerRoot to
SHAREDVOL:\NIFDIR.
Set the Virtual Host to the IP address or DNS name that you assigned
5 Save your edits and then copy the edited
HTTPD_NW_ADDITIONS.CONF file to every iFolder server in the
cluster.
6 Choose one iFolder server in the cluster and go to the
SYS:Apache\iFolder\Server directory and edit the HTTPD.CONF file.
7 Modify the following parameters:
Locate the Listen parameter. Set this parameter to the IP address of
the cluster-enabled volume by either adding a new Listen parameter
or by modifying an existing one.
Installing Novell iFolder on Novell Cluster Services 35

103-000132-001
November 21, 2001
Novell Confidential
Locate the ServerName parameter. By default, this parameter

displays the IP address of the server. Replace this IP address with the
IP address or DNS name of the cluster-enabled volume.
Locate the SecureListen ipaddress "SSL CertificateIP" parameter.
Change the IP address that is listed to the IP address or DNS name of
the cluster-enabled volume.
8 Save your changes to the HTTPD.CONF file and then copy it to every
iFolder server in the cluster.
9 Next, edit the AUTOEXEC.NCF file on every iFolder server in the
cluster and comment out the line that reads startifolder.
The startifolder command allows iFolder to start by default when you
reboot your server. However, when you use iFolder in a clustered
environment, iFolder is started by NetWare Cluster Services.
10 From the workstation, Launch ConsoleOneTM.
11 Browse to your cluster container object.
12 Right-click the cluster volume resource and then click Properties > IP
Address.
13 Verify that the IP address that appears is the one that you have assigned
14 In the Properties dialog box, click Scripts > Cluster Resource Load Script.
15 Add the following commands to the end of the existing load script:
startifolder
16 Apply.
17 Click Scripts > Cluster Resource Unload Script
18 Add the following commands to the beginning of the existing unload
script:
stopifolder
delay 2
19 Click Apply > Close.
Novell iFolder is now installed. For more information on using Novell iFolder,
see Chapter 6, “Using Novell iFolder,” on page 37.

103-000132-001
November 21, 2001
Novell Confidential
6 Using Novell iFolder
This chapter covers the following three topics:

“Managing Novell iFolder Accounts” on page 37
“Using the Server Management Console” on page 38
“Optimizing Your iFolder Server” on page 40
Managing Novell iFolder Accounts

Once Novell® iFolderTM is installed and running on your server, your users can
download and install the iFolder client. The first time the iFolder client is
installed, a user account is automatically created on your iFolder server. For
more information on how the iFolder server and client software work together,
see “What Is Novell iFolder?” on page 10.
After iFolder has been installed on your server, you have access to the
following two Web sites:
The default iFolder Web site
This site contains the iFolder Client Quick Start Guide and other
important information about Novell iFolder. It is also where users will
download the iFolder client and access their iFolder files via a browser.
You can modify this page to fit your company’s internal needs.
To access the default iFolder Web site, enter the IP address or the DNS
name of your server into a browser.
The Server Management Console
The Server Management Console lets you manage your users’ iFolder
accounts. From this site, you perform administrative tasks and manage
the activity between the server and the iFolder clients. Access the Server
Using Novell iFolder 37

103-000132-001
November 21, 2001
Novell Confidential
Management Console by opening a browser and entering https://

ifolderserverip/iFolderServer/Admin.
IMPORTANT: The Server Management Console URL is case sensitive.
For more information, see the next section, Using the Server Management
Console.
Using the Conflict Bin

The iFolder client has a feature called the Conflict Bin. A user will rarely need
to access this option, however, it is useful for you to undestand how this
feature works. The following scenario illustrates how the conlict bin works.
Suppose that John is one of your iFolder users. John has installed the iFolder
client installed two computers: computer A and computer B. At some point in
the day, John disconnects both of these computers from the network and
ontinues to work. While he is working, he makes a change to one of his iFolder
files on computer A. He then reconnects computer A to the network in order
to synch the changes up to the iFolder server.
As John continues to work, he decides to make another change to that same
file, but this time, he uses computer B. Then, John reconnects computer B to
the network to synchronize the new change.
When computer B reconnects to the network and synchs up the change to the
iFolder server, the change that John made on computer A would be over
written with the change that John made to that same file from computer B. In
this case, the change that he made to his iFolder files from computer A would
be lost. To prevent data lose, iFolder saves the overwritten file to the Conflict
Bin. John can access the Conflict Bin by double-clicking the iFolder icon
located in the system tray.
Using the Server Management Console

In order to access the iFolder user account information, you must log in to the
Server Management Console with your administrative username and
password.
The Server Management Console lets you manage your users’ iFolder
accounts. From this site, you perform administrative tasks and manage the
activity between the server and the iFolder clients. Access the Server
Management Console by opening a browser and entering https://
ifolderserverip/iFolderServer/Admin.
IMPORTANT: The Server Management Console URL is case sensitive.

103-000132-001
November 21, 2001
Novell Confidential
Once you are logged in, you can view and modify iFolder accounts as well as
set specific policies for your iFolder clients and server.
You can perform the following tasks in the Server Management Console:
View general server information
View and Modify LDAP settings
View user account information
As an administrator, you can remove a user account, change a user’s disk
storage quota on the iFolder server, and set specific policies for individual
users.
View iFolder client connections
Configure user policies
You can determine what policies will be applied to the iFolder clients. For
example, you can enforce policies so that your iFolder users do not have
the option to change them.
You can also hide certain iFolder client options. For example, if you
enforce and hide the option to request encryption of the iFolder data, the
data will be encrypted and the user will be unaware of the transaction.
Things that are hidden do not appear in the iFolder client dialog boxes.
Configure server policies
You can regulate server behavior, such as how much disk space will be
allotted to each iFolder client or how much time will pass before a session
times out.
For instructions about specific administrative tasks in the Server Management
Console, see the following:
“Removing an iFolder Account” on page 39
“Restoring a User’s Folder” on page 40
“Changing LDAP Settings” on page 40
Removing an iFolder Account

1 Click User Accounts.
2 Select the user ID that you want to remove, scroll to the bottom on the list,
and then click Remove User.
3 Click Yes to confirm the removal of the user account.
Using Novell iFolder 39

103-000132-001
November 21, 2001
Novell Confidential
Restoring a User’s Folder

If a user wants to recover data from a deleted or corrupted file, you can restore
his folder to a secondary iFolder server and from there he can access his files.
1 At the Server Management Console, click User Accounts.
2 Roll your mouse over the user’s ID and look at the ID that appears in the
bottom of your browser.
3 Restore this folder from a backup tape to a secondary iFolder server that
the user can attach to and restore the files.
Changing LDAP Settings

You can change your LDAP settings by clicking the LDAP link, located on the
left-hand side of the Server Management Console.
Optimizing Your iFolder Server

You can optimize the performance of your iFolder server in the following
ways:
Add more RAM to your server.
Increase the threads. (This only applies to Apache Web Servers running
on NetWare.)
For optimal performance, we recommend one thread per client; however,
in terms of scalability, iFolder has been tested up to 25 clients per thread.
Change the amount of disk space alloted to your iFolder users.
Be careful; allotting large amounts of disk space to users could decrease
the iFolder server’s performance.
Change the default sync delay parameters if you have thousands of users
and you need to improve the iFolder server performance.
Current defaults:
5-second delay after file activity
20-second server polling interval
To improve performance, make the following changes:
30-second delay after file activity
1-minute server polling interval

103-000132-001
November 21, 2001
Novell Confidential
Novell NetDrive Administration Guide
Novell
NetWare 6 ®
www.novell.com
N E T D R I V E A D M I N I S T R AT I O N G U I D E
September 4, 2001
Novell Confidential
Contents
Contents 5
Novell NetDrive Administration Guide 7
1 Installing Novell NetDrive 9

Workstation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Workstation and Protocol Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Application Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Installing NetDrive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2 Using Novell NetDrive 13

Adding a Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Mapping a Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Copying Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3 Using NetDrive in a Thin-Client Environment 17

4 Troubleshooting FTP Problems 19
Contents 5

103-000170-001
September 4, 2001
Novell Confidential
6 Novell NetDrive Administration Guide

103-000170-001
September 4, 2001
Novell Confidential
Novell® NetDrive is an easy-to-use Internet client that lets you access your
NetWare® 6 servers over standard Internet protocols, such as WebDAV and
FTP. NetDrive does not rely on the Novell ClientTM in order to map network
drives.
Novell NetDrive Administration Guide 7

103-000170-001
September 4, 2001
Novell Confidential

103-000170-001
September 4, 2001
Novell Confidential
1 Installing Novell NetDrive
Novell® NetDrive lets you to map a network drive to any NetWare® 6 server
without using Novell ClientTM software. This means that with NetDrive, you
can access and modify your files from any workstation using just an Internet
connection. Once a network drive is mapped, the drive letter that you assigned
during the mapping appears in Windows* Explorer and functions just like
those that are mapped through Novell Client.
You can connect to your NetWare 6 servers through any of the following
protocols:
iFolder—Use this protocol if you are connecting to iFolderTM servers in a
thin-client environment. For more information, see Chapter 3, “Using
NetDrive in a Thin-Client Environment,” on page 17.
FTP—FTP (file transfer protocol) is a common protocol used to transfer files
via the Internet.
WebDAV—WebDAV (Web-based Distributed Authoring and Versioning) is a
set of extensions to the HTTP protocol which lets users collaboratively edit
and manage files located on Web servers. For information about WebDAV, see
the WebDAV Home page (http://www.webdav.org).
IMPORTANT: The protocol that you decide to use must be configured on the
NetWare 6 server that you are connecting to.
Installing Novell NetDrive 9

103-000170-001
September 4, 2001
Novell Confidential
Workstation Requirements
You need only 2 MB of available space on your hard drive to install and run
the NetDrive client.
Workstation and Protocol Compatibility

Review the following table for information on what protocols are supported
with your workstation operating system.
IMPORTANT: If you are installing the NetDrive client on a Windows 95
workstation, download the Winsock 2 update from Microsoft*. This update can be
Default.asp).
Table 1 Workstation and Protocol Compatibility
Protocol Workstation
iFolder Windows NT* and 2000
FTP Windows 95, 98, ME, NT, and 2000
WebDAV (HTTP) Windows 95, 98, ME, NT, and 2000
WebDAV + SSL (HTTPS) Windows NT and 2000
Application Compatibility
Make sure you have the following conditions set if you are running the
following applications with NetDrive:
ZoneAlarm—Set the Internet security level to medium to allow NetDrive
to access the Web server.
F-Secure Anti Virus and KasperSky Anti Virus—If you are using
Windows NT or Windows 2000 and NetDrive, disable the anti-virus
software only while using NetDrive. Otherwise, your workstation might
hang.

103-000170-001
September 4, 2001
Novell Confidential
Installing NetDrive
1 Double-click NETDRIVE.EXE located in the NetDrive directory at the
the root of the NetWare 6 Client CD.
2 Follow the installation instructions.
When you click Finish on the last installation screen, Windows Explorer
launches and the following shortcuts appear in an Explorer window: Help
on NetDrive, NetDrive, and Uninstall NetDrive.
3 Double-click the NetDrive shortcut icon.
From the NetDrive Main Window that appears, you can create new sites,
map network drives, and configure and manage the Web sites that you
have mapped drives to.
To learn more about using NetDrive to map drives, see Chapter 2, “Using
Novell NetDrive,” on page 13.
Installing Novell NetDrive 11

103-000170-001
September 4, 2001
Novell Confidential

103-000170-001
September 4, 2001
Novell Confidential
2 Using Novell NetDrive
Once NetDrive is installed, you can perform many basic tasks within the
NetWare® Main Window.
Adding a Site
1 In the NetWare Main Window, click New Site.
2 Enter the name of your site and the URL for the NetWare 6 server in the
appropriate fields of the New Site dialog box.
If you omit the FTP or HTTP suffix from the URL, then NetDrive
defaults to FTP. To override the port for HTTP servers, append the port
number to the end of the URL (for example, http://
www.someserver.com:8888 specifies a port of 8888).
If you want to connect with WebDAV and SSL encryption, add HTTPS
to the beginning of the URL. (This option is only available for Windows
NT/2000 workstations.)
3 Click Finish.
At this point, you have only created a site. To actually map a drive and connect
to a NetWare 6 server, continue with the next section “Mapping a Drive” on
page 14.
Using Novell NetDrive 13

103-000170-001
September 4, 2001
Novell Confidential
Mapping a Drive
Once you have created a site and clicked Finish, the name of your site and the
URL of your NetWare 6 server are automatically generated in the NetDrive
Main Window; however, you still need to complete the following steps before
you can connect to a NetWare 6 server.
1 From the Server Type drop-down list, select the protocol that your
NetWare 6 server is using, and then select the drive letter that you want to
use for the mapped drive.
Check the Anonymous/Public Logon check box (usually used for
NetWare 6 servers running FTP).
Uncheck the Anonymous/Public Logon check box and then enter
your username and password.
3 (Conditional) If you are connecting with the iFolderTM protocol, enter a
pass phrase.
This is used to encrypt your files as they are transferred over the Internet.
4 (Optional) Click the appropriate check boxes to enable any of the
following:
Save your password
Connect to your mapped drives upon login
Add mapped drive to the Tray Connect menu
5 (Optional) To configure downloading, caching, and file locking
properties for your NetDrive site, click the Advanced button.
6 Click Connect.
As soon as NetDrive maps the drive, Windows Explorer launches with the
drive letter that you mapped appearing in the left pane.
HINT: If you have problems getting a directory listing or connecting to a NetWare
6 server running FTP, enter the IP address of the server instead of the URL. If the
problem persists, enable passive mode by clicking the Advanced button in the
NetDrive Main Window > Advanced > PASV - Passive Mode > OK. Then try
connecting to the Web server again.
Once NetDrive has successfully connected to the NetWare 6 server, the

Monitor dialog box appears. It provides you with connection status, file
transfer statistics, and a connection log.

103-000170-001
September 4, 2001
Novell Confidential
Copying Files
To copy files, copy or cut and paste files as you normally would in Windows
Explorer. To disconnect from the server, right-click the Drive icon in Explorer
and click Disconnect.
WARNING: Since a connection can be interrupted in the middle of a file transfer,
you should always keep a backup copy of files that are transferred or modified on
your server.
Using Novell NetDrive 15

103-000170-001
September 4, 2001
Novell Confidential

103-000170-001
September 4, 2001
Novell Confidential
3 Using NetDrive in a Thin-Client

Environment
NetDrive lets you access your iFolderTM files in a thin-client environment. If

you are accessing your virtual desktop through one of the following
applications running on your thin-client server, you can use NetDrive to
access your iFolder server and files:
Terminal Services Client
Citrix* MetaFrame
Novell® OnDemand ServicesTM
To access your iFolder files, do the following:
1 Install NetDrive on your thin-client server. NETDRIVE.EXE is located at
the root of the NetWare 6 Client CD.
For instructions, see “Installing NetDrive” on page 11. Although
NetDrive is normally installed on a workstation, in this scenario, you will
install it on your server. The installation process is the same for
workstations and servers.
NOTE: You will need 3 MB of available space on your server to install NetDrive.
2 Log in to your workstation and double-click the NetDrive icon.

3 From the workstation, map a drive to your iFolder server.
For instructions, see “Mapping a Drive” on page 14.
Using NetDrive in a Thin-Client Environment 17

103-000170-001
September 4, 2001
Novell Confidential

103-000170-001
September 4, 2001
Novell Confidential
4 Troubleshooting FTP Problems
The following are troubleshooting tips that should help when you encounter
FTP errors.
If you can’t create files using Microsoft Word, your NetWare® 6 FTP
server that is running FTP might not support filenames that have the tilde
(~). To configure NetDrive to remove or replace tildes when connecting
to your FTP Web server, click your FTP site in the NetDrive Main
Window and then click Advanced > File Names.
If you can’t create a directory in Windows Explorer, your NetWare 6 FTP
server might not support spaces in filenames.
If you can’t connect to your NetWare 6 FTP server, check to make sure
that
Your username and password is correct (remember that they are case
sensitive).
Your Internet connection is still active.
Your URL is entered correctly. For anonymous logins, specify an e-
mail address because many FTP servers require the e-mail address as
the password.
To specify an e-mail address, in the NetDrive Main Window click
File > Program Settings > General.
If the directory listing is empty for your FTP site, try flushing the
directory cache. To do this, in the NetDrive Main Window click File
> Program Settings > Cache > Flush Directory Listing upon Each
Connection.
If the problem persists, change the server type from Auto Detect to
the actual server type. To do this, click your FTP site in the NetDrive
Main Window and then click > Advanced > Advanced > Host Type.
Troubleshooting FTP Problems 19

103-000170-001
September 4, 2001
Novell Confidential
If you can’t copy a file from an FTP mapped drive, check the Drive
Monitor Log window for FTP/HTTP status responses.
If you can’t find a file on your NetWare 6 FTP server, flush your directory
cache. To do this, in the NetDrive Main Window click File > Program
Settings > Cache > Flush Directory Listing upon Each Connection.
If you can’t rename your files, it might be because your NetWare 6 FTP
server doesn’t support this functionality.
If you are unable to map a network drive, remove the lastdrive=g
statement in your NetWare 6 FTP server’s CONFIG.SYS file and then
restart your server.
If you get a TCP/IP connection error and you are using the ZoneAlarm
firewall, make sure the security level is set to medium or disable
ZoneAlarm.

103-000170-001
September 4, 2001
Novell Confidential
Novell
NetStorage
Q U I C K S TA R T
NetStorage Overview and Installation
Novell® NetStorage is a feature of NetWare® 6 that provides simple Internet-based access to file
storage. NetStorage is a Net services software solution that is a bridge between a company’s
protected Novell network and the Internet. It gives users secure file access from any Internet
location, with nothing to download or install on the user’s workstation. Files and folders on a
Novell network can be accessed using either a browser or Microsoft* Web Folders.
Novell NetStorage includes the following features:
Lets users securely copy, move, rename, delete, read, and write files between any Internet-
enabled machine and a Novell network.
Eliminates the need to e-mail or copy data from one machine to another.
Supports Internet standards such as HTTP, HTTPS, HTML, XML, and WebDAV.
Provides a gadget for NetWare WebAccess so users can get access to network files and
folders by clicking on a gadget on the NetWare WebAccess page.
INSTALLING NETSTORAGE
NetStorage can be installed as an optional component during the NetWare 6 installation or it can
be installed after the NetWare 6 installation. It is not generally necessary to install NetStorage
on every NetWare 6 server on your network. For most networks, you need NetStorage installed
on only one server; this might vary depending on the size of your organization and your
organization’s needs.
During the NetStorage installation, you are prompted for configuration information that is
necessary for NetStorage to function properly. If you decide to change the NetStorage
configuration, you must reinstall NetStorage and specify the configuration changes during the
installation.
103-000182-001
August 29, 2001

Novell Confidential
System Requirements
If you have met the requirements for NetWare 6 and have NetWare 6 installed, you have met
almost all of the system requirements for NetStorage.
The following list specifies the system requirements for installing and running Novell NetStorage:
At least one NetWare 6 server in the eDirectoryTM tree where NetStorage will be installed
A Netscape* Navigator* 4.7 or later or Internet Explorer 5.0 or later browser or Microsoft
Web Folders
Installing Novell NetStorage during the NetWare 6 Installation

1 Start the NetWare 6 installation and continue through the install until you get to the screen
requiring you to choose either the Express or the Custom installation.
2 Select the Custom installation option.
You must select the Custom installation option to install NetStorage during the NetWare 6
installation. You cannot install NetStorage during an Express installation.
You are given the option of installing a new server or ugrading an existing server. NetStorage
can be installed using either of these options.
Continue through the installation until you get to the screen that lists the components that
can be installed with NetWare 6.
3 Check the box for the NetStorage Component along with the other components you want
installed with NetWare 6, and then click Next.
Continue to the NetStorage Install screen.
4 Specify the IP address or DNS name of a server in your eDirectory tree that has the master
replica or a read/write replica of eDirectory.
The primary eDirectory server URL is required for NetStorage to function properly. This does
not necessarily have to be the IP address or DNS name of the server where NetStorage is to
be installed.
When a user attempts to log in, NetStorage searches the eDirectory database on the server
you specify for the User object. If the User object is found, NetStorage attempts to
authenticate the user to eDirectory.
If you know the eDirectory context for the users that will use NetStorage, you can add that
context to the URL by inserting a colon (:) between the IP address or DNS name and the
eDirectory context. The context is optional. If no context is specified, NetStorage searches
the entire eDirectory tree on the primary eDirectory server for User objects.
For example, if the IP address of the server is 127.0.0.1 and the eDirectory context for your
users is personnel, then you would add 127.0.0.1:personnel to the field.
103-000182-001
August 29, 2001
5 (Optional) Specify IP addresses or DNS names of servers in other eDirectory trees that have
at least read/write eDirectory replicas, or specify the same IP address or DNS name you used
for the primary eDirectory server but with a different context.
You can add two alternate eDirectory server IP addresses or DNS names and context settings.
These alternate settings are used to allow NetStorage to find User objects that exist in
contexts other than what you specified for the primary eDirectory server. The alternate
settings also allow NetStorage to find User objects with the same name in different
eDirectory trees. The alternate URL and context settings are optional, but can help provide
users with an additional level of access to NetStorage.
6 (Optional) Specify the IP address or DNS name and the port number that you assigned to
Novell iFolderTM.
If you are installing NetStorage during the NetWare 6 installation, you can click the Back
button to go back and view the screen where the IP address and port number assignments
were made. This does not necessarily have to be the IP address or DNS name of the server
where NetStorage is to be installed.
The iFolder DNS name or IP address and the port number are optional but, if specified, will
allow NetStorage users to access and manipulate files and directories on the iFolder server.
Installing Novell NetStorage after the NetWare 6 Installation

If you did not install NetStorage during the NetWare 6 installation, you can install it later by
completing the following steps:
1 Insert the NetWare 6 Operating System CD into your NetWare 6 server.
You might need to load CDROM.NLM on the server to access the NetWare 6 Operating System
CD.
2 From the Novell menu on the NetWare 6 console GUI, select Install.
3 Click Add and then browse to the root of the NetWare 6 Operating System CD.
4 Select the PRODUCT.NI file and click OK.
5 Check the NetStorage component check box and deselect all other components or products
unless you specifically want to install them.
6 Continue with Step 4 on page 2 to complete the NetStorage installation.
IMPORTANT: If you install NetStorage after the NetWare 6 installation, you must restart your
NetWare 6 server after completing the NetStorage installation.
103-000182-001
August 29, 2001
STARTING AND USING NOVELL NETSTORAGE

Once you install NetStorage, it will start automatically when you start your NetWare 6 server. If
NetStorage is not accessible, restart the NetWare 6 server where NetStorage is installed. Also,
the date and time on the server running NetStorage should be reasonably close (within a few
hours) of the date and time on the machine being used to access NetStorage.
To access NetStorage, do the following:
1 Start your browser or Microsoft Web Folders and enter the URL for NetStorage.
The URL is http://server_ip_address/oneNet/NetStorage/. Replace server_ip_address with

the IP address or DNS name of the NetWare 6 server where you installed NetStorage or the
IP address you chose for the Apache-based services during the NetWare 6 installation.
If you specified a port number other than port 80 for Apache-based services during the
NetWare 6 installation, you must also specify that port number with the URL.
For example, if the IP address for NetStorage is 127.1.1.1 and the port number is 51080, then
you would specify 127.1.1.1:51080/oneNet/NetStorage/.
2 Enter your username and password.
NetStorage uses your eDirectory username and password, so you don’t need to remember or
use a separate username or password.
The NetStorage Web page displays the network files and folders currently accessible for each
user. NetStorage reads the user’s NetWare login script to determine drive mappings, reads
eDirectory User object properties to determine the path to the user’s home directory, and then
displays a list of files and folders based on mapped drives and home directories.
If you specified alternate IP addresses or DNS names of servers in other eDirectory trees during
the NetStorage installation, NetStorage reads the User object properties in the other eDirectory
trees and displays those home directories also. This is useful if a user normally logs in to more
than one eDirectory tree and you want that user to have access to additional home directories in
different eDirectory trees using NetStorage. The User object name must be the same for each
eDirectory tree.
NetStorage reads the user’s login script only from the primary eDirectory server specified during
the installation and displays the user’s drive mappings only based on that login script.
You can use many of the same conventions for expanding and contracting folders and opening
files that are available in Windows Explorer. To create new folders or copy, delete, rename,
move, or download existing files or folders using a browser, click the Down arrow next to the file
or folder.
103-000182-001
August 29, 2001
Clicking the Folder View button in the browser window displays folders in another column and
lets you expand and contract folders. The Text View only displays the files and folders in the
current directory and does not let you expand or contract folders.
Local files and folders are not accessible using NetStorage. Also, mapping drives or changing
login scripts is not permitted.
Copyright © 2001 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system,
or transmitted without the express written consent of the publisher. eDirectory and iFolder are trademarks and NetWare and Novell are
registered trademarks of Novell, Inc. in the United States and other countries. All third-party products are the property of their respective
owners. A trademark symbol (®, TM, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark.
103-000182-001
August 29, 2001
Novell Storage Services Administration Guide
Novell
NetWare 6 ®
www.novell.com
N O V E L L S TO R A G E S E RV I C E S
August 30, 2001

Novell Confidential
Contents
Introducing Novell Storage Services 7

1 Overview 9
NSS Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
NSS Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Combine Logical Volumes in a Single Storage Pool . . . . . . . . . . . . . . . . . . . . . . 10
Create Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Exceed the Limit of Volumes in a Storage Pool (Overbooking) . . . . . . . . . . . . . . . . 11
Deactivate/Activate Logical Volumes and Storage Pools . . . . . . . . . . . . . . . . . . . 11
Fast Error Correction and Data Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Immediately Save Data to Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Retain Previously Saved Files (Snapshot) . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Transaction Tracking System (TTS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Review the Modified File List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Use Clustering Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Enable File Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Prevent Access to Deleted Files (Data Shredding). . . . . . . . . . . . . . . . . . . . . . . 13
Set Up User Space Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Set Up Directory Space Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Use CD-ROMs as Read-only Logical Volumes. . . . . . . . . . . . . . . . . . . . . . . . . 13
No Additional Memory Required for Mounting Volumes . . . . . . . . . . . . . . . . . . . . 13
Redirect Data from Unreliable Blocks (Hot Fix) . . . . . . . . . . . . . . . . . . . . . . . . 14
Repair Storage Pools Instead of Individual Volumes . . . . . . . . . . . . . . . . . . . . . . 15
Mirror Partitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Stripe Data Across Storage Devices (RAID) . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Features Not Currently Supported by NSS . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
NSS Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2 Setting Up and Configuring Novell Storage Services 19

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Setting Up Novell Storage Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Updating NSS Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Transaction Tracking System (TTS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Setting the Cache Buffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Using ConsoleOne to Configure Novell Storage Services . . . . . . . . . . . . . . . . . . . 25
Contents 5

103-000141-001
August 30, 2001
Novell Confidential
Setting Up ConsoleOne on a Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Configuring Disk Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Renaming a Storage Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Renaming a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Increasing the Size of a Storage Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Deleting NSS Pools or Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Reviewing and Restoring Deleted Logical Volumes . . . . . . . . . . . . . . . . . . . . . . 35
Changing the Purge Delay Setting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Creating a Traditional Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Increasing the Size of a Traditional Volume . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Renaming a Traditional Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Deleting a Traditional Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Dismounting a Traditional Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Repairing a Traditional Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Setting Up File Snapshot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Converting Traditional Volumes to Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . 43
Volume Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Modifying NDS Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Setting Up User Space Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Setting Up Directory Space Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Mounting a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Deactivating/Activating NSS Pools and Volumes . . . . . . . . . . . . . . . . . . . . . . . . . 46
Salvaging and Purging Deleted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Using NetWare Backup Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Rebuilding NSS Storage Pools and Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
NSS Server Console Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Online Help Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
NSS Configuration Information Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Other NSS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
DOS FAT Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Other Volumes That NSS Creates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
CD-ROMs As Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
DOS Partitions As Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3 Viewing Storage Objects 57

Viewing Storage Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Viewing Your NSS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
View Partitioned Free Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
6 Novell Storage Services Administration Guide

103-000141-001
August 30, 2001
Novell Confidential
Introducing Novell Storage Services
As your network structure grows, you need larger storage capacity, more
efficient file management, and faster volume mounting speed. For example,
you might need large volumes for numerous directories and files, or have
numerous files open simultaneously. Novell® Storage ServicesTM (NSS) is a
64-bit file storage and management system that meets your file system needs.
It is a seamless, scalable, and flexible storage and file system that lets you
continually configure, mount, and maintain large volumes and numerous files
without disrupting the work of end users.
This book is divided into the following sections:
For a description of NSS, see Chapter 1, “Overview,” on page 9.
For setup and configuration information, see Chapter 2, “Setting Up and
Configuring Novell Storage Services,” on page 19.
For information about monitoring the status of your storage objects and NSS
configuration, see Chapter 3, “Viewing Storage Objects,” on page 57.
For troubleshooting information, see Chapter 4, “Troubleshooting,” on page
61.
Introducing Novell Storage Services 7

103-000141-001
August 30, 2001
Novell Confidential

103-000141-001
August 30, 2001
Novell Confidential
1 Overview
Novell® Storage ServicesTM is a storage and file system that provides an

efficient way to use all of the space on your storage devices. NSS is best used
with systems that require the ability to store and maintain large volumes and
numerous files or large databases.
Novell Storage Services is the default storage and file system for NetWare® 6.
You use it to create, store, and maintain both traditional and NSS volumes. The
NSS volumes are called logical volumes. When you install NSS, it creates a
storage pool SYS: and an equal sized volume SYS:.
To mount a volume, the traditional file system scans every file and directory.
Then to provide quick access to the files, NetWare stores all the meta data in
memory. File system scanning slows the mounting speed. Storing the meta
data for all files requires more memory as the number of files increase.
NSS speeds up the mounting process by not scanning the entire file system
when you mount volumes. The memory requirements are lower because NSS
does not load Meta data into the memory until you access the files.
You do not run VREPAIR on NSS volumes when the file system crashes
because NSS keeps a journal of all file system transactions. After the crash,
NSS scans the journal to ensure that all transactions are either completed or
undone. This way volumes do not require any repair when you mount them
again after the crash.
NSS uses free space from multiple storage devices. This lets you create
unlimited volumes and store up to 8 trillion files in a single volume—up to 8
terabytes in size. NSS also lets you mount up to 255 volumes simultaneously.
IMPORTANT: In NetWare 5, NSS runs parallel with the traditional NetWare file
system. In NetWare 6, NSS is the primary storage and management system.
However, you can continue to maintain traditional partitions and volumes along
with NSS. Although this documentation focuses primarily on NSS storage pools
Overview 9

103-000141-001
August 30, 2001
Novell Confidential
and logical volumes, it includes instructions for setting up and maintaining

traditional volumes.
NSS Features and Benefits

This section describes the features and benefits of NSS.
NSS Management
ConsoleOneTM is the primary utility used to configure and maintain both
traditional and NSS logical volumes. See “Using ConsoleOne to Configure
Novell Storage Services” on page 25.
NOTE: NWCONFIG and NSS Menu are not compatible with some of the NetWare
6 NSS features. Use ConsoleOne for all NSS configuration and management
procedures.
Combine Logical Volumes in a Single Storage Pool

NSS uses storage pools. A storage pool is a specified amount of space you
obtain from all your storage devices. Then you place all NSS logical volumes
into the storage pool. This way you do not have to limit the number of volumes
you have in a partition. You can have only one storage pool on a partition, but
you can place unlimited logical volumes in the storage pool. The size of
logical volumes cannot exceed the size of the storage pool.
Create Logical Volumes

The volumes you create from NSS storage pools are called logical volumes.
A logical volume is a volume that is either set to a specific size, or one that can
grow dynamically according to the amount of physical space assigned to the
pool. This lets you add and store any size or any number of files you need
without having to create other partitions. You can add any number of volumes
to a storage pool as long as you have available physical space in the pool.

103-000141-001
August 30, 2001
Novell Confidential
Exceed the Limit of Volumes in a Storage Pool (Overbooking)

Individual logical volumes cannot exceed the size of a storage pool. However,
you can create numerous volumes in a storage pool. Individual logical
volumes must be smaller than the storage pool, but the sum of multiple logical
volumes can exceed the pool size. This feature, called overbooking, can be an
efficient way to manage your file system.
For example, you might have a number of users who are individually assigned
to volumes with a limited amount of space for each volume. You can assign
volumes that collectively exceed the pool size if not all users fill up their
volumes. Essentially, the users can borrow space from other volumes in the
pool as long as there are volumes that are not filled to the limit. This way it is
not always necessary to add more disk space when some users reach or exceed
their volume limit.
Deactivate/Activate Logical Volumes and Storage Pools

You might need to temporarily prevent user access to storage pools or volumes
to do maintenance. Instead of bringing down the server, you can deactivate
individual storage pools to run the REBUILD and VERIFY utilities. When
you deactivate a storage pool, users will not have access to any of the volumes
in that pool. The REBUILD and VERIFY utilities generate log files to the root
of the DOS drive.
Fast Error Correction and Data Recovery

NSS quickly recovers data after a file system crash. Instead of scanning an
entire volume for corruption, NSS quickly replays the latest set of changes to
make sure they were written correctly. The file system either recovers the
changed information, or it returns the data to its original settings before the
transaction began. This is beneficial for applications such as mail services
because there is less server down time.
Immediately Save Data to Disk

The Flush Files Immediately feature saves your file data to disk immediately
after you close the file instead of waiting for the next flush cycle. This ensures
that your data is not at risk of being lost between flush cycles.
Overview 11

103-000141-001
August 30, 2001
Novell Confidential
Retain Previously Saved Files (Snapshot)

The File Snapshot feature allows your backup utility to keep a consistent copy
of all files. This is done by having the file system keep an original copy of all
open files. For example, when your system backs up or crashes at a time when
you are modifying a file, the backup could contain both old and new data.
Snapshot captures the most recent closed copy of the file. This way, if you lose
data between the backup cycles, you still have a solid copy of the previously
saved file.
Transaction Tracking System (TTS)

Transaction Tracking SystemTM protects database applications by backing out
transactions that are incomplete due to a system failure. TTSTM can be
available on either all traditional or all NSS logical volumes. It cannot be
available on all volumes if you use both types of volumes. If your system uses
both traditional and logical volumes, by default it can only work on traditional
volumes. If you want to use it on logical volumes on a system that has both,
you must enter DISABLE TTS on the AUTOEXEC.NCF then enable the
feature on each logical volume you want it on. Unlike traditional volumes,
TTS does not apply to logical volumes by default. To enable it on logical
volumes, enter nss/transaction=volname.
Review the Modified File List

The Modified File List is a list of files that changed since the previous backup.
The backup utility accesses this list instead of searching the entire file system.
Use Clustering Feature

Some storage devices exist in a storage area network (SAN). These devices
can be shared by multiple servers in a cluster. For more information about
clustering, see Novell Cluster Services Overview and Installation.
Enable File Compression

NSS supports file compression. This lets you decide whether to compress the
files in your volumes to create additional space. Once you enable file
compression, you cannot turn it off without recreating the volumes.

103-000141-001
August 30, 2001
Novell Confidential
Prevent Access to Deleted Files (Data Shredding)

The Data Shredding feature overwrites purged disk blocks with random
patterns of hexidecimal characters. This prevents unauthorized users from
using a disk editor to access purged files. You can place up to seven data shred
patterns over deleted data.
Set Up User Space Restrictions

User space restrictions let you limit the space users have on volumes. This is
beneficial for systems that accommodate a large number of users, such as
students. When you create volumes, you can select the user space restriction
option in ConsoleOne.
Set Up Directory Space Restrictions

Directory space restrictions let you limit the space users can have in a
directory or subdirectory.
Use CD-ROMs as Read-only Logical Volumes

NSS has full CD-ROM support for ISO9660 and Macintosh* HFS formats.
No Additional Memory Required for Mounting Volumes

When you mount volumes using the traditional NetWare file system, it scans
every file and directory during the mounting process. Then it loads all the files
into memory for quick access. If you increase the number or size of files, you
need additional memory to maintain the performance level you want.
NSS does not require large amounts of memory to mount volumes because it
does not scan the entire file system during the mounting process. After the
mounting is complete, NSS does not load files into memory until you access
them. Therefore, no additional memory is required when you add files and
mount volumes.
Overview 13

103-000141-001
August 30, 2001
Novell Confidential
Redirect Data from Unreliable Blocks (Hot Fix)

As your file system constantly reads and writes data to disk, some disk storage
blocks lose their ability to reliably store data. NSS uses Hot Fix to prevent data
from being written to unreliable blocks.
Hot FixTM redirects the original block of data (still in memory) to the Hot Fix
Redirection Area of the partition where the data can be stored correctly. To
redirect a block of data, the operating system records the address of the
defective block. Then the server no longer attempts to store data in that block.
If you do not enable Hot Fix when you create a partition, then no Hot Fix
object is created and no data redirection can occur. You need to set up Hot Fix
when you create the partition. To add Hot Fix later, you must delete the
volumes from the partition, add Hot Fix, then restore the volumes from a
backup.
The Hot Fix feature is combined with partition mirroring. When you select
Hot Fix, you also enable mirroring for that partition.
Hot Fix redirection can occur during a write request, a read request, or a read-
after-write verification. The following are conditions of data redirection:
Write redirection occurs when the disk reports an error during a write
request. The system marks the block as bad and redirects the data to a
different block.
Read redirection occurs when a disk error happens during a read request.
If the disk is mirrored, the system retrieves the data from the mirrored
disk and redirects the data on the primary disk. If the disk is not mirrored,
the data is lost, and the block is marked as unusable.
Read-after-write-verify redirection occurs after data is written to disk.
The data on disk is then read and compared to that in memory. If the two
don’t match, the system marks the block as bad and redirects the data to
a different block.
By default, 2 percent of a disk’s space is set aside as the Hot Fix Redirection
Area. You can increase or decrease this amount.
If Hot Fix is enabled, then it is always active unless the disk fails or the
redirection area is full. You can view Hot Fix activity in MONITOR by
selecting Storage Devices and then a Hot Fix partition. For information on
using MONITOR, see MONITOR in the Utilities Reference.

103-000141-001
August 30, 2001
Novell Confidential
You can specify no Hot Fix Redirection Area when you create disk partitions.
Having no Hot Fix Redirection Area saves partition space. This might be
useful on large RAID systems that provide a method of fault tolerance.
IMPORTANT: If Hot Fix is not enabled, then the partition will not have the fault
tolerance provided by NetWare. Data on corrupted sectors of the disk won’t be
redirected to the Hot Fix Redirection Area. In addition, you cannot mirror partitions
that do not use Hot Fix. It is easiest to enable Hot Fix when you create the partition.
To add Hot Fix later, you must delete all the volumes on the partition.
Repair Storage Pools Instead of Individual Volumes

You use VREPAIR to fix traditional volumes. For instructions on using
VREPAIR, see VREPAIRUtilities Reference. For logical volumes, you use
repair utilities called VERIFY and REBUILD on the storage pools that
contain the logical volumes. For instructions on rebuilding logical volumes,
see “Rebuilding NSS Storage Pools and Volumes” on page 48.
VERIFY checks the file system integrity for an NSS pool by searching for
inconsistent data blocks or other errors. This utility indicates if there are
problems with the file system.
REBUILD verifies and uses the existing leaves of an object tree to rebuild all
the other trees in the system. You need to deactivate pools (and all the volumes
in the pools) before you run Rebuild so users cannot access the volumes you
are rebuilding.When you deactivate a storage pool, all the volumes in the pool
automatically deactivate.
These utilities are not the same as VREPAIR. You should use REBUILD only
as a last resort to recover the file system after data corruption. When you use
REBUILD and VERIFY, a log file is generated to the root of the DOS drive.
Mirror Partitions
You can protect your data by mirroring your partitions. Mirroring stores the
same data on separate disks using the same controller channel. Using
ConsoleOne, you can mirror both traditional and NSS partitions.
The following is a list of requirements for mirroring partitions:
Mirrored partitions must have the same partition type as you mirror the
partition to. In other words, you can only mirror NSS partitions to other
NSS partitions—the same applies to traditional partitions.
Overview 15

103-000141-001
August 30, 2001
Novell Confidential
You can only mirror partitions. However, you might want to mirror an
entire storage pool. Because you can have only one storage pool on a
partition, the only way to mirror that storage pool is to mirror all of the
partitions the pool resides on.
To mirror partitions, you need to select an option that makes the partitions
compatible for mirroring when you create them—you cannot change that
mirroring option after you create a partition. You can mirror to an existing
group or create a new mirror group for the partition. You cannot combine
mirror groups (existing groups with multiple mirrored partitions).
Mirrored partitions must have compatible data area size. This means the
new partition must be at least the same size or slightly larger than the
other partitions in the group. For example, the physical size (combined
data and hot fix size) must be at least 100 KB bigger, but no more than
120 MB bigger than the data size of the existing partitions in the mirror
group.
The file system adjusts the Hot Fix size to the legal ranges in order to
make the data area identical to the other partitions in the mirror group.
Mirrored partitions must have the same sharable for clustering status.
The partitions you add to a group cannot be part of an existing group—
they must be individual mirrored objects.
Stripe Data Across Storage Devices (RAID)

NSS lets you create an additional storage device by striping data across
multiple disk drives on your system. This option, called RAID, is a software
configuration that emulates an actual hardware RAID 0 system. This RAID
configuration occurs at the software level instead of using a RAID machine.
You set up a RAID device by obtaining space from all your physical storage
devices then putting segments on the combined space. A RAID segment is the
amount of space you obtain from each storage device. You can have up to
eight segments on a RAID device. The file system places data on the RAID
disks sequentially. This is called disk striping. The RAID stripe size is the
amount of data the file system places on a disk before moving to the next disk.
You can use the software RAID 0 on both logical and traditional volumes.

103-000141-001
August 30, 2001
Novell Confidential
Important Information about NSS RAID

Each element in the RAID configuration should come from a different
device. NSS will let you obtain RAID elements from the same device, but
this will severely impede the performance of your file system.
Currently, the NSS RAID supports RAID 0.
The stripe size ranges between 4 KB and 256 KB in increments of 2 KB.
Features Not Currently Supported by NSS

The following features are available in the traditional NetWare file system but
are not currently supported by NSS:
Block suballocation
Auditing
File name locks
Data migration
NSS Architecture
With NSS, you can use storage pools, logical volumes, traditional volumes,
and remote devices to maintain your file system. You store logical volumes in
storage pools on NSS partitioned space. You store traditional volumes directly
in space partitioned for traditional volumes. The following diagram illustrates
the NSS configuration with the available file system options:
Overview 17

103-000141-001
August 30, 2001
Novell Confidential
Figure 1 Novell Storage Services Configuration
Free
Space
Storage
Devices CD-ROM
Free Space = Storage Deposit
Partitioned Free Space Free Free Free

Space Space Space
Storage Storage
Pool Pool
Volume size
can equal
storage pool
size
Logical Logical Logical Traditional NSS

Vol1 Vol2 Vol3 volume volume
(Read-Only)

103-000141-001
August 30, 2001
Novell Confidential
2 Setting Up and Configuring Novell

Storage Services
Novell® Storage ServicesTM installs automatically when you install

NetWare® 6. This section provides instructions for setting up and configuring
Novell Storage Services (NSS) after the installation. It also contains
information about configuring and maintaining traditional partitions and
volumes.
System Requirements
A server running NetWare 6
A least 10 MB free space to create an NSS storage pool and logical
volume
Setting Up Novell Storage Services
Updating NSS Volumes

After you upgrade to NetWare® 6 and reboot the server, you need to update
your NSS volumes. NSS volumes from previous releases will not function
until you update them to NetWare 6 volumes—they do not upgrade
automatically.
Checking the NDS Status
Before you update NSS volumes, you must ensure that NDS® is running
properly; otherwise, the upgrade process might remove your trustees. To
check ensure NDS is running, you need to check the time stamp for the
backlink process.
Setting Up and Configuring Novell Storage Services 19

103-000141-001
August 30, 2001
Novell Confidential
Do the following to ensure NDS is running:

1 Use iMonitor to determine that the upgrade process is complete.
1a Open iMonitor in a network browser by entering the IP address of the
server followed by /nds. For example: http://155.555.1/nds.
1b Click Agent Process Status > External Reference Status.
1c Make sure the time stamp (under the Time column) shows a time
after the time you began the upgrade—specifically when NDS
unloaded during the upgrade. The following graphic provides and
example of the time stamp:
If the time stamp shows a time earlier than when you began the
upgrade, the backlink process is not complete. Repeat Step 1a
through Step 1c until the backlink is complete.

103-000141-001
August 30, 2001
Novell Confidential
Upgrading NSS Volumes
To upgrade NSS volumes, enter one of the following commands at the

NetWare 6 server console:
NSS /ZLSSVOLUMEUPGRADE=volumename
Transaction Tracking System (TTS)

Transaction Tracking protects database applications by backing out
transactions that are incomplete due to a system failure. TTS can be available
on either all traditional or all NSS logical volumes. It cannot be available on
all volumes if you use both types of volumes. If your system uses both
traditional and logical volumes, by default it can only work on traditional
volumes. If you want to use it on logical volumes on a system that has both,
you must enter DISABLE TTS on the AUTOEXEC.NCF then enable the
feature on each logical volume you want it on. Unlike traditional volumes,
TTS does not apply to logical volumes by default. To enable it on logical
volumes, enter the following command at the server console:
nss/transaction=<volname>.
Setting the Cache Buffers

A cache buffer is a block (4 Kb) of NetWare server memory (RAM) that
temporarily stores data. When you install NSS, it consumes 60 percent of the
the cache buffers by default.
The following are options for changing the cache buffers:
You can set a maximum of 1048576 cache buffers.
You can set the buffers in percentages rather than integers.
Use the following commands at the server console to set your cache buffers or
tune your cache parameters. You can set or tune cache buffers at anytime.

103-000141-001
August 30, 2001
Novell Confidential
Task Purpose Command
Set number of cache buffers This sets the minimum number of nss/
cache buffers allocated for NSS file MinBufferCacheSize=
system access. The default and value
minimum number of cache buffers is
512. The range is 256 to 1048576.
Look up cache buffers To quickly look up cache buffers, the nss/NumHashBuckets

cache uses a hashing algorithm that
maps names to buckets. Sometimes
multiple names map to the same
bucket. When this occurs, all names
must be searched to determine if the
entry is in the cache. The number of
entries in the hash table is proportional
to the amount of free memory available
when you load NSS.
Set cache buffers for You can set the minimum number of nss/
traditional file system cache buffers that NSS allocates for MinOSBufferCacheSize
traditional file system access. To
accomplish this, NSS returns pages to
the operating system. This occurs until
the operating system has enough
pages, or until NSS reaches the
minimum number of pages. The
default is 1024. The range is 1024 to
1048576.
Set the cache for file and This sets the number of Name cache nss/NameCacheSize
directory entries entries. NSS keeps a cache of the file
and directory names it recently looked
up. This speeds up opening files and
path searches. The default is 2111.
The range is 3 to 65521.
Set name cache to on or off This sets Name Cache to ON or OFF. nss/(No)NameCache
The default is ON.
Use percentages instead of This sets the buffers to percentages nss/(No)CacheBalance

integers for cache balancing rather than integers for dynamic
balancing of free memory for the buffer
cache. The default is ON. Use this
switch with /MinBufferCacheSize.

103-000141-001
August 30, 2001
Novell Confidential
Set the amount of cache This is the percent of cache between nss/
NSS takes from the NSS and the server. The CacheBalance=value
traditional file system CacheBalance percentage determines
how many cache blocks NSS will take
from the traditional file system for its
own cache. A high cache balance
percentage will impede the
performance of the traditional file
system. A low cache balance will
impede the performance of NSS. We
recommend that you set the cache
balance parameter to equal the
percentage of the total disk space you
allocate for NSS. However, do not
exceed 80 percent. You might want to
initially set the parameter at 50 percent
and adjust this number as necessary.
The default is 60 percent. The range is
from 1 to 99 percent.
Limit the number of cache This is the maximum number of cache nss/
buffers buffers you want. Every time you do a cacheBalanceMaxBuffer
cache balance, limit the number of
cache buffers to this amount.

103-000141-001
August 30, 2001
Novell Confidential
Show the cache hit ratio at This is the number of cache hits nss/CacheHit
the server console divided by the number of attempts to
get a file cache buffer from the cache.
Any amount above 90 percent is good.
This means the system is spending
less time going to the disk to retrieve
data. Lower numbers indicate NSS
needs more memory. If this occurs,
you might want to set the cache
balance percentage higher.
Cache hit is the number of times that

NSS finds the desired file block in the
cache buffers.
Cache miss is the number of times that

NSS does not find the desired block in
the cache buffers.
If you allocate more memory to NSS,

the cache hit percentage increases.
You can add more memory by adding
more physical memory, increasing the
cache balance, or increasing the
minimum number of cache buffers for
NSS. We do not recommend lowering
the minimum number of OS cache
buffers.
Set the number of This parameter specifies the number nss/AuthCacheSize

Authorization cache entries of cache buffers that will be used to
speed up authorization requests. If
many trustees have been set on
different files and directories, we
recommend that you increase this
number. The default is 1024. The
range is 16 to 50000.

103-000141-001
August 30, 2001
Novell Confidential
Determine how often NSS This timer lets you determine how nss/CacheBalanceTimer
rebalances the amount of often (in seconds) NSS will rebalance
cache it uses the amount of cache it uses according
to the total amount of memory on the
server. If you have difficulty loading
NLMs because of low memory, you
might want to lower this timer setting. A
lower setting forces NSS to rebalance
more often. If your server is stable, you
might want to increase this timer so
NSS does not work as hard; this will
ensure the cache remains balanced.
NSS checks the total number of cache
buffers to determine if the
CacheBalance percentage is met. It
then adjusts the timer to provide the
appropriate number of cache buffers.
The default is 30. The range is 1 to
3600.
Set the flush time for This sets the flush time for modified nss/BufferFlushTimer
modified cache buffers cache buffers in seconds. The default
is 1 second. The range is 1 to 3600
seconds.
Show cache buffer statistics This shows the cache buffer statistics. nss/CacheStats
Reset cache statistics This command lets you clear the nss/reset
current statistics and start over. This is
useful for checking the results of
changes to the system.
Using ConsoleOne to Configure Novell Storage Services

ConsoleOneTM is the primary utility you use to configure and maintain
partitions, storage pools, and volumes in NSS. To open ConsoleOne and
access the options you need, complete the following:
1 Open ConsoleOne.
2 Open the tree you want to work with.
3 Right-click on the server object you want.
4 Click Properties.

103-000141-001
August 30, 2001
Novell Confidential
This opens the ConsoleOne interface where you can access the snap-ins
for managing NSS. The NSS configuration features are in the Media
snap-in.
Setting Up ConsoleOne on a Workstation

To use ConsoleOne on a client workstation, you need to load ConsoleOne 1.3
or later. Then you must copy the NSS JAR files from your server to your client
machine.
1 Copy these three NSS JAR files to your local LIB directory:
public\mgmt\consoleone\1.3\lib\nssadmin.jar
public\mgmt\consoleone\1.3\lib\nssc1lib.jar
public\mgmt\consoleone\1.3\lib\nssjavalib.jar
2 Copy these two JAR files to your local RESOURCES directory:

public\mgmt\consoleone\1.3\resources\nssadminres.jar
public\mgmt\consoleone\1.3\resources\nssc1libres.jar
3 Copy the following JAR file to your local SNAPINS directory:
public\mgmt\consoleone\1.3\snapins\nssadminreg.jar
Configuring Disk Space

To set up the NSS storage and file system, complete the following tasks in the
given order:
1. Create a RAID device (optional).
See “Creating a RAID Device” on page 27.
2. Create partitions.
See “Creating a Partition” on page 29.
3. Mirror partitions.
See “Creating a Partition” on page 29.
4. Create storage pools.
See “Creating a Storage Pool” on page 31.
5. Create logical and traditional volumes.
See “Creating a Logical Volume” on page 32 and “Creating a Traditional
Volume” on page 37.

103-000141-001
August 30, 2001
Novell Confidential
Creating a RAID Device
NSS lets you create a RAID 0 device by striping data across multiple drives
on your system. This RAID configuration occurs at the software level. You
can use this RAID feature for both logical and traditional volumes.
Important information about NSS RAID
Each element in the RAID configuration should come from a different
device. NSS will let you obtain RAID elements from the same device, but
this will severely impede the performance of your file system.
Currently, the NSS RAID supports RAID 0. This means there is no disk
redundancy. If one element in the RAID device malfunctions, the entire
configuration is unusable.
NSS RAID can accommodate a maximum of eight segments (amount of
space used from each device) on a device per RAID 0 logical device.
The stripe size (amount of data the file system places on one device before
moving to the next device) ranges between 4 KB and 256 KB in
increments of 2 KB.
1 From ConsoleOne, open the tree you want.
2 Right-click on the server object and select Properties.
3 Click Media > Raid Devices > New.
4 Enter the amount of space you want to obtain from each storage device in
megabytes.
5 Select a segment size.
6 Select a stripe size.
7 Select a RAID type.
The RAID type indicates the method of how data is striped across the
different disks.
8 Click Next.
9 Select the devices you want to use for the RAID configuration.
You can select one or more devices, but select only the ones you want to
use for the RAID configuration.
10 Click Finish.
The file system first creates a virtual device unit, then creates a RAID
device.

103-000141-001
August 30, 2001
Novell Confidential
Deleting a RAID Device
When you delete a RAID device, the file system deletes all the partitions and
volumes from all physical storage devices used in the RAID configuration.
3 Click Media > Raid Devices.
4 Select the Raid device you want to delete.
5 Click Delete.
The file system displays a warning message to ensure you want to delete
the RAID device.
6 Click Yes or No.
Increasing the Size of the RAID Device
You can increase the size of a RAID device by adding more segments from
another storage device. You should not place more than one RAID segment on
a disk; this will severely impede the performance of your file system.
1 From ConsoleOne, click Media > Raid Devices.
2 Select the RAID device you want to increase.
3 Click Increase Size.
4 Select the device you want to add to the RAID configuration.
5 Click Finish.
After you add another physical storage device to your RAID device, you
must restripe the configuration. This stripes the data to the other device
you added.
NOTE: The file system performance might slow down during the restriping
process. Make sure you add all the physical storage devices you want to the RAID
device before you click Restripe.
6 Click Restripe.
The Restripe option recognizes new devices in your RAID configuration
and distributes the data across all the devices.

103-000141-001
August 30, 2001
Novell Confidential
Marking a Device as Sharable for Clustering
Some storage devices exist in a storage area network (SAN). These devices
can be shared by multiple servers in a cluster.
IMPORTANT: The system hardware does not specify disk drives to come up
automatically as sharable for clustering or not sharable for clustering. You must
manually set different devices according to the configuration of your storage
system.
The following is important information about making drives Sharable for

Clustering:
All portions of an NSS pool must be on a storage device using the
Sharable for Clustering feature. This means if you have a storage pool that
spans multiple devices, all these devices must be either sharable for
clustering or not.
The Sharable for Clustering option is not available for devices that
contain the storage pool SYS: or Volume SYS:.
ConsoleOne does not provide the Sharable for Clustering option for
devices that contain traditional partitions and volumes.
When you add partitions to a mirror group, all partitions in that group
must be either sharable for clustering or not.
3 Click Media > Devices.
4 Select a device.
5 Select Sharable for Clustering.
6 Click OK.
Creating a Partition
The first task for setting up NSS is to create partitions on your storage devices
for the NSS storage pools and logical volumes.
2 Right-click the server object and select Properties.
3 Click Media > Partitions > New.
4 Select a device to create a partition on.

103-000141-001
August 30, 2001
Novell Confidential
5 Select the type of partition you want to create (NSS, Traditional, Remote
Storage Device).
6 Enter the size of the partition in bytes (B), kilobytes (KB), megabytes
(MB), or gigibytes (GB).
7 To reserve space for the Hot Fix error correction feature, select Hot Fix
and enter the amount of space or percentage you want to reserve.
Mirrored partitions must be compatible in data area size. This means the
other partitions in the group. The physical size (combined data and Hot
Fix size) of the partition must be at least 100 KB, but no more than 120
MB larger than the data size of the existing partitions in the mirror group.
8 To mirror the partition, select Mirror and select one of the following
options:
Create New Mirror. This option means you are making the partition
capable of being part of a mirror group. You do not actually create
the group until you add another mirrored partition to the partition you
are creating.
Existing Mirror Group. (If you select this option, also select the ID
of the mirrored partition.) This shows a list of existing mirror groups
that are compatible in data area size. This option lets you add this
new partition to one of the mirror groups in the list.
9 Select a label for the partition (optional).
10 Click OK.
Deleting a Partition
When you delete a partition you remove all volumes and data on that partition.
If the partition is mirrored, the other partitions in the mirror group will retain
the data from the deleted partition. If you want to delete a mirrored partition,
you must unmirror that partition before you delete it.
Unmirror a partition
3 Click Media > Partitions > Mirror.
4 Select the partition you plan to delete, click Remove.
This removes the partition from the mirror group. You can now delete the
partition.

103-000141-001
August 30, 2001
Novell Confidential
Delete a Partition
3 Click Media > Partitions.
4 Select the partition you want to delete, click Delete.
Creating a Storage Pool
After creating and setting up your partitions, you can create storage pools
within the partitions. When you create a storage pool, NSS lets you determine
how much space to use from each storage device on your server.
When you create storage pools, you use partitioned disk space. However, you
can select unpartitioned space. This will create a partition and make the
storage pool the same size of the partition because you can have only one
partition per storage pool.
3 Click Media > NSS Pools > New.
4 Enter a name for the new storage pool and click Next.
5 Select the existing NSS partitions or unpartitioned free space that you
want to use for the pool.
If you select an unpartitioned device, you can double-click on the number
in this column to edit the current amount of space you want to obtain from
the storage devices. The storage pool size will be the total of all devices
in the pool.
6 Enter the size you want from each NSS partitioned space or unpartitioned
space and click Next.
You can select any of these options:
Create a Logical Volume with this same name. Automatically
creates a logical volume when you create the pool.
Sharable for Clustering. Available if Clustering is installed and you
want to use the feature.
Activate. Activates your pool and any logical volumes when you
create the pool. Otherwise, you can activate it later.
7 Click Finish.

103-000141-001
August 30, 2001
Novell Confidential
Creating a Logical Volume
After creating storage pools, you can create any number of logical volumes for
the storage pools according to the physical space available. When you create
a logical volume, you can either assign it a space or allow it to expand to the
pool size.
The size of a single volume cannot exceed the size of a storage pool. However,
the combined sizes of multiple volumes can exceed the size of the storage
pool. This is called overbooking. For example, you might have an 800 MB
storage pool with eight volumes set at 100 MB each. That is the maximum
amount of space you have in the pool. To overbook the pool, you can add
volumes or increase the size of existing volumes knowing that not all the
volumes in the storage pool will fill up. If the volumes fill up, you need to add
more disk space.
NSS recognizes DOS, Macintosh*, UNIX*, and long name spaces.
3 Click Media > NSS Logical Volumes > New.
4 Enter a name for the volume and click Next.
5 Select the storage pool where you want to store the unpartitioned space or
NSS partitioned space.
If you select unpartitioned space, NSS creates an NSS partition, then the
storage pool, then the volume.
Enter a quota size for the volume if you want to limit the size of the
volume.
Mark “Allow volume quota to grow to the pool size” if you want the
volume expand to the size of the pool.
7 Click Next.
8 Select the attribute settings you want for the new logical volume from the
following list:
Backup. Indicates if the volume should be backed up. Set this flag if
the volume contains data you want to back up. Clear this flag if the
volume is empty or if backing up the data is unnecessary. This
backup option is separate from the third-party backup vendor you

103-000141-001
August 30, 2001
Novell Confidential
use. This means your backup system might not recognize this option
whether you select it or not.
Compression. Activates file compression in the logical volumes.
Data Shredding. Activates the Data Shredding security feature. This
feature scrambles any data that you delete to prevent anyone from
accessing the information with a disk reader. Enter the number of
times you want the data shredder to scramble your deleted files. You
can select between one and seven times.
Directory Quotas. Activates a feature that lets you assign a
maximum quota of space a directory can have
Flush Files Immediately. Activates the feature that flushes all data
in a file to disk immediately when you close the file.
Modified File List (MFL). This provides a list of all files modified
since the previous backup. A third-party vendor must implement the
Modified File List feature in order for you to use it.
Salvage Files. Activates the feature that lets you salvage deleted
files. The file system keeps all deleted files in an allocated space until
that space is needed for other data. The Salvage feature tracks the
files and lets you retrieve the data for a time until the space is needed
for other data. You must select this option to salvage the files in the
volume.
Snapshot-File Level (File Snapshot). Activates the Snapshot feature
at the file level. The Snapshot feature allows the backup utility to
capture a snapshot of the last closed version of a file. For example, if
your system backs up or crashes while you have a file open, this
feature will save a copy of the file before you opened it. You might
lose some new information, but you will retain all the previous
information.
User Space Restrictions. Activates the user space restrictions
feature on the volumes you create.
Activate. Activates logical volumes as soon as you create them.
Mount. Mounts logical volumes as soon as you create them.
9 Click Finish.
You can now store and manage files in the NSS system.

103-000141-001
August 30, 2001
Novell Confidential
Renaming a Storage Pool

You can rename existing storage pools. For example, you might want to assign
a storage pool name that relates to a department name change.
3 Click Media > NSS Pools.
4 Select a pool to rename.
5 Click Rename.
6 Enter a new name for the pool.
7 Click Finish.
Renaming a Logical Volume

You can rename logical volumes. For example, you might want to change the
name of a volume to reflect the department or organization that uses it.
3 Click Media > Logical Volumes.
4 Click Rename.
5 Enter a new name for the logical volume.
6 Click Finish.
Increasing the Size of a Storage Pool

You can increase the size of your storage pools, but you cannot reduce their
size.
4 Select the storage pool you want to increase, then click Increase Size.
5 Select the storage objects you want to obtain the space from.

103-000141-001
August 30, 2001
Novell Confidential
6 Enter the amount of space you want from each storage object in the Used
column.
7 Click Finish.
Deleting NSS Pools or Logical Volumes

You might need to delete a storage pool or a logical volume to create more free
space for other storage pools. When you delete a logical volume or a
traditional volume from a partition, that partition still owns the space, but you
can reassign the space to another storage pool or traditional file system
volume. When you delete a partition, ownership of the space in that partition
is removed.
After you delete a logical or traditional volume, free space becomes available.
You can assign this space to other storage pools to increase their size. You can
also use the free space (if you removed NSS ownership) for a traditional file
system volume. If necessary, you can restore a volume, see “Reviewing and
Restoring Deleted Logical Volumes” on page 35. If you delete a storage pool,
you cannot restore any of the volumes in that pool.
3 Click Media > NSS Pools or Logical Volumes.
4 Select the pool or volume you want and click Delete.
Reviewing and Restoring Deleted Logical Volumes

If you delete a volume, the file system removes it from the storage pool.
However, for a specified amount of time, called the Purge Delay time, you can
review and even restore the contents of the volume you deleted. For example,
you might want to restore information in a volume that was deleted in error.
You must retrieve the volume before the delay time elapses; otherwise, the
volume is removed from the system and you can no longer access it.
If you delete a storage pool, you delete all the volumes in that pool. You cannot
restore volumes.
The default setting for the Purge Delay time is two days. After this time
expires, NSS automatically purges the volume.You can change the Purge
Delay time to extend or reduce the time for the automatic purging cycle. See
“Changing the Purge Delay Setting” on page 36. You can also manually purge

103-000141-001
August 30, 2001
Novell Confidential
deleted volumes. You purge or restore volumes in the “Deleted Logical

Volumes on Pool” screen.
4 Click Deleted Volumes.
5 Select one of the following options:
Purge. Click Purge to immediately purge all the deleted volumes.
Prevent Purge/Allow Purge. Click Prevent Purge to stop the
volume purging process. For example, you might want to access the
deleted volume again, or wait until there is less activity on the server.
After you click Pause Purge, the button changes to Allow Purge.
Click this button to purge the volume.
Salvage. Click Salvage to restore the deleted volume.
Refresh. Click Refresh to rescan the volumes that have been deleted
and update the list in the panel.
6 Click Close when you are finished.
Changing the Purge Delay Setting

The default for the Purge Delay setting is two days. This is the amount of time
that you can still access the volume before it is removed from the system. To
change the Purge Delay time, enter the following at the server console:
NSS/logicalVolumePurgeDelay=ddd
In this command, you replace ddd with the actual number of seconds to delay
the auto purge. The default is 172800 (2 days). For example, if you want to
change the Purge Delay time for one day, enter 86400.
The Purge Delay change command is not permanent. You must enter the
command each time you restart the server. If you want to make the new setting
permanent, enter the command in the AUTOEXEC.NCF file.

103-000141-001
August 30, 2001
Novell Confidential
Creating a Traditional Volume

NSS is the default file storage and management system in NetWare 6.
However, you might want to continue maintaining traditional partitions and
volumes in NSS. The following is a list of guidelines for creating traditional
volumes in NetWare 6:
NWCONFIG and NSS Menu are not compatible with NetWare 6. Use
ConsoleOne to create, mount, modify, and rename traditional volumes.
You can use VREPAIR to fix traditional volumes, but you need to use
VERIFY and REBUILD for all logical volumes. For instructions on using
VREPAIR, see VREPAIR in the Utilities Reference.
You cannot put traditional volumes in an NSS storage pool.
If you create a traditional volume in NetWare 6, you cannot access that
volume from previous releases of NetWare.
You can use ConsoleOne to create, mount, and manage traditional volumes.
3 Click Media > Traditional Volumes.
4 Click New.
5 Enter a name for the volume and click Next.
6 Select either partitioned or unpartitioned.
7 Enter a size for the volume in the Used column and click Next.
8 Select a block size from the pull-down menu.
9 Select any of the following options:
Compression. Enables the file system to compress the files in the
volume. You set up file compression when you create volumes. Once
you enable file compression, you cannot turn it off without creating
the volume again.
Migration. Enables the operating system to move infrequently
accessed data to remote areas on your server. This creates space for
new and more commonly accessed data. Selecting this option only
enables the attribute. The data migration feature uses a third-party
software package that does the migration function.

103-000141-001
August 30, 2001
Novell Confidential
Suballocation. Enables the file system to divide partially used disk

blocks into suballocation blocks of 512 bytes. These blocks can be
used by other data files.
Mount Volume on Creation. Instructs the operating system to
mount the volume when you create it. Otherwise, you can mount it
later.
10 Click Finish.
Increasing the Size of a Traditional Volume

To increase the size of a traditional volume, you need to add another segment
to that volume.
4 Select a volume and click Increase size.
5 Select the storage device you want to obtain space from.
6 Double-click on the Used column next to the selected storage device.
7 Enter the amount of space you want.
8 Click Finish.
Renaming a Traditional Volume

You can rename a traditional volume.
4 Select the volume you want to rename and click Rename.
5 Enter a name.
6 Click Finish.

103-000141-001
August 30, 2001
Novell Confidential
Deleting a Traditional Volume

You can delete traditional volumes.
4 Select the volume you want to delete and click Delete.
Dismounting a Traditional Volume

To repair a traditional volume, you need to dismount that volume.
4 Select the volume you want to dismount and click Dismount.
The button label changes to mount.
Repairing a Traditional Volume

Typically, you can't mount a volume if it has even minor damage.
Occasionally, a damaged volume mounts and causes errors in the process.
Use VREPAIR to correct volume problems or to remove name space entries
from File Allocation Tables (FATs) and Directory Entry Tables (DETs). For
instructions on using VREPAIR, see VREPAIR in the Utilities Reference.
NOTE: If you need to repair an NSS volume, see “Rebuilding NSS Storage Pools
and Volumes” on page 48.
You can run VREPAIR on a damaged volume while other volumes are
mounted. Following are typical instances when VREPAIR can help:
A hardware failure either prevented a volume from mounting or caused a
disk read error.
NOTE: Although VREPAIR can't fix hardware problems, VREPAIR can sometimes
fix related volume damage.
A power failure caused a corrupted volume.

103-000141-001
August 30, 2001
Novell Confidential
The server console displays a mirroring error when the server boots. This
mirroring refers to the two copies of FATs and DETs that the operating
system keeps (if disks are mirrored, NetWare keeps four copies).
If a volume fails to mount as the server is booting, VREPAIR loads
automatically and attempts to repair the volume.
When VREPAIR autoloads, it uses the default options. If you want to use an
alternate option, load VREPAIR manually and set the alternate option before
running VREPAIR.
NOTE: If you don't want VREPAIR to automatically repair a volume that won't
mount, use the SET parameter named Automatically Repair Bad Volumes to
change the default.
Prerequisites
The volume you want to repair must be dismounted.
If the volume to be repaired has name space support, the corresponding
VREPAIR name space module (V_namespace.NLM) must be located in
either the SYS:SYSTEM directory or in a search path directory.
Example modules include V_MAC.NLM and V_LONG.NLM.
Procedure
1 At the server console prompt, enter
VREPAIR [volume_name] [logfile_name]
(Optional) Replace volume name with the name of the volume to repair.
If there is only one volume that is dismounted, you don't need to specify
this parameter, since VREPAIR will attempt to repair that volume.
(Optional) If you want to save the error log, replace the logfile_name with
the name of the file you want VREPAIR to create. VREPAIR creates a log
of errors it finds. VREPAIR displays the errors on screen and will write
them to a file if you specify a filename.
When you load VREPAIR, an Options menu is displayed.
2 Accept the default options, or select alternate options, as appropriate.
The first time you try to repair a volume, accept the default options. If the
default options fail to repair the volume, select alternate options.
2a To accept the default options, continue with Step 3.

103-000141-001
August 30, 2001
Novell Confidential
2b To set alternate options at the Options menu, choose Set VRepair

Options by typing
2 Enter
3 To begin the repair process, choose Repair A Volume from the Options
menu.
If more than one volume is dismounted, select the volume to repair
from those listed.
If only one volume is dismounted, VREPAIR assumes it is the
volume that needs repairing and begins the repair.
As the volume is being repaired, the server console screen displays a
message indicating VREPAIR activity.
4 (Optional) Modify error log settings after the repair has started.
If VREPAIR finds many errors during the repair process, you might want
to change some of the run-time error settings. To modify these settings
after the repair has started, press F1 to display the Current Error Settings
menu.
Select Option 1 if you do not want VREPAIR to pause after each
error.
Select Option 2 if you want VREPAIR to log errors in a text file.
Select Option 3 to stop the repair of the volume.
Select Option 4 to continue with a volume repair after you have
stopped it.
5 When the repair is complete, answer Y when prompted to write repairs to
the disk.
6 If VREPAIR has found errors, run VREPAIR again by repeating Step 2
through Step 6. Repeat until VREPAIR finds no errors.
If you are unable to mount the volume after running VREPAIR several
times, you must delete the volume, re-create the volume using
ConsoleOne.

103-000141-001
August 30, 2001
Novell Confidential
Setting Up File Snapshot

The File Snapshot feature enables your backup utility to keep an original copy
of all data files. For example, when your system backs up or crashes at a time
when you are modifying a file, the file backup could contain both old and new
data. Snapshot captures the most recent closed copy of the file. This way, if
you lose data between the backup cycles, you still have a solid copy of the
previously saved file.
If you select File Snapshot on a volume, the backup utility copies all the meta-
data (owner, created date/time, modifier, etc.). During write requests, only the
data that is being written to is copied. NSS recognizes how to return the
appropriate data when read requests come in for the real file or the Snapshot
file.
Use the following NSS command at the server console to enable the File
Snapshot for a volume:
nss/FileCopyOnWrite=<volName>
or
nss/FileCopyOnWrite=all
To disable File Snapshot, enter the following:
nss/NoFileCopyOnWrite
After you set up File Snapshot on your volumes, you need to deactivate the
volumes. Then you need to activate and mount the volumes again to ensure
there are no open files without a snapshot.
To open a snapshot file for backup, you need to set a bit in the requested rights
parameter in addition to READ_ACCESS_BIT. This bit is 0x04000000. It is
defined in the NSS header files as zPR_READ_ACCESS_TO_SNAPSHOT.
The default setting for File Snapshot is when your file system receives an open
for write request, it will wait for the backup open to close the file. If you want
to return an error, the backup open should also set the deny the write bit.
To get information on a snapshot file, use the getInfo command. Any getInfo
call that returns packed information with the RNewStyle bit set in the info
mask is supported. You need to set an additional bit 0x20000000 in the
information mask. This bit is defined at RNSSInfoOnSnapshot in NSS header
files. Both open and getinfo calls require the bit for requested rights and the
bit for additional info mask.

103-000141-001
August 30, 2001
Novell Confidential
The following are some additional calls that return information about File
Snapshot:
GetFileSize
GetFileHoles
You can also use ConsoleOne to select the File Snapshot feature. See
“Creating a Logical Volume” on page 32.
Converting Traditional Volumes to Logical Volumes

You can convert traditional volumes to logical volumes. This is not an
automatic process or an in-place upgrade. You need to ensure you have
enough space to transition from a traditional volume to a logical volume and
maintain your attributes. The conversion utility is a server command that
copies the data from a traditional volume to an NSS logical volume in an NSS
storage pool. (For example, if you want to move a 2 GB volume, you need to
have at least 2 GB of free space available. The original volume will be
renamed volumename_old. The new logical volume will keep the original
volume name.
Volume Conversion
After you copy the traditional volume to a logical volume, you can restart the
server to ensure the volume converted properly. If the volume converted, you
can remove the traditional volume. After you copy traditional volume data to
a logical volume in NetWare 6, you cannot access the new logical volume in
NetWare 5.1. You would need to either retain the data in the traditional
volume, or copy the data back to the traditional volume.
The volume conversion utility can convert volumes with long names.
The following is a sample command line with all the available parameters for
converting traditional volumes:
vcu /p /l /i /d /r originalVolume nssPool [ds_container [ds_volName]]
/p: Do not print directory file names.
/l: Do not write errors to log file (Dst_Vol:error.out).
/i:Keep file COMPRESS_FILE_IMMEDIATELY_BIT.

103-000141-001
August 30, 2001
Novell Confidential
/d: Delete original volume if copy process is successful. If you choose to

delete the traditional volume, the new volume will retain the name of the
that volume.
/r: Remove xxx_new NSS volume and restore xxx traditional volume (use
this option if you want to keep the original volume name for the new
logical volume name).
ds_container: Original volume’ DS container
ds_volumeName: If specified, the vcu conversion utility uses this name
to rename or delete the original volume’s DS object. Otherwise, vcu.nlm
uses serverame_originalVolName as the default DS name
The parameters in this list are optional; you can include any of the parameters
in the list.
To convert a volume, you specify the volume to convert and then specify the
NSS pool where you want to store the data from the volume. Enter the
following at the server console:
vcu volume_name pool_name
For example,
vcu apps poolone
In this example, the volume conversion utility copies the data in the volume
apps and places it in Poolone.
If you want to keep the name of the traditional volume and use it for the new
logical volume, enter the following at the server console:
vcu /r xxxx yyyy_old[ds_container[ds_volName]]
In this example, xxxx is the original traditional volume name, yyyy_old is the
modified traditional volume name. If xxxx is longer than 11 characters,
yyyy_old might be VCU0000_old, otherwise yyyy_old will be xxxx_old.

103-000141-001
August 30, 2001
Novell Confidential
Modifying NDS Objects

The volume conversion utility lets you modify the NDS objects and physical
names for both logical and traditional volumes except the VOL SYS. Use the
following commands VCU commands if you want to change the NDS objects
with the volume conversion process.
Volume copy
vcu VCUTargetVolName NSSPoolName [DS_container
DS_NSSPool_name DS_volname]
Volume restore
vcu /r VCUTargetVolName VCUTargetVOlName_old [DS_container
DS_NSSPool_name DS_Volname
Setting Up User Space Restrictions

You can limit the amount of space users can have on a volume. This is
beneficial for systems that accommodate a large number of users, such as
students. You might need to regulate the amount of space each user can have.
When you create volumes, you can select the user space restrictions option.
3 Right-click on the volume that contains the user object you want.
4 Click Properties > Attributes > NSS Attributes.
5 Select User Space Restrictions.
6 Click Users with Space Restrictions.
7 Select the user you want to apply restrictions to.
If the user you want is not in the list, do the following:
7a Click Add.
7b Browse for the user you want.
7c Double-click on the user.
The User Space Restriction dialog box opens. You can enter or
modify the User Space Restriction parameters in this box.

103-000141-001
August 30, 2001
Novell Confidential
8 Click Modify.
9 Enter or edit the user space amount in the Limit field and click OK.
Setting Up Directory Space Restrictions

You can limit the amount of space occupied by a directory and the files it
contains.
1 Open ConsoleOne.
2 Right-click on the directory you want.
3 Click Properties and then Facts.
4 Select Restrict Size.
5 Enter the amount you want to limit the size to and click Apply.
6 Click Close.
Mounting a Logical Volume

After you set up and configure logical volumes, you can mount them.
3 Click Media > NSS Logical Volumes.
4 Choose the logical volume you want to mount and click Mount.
Deactivating/Activating NSS Pools and Volumes

You might need to temporarily restrict user access to a storage pool or volume.
Instead of bringing down the server, you only need to deactivate the specific
volume or pool. You can deactivate both storage pools and volumes; however,
you can only do maintenance (rebuild and verify) on storage pools. This
means that users will be unable to access any of the volumes in the pool while
you run REBUILD and VERIFY. When you use REBUILD and VERIFY a
log file is generated to the root of the DOS drive. For instructions on running
REBUILD and VERIFY, see “Rebuilding NSS Storage Pools and Volumes”
on page 48.

103-000141-001
August 30, 2001
Novell Confidential

3 Click Media > NSS Pools or Logical Volumes.
4 Select the storage pool or volume you want to activate or deactivate.
5 Click Activate or Deactivate.
6 Click Activate when you are ready to restore access to the volume or pool.
Salvaging and Purging Deleted Files

You can salvage files that were deleted by users, or purge deleted files to
improve your file system performance. Deleted files are in a DELETED.SAV
directory in the volume’s root directory.
1 In ConsoleOne, open the tree you want.
2 Select the volume that contains the deleted file.
3 Click View > Deleted File View.
The Deleted File section lists the deleted file, the file size, the deletion
date, and the user’s name.
4 Select the file you want to Salvage or Purge.
5 Click Salvage or Purge on the ConsoleOne Toolbar.
Using NetWare Backup Services

You can use the backup services provided with NetWare (Backup and Restore
Services) to back up your NSS data. For instructions for using Backup and
Restore services, see the Storage Management Services Administration
section in the Storage Management Services Administration Guide.
IMPORTANT: Be sure to use the version of the Target Service Agent (TSA600).
Earlier versions do not work with NSS.

103-000141-001
August 30, 2001
Novell Confidential
Rebuilding NSS Storage Pools and Volumes

To repair storage pools and logical volumes, NSS uses the VERIFY and
REBUILD utilities.
VERIFY checks the file system integrity for an NSS pool by searching for
inconsistent data blocks or other errors. This utility indicates if there are
problems with the file system.
REBUILD verifies and uses the existing leaves of an object tree to rebuild all
the other trees in the system. You need to deactivate pools (and all the volumes
in the pools) before you run REBUILD so users cannot access the volumes
you are rebuilding.When you deactivate a storage pool, all the volumes in the
pool automatically deactivate.
REBUILD also copies errors and transactions into an error file called
volume_name.rlf at the root of the DOS drive on your server. Every time you
rebuild a particular NSS volume, the previous error file is overwritten. If you
want to keep old error files, move them to another location. You can check the
error file whenever an NSS volume does not come up in active mode after a
rebuild.
REBUILD is not equivalent to VREPAIR. You should use REBUILD only as
a last resort to recover the file system. If you use it to recover from data
corruption, you will likely lose some data in the process.
When you use REBUILD and VERIFY a log file is generated to the root of
the DOS drive.
1 To run rebuild, enter the following command at the server console:
nss/poolrebuild=<poolname>
This verifies and accounts for all blocks in the system. If the volume has
errors, the errors appear on the screen. The NSS volume remains in
maintenance mode; otherwise, it reverts to the active state. You then need
to mount the volume again.
You can also verify a pool by entering nss /verify for a list of pool
names, and then selecting the pool. Verify is a read-only assessment of the
pool.

103-000141-001
August 30, 2001
Novell Confidential
NSS Server Console Commands

Use the following commands at the server console to view NSS information
and perform tasks.
Online Help Commands

Enter nss /help or nss /? to access Help.
NSS Configuration Information Commands

nss /modules Lists the providers, loadable storage subsystems, and
semantic agents.
nss /status Lists the current NSS status.
volumes Lists all NetWare and NSS volumes that are mounted,
including Admin volume.
nss volumes Lists all NSS volumes, including the Admin volume.
Other NSS Commands

nss /Activate=volume_name Activates an NSS volume.
nss /Deactivate=volume_name Deactivates an NSS volume.
nss /Maintenance=volume_name Switches the specified NSS
volume to maintenance mode.
nss /ForceActivate=volume_name Forces an NSS volume to
become active.
nss /StorageAlarmThreshold=value Lets you set the threshold
for a low storage space warning. The default is 10. The range is 0 to
1000000.
nss /StorageResetThreshold=value Lets you reset the
threshold for a low storage space warning. The default is 10. The range is
1 to 1000000.
nss /(No)StorageAlertMessages Turns ON or OFF the low
storage message to users. The default is ON.
nss /NumWorkToDo=value Sets the number of WorkToDo entries
which may be concurrently executing. NSS uses WorkToDo entries for

103-000141-001
August 30, 2001
Novell Confidential
tasks such as flushing file metadata to disk in the background. Increasing

the number of WorkToDo entries might be useful on a system that is
heavily used. NSS always reserves 20 WorkToDo entries. The default is
40. The range is 5 to 100.
nss /FileFlushTimer=value Sets the flush time for modified open
files in seconds. Increasing this number might reduce the number of
writes to disk; however, it increases the amount of data that will be lost if
the system crashes. The default is 10 seconds. The range is 1 to 3600
seconds.
nss /OpenFileHashShift=value Sets the size of the Open File
hash table (in powers of 2). If many files are used concurrently on the
server, we recommend that you increase this number. The default is 11.
The range is 8 to 20.
nss /ClosedFileHashShift=value Sets the number of closed
files that can be cached in memory. The default is 512. The range is 1 to
100000.
nss /MailBoxSize=value Sets the size of your mailbox. The default
is 228. The range is 64 to 256.
nss /NumAsyncios=value Sets the number of asynchios entries to
allocate. The default is 2048. The range is 4 - 65536.
Numbonds=value Sets the number of bond entries to allocate. The
default is 5000. The Range is 512 - 2097152.
Salvage Enable salvage of deleted files on volumes.
NoSalvage Disable salvage of deleted files on volumes.
UserSpaceRestrictions Enable user space restrictions on the
volume.
NoUserSpaceRestrictions Disable user space restrictions on the
volume.
DirectoryQuotas Enable directory quotas on the volume.
NoDirectoryQuotas Disable directory quotas on the volume.
DataShredding Specify <vol name> [:<count>]. Enables data
shredding for the volume. This is the number of times you want to shred
data. The default value is 1. The maximum value is 7.
NoDataShredding Disable data shredding on the volume.

103-000141-001
August 30, 2001
Novell Confidential
FlushFilesImmediately Synchronously flush files in the volume

when they are closed.
NoFlushFilesImmediately Disable synchronously flushing files
in the volume.
FileCopyOnWrite Create a copy of files in the volume when they are
open for write.
NoFileCopyOnWrite Do not create a copy of files on the volume
when they are open for write.
UpgradeObjectsOnVolume Upgrade objects on volumes to the
current version.
Transaction= Enable transactional writes in files on the volumes.
NoTransaction= Disable transactional writes in files on the
volumes.
Migration= Enable migration of files on the volumes.
NoMigration= Disable migration of files on the volumes.
AllocAheadBlks=value Set the number of blocks to allocate ahead
on writes. The default is 15. The range is 0 - 63.
Compression Enable file compression on the volume.
NoCompression=volume Disable file compression on the volume.
NoBGCompession Start or stop background compression. Stop
BGCompression will stop all the compression requests in the queue.
CompScreen Start the NSS compression statistics screen.
Pools Shows all of the currently available NSS pools.
PoolAutoActivate Activates specified pools at load time.
PoolAutoDeactivate=pool Leaves specified pools deactivated at
pool load time.
PoolAutoDisplay Displays current pool load time policies.
PoolAutoMaintenance=pool Places specified pools in
maintenance mode at pool load time.
PoolAutoVerify Verifies the specified pool’s physical integrity at
startup time.
PoolRebuild=pool Rebuild specified pools.

103-000141-001
August 30, 2001
Novell Confidential
PoolRebuild Select pools from a menu and rebuild them.

PoolVerify=pool Verify the specified pool’s physical integrity.
PoolVerify Select pools from a menu and verify their physical
integrity.
LogicalVolumePurgeDelayAfterLoad The number of seconds
to delay purging deleted logical volumes. This allows time to reverse the
deletion.
LogicalVolumePurgeDelayAfterContinue The number of
seconds to delay purging a logical volume after clicking continue. After
a volume starts to purge, it cannot be salvaged.
VolumeMaintenance Places a volume into a maintenance mode.
Volumes can be put in maintenance mode, but maintenance only occurs
at the storage pool level.
MFL=volume Enables MFL maintenance for the volumes.
NoMFL=volume Disable MFL maintenance for the volumes.
MFLVerify=volume Get the status of MFL maintenance for the
volumes.
FixMFL MFL maintenance for the volumes.
GetMFLStatus Get the status of MFL maintenance for the volumes.
VolumeAutoActivate Activates volume at load time.
VolumeAutoDeactivate Deactivates volume at load time.
VolumeAutoDisplay Displays current volume load time policies.
ZLSSIOStatus Displays current NSS IO status information.
ZLSSPendingWriteIOs Number of write IOs dropped to the storage
subsystem. (0 = all available) [Value=1000 Range=0 - 3000].
ZLSSVolumeUpgrade Allow the 5.x/ZLSS VolumeUpgrade to the
NetWare 6 format to occur during the installation process.
LVDeleteStatusBasic Displays information about deleted logical
volumes.
LVDeleteStatusSalvagable Displays information about
salvagable logical volumes.
ZLSSPoolScan Scans for and loads all ZLSS pools.

103-000141-001
August 30, 2001
Novell Confidential
DOS FAT Commands

nss /(No)FATLongNames Enables long filenames on FAT volumes.
The default is ON.
nss /(No)FATLazyWrites Performs lazy writes of FAT. If set to
ON, data that is written will be kept in memory for a specified period of
time before it is also written to FAT. This increases performance. The
default is ON.
nss /FATLazyWriteDelay=value Sets the FAT lazy write delay (in
seconds). When (No)FATLazyWrites is set to ON, you specify how many
seconds you want data kept in memory before it is written to FAT. The
default is 60. The range is 5-180.
nss /FATPartition=partition_type_number Supports up to three
additional partition types containing 16-bit FATs, such as /
FATPartition=12,13.
nss /space Shows the amount of space on pools and their associated
volumes.
NoClassicDirectoryQuotas Turns emulation of traditional
NetWare volumes on or off. The default is off.
Other Volumes That NSS Creates

There are three Loadable Storage Subsystems (LSS) modules: ZLSS.NSS,
CDHFS.NSS, CD9660.NSS, and DOSFAT.NSS. The ZLSS module provides
access to logical volumes created by the user. The CD9660 module allows
access to CD ROM drives as NSS volumes. The DOS FAT module allows
access to FAT 16 and FAT 12 drives.
CD-ROMs As Logical Volumes

When NSS recognizes a CD ROM, it creates a Read-only logical volume for
that CD ROM. This is done automatically when you load the CDROM.NLM.
However, this volume is not added to NDS.
The new CDROM.NLM loads the CD9660.NSS and CDHFS.NSS modules.
The CD9660.NSS module loads the ISO966, CDHFS, and Macintosh
Hierarchical File System (HFS) file formats. Dual formatted CDs are mounted
as two separate volumes. This means both Macintosh and Windows clients
will see the same CD ROM volumes with two different layouts.

103-000141-001
August 30, 2001
Novell Confidential
The CD9660.NSS module makes the contents of the standard ISO9660

CDROM available as a Read-Only logical volume. If the CDROM is in the
drive when CD9660 loads, it will mount as a logical volume immediately.
The volume name displayed by the NetWare volumes command is the CD-
ROM volume label if one exists. Otherwise, NSS generates a volume name in
this form: CDXXXXXX (where X is a number). This volume functions the
same as any other NetWare volume, except that it is Read-Only.
To load both the CD9660 and CDHFS modules, enter the following at the
server console:
load cd-rom.nlm
To load CD9660.NSS alone, enter the following at the server console:
load cd9660.nss
To load CDHFS.NSS alone, enter the following at the server console:
load cdhfs.nss
To unload CD9660.NSS, enter the following at the server console:
unload cd9660.nss
To unload CDHFS.NSS, enter the following at the server console:
unload cdhfs.nss
The CD ROM unload process dismounts the volumes.
DOS Partitions As Logical Volumes

After you load the DOSFAT.NSS module, any DOS FAT partitions are
dynamically made available as logical volumes. The volume name displayed
by the NetWare volumes command is DOSFAT_X, where X is the drive
letter, for example DOSFAT_C.
The following are some benefits of the DOSFAT.NSS module:
Long filenames (such as DOS filenames for file systems such as OS/2).
This uses the Windows* 95/98 method for placing long names onto a
DOS FAT partition.
NetWare trustee rights. Only users with supervisor rights can access the
volume.

103-000141-001
August 30, 2001
Novell Confidential
NetWare utilities. Any client or server utility that accesses or manages

NetWare volumes can do the same with DOS FAT partitions.
MAP command. NetWare clients can map to the volume and use it as any
other NetWare mapping.
Local partition. Allows access to the local partition.

103-000141-001
August 30, 2001
Novell Confidential

103-000141-001
August 30, 2001
Novell Confidential
3 Viewing Storage Objects
We recommend that you monitor the status of your storage objects and
Novell® Storage ServicesTM configuration to ensure they work properly and
have available disk space.
Viewing Storage Devices

You can use ConsoleOneTM to view your storage devices and see which ones
have free space.
3 Click Media > Show Devices.
The left panel lists all the storage devices on your server.
4 Select the device you want.
For information about the Devices screen, click Help.
Viewing Your NSS Configuration

Occasionally, you might need to review the status of your NSS system storage
devices or storage space. This section explains how to use ConsoleOne to
view the status and usage of your storage devices, storage pools, and volumes.
View Partitioned Free Space

You can view the free space on all NSS and traditional partitions. Partitioned
free space is space within an NSS partition that is not occupied by a storage
Viewing Storage Objects 57

103-000141-001
August 30, 2001
Novell Confidential
pool. On a traditional partition, space that is not occupied by a NetWare®

volume is free space.
3 Click Media > Free Space.
The left panel lists the storage devices that have free space.
4 Select the device you want.
For information about the Free Space screen, click Help.

Any time the Devices button appears, you can click it to open the Devices
screen.
View the Status of Partitions
You can view the status of both NSS and traditional partitions. For example,
you might want to see what space is available on either type of partition.
4 Select the partition you want.
The left panel lists both the NSS and traditional partitions.
For information about the Partitions screen, click Help.
View the Status of Your Traditional Volumes
You can view the status of traditional volumes. For example, you might want
to look at the size of a particular volume, or see the creation and modification
dates.
The left panel lists all the traditional volumes set up on your server.
4 Select the volume you want.
For information about the Traditional volumes screen, click Help.

103-000141-001
August 30, 2001
Novell Confidential
View the Status of Your NSS Storage Pools
You can view the status of NSS storage pools. For example, you might want
to see what volumes are in a particular storage pool, or how much space is in
all your storage pools.
The left panel lists the NSS storage pools.
4 Select a storage pool.
For information about the NSS Pools screen, click Help.

When the Show Pool button appears, you can click it to open the NSS Pools
screen.
View the Status of Logical Volumes
You can view the status of logical volumes. For example, you might want to
see if the volume has a space quota. You might also want to see what space is
available on a volume.
3 Click Media > NSS Logical Volumes.
The left panel lists both the storage pools and the logical volumes.
4 Select a volume.
For information about the NSS Logical Volumes screen, click Help.
Any time the Show Volume button appears, you can click it to see the status
of the volume you selected.
View the Quota and Space Usage for Specific Volumes
You can open a screen that shows the status of a specific volume that has a
space quota. You can also view the status of the storage pool that volume is in.
Viewing Storage Objects 59

103-000141-001
August 30, 2001
Novell Confidential

4 Click Properties.
5 Click Statistics > NSS Quota Usage.
This screen shows the volume’s quota, amount of spaced used, and the
remaining space. The screen also shows the amount of space used and the
available space on the storage pool.
For information about the NSS Quota Usage screen, click Help.
View and Modify Logical Volume Attributes
You can view and modify the attribute settings for specific volumes. These
attributes include data compression, data shredding, directory and user space
restrictions, and snapshot. For example, you might want to apply some of the
features that were not included during the initial configuration of the volume.
2 Right-click on the server properties and select Properties.
3 Click Media > Logical Volumes > Properties > Attributes > NSS
Attributes.
4 Make any attribute changes you want.
For information about the NSS attributes screen, click Help.

103-000141-001
August 30, 2001
Novell Confidential
4 Troubleshooting
The following table describes some problems you might experience with
Novell® Storage ServicesTM (NSS) and provides suggestions for solving the
problems.
For additional troubleshooting information, see the Novell Knowledgebase at
(www.support.novell.com).
Problem Explanation Solution
NSS does not recognize a NSS recognizes only what the For this release, NSS recognizes
Device Media Manager recognizes. only hard drives and CD ROMs.
NSS does not let you create a Your server might not have Ensure you have enough
storage pool or logical volume enough free space to free space to create
create more storage pools another storage pool or
or logical volumes. logical volume. See “View
Partitioned Free Space” on
page 57.
All logical volumes must be Before you create a logical
part of a storage pool. volume, create a storage
pool.
NSS might not own the Create an NSS partition for
free space you want to use your storage pools and
for a storage pool. logical volumes.
Cannot configure a logical NSS might not own enough free Add another storage
volume space for another logical volume. device.
Delete a logical or
traditional volume to free
up space for a storage
pool.
Troubleshooting 61

103-000141-001
August 30, 2001
Novell Confidential
Problem Explanation Solution
Cannot compress a file You must choose the file Apply the file compression option
compression option when you to an existing logical volume:
create a logical volume.
From ConsoleOne, click Media >
NSS Logical Volumes >
Properties > Attributes > NSS
Attributes. Then select
compression.

103-000141-001
August 30, 2001
Novell Confidential
Traditional File Services Administration Guide
Novell
NetWare 6 ®
www.novell.com
T R A D I T I O N A L F I L E S E RV I C E S
August 30, 2001

Novell Confidential
Contents
Preface 7
1 Overview of Traditional File System 9

Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Understanding Mounting a Volume. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Volume Objects in NDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Understanding Volume Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Directory Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Fake Root. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Directory Map Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Optimizing Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
File Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Salvageable Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
File Purging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Drive mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Local Drive Mappings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Network Drive Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Network Search Drive Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
How NetWare Protects Network Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2 Planning 19
Planning Directory Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Directories Created during NetWare Installation . . . . . . . . . . . . . . . . . . . . . . . . 19
Application Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Data Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Home or Username Directories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3 Setting Up the File System 25

Storing Non-DOS Files on a Traditional Volume . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Calculating Memory Required for Name Space Support . . . . . . . . . . . . . . . . . . . . 26
Adding a Name Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Removing Name Spaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Creating a Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Creating a Directory Map Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Contents 5

103-000180-001
August 30, 2001
Novell Confidential
Mapping Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Mapping Drives in Windows 95/98, NT/2000 . . . . . . . . . . . . . . . . . . . . . . . . . 28
Mapping Drives in DOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Distributing Applications on the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Security: Rights to Files and Directories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Description of Directory and File Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Adding a Trustee to a Directory or File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Viewing/Modifying the Inherited Rights Filter for Directories and Files . . . . . . . . . . . . 30
Setting Directory or File Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Description of Directory and File Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Changing Attributes of a Directory or File . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4 Optimizing File System Performance 35

Saving Disk Space with File Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Enabling File Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Disabling File Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Setting File Compression Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Suspending File Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Saving Disk Space with File Purging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Saving Disk Space with Block Suballocation . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Enhancing Disk Response Time With Disk Striping . . . . . . . . . . . . . . . . . . . . . . . . 38
5 Managing 39
Managing Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Viewing Directory and File Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Copying or Moving Directories and Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Salvaging and Purging Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Protecting Data: Disk Mirroring and Duplexing . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Using Directory Map Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Resolving File I/O Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Resolving Volume I/O Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Resolving Problems When the Server Hangs after Mounting Last Volume . . . . . . . . . . . . 44
Resolving Problems When No Volumes Mount . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Resolving Problems When Only Some Volumes Mount . . . . . . . . . . . . . . . . . . . . . 45
Resolving Disk Error Problems When a Volume Is Mounting . . . . . . . . . . . . . . . . . . . 46
Resolving Memory Errors When a Volume Is Mounting. . . . . . . . . . . . . . . . . . . . . . 46
Resolving Volume Mounting Problems Because of Corrupted Directory Entry Tables or File Allocation
Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Resolving Volume Mounting Problems Because of Name Space Module . . . . . . . . . . . . 48
Other Troubleshooting Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
6 Traditional File Services Administration Guide

103-000180-001
August 30, 2001
Novell Confidential
Preface
NetWare® provides the traditional NetWare file system components and

utilities, such as NetWare partitions, NetWare volumes, and file management
utilities.
This documentation includes the following information:
Chapter 1, “Overview of Traditional File System,” on page 9
Chapter 2, “Planning,” on page 19
Chapter 3, “Setting Up the File System,” on page 25
Chapter 4, “Optimizing File System Performance,” on page 35
Chapter 5, “Managing,” on page 39
Chapter 6, “Troubleshooting,” on page 43
NOTE: Novell® Storage ServicesTM (NSS) is the primary file system. You can
create and use NSS partitions and volumes along with traditional partitions and
volumes. This documentation focuses on traditional file system information.
Functionality pertaining to the NetWare file system continues to evolve.

Consequently, there are sometimes a variety of ways in which a particular
procedure can be performed. There are also various ways in which the file
system itself can be viewed. Novell clients, for example, provide access to file
system features and functionality that were once accessible only through
NetWare utilities. Wherever possible, links have been provided in file system
documentation to let you explore the variety of ways in which you can
complete a task.
Because NSS is the primary file system, many of the links in this document
will access it. For more information about NSS, see Introducing Novell
Storage Services in the Novell Storage Services Administration Guide.
Preface 7

103-000180-001
August 30, 2001
Novell Confidential

103-000180-001
August 30, 2001
Novell Confidential
1 Overview of Traditional File System
This chapter of the file system documentation explains key aspects of the
traditional NetWare® file system and contains the following topics:
Volume (page 9)
Directories (page 12)
Optimizing Performance (page 14)
Drive mapping (page 16)
How NetWare Protects Network Data (page 17)
“Security” on page 18
Information on volumes, directories, files, and other characteristics of the file
system is presented to give you background needed for the set-up, managerial,
and other procedures described elsewhere in file system documentation. For
instructions on setting up partitions and volumes, see Setting Up and
Configuring Novell Storage Services in the Novel Storage Services
Administrator Guide.
Volume
There are two types of volumes: traditional and logical. Traditional volumes
consist of a fixed amount of physical space on one or more hard disks. Logical
volumes can grow dynamically according the available physical space. This
document focuses on traditional volumes. For information about logical
volumes, see Create Logical Volumes in the Novel Storage Services
Administrator Guide.
A CD-ROM can also be mounted as a volume. See CD-ROMs As Logical
Volumes in the Novel Storage Services Administrator Guide.
Overview of Traditional File System 9

103-000180-001
August 30, 2001
Novell Confidential
A NetWare server is divided into one or more volumes. The first network
volume is named SYS: and is created during NetWare installation. Using
ConsoleOne, you can create a new volume on any hard disk that has a
NetWare partition. A NetWare server supports up to 64 volumes.
NetWare volumes are subdivided in two ways:
Physically. You divide volumes into volume segments; different
segments of a volume can be stored on one or more hard disks. For
information about volume segments, see “Understanding Volume
Segments” on page 11.
Logically. You divide volumes into directories containing files or
subdirectories by network supervisors and users who have the appropriate
rights.
The file system is similar to and office filing system. This graphic illustrates
the file system architecture:
Subdirectories
Directories
File
Volumes
NetWare server
Understanding Mounting a Volume

When you boot the NetWare server, each volume is mounted, meaning that
The volume becomes visible to the operating system
The volume's FAT is loaded into memory
Each file block of data takes up one entry in the FAT.

103-000180-001
August 30, 2001
Novell Confidential
Because of this, volumes with a smaller block size require more server
memory to mount and manage.
However, if most of your files are small, a large block size wastes disk
space.
The volume's DET is loaded into memory
If a volume fails to mount, it might be because you have run out of RAM. This
is because the FAT takes up cache buffers.
NOTE: The new file system, Novell Storage Services (NSS), mounts volumes
more quickly and can mount any size volume with 1 MB of memory. NSS volumes
can be used along with traditional NetWare volumes. For information about NSS
and its advantages, see Overview in the Novel Storage Services Administrator
Guide.
Volume Objects in NDS

In NDS®, each volume is also a Volume object. Volume objects are leaf
objects that represent a physical volume on the network.
In the Volume object's properties, you can store information about which
NetWare server the physical volume is located on and the volume name
recorded when the volume was initialized at the server (for example, SYS:).
You can also store information such as the volume's owner, space use
restrictions for users, or a description of its use.
You can also view statistical information on disk space availability, block size,
directory entries, name space support, etc.
Understanding Volume Segments

A volume segment is a physical division of a volume. Different segments of a
volume can be stored on one or more hard disks, allowing you to create large
volumes.
A single NetWare partition can only contain eight traditional NetWare
volumes. You can create up to four NetWare partitions per drive (three if the
device also has a DOS partition). Each of these NetWare partitions can only
contain eight volume segments.
By placing segments of the same volume on multiple hard disks, different
parts of the same volume can be read from or written to simultaneously,
speeding up disk input and output.

103-000180-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
However, when you spread segments of a volume over several disks, you
should protect the volumes against disk failure by mirroring; otherwise, if a
single disk fails, one or more entire volumes shut down.
You can add segments to a volume, but removing a segment from a volume
destroys the entire volume.
You can increase the size of a traditional volume by adding another hard disk
to the NetWare server, by setting up a NetWare partition on the disk, or by
adding a new NetWare partition to the existing volume as one or more new
volume segments.
Directories
A directory is a place within a volume where you can store files or other
directories. A Directory within a directory is called a subdirectory. Directories
can contain any number of files and subdirectories.
This section contains the following topics:
“Directory Path” on page 12
“Fake Root” on page 13
“Directory Map Objects” on page 13
Directory Path
A directory or file is located by its path, which states where the directory or
file is on a volume. A path includes the volume, directory, and any
subdirectories leading to the file. The following figure shows how to specify
a path. (Listing the server is optional.)
Figure 1 Directory Path Conventions
NetWare server \ Volume : Directory \ (Sub)directory \ Filename
Separate volume and directory

with a colon (:).
Separate all others with a slash (\).
If your network uses more than one client operating system, keep in mind the
conventions of the different systems. For example, NetWare allows 255

103-000180-001
August 30, 2001
Novell Confidential
characters in a directory path (counting the drive letter and delimiters), but
DOS permits only 127 characters.
Also, some applications restrict the number of characters in the directory path.
For more information, check the application's documentation.
Fake Root
A fake root is a subdirectory that functions as a root directory.
NOTE: Fake roots work with the NetWare DOS Requester, with NetWare shells,
and clients including Windows* 3.x, Windows 95, and Windows NT*. Fake roots do
not work for OS/2* clients. (Under OS/2, all mapped drives are roots, and search
drives don't exist.)
Some applications require their executable files to be located in a root

directory. However, for security, you should not assign users rights at the root
or volume directory level.
NetWare allows you to map a drive to a fake root. This allows you to place
applications in a subdirectory and assign rights to them there.
Thus, to use an application that must be installed at the root, load the files in
a subdirectory and designate it as a fake root directory in the login script using
MAP ROOT.
For example, you might have an application in a FORM directory that must
reside in the root directory of drive P:, but you don't want to put the application
in the root directory for security reasons. You can map a fake root to the
directory and map a search drive to it at the same time by adding the following
line to the login script:
MAP ROOT S16:=P:= SYS:APPL\FORM
You cannot use the DOS CD (change directory) command at the fake root to
return to the original root. To change the fake root back to the original root,
remap the drive.
Directory Map Objects

A Directory Map object represents a particular directory in a file system.
Directory Map objects can point to directories that contain frequently-used
files such as applications.

103-000180-001
August 30, 2001
Novell Confidential
If you create a Directory Map object to point to an application, users can

access the application by mapping a drive to the Directory Map object.
If the application's location in the directory structure changes, you can update
the object instead of having to change all users' drive mappings.
Optimizing Performance
This section contains the following topics for optimizing file system
performance:
“File Compression” on page 14
“Salvageable Files” on page 15
“File Purging” on page 15
File Compression
One way to conserve disk space is to compress files. Use the following
information as background for using file compression to optimize system
performance:
NetWare maintains the original version of a file during compression.
When compression completes, NetWare replaces the original with the
compressed version of the file, provided no errors occurred. If errors do
occur during compression, NetWare leaves the original version intact.
If you have a CD-ROM volume mounted as a volume, treat it as a read-
only volume. Do not use file compression on it.
Compression is a usually a low priority process thread because of
compression's impact on performance. If you flag an item for immediate
compression during peak system usage, performance may deteriorate.
You do not need to separate application files from data files to be
compressed. You can use the SET command to preclude compression of
frequently used applications. For instructions on how to use SET, see SET
in the Utilities Reference.
Monitor compression activity via the SET command's compress screen
parameter.
Backup applications that use Novell Storage Management ServicesTM
(SMSTM) back up and restore compressed files. Other applications may
decompress them.

103-000180-001
August 30, 2001
Novell Confidential
Salvageable Files
Salvageable files are files saved by NetWare, after being deleted by users, that
can be salvaged (recovered).
Salvageable files are usually stored in the directory they were deleted from. If
a user deletes that directory, the salvageable files are saved in a
DELETED.SAV directory located in the volume's root directory.
The user can view a list of deleted files in a directory and recover files by using
ConsoleOneTM. For more information on salvaging files, see Salvaging and
Purging Deleted Files on NetWare Volumes in the ConsoleOne 1.3 User
Guide. Recovered files contain information about who deleted the files and
when they were deleted.
Deleted files are saved until the user deliberately purges them or until the
NetWare server runs out of disk allocation blocks on the volume.
File Purging
When the NetWare server runs out of blocks, it purges deleted files beginning
with the files that were the first deleted. Purged files cannot be salvaged.
Files and directories can also be purged as they are deleted. You can do this
one of two ways:
Use the SET command at the NetWare server to disable the salvageable
file feature. For instructions on how to use SET, see SET in the Utilities
Reference.You do this by setting the parameter named Immediate Purge
of Deleted Files to ON. This increases performance, but at the cost of
losing the salvageable file feature. The default for this parameter is OFF
(this means that by default, files are salvaged when they are deleted
instead of being purged immediately).
Set the Purge attribute for individual files and directories. When a file is
flagged with the Purge attribute, the file is purged when it is deleted.
When a directory is flagged with the Purge attribute, all files in that
directory are purged when the directory is deleted. Such files and
directories can't be recovered.
Use ConsoleOne to manually purge individual files and directories. For
instructions, see Salvaging and Purging Deleted Files on NetWare
Volumes in the ConsoleOne 1.3 User Guide.

103-000180-001
August 30, 2001
Novell Confidential
Drive mapping
A drive mapping is a pointer to a location in the file system, represented as a
letter assigned to a directory path on a volume.
A path includes the volume, directory, and any subdirectories leading to the
file.
A drive mapping assigns a letter to a path so that the letter can be used instead
of the complete path name.
Drive mappings can be temporary or permanent:
Permanent mappings. To make drive mappings permanent so you can use
them every time you log in, place MAP commands in your login script,
or use the mapping functionality of your client software to make them
permanent, so they will be reconnected every time you log in.
Temporary mappings. To map a drive so you can use it during your
current session, use the NetWare MAP utility from a DOS prompt, or use
the mapping functionality of your client software. If you use MAP from
a DOS prompt, the mapping is only valid until you log out.
For instructions on creating mappings, Creating eDirectory Objects to
Facilitate File Management in the ConsoleOne 1.3 User Guide.
NetWare recognizes these types of drive mappings:
“Local Drive Mappings” on page 16
“Network Drive Mappings” on page 17
“Network Search Drive Mappings” on page 17
“Fake Root” on page 13
“Directory Map Objects” on page 13
Local Drive Mappings

Local drive mappings are paths to local media such as hard disk drives and
floppy disk drives.
To change this default (for example, if you are using the NetWare DOS
Requester, you need all of your drives mapped as DOS drives), use the DOS
LASTDRIVE command in your workstation CONFIG.SYS file.

103-000180-001
August 30, 2001
Novell Confidential
Network Drive Mappings

Network drive mappings point to volumes and directories on the network.
Normally, drives F: through Z: are used for network mappings. Each user can
map drive letters to different directories.
To create a network drive mapping, use the MAP command.
Network Search Drive Mappings

Network search drive mappings point to directories containing files such as
applications or files.
Search drive mappings enable the system to locate a program even if it isn't
located in the directory you're working in.
Search drive mappings are numbered, although they also have drive letters.
For example, search drive 1 (or S1) may also be known as network drive Z:.
You can map up to 16 network search drives (letters K: through Z:, starting
with Z:). You can't map a search drive and a regular network drive to the same
letter.
When you request a file and the system can't find it in your current directory,
the system looks in every directory a search drive is mapped to.
The system searches, following the numerical order of the search drives, until
either the program file is found or can't be located.
NOTE: Search drive mappings aren't supported on OS/2 workstations. The search
functionality is provided with the OS/2 PATH, LIBPATH, and DPATH commands.
How NetWare Protects Network Data

NetWare protects data primarily by
Maintaining duplicate file directories.
Redirecting data from bad blocks to reliable blocks on the NetWare
server's hard disk. See Redirecting Bad Blocks in the NetWare Server
Disks and Storage Devices Administration Guide.
Allowing you to mirror and duplex disks. See Creating a Partition in the
NetWare Server Disks and Storage Devices Administration Guide.

103-000180-001
August 30, 2001
Novell Confidential
Security
Security is one of the most important aspects of file system organization. NDS
rights and the file system's directory and file attributes allow you to determine
who may access what, and whether that access amounts to being able to
merely read a file or modify it.
To use the capabilities described in the NDS area of this documentation, you
might want to organize your approach to designing an appropriately secure
system by doing the following:
1. Clustering directories and files according to who needs access to them. In
other words, use the directory structure to reflect access requirements.
For example, you can structure the hierarchy of directories in such a way
as to take advantage of the inheritance aspect of rights.
Rights can be associated with volumes, directories, and files as a
safeguard against deletion or modification by users. Directory and file
attributes can also be used to control what users can do.
2. Subdividing the user community into groups on the basis of related access
requirements.
Users grouped by role (relative to file access) can be assigned ownership
of directories and files, and users whose roles vary can be assigned rights
on the basis of equivalence.
Users needing a particular kind of access to certain directories and files
can be grouped so that appropriate access belongs to the group (and,
consequently, to each member).

103-000180-001
August 30, 2001
Novell Confidential
2 Planning
This chapter presents a simple example of a network directory structure to

help you plan your file system. Based on the example and the accompanying
information, you can begin to design a directory hierarchy suitable to your
own needs.
NOTE: You use the Novell® Storage ServicesTM (NSS) file system to meet your file
system needs. NSS lets you create and maintain NSS logical volumes along with
traditional NetWare® volumes. For information on Novell Storage Services file
system and its advantages, see the Overview in the Novell Storage Services
Administration User Guide.
Planning Directory Structures

This section gives some basic information and suggestions about organizing
directories and files to facilitate network administration:
“Directories Created during NetWare Installation” on page 19
“Application Directories” on page 20
“Data Directories” on page 22
“Home or Username Directories” on page 23
Directories Created during NetWare Installation

During installation, the following directories pertaining to the file system are
automatically created.
SYS:DELETED.SAV contains files that have been deleted from deleted
directories. Salvageable files are usually stored in the directory they were
deleted from. If a directory is deleted, the salvageable files from the
Planning 19

103-000180-001
August 30, 2001
Novell Confidential
deleted directory are moved to the DELETED.SAV directory. Deleted

files can be salvaged if they have not yet been purged.
SYS:ETC contains sample files to help you configure the server.
SYS:LOGIN contains the programs necessary for users to log in to the
network, such as LOGIN.EXE. An NLS subdirectory contains
subdirectories for login message files for each supported language.
SYS:MAIL might or might not contain subdirectories or files. If you
upgrade your server from a previous version of the NetWare operating
system, existing users might still have directories here for their login
scripts, but their login scripts will become properties of the new User
objects. If you create new users after upgrading, the new users will not
have directories in SYS:MAIL
SYS:SYSTEM contains NetWare operating system files as well as
NetWare utilities and programs for the network administrator.
SYS:SYSTEM also has an NLS subdirectory, containing subdirectories
for each supported language for message files.
SYS:PUBLIC allows general access to the network and contains
NetWare utilities and programs for network users. SYS:PUBLIC has
subdirectories for Windows 95 and Windows NT/2000, as well as a
subdirectory called NLS, containing the message files for utilities.
Application Directories
For ease of management, you should keep application files in a directory apart
from the data files. Since the application programs do not normally change,
you can keep one set of application files on backup media and skip the
application directories when you do network backups.
When creating application directories, you should also consider issues related
to ease of distribution, installation, and operational control for network
applications. For more information on creating application directories, see the
ZENworks for Desktops 3.2 (http://www.novell.com/documentation/lg/zdfs/
index.html).
Although you can access applications from local drives, installing them on the
network provides convenient access. Several structures are possible for
application directories:
Create a separate volume for applications with a separate directory for
each application off the root. Make trustee assignments for each
application. Then go into the system or profile login script and map a
search drive to each application.

103-000180-001
August 30, 2001
Novell Confidential
The following figure shows this type of directory structure:
Figure 2 Application Volume
SYSTEM
SYS PUBLIC
LOGIN
NetWare server MAIL
WORDPROC
APPSVOL
DBAPP
SPRDSHT
Create a separate directory off volume SYS: for each application. Make
trustee assignments for each application. Then go into the system or
profile login script and map a search drive to each application.
The following figure shows this type of directory structure.
Figure 3 Application Directory off Volume SYS:
WORDPROC
SYS
DBAPP
NetWare server SPRDSHT
Create a parent directory for applications with subdirectories for each

application. Make trustee assignments for each application. Then go into
the system or profile login script and map a search drive to each
application.
Figure 4 Parent Directory for Applications
WORDPROC
APPS
DBAPP
SPRDSHT
SYS
NetWare
server
Create a parent directory for applications in SYS:PUBLIC.

Because users generally have Read and File Scan rights in SYS:PUBLIC,
you do not need to make trustee assignments or map a search drive.
Planning 21

103-000180-001
August 30, 2001
Novell Confidential
However, users can see and use all applications. Use this directory
structure only if you want all users to have access to all applications.
Figure 5 Application Directory in SYS:PUBLIC
WORDPROC
APPS
DBAPP
PUBLIC SPRDSHT
SYS
NetWare
server
Installing applications in SYS:PUBLIC is not recommended (unless you

create a subdirectory for each application).
Mixing NetWare utilities with application program files complicates the
file structure when you upgrade a network.
An application file might have the same filename as a NetWare utility file
or another application’s program file. If so, one file overwrites the other
because two files with the same filename cannot coexist in a directory.
NOTE: Some applications write files to the root. For security reasons you do not
want users working at the root level. Therefore, use MAP ROOT to map a drive to
a fake root—a directory or subdirectory in which the user can be assigned rights.
For more information about fake roots, see “Fake Root” on page 13.
Data Directories
These are work directories for groups and users to keep work files in. You can
also create a directory to transfer files between directories on the network.
Although data can be created and stored in a home or user directory, when data
is stored in a user’s directory, no other user (except network administrators or
managers assigned file rights) can access it.
Data directories also allow users to share data, create work directories, and
make trustee assignments for groups or users who need access to these
directories.

103-000180-001
August 30, 2001
Novell Confidential
Home or Username Directories

To provide personal workspace for users, create home or username directories.
You can create a parent directory in volume SYS: called HOME or USERS.
Or, you can create a separate HOME or USERS volume. Then you can create
a subdirectory for each user.
The name of each subdirectory should be the username. Usernames can be up
to 47 characters, but DOS displays only 8 characters in a one-level directory
name. The following figure shows this type of directory structure.
Figure 6 Home or Username Directories
ESAYERS
HOME
SWILLIAM
MRICHARD
SYS
NetWare server
ELLEN
USERS
SAM
MARY
SYS
NetWare server
Planning 23

103-000180-001
August 30, 2001
Novell Confidential

103-000180-001
August 30, 2001
Novell Confidential
3 Setting Up the File System
The procedures in this section of the documentation focus on specific tasks

pertaining to system administration. Procedures involve various utilities and
applications that are provided in the Novell Storage Services Administration
Guide.
The most productive use of file system documentation is to identify the task
you want to complete and find an appropriate procedure. Then use links
associated with the procedure to increase your understanding of other ways in
which applications and utilities can be used.
This chapter focuses primarily on setting up directories, files, drives, and
security. For instructions on creating both NSS and traditional partitions and
volumes, see Setting Up and Configuring Novell Storage Services in the
Novell Storage Services Administration Guide. System administrators are
concerned with all of these aspects of the file system. Users will be concerned
with drive mapping and some of the file and directory procedures.
Storing Non-DOS Files on a Traditional Volume

By default, traditional NetWare volumes support DOS naming conventions.
To store non-DOS files, such as for Macintosh* or UNIX* on a NetWare®
volume, you must load the appropriate name space NetWare Loadable
ModuleTM (NLMTM) program and add the name space support to that volume.
NOTE: Each name space you add to a traditional NetWare volume requires
additional server memory. If you add name space support to a volume and do not
have enough memory, that volume cannot be mounted. If you have insufficient
memory to mount a traditional volume with a long name space, you might want to
convert the volume to an NSS logical volume. Logical volumes accommodate all
name spaces and require less memory to mount than traditional volumes. For
instructions on converting traditional volumes to logical volumes, see Volume
Conversion in the Novell Storage Services Administration Guide.
Setting Up the File System 25

103-000180-001
August 30, 2001
Novell Confidential
The following name space NLM programs are available with NetWare:
MAC.NAM (Macintosh)
LONG.NAM (OS/2, Windows 95/NT/2000)
NFS.NAM (NFS).
An FTAM name space module is available from third-party providers.
Calculating Memory Required for Name Space Support

Use the following formula to calculate the name space memory requirement
for traditional NetWare non-DOS volumes:
0.032 x volume_size (in MB) / block_size (in MB)
Round the size up to the highest number.
For example, adding Macintosh name space to a 100 MB volume with a block
size of 4 MB would require 1 MB of additional memory:
0.032 x 100 MB / 4 = 0.8 MB
Adding a Name Space

Prerequisites
A mounted traditional volume
Sufficient memory
1 Enter the following server console command to load the appropriate name
space:
LOAD [path]name_space
For example, to load the name space module for Macintosh support, enter
the following:
LOAD MAC.NAM
2 Enter the following command to add name space support to the volume:
ADD NAME SPACE name to volume_name
In this example, name is the name space NLM and volume_name is the
name of the volume that will store the non-DOS files.
NOTE: You need to add name spaces only once, not each time you start the
server.

103-000180-001
August 30, 2001
Novell Confidential
3 To verify that the name space loaded, enter the following command:
VOLUMES
This shows a list of all name spaces.
Removing Name Spaces

You can remove the name space by deleting the volume and re-creating it, or
by using VREPAIR. For instructions on using VREPAIR, see Repairing a
Traditional Volume in the Novell Storage Services Administration Guide.
Creating a Directory
You create directories in ConsoleOneTM. To create a directory, you must have
the Create right for the directory which the new directory will be added to.
Creating a root directory requires that you select the volume object instead of
selecting a parent directory.
For some ideas for directory structures, see “Planning Directory Structures”
on page 19.
For instructions on creating directories, see Creating a File or Folder in the
ConsoleOne 1.3 Guide.
Creating a Directory Map Object

A Directory Map object represents a particular directory in a file system.
Directory Map objects can point to directories that contain frequently used
files such as applications.
For instructions on creating a Directory Map Object, see Creating a Directory
Map Object in the Console One 1.3 User Guide. For an example of how you
could use Directory Map objects to reduce maintenance of login scripts, see
“Using Directory Map Objects” on page 41.

103-000180-001
August 30, 2001
Novell Confidential
Mapping Drives
Mapping Drives in Windows 95/98, NT/2000

See Common Networking Tasks in the Novell Client for Windows
documentation.
Mapping Drives in DOS

Use the command to map drives and search drives to network directories. For
a general description of the MAP command, see MAP in Utilities Reference.
Distributing Applications on the Network

You can install various types of network applications, such as word processing
or spreadsheet programs, to make them available to users. When installing
applications, keep the following in mind:
You need the Create right in the directory where you will be installing the
application.
Follow the instructions in the application’s documentation for installing
the application onto a network.
Make sure the application is designed for network (multiuser) use, and
that you observe any licensing restrictions on the number of users who
can access the application.
To allow users to access network-based applications, map search drives
to the directories that contain these applications. To make these search
drives permanent, place them in login scripts, which are executed when
users log in.
If the application requires that it be installed at the root of a volume, but
you would rather install it in a subdirectory for security reasons, you can
map the directory to a fake root. For more information about distributing
applications on the network, see ZENworks for Desktops 3.2 (http://
www.novell.com/documentation/lg/zdfs/index.html).

103-000180-001
August 30, 2001
Novell Confidential
You can create a Directory Map object that points to an application

directory.
Directory Map objects are useful in login scripts. Instead of mapping a
drive to a specific directory path, you map a drive to a Directory Map
object that points to a directory. For information about Directory Map
objects, see “Directory Map Objects” on page 13.
Then, if you change the directory path, you need to change only the
Directory Map object’s definition.
Keeping program files separate from data files can simplify application
management. Because program files seldom change, for example, you
can keep a backup of program files separate from a data file backup so
that network backup procedures need focus only on data directories.
Data directories for shared data files also provide for single-point backup
and management of shared files.
Security: Rights to Files and Directories

File system security includes assigning trustee rights. To set up rights, see the
following:
“Description of Directory and File Rights” on page 30
“Adding a Trustee to a Directory or File” on page 30
“Viewing/Modifying the Inherited Rights Filter for Directories and Files”
on page 30
For information on how to use Windows 95 to set rights, see Common
Networking Tasks in Novell Client for Windows 95 (http://www.novell.com/
documentation/).
For Windows NT, see NetWare File Security in Novell Client for Windows NT
(http://www.novell.com/documentation/).

103-000180-001
August 30, 2001
Novell Confidential
Description of Directory and File Rights

Trustee rights determine the access users have to directories and files. These
rights can be given to NDS object such as User objects, Group objects,
Organizational Role objects, or container objects.
The following table contains a list and description of rights.
Table 1 Trustee Rights
Right Allows you to
Access Control Add and remove trustees and change rights to directories and files.
Create Create subdirectories and files.
Erase Delete directories and files.
File Scan View directory and file names in the file system structure.
Modify Rename directories and files, and change file attributes.
Read Open and read files, and open, read, and execute applications.
Supervisor Grant and exercise all rights listed in this table.
Write Open, write to, and modify a file.
Adding a Trustee to a Directory or File
Prerequisites
The Access Control right to the directory or file you want to add the
trustee to.
You can add, modify, or delete a trustee in a directory or file using
ConsoleOne. For instructions on adding, modifying, and deleting trustees, see
Administering Rights the Console One 1.3 User Guide.
Viewing/Modifying the Inherited Rights Filter for Directories and Files

You can view and modify the Inherited Rights Filter (IRF) for a directory or
file using ConsoleOne. For instructions on viewing or modifying the Inherited
Rights Filter, see Administering Rights the Console One 1.3 User Guide.

103-000180-001
August 30, 2001
Novell Confidential
Setting Directory or File Attributes

To set up attributes and change owners for a directory or file, see the
following:
“Description of Directory and File Attributes” on page 31
“Changing Attributes of a Directory or File” on page 33
“Changing Attributes of a Directory or File” on page 33
For information on how to use Windows 95 to set directory or file attributes,
see Common Networking Tasks in Novell Client for Windows 95 (http://
www.novell.com/documentation/).
Description of Directory and File Attributes

Directory and file attributes assign properties to individual directories or files.
Some attributes are meaningful only when applied at the file level, but some
apply to both the directory and the file levels.
Be careful when assigning directory and file attributes. The attribute applies
to all users.
For example, if you assign the Delete Inhibit attribute to a file, no one,
including the owner of the file or the network administrator, can delete the file.
But any trustee with the Modify right can change the attribute to allow
deletion.
Table 2 Directory and File Attributes
Attribute Description Applies to

code
A Archive Needed identifies files that have been modified since the Files only
last backup. This attribute is assigned automatically.
Ci Copy Inhibit prevents Macintosh users from copying a file. This Files only
attribute overrides Read and File Scan trustee rights.
Dc Do not Compress keeps data from being compressed. This Directories and files
attribute overrides settings for automatic compression of files not
accessed within a specified number of days.
Di Delete Inhibit means that the directory or file cannot be deleted. Directories and files
This attribute overrides the Erase trustee right.

103-000180-001
August 30, 2001
Novell Confidential

code
Dm Do not Migrate prevents directories and files from being migrated Directories and files
from the server's hard disk to another storage medium.
Ds Do not Suballocate prevents data from being suballocated. Files only
H The Hidden attribute hides directories and files so they cannot be Directories and files
listed using the DIR command.
I Index allows large files to be accessed quickly by indexing files Files only
with more than 64 File Allocation Table (FAT) entries. This
attribute is set automatically.
Ic Immediate Compress sets data to be compressed as soon as a Directories and files

file is closed. If applied to a directory, every file in the directory is
compressed as each file is closed.
N Normal indicates the Read/Write attribute is assigned and the Directories and files
Shareable attribute is not. This is the default attribute assignment
for all new files.
P Purge flags a directory or file to be erased from the system as Directories and files
soon as it is deleted. Purged directories and files cannot be
recovered.
Ri Rename Inhibit prevents the directory or file name from being Directories and files
modified.
Ro Read Only prevents a file from being modified. This attribute Files only
automatically sets Delete Inhibit and Rename Inhibit.
Rw Read/Write allows you to write to a file. All files are created with Files only
this attribute.
Sh Shareable allows more than one user to access the file at the Files only
same time. This attribute is usually used with Read Only.
Sy The System attribute hides the directory or file so it cannot be Directories and files
seen by using the DIR command. System is normally used with
operating system files, such as DOS system files.
T Transactional allows a file to be tracked and protected by the Files only

Transaction Tracking System (TTS).

103-000180-001
August 30, 2001
Novell Confidential

code
X The Execute Only attribute prevents the file from being copied, Files only
modified, or backed up. It does allow renaming. The only way to
remove this attribute is to delete the file. Use the attribute for
program files such as .EXE or .COM. Make a copy of a file before
you flag it as Execute Only, so you can replace the file if it
becomes corrupted.
Changing Attributes of a Directory or File

You can change the attributes of a directory or file with ConsoleOne. For
instructions on changing attributes of a directory or file, see Managing Files
and Folders on NetWare Volumes the Console One 1.3 User Guide.
For a list of attributes, see “Description of Directory and File Attributes” on
page 31.

103-000180-001
August 30, 2001
Novell Confidential

103-000180-001
August 30, 2001
Novell Confidential
4 Optimizing File System Performance
This chapter on file system optimization focuses exclusively on tasks for the
network administrator. Procedures in this section pertain primarily to disk
space utilization, and affect performance only as space utilization affects
network performance.
Saving Disk Space with File Compression

“Enabling File Compression” on page 35
“Disabling File Compression” on page 36
“Setting File Compression Attributes” on page 36
“Suspending File Compression” on page 37
Enabling File Compression

You can conserve disk space by compressing files. You choose to compress
files when you create volumes. However, once you enable file compression
for a volume, you cannot turn it off. For more information on file compression,
see “File Compression” on page 14.
IMPORTANT: Do not use file compression on a CD-ROM volume.
You do not need to separate applications from data for file compression. This
is unnecessary because the SET parameter named Days Untouched Before
Compression can eliminate the compression of applications that are used
regularly. This parameter specifies the number of days that must pass without
access to a file before the file can be compressed. The parameter uses the date
the file was last accessed to gauge whether a file should be compressed.
Optimizing File System Performance 35

103-000180-001
August 30, 2001
Novell Confidential
To avoid the overhead of uncompressing files that do not compress well, the
system calculates the compressed size of a file before actually compressing it.
If no disk space will be saved by compression, or if the size difference does
not meet the value specified by the SET parameter named Minimum
Percentage Compression Gain, the file is not compressed. For a general
description of the SET command, see SET in Utilities Reference.
For a file to be uncompressed, there must be enough free space on the volume
to accommodate the uncompressed file size.
For instructions on setting file compression for volumes, directories, and files,
see “Setting File Compression Attributes” on page 36.
For instructions on enabling or file compression, see Creating a Traditional
Volume in the Novell Storage Services Administration Guide.
Disabling File Compression

File compression is enabled and disabled at the volume level.
If you do not enable file compression when you create a volume, you can
subsequently enable it using the SET utility. Once enabled, however, file
compression cannot be disabled on the volume unless you re-create the
volume.
You can temporarily suspend file compression using the SET command’s
Enable File Compression parameter. For a general description of the SET
command, see SET in Utilities Reference.
Setting File Compression Attributes

To set file compression attributes for a volume (including enabling
compression), use SET for instructions on using SET for the file compression
attributes, see “Using SET to Set File Compression Attributes for Volumes”
on page 36.
Using SET to Set File Compression Attributes for Volumes
Use SET to set file compression attributes for an entire volume. File
compression SET parameters do not affect the volumes file compression is
disabled on.
IMPORTANT: Do not use file compression on a CD-ROM volume.

103-000180-001
August 30, 2001
Novell Confidential
To change SET parameters, execute the SET command at the server console
prompt.
The following list identifies SET command parameters that affect file
compression. The settings apply to all files and directories in compression-
enabled volumes on the server. For the function and range of values associated
with each SET parameter, see SET in Utilities Reference.
Compression Daily Check Stop Hour
Compression Daily Check Starting Hour
Minimum Compression Percentage Gain
Enable File Compression
Maximum Concurrent Compressions
Convert Compressed to Uncompressed Option
Decompress Percent Disk Space Free To Allow Commit
Decompress Free Space Warning Interval
Deleted Files Compression Option
Days Untouched Before Compression
Suspending File Compression

Use SET command's Enable File Compression parameter to temporarily
suspend file compression for a volume. For instructions on using SET to
suspend file compression, see SET in Utilities Reference.
You can also use the MONITOR command to change file compression
parameters. For a general description of MONITOR, see MONITOR in the
Utilities Reference.
While file compression is suspended, files that would have been compressed
are queued and compressed when compression is re-enabled.
Saving Disk Space with File Purging

You can conserve disk space by purging files from volumes. For information
and instructions on purging files, see Deleting NSS Pools or Logical Volumes
in the Novell Storage Services Administration Guide.
Optimizing File System Performance 37

103-000180-001
August 30, 2001
Novell Confidential
You can purge files automatically using SET. For a general description of the
SET command, see SET in Utilities Reference.
Saving Disk Space with Block Suballocation

Use block suballocation to enhance use of disk space.
Block suballocation divides any partially used disk block into suballocation
blocks of 512 bytes. These suballocation blocks can be used by files to share
what would otherwise be unavailable space.
You can set block suballocation only when creating a traditional volume. For
instructions on setting block suballocation on traditional volumes, see
Creating a Traditional Volume in the Novell Storage Services Administration
Guide.
Enhancing Disk Response Time With Disk Striping

For a heavily used volume, you can improve disk response time by
distributing volume segments across multiple disks (disk striping). This
configuration option is called Redundant Array of Inexpensive Devices
(RAID). For background information and instructions, see Creating a RAID
Device in the Novell Storage Services Administration Guide.
If one of the disks fails, the entire volume becomes unavailable. Therefore,
you should mirror or duplex drives containing spanned volumes.
If a disk containing a spanned volume fails, the entire volume must be restored
from a backup across all segments before you can use it again.
The most effective way to distribute volume segments is to do so equally
across the disks. Do not simply fill up a disk, add another, add another, etc.

103-000180-001
August 30, 2001
Novell Confidential
5 Managing
The procedures in the Managing section of the file system documentation

pertain to network administrators and users. Procedures for viewing directory
and file information, copying, moving, and other routine functions are of
interest to users as well as system administrators. Procedures pertaining to
volume management and the protection of network data necessarily belong to
network administration.
This chapter includes information about viewing and managing directories
and files. It also refers you to the directory and file management procedures in
ConsoleOneTM. Information about Creating and managing partitions and
volumes is provided in the For more information about NSS, see Introducing
Novell Storage Services in the Novell Storage Services Administration Guide.
Managing Volumes
Novell Storage ServicesTM (NSS) is the primary storage and file system. It
supports large volumes and files. Information about the following sections are
in the Setting Up and Configuring chapter of the Novell Storage Services
Administration Guide:
Creating a Logical Volume
Creating a Traditional Volume
Renaming a Logical Volume
Renaming a Traditional Volume
Increasing the Size of a Traditional Volume
Dismounting a Traditional Volume
Deleting NSS Pools or Logical Volumes
Managing 39

103-000180-001
August 30, 2001
Novell Confidential
Deleting a Traditional Volume

Repairing a Traditional Volume
Volume Conversion
Viewing Directory and File Information

You can see extended information about a directory or file using ConsoleOne.
For instructions on viewing directory and File information, see Viewing or
Modifying Information about a File or Folder in the ConsoleOne 1.3 User
Guide.
You can see file information such as
Owner and trustees
Attributes, effective rights, and the Inherited Rights Filter (IRF)
Name space
File size
Creation, access, archive, and modify dates
You can see directory information such as
Owner and trustees
Creation date and time
Attributes, effective rights, and the IRF
Disk space limitations
Copying or Moving Directories and Files

You can copy and move files and directories, as you do objects from your
desktop application.
The destination can be in another browser containing the same tree or a
different tree.
To copy or move files, you must have File Scan rights to the source directory,
and you must have the Create right to the destination directory.
To move files, you must also have the Erase right to the source directory,
because moving files includes deleting them from the source directory. For

103-000180-001
August 30, 2001
Novell Confidential
instructions on copying directories and files, see Viewing or Modifying

Information about a File or Folder in the ConsoleOne 1.3 User Guide.
Salvaging and Purging Files

Files deleted from the NetWare server remain on the disk until the deleted files
are purged. Deleted files can be salvaged any time before they are purged.
Purging frees the space used to store the deleted files on the server's hard disk.
If a disk runs out of free space, NetWare automatically purges the files that
were deleted first. For instructions on salvaging and purging deleted files, see
Salvaging and Purging Deleted Files on NetWare Volumes in the ConsoleOne
1.3 User Guide.
Protecting Data: Disk Mirroring and Duplexing

NetWare® allows you to protect your data with disk mirroring or duplexing.
Mirroring stores the same data on separate disks on the same controller
channel; duplexing stores the same data on separate disks on separate
controller channels.
Duplexing is the preferred method since two channels rarely fail
simultaneously.
Do not mirror a partition on a disk to another partition on the same disk. Doing
so is not fault tolerant, even though mirroring allows it.
With multiple partitions on a disk, any partition can be mirrored to any other
disk. This provides considerable flexibility in protecting partitions.
For information on mirroring and duplexing partitions, see Creating a
Partition in the Novell Storage Services Administration Guide.
IMPORTANT: Access the ConsoleOne online help for important information about
mirroring partitions.
Using Directory Map Objects

A Directory Map object represents a particular directory in the file system. For
more information about Directory Map Objects, see “Directory Map Objects”
on page 13.
Managing 41

103-000180-001
August 30, 2001
Novell Confidential

Directory Map objects can be especially useful in login scripts by indicating
directories that contain applications or other frequently used files. For
instructions on creating Directory Map Objects, see Creating a Directory Map
Object in the ConsoleOne 1.3 User Guide.
If you have a directory that contains a word processor, you will probably map
a search drive to that directory in any login scripts you create. If you should
later upgrade to the word processor and rename the directory, you would have
to change the mapping in every login script where that search mapping
appears.
By using a Directory Map object, you could avoid having to make changes to
the login scripts.
First, using ConsoleOne, you could create a Directory Map object called
CURRENT_WPR that points to the word processor directory
(SYS:PUBLIC\WPR\80).
Then, with a MAP command in your login scripts, map a search drive to the
Directory Map object, rather than to the specific directory:
MAP INS S2:=.CURRENT_WPR.SALES.NOVELL_US
For a general description of the MAP command, see MAP in the Utilities
Reference.
When users log in, their search drive is mapped to the CURRENT_WPR
Directory Map object, which points to the directory containing WPR8.0.
Later, if you upgrade to WPR9.0 and change the directory's name to
SYS:PUBLIC\WPR\90, you would change only the Directory Map object to
indicate the new path.
You would not have to change the MAP command in the login script because
the MAP command still indicates the correct Directory Map object.

103-000180-001
August 30, 2001
Novell Confidential
6 Troubleshooting
This chapter presents various troubleshooting procedures for resolving

problems with traditional volume including the following:
Resolving File I/O Errors (page 43)
Resolving Volume I/O Errors (page 44)
Resolving Problems When the Server Hangs after Mounting Last Volume
(page 44)
Resolving Problems When No Volumes Mount (page 45)
Resolving Problems When Only Some Volumes Mount (page 45)
Resolving Disk Error Problems When a Volume Is Mounting (page 46)
Resolving Memory Errors When a Volume Is Mounting (page 46)
Resolving Volume Mounting Problems Because of Corrupted Directory
Entry Tables or File Allocation Tables (page 47)
Resolving Volume Mounting Problems Because of Name Space Module
(page 48)
Other Troubleshooting Information (page 49)
Resolving File I/O Errors

To resolve a file I/O error, try one or more of the following:
Make sure that the volume (especially volume SYS:) is mounted.
If the volume is out of disk space, error messages will appear on the
Logger Console screen indicating that the volume is almost out of disk
space. Check this screen for messages.
Troubleshooting 43

103-000180-001
August 30, 2001
Novell Confidential
Check how much space remains on volume SYS:. If it is low, increase the
size by adding free space.
To increase the amount of free space, do one or more of the following:
Delete extraneous files (if you can log in from a workstation).
Enter SET IMMEDIATE PURGE OF DELETED FILES = ON at the
console prompt and then retry the action.
If you have an additional disk, increase the size of the volume by creating
an additional segment of the volume on the disk.
Resolving Volume I/O Errors

To resolve a volume I/O errors on traditional volumes, try one or more of the
following:
Make sure that all devices that contain the volume are online. (Volumes
can span multiple devices.)
Repair the volume using VREPAIR.
Make sure that the volume is visible.
If you have tried all of the above without success, contact a Novell Support
Provider or the disk drive manufacturer.
Resolving Problems When the Server Hangs after

Mounting Last Volume
To diagnose problems when the server stops processing after mounting the last
volume, identify whether the following conditions exist:
The server network board is not initializing when the server is started
because the board is not installed or seated correctly.
The server network board is not configured correctly.
To resolve problems when the server stops processing after mounting the last
volume, perform the following actions or ensure that the following conditions
exist:
Check the network board configurations of the boards in the server and
the settings shown on the server and make sure that the settings match.

103-000180-001
August 30, 2001
Novell Confidential
Make sure that all server and workstation network boards are seated
properly and that cabling and connections are attached securely.
Make sure that the terminators on cables have the right ohm rating and are
installed correctly. The IBM* PC Cluster sends a broadcast message
during initialization and then stops processing if the network is not cabled
or terminated properly.
Check the network boards in all workstations for correct node address
settings.
Resolving Problems When No Volumes Mount

Volume SYS: contains the NetWare system files and the NLM programs.
If volume SYS: does not mount when the server is booted, then the
AUTOEXEC.NCF file does not execute, LAN drivers do not load, and the
volume does not become part of the eDirectory tree.
To diagnose problems when no volumes mount, identify whether the
following conditions exist:
Volume SYS: is corrupted.
The hard disk containing volume SYS: has failed.
The cable or power to the external hard disks has malfunctioned.
To resolve problems when no volumes mount, do the following:
Repair the volume using the utilities that are appropriate for the volume
type.
Check the cabling and power to the external hard disks. Replace any
faulty components.
Replace the hard disk containing volume SYS:.
Create the partitions and volume SYS:.
Restore the data from a backup copy.
Resolving Problems When Only Some Volumes Mount

To diagnose problems when only some volumes mount, identify whether the
following conditions exist:
Troubleshooting 45

103-000180-001
August 30, 2001
Novell Confidential
The server does not have enough RAM

The disk driver for external drives are not be loaded
To resolve problems when only some volumes mount, do the following:
Add more RAM.
Verify which drivers are loaded.
Resolving Disk Error Problems When a Volume Is

Mounting
To diagnose problems when disk errors occur while a traditional volume is
mounting, identify whether the following conditions exist:
The server does not have enough memory to mount the volume.
The operating system is experiencing directory sector mismatching. This
mismatching can be caused if the media is defective or if the server is
turned off without the DOWN command.
To resolve disk error problems that occur while a volume is mounting, do the
following:
Check the status of the available cache buffers. If the available cache
buffers are fewer than 20%, add more memory to your server.
Minor errors usually correct themselves through normal network use. For
example, if a file allocation table (FAT) entry is wrong, the entry is
updated and corrected the next time the table is written to. If errors do not
correct themselves, repair the volume using VREPAIR.
Resolving Memory Errors When a Volume Is Mounting

To diagnose memory error problems when a traditional volume mounts,
identify whether the following conditions exist:
Volumes take more memory to mount than they require after being
mounted because the mounting process performs consistency checks (for
example, the duplicate copies of all the tables are checked).
Volumes and directory entries grow dynamically. Therefore, if your
server is using most of the RAM (file cache buffers are close to 20% of
the memory) and you dismount a volume, you might not be able to
remount the volume unless additional memory is available.

103-000180-001
August 30, 2001
Novell Confidential
Each additional name space support that you add to a volume increases
the size of the file allocation tables and directory entry tables. Adding
name space support can cause the tables to grow so large that the server
does not have enough RAM to mount the volume.
To resolve memory errors when a volume mounts, perform the following
actions or ensure that the following conditions exist:
Check the status of the available cache buffers. If the cache buffers are
fewer than 20%, add more RAM to your server.
Free up memory by unloading resources.
On volumes using the traditional file system streamline the directory
structure. Each subdirectory takes at least one directory block (by default,
a 4 KB block of memory). Therefore, subdirectories with only one file
require as much memory as directories with 32 files. Check the 4 KB size.
If you combine directories so that most directories have about 32 files and
you then purge the deleted subdirectories and files, you will free up
memory.
Calculate how much memory you need and add memory to the server.
Remove the recently added name space support.
WARNING: This is a destructive step that destroys all the extended file
information. Before taking this step, try to free up enough memory so that the
volume mounts and you can back up the data.
Have all users log out and then unload all NLM programs except the
volume’s disk drivers. Dismount any mounted volumes.
To remove the name space on a traditional volume, load VREPAIR and
select Set VRepair Options. Then select the Remove Name Space
Support from the Volume and Write All Directory and FAT Entries Out to
Disk options. Then exit to the main menu. Run VREPAIR > Repair a
Volume on the volume that would not mount.
Resolving Volume Mounting Problems Because of

Corrupted Directory Entry Tables or File Allocation
Tables
To diagnose problems when mismatches exist in the duplicate copies of the
file allocation table (FAT) and directory entry table (DET) on traditional
volumes, identify whether the following conditions exist:
Troubleshooting 47

103-000180-001
August 30, 2001
Novell Confidential
A power failure has occurred and the server has not been shut down with
the DOWN command.
A hard disk has failed.
A disk channel error has occurred.
A volume does not dismount when you enter the DISMOUNT command.
Directory information in cache is not completely written to disk.
To resolve problems when mismatches exist in the duplicate copies of the FAT
and DET, do the following:
Run VREPAIR.
Add a UPS system so that the server is shut down automatically when a
power failure occurs.
Replace faulty disks or controllers.
Resolving Volume Mounting Problems Because of

Name Space Module
After a volume has been configured to support more than the DOS naming
convention, the name space NLM program must be loaded before the volume
can be mounted.
To diagnose problems when a traditional volume cannot mount because the
name space NLM program is not loaded, identify whether the following
conditions exist:
The command to load the name space NLM is not in the STARTUP.NCF
file.
The NLM to load the name space has not been copied to the boot
directory of the server.
To resolve problems when a traditional volume cannot mount because the
name space NLM program is not loaded, do the following:
Load the name space NLM program and then mount the volume. Copy
the name space NLM to the server boot directory and add the LOAD
command to the STARTUP.NCF file. The NLM then loads automatically
whenever the server is booted.
Delete the name space configuration from the volume.

103-000180-001
August 30, 2001
Novell Confidential
WARNING: This is a destructive step that destroys all of the extended file
information.
Back up all non-DOS files.

Load VREPAIR and select Set VRepair Options. Then select the Remove
Name Space Support from the Volume and Write All Directory and FAT
Entries to Disk options. Then exit to the main menu. Run VREPAIR >
Repair a Volume on the volume that would not mount.
Other Troubleshooting Information

For other troubleshooting information on the traditional file system and server
operating system, see Troubleshooting the NetWare Server in the Server
Operating System Administrator Guide.
Troubleshooting 49

103-000180-001
August 30, 2001
Novell Confidential

103-000180-001
August 30, 2001
Novell Confidential
NetWare Server Disks and Storage Devices Administration Guide
Novell
NetWare 6 ®
www.novell.com
N E T WA R E S E RV E R D I S K S A N D S TO R A G E D E V I C E S
August 30, 2001

Novell Confidential
Contents
Server Disks and Storage Devices 7

Partitioning Disks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Logical Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Device and Partition Numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Object Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Device Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Drivers for Host Adapters and Storage Devices . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Mirroring and Duplexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Redirecting Bad Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Optimizing Storage Disk Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Improving Disk Reads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Changing Concurrent Disk and Directory Writes for Faster Reads. . . . . . . . . . . . . . . 24
Changing the Turbo File Allocation Table (FAT) Wait Time for Faster Reads . . . . . . . . . 25
Improving Disk Writes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Increasing the Number of Concurrent Writes. . . . . . . . . . . . . . . . . . . . . . . . . . 26
Changing Disk and Directory Caching for Faster Writes . . . . . . . . . . . . . . . . . . . . 27
Turning Off Read-After-Write Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
View a List of Adapters and Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Checking Available Disk Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Checking for Disk Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Adding and Replacing Hard Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Adding a Hard Disk to the NetWare Server . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Replacing a Hard Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Loading Disk Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Replacing Disk Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Creating NetWare Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Deleting NetWare Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Activating and Deactivating a Hard Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Mirroring and Duplexing Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Mirroring Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Unmirroring Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Recovering Data from an Out of Sync Disk . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Managing Removable Media Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Mounting a Removable Media Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Dismounting a Removable Media Device . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Locking and Unlocking a Removable Media Device . . . . . . . . . . . . . . . . . . . . . . 39
Contents 5

103-000179-001
August 30, 2001
Novell Confidential
Novell Cluster Services Overview and Installation
Novell
Cluster Services
www.novell.com
1.6
O V E RV I E W A N D I N S TA L L AT I O N
August 29, 2001

Novell Confidential
Manual Rev 99a 28 9 June 00
Contents
Introduction to Novell Cluster Services 7

1 Overview 9
Product Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Product Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Cluster Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Cluster Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2 Installation and Setup 15

Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Shared Disk System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Rules for Operating a Novell Cluster Services SAN . . . . . . . . . . . . . . . . . . . . . . . . 16
Installing or Upgrading Novell Cluster Services . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Novell Cluster Services Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Prepare Cluster Servers for an Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Run the Installation Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Setting Up Novell Cluster Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Create Shared Disk Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Create NSS Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Create Cluster Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Cluster Enable Pools and Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Create Cluster Resource Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Create Cluster Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Configure Load Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Configure Unload Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Set Start, Failover, and Failback Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Assign Nodes to a Resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Edit Quorum Membership and Timeout Properties. . . . . . . . . . . . . . . . . . . . . . . 35
Cluster Protocol Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Cluster IP Address and Port Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Resource Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Cluster E-Mail Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Cluster Node Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Contents 5

103-000154-001
August 29, 2001
Novell Confidential
Manual Rev 99a 28 9 June 00
Migrating Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Identifying Cluster and Resource States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Additional Cluster Operating Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Installing NetWare on a Server That Will Be Added to an Existing Cluster . . . . . . . . . . 45
Readding a Node to a Cluster That Was Prevously in the Cluster . . . . . . . . . . . . . . 46
Cluster-enabled Volume Connection Required for Some Utilities . . . . . . . . . . . . . . . 46
Some Applications Do Not Fail Over . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Novell Cluster Services Console Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
6 Novell Cluster Services Overview and Installation

103-000154-001
August 29, 2001
Novell Confidential
Introduction to Novell Cluster Services
Novell® Cluster ServicesTM is a server clustering system that ensures high

(volumes), applications, server licenses, and services. It is a multinode,
eDirectoryTM enabled clustering product for NetWare® 6 that supports
failover, failback, and migration (load balancing) of individually managed
cluster resources.
Introduction to Novell Cluster Services 7

103-000154-001
August 29, 2001
Novell Confidential

103-000154-001
August 29, 2001
Novell Confidential
1 Overview
Novell® Cluster ServicesTM is a server clustering system that ensures high

(volumes), applications, server licenses, and services. It is a multinode
clustering product for NetWare® that is enabled for eDirectoryTM and supports
failover, failback, and migration (load balancing) of individually managed
cluster resources.
Licenses for two cluster nodes is included with NetWare 6. Licenses for
additional cluster nodes may be purchased separately.
Product Features
Novell Cluster Services includes several important features to help you ensure
and manage the availability of your network resources. These include:
Support for shared SCSI or fiber channel storage area networks.
Multinode all-active cluster (up to 32 nodes). Any NetWare server in the
cluster can restart resources (applications, services, IP addresses, and
volumes) from a failed server in the cluster.
Single point of administration through a browser-based NetWare Remote
ManagerTM or a Java-based ConsoleOneTM cluster configuration and
monitoring GUI. The browser-based NetWare Remote Manager lets you
remotely manage your cluster.
The ability to tailor a cluster to the specific applications and hardware
infrastructure that fit your organization.
Dynamic assignment and reassignment of server storage on an as-needed
basis.
The ability to automatically notify administrators through e-mail of
cluster events and cluster state changes.
Overview 9

103-000154-001
August 29, 2001
Novell Confidential
Product Benefits
Novell Cluster Services allows you to configure up to 32 NetWare servers into
a high-availability cluster, where resources can be dynamically switched or
moved to any server in the cluster. Resources can be configured to
automatically switch or be moved in the event of a server failure, or can be
moved manually to troubleshoot hardware or balance the workload.
Novell Cluster Services provides high availability from commodity
components. Lower costs are obtained through the consolidation of
applications and operations onto a cluster. The ability to manage a cluster from
a single point of control and to adjust resources to meet changing workload
requirements (thus, manually “load balance” the cluster) are also important
benefits of Novell Cluster Services.
An equally important benefit of implementing Novell Cluster Services is that
you can reduce unplanned service outages and reduce planned outages for
software and hardware maintenance and upgrades.
Reasons you would want to implement Novell Cluster Services include:
Increased availability
Improved performance
Low cost of operation
Scalability
Disaster recovery
Data protection
Shared resources
Shared disk fault tolerance can be obtained by implementing RAID Level 5
on the shared disk subsystem.
An example of the benefits Novell Cluster Services provides can be better
understood through the following scenario.
Suppose you have configured a three-server cluster, with a Web server
installed on each of the three servers in the cluster. Each of the servers in the
cluster hosts two Web sites. All the data, graphics, and e-mail messages for
each Web site is stored on a shared disk subsystem connected to each of the
servers in the cluster. The following figure depicts how this setup might look.

103-000154-001
August 29, 2001
Novell Confidential
Figure 1 Three-Server Cluster
Web Server 1 Web Server 2 Web Server 3
Web Site A Web Site C Web Site E

Web Site B Web Site D Web Site F
Fiber Channel Switch
Shared Disk
System
During normal cluster operation, each server is in constant communication

with the other servers in the cluster and performs periodic polling of all
registered resources to detect failure.
Suppose Web Server 1 experiences hardware or software problems and the
users depending on Web Server 1 for Internet access, e-mail, and information
lose their connections. The following figure shows how resources are moved
when Web Server 1 fails.
Figure 2 Three-Server Cluster after One Server Fails
Web Server 1
Web Server 2 Web Server 3
Web Site A Web Site B
Web Site C Web Site E
Web Site D Web Site F
Shared Disk
System
Overview 11

103-000154-001
August 29, 2001
Novell Confidential
Web Site A moves to Web Server 2 and Web Site B moves to Web Server 3.
IP addresses and applicable licenses also move to Web Server 2 and Web
Server 3.
When you configured the cluster, you decided where the Web sites hosted on
each Web server would go should a failure occur. In the previous example, you
configured Web Site A to move to Web Server 2 and Web Site B to move to
Web Server 3. This way, the workload once handled by Web Server 1 is evenly
distributed.
When Web Server 1 failed, Novell Cluster Services software
Detected a failure.
Remounted the shared data volumes (that were formerly mounted on Web
server 1) on Web Server 2 and Web Server 3 as specified.
Restarted applications (that were running on Web Server 1) on Web
Server 2 and Web Server 3 as specified.
Transferred IP addresses to Web Server 2 and Web Server 3 as specified.
In this example, the failover process happened quickly and users regained
access to the Internet, Web site information, and e-mail within seconds, and in
most cases, without having to log in again.
Now suppose the problems with Web Server 1 are resolved, and Web Server
1 is returned to a normal operating state. Web Site A and Web Site B will
automatically failback, or be moved back to Web Server 1, and Web Server
operation will return back to the way it was before Web Server 1 failed.
Novell Cluster Services also provides resource migration capabilities. You can
move applications, Web sites, etc. to other servers in your cluster without
waiting for a server to fail.
For example, you could have manually moved Web Site A or Web Site B from
Web Server 1 to either of the other servers in the cluster. You might want to do
this to upgrade or perform scheduled maintenance on Web Server 1, or just to
increase performance or accessibility of the Web sites.

103-000154-001
August 29, 2001
Novell Confidential
Cluster Configuration
Typical cluster configurations normally include a shared disk subsystem
connected to all servers in the cluster. The shared disk subsystem can be
connected via high-speed fiber channel cards, cables, and switches, or be
configured to use shared SCSI. If a server fails, another designated server in
the cluster automatically mounts the shared disk volumes previously mounted
on the failed server. This gives network users continuous access to the
volumes on the shared disk subsystem.
Typical resources might include data (volumes), applications, server licenses,
and services. The following figure shows how a typical fiber channel cluster
configuration might look.
Figure 3 Typical Fiber Channel Cluster Configuration
Network Hub
Network Server 1 Server 2 Server 3 Server 4 Server 5 Server 6

Fiber
Interface Channel
Card(s) Card(s)
Sys Sys Sys Sys Sys Sys
Shared Disk
System
Although fiber channel is the recommended configuration, you can configure

your cluster to use shared SCSI. The following figure shows how a typical
shared SCSI cluster configuration might look.
Overview 13

103-000154-001
August 29, 2001
Novell Confidential
Figure 4 Typical Shared SCSI Cluster Configuration
Network Hub
Network Server 1 Network Server 2

SCSI SCSI
Interface Adapter Interface Adapter
Card Card
Sys Sys
Shared Disk
System
Cluster Components
The following components make up a Novell Cluster Services cluster:
From 2 to 32 NetWare servers configured to use IP, each containing at
least one local disk device (used for a local SYS: volume).
Novell Cluster Services software running on each NetWare server in the
cluster.
A shared disk subsystem connected to all servers in the cluster (optional,
but recommended for most configurations).
High-speed fiber channel cards, cables, and switch or SCSI cards and
cables used to connect the servers to the shared disk subsystem.

103-000154-001
August 29, 2001
Novell Confidential
2 Installation and Setup
Hardware Requirements
The following list specifies hardware requirements for installing Novell®
Cluster ServicesTM. These requirements represent the minimum hardware
configuration. Additional hardware might be necessary depending on how
you intend to use Novell Cluster Services.
A minimum of two NetWare® servers
At least 256 MB of memory on all servers in the cluster (512 MB
recommended for failing multiple applications to the same server)
At least one local disk device (not shared) for volume SYS: on each server
Software Requirements
You must have NetWare 6 running on each cluster server. Ensure the
following requirements are met:
All servers in the cluster configured with the IP protocol and on the same
IP subnet
An additional IP address for the cluster and each cluster resource and
cluster-enabled volume
All servers in the cluster in the same eDirectoryTM tree
Installation and Setup 15

103-000154-001
August 29, 2001
Novell Confidential
Shared Disk System Requirements

A shared disk system (Storage Area Network or SAN) is required for each
cluster if you want data to be highly available. If a shared disk subsystem is
used, ensure the following:
At least 15 MB of free disk space on the shared disk system for creating
a special cluster partition
The Novell Cluster Services installation automatically allocates one
cylinder on one drive of the shared disk system for the special cluster
partition. Depending on the location of the cylinder, the actual amount of
space used by the cluster partition may be less than 15 MB.
The shared disk system is properly set up and functional according to the
manufacturer’s instructions
Prior to installation, verify that all the drives in your shared disk system
are recognized by NetWare by running the LIST DEVICES command on
each server you intend to add to your cluster. If any of the drives in the
shared disk system do not show up in the list, consult your NetWare
documentation or the shared disk system documentation for
troubleshooting information.
The disks contained in the shared disk system are configured in a
mirroring or RAID 5 configuration to add fault tolerance to the shared
disk system
WARNING: If the disks in the shared disk system are not configured to use
mirroring or RAID 5, a single disk error can cause a volume failure. Novell Cluster
Services software will not protect against such faults.
Rules for Operating a Novell Cluster Services SAN

When you create a Novell Cluster Services system that utilizes shared storage
space (a Storage Area Network or SAN), it is important to remember that all
servers attached to the shared device, whether in the cluster or not, have access
to all of the volumes on the shared storage space unless you specifically
prevent such access. Novell Cluster Services arbitrates access to shared
volumes for all cluster nodes, but cannot protect shared volumes from being
corrupted by noncluster servers.

103-000154-001
August 29, 2001
Novell Confidential
When working with shared storage, do not attach a noncluster server to the
same shared storage device as a cluster unless you have isolated the storage so
that the noncluster server has access only to its own volumes. Failure to do so
will result in data corruption or volume loss.
Installing or Upgrading Novell Cluster Services

It is necessary to run the Novell Cluster Services installation program when
you
Create a new cluster
Add new nodes to an existing cluster
Upgrade Novell Cluster Services software in an existing cluster
If you are running the Novell Cluster Services installation program to create a
new cluster, the program automatically
Creates a new Cluster object in eDirectory
Installs Novell Cluster Services software on the servers you specify to be
part of your cluster
After running the Novell Cluster Services installation the first time to create a
new cluster, you will need to run the Novell Cluster Services installation again
each time you want to add new servers to your cluster or upgrade Novell
Cluster Services software on an existing cluster.
Novell Cluster Services Licensing

Novell Cluster Services requires a Cluster Server License for each server that
is part of the cluster. The Cluster Server License allows a server to join a
cluster. Cluster Server License objects are created in the same eDirectory
context as the Cluster object.
Cluster Server Licenses for a two-node cluster are already provided with
NetWare 6 and are automatically added during the Novell Cluster Services
installation. You only need additional Cluster Server Licenses if you have a
three-node or larger cluster. Additional Cluster Server Licenses can be
obtained from Novell or from your Novell Authorized ResellerSM.

103-000154-001
August 29, 2001
Novell Confidential
Prepare Cluster Servers for an Upgrade

If you are upgrading Novell Cluster Services from a previous version and your
cluster has shared storage, you must prepare your cluster servers before
upgrading them to NetWare 6 and before upgrading Novell Cluster Services.
This preparation is necessary to ensure existing shared-volume trustee
assignments can be used after the upgrade.
To prepare cluster servers for an upgrade, from a NetWare client run
NWDEPLOY.EXE from the root of the NetWare 6 Operating System CD to
launch the NetWare Deployment Manager, and then complete the following
steps:
1 In the NetWare Deployment Manager, open the Network Preparation
Folder and click Prepare a Novell Cluster for Upgrade.
Continue through the screens until you get to the screen that prompts you
to select an existing cluster to prepare for upgrade.
2 Specify the cluster name, eDirectory tree, and context for the cluster you
are preparing for upgrade.
3 Choose whether you want the servers you are going to upgrade to go
down after completing the preparation for upgrading cluster servers. Then
click Next to run the program for preparing cluster servers for upgrade.
Bringing down all cluster servers before an upgrade ensures NSS
volumes on shared storage (your SAN) are deactivated prior to upgrading
to NetWare 6.
If you choose to not bring down all cluster servers after completing the
preparation for upgrading cluster servers, you must do it manually before
upgrading cluster servers to NetWare 6.
Once you have completed the process for preparing cluster servers for upgrade
and upgrading those servers to NetWare 6, continue with the instructions in
“Run the Installation Program” on page 19.

103-000154-001
August 29, 2001
Novell Confidential
Run the Installation Program

To install Novell Cluster Services, insert the NetWare 6 Operating System CD
in a NetWare client workstation and allow the NetWare Deployment Manager
to automatically launch. You can also run NWDEPLOY.EXE from the root of
the CD to launch the NetWare Deployment Manager. After starting the
NetWare Deployment Manager, complete the following steps:
1 In the NetWare Deployment Manager, open the Post-Installation Tasks
folder and click Install or Upgrade a Novell Cluster.
Continue through the installation screens until you get to the screen that
prompts you to create a new cluster, add new nodes to an existing cluster,
or upgrade software in an existing cluster.
2 Click Create a New Cluster, Add New Nodes to Existing Cluster, or
Upgrade Software in Existing Cluster, and then click Next.
The Skip File Copy check box is checked by default and prevents Novell
Cluster Services files from being copied during the installation. The
NetWare 6 installation program automatically copies all Novell Cluster
Services files to every NetWare 6 server. If you want to refresh Novell
Cluster Services files on cluster servers you should uncheck the Skip File
Copy check box. Even though Novell Cluster Services files already exist
on each NetWare 6 server, you still need to run the Novell Cluster
Services installation program to configure and set up cluster nodes.
Leaving the Skip File Copy check box unchecked will cause existing
Novell Cluster Services files to be copied over, but will not otherwise
affect the installation.
(If creating) Enter the name for the new Cluster object you are
creating and specify the Directory tree and context where you want
it created. Then click Next and continue with Step 4 on page 20.
NOTE: Do not use periods in cluster names. NetWare and NetWare clients
interpret a period as a delimiter.
(If adding new nodes) Specify the eDirectory tree, context, and name
of the cluster you will add servers to. If you don’t know a cluster
name or its context, browse and select one. Then click Next and
continue with Step 4 on page 20.
(If upgrading software) Specify the Directory tree, context, and name
of the cluster where software will be upgraded. Then click Next and
go to Step 7 on page 20.

103-000154-001
August 29, 2001
Novell Confidential
4 Enter the name of the server you want to add to the cluster, or browse and
select one from the list, and then click Add to Cluster. Repeat this step for
every server you want to add to the cluster. Then click Next.
You can also remove servers you just added to the cluster by selecting
them from the NetWare Servers in Cluster list and clicking Remove.
When you add a server to a cluster, Novell Cluster Services automatically
detects the server’s IP address. If the server you are adding has more than
one IP address, you will be prompted to select the IP address you want
Novell Cluster Services to use.
5 Enter a uniqe IP address for the cluster.
The cluster IP address is separate from the server IP address and is
required for certain external network management programs to get cluster
status alerts. The cluster IP address provides a single point of cluster
access for NetWare Remote Manager. A Master IP Address resource is
created automatically during the Cluster Services installation that makes
this possible.
The cluster IP address will be bound to the master node and will remain
with the master node regardless of which server is the master node.
6 (Conditional) If you are creating a new cluster, specify whether your
cluster has a shared disk system and, if so, select the drive where you want
the small cluster partition created. Then click Next.
Novell Cluster Services requires a small cluster partition on the shared
disk system. You are also given the option of mirroring the partition for
greater fault tolerance.
IMPORTANT: You must have at least 10 MB of free space that is not part of an
NSS partition on one of the shared disk drives to create the cluster partition. If no
free space is available, the shared disk drives can’t be used by Novell Cluster
Services.
If you previously installed Novell Cluster Services and created a cluster

with the same name, the installation program will detect that a cluster
partition has already been created and this screen will not appear.
7 Choose whether or not you want the servers you are upgrading or adding
to your cluster to start Novell Cluster Services software after the
installation. Then click Next.

103-000154-001
August 29, 2001
Novell Confidential
If you choose to not start Novell Cluster Services software on each server
that you upgrade or add to your cluster, you will need to manually start it
after the installation or you will need to reboot cluster servers to
automatically start it.
You can manually start Novell Cluster Services by running LDNCS at the
server console on each cluster server.
If you are installing or upgrading a two-node cluster or not adding
additional nodes to a two-node cluster, continue with Step 9 on page 21.
8 (Conditional) Specify the location of the Cluster Server License files or
browse and select a path, then click Add.
Since licenses for a two-node cluster are included with NetWare 6, this
screen only appears if you are installing or upgrading a three-node or
larger cluster.
If you are installing a three-node or larger cluster, you can obtain
additional Cluster Server Licenses from Novell or from your Novell
Authorized Reseller.
You are given the option of installing without licenses. If you choose to
install without licenses and you have a cluster with more than two nodes,
you will need to manually install the licenses at a later date using
iManage. Novell Cluster Services will not function without the proper
licenses in place.
9 Continue through the final installation screen.
If you are creating a new cluster, the installation program will create
a new Cluster object in eDirectory and install Novell Cluster
Services software on the servers you specified to be part of your
cluster.
If you are adding new nodes to an existing cluster, the installation
program will install Novell Cluster Services software on the servers
you are adding to your cluster.
If you are upgrading Novell Cluster Services software on an existing
cluster, the installation program will upgrade cluster software on all
servers in the cluster.

103-000154-001
August 29, 2001
Novell Confidential
Setting Up Novell Cluster Services

If you created a new cluster, you now need to create and configure cluster
resources. You might also need to create shared disk partitions if they do not
already exist and, if necessary, configure all shared disk system pools and
volumes to work with Novell Cluster Services. You might also need to cluster
enable the shared disk system pools and volumes.
While ConsoleOne is the recommended tool for creating shared disk
partitions, NSS pools, and volumes, NetWare Remote Manager can also be
used. NetWare Remote Manager currently does not provide all the features for
managing network storage that are available in ConsoleOne.
Create Shared Disk Partitions

Before creating disk partitions on shared storage (storage area network or
SAN), Novell Cluster Services must be installed. You should carefully plan
how you want to configure your shared storage prior to installing Novell
Cluster Services.
Using ConsoleOne
1 Start ConsoleOne and authenticate to the eDirectory tree where the
Cluster object resides.
ConsoleOne runs faster on a client than a server. From a NetWare client,
go to the SYS:PUBLIC\MGMT\CONSOLEONE\1.2\BIN directory on a
server in the cluster and run CONSOLEONE.EXE.
We recommend running ConsoleOne from the server that is your primary
NetWare connection.
2 In the left pane, right-click the Cluster object or the Server object of a
server in the cluster and then click Properties.
3 On the Media tab, click Devices and then select the Device where you
want to create the shared partition. Ensure the Sharable for Clustering
check box is checked for the device.
If a device is marked as sharable, all partitions on that device will
automatically be sharable.
Device names are not changeable and might be labeled something like
0x2 or 0x1.

103-000154-001
August 29, 2001
Novell Confidential
If Cluster Services was previously installed and shared disk partitions

were already created, the Partitions List field will include this
information.
4 On the Media tab, click Partitions >New, and then select the device where
you want to create the partition (the same device you selected in the
previous step).
5 Specify the size of the partition and click OK to create it.
Continue with “Create NSS Pools” on page 24.
On this screen you should also ensure NSS is selected as the partition type
(this is the default) and ensure the Hot FixTM and Mirror check boxes are
checked and that Create New Mirror Group is selected.
In NetWare Remote Manager, the same process for creating a shared disk
partition is also used to create an NSS pool and volume. NetWare Remote
Manager currently does not allow you to create multiple volumes on a pool. If
you want to create multiple volumes on a pool, use ConsoleOne.
Using NetWare Remote Manager

1 In NetWare Remote Manager, in the left column under the Manage Server
section, select Volumes.
This is same screen that appears when you start NetWare Remote
Manager.
2 Under Partition Management, click Disk Partitions.
A screen appears that displays a list of devices that are currently
accessible to servers in the cluster. For each device, the list displays the
partitions, NSS pools, volumes, and free space on that device.
3 Find the device that corresponds to your shared storage system and click
Create on the free space where you want to create the partition.
4 Under Novell Storage Services, click Create a New Pool and Volume.
5 Specify the pool size and name, the volume name, and volume attributes.
Since only one pool exists in each partition, the pool size you specify will
be the size of the partition that gets created. The volume that is created
will be allowed to grow to the pool size.
The Prepare Volume for Use by Novell Clustering Services check box is
currently not functional and does not need to be checked.
6 Click CREATE to create the partition, NSS pool, and volume.

103-000154-001
August 29, 2001
Novell Confidential
Create NSS Pools

The new Storage Pools feature in NSS gives you more flexibility in planning
and configuring your storage to work with Novell Cluster Services. More than
one cluster-enabled volume can now be part of a single cluster resource, and
volumes can dynamically grow as needed to take advantage of free disk space.
Only one NSS pool can be created on a partition. Storage pools must be
created prior to creating and cluster-enabling volumes. To learn more about
NSS pools, see “Creating a Storage Pool” in the Novell Storage Services
Using ConsoleOne
1 In ConsoleOne, on the property page of the Server object, click the Media
Tab and select NSS pools.
2 Click New, specify the name and type of pool you want to create, and then
click Next.
ZLSS is the default pool (LSS) type and should be the type used with
Novell Cluster Services.
3 Select the partition you just created and then click Next > Finish to create
the pool.
The Activate on Creation check box is checked by default. This will cause
the pool to be activated as soon as it is created. If you uncheck the check
box, you will have to manually activate the pool later before it can be
used.
Depending on your network configuration and the size of you eDirectory
tree, it could take a while for the pool information to be updated in
eDirectory. You can ensure the pool information is updated immediately
in eDirectory by selecting the pool from the pools list under the Media tab
and then clicking Update NDS.
Repeat the above steps for each additional pool you want to create on
shared storage.
Continue with “Create Cluster Volumes” on page 25.
The same procedure for creating shared disk partitions using NetWare Remote
Manager is used to create NSS pools. To create an NSS pool on shared storage
using NetWare Remote Manager go to Step 1 on page 23.

103-000154-001
August 29, 2001
Novell Confidential
Create Cluster Volumes

If you plan on using a shared disk system in your cluster and need to create
new NetWare pools or volumes after installing Novell Cluster Services, the
server used to create the volumes should already have NSS installed and
running. NSS is the default file system for NetWare 6.
Using ConsoleOne
1 In ConsoleOne, on the property page of the Server object, click the Media
tab and select NSS Logical Volumes.
2 Click New, enter the name of the volume you want to create, and then
click Next.
Each shared volume in the cluster must have a unique name.
3 Select the pool where you want the volume to reside and either enter a
quota for the volume or check the check box to allow the volume to grow
to the pool size. Then click Next.
The quota is the maximum possible size of the volume. If you have more
than one volume per pool, you should enter a quota for each volume
rather than allowing multiple volumes to grow to the pool size.
4 Review and change volume attributes as necessary, and then click Finish
to create the volume.
You might want to check the Flush Files Immediately check box. This
will help ensure the integrity of volume data. Checking the Flush Files
Immediately check box will improve file system reliability but will
hamper performance. You should consider this option only if necessary.
Depending on your network configuration and the size of you eDirectory
tree, it could take a while for the voume information to be updated in
eDirectory. You can ensure the volume information is updated
immediately in eDirectory by selecting the volume from the volumes list
under the Media tab and then clicking the Update NDS button
5 Repeat the above steps for each cluster volume you want to create.
Depending on your configuration, the new volumes will either mount
automatically when resources that require them start or will have to be
mounted manually on individual servers after they are up.
IMPORTANT: If you have a volume that is not being managed by Novell Cluster
Services, the volume will need to be mounted before you can access it. The
MOUNT ALL command in AUTOEXEC.NCF will no longer mount all NSS volumes

103-000154-001
August 29, 2001
Novell Confidential
by default. In the AUTOEXEC.NCF file of the server where the volume is to be

mounted, add separate MOUNT commands followed by the volume name for each
of the noncluster volumes you want to mount.
The same procedure for creating shared disk partitions using NetWare Remote
Manager is used to create cluster volumes. To create a cluster volume on
shared storage using NetWare Remote Manager go to Step 1 on page 23.
Cluster Enable Pools and Volumes

If you have a shared disk system that is part of your cluster and you want the
pools and volumes on the shared disk system to be highly available to
NetWare clients, you will need to cluster enable those pools and volumes.
Cluster enabling a pool or volume allows it to be moved or mounted on
different servers in the cluster in a manner that supports transparent client
reconnect.
With this release of Cluster Services, cluster-enabled volumes no longer
appear as cluster resources. NSS pools are resources, and load and unload
scripts apply to pools and are automatically generated for them. Each cluster-
enabled NSS pool requires its own IP address. This means that each cluster-
enabled volume does not have an associated load and unload script or an
assigned IP address.
The first volume you cluster enable in the pool automatically cluster enables
the pool where the volume resides. Once a pool has been cluster enabled, you
will need to cluster enable the other volumes in the pool if you want them to
be mounted on another server during a failover.
When a server fails, any cluster-enabled pools being accessed by that server
will fail over to other servers in the cluster. Because the cluster-enabled pool
fails over, all volumes in the pool will also fail over, but only the volumes that
have been cluster enabled will be mounted. Any volumes in the pool that have
not been cluster enabled will have to be mounted manually. For this reason,
volumes that aren’t cluster enabled should be in separate pools that are not
cluster enabled.
If you want each cluster-enabled volume to be its own cluster resource, each
volume must have its own pool.
Some server applications don’t require NetWare client access to volumes, so
cluster enabling pools and volumes might not be necessary. Pools should be
deactivated and volumes should be dismounted before being cluster enabled.

103-000154-001
August 29, 2001
Novell Confidential
Using ConsoleOne
1 Browse and select the Cluster object.
2 Click File > New > Cluster > Cluster Volume.
3 Browse and select a volume on the shared disk system to cluster enable.
4 Enter an IP address for the volume.
This is only required for the first volume to be cluster enabled in the pool.
This IP address will be assigned to the pool where the volume resides.
Checking the Online Resource after Create check box will cause the
volume to automatically mount once it is created.
5 (Optional) Change the default name of the virtual Server object.
When you cluster enable a pool, a virtual Server object is automatically
created and given the name of the Cluster object plus the cluster-enabled
pool. For example, if the cluster name is cluster1 and the cluster-enabled
pool name is pool1, then the default virtual server name will be
cluster1_pool1_server.
If you are cluster enabling a volume in a pool that has already been cluster
enabled, the virtual Server object has already been created, and you can’t
change the virtual Server object name.
6 (Optional) Change the default name of the cluster-enabled Volume object.
When you cluster enable a volume, a new object is automatically created
and given the name of the Cluster object and the volume name. For
example, if the cluster name is cluster1 and the volume name is vol1, then
the default cluster-enabled Volume object name will be cluster1_vol1.
7 Ensure the Define Additional Properties check box is checked, click
Create and then continue with “Set Start, Failover, and Failback Modes”
on page 33.

1 In NetWare Remote Manager, in the left column under the Clustering
section, select Cluster Config.
2 At the bottom of the screen under Create New Objects, click New Cluster
Volume.
3 Select the volume you created in the previous section and click Select.
4 Enter the IP address you want to assign to the cluster-enabled volume.

103-000154-001
August 29, 2001
Novell Confidential
All other fields on this screen should be automatically updated. You can
change or edit the information in the fields as desired. See Step 5 on page
27 and Step 6 on page 27 for more information.
This is only required for the first volume to be cluster enabled in the pool.
This IP address will be assigned to the pool where the volume resides.
Checking the Auto-Online check box will cause the resource to
automatically start once it is created.
5 Click the Save button to create the volume resource and then continue
with “Set Start, Failover, and Failback Modes” on page 33.
When the volume resource is brought online, the pool will automatically be
activated. You don’t need to activate the pool at the server console.
Create Cluster Resource Templates

Templates simplify the process of creating similar or identical cluster
resources. For example, templates are helpful when you want to create
multiple instances of the same resource on different servers. You can create
templates for any server application or resource you want to add to your
cluster.
Novell Cluster Services currently provides templates for DHCP, GroupWise®,
and NetWare Enterprise Web Server, as well as a generic IP SERVICE
template. The generic IP SERVICE template can be used when configuring
certain server applications to run on your cluster. You can edit and customize
any of the templates for your specific needs.
Using ConsoleOne
1 Browse and select the Cluster object where you want to create a cluster
resource template.
2 From the menu bar, click File > New > Cluster > Cluster Resource.
3 Enter a name for the new cluster resource template.
4 Check the Create Resource Template check box.
This option lets you create a cluster resource template instead of a cluster
resource.
5 Check the Define Additional Properties check box, and then continue
with “Configure Load Scripts” on page 30.

103-000154-001
August 29, 2001
Novell Confidential
To finish creating a cluster resource template, you need to configure load

and unload scripts, set failover and failback modes and, if necessary,
change the node assignments for the resource template.

1 On the left column under the Clustering section, click Cluster Config.
2 At the bottom of the screen above Create New Objects, click New Cluster
Resource.
3 Enter a name for the new cluster resource template.
4 Check the Create Resource and the Define Additional Properties check
boxes and then click Apply.
5 Continue with “Configure Load Scripts” on page 30.
Create Cluster Resources

Cluster resources must be created for every resource or application you run on
servers in your cluster. Cluster resources can include Web sites, e-mail servers,
databases, and any other server-based applications or services you want to
make available to users at all times.
Using ConsoleOne
1 Browse and select the Cluster object you want to create resources for.
2 Click File > New > Cluster > Cluster Resource.
3 Enter a name for the new cluster resource.
IMPORTANT: Do not use periods in cluster resource names. NetWare and
NetWare clients interpret a period as a delimiter.
4 If a template exists for the resource you are creating, enter the template
name in the Inherit From Template field, or browse and select it from the
list. If a template does not exist, check the Define Additional Properties
check box.
5 (Conditional) Check the Online Resource after Create check box if you
want the resource to automatically start on the master node as soon as it
is created and configured.
6 Click Create.
7 (Conditional) If you are not using a template for the resources, continue

103-000154-001
August 29, 2001
Novell Confidential

2 At the bottom of the screen under Create New Objects, click New Cluster
Resource.
3 Enter a name for the new cluster resource.
4 If a template exists for the resource you are creating, select it from the list
and then click Apply. If a template does not exist, check the Define
Additional Properties check box and then click Apply.
The default selection for this field is No Template.
5 (Conditional) If you are not using a template for the resource, continue
If you are not using a template, you must complete the process for creating the
cluster resource by configuring load and unload scripts, setting failover and
failback modes and, if necessary, changing the node assignments for the
resource.
If you are using a template for this resource, additional resource configuration
is performed automatically by the template.
More information on configuring GroupWise, NDPS®, NetWare Enterprise
Web Server and many other applications is available at Novell’s
documentation Web site (http://www.novell.com/documentation/lg/ncs6p/
index.html).
Configure Load Scripts

A load script is required for each resource, service, or disk pool in your cluster.
The load script specifies the commands to start the resource or service on a
server, or to mount the volume on a server.
You can use any commands in the load script that would be used in a .NCF file
run from the server console. If you don’t know which commands to add to
your load script, consult the documentation for the application or resource.
Load scripts are automatically created for disk pools when you cluster enable
them. Because of this, it might not be necessary to configure or change the
load script for a pool.

103-000154-001
August 29, 2001
Novell Confidential
Using ConsoleOne
1 Select the Load Script tab on the resource property page.
2 Edit or add the necessary commands to the script to load the resource on
the server.
Some commands may require command line input. You can add << to a
command to indicate command line input. For example, a script
command might read
LOAD SLPDA <<Y
This means that when SLPDA is loaded, it will receive a Y at the
command line, presumably to a question that needs a Yes answer. If more
inputs are required, they can be continued on subsequent lines, as follows:
LOAD SLPDA <<Y
<<Y
<<N
The string can be up to 32 characters.
3 Specify a timeout value.
The default is 600 seconds, or 10 minutes. The timeout value determines
how much time the script is given to complete. If the script does not
complete within the specified time, the resource becomes comatose.

2 From the list of Resources, select the desired resource or resource
template.
3 On the Resource Information screen, click Loading.
4 Edit or add the necessary commands to the script to load the resource on
the server.
For more details on load script commands see the instructions above on
configuring load scripts using ConsoleOne.
5 Specify the Load Timeout and click Apply to save the script.
This is the same as the timeout value described in the above instructions
on configuring load scripts using ConsoleOne.

103-000154-001
August 29, 2001
Novell Confidential
Configure Unload Scripts

Depending on your cluster application or resource, you can add an unload
script to specify how the application or resource should terminate. An unload
script is not required by all resources or applications, but it can ensure that
during a failback or manual migration, a resource unloads before it loads on
another node. Consult your application vendor or documentation to determine
if you should add commands to unload the resource.
Unload scripts are automatically created for disk pools when you cluster
enable them. Because of this it might not be necessary to configure or change
the load script for a pool.
Using ConsoleOne
1 Select the Unload Script tab on the resource property page.
2 Edit or add the necessary commands to the script to unload the intended
resource on the server.
You can use any commands used in a .NCF file run from the server
console. If you don’t know which commands to add, consult the
documentation for the application or resource you want to unload.
3 Specify a timeout value and click Apply to save the script.
The default is 600 seconds, or 10 minutes. The timeout value determines
how much time the script is given to complete. If the script does not
complete within the specified time, the resource becomes comatose.

2 From the list of Resources, select the desired resource.
3 On the Resource Information screen, click Unloading.
4 Edit or add the necessary commands to the script to unload the intended
resource on the server.
5 Specify the Load Wait Time and click Apply to save the script.

103-000154-001
August 29, 2001
Novell Confidential
Set Start, Failover, and Failback Modes

You can configure the start, failover, and failback of cluster resources to
happen manually or automatically. With the resource Start Mode set to AUTO,
the resource automatically starts on a server when the cluster is first brought
up. If the resource Start Mode is set to MANUAL, you can manually start the
resource on a server when you want, instead of having it automatically start
when servers in the cluster are brought up.
With the resource Failover Mode set to AUTO, the resource automatically
starts on the next server in the Assigned Nodes list in the event of a hardware
or software failure. If the resource Failover Mode is set to MANUAL, you can
intervene after a failure occurs and before the resource is moved to another
node.
With the resource Failback Mode set to DISABLE, the resource does not fail
back to its most preferred node when the most preferred node rejoins the
cluster. If the resource Failback Mode is set to AUTO, the resource
automatically fails back to its most preferred node when the most preferred
node rejoins the cluster. Set the resource Failback Mode to MANUAL to
prevent the resource from moving back to its preferred node when that node
is brought back online, until you are ready to allow it to happen.
The preferred node is the first server in the list of the assigned nodes for the
resource.
Using ConsoleOne
1 In ConsoleOne, right click the resource object and select Properties, then
select the Policies tab on the property page.
2 (Conditional) Check the Ignore Quorum check box if you don’t want the
cluster-wide timeout period and node number limit enforced.
The quorum default values were set when you installed Novell Cluster
Services. You can change the quorum default values by accessing the
properties page for the Cluster object.
Checking this box will ensure the resource is launched immediately on
any server in the Assigned Nodes list as soon as any server in the list is
brought online.
3 Choose the Start, Failover, and Failback modes for this resource.
The default for both Start and Failover modes is AUTO, and the default
for Failback mode is DISABLE.

103-000154-001
August 29, 2001
Novell Confidential
4 Check the Master Only check box to ensure the resource runs only on the
master node in the cluster.
If the master node in the cluster fails, the resource will fail over to
whichever node becomes the master.
5 Click Apply to save changes.

3 On the Resource Information screen, click Policies.
4 Check or uncheck the Ignore Quorum check box as desired.
See the instructions above on setting resource Start, Failover, and
Failback modes using ConsoleOne for more details.
5 Select the Start, Failover, and Failback modes for this resource.
6 Check or uncheck the Master Only check box.
If the Master Only box is checked, the resource will run only on the server
designated as the Master node in the cluster.
7 Click Apply.
Assign Nodes to a Resource

When you create a resource on a cluster or cluster enable a volume or pool,
the nodes in the cluster are automatically assigned to the resource or the
volume or pool. The order of assignment is the order the nodes appear in the
resource list. You can assign or unassign nodes to the resource or the volume
or pool, or change the failover order.
Using ConsoleOne
1 Select the Nodes tab on the resource property page.
2 From the list of unassigned nodes, select the server you want the resource
assigned to and click the Right-arrow button to move the selected server
to the Assigned Nodes list.
Repeat this step for all servers you want assigned to the resource. You can
also use the Left-arrow button to unassign servers from the resource.

103-000154-001
August 29, 2001
Novell Confidential
3 Click the Up- and Down-arrow buttons to change the failover order of the
servers assigned to the resource or volume.
4 Click Apply to save node assignment changes.

3 On the Resource Information screen, click Nodes.
4 Select or type in the nodes that you want assigned to this resource.
5 Click Apply to save node assignment changes.
Configuration Settings
Depending on your needs and cluster setup, some additional configuration
may be required for you to effectively use Novell Cluster Services. This
additional configuration might consist of changing the values on some of the
properties for the Cluster object and the Cluster Node objects.
Edit Quorum Membership and Timeout Properties

You can edit Quorum Membership and Timeout properties using either
ConsoleOne or NetWare Remote Manager.
Using ConsoleOne
1 Right-click the Cluster object.
2 Click Properties.
3 Select the Quorum tab on the Cluster Object Property page.

2 Select the Cluster object name.
3 Click Quorum.

103-000154-001
August 29, 2001
Novell Confidential
Membership
The Quorum Membership is the number of nodes that must be running in the
cluster before resources will start to load. When you first bring up servers in
your cluster, Novell Cluster Services reads the number specified in the
Membership field and waits until that number of servers is up and running in
the cluster before it starts loading resources.
Set the Membership value to a number greater than 1 so that all resources
don’t automatically load on the first server that is brought up in the cluster. For
example, if you set the Membership value to 4, there must be four servers up
in the cluster before any resource will load and start.
Timeout
Timeout specifies the amount of time to wait for the number of servers defined
in the Membership field to be up and running. If the timeout period elapses
before the quorum membership reaches its specified number, resources will
automatically start loading on the servers that are currently up and running in
the cluster. For example, if you specify a Membership value of 4 and a timeout
value equal to 30 seconds, and after 30 seconds only two servers are up and
running in the cluster, resources will begin to load on the two servers that are
up and running in the cluster.
Cluster Protocol Properties

You can use the Cluster Protocol property pages to view or edit the transmit
frequency and tolerance settings for all nodes in the cluster, including the
master node. The master node is generally the first node brought online in the
cluster, but if that node fails, any of the other nodes in the cluster can become
the master.
Using ConsoleOne
1 Right-click the Cluster object.
2 Click Properties.
3 On the Cluster Object property page, select the Protocol tab.
This tab has two pages: Settings and Internals. The Internals page lets you
view the script used to configure the cluster protocol settings, but not
change it. Use the Settings page to make changes to cluster protocol
properties.

103-000154-001
August 29, 2001
Novell Confidential

3 Click Protocol.
Heartbeat
Heartbeat specifies the amount of time between transmits for all nodes in the
cluster except the master. For example, if you set this value to 1, nonmaster
nodes in the cluster send a signal that they are alive to the master node every
second.
Tolerance
Tolerance specifies the amount of time the master node gives all other nodes
in the cluster to signal that they are alive. For example, setting this value to 4
means that if the master node does not receive an “I’m alive” signal from a
node in the cluster within four seconds, that node is removed from the cluster.
Master Watchdog
Master Watchdog specifies the amount of time between transmits for the
master node in the cluster. For example, if you set this value to 1, the master
node in the cluster transmits an “I’m alive” signal to all the other nodes in the
cluster every second.
Slave Watchdog
Slave Watchdog specifies the amount of time the master node has to signal that
it is alive. For example, setting this value to 5 means that if the nonmaster
nodes in the cluster do not receive an “I’m alive” signal from the master within
five seconds, the master node is removed from the cluster and one of the other
nodes becomes the master node.
Max Retransmits
This option is not currently used with Novell Cluster Services but will be used
for future versions.

103-000154-001
August 29, 2001
Novell Confidential
Cluster IP Address and Port Properties

The Cluster IP address is assigned when you install Novell Cluster Services.
The Cluster IP address normally does need to be changed, but can be if
needed.
The default cluster port number is 7023, and is automatically assigned when
the cluster is created. The cluster port number does not need to be changed
unless a conflict is created by another resource using the same port number. If
there is a port number conflict, change the Port number to any other value that
doesn’t cause a conflict.
Using ConsoleOne
1 Right-click the cluster object.
2 Click Properties.
3 On the Cluster Object property page, select the Management tab.

3 Click IP Address.
Resource Priority
The Resource Priority allows you to control the order in which multiple
resources start on a given node when the cluster is brought up or during a
failover or failback. For example, if a node fails and two resources fail over to
another node, the resource priority determines which resource loads first.
This is useful for ensuring that the most critical resources load first and are
available to users before less critical resources.
Uusing ConsoleOne
1 Right-click the cluster object.
2 Click Properties.
3 On the Cluster Object property page, select the Resource Priority tab.

103-000154-001
August 29, 2001
Novell Confidential
4 To change the priority for a resource, select the resource in the list and
then click the Increase or Decrease button to move the resource up or
down in the list.
This lets you change the load order of the resource relative to other cluster
resources on the same node.
You can also select a resource and then click the Selected button to reset
the resource back to its default load order.
5 Click the Apply button to save changes made to resource priorities.

3 Click Resource Priorities.
4 To change the priority for a resource, assign it a number between 0 and
65535.
65535 is the maximum value and 0 is the minimum value. Setting a
resource priority to 65535 ensures the resource loads before other
resources with lower priority settings. Setting the resource priority to 0
ensures the resource loads last after all other resources have loaded. The
default resource priority setting is 0.
If you assign multiple resources the same priority, the start order of those
resources is random.
5 Click the Apply button to save changes made to resource priorities.
Cluster E-Mail Notification

Novell Cluster Services can automatically send out e-mail messages for
certain cluster events like cluster and resource state changes or nodes joining
or leaving the cluster.
You can enable or disable e-mail notification for the cluster and specify up to
eight administrator e-mail addresses for cluster notification.
Using ConsoleOne
1 Right-click the cluster object
2 Click Properties.

103-000154-001
August 29, 2001
Novell Confidential
3 On the Cluster Object property page, select the Notification tab.

4 Check or uncheck the Enable Cluster Notification Events check box to
enable or disable e-mail notification.
5 If you enable e-mail notification, add the desired e-mail address in the
field provided and click the button next to the field to add the address to
the list. Repeat this process for each address you want on the notification
list.
6 If you enable e-mail notification, specify the type of cluster events you
want administrators to receive messages for.
To only receive notification of critical events like a node failure or a
resource going comatose, check the Receive Only Critical Events check
box .
To receive notification of all cluster state changes including critical
events, resource state changes, and nodes joining and leaving the cluster,
check the Verbose Messages check box.
To receive notification of all cluster state changes in XML format, check
the XML Messages option. XML format messages can be interpreted and
formated with a parser that lets you customize the message information
for your specific needs.
7 Click the Apply button to save changes made.

2 Select the Cluster object name and click Email Reporting.
3 Add the desired email addresses in the fields provided.
4 Specify the type of cluster events you want administrators to receive
messages for.
Specify a 1 or a 0 to disable email notification.
Specify a 2 (Critical) to only receive notification of critical events like a
node failure or a resource going comatose.
Specify a 4 (Verbose) to receive notification of all cluster state changes
including critical events, resource state changes, and nodes joining and
leaving the cluster.
Specify an 8 to receive notification of all cluster state changes in XML
format. XML format messages can be interpreted and formated with a

103-000154-001
August 29, 2001
Novell Confidential
parser that lets you customize the message information for your specific
needs.
5 Click the Apply button to save your changes.
Cluster Node Properties

You can view or edit the cluster node number or IP address of the selected
node or view the context for the NetWare Server object.
Using ConsoleOne
1 Select the Cluster object and right-click the desired cluster node on the
right side of the ConsoleOne display screen.
2 Click Properties.
3 On the Cluster Node property page, select the Node tab.

2 Select the Cluster node name.
3 Click IP Address or Node Number.
(Node) Number+IP Address
Number+IP Address specifies the cluster node number and IP address for the
selected node. If the cluster node number or IP address changes for the
selected node, the new information is not automatically updated in eDirectory.
Edit the information and click Apply to update the information in eDirectory.
NCP Server
The NCP Server field is used to view the context for the NetWare Server
object. This field cannot be edited.

103-000154-001
August 29, 2001
Novell Confidential
Migrating Resources
You can migrate resources to different servers in your cluster without waiting
for a failure to occur. You might want to migrate resources to lessen the load
on a specific server, to free up a server so it can be brought down for scheduled
maintenance, or to increase the performance of the resource or application by
putting it on a faster machine.
Migrating resources allows you to balance the load and evenly distribute
applications among the servers in your cluster.
Using ConsoleOne
1 Browse and select the Cluster object that contains the resource you want
to migrate.
Resources must be in a running state to be migrated.
2 Ensure the right half of ConsoleOne displays the Cluster View State by
selecting View > Cluster State from the menu at the top of the screen.
3 In the Cluster Resource List, select the resource you want to migrate.
The Cluster Resource Manager screen appears, displaying the server the
selected resource is currently running on and a list of possible servers to
which you can migrate resources.
4 Select a server from the list and click Migrate to move the resource to the
selected server.

1 On the left column under the Clustering section, click Cluster
Management.
2 Select the cluster resource you want to migrate.
3 Select a server from the list and then click Migrate to move the resource
to the selected server.
If you select a resource and click Offline, the resource will be unloaded from
the server. It will not load on any other servers in the cluster and will remain
unloaded until you load it again. This option is useful for editing resources
because resources can’t be edited while loaded or running on a server.

103-000154-001
August 29, 2001
Novell Confidential
Identifying Cluster and Resource States

Both the Cluster State view in ConsoleOne and the Cluster Management link
in NetWare Remote Manager give you important information about the status
of servers and resources in your cluster.
Cluster servers and resources display in different colors, depending on their
operating state. When servers and resources are green, they are in a normal
operating condition. When a server that has been part of the cluster is red with
a break in the icon, it has failed. When a resource is red, it is waiting for
administrator intervention. When a server is gray with no break in the icon,
that server is not currently a member of the cluster, or its state is unknown.
When a resource is blank or has no colored icon, it is unassigned, offline,
changing state, or in the process of loading or unloading.
The yellow ball in the middle of the server icon designates the master server
in the cluster. The master server is initially the first server in the cluster, but
another server can become the master if the first server fails.
The Epoch number indicates the number of times the cluster state has
changed. The cluster state will change every time a server joins or leaves the
cluster.
Clicking on the Event Log tab in ConsoleOne gives you a detailed history of
your cluster. Every time the cluster state changes, a new event is added to the
Event Log. You can sort the events in the log by clicking on the column
headings of the table. You can reverse the sort order by pressing the Shift key
while clicking on a column heading. The Event Log is stored on the special
cluster partition that was created during the Novell Cluster Services
installation, which ensures it is always available. You can also save the Event
Log to a file.
Clicking on the HTML Report tab in ConsoleOne in the Cluster State view
screen launches a more detailed report of the state of your cluster. You can
view this report or save it to an HTML file for printing or viewing with a
browser.
The following table identifies the different resource states and gives
descriptions and possible actions for each state. The possible actions describe
steps for using ConsoleOne to complete each action. You can also use the
NetWare Remote Manager to perform the same actions. In NetWare Remote
Manager, in the left column under the Clustering section, click Cluster
Management and then select the desired resource.

103-000154-001
August 29, 2001
Novell Confidential
Resource State Description Possible Actions
Alert Either the Start, Failover, Click the Alert status

or Failback mode for the indicator and depending
resource has been set to on the resource state,
Manual. The resource is you will be prompted to
waiting to start, fail over, Start, Failover, or
or fail back on the Failback the resource.
specified server.
Comatose The resource is not Click the Comatose

running properly and status indicator and
requires administrator offline the resource.
intervention. Once resource problems
have been resolved, the
resource can be put back
online (returned to the
running state).
Loading The resource is in the None.

process of loading on a
server.
NDS_Sync The properties of the None.

resource have changed
and the changes are still
being synchronized in
eDirectory.
Offline Offline status indicates Click the Offline status

the resource is shut indicator and if desired,
down or is in a dormant click the online button to
or inactive state. load the resource on the
best node possible, given
the current state of the
cluster and the
resource’s preferred
nodes list.
Quorum Wait The resource is waiting None.

for quorum to be
established so it can
begin loading.

103-000154-001
August 29, 2001
Novell Confidential
Resource State Description Possible Actions
Running The resource is in a Click the Running status

normal running state. indicator and choose to
either migrate the
resource to a different
server in your cluster, or
unload (offline) the
resource.
Unassigned There isn’t an assigned Click the Unassigned

node up that the status indicator and if
resource can be loaded desired, Offline the
on. resource. Offlining the
resource will prevent it
from running on any of its
preferred nodes should
any of them join the
cluster.
Unloading The resource is in the None.

process of unloading
from the server it was
running on.
Additional Cluster Operating Instructions

The following instructions provide additional information for operating
Novell Cluster Services.
Installing NetWare on a Server That Will Be Added to an Existing

Cluster
1 Install fiber-channel hardware.
NetWare will automatically detect and load the proper drivers when it
installs.
2 Install NetWare, including the latest Service Pack, on the new server.
3 Reboot the server.
4 Install Novell Cluster Services on the new server.
5 (Conditional) If you have changed the failover order, add the new server
to the failover list.
By default, Novell Cluster Services will include all nodes on the failover
list, including newly added nodes.

103-000154-001
August 29, 2001
Novell Confidential
Readding a Node to a Cluster That Was Prevously in the Cluster

1 If necessary, install NetWare, including the latest service pack on the
server using the same node name and IP address.
2 If the Cluster object for the server is still present, use ConsoleOne to
delete the object.
You can do this by going to the Cluster container, selecting the node in the
right frame, and pressing Delete.
3 Run the Novell Cluster Services installation.
The node will assume its former identity.
Cluster-enabled Volume Connection Required for Some Utilities

Because Novell Cluster Services uses NDS to find objects and resolve names,
you must first establish a client connection to a cluster-enabled volume for it
to be visible to certain utilities.
Do this by browsing to and selecting the eDirectory Volume object using
Windows Explorer.
Some Applications Do Not Fail Over

Although all NetWare 6 applications will run on a cluster node, not all
applications are capable of being configured as a cluster application and failed
over to a new node.
Novell Cluster Services Console Commands

Novell Cluster Services provides several server console commands to help
you perform certain cluster related tasks. The following table lists the cluster-
related server console commands and gives a brief description of each
command. To execute a cluster console command type CLUSTER followed by
the command. For example, if you want to display cluster statistics, type
CLUSTER STATS DISPLAY at the server console. You can also type HELP
CLUSTER at the console prompt to get information on the commands and
their functions.

103-000154-001
August 29, 2001
Novell Confidential
Cluster Console Command Description
ALERT {resource}{YES/NO} The resource start, failover, or failback mode

is set to manual and the resource is waiting to
start on a node, or fail over or fail back to
another node. Specify the resource name in
the command and use the YES or NO switch
to specify whether or not you want the
resource to fail over, fail back, or start.
CVSBIND {ADD, DEL}{resource}{IP address} Enables applications that rely on the bindery
or bindery emulation to access a virtual server
on the cluster. Specify the resource name for
the cluster application and the IP address for
the virtual server. Use the ADD or DEL switch
to enable or disable bindery access to the
virutal server.
DHCP {context} Specifies the eDirectory context where DHCP

configuration information is stored. This
command is useful if you have problems
getting DHCP to function properly on a
cluster.
DOWN Removes all cluster nodes from the cluster.

Has the same effect as executing the
CLUSTER LEAVE command on every server
in the cluster.
JOIN Adds the node where the command is

executed to the cluster and makes the node
visible to other servers in the cluster. Cluster
Services software must already be installed
on a node for it to join the cluster.
LEAVE Removes the node where the command is

executed from the cluster. The node will not
be visible to other servers in the cluster.
MIGRATE {resource}{node name} Migrates the specified resource from the node
where it is currently running to the node you
specify in the command. The node you
migrate the resource to must be running in the
cluster and also be in the resource’s assigned
nodes list.

103-000154-001
August 29, 2001
Novell Confidential
Cluster Console Command Description
OFFLINE {resource} Unloads the specified resource from the node

where it is currently running.
ONLINE {resource}{node name} Starts the specified resource on the most

preferred node that is currently active. You
can start the resource on a different node by
specifying that node in the command.
POOLS Lists the NSS pools on the shared disk

system that are accessible by Novell Cluster
Services.
RESOURCES Lists all resources that currently exist in the

cluster. The resources do not have to be
online or running.
RESTART {seconds} Restarts Cluster Services software on all

servers in the cluster.
STATS {Display, Clear} Reports the node number, node name, and
heartbeat information. You must switch to the
log console screen to see cluster statistics.
STATUS {resource} Reports the status of the specified resource.

This includes the number of times the
resource has been migrated or failed over to
another server, the resource state, and the
node where the resource is currently running.
VIEW Displays the node name, cluster epoch

number, master node name, and a list of
nodes that are currently members of the
cluster.

103-000154-001
August 29, 2001
Novell Confidential
6 NetWare Server Disks and Storage Devices Administration Guide

103-000179-001
August 30, 2001
Novell Confidential
Server Disks and Storage Devices
With NetWare®, you can create up to four NetWare (or other) partitions on one
hard disk. The primary storage and file system for NetWare is Novell® Storage
ServicesTM (NSS). For information about the NSS file system, see Introducing
Novell Storage Services in the Novell Storage Services Administration Guide.
After you create partitions on your storage devices, you can create volumes
where you place your data files. There are two types of volumes you can
create: traditional NetWare volumes and NSS logical volumes. For more
information about NSS logical volumes see Create Logical Volumes in the
Novell Storage Services Administration Guide.
To maintain and modify your storage and file system, you use your server
console, ConsoleOneTM, and MONITOR utilities. In ConsoleOne, you can
create, modify, and purge partitions and volumes. MONITOR provides
important disk use and file statistics. You can use MONITOR to review disk
usage and availability. You can also use it to review data block placement and
redirection. For instructions on using MONITOR, see MONITOR in Utilities
Reference.
To optimize your server's storage devices, follow the general
recommendations found in “Optimizing the File System Performance” on
page 21.
Server Disks and Storage Devices 7

103-000179-001
August 30, 2001
Novell Confidential

103-000179-001
August 30, 2001
Novell Confidential
1 Overview of Server Disks and Storage

Devices
Server hard disks and remote storage devices (such as tape drives and CD-
ROM drives) are all managed by the NetWare® operating system.
Hard disks are divided into partitions, including one DOS partition and at least
one NetWare partition per server. A hard disk can also contain other partitions,
such as a UNIX* partition. For general information about disk partitions, see
“Partitioning Disks” on page 10 and “Logical Partitions” on page 11.
All storage devices and individual disk partitions are identified by numbers
assigned by the NetWare operating system Media Manager. The same number
represents the same device in all NetWare utilities or console commands. For
an explanation of the device numbering system, see “Device and Partition
Numbering” on page 12.
All storage devices require drivers. The NetWare Peripheral ArchitectureTM
(NWPA) divides device drivers into two types: a custom device module
(CDM) that drives the device itself and a host adapter module (HAM) that
drives the adapter the device is attached to. For more information, see “Drivers
for Host Adapters and Storage Devices” on page 16.
To increase data fault tolerance, you can mirror partitions to partitions on other
disks. For information about mirroring, see “Mirroring and Duplexing” on
page 16. NetWare also includes a feature called Hot FixTM which redirects any
information stored on corrupted blocks to uncorrupted blocks. See
“Redirecting Bad Blocks” on page 18.
Overview of Server Disks and Storage Devices 9

103-000179-001
August 30, 2001
Novell Confidential
Partitioning Disks
You can divide a NetWare server hard disk into units called disk partitions.
You can also leave free (unassigned) space on a disk.
NOTE: A NetWare disk partition is not related to an NDS® partition.
One of the server's hard disks must contain a DOS partition. This is the
primary boot partition where server.exe is stored. You need only one boot
partition per server. You also need to keep a SYS: volume. The file system
creates this volume automatically when you install NetWare.
A hard disk can contain as many as four partitions, including a DOS partition,
multiple NetWare partitions, or non-NetWare partitions (such as Windows*
NT* or UNIX). The disk can also contain free space assigned to the Novell
Storage Services (NSS) file system.
A NetWare partition consists of a data area and can also contain a Hot FixTM
Redirection Area used for disk sector sparing (maintaining a spare sector per
track in case another sector becomes defective). The logical sector 0 of a
NetWare partition is the first sector of the data area available to applications,
such as the traditional NetWare file system. This data area is referred to as a
logical partition. See “Logical Partitions” on page 11.
The following figures illustrate some of the ways hard disks can be
partitioned.
Figure 1 NetWare and DOS Partitions on One Disk
NetWare
SYS: Volume
Partition
(1 disk segment)
Data1: Volume
(1 disk segment)
NetWare
Data2: Volume Partition
(1 disk segment)
Hot Fix
Redirection Area DOS
Partition

103-000179-001
August 30, 2001
Novell Confidential
Figure 2 DOS Partition on First Disk, NetWare and Non-NetWare Partitions on Second Disk
Disk 1 Disk 2
SYS: Volume
(1 disk segment)
Data1: Volume NetWare

DOS Partition (1 disk segment) Partition
(Entire Disk)
Data2: Volume
(1 disk segment)
Hot Fix
Redirection Area Non-NetWare
UNIX Partition
Figure 3 Disk with One NetWare Partition and Free Space Assigned to NSS
NSS
Disk File System
Free Space
NetWare
Partition
DOS
Partition
Logical Partitions
Server hard disks can contain up to four partitions. Each partition contains a
data area, where the file system resides, and can contain another data area,
called the Hot Fix/mirror object, which is used to manage mirroring and Hot
Fix redirection.
The entire NetWare partition, including both the data area and the Hot Fix/
mirror object, is called the physical partition.
The data area of the partition is called the logical partition.

103-000179-001
August 30, 2001
Novell Confidential
If you do not use Hot Fix and mirroring, the entire physical partition is the
logical partition.
Figure 4 Logical and Physical Partitions on a Server Disk
Disk
NetWare NetWare
Logical Physical
Partition Partition
Hot Fix
Redirection Area DOS
Partition
The logical partition contains four redundant copies of the volume definition
table (VDT). Each table contains a list of all volume segments in that partition.
A segment is the amount of space you obtain from a storage device. Four
copies are maintained for fault tolerance. If a disk error occurs and one table
is corrupted, the file system can detect and correct the error.
The rest of the logical partition can contain any number of volume segments.
Device and Partition Numbering

All storage devices, disk partitions, and logical partitions are identified by
object numbers assigned by the NetWare operating system Media Manager.
In addition, the Media Manager assigns device names to physical devices and
adapters called object numbers.
These object numbers and device names are consistent across all NetWare
utilities and console commands so that you can easily identify the objects and
devices.

103-000179-001
August 30, 2001
Novell Confidential
Object Numbers
Object numbers are hexadecimal numbers assigned to devices, adapters,
media, partitions, and divisions of a partition (such as the Hot Fix redirection
area).
If you mirror partitions, each logical partition in the mirrored set has the same
object number as the other partitions in the set.
Object numbers are not sequential or persistent. New numbers can be assigned
when the server is restarted. But the same object number represents the same
entity in any NetWare utility. For example, if you type LIST DEVICES at the
server console prompt, you would see a list of storage devices, such as the
following (the first number in each line is the Hexidecimal object number):
0x0001: [V312-A0-d4:0] iomega jaz 1GB rev:H.72
0x0003: [V025-A1-D1:0] WDC AC22100H
0x0002: [V025-A2-D2:0] NEC CD-ROM DRIVE:282 rev:3.07
Likewise, in MONITOR, if you select Available Options > Storage Devices,

you would see a list of storage devices, partitions, and adapters similar to the
following:
0x0001: [V312-A0-d4:0] iomega jaz 1GB rev:H.72
0x0000: [V025-A1] Novell IDE Host Adapter Module
0x0003: [V025-A1-D1:0] WDC AC22100H
0x0002: [V025-A2-D2:0] NEC CD-ROM DRIVE:282 rev:3.07
0x0006: DOS Partitioned Media
0x0008: NetWare Partition
0x000A: Non-Mirrored Partition
In the MONITOR example, object number 0x0001 represents an Iomega Jaz

drive, just as it did in the LIST DEVICES display.
Note that a physical NetWare partition is identified as NetWare Partition and
a logical partition is identified either as Non-Mirrored Partition or Mirrored
Partition.
Mirroring messages use the logical partition object number to report that hard
disks are being remirrored or unmirrored.
For instructions on using MONITOR, see MONITOR in the Utilities
Reference.

103-000179-001
August 30, 2001
Novell Confidential
Partition examples
The following are example partition entries with the device information:
Unpartitioned - D:0x1-1
Unpartitioned indicates that the device is unpartitioned.
D:0x is the device number.
-1 is the chunk number. (A unique number that this is the first
unpartitioned segment on device 1.)
NSS-P:0x15-1
NSS-P:0x15-1 indicates that this is an unassigned NSS partition.
P:0x15 is the partition ID.
-1 is the chunk number (this will always be 1 because it consumes the
entire partition).
Traditional P:0x15b-2
Traditional indicates that this is a traditional volume with unassigned
space.
-P:0x1b is the partition number of the traditional partition ID.
-2 is the chunk number indicating that this is the second piece of free
space in this unused partition.
If the object ID number contains a “P,” the partition does not have a mirror
object ID. The selected object has an unmirrored physical partition ID.If the
object ID number contains an “M,” the partition is mirrored. The ID number
following the “M” is the ID of the mirror group instead of an individual
partition.For example, M:0x14-1 indicates that the partition exists on the
group of partitions represented by the mirror ID 0x14. Traditional - M:0x1c-1
indicates that the traditional partition exists on the group of mirrored partitions
represented by mirror ID 0x14.
Device Names
Devices such as hard disks and adapters are identified not only by a
nonpersistent object number, see “Object Numbers” on page 13, but also by a
permanent device name. When a hard disk fails, the failure message includes
the device name so you can identify the disk or adapter.

103-000179-001
August 30, 2001
Novell Confidential
To see a list of storage devices and their names, execute the LIST STORAGE
ADAPTERS command at the server console prompt. The screen lists each
device adapter, followed by a list of devices driven by that adapter. In the
following example, the first line identifies an IDE disk adapter. The second
line identifies a hard disk operated by that adapter:
[V025-A0] NOVELL IDE HOST ADAPTER MODULE
[V025-A0-D1:0] QUANTUM FIREBALL_TM3840A
The bracketed letters and numbers at the beginning of each line are the device
name. The device name identifies the adapter or device, as follows:
[V025-A0-D1:0]
Vendor Number
Adapter Number
Device Number
Logical Unit Number
Vendor number. A unique number specific to the device vendor.

Adapter number. The instance of the adapter in the server. In the
example, A0 identifies the first instance of an adapter installed in the
server. Adapter numbers are unique. The second adapter installed in the
server will have adapter number A1, even if the adapter is of the same
type as adapter A0.
Device number. The number of the disk or other device. For a SCSI disk,
this is the target ID, usually set by a jumper on the hard disk. For an IDE
disk, this number represents the bus from the IDE controller. IDE
numbers range from D0 through D3, representing the primary, secondary,
tertiary, or quaternary bus.
Logical unit number (LUN). The LUN identifies individual devices
when more than one device is attached to one bus. For example, one IDE
bus might be attached to two disks, a master and a slave. LUN 0
represents the master and LUN 1 represents the slave. However, because
disk manufacturers rarely use the logical unit number to identify hard
disks, the LUN almost always appears as 0.
The Device name represents the device in all Novell utilities and console
commands, including MONITOR, LIST DEVICES, etc.
Fault tolerance systems such as Hot Fix use the Device name to report that
data blocks on disks have relocated.

103-000179-001
August 30, 2001
Novell Confidential
Drivers for Host Adapters and Storage Devices

All storage devices require drivers. The NetWare Peripheral Architecture
(NWPA) divides device drivers into two kinds: a custom device module
(CDM) that drives the device itself and a host adapter module (HAM) that
drives the adapter has been attached to. The following are two types of drivers:
Custom Device Module (CDM)
CDMs drive storage devices, including autochangers, that are attached to
the host adapter bus.
CDMs are device-specific. For example, if there are three different types
of storage devices attached to the host adapter (such as a CD-ROM drive,
a SCSI hard drive, and an autochanger) then a specific CDM for each type
of device must be installed.
Host Adapter Module (HAM)
A HAM is the driver component associated with the host adapter
hardware. HAMs provide the functionality to route requests to the bus
where a specified device is attached.
HAMs are adapter-specific. For example, if a third-party adapter is
installed in the server, a HAM developed specifically for that adapter
must be installed.
Loading HAMs and CDMs is much like loading other device drivers, but
instead of loading one .dsk file for both the adapter and device, you load one
.ham file for the adapter and one .cdm file for each type of device attached to
that adapter.
When you want to connect a new hardware device to the host bus adapter, you
need to load only the appropriate CDM for that hardware device (in addition
to the HAMs and CDMs already loaded, and assuming a compatible adapter
is installed).
Mirroring and Duplexing

You can protect the data mirroring or duplexing disk partitions.
Mirroring stores the same data on separate disks on the same controller
channel; duplexing stores the same data on separate disks on separate
controller channels. Duplexing can also use two different drivers. Duplexing
is the recommended method because two channels rarely fail simultaneously.

103-000179-001
August 30, 2001
Novell Confidential
In the following illustration, several smaller disks are mirrored to partitions on

one larger disk.
Disk 4
Disk 3 Mirrored to
partition 3 NetWare
Partition 3
Disk 2 Mirrored to NetWare

partition 2 Partition 2
NetWare
Disk 1 Mirrored to
partition 1 Partition 1
NetWare
Mirrored to Partition 0
Disk 0 partition 0
To mirror partitions you must enable Hot Fix. For information about Hot Fix,
see “Redirecting Bad Blocks” on page 18.
With Hot Fix enabled, a section of the partition is set aside as the Hot Fix/
Mirror object, which holds data tables for both Hot Fix and mirroring. The
tables store information about which data blocks are bad, which blocks have
been redirected, which partitions are mirrored, and whether the partitions are
synchronized or not.
Setting up Hot Fix is much easier when you create the partition. To add Hot
Fix after you create a partition and add volumes, you must delete the volumes
from the partition, add Hot Fix, then restore the volumes from a backup. When
you restore volumes from a backup, make sure you have enough space on the
partition to accommodate the volumes after you add Hot Fix to the data area.
The following are important concepts for mirroring partitions:
Mirrored partitions must have the same partition type of mirror group as
the group you assign it to. This means that NSS partitions can be mirrored
only to other NSS partitions. The same criteria applies to traditional
partitions.
Mirrored partitions must be compatible in data area size. This means the
other partitions in the group. The physical size (combined data and Hot
Fix size) of the partition must be at least 100 KB, but no more than 120
MB larger than the data size of the existing partitions in the mirror
group.(Note: The file system adjusts the Hot Fix size within the legal

103-000179-001
August 30, 2001
Novell Confidential
ranges in order to make the data area identical to the other partitions in the
group.)
Mirrored partitions must have the same sharable status.
Partitions you add to a mirror group cannot be part of any other mirror
group. They must be standalone Mirror objects.
The partitions you add must include the Mirror and Hot Fix options. You
select these options when you create the partition; you cannot add the
options later.
When you select Hot Fix, mirroring is automatically selected. You cannot
mirror partitions that do not have a Hot Fix Redirection Area.
Although you can mirror one partition to as many as eight other partitions,
mirroring two partitions is usually sufficient fault tolerance for most
systems.
If a mirrored disk fails and cannot be accessed by the server, you can
unmirror the hard disks and salvage the volume from the functional disk.
See “Recovering Data from an Out of Sync Disk” on page 37.
If you want to remove a hot-plug mirrored disk without bringing down the
server, you must unmirror the disk first. See “Unmirroring Partitions” on
page 37.
For information about how to set up mirroring and duplexing, see “Mirroring
and Duplexing Partitions” on page 37.
Redirecting Bad Blocks

Due to the constant reading and writing of data to disk, some disk storage
blocks lose their capacity to store data. NetWare uses Hot Fix to prevent data
being written to unreliable blocks.
The Hot Fix feature redirects the original block of data (still in memory) to the
Hot Fix Redirection Area of the NetWare partition. Once the operating system
records the address of the defective block in a section of the partition area, the
server will not attempt to store data in the defective block.
Hot Fix redirection can occur during a write request, a read request, or a read-
after-write verification.
Write redirection occurs when the disk reports an error during a write
request. The system marks the block as bad and redirects the data to a
different block.

103-000179-001
August 30, 2001
Novell Confidential
Read redirection occurs following a disk error during a read request.

If the disk is mirrored, the system retrieves the data from the mirrored
disk and redirects the data on the primary disk. If the disk isn't mirrored,
the data is lost, and the block is marked as bad.
Read-after-write-verify redirection occurs after data is written to disk.
The data on disk is then read and compared to that in memory. If the two
don't match, the system marks the block as bad and redirects the data to a
different block.
By default, 2% of a disk's space is set aside as the Hot Fix Redirection Area.
You can increase or decrease this amount when you create a partition.
If Hot Fix is enabled, it is always active unless the disk fails or the redirection
area is full. You can view Hot Fix activity in MONITOR by selecting Storage
Devices and then a Hot Fix partition.
Figure 5 Hot Fix
If verification fails,
then data is written
to the Hot Fix
Redirection Area.
Block 201
1
Data
Block 201
Server RAM is bad.
2
Hot Fix
Data
Redirection Area Location of the bad
block is recorded.
Disk
You can specify no Hot Fix Redirection Area when you create disk partitions.
Having no Hot Fix Redirection Area saves partition space. Eliminating the
Hot Fix Redirection Area might be recommended for large (Redundant Array
of Inexpensive Devices (RAID) systems that provide their own means of fault
tolerance.

103-000179-001
August 30, 2001
Novell Confidential
However, if Hot Fix is not enabled, the partition will not have the fault
tolerance. Data on corrupted sectors of the disk will not be redirected to the
Hot Fix Redirection Area.
For instructions on how to specify no Hot Fix redirection area, see Creating a

103-000179-001
August 30, 2001
Novell Confidential
2 Optimizing the File System

Performance
NetWare® provides several methods for improving the performance of your

file system. For a list of general guidelines for conserving disk space and
improving disk performance, see “Optimizing Storage Disk Capacity” on
page 21.
To improve disk reads and writes, see “Improving Disk Reads” on page 24 and
“Improving Disk Writes” on page 26. You can also increase the speed of disk
reads and writes by striping volume segments across multiple disks. Disk
striping is called Redundant Array of Inexpensive Disks (RAID). For more
information about RAID, see Stripe Data Across Storage Devices (RAID) in
the Novell Storage Services Administration Guide.
The following is a list of suggestions for saving disk space:
Compressing files. See File Compression in the Traditional File Services
Permanently deleting files. See Salvaging and Purging Files in the
Traditional File Services Administration Guide.
Optimizing Storage Disk Capacity

There are several options for increasing the capacity of your storage disks. The
following is a list of options you can use to improve your file system storage
capacity:
Enable block suballocation if you are using the traditional NetWare file
system. This eliminates having unused data blocks on your volumes. This
feature works only on traditional partitions and volumes. Block
suballocation is enabled by default, but can be disabled when the volume
Optimizing the File System Performance 21

103-000179-001
August 30, 2001
Novell Confidential
is created. If block suballocation has been disabled, enable it in

ConsoleOneTM when you create a partition. For information about
enabling block suballocation, see Creating a Partition in the Novell
Storage Services Administration Guide. Once block suballocation is
enabled, you cannot disable the feature without recreating the volume.
If you use block suballocation, set your file block size to 64 KB. The
larger block size causes the system to transfer more data at one time so it
improves performance.
Keep at least 1000 free blocks on each NetWare volume that has
suballocation enabled. Free blocks are disk blocks that have no files
stored in them. If the number of free blocks is low, the suballocation will
increase server utilization.
To find the number of free blocks, in MONITOR select Available Options

> Volumes. Select the name of the volume you want. Press Tab to expand
the information window and note the value of the Free Blocks statistic.
For instructions on using MONITOR, see MONITOR in Utilities
Reference.
You can save partition space and increase performance by eliminating the
Hot FixTM redirection area on a partition. However, once Hot Fix is
eliminated from a partition, you cannot add it again without first deleting
the volumes on the partition. Once Hot Fix is gone, the partition will no
longer be fault tolerant, unless the hard disk itself provides a means of
fault tolerance. Data on corrupted sectors of the disk won't be redirected
to the Hot Fix redirection area. In addition, you will not be able to mirror
the partition.
Turn off Read-After-Write-Verify in MONITOR. For instructions on
using MONITOR, see MONITOR in Utilities Reference.
Read-After-Write-Verify is almost always provided by the hard disk
itself. Use the Read-After-Write-Verify feature in MONITOR only if your
hardware does not provide this feature but does support software-
controlled Read-After-Write-Verify.
See “Turning Off Read-After-Write Verification” on page 28.
If you have a 16-bit disk adapter, make sure you increase the number of
reserved buffers below 16 MB. Use the SET command or MONITOR to
set the parameter Reserved Buffers Below 16 MB to its upper limit, 300.
The parameter is found in MONITOR > Available Options > Server
Parameters > Memory. Remember that too many reserved buffers can

103-000179-001
August 30, 2001
Novell Confidential
prevent large volumes from mounting. As soon as possible, upgrade the

system to a newer board that can access higher memory. For instructions
on using the SETcommand, see SET in Utilities Reference. For
instructions on using MONITOR, see MONITOR in Utilities Reference.
Use a driver that supports scatter gather functionality.
Provide at least one device large enough to hold a core dump of the
server's memory. A core dump cannot span devices.
If a volume is comprised of two or more segments, each segment should
be on a different disk. If the volume is made of more than one segment on
one disk, the volume spans between the two segments, slowing
performance.
If you use file compression, make sure you enable the option at a time
when there is little server activity.
For example, make sure that the Deleted Files Compression Option
parameter is not set to 2, which would cause compression whenever a file
is deleted but not purged. Make sure that users have not flagged their
directories IC, which enables immediate compression. Use the SET
command to make sure that compression is scheduled to start and stop at
the appropriate times.
You can enable fault tolerance protection by mirroring or duplexing the
SYS volume, because it contains the core NetWare files. See “Mirroring
and Duplexing Partitions” on page 37.
Keep 10% free space in any NetWare volume, except SYS where there
should be 20% free space.
WARNING: Do not fill up your SYS volume. This could damage your entire file
system. The Transaction Tracking System, which protects NDS®, will shut down
compromising the NDS replicas on the server.
To keep enough free space on volumes, try the following suggestions:

Use MONITOR to check each volume's disk space regularly.
Use the Volume Low Warning Threshold parameter to specify when
you will be warned that a volume is running out of disk space. Set the
parameter in MONITOR. For instructions on using MONITOR, see
MONITOR in Utilities Reference.
Move any user files or print queues to another volume.
Don't store replicas on servers with low disk space.

103-000179-001
August 30, 2001
Novell Confidential
CD-ROM drives can create large index files. Don't use or mount the
CD-ROM unless you have enough space.
Limit the size of auditing files. (Auditing works only on traditional
NetWare partitions.)
Improving Disk Reads

On a server that is read-intensive, the following procedures can improve the
speed of disk reads.
“Changing Concurrent Disk and Directory Writes for Faster Reads” on
page 24.
“Changing the Turbo File Allocation Table (FAT) Wait Time for Faster
Reads” on page 25.
For instructions on using MONITOR, see MONITOR in Utilities Reference..
Changing Concurrent Disk and Directory Writes for Faster Reads

Use this procedure if your server is slow to respond to read requests.
NOTE: This procedure requires that you decrease the values of the Maximum
Concurrent Disk Cache Writes parameter and the Maximum Concurrent Directory
Cache Writes parameter. Although decreasing these values increases the speed
of read requests, it might decrease the speed and efficiency of write requests.
1 From the MONITOR Available Options, select Server Parameters > File
Caching.
NOTE: You can also set file caching parameters with the SET command in
MONITOR.
2 Decrease the value of Maximum Concurrent Disk Cache Writes.

If the parameter is currently set to the default value of 50, try setting the
value to 10.
3 Press ESC to return to the list of categories and then select Directory
Caching.
A list of Directory Caching parameters appears in the upper window.
4 Decrease the value of Maximum Concurrent Directory Cache Writes.
If the parameter is currently set to the default value of 10, try setting the
value to 5.

103-000179-001
August 30, 2001
Novell Confidential
5 Increase the value of Directory Cache Buffer Non Referenced Delay.

This parameter specifies how long a directory entry must be cached
before it can be overwritten. Increasing this value causes the system to
allocate more directory cache buffers and thus speeds up directory access.
If the parameter is currently set to the default value of 5.5 seconds, try
setting the value to 60 seconds.
6 Press Esc until you return to Available Options.
Changing the Turbo File Allocation Table (FAT) Wait Time for Faster
Reads
When a program randomly accesses a file that contains more than 64 file
allocation table (FAT) entries, the file system builds a turbo FAT index for the
file so that the information in the file can be accessed quickly.
The Turbo FAT Re-Use Wait Time parameter specifies how long a turbo FAT
index remains in memory after the indexed file is closed. When the turbo FAT
index is in memory, files can be opened and information accessed faster.
If network users frequently access files larger than 64 blocks, use this
procedure to increase the time the index is kept in memory.
System. For instructions on using MONITOR, see MONITOR in Utilities
Reference..
A list of File System Parameters displays in the upper window.
NOTE: You can also set file system parameters with the SET command in
MONITOR.
2 Scroll down the File System Parameters list to Turbo FAT Re-Use Wait
Time.
The scroll thumb to the right indicates that you can use the arrow keys to
scroll the list.
3 Increase the value of FAT Re-Use Wait Time.
You must specify the value in seconds.
If the parameter is currently set to the default value of 329.5 seconds (5
minutes 29.6 seconds), try setting the value to 600 seconds (10 minutes).
The changed value is now persistent.

103-000179-001
August 30, 2001
Novell Confidential
Improving Disk Writes

For a write-intensive server, the following procedures can improve the speed
of disk writes.
“Increasing the Number of Concurrent Writes” on page 26.
“Changing Disk and Directory Caching for Faster Writes” on page 27.
“Turning Off Read-After-Write Verification” on page 28.
Increasing the Number of Concurrent Writes

You can increase the speed and efficiency of disk cache writes by increasing
the number of write requests that can be executed at one time.
To determine whether you need to increase the number of concurrent writes,
first compare the number of dirty cache buffers to the total number of cache
buffers. These statistics are found on the General Information screen in
MONITOR. Dirty cache buffers contain data that has not yet been written to
disk.
The ratio of dirty cache buffers to total cache buffers is an indicator of the
efficiency of disk cache writes. If the number of dirty cache buffers is greater
than 70 % of total cache buffers, increase the number of concurrent write
requests.
For an explanation of file caching, see Setting the Cache Buffers in the Novell
NOTE: Increasing the number of concurrent disk cache writes slows disk cache
reads. You might want to balance the speed of disk writes and reads to meet the
needs of users. If your server's processing load is write-intensive, you can favor
disk writes. If it is read-intensive, favor disk reads.
Caching. For instructions on using MONITOR, see MONITOR in
MONITOR.
2 Increase the value of Maximum Concurrent Disk Cache Writes.

If the parameter is currently at the default value of 50, try increasing it to
100. The changed value is now persistent.

103-000179-001
August 30, 2001
Novell Confidential
Changing Disk and Directory Caching for Faster Writes

Use this procedure if network users frequently make many small write
requests and the server is slow to respond to the requests.
Caching. For instructions on using MONITOR, see MONITOR in
MONITOR.
2 Increase the value of Dirty Disk Cache Delay Time.

This parameter specifies how long the system waits before writing a not-
completely-dirty cache buffer to disk.
If the value is low, the system writes to disk more frequently, but writes
fewer requests each time. If the value is high, the system waits longer
before writing to disk, but executes more write requests with each
operation. A higher value provides greater efficiency in writing to disk.
If the parameter is currently at the default value of 3.3 seconds, try
increasing the value to 7 seconds.
3 Press Esc to return to the list of parameter categories and then select
Directory Caching.
A list of Directory Caching Parameters appears in the upper window.
The scroll thumb to the right indicates that you can use the arrow keys to
scroll the list.
4 Increase the value of Dirty Directory Cache Delay Time.
This parameter specifies how long the system keeps a directory table
write request in memory before writing it to disk.
IMPORTANT: Increasing the parameter provides slightly faster performance, but
can increase the chance of directory tables becoming corrupted.
If the parameter is currently at the default value of 0.5 second, try

increasing the value to 2 seconds.
5 Increase the value of Maximum Concurrent Directory Cache Writes.
This parameter determines how many write requests from directory cache
buffers are executed at one time. Increasing this value increases the
efficiency of directory cache write requests.

103-000179-001
August 30, 2001
Novell Confidential
NOTE: Increasing the number of concurrent directory cache writes decreases the
speed of directory cache reads. Balance the speed of writes and reads to meet the
needs or your users.
If the parameter is currently at the default value of 10, try increasing the
value to 25. The changed value is now persistent.
Turning Off Read-After-Write Verification

Read-After-Write Verify is almost always provided by the hard disk. If your
hard disk provides read-after-write verification, you might want to disable the
software version of read-after-write verification in order to nearly double the
speed of disk writes.
WARNING: Turning off read-after-write verification can increase the risk of data
corruption on the server's hard disk. You should use the following procedure only
if your disks provide read-after-write verification and are reliable or if your disk
subsystem provides data fault tolerance through mirroring or appropriate RAID
level.
Prerequisites
Hard disks that provide their own means of read-after-write verification.
Procedure
1 From the MONITOR Available Options, select Storage Devices.
A list of Registered Storage Objects appears. The device information
associated with a highlighted storage device appears in the upper window.
You can verify the type of storage device in the Device Type field.
2 Select the desired hard disk from the list.
The Drive Status window appears. The Read After Write Verification
field indicates whether the feature is turned On or Off.
3 Press Enter to access the Read After Write Verification options.
4 To change Read After Write Status, select Disable Verify.
5 Press Esc to return to Available Options.
NOTE: You can also disable read-after-write verification by setting the Enable Disk
Read After Write Verify SET parameter to OFF. However, this setting affects only
those disks loaded after the parameter value is changed. It does not change the
setting for currently loaded disks.

103-000179-001
August 30, 2001
Novell Confidential
3 File System Management
It is important to monitor disk space regularly and keep a log to track disk
usage over time. For instructions on checking disk space, see Viewing Storage
Objects in the Novell Storage Services Administration Guide.
Adding a hard disk to the server requires both installing and partitioning the
disk, as well as loading disk drivers.
For information about adding conventional hard disks and loading disk
drivers, see “Adding a Hard Disk to the NetWare Server” on page 32.
NetWare® partitions can be created on any hard drive and can coexist
with other partitions such as DOS or UNIX. For information about
creating and deleting traditional NetWare partitions, see Creating a
Disk space not assigned to NetWare partitions can be used for the Novell®
Storage ServicesTM (NSS) file system. For information about creating
NSS partitions, storage groups, and volumes, see Setting Up and
Configuring Novell Storage Services in the Novell Storage Services
To determine the operating status of your disk subsystem and to activate or
deactivate a storage device, see “Activating and Deactivating a Hard Disk” on
page 36.
To increase the fault tolerance of your server, you can mirror the data from a
NetWare partition on one disk to NetWare partitions on other disks. When you
mirror partitions over different disk channels or host bus adapters, this is
called duplexing. The process for mirroring and duplexing is the same. To
mirror and unmirror partitions or to recover data from mirrored partitions, see
“Mirroring and Duplexing Partitions” on page 37.
Removable media devices can be mounted and locked or unlocked using
MONITOR, See “Managing Removable Media Devices” on page 38.
File System Management 29

103-000179-001
August 30, 2001
Novell Confidential
View a List of Adapters and Devices

To see a list of server hardware devices, type the following at the server
console prompt:
LIST DEVICES
To see a list of storage adapters and the devices they drive, at the server
console prompt enter:
LIST STORAGE ADAPTERS
The screen lists each adapter, followed by a list of devices driven by that
adapter.
To see a list of CDMs bound to a particular device, at the server console
prompt enter:
LIST STORAGE DEVICE BINDINGS object_number
Find the object number by executing the LIST DEVICES command; the
object number is the first number on each line in the list. Do not enter the
0x000prefix.
For example, this command lists CDMs for device 0x0001:
LIST STORAGE DEVICE BINDINGS 1
Checking Available Disk Space

You should monitor available disk space regularly and keep a log so you can
track disk usage over time. This information helps you make the best use of
your disk space management options, such as adding a new hard disk,
compressing files, and migrating data to an offline system such as an optical
disc library.
HINT: You might want to enter the disk space information on a spreadsheet to
create a graph of disk usage over time.
1 From the MONITOR Available Options, select Volumes.

A list of mounted volumes appears. Volume information is displayed for
the highlighted volume in the upper screen.
2 Press Tab to expand and activate the Volume Information window.
The scroll thumb at the right of the window indicates that the list of
Volume parameters is scrollable.

103-000179-001
August 30, 2001
Novell Confidential
3 Scroll to Disk Space and note the available disk space for the volume and
record it in a log.
4 Press Tab to return to the list of Mounted Volumes. Check additional
volumes as necessary.
6 Repeat this procedure weekly for each volume.
Checking for Disk Errors

MONITOR indicates how many data blocks have been redirected by Hot
FixTM because of bad sectors on the disk. Review Hot Fix statistics regularly
to detect disk problems before they cause loss of data.
IMPORTANT: When the number of available Hot Fix redirection blocks is 10 or
fewer, NetWare broadcasts warning messages. If you receive these messages, the
Hot Fix redirection area is nearly full and the disk is in danger of failing. Take
immediate corrective action.
Follow this procedure to review the Hot Fix statistics in MONITOR.

NOTE: Some hard disks perform their own redirection automatically, independent
of the NetWare Hot Fix mechanism. The MONITOR statistics reflect only Hot Fix
redirection.
1 Load MONITOR at the server console prompt.
For instructions on using MONITOR, see MONITOR in the Utilities
Reference.
2 Select Storage Devices, then select a Hot Fix partition.
3 Press Tab to expand the information window.
The window displays several Hot Fix statistics.
The following statistics indicate how much data redirection is taking
place:
Total Hot Fix Blocks Available: The total number of blocks within the
Hot Fix redirection area, whether used or not.
Used Hot Fix Blocks: The number of blocks holding redirected data.
Number of Available Hot Fix Blocks: Remaining unused blocks in the
Hot Fix redirection Area.

103-000179-001
August 30, 2001
Novell Confidential
System Hot Fix Blocks: The number of blocks in the Hot Fix redirection
area set aside for Hot Fix and Mirroring tables. These blocks are used to
manage both Hot Fix and mirroring.
The number of available Hot Fix blocks equals the total number of Hot
Fix blocks, minus the used and system Hot Fix blocks.
4 Note the number of used Hot Fix blocks and compare it to the total
number of blocks and the number of available blocks.
If the number of redirected blocks is zero or very low, and if it has not
changed since you last reviewed the statistics, you do not need to take
corrective action.
If the number of redirected blocks has increased substantially since you
last reviewed the statistics, or if the number is over half the total number
of redirection area blocks, back up the data on the hard disk and
troubleshoot the disk, controller, and host bus adapter.
If the number of redirected blocks has increased slightly since you last
reviewed the statistics, monitor the server closely and be prepared to
troubleshoot the hardware if necessary.
Adding and Replacing Hard Disks

The following procedures explain how to add or replace conventional hard
disks in the NetWare server and how to load or replace disk drivers.
“Adding a Hard Disk to the NetWare Server” on page 32
“Replacing a Hard Disk” on page 33
“Loading Disk Drivers” on page 34
“Replacing Disk Drivers” on page 35
Adding a Hard Disk to the NetWare Server
Prerequisites
All users logged out of the server
Access to the documentation that came with the hard disk
Access to the documentation that came with the computer

103-000179-001
August 30, 2001
Novell Confidential
Procedure
Use the following procedure to install an additional hard disk in a functioning

NetWare server.
1 Follow the instructions that came with your hard disk to install the disk
and associated hardware, such as a disk adapter and cable. If necessary,
configure the computer to recognize the new disk
Refer to the documentation that came with the computer for more
information about configuration methods and requirements.
2 Start the server.
3 From ConsoleOneTM, click Media > Devices > Scan for Devices.
You must load a driver if you have installed a new disk adapter along with
the hard disk. For instructions on loading drivers, see “Loading Disk
Drivers” on page 34.
After you install the new hard disk you can use ConsoleOne to configure
the disk. For more information about configuring the disk, see Setting Up
and Configuring Novell Storage Services in the Novell Storage Services
Replacing a Hard Disk

If a hard disk becomes unreliable or unusable, follow this procedure to remove
the disk from the network.
If you have been backing up your data consistently and verifying its integrity,
you will be able to reload data for the volumes affected by the disk failure.
1 If the bad disk was mirrored, check the sys$log.err file to see which disk
in the mirrored set failed.
The error log contains a message stating that a device has been
deactivated due to a device error. It includes the device name, which is a
series of letters and numbers within brackets. See “Device Names” on
page 14.
2 If possible, make a backup copy of the data on the hard disk.
Make sure the backup copy contains uncorrupted versions of all files and
directories on the hard disk.
3 From ConsoleOne, click Media Traditional Volumes or Logical Volumes
depending on which volumes you have on the disk.

103-000179-001
August 30, 2001
Novell Confidential
4 Select a volume that is on the disk you are replacing, click Dismount.
Repeat this step for all volumes on the disk.
6 Select a partition that is on the disk you are replacing, click Mirror.
7 Select a partition, click Remove.
This removes the partition from the mirror group. Repeat steps 6 and 7 for
each partition that is on the disk you are replacing.
8 Remove the hard disk and install the replacement.
Use the instructions that came with the hard disk.
9 Turn on power and restart the server.
If the failed disk contained the only copy of the server operating system,
refer to your backup software to determine whether you can restore
NetWare and the file system from a backup or whether you must reinstall
NetWare.
If you use Storage Management Services (SMS) as your backup
application, you must reinstall NetWare, then restore files from a backup.
See Restoring Data from a Server in the Storage Management Services
After you install the new hard disk you can use ConsoleOne to configure
the disk. For more information about configuring the disk, see Setting Up
and Configuring Novell Storage Services in the Novell Storage Services
Loading Disk Drivers

If you add or replace a hard disk adapter on your NetWare server, you must
load the corresponding disk driver.
Loading a disk driver enables communication between the disk controller and
the server's CPU.
Load the disk driver once for each disk adapter you want to support.
Follow the instructions that accompany the driver. Most NetWare disk drivers
have a help file that appears on the screen as you highlight the driver. Refer to
these descriptions to determine which driver to load.

103-000179-001
August 30, 2001
Novell Confidential
IMPORTANT: Some drivers do not have a description file (a configuration file

that's appended to the driver). These drivers have to be loaded manually at the
system console. To load these drivers, follow the screen prompts or press F1 for
help.
For general information about .cdm and .ham modules, see “Drivers for Host
Adapters and Storage Devices” on page 16.
Replacing Disk Drivers

The conventional way to replace a disk driver is to unload the driver, thus
dismounting all the volumes, then load the new driver and remount the
volumes. If you are following this process, be sure you replace a driver only
when users won't need to access the volumes.
You can replace one instance of a driver that has been loaded multiple times
by using the REMOVE STORAGE ADAPTER command at the server
console.
NetWare also supports hot replace disk drivers that can be replaced without
dismounting volumes or otherwise interrupting the server's operation. If you
are replacing such a driver, simply load the new driver at the server console
prompt. The server loads the new driver immediately and unloads the old
driver without dismounting volumes or otherwise interrupting service.
If you aren't sure whether your disk driver is a hot replace driver, try loading
the new driver without unloading the existing driver. You will receive an error
message if the driver can't be replaced without first unloading the old driver
and dismounting volumes.
Creating NetWare Partitions

NetWare partitions can be created on any hard drive and can coexist with other
partitions such as DOS, Windows* NT* UNIX*. Disk space not assigned to
NetWare partitions can be used for the Novell Storage Services file system.
When there is a DOS partition on the drive, it should always be the first
partition. The NetWare partition should always be the last partition on the
drive.
You can have as many as four partitions on the same drive, including multiple
NetWare partitions.

103-000179-001
August 30, 2001
Novell Confidential
If you have partitions from previous versions of NetWare that you are no
longer using, you can delete them and create a new NetWare partition. (See
“Deleting NetWare Partitions” on page 36 for more information.)
WARNING: When creating a disk partition, never specify a partition size larger
than the actual size of the disk. If you specify a larger size, NetWare will eventually
try to use the excess disk space. When it determines there is no corresponding disk
location, it deactivates the volume stored on the disk.
For instructions on creating partitions, see Creating a Partition in the Novell

Deleting NetWare Partitions

This section explains how to delete traditional NetWare partitions. For
information about deleting NSS partitions, storage groups, and volumes, see
Setting Up and Configuring Novell Storage Services in the Novell Storage
Services Administration Guide.
NOTE: The partition table displays partitions such as OS/2*, UNIX, and XENIX* as
Unknown Partition Type #. Don't delete these unknown partition types unless you
know what is on them.
Some machine vendors such as COMPAQ* create a small partition that setup and
configuration utilities can be run from. Don't delete this partition.
For instructions on deleting partitions, see Deleting a Partition in the Novell

Activating and Deactivating a Hard Disk

Use this procedure to determine the operating status of your disk subsystem
components and to activate or deactivate a storage device. (When you
deactivate a disk, its volumes are dismounted.)
Reference.
You can verify the type of storage device in the Device Type field.
NOTE: Storage devices are listed in hierarchical order to reflect each object's
dependencies. In descending order, each object is indented to indicate that it is a

103-000179-001
August 30, 2001
Novell Confidential
child to the object above it. In ascending order, parent objects appear immediately
above the highlighted object.
2 Select the appropriate hard disk from the list.

The Drive Status window appears. The Operating Status field indicates
whether the device is activated or deactivated.
3 Press Enter to access the Operating Status options.
4 To change the operating status of the disk, highlight either Activate or
Deactivate and press Enter.
If you attempt to deactivate a disk that has mounted volumes, you receive
a confirmation prompt. If you confirm that you want to deactivate the
disk, the volumes are dismounted.
Mirroring and Duplexing Partitions

The process for mirroring and duplexing is the same. The term mirroring is
used in all menus to refer to both mirroring and duplexing.
Mirroring Partitions
For instructions on mirroring partitions, see Creating a Partition in the Novell
Unmirroring Partitions
You must unmirror mirrored partitions before you can delete a partition or
conduct surface tests on a disk.
For instructions on unmirroring partitions, see Deleting a Partition in the
Novell Storage Services Administration Guide.
Recovering Data from an Out of Sync Disk

Once a hard disk is unmirrored, its status is listed as either Not Mirrored or
Out of Sync on the Disk Partition Mirroring Status list.
When a hard disk is listed as Out of Sync, the operating system does not
recognize any volume information on it. Use this procedure to recover data
from an Out of Sync partition.

103-000179-001
August 30, 2001
Novell Confidential

4 Select a Partition that contains the data you want to recover, click Mirror
> Resync.
This initiates the resynchronization process for the mirror group that
contains the partition you selected.
Managing Removable Media Devices
Mounting a Removable Media Device

Use this procedure to mount a removable media device, such as a CD-ROM
drive.
Before you mount a CD-ROM volume, make sure you have enough space or
else consider making it read-only. The associated indexing files create
substantial overhead.
Reference.
Use the Device Type field to verify the type of storage device.
2 Select the appropriate CD-ROM or other removable media device from

the list.
The Drive Status window appears. The Removable Drive Mount Status
field indicates whether the device is mounted or dismounted.
3 To change the mount status of the device, select the Removable Drive
Mount Status field.
The Change Mount Status window appears.

103-000179-001
August 30, 2001
Novell Confidential
4 Select Mount Drive.

Dismounting a Removable Media Device

Use this procedure to dismount a removable media device, such as a CD-ROM
device.
Reference.
Check the Device Type field to verify the type of storage device.

the list.
The Drive Status window appears. The Removable Drive Mount Status
field indicates whether the device is mounted or dismounted.
3 To change the mount status of the device, select Removable Drive Mount
Status field.
The Change Mount Status window appears.
4 Select Dismount Drive.
Locking and Unlocking a Removable Media Device

Use this procedure to lock or unlock a removable media device, such as a CD-
ROM device. (When a removable media device is locked, the media can be
ejected only by using a software switch.)
1 From the MONITOR. Available Options, select Storage Devices.
Reference.

103-000179-001
August 30, 2001
Novell Confidential

Check the Device Type field to verify the type of storage device.

the list.
The Drive Status window appears. The Change Lock Status field
indicates whether the device is locked or not locked.
3 To change the lock status of the device, select the Removable Drive Lock
Status field.
The Change Lock Status window appears.
4 Select either Lock Drive or Unlock Drive.

103-000179-001
August 30, 2001
Novell Confidential
Storage Management Services Administration Guide
Novell
NetWare 6 ®
www.novell.com
S TO R A G E M A N A G E M E N T S E RV I C E S
August 29, 2001

Novell Confidential
Contents
Preface 7
1 Overview 9
Backup Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
SMS Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Supported Storage Devices and Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Storage Management Engine (SME) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Storage Management Data Requester . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Memory Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Backup Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Backup Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Customizing Your Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Scan Data Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Keeping a Backup Logbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Planning a Backup Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Preparing to Back Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Determining an Appropriate Backup Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Backups and eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Backups and the File System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Backups and Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Target Service Agents (TSAs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Restore Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
How SMS Restores Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Restore Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Restoring eDirectory and the File System . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Restoring Cluster-enabled Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Session Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Log and Error Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2 Setting Up 41
SBCON Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Before Loading the Backup Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Before Running the Backup Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Customizing the NetWare Server as the Backup Server . . . . . . . . . . . . . . . . . . . . 43
Loading Controller and Storage Device Drivers on the Server . . . . . . . . . . . . . . . . . 44
Loading the Target Service Agents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Contents 5

103-000134-001
August 29, 2001
Novell Confidential
Loading SBCON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Unloading SBCON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Loading NWBACK32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Exiting NWBACK32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Backing Up Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Backing Up from the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Backing Up from a Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Backing Up Cluster-enabled Pools from the Server . . . . . . . . . . . . . . . . . . . . . . 56
Backing Up a Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Changing Your Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Changing a Target at a Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Changing a Target at a Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Restoring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Restoring Data from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Restoring Data from a Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Restoring eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
eDirectory Restore Session Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Completing the eDirectory Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Restoring Cluster-enabled Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
3 Managing 81
Prerequisites for SBCON Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Storage Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Spanning Storage Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Log and Error Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
4 Optimizing 101
Compressed Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Host Server Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Common Backup Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
6 Storage Management Services Administration Guide

103-000134-001
August 29, 2001
Novell Confidential
Preface
Novell® Storage Management ServicesTM (SMSTM) is a collection of software

programs that provides backup and restore services. These services are
performed by a collection of components that are independent of operating
systems and hardware.
You can backup SMS Targets such as Novell eDirectoryTM, binderies, the file
system, cluster-enabled pools or an individual workstation's hard disk onto a
media that can be stored off-site. If you have a hardware failure, natural
catastrophe, corrupted data, or incorrectly deleted or changed data, you can
recover a previous version of the data.
Preface 7

103-000134-001
August 29, 2001
Novell Confidential

103-000134-001
August 29, 2001
Novell Confidential
1 Overview
Backup services is an essential piece of the Novell® Storage Management

ServicesTM (SMSTM) software, a collection of services that provides backup,
restore, and data migration. These services are performed by various
components and are independent of operating systems and hardware.
This chapter discusses the following:
“Backup Services” on page 9
“SMS Components” on page 10
“Restore Services” on page 31
“Session Files” on page 37
Backup Services
Storage Management Services (SMS) allows you to back up SMS targets such
as eDirectoryTM, the file system, cluster-enabled pools, or hard disks on
individual workstations to media such as a tape drive for off-site storage, and
gives you a periodic view (daily, weekly, monthly) of your data. Then in case
of hardware failure, natural catastrophe, corrupted data, or incorrectly deleted
or changed data, you can retrieve a previous version of the data.
Backup services provides information on supported devices, the SMS
architecture, memory requirements, types of backup offered, customizable
options, schedules, how to back up eDirectory, how to back up the file system
(both traditional NetWare® file system and Novell Storage ServicesTM), how
to back up cluster-enabled pools, and how to use Target Service Agents (TSA).
Overview 9

103-000134-001
August 29, 2001
Novell Confidential
The following topics are discussed in this section:

“Backup Types” on page 16
“Customizing Your Backup” on page 16
“Keeping a Backup Logbook” on page 21
“Preparing to Back Up” on page 22
“Backups and eDirectory” on page 23
“Backups and the File System” on page 27
“Backups and Clusters” on page 29
SMS Components
Storage Management Engine (SME) for backup and restore operations.
Novell provides the SBCON utility as a basic SME for NetWare.
See “Storage Management Engine (SME)” on page 12 for more
information.
Storage Management Data Requester (SMDR) for passing
communication between the backup program (see “Storage Management
Data Requester” on page 13) and the TSA software (see “Target Service
Agents (TSAs)” on page 30.)
Storage device interface is used to pass information between the SME
and the storage device.
Device drivers are used to control the behavior of the storage devices.
Target Service Agents (TSAs) pass requests and commands between the
SME and server or eDirectory database, and prepare the data for the SME.
TSA600.NLM must be loaded on the server where the data is to be
backed up.
See “Target Service Agents (TSAs)” on page 30 for more information.
TSAProxy (TSADOS for DOS workstation) is used to register the
workstation with the host server. TSAProxy also identifies and keeps
track of the stations waiting to be backed up. It receives "I am here"
messages from workstations available to be backed up. The TSAProxy

103-000134-001
August 29, 2001
Novell Confidential
keeps the names of these workstations in an internal list and displays the
list, allowing you to select a target for a backup or restore procedure.
The SBCON process involves two machines:
The host server is typically the NetWare server running the backup
program. The SMS components will include the backup engine, the
SMDR, the Storage Device Driver, the tape device, and the required
Target Service Agents.
A target server is the NetWare server that contains the data to be backed
up or restored. Depending on the data to be backed up, the appropriate
Target Service Agent must be loaded.
Target Software Host Software
Server
NetWare 6 NetWare 6
T
S TSA600 Storage Management Engine (SME) NetWare 6
A T
S TSA600
Server Storage Management Data Requester (SMDR) A
NDS DOS
T Storage Device Driver T Partition
S TSANDS S
A A TSADOSP
Server
Storage Device
SBCON can also be loaded and used on one machine.

SBCON uses an application on the host server to communicate with modules
on target devices. The application reads the information from the target device
and sends it to a storage medium, such as a tape drive.
Overview 11

103-000134-001
August 29, 2001
Novell Confidential
Supported Storage Devices and Drivers

SBCON supports 0.25-inch, 4mm, and 8mm storage devices. If you are using
4mm tape, use only DDS (Digital Data Storage)-certified, computer-grade
tapes.
IMPORTANT: To ensure reliable operations, pretest all media storage devices
that are not Novell certified with the appropriate NetWare device driver and SBCON
backup and restore utility.
Use the driver files recommended by your hardware manufacturer.
Storage Management Engine (SME)

The Storage Management Engine (SME) is central to the SMS architecture.
The SME communicates with the network clients to back up and restore
information.
SBCON has three modules:
User interface - Creates a job and submits to the NDS Queue.
Q Manager (QMAN) - Takes the job from the NDS Queue which is ready
for execution.
Engine - Completes the job.
Q Manager facilitates multiple job scheduling plus other features. Loading Q
Manager automatically loads the backup engine. The user interface can be
loaded after you load the Q Manager. See “Setting Up” on page 41 for
information on Q Manager.
SME
User Interface
NDS Queue Q Manager
1 2 3
1 User Interface creates a job and submits to the NDS queue

2 Q Manager takes the job from the NDS Queue which is ready for execution
3 The engine

103-000134-001
August 29, 2001
Novell Confidential
Storage Management Data Requester

The Storage Management Data Requester (SMDR) is the communication
module in the SMS architecture. It provides transparent access to SMS
services in an intranet as it allows access to local or remote SMS services. The
SMDR APIs are used by SBCON and other third-party applications as well.
SMDR uses TCP Port Number 413.
Features of SMDR
The features of the SMDR 6.00 include the following:

Protocol Independence: SMDR 6.00 is protocol independent and does not
depend on Sequenced Packet ExchangeTM (SPXTM) or Internetwork Packet
ExchangeTM (IPXTM) protocols. From NetWare 5.1 onwards, the requester also
uses TCP/IP for communicating with other SMDRs. Although SMDR 6.00
can be configured to support TCP/IP, SPX/IPXTM, or TCP/IP and SPX/IPX,
both protocols are supported by default. SMDR versions prior to 5.00 use the
SPX protocol.
If cluster-enabled pools are to be backed up or restored, use SLP as the
discovery mechanism.
The protocols can be specified in the configuration file, SMDR.CFG (see
“Using the SMDR Configuration File” on page 14 for more information).
NDS Registration and Name Resolution: SMDR creates an SMS Remote
Procedure Call (RPC) object in eDirectory. The default tree of the server (the
tree in which the server is present) is used for eDirectory registration.
The SMS RPC object is defined with the following attributes:
Common Name - Name of the server on which the SMDR is located
Status - Indicates whether the SMDR is active or inactive
Protocol - List of protocols for which the SMDR has listeners
Version - Version number of the SMDR
Services - List of services registered with the SMDR
The SMDR creates an instance of this RPC class at the SMDR Context
location in the server's default tree. The SMDR Context is specified in the
SMDR.CFG file, which can be edited at any given time.
Multiple SMDRs are grouped together to reduce the search scope in
eDirectory. A SMDR Group object defines this search scope. This group
Overview 13

103-000134-001
August 29, 2001
Novell Confidential
represents an instance of a predefined group class in the eDirectory schema.

Any number of such groups can exist in eDirectory. The SMDR can become
a member of one or more groups by registering its object's (SMS RPC object)
context.
When SMDR requires name resolution, it searches all members of the SMDR
Group at SMDR Group Context. The SMDR Group Context and SMDR
Group are specified in the SMDR.CFG file.
Name Resolution Using SAP: SMDR can also be configured to use Service
Advertising Protocol (SAP) for locating other SMDRs in an IPX environment.
Each SMDR advertises the server name where it is loaded using service type
0x23F. But in an IP environment, NDS and Service Location Protocol (SLP)
replaces SAP.
Name Resolution Using SLP: SMDR can also be configured to use Service
Location Protocol (SLP) for locating other SMDRs. This enables SMDRs to
locate other SMDRs running on servers that belong to different trees. Every
SLP enabled SMDR will register itself in the smdr.novell domain when
loaded. The SLP enabled SMDRs will query this domain for locating
registered SMDRs.
SLP, SAP, and NDS discovery mechanisms are enabled by default.
Using the SMDR Configuration File
The SMDR.CFG file is a text file located in the SYS:\ETC\SMS\ directory on

your server.
You can modify the configuration file from the command prompt by entering:
LOAD SMDR NEW
The SMDR Configuration screen is displayed where you can make the
required modifications.
SMDR Configuration Problem
If you try to load SBCON when you have not set the SMDR on a server with
the corresponding eDirectory objects and configuration, SBCON will
autoload the SMDR and prompt you for configuration information. (This
screen is hidden by the SBCON screen). To rectify this problem, press
Alt+Esc to allow the SMDR to complete its setup before loading SBCON.

103-000134-001
August 29, 2001
Novell Confidential
If NetWare Common Install is used to install SMS (see “Customizing the

NetWare Server as the Backup Server” on page 43 for more information), this
problem will not occur. If the SMDR is explicitly loaded for the first time, the
screen for configuration information will not be hidden.
Memory Requirements
To run SBCON, the host server requires the following:
A minimum of 3 MB free memory for SBCON
Memory required to run NetWare 6 (currently 256 MB RAM)
Memory required to run the clients
If 3 MB of memory is not available, try setting the storage buffers lower than
the default and still run SBCON.
Backup Files
Each backup session produces three types of files:
Data files are copied to the selected storage media.
Log files are produced by the engine during backup and restore. Log files
are placed in a directory on the host server and accessed through the
SBCON Main Menu or from a Windows* 95, 98, 2000 or Windows NT*
workstation using NWBACK32.
Error files are produced by the engine while backing up. Error files are
placed in a directory on the host server and accessed through the SBCON
Main Menu or from a Windows 95, 98, 2000 or Windows NT workstation
using NWBACK32.
Both log and error files contain information such as the date, time, and
media identification for a session. But the error file also contains a list of
any errors that occurred during the backup session, such as files that were
not backed up (see “Log and Error Files” on page 93 for more information
on these files). The log and error files are labeled with the same
description you give the session.
Overview 15

103-000134-001
August 29, 2001
Novell Confidential
Backup Types
SBCON has three types of backup sessions:
Full backup—Backs up the entire file system of the selected target
regardless of whether the data has changed since the last backup, and
clears the Modify bit after the backup.
Differential backup—Available only for the file system; backs up only
data that has been changed since the last full or incremental backup.
When you perform a differential backup, the modify bit is not cleared
after the backup. All files modified since the last full backup are included
in the backup (unless they have been deleted). Each differential backup
uses more media and is slower than an incremental backup because it
backs up more files.
IMPORTANT: Do not interchange differential backups and incremental backups.
If you do, the differential backup will not contain all changes since the last full
backup. Use full backups interspersed with differential backups or full backups
interspersed with incremental backups.
Incremental backup—Available only for the file system; backs up only

data that has been changed since the last full or incremental backup
(whichever was last). Incremental backup sessions back up only files that
have the modify bit set (that is, files that changed since the last full or
incremental backup session when the modify bit was cleared).
Customizing Your Backup

All backup types contain advanced options to allow you to customize your
backup. These options allow you to
Choose subsets of data to back up
You can choose specific subsets of a data set to exclude from or include
in the backup session by selecting major resources, such as volumes, files,
directories, or path.
See “Exclude and Include Options” on page 17.
Specify how to scan what you are backing up
See “Scan Data Sets” on page 19.

103-000134-001
August 29, 2001
Novell Confidential
Exclude and Include Options
Whenever you perform a custom backup or restore, you can use the exclude
and include options to select subsets of what you want to back up.
Whether you use exclude or include usually depends on the size of the data
you want to back up, compared to the size of the data you do not want to back
up.
Exclude
To back up most of the file system structure or eDirectory tree structure while
omitting only a small part, use the exclude option to omit the part you do not
want to back up. Everything that you do not specifically exclude is included.
After you exclude part of the structure such as a volume, directory, or
container, you cannot include any subdirectories, files, or objects beneath that
excluded volume, directory, or container.
Include
To back up a small part of the file system structure, use the include option to
specify the data you want. Everything you do not specifically include is
excluded.
When you select only part of the file system structure to include (such as a
volume), all directories, subdirectories, and files under that selection are
included in the backup by default.
In the figure given below, volume SYS: is selected as an include option. All
other areas of the file system structure are excluded from the backup. You can
exclude some subdirectories or files beneath your selection if necessary.
SYS Public Project A2ZCO

Mail Widget.exe
System
Login Report January.prj
February.prj
HOME NetUsers Karl March.prj
Appl
Proposal Tessier.Inc
Nu_Artco
Mary Directories
Subdirectories
Files
Thomas Directories
Subdirectories
Files
Overview 17

103-000134-001
August 29, 2001
Novell Confidential
The same principle applies when you specify a directory with the include
option. The figure below shows that all directories, subdirectories, and files
under the NetUsers directory are included in the backup. All other areas of the
file system structure are excluded from the backup.

Mail Widget.exe
System
February.prj
Appl Proposal Tessier.Inc

Nu_Artco
Mary Directories
Subdirectories
Files
Thomas Directories
Subdirectories
Files
The reverse is true when you select a major TSA resource, a directory, or a file
as an exclude option. All other areas of the file system structure are included
in the backup.
Combining Include and Exclude Options
By combining the include and exclude options, you can control what is backed
up.
For example, the following command sequence results in volume HOME
being included in the backup with the exception of the MARY directory and
the WIDGET.EXE file.
Include major TSA resources HOME:
Exclude directories (full path): HOME:NETUSERS/MARY
Exclude path/files HOME:NETUSERS/KARL/PROJECT/WIDGET.EXE

103-000134-001
August 29, 2001
Novell Confidential

Mail Widget.exe
System
February.prj
Appl
Nu_Artco
Mary Directories
Subdirectories
Files
Thomas Directories
Subdirectories
Files
Scan Data Sets

You can specify a different type of data set to be scanned.
A data set is a group of data that can be manipulated by SBCON. Each data
set in the file system structure can be classified as a parent or a child, and each
class includes different types of data items.
Within SBCON, a parent might be a server, eDirectory, a volume, or a
directory. A child is a file, which is the lowest level of the directory structure.
The unit below a parent is not necessarily a child; it might be another parent,
or the line might end with the parent. The unit above a child must always be a
parent.
Overview 19

103-000134-001
August 29, 2001
Novell Confidential

Mail Widget.exe
System
February.prj
Appl
Nu_Artco
Mary Training Workbook

Viewgraph
Script
Schedules June
July
August
Thomas Manuals Widget.Co chapt.1

chapt.2
chapt.3
chapt.4
appx.A
appx.B
glossary
index
Acme.Inc pamphlet
Parents (all units above final) art
maps
Children (final units only) plans
Items in a data set for either a parent or child should be items that do not
frequently change. You might choose to exclude from the backup session one
or more items in the data set of your target.
Overwriting a Parent or Child
SBCON allows you to overwrite all existing parents or children. Children can
be overwritten only if the date on the data set on the hard disk is more recent
than the date of the data set backup.

103-000134-001
August 29, 2001
Novell Confidential
Keeping a Backup Logbook

Keep a hard copy log of your backups in case your online log and error files
become corrupted. The log should contain the following information:
Source backed up (such as the server or workstation name)
Full path for session log and error files directory
Full path for backed-up data
Label of the media on which the backup is stored
Description of the session
Name or initials of the person performing the backup
Date and time of the backup session
Planning a Backup Schedule

Before you begin backup procedures, plan a backup schedule based on your
needs. Consider such factors as the number of users and frequency of changes
to files.
You can perform different types of backups on different schedules:
Daily—Perform an incremental or differential backup after the close of
business. If revisions are heavy and rapid, consider several backup
sessions each day.
Weekly—Perform an incremental or differential backup after the close of
business on the last day of the week for three of the four weeks in the
month.
Monthly—Perform a full backup on the last business day of the month
(for example, the last Friday).
Major changes—Perform a full backup before and after you change your
configuration, and before and after you upgrade your server to a new
version of NetWare.
Application changes—Perform a custom backup before and after you
modify applications.
Overview 21

103-000134-001
August 29, 2001
Novell Confidential
Preparing to Back Up
Careful planning can help you minimize the impact of data loss. Before you
back up, consider the following:
What should be backed up
Where to back up
Backup type
Who should back up
When to back up
How to prepare for a backup
How to track backup
Open Files Backup
TSA600.NLM supports backup of open files on Novell Storage Services

(NSS) volumes if the CopyOnWrite feature is enabled.
To enable CopyOnWrite on a single NSS volume, do the following:
nss /FileCopyOnWrite=volume_name
2 Dismount and remount the volume.
2a To dismount the volume, enter
dismount volume_name
2b To remount the volume, enter
mount volume_name
To enable the feature on all NSS volumes, enter
nss /FileCopyOnWrite=all
Continue with the next sections to prepare for the backup session.

103-000134-001
August 29, 2001
Novell Confidential
Determining an Appropriate Backup Type

Each type of backup has a different effect on the backup and restore process.
When planning your backup schedule, consider all of the following variables
before determining which schedule is right for you.
Media usage and backup speed. This helps increase the speed of the restore.
Restoring after incremental backups. If you have performed full and
incremental backups and need to restore data, you must restore the last full
backup as well as all subsequent incremental backups.
Restoring after differential backups. If you have performed full and
differential backups and need to restore data after an unexpected loss, restore
only the last full and differential backup.
Backups and eDirectory

The best way to protect your eDirectory database is to use replicas.
Replication, however, is not sufficient protection for a single server network
or when all copies of the replicas are destroyed or corrupted. In these
instances, if the eDirectory data has been backed up regularly, the eDirectory
tree structure can be restored using SMS.
You can back up the entire tree or a selected section of the tree starting with a
particular container. You can back up the schema and schema extensions.
Trustee assignments are backed up as part of the file system.
You cannot back up partition information. If the eDirectory tree structure
becomes corrupted and you restore the eDirectory data, all data is restored to
one partition, [Root]. You need to repartition that portion of the tree.
It is important that you keep a written copy of the tree structure and the
partitions. You can use the DSMISC.LOG file that is backed up with the file
system as part of the server-specific information.
This section discusses the following:
Managing “Distributed Database” on page 24, “Server Interdependence”
on page 24, “Object ID Numbers” on page 24, “Placeholder (Unknown)
Objects” on page 25, and “Schema Backup” on page 24
“Backup Software for eDirectory” on page 25
“Setting Rights to Back Up Portions of the eDirectory Tree” on page 26
“Frequency of Backup” on page 27
Overview 23

103-000134-001
August 29, 2001
Novell Confidential
Distributed Database
The network of servers that comprise an eDirectory tree structure continually

exchange updates and other time-sensitive information. The eDirectory
database exists as a set of files that are stored in the SYS: volume and are
hidden so they are not accidentally tampered with or deleted.
The eDirectory database files cannot be backed up, as was the case with
bindery files in NetWare 3.12 or earlier versions.
Server Interdependence
eDirectory is not server-centric, and neither are its backup and restore
processes. Backing up eDirectory, for example, backs up data that is spread
out over multiple servers. SMS Directory database backups gather all the
necessary eDirectory data.
To handle the necessary links and dependencies between objects, the backup
and restore system must be able to navigate the entire eDirectory tree
structure.
Object ID Numbers
In NetWare, a random ID number is assigned when an object is created.

NetWare uses object ID numbers to keep track of information such as users'
trustee rights to directories and files in the file system. These object ID
numbers are stored in the directory entry table (DET) of each file and directory
and are server-centric.
When NetWare is backed up, SMS-compatible products store the objects' fully
distinguished names on the backup media, not the objects' ID numbers. If an
object with the same distinguished name as on the backup media already exists
in the eDirectory tree structure, its object ID is not overwritten during a
restore. If an object with the same name does not already exist in the
eDirectory tree structure, it is assigned a new object ID when it is restored.
This occurs on every server where the object is used.
Schema Backup
The schema is backed up automatically with a full eDirectory backup. You can
also choose to back up the schema separately using a custom eDirectory
backup.

103-000134-001
August 29, 2001
Novell Confidential
Placeholder (Unknown) Objects
Whenever insufficient information is known about an object, such as when

one of its mandatory attributes is missing, eDirectory creates as a placeholder
an Unknown object.
During a restore session of the eDirectory database information, Unknown
objects are created when restoring an object that has an access control list
(ACL) or any other attribute that refers to other objects that do not currently
exist in the eDirectory tree structure.
This condition is common in a restore, because only one object can be restored
at a time. When this condition arises, an Unknown object is created until the
real object is restored.
For example, User object User1 has been given property and object rights to
User object User2. If User1 and User2 are deleted and only User2 is restored,
an object named User1 will be created but it will have a base class of
Unknown. This occurs because the access control list of User2 lists User1,
which was not restored. The Unknown object is used as a placeholder in the
tree. If User1 is later restored, it will replace the Unknown object.
If the restore session does not include the object for which the placeholder was
created, the object remains in the eDirectory tree structure as type Unknown.
Expect to see Unknown objects after a restore session if all network resources
such as servers, volumes, and users are not in place before the restore session
starts.
Objects that remain unknown after a restoration is completed are objects for
which eDirectory could not resolve the dependencies.
In this case, you can do one of two things:
1. Delete the Unknown objects and re-create the original object.
2. Perform a selective restore to overwrite the Unknown objects.
Backup Software for eDirectory
In order to back up the eDirectory database, the TSANDS.NLM software must

be loaded on one server in the eDirectory tree structure—preferably the server
containing a replica of the largest partition.
For large or complex networks, you can improve performance by loading the
TSANDS.NLM software for a particular partition. This minimizes network
Overview 25

103-000134-001
August 29, 2001
Novell Confidential
traffic during the backup process and improves performance when the backup
program performs name resolution across the eDirectory tree structure.
The version of TSANDS.NLM that ships with NetWare allows selective
backup and restoration of an eDirectory tree structure.
HINT: Not all third-party backup applications support this selective backup and
restoration. Check with the application vendor for details on product features.
In SBCON, you can begin the backup of the eDirectory database from any
server in the eDirectory tree structure. The backup process continues from that
point downward to the end of that portion of the tree. If the selected container
is [Root], the entire eDirectory tree structure is processed.
This allows you to back up the entire eDirectory tree structure or subsets such
as a single branch, a single container, or even a single leaf object. Also, a scan
option allows backup of only those objects for which the backup user has the
Supervisor right.
When you back up eDirectory, we recommend that you back up the eDirectory
tree structure in one session whenever possible. Although partial eDirectory
backups and restores are possible, numerous precautions and additional issues
must be noted. See “Partial eDirectory Restores” on page 79 for more
information.
Setting Rights to Back Up Portions of the eDirectory Tree
The network administrator can assign backup administrators with limited

rights to the eDirectory tree structure.
For example, suppose in your company you have three Organizational Units
that need to be backed up (East, West, Mid). You could create three User
objects—BackAdmin1, BackAdmin2, and BackAdmin3—and give them
rights to the Organizational Unit that they are responsible to back up.
You then create a TSANDS.CFG file that lists the fully distinguished name of
the contexts where the backup administrators' rights begin. It would look
similar to the following:
.OU=East.O=Acme
.OU=West.O=Acme
.OU=Mid.O=Acme
Backup administrators have rights to back up the eDirectory tree structure

beginning only at the context listed, and the rights continue until the tree stops
or the rights are filtered out. Backup administrators should use a custom

103-000134-001
August 29, 2001
Novell Confidential
eDirectory backup to back up the portions of the tree for which they have
rights.
The network administrator assigns the Supervisor right to the backup
administrators for the section of the eDirectory tree structure that they are
responsible to back up. The network administrator then needs to create a
TSANDS.CFG file that lists the fully distinguished names of the containers
where each of the backup administrators' rights begin. The TSANDS.CFG file
should be saved in the SYS:SYSTEM\TSA directory of the server.
Frequency of Backup
In general, the eDirectory database should be backed up on a weekly basis.

The frequency of this backup depends on how often changes and updates are
made to the eDirectory tree structure. For a tree that changes often, you might
want to perform an eDirectory backup every time you do a full backup of all
servers on the network.
IMPORTANT: Always back up eDirectory prior to major tree modifications.
To get a full backup, the entire eDirectory tree structure needs to be

functioning, meaning that all partitions are synchronizing normally. An
eDirectory tree cannot be backed up entirely if any replicas of any partition are
offline.
Backups and the File System

Back up your volumes so that in the case of hardware failure, natural
catastrophe, or accidental change or deletion of files, you can restore the file
system to a previous state and not lose the data.
To back up file system data, an appropriate SMS TSA must be loaded on each
server for which a file system backup is to be created (see “Loading the Target
Service Agents” on page 45). To back up file system information, make sure
your backup application can handle the NetWare file system name spaces,
extended attributes, trustee rights, compression, etc.
Once the device drivers for your backup hardware and the SMS TSA software
is loaded, you can run the backup program of your choice (see “Loading
SBCON” on page 46).
Overview 27

103-000134-001
August 29, 2001
Novell Confidential
Trustee Assignments
Trustee assignments are stored as part of the file system as an ID. They are
backed up by default when the file system is backed up with the SMS TSA
software. If a User object is deleted and then re-created or restored, its object
ID changes. This is why the SMS TSA module uses fully distinguished names
for objects to back up the trustee rights from the file system. If a User object
is deleted and re-created with a new ID, the user's trustee assignments in the
file system can be restored.
As long as an object with the same name on the backup media exists in the
eDirectory tree structure when the file system is restored, the TSA can interact
with eDirectory to rebuild the directory entry table (DET) to reflect new object
ID numbers.
For additional information about object ID and trustee issues, see “Restoring
eDirectory” on page 69.
Server-Specific Information
Server-specific information such as the replica information, ID information,

name spaces loaded, and system configuration is stored on the volume SYS:.
This information is backed up as part of the file system as a single resource.
This resource includes the following five files:
SERVDATA.NDS contains server-specific eDirectory data.
DSMISC.LOG contains a replica list and replica types on the server at
backup.
STARTUP.NCF contains a disk driver, name spaces, and SET
parameters.
AUTOEXEC.NCF contains load modules and the NetWare operating
system configuration.
VOL$INFO.TXT contains volumes on the server, name spaces loaded,
compression, and migration information.
You can also choose to back up this information individually. The information
is not restored unless you specifically choose to restore it. It does not need to
be restored unless you have lost the SYS: volume. In that case, you must
replace the hardware and restore this information. For more information, see
“Restoring the Entire eDirectory Tree Structure” on page 72.

103-000134-001
August 29, 2001
Novell Confidential
Backups and Clusters

Novell Cluster ServicesTM allows you to configure up to 32 NetWare servers
into high-availability cluster, where resources can be dynamically switched or
moved to any server in the cluster. Consolidation of applications and
operations on a cluster has benefits such as lower costs, scalability, and
increased availability. See the Novell Cluster Services documentation (http://
www.novell.com/documentation) for more information.
For a cluster to work as a high-availability system, the file system, the
applications, and services that run on the cluster should be cluster-
enabled.SBCON supports backup and restore of cluster-enabled pools. In
addition, the backup session can be automatically recovered in case of a
failover or failback condition.
NOTE: Backup and restore of cluster-enabled pools is not supported in NetWare
versions earlier than NetWare 6.
SBCON supports automatic recovery of backup sessions if failover or failback

occurs. The backup engine reconnects to the Target Service Agent and
resumes the backup from where it had terminated. Various cluster options like
Enable Auto-Recovery and Retry Interval are provided by SBCON. You can
use the default values or reset the values while submitting the backup job. The
engine begins the reconnection attempts after waiting for a configurable time,
and then retries at regular intervals until the connection is re-established or the
number of retries has expired.
After the connection is re-established, the internal structures of the TSA are
built and the recovered session is continued from where it had terminated.
User intervention is not required during the recovery period. You can view the
status in the Session Report screen.
Consider the following before preparing for backup and restore of cluster-
enabled pools:
Use TSA600.NLM to backup or restore cluster-enabled pools. (See
“Target Service Agents (TSAs)” on page 30 for details.)
If SBCON is loaded on a cluster node and a backup session for a cluster-
enabled pool is submitted, the session cannot be recovered if a failover or
failback condition occurs on the host server.
SBCON can backup and restore only one cluster-enabled pool per
session. This is because the engine is connected to the cluster pool instead
of the server.
Overview 29

103-000134-001
August 29, 2001
Novell Confidential
If a cluster server is chosen as the target, only noncluster volumes will be

backed up. You have to back up each pool individually.
You might abort an ongoing backup job with the intention of resubmitting
the same job later. In such situations, the job will not restart from where
it was terminated; it will restart from the beginning.
For more information, see “Backing Up Cluster-enabled Pools from the
Server” on page 56.
Target Service Agents (TSAs)

In SMS, a target is any machine on the network that requires backup.
Examples of targets include SQL database engines, eDirectory databases,
workstations, and NetWare servers.
Through specific TSAs, SBCON allows you to back up the information that
exists on the following targets. These TSAs are listed in general as follows:
Table 1 Target Services and Their Corresponding Target Service Agents
Target Service Corresponding Target Service

Agent
NetWare 6 TSA600
Windows 95 and 98 workstation W95TSA
Windows 2000 and Windows NT Windows NT TSA

workstation
MAC workstation MACTSA
GroupWise® data GWTSA
OS/2 machine OS/2 TSA
A Target Service Agent (TSA) is a software module that understands how to

scan, read, and write the target data. The primary functions of an SMS TSA
are to prepare the target data for backup or restoration, and to communicate
with the storage management engine (SME). For example, an SMS TSA for a
NetWare server understands name spaces, file and directory attributes,
security privileges, etc., for the data on that server.

103-000134-001
August 29, 2001
Novell Confidential
The TSA packages data from the target and presents it to the SME in a generic
format. This allows one SME to interact with many types of TSAs.
NetWare 6 provides TSA600.NLM, with the following features:
Supports backup and restore of traditional NetWare file system and NSS
file system
Supports backup and restore of cluster-enabled pools (see “Backups and
Clusters” on page 29)
Recovers the backup session in failover and failback conditions
Provides the caching feature for optimizing backup performance (see
“Customizing Backup” on page 53.) The TSA will scan the data sets prior
to the engine request and commit the data set information to the cache.
When the request comes in, the data is read from the cache instead of from
the disk
NOTE: To use this feature, ensure that your backup engine supports the scan-
ahead option. If the option is enabled without appropriate changes to the engine,
unexpected results may occur. Also note that performance might vary from engine
to engine.
Restore Services
Restore services provides information on how SMS restores data from
eDirectory, volume SYS: and other volumes, single servers, multiple servers,
and the eDirectory tree structure.
Use SBCON to retrieve and reinstate data you have backed up to storage
media. You restore data if it has been lost or corrupted since a backup was
made.
A restore session restores data from a backup. The restore session produces
the requested data, which is retrieved from the storage media and restored to
the location you specify. If an error occurs during the restore session, an error
message is appended to the error file on the host server.
“How SMS Restores Data” on page 32
“Restore Options” on page 34
“Restoring eDirectory and the File System” on page 35
“Restoring Cluster-enabled Pools” on page 37
Overview 31

103-000134-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
How SMS Restores Data

During a restore session, SBCON reads the backup storage media, and the
Target Service Agent (TSA) compares the media data set to the existing hard
disk data set. The Target Service Agent evaluates each data set according to
the following criteria:
Is this data set a subset of what is being restored?
Is this data set found on the hard disk?
Which parts of the data set are subject to restoring?
Is this data set a parent or a child, and is the Overwrite parameter set to
Yes or No?
If the parameters for a child are set to Overwrite Only if Newer, does the
backup copy have a more recent date than the existing copy?

103-000134-001
August 29, 2001
Novell Confidential
BEGIN END
Go to backup session
on storage media. no
Is
yes there
Read data set. another data set
to read?
Overwrite
Is the data set?
data set to
be yes
renamed
yes no only if newer
no
ignore Open mode
Rename the dataset option
Is
data set restore
a subset of what
you´re
restoring? Compare date of
no yes data set on media
to date of
data set on disk.
ignore
Is Is
data set date of
on the data set on media
hard disk? the newer
date?
no yes no yes
Open mode
option Open mode
ignore option
restore
Is restore
data set
a parent or
a child?
parent child
Consult Consult
"Overwrite" "Overwrite"
parameters for parameters for
parent child
Overview 33

103-000134-001
August 29, 2001
Novell Confidential
Restore Options
For a custom restore session, you can specify exactly which data to restore.
Several options work together to allow you maximum flexibility in your
restore session. These options allow you to do the following:
Choose subsets of data to restore
Open mode options
Overwrite an existing parent (such as a container) or child (such as an
object)
Subsets of Data to Restore
You can choose specific subsets of a backup session to include in or exclude

from the restore session by selecting major resources (such as volumes,
server-specific info, or containers) or minor resources (such as directories,
paths, files, or objects).
For more information about including and excluding, see “Customizing Your
Backup” on page 16.
Open Mode Options
Open mode options allows you to customize data for restore. File system data
can either be included or excluded for the session. The speed of the restore
depends on the options you set.
Overwriting Existing Parents or Children
Be careful when you perform a selective restore and choose whether to

overwrite existing parents or children, especially eDirectory objects. Objects
such as groups and users have references to other objects in the eDirectory tree
structure that will be affected by a selective restore.
For example, suppose a part of the eDirectory tree structure gets corrupted and
several users are deleted from the tree. There is a group that contains those
users, but once the users are gone, the group purges the membership list to
remove those users; the group, however, continues to exist in the eDirectory
tree structure.
If you perform a selective restore and choose not to overwrite existing objects,
the group membership list remains empty even if you restore the users. You
need to either add the users manually to the group membership list or restore
the original group.

103-000134-001
August 29, 2001
Novell Confidential
Restoring eDirectory and the File System

The only way to ensure that your eDirectory database can be fully restored is
through partition replication, with replicas of the entire database on multiple
servers.
On a single-server network, you need to rely more heavily on backing up the
data because you do not have replicas to restore information.
If part of the eDirectory tree structure, including partitions and replicas, exist
when the eDirectory database information is restored, those partitions and
replicas will be restored also, and you will not need to repartition the tree.
In case of corrupted data, follow these general steps:
1. Delete the corrupted eDirectory data.
2. Allow time for the deletion to propagate throughout the network. The
allotted time depends on the size of the data to be backed up, the size of
your network, the number of servers you have, and the number of
containers and users you have.
3. Restore the eDirectory data.
A replica containing the object does not have to be on the server. The
eDirectory database creates external reference when necessary.
NOTE: An external reference is a pointer to an eDirectory object not found locally
on the server; it is used to authenticate and reference objects that are not local to
the server.
There are specific recovery procedures for the following scenarios:

“Loss of a Volume Other Than SYS:” on page 35
“Loss of the SYS: Volume or an Entire Server” on page 35
“Loss of the Entire eDirectory Tree” on page 37
Loss of a Volume Other Than SYS:
Loss of a volume other than SYS: does not affect eDirectory. The only
requirement is to restore the file system data and trustee rights.
Loss of the SYS: Volume or an Entire Server
A hard disk failure involving the SYS: volume affects the entire server and
halts all NetWare operating system activities. Because the eDirectory files are
Overview 35

103-000134-001
August 29, 2001
Novell Confidential
stored on volume SYS:, losing SYS: is equivalent to removing NetWare and

eDirectory from the file server. You must reinstall NetWare and eDirectory
before you restore your data.
The procedures for this scenario are divided into two cases:
Loss of the only server in a single-server network.
Loss of a single server in a multiple-server network.
Single-Server Network
In a single-server network, server failure brings all network operations to a

halt. The same situation exists if the failure affects only the hard disks
containing the SYS: volume.
Since there are no replicas in a single-server network, you cannot recover any
eDirectory information from a replica.
Use the following general steps to restore the server:
1. Repair or replace the failed hardware.
2. Reinstall NetWare.
3. Restore eDirectory from an SMS backup. (See “Restoring Data” on page
62.)
4. Restore the file system. (See “Restoring Data” on page 62.)
Multiple-Server Network
In a multiple-server environment, it is possible for one server to go down and

for the rest of the servers in its replica list to remain intact. The same situation
exists if the hard disks containing volume SYS: on one server gets damaged,
causing the failure of the entire server.
2. Restore SERVDATA.NDS (the server-specific eDirectory information)
for the failed server to another server on the network. (See “Restoring
Data” on page 62.)
3. Reinstall NetWare, including restoring the SERVDATA.NDS file
(located in SYS:) to the original server.
4. Restore eDirectory. (See “Restoring Data” on page 62.)

103-000134-001
August 29, 2001
Novell Confidential
5. Restore the file system. (See “Restoring Data” on page 62 and “Custom
File System Restore” on page 74.)
6. Restore any replicas that were removed from the server.
Loss of the Entire eDirectory Tree
If all servers on a network are destroyed because of a disaster, you must

perform a complete restore of NetWare, eDirectory, and file system data.
IMPORTANT: We recommend that you document your eDirectory tree structure;
the location of Server objects, partitions, and replicas; and record bindery context
settings and other relevant information.
Use the following general steps to restore the eDirectory tree structure:
2. Reinstall NetWare on the first server.
3. Install NetWare on remaining servers to create a skeleton of the tree.
4. Restore eDirectory. (See “Restoring eDirectory” on page 69.)
5. Restore the file system to all servers. (See “Custom File System Restore”
on page 74.)
6. Re-establish partition boundaries and distribute replicas.
Restoring Cluster-enabled Pools

Restore of cluster-enabled pools is similar to a normal restore session (see
“Restoring Data” on page 62.)
NOTE: Auto recovery of the restore session on failover or failback is currently not
supported.
Session Files
Whenever you back up or restore files/directories, a log and corresponding
error files are created for that particular session on the server on which you are
executing the job. The .LOG file is the session file for that particular job.
The need to create a session file arises when you are restoring the data on a
server other than the one you backed up from. The server should possess the
session ID of all the jobs that are present on the tape so that the SME can
restore it. These session IDs are created from the .LOG files. See “Creating
Session Files” on page 98.
Overview 37

103-000134-001
August 29, 2001
Novell Confidential
Log and Error Files

The files of the backup session are stored in a default directory (such as
SYS:SYSTEM\TSA\LOG). If you prefer, you can create your own directory
for the log and error files as long as it resides on the host server.
The files of the restore session are stored in the directory
(SYS:SYSTEM\TSA\RESTORE). You cannot modify the location for the
files.
The files can be accessed through the SBCON Main Menu or from a Windows
95, 98, 2000 or Windows NT workstation using NWBACK32.
The error file is labeled with the same description that you give the restore
session (such as Friday's Full Backup) and is accessed through the Log/Error
File Administration option of the SBCON Main menu.
HINT: You might want to create individual log directories for the different types of
backup or restore session targets or different organizational units. For example,
you could create one directory for workstation backups and another for server
backups.
SBCON keeps a list of all the log and error files. These lists show
The description you enter for the session.
The date and time the session was begun or, in the case of a delayed
backup session, the time the session was scheduled.
The name of the target the data was backed up from.
Log File
The log file is created on the host server the first time a particular set of data
is backed up. This file contains the following:
The session date and time and the description you entered.
The target from which the data was backed up for a backup session.
The target that was backed up and the location on the server where the
data was restored to during a restore session.
Media set identification information.
The area of the file system structure that was backed up or restored
(volume name, directory name, etc.).
The names of files that were backed up or restored.
The numerical location of the data on the storage media.

103-000134-001
August 29, 2001
Novell Confidential
Error File
The error file is created on the host server the first time a particular set of data
is backed up. It contains a list of any errors that occurred during a backup or
restore session.
This file contains the following:
The area of the file system structure that was backed up or restored.
The total number of parents and children that were backed up or restored.
The names of files that were not backed up or restored, along with any
error messages or information.
Skipped data sets (any file that is open when a session begins, is not
backed up or restored, and is listed as a skipped data set).
Overview 39

103-000134-001
August 29, 2001
Novell Confidential

103-000134-001
August 29, 2001
Novell Confidential
2 Setting Up
In addition to being able to back up data from a server with SBCON, you can
use a Windows 95, 98, 2000 or Windows NT workstation to perform your
backups using the graphical interface.
How to customize the NetWare server as the backup server. See
“Customizing the NetWare Server as the Backup Server” on page 43.
How to load the backup software. See “Loading Controller and Storage
Device Drivers on the Server” on page 44, “Loading the Target Service
Agents” on page 45, and “Loading SBCON” on page 46.
How to unload the backup software. See “Unloading SBCON” on page
47.
How to back up your data. See “Backing Up from the Server” on page 50,
“Customizing Backup” on page 53, or “Backing Up from a Workstation”
on page 55.
How to restore your data. See “Customizing Restore” on page 66, or
“Restoring eDirectory” on page 69, and “Restoring a Volume Other Than
SYS:” on page 69.
Setting Up 41

103-000134-001
August 29, 2001
Novell Confidential
SBCON Guidelines
Before you set up and begin backups, follow these guidelines to make backups
easier and to avoid problems later.
Log in. You will have limited success backing up and restoring if you log
in without the Supervisor right.
For security reasons, many SBCON options are limited to the network
administrator.
Reserve disk space for temporary files. Make sure you have disk space
available (1 to 2 MB) on the target server's volume SYS: to accommodate
log and error files.
SBCON creates temporary files on the target server during backup. If you
have linked UNIX* files or files with extended attributes, the temporary
files might be larger than 1 MB.
Do not mount or dismount volumes during a backup or restore
session. The data might be corrupted or an association might occur at the
host server.
Use the correct name space and name space formats. If you do not use
the correct name space and name space formats when entering paths and
file names, files can't be restored.
Name spaces: DOS, FTAM, Macintosh, NFS, OS/2
Name space formats:
For Macintosh, use Volume::directory:directory:filename
For all others, use Volume:/directory/directory/filename
Exit SBCON before unloading drivers. If you unload a manually
loaded driver (such as aha1740.dsk or aspitran.dsk) before exiting
SBCON, you might cause the host server to abend.
Use original case for non-DOS names. Non-DOS pathnames and
filenames are case-sensitive. NetWare recognizes DOS pathnames and
filenames in uppercase only. If you're not sure of the original case, refer
to your log file.

103-000134-001
August 29, 2001
Novell Confidential
Before Loading the Backup Software

Before you load the backup software on the server or on a Windows machine,
you need to configure a server to execute your backups.
Determine the following:
The tree to which the server belongs which must be made the current tree
The full eDirectoryTM context of the server
Before Running the Backup Software

Before backing up software, in general you must:
Load the controller and storage device drivers on the server. See “Loading
Controller and Storage Device Drivers on the Server” on page 44.
Load the TSAs on a server, workstations, or both. See “Loading the
Target Service Agents” on page 45.
Load the backup engine on the server or the workstation. See “Loading
SBCON” on page 46 or “Loading NWBACK32” on page 47.
Customizing the NetWare Server as the Backup Server

SMS allows you to configure a NetWare®server as a backup server while
installing NetWare 6. It also allows you to create NDS® Backup Queue and
SMDR Group objects.
To customize the settings while running the Install program, do the following:
1 In the Final List of Products to be Installed dialog, click Customize.
2 Select Storage Management Services from the list of NetWare Services >
click Configure.
The SMS Setup dialog box with default values for NDS Backup Queue
and SMDR Group objects displays.
3 Enter the name of the eDirectory tree where the SMS objects will be
created.
4 Enter the name of the backup server and the context.
5 Accept the default for the SMDR Group context where the SMDR Group
object is to be created, or enter a new context.
Setting Up 43

103-000134-001
August 29, 2001
Novell Confidential
The SMDR Group object is where all NetWare and workstation SMDRs
are registered for name resolution purposes.
6 Accept the default name of the Backup Queue where all backup jobs will
be submitted, or enter a new name and context.
Loading Controller and Storage Device Drivers on the Server

Controller and device drivers control the mechanical operation, such as read,
write, forward, back, and stop of various storage devices and media.
Ensure that you have installed the storage device controller and storage device
according to the hardware manufacturer's instructions.
When NetWare 6 is installed, the device drivers are placed in the
startup.ncffile automatically.
Whenever you want to add new drivers, you can either place them in
STARTUP.NCF or use the following steps:
1 At the server console prompt, enter:
LOAD PATH CONTROLLER_DEVICE_DRIVER_NAME(S)
LOAD PATH STORAGE_DEVICE_DRIVER_NAME(S)
For example, to load the drivers from drive C:, enter:
LOAD SCSI154X.HAM PORT=24
LOAD SCSIHD.CAM
LOAD SCSI2TP.CDM
2 In NWCONFIG, select Driver Options > Configure Disk and Storage
Device Drivers > Discover and Load Additional Drivers [or] Select an
Additional Driver.
3 (Conditional) If you loaded HAM drivers, or if you added an external
device, enter the following at the server console prompt:
LIST DEVICES
4 To register the storage device with the system, enter the following at the
server console prompt:
SCAN FOR NEW DEVICES
NOTE: If you load the drivers from the STARTUP.NCF file, you do not need to use
the SCAN FOR NEW DEVICES command.

103-000134-001
August 29, 2001
Novell Confidential
Loading the Target Service Agents

Target Service Agents are loaded on servers and workstations. If you want to
back up a server, load the TSA on the server. Ensure that the controllers and
device drivers are loaded.
Table 2 Server Console Commands for Backup and Restore of Various Target Services
To Back Up or Restore At This Console Enter This Command
NetWare 6 Host server LOAD TSA600
eDirectory database NetWare 4 or later server (preferably a LOAD TSANDS

server with a copy of the largest
partition)
DOS partition on NetWare Host server LOAD TSADOSP
OS/2*, UNIX, and Host server LOAD TSAPROXY

Macintosh* workstations
Target workstation See the documentation that
came with the OS/2, UNIX, and
Macintosh workstation software.
Windows 95 and 98 Target workstation W95TSA.EXE (installed with the

Novell ClientTM). See the online
help for more information.
Windows 2000 and NT Target workstation TSAPREFS.EXE,

TSAMAIN.EXE (installed with
the Novell Client). See the
online help for more information.
Follow these general steps when backing up or loading the software:

Backing up the eDirectory database. Load TSANDS.NLM once on the
server with a replica of the largest partition.
Backing up the file system. Load TSA600.NLM for its server and on
every server to be backed up.
Backing up cluster-enabled pools. Load TSA600.NLM on the target
server and the backup servers.
Backing up workstations. Load the appropriate TSA on the workstation.
For more information about backing up workstations such as UNIX,
OS/2, or Macintosh, see the documentation included with the client
software.
Setting Up 45

103-000134-001
August 29, 2001
Novell Confidential
Loading the files when the server starts. Place the commands in the
server's STARTUP.NCF, and in the workstation's NET.CFG file,
AUTOEXEC.BAT file (for DOS), or Startup folder (for OS/2).
Loading SBCON
You can load SBCON from the server command line.
If you use NWBACK32 on a client, you do not need to load SBCON.
SMSSTART
TSA600.NLM, TSAPROXY.NLM, and SMDR.NLM modules are
loaded with default configuration values.
SBSC.NLM, QMAN.NLM, SMSDI.NLM and TSANDS.NLM must be
manually loaded on need basis; SBSC.NLM, QMAN.NLM,
SMSDI.NLM when storage devices are used, and TSANDS.NLM for
backup and restore of eDirectory.
2 Load SBCON by entering
LOAD SBCON
Prerequisites
Controller and storage device drivers are loaded on the server.
See “Loading Controller and Storage Device Drivers on the Server” on
page 44.
SMDR.NLM, TSA600.NLM, SMSDI.NLM, QMAN.NLM, SME.NLM,
SBSC.NLM, and SBCON.NLM are installed on the server.
They should have been installed automatically during NetWare 6
installation.
Each NLMTM listed above is in the search path.
TSA is loaded on each machine to be backed up.
See “Loading the Target Service Agents” on page 45.

103-000134-001
August 29, 2001
Novell Confidential
Unloading SBCON
To ensure maximum memory utilization and throughput, you should unload
backup software and other Storage Management ServicesTM (SMSTM) modules
when you are finished performing your backup. That way, more memory will
become available on your host or target.
1 Exit SBCON from the Main Menu.
Press Esc until you reach the SBCON Main Menu; then press Esc again
and confirm the prompt.
2 Unload all the modules by entering the following command at the server
console:
SMSSTOP
Unloads all the previously loaded SMS modules.
WARNING: The system displays a warning message on the console if you
attempt to unload a module being used by another NLM. If you continue, your
server might abend.
Loading NWBACK32
1 Log in to the desired eDirectoryTM tree structure.
If this is the first time you have used NWBACK32, go to Step 2 on page
47 Otherwise, go to Step 3 on page 48.
2 (Conditional) If this is the first time you have used NWBACK32, do the
following:
2a Log in to the server running the backup engine.
2b Enter your user name and password.
2c Configure eDirectory information.
Tree Name. Enter the name of the eDirectory tree you will be using
to backup and restore data.
SMDR Context. Enter the context you created during the server
configuration.
SMDR Group Context. Enter the context you created during the
server configuration.
Check the SAP (IPX) box if you want to use IPX. Uncheck the box
for IP.
Setting Up 47

103-000134-001
August 29, 2001
Novell Confidential
3 Run NWBACK32.EXE from SYS:PUBLIC.

The following screen appears.
You are now ready to back up data. Go to “Backing Up Data” on page 49 to

continue.
Exiting NWBACK32
1 Exit NWBACK32 from the Quick Access window.
2 Unload all the modules loaded on the server by entering the following
command at the server console:
SMSSTOP

103-000134-001
August 29, 2001
Novell Confidential
Backing Up Data
You can use SBCON to create a tape backup of the eDirectory database or of
the file system on your servers or workstations. The prerequisites listed here
use SBCON as the Storage Management Engine (SME).
Prerequisites
Understand the process for loading SBCON.
See “Loading SBCON” on page 46
Ensure that you know the workstation password if you are backing up a
workstation. For DOS workstations, make sure the Target Service Agent
was loaded with the /Password parameter instead of the /Trust parameter,
as explained in Table 2 on page 45.
Set the backup server and its tree as the primary resource using the Novell
Client. This lets you view the tape devices in NWBACK32.
If you are backing up the eDirectory database, ensure that eDirectory
synchronization and communication are functioning properly.
Before starting the backup, make sure eDirectory is fully functional. This
means that all partitions are synchronizing correctly.
If your backup host and targets communicate across a WAN, check the
status of the WAN links to verify that they are operating properly.
If you are backing up the file system, make sure you have Read and File
Scan rights to the directories/files you are backing up.
Ensure that you know what type of backup you want to perform: full,
differential, or incremental.
For more information, see “Backup Types” on page 16.
If you use the Advanced Options, ensure that you know the file system
structure of the target you are backing up. You will be prompted for the
paths to the volumes and directories that you want to include in or exclude
from your backup.
Ensure that you have loaded the drivers for your specific device and
controller board.
Ensure that the required files for your target are loaded.
Ensure that you have loaded the SBCON files for your specific target.
Setting Up 49

103-000134-001
August 29, 2001
Novell Confidential
Ensure that media is inserted into your storage device.

You can back up your data two ways: from a server using SBCON or from a
Windows workstation using NWBACK32.
Backing Up from the Server

When you back up your data from one server to a target server or workstation,
you should use the command line.
1 Load the SBCON modules.
See “Loading SBCON” on page 46.
2 Click Main Menu > Job Administration > Backup.
3 Click Target Service to select the NetWare server running your backup or
restore Target Service Agent.
To be able to select the server, you need to load the correct Target Service
Agent (TSA). See “Loading the Target Service Agents” on page 45.
If you do not see the target you want on the list, check for these possible
causes:
The correct Target Service Agent is not loaded on either the host or
the target. See “Server Console Commands for Backup and Restore
of Various Target Services” on page 45 for LOAD commands.
Network traffic is heavy. Press Esc to return to the Main Menu, and
then press Enter again. Your target should now be listed.

103-000134-001
August 29, 2001
Novell Confidential
4 Select a target from the Target Services list.

The following table describes the targets that can be selected for backup.
If you are Backing Up Then Select
Cluster-enabled pools The cluster-enabled pool you want to back up
The file system The server whose file system you want to back
up
The eDirectory database The server with TSANDS loaded
A workstation The workstation's host server, and then the

workstation
Server-specific The server whose server-specific information

information you want to back up, and then choose to back up
the file system.
5 When prompted, enter the username (and context, if required) for the
target.
If SBCON rejects the username you entered, you probably need to
include the context where the User object is located. For example, instead
of entering ADMIN as the username, enter
.CN=ADMIN.O=company_name or .ADMIN.company_name.
You must include the context in the username at this point if the username
you use exists in an eDirectory container that is different from the bindery
context set on the server running the engine.
6 (Conditional) If requested, enter the password for the target.
SBON will take a few moments to attach to that target.
If you select the default values on this form, a full backup of the source is
performed. Otherwise, if you want to perform an incremental or
differential backup, select Advanced Options.
7 Click What to Backup and press Enter.
8 Press Insert, select the volumes and files you want to back up from the
screen, and press Esc.
The selected volumes and files appear in the List Resources screen.
9 Enter a descriptive name for the backup session in the Description field.
Setting Up 51

103-000134-001
August 29, 2001
Novell Confidential
This is a descriptive name of the job, which will help you identify the
specific backup session; if a restore is necessary, you can easily identify
the session you need. There is no special requirement for what to enter as
the session description.
HINT: You might want to include the full path of the data (for example,
SYS:HOME\REPORTS\JULY.02) which you will need to know if a restore session
is necessary.
10 Click Device/Media Name and select a device.

A list of available objects is displayed in the Select a Device screen.
If you accept the default value, the engine selects the device and media
which you have designated as the default.
NOTE: If there is only one media type available, it will be treated as the default.
If your device has more than one storage device attached, select an
available device from the list. If the device contains multiple media,
select the media for the backup.
If the storage media does not have a label, SBCON displays a message
saying that the media cannot be identified. Set the label before selecting
it for a backup job.
11 Select Advanced Options.
For more details, see “Customizing Backup” on page 53.
12 Select Append Session.
This option appears only if your device supports appending to previous
sessions on the media.
Accept the default YES if you want to preserve all sessions on the media.
The backup session is appended to the media at the end of the previous
session. Each appended session has separate backup and error logs.
If you want to overwrite the data on the media, enter NO. The media
rewinds and existing data is overwritten by the next backup.
HINT: Labeled media is not considered empty media. No sessions are necessary
on the media for you to set the Append option to Yes.
Delete the log and error files for any session you overwrite to avoid trying to restore
a session that no longer exists.
13 Press Enter to save the settings and continue with the backup.
WARNING: If you are appending a backup session to a media set (two or more
tapes), use the tape with maximum space.

103-000134-001
August 29, 2001
Novell Confidential
14 To return to the Main Menu, press Esc until you back out to the Main
Menu.
15 To exit SBCON, press Esc again and answer the confirmation prompt.
Customizing Backup
You can customize your backup using the Advanced Backup Options form
when you use SBCON at the server to launch your backup program. This form
allows you to specify exactly what you want to back up data. It could be the
server, the eDirectory database, workstation, directory, or file. You can even
specify subsets of groups. The Advanced Backup Options form activates only
after you have selected at least one of the resources (directory/file). Select
Advanced Options from the Backup Options form to perform advanced
backup sessions. See “Backing Up from the Server” on page 50.
HINT: SBCON displays prompts and messages at the bottom of the screen. For
example, you can press F1 for help at any time.
If you want to perform a series of backups and restores and need to change your
target, see “Changing Your Target” on page 61.
A custom backup allows you to specify exactly what you want to back up:
server, volume, the eDirectory database, workstation, directory, or file.
To customize a backup, do the following:
1 Select Backup Options > Advanced Options.
2 Select Backup Type.
By default, Storage Management Engine (SME) performs a full backup.
See “Backup Types” on page 16. Differential and incremental backups
are not interchangeable. See “Planning a Backup Schedule” on page 21.
IMPORTANT: If you choose to include migrated data, ensure that your backup
media capacity matches the jukebox media capacity.
Setting Up 53

103-000134-001
August 29, 2001
Novell Confidential
3 Select Subsets of What To Backup.

The default setting means that everything in the Subsets of What You
Want to Backup screen is backed up.
Include/Exclude TSA Resources—Includes or excludes resources such
as servers or volumes.
Include/Exclude Directories—Includes or excludes directories.
Include/Exclude Files—Includes or excludes files.
Include/Exclude path/files—Includes or excludes pathnames and files.
4 Select Scan Options.
The How to Scan What you are Backing Up screen appears.
If you do not want to accept the default (nothing will be excluded),
type Y (Yes) and press Enter.
Choose to exclude subdirectories, hidden files, system files, etc.
Enable the Scan-ahead option, if required.
6 Press Esc to Finish.
For information about how SBCON scans data, see “Scan Data Sets” on
page 19.
7 Select Execution Time.
The Edit Date and Time screen appears. You can choose the default date
and time shown for the backup to begin, or you can type a new date and
time. You can change the month/day/year and hour/minute/second fields.
The engine should initiate the rescheduled job.
To schedule the job to run another time, press Enter and go to Step 8 on
page 54. Otherwise, go to Step 7 on page 54.
8 (Optional) Select Scheduling.
Reschedule—Select Yes to reschedule.
Rerun Interval—Specify the duration in terms of elapsed time and days,
months or years to rerun an already scheduled job.
The Edit Date and Time screen appears. You can specify the number of
days, months, or years after which an already scheduled job will run.

103-000134-001
August 29, 2001
Novell Confidential
The day, month, or year you enter should not be the actual date when you
want the job to run; rather, it is the duration after which the job gets
executed.
Example
If you have scheduled a job to run on 03/20/1999 and want to rerun the
job after two months and at the same time, then the Rerun Interval field
should be the following:
Year: 0, Month: 2, Day: 0
Hour: 0, Minute: 0, Second: 0
Rerun Count—Specify the number of times you want to rerun a job after
the current execution.
Keep Finished jobs—Select Yes to keep the job in the queue after
execution so that it can be rescheduled when you need it.
NOTE: If you are performing a series of backups or restores and need to change
your target, follow the procedures in “Changing Your Target” on page 61.
Backing Up from a Workstation

When you load the backup software from a workstation to the target server or
workstation, you are using the graphical interface.
To back up from a Windows workstation, do the following:
1 Run NWBACK32.
See “Loading NWBACK32” on page 47.
2 At the Quick Access window, click Backup.
3 Select what you want to back up.
3a Double-click What to Backup.
3b Click eDirectory, NetWare Servers, or Workstations.
3c Double-click a server to back up.
3d Enter the username and password to authenticate to the server.
A list of resources to back up appears, such as volumes and files.
3e Click the resources to back up.
3f Click OK to finish.
Setting Up 55

103-000134-001
August 29, 2001
Novell Confidential
4 Select where you want your backup data to go.

4a Double-click Where to Backup.
4b Change to the correct eDirectory tree structure and context by
clicking the Change to Context button on the toolbar.
4c Double-click Queues.
4d Select a Queue object from the list.
4e Right-click the server to open the drop down box.
4f Click Submit the Job.
This step allows you to submit the job to a queue on the chosen server
or on the chosen media type.
Queue. Double-click to expand the queue.
Server. Double-click to expand the queue, double-click to select a
server, and then right-click to submit the job.
Media. Double-click to expand the queue, double-click to select a
server, double-click to view a list of devices, double-click to view a
media list, and then right-click to submit the job.
Backing Up Cluster-enabled Pools from the Server

3 Click Target Service to select a cluster-enabled pool name.
To be able to select the target, you need to load the correct Target Service
causes:

103-000134-001
August 29, 2001
Novell Confidential
target.
SBCON will take a few moments to attach to that target.
differential backup, select Advanced Options. For more details on the
Advanced options, see “Customizing Backup” on page 53.
SYS:HOME\REPORTS\JULY.02), which you will need to know if a restore session
is necessary.

Setting Up 57

103-000134-001
August 29, 2001
Novell Confidential
11 Select Advanced Options and set the desired values for all the fields.
NOTE: If you set Enable Auto Recovery to NO in Cluster Options, the remaining
options become invalid.

WARNING: To append a backup session to a media set (two or more tapes), use
the tape with maximum space.
14 To return to the Main Menu, press Enter and then press Esc until you back
out to the Main Menu.

103-000134-001
August 29, 2001
Novell Confidential
Backing Up a Workstation
To back up the workstation (the target), a Target Service Agent (TSA) must
be loaded on the workstation. (See “Loading the Target Service Agents” on
page 45.)
You can select the directories to back up or back up the entire workstation.
Windows 95 and 98 Workstation
Make sure that the W95TSA is installed and configured. It is a part of the
Novell Client modules (checkbox for Target Service Agent).
NOTE: If W95TSA is installed and registered, a shield-like icon appears in the
system tray and indicates Novell TSA (Listening) message. You will also see an
SMS screen popup when you log in to NetWare.
1 At the target workstation, register with the W95TSA.

1a Double-click the shield-like icon that appears in the system tray.
The Novell Target Service Agent for Windows Properties box
appears.
1b Enter your user name and password for TSA.
1c Enter the server name that will be servicing this Windows client.
1d Select the disk drive you want to register.
1e (Recommended) Check Auto Register. This automatically registers
your workstation with the server after you restart.
1f Click OK.
1g Restart your workstation.
The TSA must be installed and registered with the host server, along with
the TSA username and password.
2 At the host server, load TSAPROXY.
3 Select the NetWare server running the target service agent.
4 Follow the procedure from Step 3 on page 50 to complete your backup.
Setting Up 59

103-000134-001
August 29, 2001
Novell Confidential
Windows 2000 and Windows NT Workstation
Make sure that the NT TSA is installed and configured. It is a part of the
Novell Client modules (checkbox for Novell Target Service Agent).
The Windows NT TSA has two parts:
TSA Service (TSAMAIN.EXE) is a service that waits for and acts when
there is a request from the backup engine.
TSAPrefs (TSAPREFS.EXE) allows an NT administrator to set
preferences and monitor the activities of the TSA Service.
1 Right-click Network Neighborhood and then click Properties > Novell
Target Service Agent > Properties.
2 Click Preferences and fill in the following fields:
Workstation: Enter the name of the workstation.
Preffered Server: Enter the name of the server on which you want to
connect. This server must have TSAProxy installed.
Protocol: Select SPX/IPX or TCP/IP.
Events to Log: Check the items you want to log: Connection,
Registration, Security, or Service.
Allow Backup User: This grants the backup user rights depending on the
group.
Auto Register: This automatically registers the Windows workstation
with the server after you restart.
3 Click Registration.
4 Check the fields in the Registration page and, if correct, click Register.
If information in any of the fields is incorrect, click Withdraw and return
to the Preferences page to change the information. Then repeat Steps 4
and 5.
5 Click Connections.
6 Check the fields in the Connections page and then click OK.
If you need to add or change information, click Apply.
You can also delete connections in this page under Current Connections
and then click Apply.

103-000134-001
August 29, 2001
Novell Confidential
Changing Your Target

Any time you are performing a series of backup or restore sessions, you might
need to change your target. This can be easily done from the SBCON Main
Menu either at the command line or from the Windows workstation using
NWBACK32.
If you do not specify a new target, SBCON automatically selects the target
used during the last session and continues without asking you to make a
selection.
Ensure that you have met the prerequisites detailed in “Prerequisites for
SBCON Tasks” on page 81.
Load the required TSA. (See “Loading the Target Service Agents” on
page 45.)
Changing a Target at a Server

1 Select Main Menu > Change Target to Back Up From or Restore To.
2 Select one server.
3 From the list of Target Service Agents, select a target.
If the target you select includes more than one TSA loaded, SBCON will
show you a list of their full names.
4 Enter the username and password for the target you just selected.
The target is successfully changed.
Changing a Target at a Workstation

1 Run NWBACK32.
You can use the toolbar to open this window if preferred.
3 Double-click What to Backup.
4 Double-click Workstations (or NetWare Servers).
5 Select the workstation (or server) to use as the target.
Setting Up 61

103-000134-001
August 29, 2001
Novell Confidential
Restoring Data
Use SBCON to restore information from tape backup. These procedures use
SBCON as the Storage Management Engine (SME).
Know the username and password for the target server or workstation to
which you want to restore data.
Know the session description that you want to restore. You can get this
information from your session log and error files. (See “Session Files” on
page 37.)
For an Advanced Options restore session, ensure that you know the file
system structure of the data you are restoring. You will be prompted for
specific paths and filenames while setting the restore options.
If you restore the server-specific information from the file system backup
of the failed server to a functioning server or location, you can use the
VOL$INFO.TXT file as a reference for this information.
If you want to restore data to a new location (different from where the
original data was located), you must specify the full path to both the
original data and the new location. If the new location does not exist,
SBCON will create a new file system structure.
You can get the original path from your backup logbook or from the
session log files if you noted the path at the time the backup was
performed.
Replace faulty hardware or correct the problems that caused data loss (if
applicable).
Ensure that media is inserted in your storage device.
You can restore data either from the server command line or from a Windows
Restoring Data from a Server

1 Load the drivers for your specific device and controller board.
page 44.
2 Load the appropriate Target Service Agents.

103-000134-001
August 29, 2001
Novell Confidential
3 Load SBCON.
4 Select Main Menu > Job Administration > Restore.
The Restore Options screen appears.
5 Select Target Service and then the NetWare server running your backup
and restore Target Services Agent.
This is the name of the server or workstation on which you want to restore
your data. Before selecting it, you must load the correct TSA. See
“Loading the Target Service Agents” on page 45.
causes:
The proper TSA is not loaded on the target.
Network traffic is heavy. In these circumstances, it might take
SBCON a few moments to detect all the targets. Press Esc to return
to the Main Menu, and then press Enter again. Your target should
now be listed. From the Target Services list, select a target.
If the target you select has more than one TSA loaded, SBCON shows
you a list of their full names in the Backup/Restore Target Services on
This Server.
NOTE: When you are trying to connect to a different server, SBCON uses the
same username and password you gave the first time. It prompts only if it fails.
The following table lists the target services and their associated datasets.
Target Service to Restore Dataset to Select
Cluster-enabled pool The cluster-enabled pool that you backed up
File system The server whose file system you want to restore
eDirectory database The server with TSANDS loaded
Setting Up 63

103-000134-001
August 29, 2001
Novell Confidential
Workstation The workstation's host server and then the

workstation

information you want to restore and then the file system to
restore
6 When prompted for the target username, enter your username (and
context if required) as the network administrator for the target.
include the context of where the user object is located. For example,
instead of entering ADMIN as the username, enter a complete name such
as .CN=ADMIN.O=COMPANY_NAME or .ADMIN.COMPANY_NAME.
exists in an eDirectory container that is different from the context set on
the server running SBCON.
7 If a password is requested, enter the password for the target.
SBCON will take a few moments to attach to the target. Wait for the
confirmation box, and then press any key to continue.
8 Enter a descriptive name for the restore session in the Description field.
The descriptive name of the job will help you identify the session.
9 Select the device and media for restore by pressing Enter at the Device/
Media Name field and decide where you want to restore from.
If you enter *.* (DEVICE NAME.MEDIA NAME), the engine selects
the device and media that it encounters first.
indicating that the media cannot be identified. You should set the label
before selecting it for a backup job.
10 On the Select a Session screen, select the Session to Restore.
WARNING: TSA600.NLM backs up files in compressed or uncompressed format
as specified by the user. However, if you try to restore a compressed file to a

103-000134-001
August 29, 2001
Novell Confidential
volume without compression, the file is corrupted and no error message is

displayed.
11 Specify the path to the session log file of the session you want to restore.
Use one or more of the following methods:
Press Enter to accept the default; then go to Step 12 on page 65.
Press Insert to select from a list of directories, press Esc to return to
the previous window, and then go to Step 12 on page 65.
Press Backspace over the path shown (or a portion of the path), type
in a new directory or path, and then go to Step 12 on page 65.
Press Insert any time during this process to choose parts of the existing
path from a list.
NOTE: At the present, it takes the default. This will be implemented in the future
release.
12 When a list of sessions is displayed, select the session you want to restore.
If the media on which the data resides is not loaded on the device you
choose, you will be prompted to insert the correct media.
13 Select Advanced Options to make the selective restore.
The Advanced Restore Options screen appears. See “Customizing
Restore” on page 66. You can perform the advanced restore, specify the
execution time, reschedule the job, etc., using this form.
14 Complete the Advanced Restore Options form.
15 Press Esc and answer the prompt at the Submit Job screen to begin the
restore session.
16 Press Alt+Esc to view the activity log screen.
If the job execution starts and is not successfully completed, the error
messages appear on this screen. The activity log file ACTIVITY.LOG is
located at the server's SYS:\SYSTEM\TSA\LOG directory.
17 To view the Run Time Status of a job, select Job Administration >
Current Job List > job name.
18 When the restore session finishes, your screen display reads the
following:
The restore process was completed normally.
19 To return to the Main Menu, press Esc as required.
Setting Up 65

103-000134-001
August 29, 2001
Novell Confidential
The Esc key allows you to exit SBCON one screen at a time until you
reach the Main Menu. If you want to exit SBCON, answer the
confirmation prompt.
NOTE: To unload SBCON and applicable Target Service Agents, see “Unloading
SBCON” on page 47.
Customizing Restore
Using the Advanced Restore Options form at the server, you can perform a
custom restore of the database you need.
3 Select Rename Data Sets to restore data to a location different from the
backup location.
4 At the Restore Datasets to a Different Location screen, do the following:
4a Press Insert to select the namespace type.
4b Enter the source path (where the data originally was backed up
from).
4c Enter the destination path you want the data restored to, in the entry
box.
Both the source and destination paths must include the volume names (for
network server) or the hard disk drive letter (for example, C:\) for
workstations.
IMPORTANT: When you specify a particular portion of the file structure as the
source location, it does not necessarily mean that this will be the only data
restored. What is restored can be influenced by the include and exclude settings
on the Subsets of What You Want to Restore form. If you do not want to overwrite
any subdirectories that might exist in the area you have included, you must
specifically exclude them by their full path.
5 Select Subsets of What to Restore.

Use this screen to specify which parts of the file structure you want to
restore. Various data sets to be included or excluded are listed in this
form. You can include or exclude any or all items listed. For more
information about including and excluding items, see “Exclude and
Include Options” on page 17.

103-000134-001
August 29, 2001
Novell Confidential
The screen lists major and minor resources. Default indicates that none of
that type of subset has been specified.
6 To specify a subset, do the following:
6a Select any item on the screen.
6b Edit the Include or Exclude screens using Insert and Enter.
6c Press Esc to save changes.
6d To view a list of values associated with major TSA resources (for
example, server or volumes) select either the include or exclude line.
The Selection List Options form appears. Any value you previously
selected is shown on the form. If you did not select a value, the form
is blank.
6e To select a value for this major resource, press Insert and select the
value from the list that appears by pressing Enter.
7 Select Open Mode Options and select parts of the backed up data
structure to be restored.
The backed-up data set contains various types of data that are listed on the
screen. By default, all the types of data are included in the restore.
7a To exclude a particular type of data from the restore, select that line
and type Y.
7b When all the data items are selected correctly, press Esc.
8 Specify whether to overwrite the existing parent by typing Y (Yes) or N
(No).
For more information, see “Overwriting a Parent or Child” on page 20.
9 Specify whether to overwrite the existing child by typing Y (Yes) or N
(No).
10 Specify the execution time.
11 Select Scheduling to reschedule the job.
12 Press Esc as required and then select Yes to confirm the Submit Job?
prompt.
The job is submitted and is listed in the Current Job List menu.
Setting Up 67

103-000134-001
August 29, 2001
Novell Confidential
Restoring Data from a Workstation

When you restore data, you are copying your backed up data to a server or
workstation.
1 Run NWBACK32.
You can run the NWBACK32 program (NWBACK32.EXE) from
SYS:PUBLIC.
2 At the Quick Access window, click Restore.
3 Click What you Want to Restore.
3a Double-click What to Restore.
3b Select the context.
3c Double-click Queues and select the queue.
3d Double-click Servers and select a server.
3e Double-click Devices and select a device.
3f Double-click the device to view the media list.
3g Select a medium.
4 Click where you want the restored data to go.
4a Double-click Where to Restore.
4b Select eDirectory, NetWare Servers, or Workstations.
4c Click the server to which you want to restore your data.
4d Enter your username and password to authenticate to the server.
4e Click OK.
5 Submit the restore job by clicking Restore > Submit the Job on the
toolbar.
6 (Optional) Click Next to display more information about the restore.

103-000134-001
August 29, 2001
Novell Confidential
Restoring eDirectory
The procedures in the following sections are performed at the beginning of the
restore process.
“Restoring a Volume Other Than SYS:” on page 69
“Restoring Volume SYS: in a Single-Server Network” on page 69
“Restoring Volume SYS: in a Multiple-Server Network” on page 70
“Restoring the Entire eDirectory Tree Structure” on page 72
Restoring a Volume Other Than SYS:

WARNING: Do not delete the Volume object for the failed volume from the
eDirectory tree structure. The Volume object preserves any references that other
objects (such as Directory Map and Queue objects) might have to that volume. If
the Volume object is deleted and you have objects that depend on this volume, you
must re-establish the relationships through a selective eDirectory restore. See
“Custom eDirectory Restore” on page 73.
1 Bring down the server.
2 Correct the problem.
3 Bring the server back up and re-create the volume.
4 Perform an advanced file system restore.
See “Customizing Restore” on page 66 for the procedure.
Restoring Volume SYS: in a Single-Server Network
eDirectory information from a replica. After repairing or replacing the failed
hardware, you must restore the entire NetWare environment, including
eDirectory, from an SMS backup.
To restore a single SYS: volume, do the following.
1 Correct the problem that caused volume SYS: to fail.
2 Reinstall NetWare and eDirectory.
When NWCONFIG asks for the names for Organization objects
immediately under the [Root] object, use the same names that existed
before in the eDirectory tree. Otherwise you will end up with new, empty
containers in the restored eDirectory tree structure.
Setting Up 69

103-000134-001
August 29, 2001
Novell Confidential
Make sure disk partitions are at least as large as they were before, and that
the volumes are defined as before.
3 Restore eDirectory using “Customizing Restore” on page 66.
Restoring Volume SYS: in a Multiple-Server Network
To restore SYS: volumes on several servers, do the following.

1 Restore the server-specific eDirectory information file
(SERVDATA.NDS) to another server on the network following the
custom (advanced) file system restore (see “Customizing Restore” on
page 66).
By default, the file is placed into the SYS:SYSTEM\server_name
directory on the server you have selected.
2 Use the DSMISC.LOG file (part of the information restored with the
server specific information) to see if the failed server had a master replica
of any partition.
3 If the failed server had a master replica of any partition, select the server
you want to hold the master replica and load DSREPAIR on that machine.
3a Select Available Options > Advanced Options Menu.
3b Select Replica and Partition Operations.
NOTE: Use the NDS Manager utility to perform regular partition operations.
3c Select the partition you want to edit.

3d To see the list of servers that have replicas of that partition, select
View Replica Ring.
3e Press Esc.
3f Select Designate This Server as the New Master Replica.
3g Repeat Steps 3a through 3f for each master replica that the failed
server contained.
4 (Conditional) If the failed server contained any replicas, remove them.
4a Select Available Options > Advanced Options > Replica and
Partition Operations.
4b Select the partition the server held replicas of.
4c Select View Replica Ring.
4d Select the name of the failed server.

103-000134-001
August 29, 2001
Novell Confidential
4e Select Remove This Server from the Replica Ring.

4f Enter the supervisor name and password.
4g Select Yes to continue.
5 Exit DSREPAIR.
6 Reinstall NetWare.
6a Begin the installation.
6b When prompted for DS install, select Create a New DS Tree and
complete the installation.
6c Load NWConfig and remove DS.
6d Install DS, when prompted for DS install and select Install into an
Existing Tree.
6e When prompted to choose a eDirectory tree structure, press F5.
This allows you to choose to restore the SERVDATA.NDS file to the
failed server.
6f To specify the path where the SERVDATA.NDS file exists, press F3
and enter the path.
HINT: If the information fits on a diskette, you can save the information on a
diskette instead of another server on the network.
6g Press Enter to accept the path.

6h Log in to the server that contains the SERVDATA.NDS file.
6i Log in to the eDirectory database.
6j If the START.NCF file of the failed server is different from the
default, you can edit the default file.
6k You now can choose from the following:
To continue the install and not copy the files from install, but use
the backup tapes to finish restoring the information, press Enter.
To go back to the previous screen, press Esc.
To copy the files from install and then restore the files from tape,
press F3.
7 Restore the file system using “Restoring Data” on page 62.
Setting Up 71

103-000134-001
August 29, 2001
Novell Confidential
Restoring the Entire eDirectory Tree Structure
To restore an entire network from a full backup in a multiple-server

environment, do the following:
1 Reinstall NetWare on the first server.
By default, this server will hold the master replica of the [Root] partition.
When NWCONFIG asks for the names of Organization objects
before in the eDirectory tree.
In NWCONFIG, select Directory Options > Directory backup and restore
options to obtain the information.
Otherwise you will end up with new empty containers in the restored
eDirectory tree.
When this installation is complete, you will have a working eDirectory
tree containing one NetWare server with a master [Root] partition.
2 Add name spaces as required.
3 Install the remaining servers to complete a skeleton of your network.
Before restoring a full eDirectory session, you should create a skeleton of
your network.
All servers and volumes should be up and running.
The eDirectory objects should exist in the eDirectory tree in the same
context as before. (NWCONFIG prompts you for the container in
which you want each server to be placed.)
Make sure all servers are communicating with one another.
Make sure time synchronization is working properly.
NOTE: If you can get some, but not all of the servers backed up, you can still
proceed with the restoration. However, you might see errors and experience
problems due to eDirectory objects having dependencies that cannot be resolved.
The User object (Admin or equivalent) used to create the backup session
must exist in the same container with the same password and eDirectory
rights as when the backup was performed.
Once this step is completed, you still have just one partition: [Root].
Because of the NWCONFIG program defaults, you now have two
replicas of that partition. These are stored on the second and third servers
you installed.
4 Restore eDirectory on one server using “Restoring Data” on page 62.

103-000134-001
August 29, 2001
Novell Confidential
eDirectory Restore Session Types

You can choose to restore eDirectory in one of the following ways:
“Single Server or an Entire Tree Restore” on page 73
“Custom eDirectory Restore” on page 73
“Custom File System Restore” on page 74
“Server-Specific Information Restore” on page 76
“Single File or Directory Restore” on page 76
Single Server or an Entire Tree Restore

1 Restore the entire eDirectory session from your SMS backup.
You will have no session file to work from at this point. Choose the option
to restore without session files.
2 Continue through Step 15 on page 65 to Step 19 on page 65 to restore
eDirectory.
Custom eDirectory Restore
To perform a custom eDirectory restore, do the following.

1 Enter SBCON at the server console prompt.
2 Select Job Administration.
3 Select Restore Options > Advanced Restore Options > Subsets of What
to Restore.
4 To specify a subset, do the following.
4b Edit the Include or Exclude screen using Insert and Enter.
4c Press Esc to save your changes.
5 Specify whether or not to overwrite the existing parent or child.
A parent is a container. A child is an object, which is the lowest level of
If you want to overwrite the parent or child that exists on the hard disk,
regardless of whether the existing version or the backed-up version has
the latest date, accept YES for parent, child, or both.
Setting Up 73

103-000134-001
August 29, 2001
Novell Confidential
If you do not want to overwrite the parent or child that exists on the hard
disk, regardless of whether the existing version or the backed-up version
has the latest date, select the option (parent or child or both), and enter N.
6 Continue through Step 14 on page 65 to Step 19 on page 65.
Custom File System Restore
To perform a custom file system restore, do the following.

2 Select Job Administration > Restore Options > Advanced Restore
Options > Subsets of What to Restore.
The screen lists major and minor resources. The word DEFAULT
indicates that none of that type of subset has been specified.
4 (Conditional) If you want to exclude certain types of data from the restore
session, select Job Administration > Restore Options > Advanced Restore
Options > Open Mode Options, and then edit the form.
The backed-up data set contains the various types of data items listed on
the screen. By default, all types of data items are included in the restore.
If you want to exclude any item, select it and enter Y. Press Esc when you
are finished editing the form.
5 (Optional) Restore data to a different workstation or location on a
different NetWare server.
5a Back up the data from the server where it resides.
5b Exit to the Main Menu.
5c Select Change Target to Back Up From or Restore To screen from
the Main Menu.
See “Changing Your Target” on page 61.
6 (Optional) Restore data to a different workstation or location within the
backed-up server's file system structure.

103-000134-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Follow these important rules about restoring to a new location:

When you specify a particular portion of the file system structure as
the source location, it does not necessarily mean that this will be the
only data restored. You can influence what is restored by using the
Include and Exclude options on the Choose Subsets Of What You're
Restoring screen (Job Administration > Restore Options > Advanced
Restore Options > Subsets of What to Restore).
You can restore only to a new location in the name space that is
supported by the drive you are restoring to.
OS/2 workstation only—On an HPFS drive you can rename only in
the OS/2 name space, and on a FAT file system you can rename only
in the DOS name space. However, SBCON displays both names
spaces in the log file even though only one is valid.
If you do not want to overwrite any subdirectories that might exist in
the area you have included, you must specifically exclude them by
their full path.
6a Go to Subsets of what you want to restore, press Enter, and then
Insert, select the name space you want, and enter the name you used
for your backup at the Enter the Data Set Name field.
6b Enter the full directory path of the source including the volume
name.
6c Enter the full directory path to the new destination.
6d Press Esc to save your changes.
NOTE: The eDirectory Target Service Agent (TSANDS) does not support
restoration of data to a different location.
7 Specify whether to overwrite the existing parent or child.

A parent might be a server, a volume, or a directory. A child is a file,
which is the lowest level of the file system structure.
the latest date, accept YES for parent or child or both.
If you don't want to overwrite the parent or child that exists on the hard
has the latest date, select the option (parent or child or both), enter N.
Setting Up 75

103-000134-001
August 29, 2001
Novell Confidential
If you want to overwrite the child that exists on the hard disk only if the
date of the backed-up copy on the media is later than the date of the copy
on the hard disk, select Overwrite Existing Child and select the option.
Server-Specific Information Restore
To view and restore server information, do the following.

1 Select Main Menu > Job Administration > Restore Options > Advanced
Options > Subsets of What to Restore > Include Major TSA Resources.
The Selection List Options screen appears and is empty.
2 Press Enter to see the Selection List Options. Press Insert to see the server
specific information.
3 Select the Server-Specific Info and press Enter.
Esc returns you to the Selection List Options.
This will return you to the Choose Subset of the Session to be Restored
screen.
4 Complete the form and press Esc.
This will return you to the Restore Options screen.
5 Complete the Restore Options form and press Esc.
The server-specific information will be restored to the
SYS:SYSTEM\failed_server_name directory of the server on which you
are running SBCON.
Single File or Directory Restore

2 Enter the full path and name of the file or directory, including full
directory and volume names.
The following options appear:
Include/Exclude directories (full path)
Include/Exclude files
Include/Exclude path/files

103-000134-001
August 29, 2001
Novell Confidential
3 Press Insert and enter the name space for the name space format you used
when entering the file or directory name.
The name space allows SBCON to correctly interpret the path
information entered earlier in this menu in either the directory field or the
location field.
IMPORTANT: If files are restored to a new location, the name spaces must be the
same or an error message will occur.
You can restore to a new location only in the name space that is supported
by the drive to which you are restoring.
The supported name spaces are DOS, FTAM, Macintosh, NFS, and long.
SBCON provides a list of the name spaces currently loaded on the target
to which you are restoring.
For example, if you are restoring to a new Macintosh location, enter a
path, (for example, SYS::test:monday) and then enter Macintosh
as your name space.
4 (Optional) Restore to a new location (located in Rename Data Sets).
4a Enter the source path, including the volume name, to the target
directory (a location different from where the data was backed up).
Enter Volume:/directory/directory
4b If the new location you are restoring to is a different NetWare server,
do the following:
1. Back up the data from the server where it resides.
2. Exit to the Main Menu.
3. Change your target to the server you want to restore the data to.
Setting Up 77

103-000134-001
August 29, 2001
Novell Confidential
Completing the eDirectory Restore

If you restored the eDirectory database to volume SYS:, you should complete
the restoration for the following to make sure the eDirectory database is
working properly:
Volume Other than SYS:
To finish restoring eDirectory on a volume other than SYS:, do the following.

1 Bring the server up.
2 (Optional) Verify proper restoration of the data, trustee assignments, file
ownership, and other related information by spot-checking some of the
restored directories and files.
To finish restoring eDirectory on a server, do the following.

1 Restore the full file system following “Restoring Data” on page 62.
To finish restoring eDirectory on multiple servers, do the following.

1 Restore replicas to the server.
The DSMISC.LOG file, which is created when the SERVDATA.NDS is
restored, contains the partition and replica information that resided on the
failed server at the time of the backup. This will show you what replicas
were on the server when it failed.
Commands that might be helpful include RIGHTS /T /S (displays users,
groups and other objects that have explicit trustee assignments in a
directory and its subdirectories) and NDIR (displays owners and other
NetWare file information).

103-000134-001
August 29, 2001
Novell Confidential
Entire Tree
To finish restoring eDirectory on the tree, do the following.

1 Restore the file system information to each server following “Restoring
Data” on page 62.
2 Re-create partitions and replicas.
Partial eDirectory Restores
Certain conditions might arise in special cases involving the backup and
restoration of eDirectory information.
The SMS TSA software allows you to do selective restores from the backup
media. However, partial restoration of eDirectory from a backup can have
many subtle consequences, particularly when only a single object or a selected
group of objects is restored.
For partial eDirectory restores, keep these two main issues in mind:
Object ID numbers—If you restore objects that no longer exist in the
eDirectory tree, those objects receive new ID numbers when restored.
New object IDs affect file system trustees, print queue directories, user
mail directories, etc.
If you restore objects on top of objects that exist in the eDirectory tree,
the objects do not receive new ID numbers. These objects' current
attribute and property information is overwritten with previous
information from the SMS backup.
Objects that depend on other objects—In the eDirectory schema,
objects are defined to have certain attributes. Some of these attributes are
mandatory (meaning they must contain a value); others are optional.
For some eDirectory objects, the value for a particular attribute is a
reference to another object upon which the object depends. For example,
Queue object has a Queue Directory attribute that contains the file system
path to the queue directory. It also has a Host Server attribute that
Setting Up 79

103-000134-001
August 29, 2001
Novell Confidential
identifies the file server on which the queue directory resides. This
information is used to determine the physical location of the resource.
The specifics of restoring objects vary depending on what type of object
is involved and whether the object's dependencies are physical entities
(servers and volumes) or logical entities.
In some cases, you can simply restore an object and everything will work
fine. In other cases, an object might be restored but not be functional
unless you first restore its dependent objects.

Restore of cluster-enabled pools is similar to a normal restore session.
See “Restoring Data” on page 62.
supported.

103-000134-001
August 29, 2001
Novell Confidential
3 Managing
After you install and load SBCON, you can manage your jobs, data, devices,
reports, and so on either from the server or workstation. Though the screens
might look different, you can perform the same tasks in each interface.
Be sure to read “Prerequisites for SBCON Tasks” on page 81 before
performing any tasks in this section.
“Administering Jobs” on page 82
“Storage Devices” on page 86
“Erasing or Retaining Media” on page 90
“Spanning Storage Media” on page 92
“Log and Error Files” on page 93
“Creating Session Files” on page 98
“Verifying Backup Data” on page 99
Prerequisites for SBCON Tasks

Before you can manage any backup tasks, ensure the following:
Drivers for your specific device and controller board are loaded.
SBCON files for your specific target are loaded.
The media is inserted into your storage device.
You can see the SBCON Main Menu on your server console or the Quick
Access window on your Windows 95, 98, 2000 or Windows NT
workstation.
Managing 81

103-000134-001
August 29, 2001
Novell Confidential
Jobs
The backup or restore jobs created by you can be administered anytime. You
can delete, hold, reschedule, abort, or enable a job.
Administering Jobs
Jobs can be managed either from the server or from the workstation.
From the Server
On the SBCON Main Menu at the server, the Current Job List option gives you
a job management facility where you can delete a job, hold a job, or enable it
if it has been disabled after a job failure. You can even monitor the status of
the backup/restore jobs you have submitted.
Current Job List provides the following information about all jobs submitted.
The name of the server from which the job was submitted. If you
initiated the job from the client, locate the workstation name. See
“Viewing the Job Queue” on page 83.
The job name that you entered on the Backup Options form. The job
name can be renamed using the Job Details screen if you are rescheduling
it to run another time and you want to change the name. See “Viewing Job
Details” on page 84.
The Hold status. If you want to prevent a prescheduled job from
execution, you can put it on Hold. See “Postponing a Job” on page 85.
The job status, whether it finished the execution of the request, or if
it was submitted for execution at a later time. Other statuses are: active
currently, could not run, processing, failed, and success. The log of each
of these status reports can be viewed using the log and error reporting. For
more details see “Log and Error Files” on page 93.
From a Workstation
From Job Administration at the Quick Access window of a Windows

workstation or at the toolbar, you can access the current list of jobs. If you
select a job, you can see the properties, which include the following:
General properties contains fields for the Job Name, Job Type,
Submitted By, Entry Open, and Serviced By. These fields are the same as
the Job Details screen at the server.
Static properties contains fields for the Job Status, Job Submitted At,
Execution Time, and Job's Rescheduled Count.

103-000134-001
August 29, 2001
Novell Confidential
Dynamic properties contains data that indicates how much data has been
backed up along with the filenames. This dialog box appears when a job
is running and SBSC is loaded on the server.
Enable job allows you to start a job that has been disabled.
Delete the job allows you to remove a job.
Start/Hold the job allows you to start a job that is in the hold state or
place it on hold if it is not in a hold state.
Reschedule options contains fields for changing the backup schedule.
Abort cancels an active job.
“Viewing the Job Queue” on page 83
“Viewing Job Details” on page 84
“Postponing a Job” on page 85
Viewing the Job Queue
You can view the job queue from the server or a workstation.
From the Server

1 Select Main Menu > Job Administration > Current Job List.
The Queue Jobs screen displays a list of all jobs, showing each job name,
hold status, status of the job, and name of the server from where the job
was submitted.
From a Workstation
1 At the Quick Access window, click Job Administration
2 Double-click the context of the queue location.
3 Double-click Queues.
A list of jobs appears.
4 (Optional) Select a job from the list > right-click and then click Dynamic
Properties to view the dynamic properties of the job.
You can also view the properties using the toolbar. Click Job
Administration > Properties.
Managing 83

103-000134-001
August 29, 2001
Novell Confidential
Viewing Job Details
This screen gives you all the details of the job you submitted including job
name, the time the job was submitted, and the time the job should be executed.
You can also schedule the job to run at a predefined time again after its
execution.
You can view job details from the server or a workstation.
From the Server

2 Select one of the jobs listed and press Enter.
The Job Details screen appears displaying the following information:
Job Name—A descriptive name of the job for your identification.
You can change the name if you want to reschedule the job and run
it again.
Disabled— Indicates whether the job is disabled. If it is, this field
displays Yes; if enabled, it displays No. Updates to this field depend
on the job status. If the job status is Could Not Finish, the
message is Yes. You can perform the required troubleshooting and
change this field to No, subsequently allowing the job to execute.
After completion of the job, the Disabled field indicates Yes.
Submitted By—The name of the server where you have submitted
the job. If you submitted the job from a client, it displays the name of
the workstation and is the same as the Owner in the Queue Jobs
screen.
Submitted at—The date and time the job was submitted. The
execution time could be different depending upon the specifications
you defined in Execution Time and Scheduling Options in the same
screen.
Entry Open—The status is Yes when the job is active and No when
it is inactive. This is one of the fields that is updated automatically.
Execution Time—An option to give the time and date when you
want the job to run. It is the same as the Execution Time in the
Advanced Backup Options form.

103-000134-001
August 29, 2001
Novell Confidential
Serviced By—This indicates the name of the server where the job is
to be executed. From a single server, you can submit jobs to various
servers. This field indicates which job is serviced by which server.
This field is active only when the job is active; otherwise, it indicates
None.
Scheduling Options—You can schedule the same job to run at
another time. For information, see “Customizing Backup” on page
53.
Session Report—Press Enter at this field to view the session log
report or the session error report for the particular session you
selected. The same information can be seen in the Error Log File
where it gives a log of all the jobs. For information, see “Viewing a
Log File” on page 93.
From a Workstation
1 At the Quick Access window, click Job Administration.
2 Double-click the context.
4 Select the job from the list.
5 Right-click the job and then Dynamic Properties to view the dynamic
properties of the job.
(Optional) You can view the properties using the toolbar. Click Job
Postponing a Job
This task lets you to place a job on hold from either the server or a workstation.
From the Server

The Queue Jobs screen appears with a list of jobs.
2 Select a job and press Tab.
The job is on hold if Hold is displayed in the column. If no status is
displayed, it is ready for execution at the time you configured it. Press Tab
to toggle holding a job.
Managing 85

103-000134-001
August 29, 2001
Novell Confidential
From a Workstation
4 Select the job to place on hold.
5 Right-click the job and then click Start/Hold the Job.
(Optional) You can also hold the job using the toolbar. Click Job
Administration > Start/Hold the Job.
Storage Devices
The Storage Device Administration option of the SBCON Main Menu at the
server or the Device Administration button at a Windows workstation lists the
devices and the media you can access.
You can perform the following administrative tasks:
“Checking the Device Status” on page 86
“Changing the Device Label” on page 87
“Viewing the Media List” on page 88
SBCON supports autoloader, which holds multiple media within a magazine.
Every magazine has slot numbers given by the manufacturer and each slot
holds a single medium. This is extremely useful when you are backing up a
large server. If one medium is fully written, the SME automatically writes to
the other available media.
IMPORTANT: Any media under a device becomes inaccessible if a job is running
on it because it is reserved by the engine. Any job scheduled to be executed at that
instance will fail.
Checking the Device Status
The Device Status screen displays information about the current status of a
device, such as read, write, and format from the server or workstation. It also
gives information on the storage capacity.

103-000134-001
August 29, 2001
Novell Confidential
From the Server

1 Select Main Menu > Storage Device Administration.
2 Select a device and press Insert.
3 Select Utilities > Device Status.
The Device Status screen is displayed listing the following information:
Current Operation—Indicates whether the device is currently
reading, writing, formatting the media, or none of these.
Device Mode—Indicates whether the device is selected for reading,
writing, or both.
Maximum Capacity—Indicates the total storage capacity of the
media currently present in the device.
4 Press Esc when you are finished to return to the Main Menu.
From a Workstation
1 At the Quick Access window, click Device Administration.
4 Double-click the preferred queue.
5 Double-click Servers.
6 Double-click the preferred server.
7 Double-click Devices.
8 Right-click the device and then click Properties to view the Device Label
or Device Type.
(Optional) You can also view the properties using the toolbar. Click
Device Administration > Properties.
Changing the Device Label
The default names for storage devices are controlled by the device
manufacturers. These names are often not descriptive, so you change the name
of the device during multiple backup sessions. However, this change is
temporary, and it is lost after a reboot. If you have several devices, it might be
difficult to remember which name goes with which device. For this reason,
renaming storage devices is helpful.
Managing 87

103-000134-001
August 29, 2001
Novell Confidential
You can change a device label from the server or a workstation.

From the Server

2 Select a device name and press Insert.
3 Select Utilities > Change the Device Label.
4 Enter the new name in the field.
5 Press Esc as required to return to the Main Menu.
From a Workstation
8 Right-click the device to change.
9 Click Properties > Device Label.
10 Change the name in the Device Label field.
11 Click OK.
Viewing the Media List
This task allows you to view your list of devices from the server or a
workstation.

103-000134-001
August 29, 2001
Novell Confidential
From the Server

A list of devices is displayed.
If no device is displayed in the list, run LIST DEVICES at the server
prompt.
2 Select a device name and press Enter.
The List of Media screen appears displaying the following information:
Slot—The slot number given by the manufacturer.
Media name—The name of the media, which can be changed using
the Utilities menu. See “Erasing or Retaining Media” on page 90.
Number—The sequential number of the media (tape) in a particular
backup set. SBCON automatically labels and appends an
incremental number to any backup session that spans multiple media.
HINT: It takes a lot of time to display the media in an Autoloader. However, once
the media list is displayed, press Tab to access it. This will not rescan the device
for new media. Press Enter only when you remove or add media.
From a Workstation
8 Right-click the preferred device.
9 View the media list.
Managing 89

103-000134-001
August 29, 2001
Novell Confidential
Erasing or Retaining Media
This task erases media headers, erases all data on the media, or retentions
media in tape devices.
The following table describes all media options.
Option Explanation
Change the Media Label This is permanent. Blank media (tape) does not have a label. Before
submitting a job to the media, you need to label it.
Erase the Media This option erases the tape completely. It might take up to two hours,
depending on the size of the media.
Erase the Media Header This is a quick method of making the media appear blank. Although it
is less secure than erasing all the data, this method is quick and
effective.
Media Status This option lets you view the status of the media.
Move the Media This option moves the media from one slot of an autoloader to another
slot. It is not a valid operation on a single media device.
Retention of Media This option is for tape devices that allow retention (for example, 0.25-
inch cartridges). This rewinds the tape, which might resolve a problem
reading the tape. An error appears if the driver does not support this
method on the device.
From the Server

2 Select one device from the list.
3 Select one media and press Insert.
4 Select Utilities > Erase the Media [or] Retention of Media.
From a Workstation

103-000134-001
August 29, 2001
Novell Confidential
8 Right-click the media > click Erase Media [or] Retension.
(Optional) You can also use the toolbar. Click Device Administration >
Media > Erase Media [or] Retension.
Checking the Media Status in a Device
This task lets you check the status of a particular media type from either the
server or a workstation.
From the Server

4 Select Utilities > Media Status.
A screen is displayed listing the following information:
Number in Media Set—The sequential number of the media within
a particular media set.
SBCON automatically labels and appends an incremental number to
any backup sessions that span multiple media.
Creation time—The time the current media label was first used on
this media.
Mount status—Whether the media is Mounted (ready for reading or
writing). There are two status messages:
Mount Pending: The request to mount is waiting to be processed.
Not Mounted: The media not ready to access.
Managing 91

103-000134-001
August 29, 2001
Novell Confidential
Media mode—Whether the media is selected for reading, writing or

both, or whether the mount request is pending.
Media type—The type of media in the device, such as 4mm DDS
(Digital Data Storage) tape, or 8mm tape.
Total capacity—The total capacity of the media, if known.
Sometimes it is not displayed, depending on the media manager.
The type of media manager controls the display of the total capacity
of the media.
From a Workstation
1 Click Device Administration at the Quick Access window.
8 Right-click the preferred media > Properties > Media Status.
Spanning Storage Media

If the storage media you are using does not have enough space for the entire
backup, SBCON will span the media, prompting you to insert additional
media when the first medium is full.
HINT: Always have extra media on hand in case the backup session spans more
than one medium.
SBCON designates the first media as label #1 and increments any subsequent
medium with the same label.
WARNING: To help safeguard your network, SBCON disconnects from the target
when a delayed backup is complete. If the delayed backup session cannot fit on
the media, SBCON prompts you to insert additional media. If additional media are
not inserted, the backup does not finish and SBCON does not disconnect, thereby
compromising security.

103-000134-001
August 29, 2001
Novell Confidential
Log and Error Files

SBCON keeps a list of all the log and error files, which show specific
information about the backup and restore session. See “Session Files” on page
37 for more information.
You can manage these files as follows:
View information contained in the log and error files.
See “Viewing a Log File” on page 93 and “Viewing an Error File” on
page 94 for information.
Create these files.
See “Creating Log and Error Files” on page 96 for information.
Change the location of these files.
See “Setting the Location of Backup Log and Error Files” on page 96 for
information.
Delete these files.
See “Deleting the Log Files” on page 97 for information.
Viewing a Log File
This task lets allows you to view your log file for backup and restore
information from either the server or a workstation. The log file is created on
the host server the first time data is backed up or restored and contains details
about the session.
From the Server

1 From the SBCON Main Menu, select Log File Administration > View a
Log File.
2 If necessary, set the location of the log and error files for a backup session.
(This option is not supported for a restore session.)
To set the location, use one or more of the following methods:
Press Enter to accept the default location, and then go to Step 3 on
page 94.
Press Insert to select from a list of network directories, select a
directory, and then press Esc to return to the previous window, and
then go to Step 3 on page 95.
Managing 93

103-000134-001
August 29, 2001
Novell Confidential
To change the directory, delete the existing directory path and type a
new one, and then go to Step 3 on page 94.
You can also press Insert during this process to select existing parts
of the path from a list.
The backup log displays all supported name space types. The DOS name
space is the first in the group. A right-angle bracket (>) appears next to
the file creator's name space type.
If you have linked UNIX files, SBCON retains both symbolic and hard
links created under the NFS name space type, but links are not listed in
the backup log. Restoring the original file restores associated links.
3 To return to the Main Menu, press Enter and then Esc.
reach the Main Menu. If you want to exit SBCON, press Esc again and
answer the confirmation prompt.
From a Workstation
1 At the Quick Access window, click Reports
6 Right-click the preferred server.
7 Select Session Report.
The server displays where the report is located.
Viewing an Error File
An error file records any errors that occurred during the backup or restore
session. (See “Session Files” on page 37.) It can be viewed from the server or
a workstation.

103-000134-001
August 29, 2001
Novell Confidential
From the Server

1 From the SBCON Main Menu, select Log File Administration > View an
Error File.
page 95.
Press Insert to choose from a list of network directories, choose a
directory, press Esc to exit and then go to Step 3 on page 95.
Restore errors are appended to a session's backup error file. A Restore
Session Begins message marks the beginning of the restore errors,
if any exist.
If you linked UNIX files, symbolic and hard links created under the NFS
name space type might not be restored if the pathname is not recognized.
When this happens, the error file contains messages similar to the
following:
Error restoring namespace specific information of
XXXX:tmp/hosts in NFS namespace, error 0x7!
Unable to allocate directory handle for XXXX:tmp/test!
3 When you are finished viewing the file, press Esc.
respond at the confirmation prompt.
From a Workstation
1 At the Quick Access window, click Reports.
Managing 95

103-000134-001
August 29, 2001
Novell Confidential

7 Select Error Report.
Creating Log and Error Files
If you do not know what is on the media, or you have lost or deleted the log
and error files, you can re-create them.
To create a log or error file, see “Creating Session Files” on page 98.
Setting the Location of Backup Log and Error Files
Every time you do a backup, you are required to set a location (or directory
path) for the log and error files. The restore log and error files are always
located in the directory, SYS:SYSTEM/TSA/RESTORE.
You can set the location when requested in the backup procedures, or you can
use the following method prior to beginning the backup procedures.
1 From the SBCON Main Menu, select Log File Administration > Set
Location of Log and Error Files.
2 Set the location using one or more of the following methods:
Press Enter to accept the default location, and then press Esc to return
to the Main Menu.
directory, and press Esc twice to return to the Main Menu.
a new directory or path, press Enter, and then press Esc to return to
the Main Menu.
3 Press Esc when finished to return to the Main Menu.

103-000134-001
August 29, 2001
Novell Confidential
Deleting the Log Files
SBCON allows you to overwrite sessions and reuse storage media.

When you delete the log file for a session using the following procedure, you
automatically delete the corresponding error file as well.
To prevent outdated session information from taking up disk space and to help
prevent confusion when you select sessions to view or restore, delete the
session log files for any session that has been overwritten.
NOTE: You cannot delete log and error files at the workstation.
To delete the log and error files from the server, do the following.
Log File.
2 If you have not set the location of log and error files, do so now using one
or more of the following methods:
page 97.
Press Insert to select from a list of directories, select a directory, press
Esc to return to the previous window, and then go to Step 3 on page
97.
a new directory or path, and then go to Step 3 on page 97.
You can also press Insert during this process to select existing parts of the
path from a list.
3 Select the description of the session that you have overwritten (or plan to
overwrite) and press Delete.
A confirmation prompt is displayed.
4 To delete the log and error file for that session, click Yes.
Managing 97

103-000134-001
August 29, 2001
Novell Confidential
Creating Session Files
and error files, you can re-create them from either the server or a workstation.
From the Server

1 From the SBCON Main Menu, select Job Administration > Create
Session File.
The Session Files Options screen appears.
2 Enter a descriptive name.
3 Select the media you will be using.
If you have only one loaded, press Enter to accept the default.
4 To verify the media, press Enter.
SBCON reads the media and shows you the selected session.
5 Confirm the creation of the session files.
If the session selected is the session you want for log and error file
creation, click Yes, Create Files for This Session.
If the session selected is not the session you want for log and error file
creation, click No, Go to the Next Session.
If you elect to create session files, they will be created in the location you
chose.
From a Workstation
1 At the Quick Access window, click Create Session.
4 Select the preferred queue.
6 Select the preferred server.
8 Select the preferred device.

103-000134-001
August 29, 2001
Novell Confidential
9 Select the preferred media.

10 Right-click the job and select Submit the Job.
11 Check the appropriate fields in the Submission of Job dialog box.
Verifying Backup Data
This option allows you to check the data on the media from either the server
or a workstation to make sure it has been backed up properly, and to check
later that the data is valid and can be restored.
You can verify the backup data in two ways:
If you know what sessions are on the media and you have the log and error
files, you can select the session from the list.
If you do not know what sessions are on the media, and if you are not sure
the log and error files still exist, you should create the session files.
From the Server

1 Select Main Menu > Job Administration > Verify
The Verify Options screen appears.
2 Enter a descriptive name for the verify job.
3 Select the device and media of the job.
You can also manually enter this in the form device name.media name.
4 Press Enter in the Session to Restore field.
A list of all backup sessions is displayed in the Select a Session screen.
5 Select a session from the list.
6 Submit the job after confirming the Submit Job? prompt.
7 Select Job Administration > Current Job List.
8 Select the job you have submitted.
If there were no problems with the verification or the data, the Run Time
Status screen displays the following message:
The verification process was completed normally.
Managing 99

103-000134-001
August 29, 2001
Novell Confidential
From a Workstation
1 At the Quick Access window, click Verify.
2 Double-click the context if necessary.
8 Double-click the preferred device.
9 Right-click the preferred media.
10 Select Submit the Job.
11 In the Submission of Job dialog box, click the session.
12 Click Finish.

103-000134-001
August 29, 2001
Novell Confidential
4 Optimizing
This chapter discusses the following topics:

Whether you should compress your files before backup. See
“Compressed Files” on page 101.
How to increase speed when backing up your files. See “Host Server
Performance” on page 102.
How to enhance or optimize server performance. See “Setting Minimum
Packet Receive Buffers” on page 103.
How to synchronize memory between your media and your server. See
“Setting Reserved Buffers Below 16 MB” on page 103.
Compressed Files
WARNING: SBCON and file compression should not be run simultaneously.
Because the default time for both delayed SBCON sessions and compression is
midnight of the current day, change one of these defaults to another time
immediately.
If you want to perform a delayed backup that includes files flagged for
compression, schedule the delayed backup after the compression time to allow
time for the compression to be completed.
When a NetWare 6 volume is mounted, file compression is set to On by

default. When you perform a backup, you can specify whether to keep already
compressed files in a compressed state for the backup, or back them up in a
decompressed state.
Optimizing 101

103-000134-001
August 29, 2001
Novell Confidential
To help you make a decision about whether to compress or decompress your

backed up data, follow these guidelines:
Backups are faster if files already compressed are left compressed.
Compression is not supported in some environments (such as a NetWare
3.11 server, a DOS workstation, or Novell Storage ServicesTM). If you
intend to restore a file that is currently compressed to an environment that
does not support compression, back it up in a decompressed state.
The SBCON utility has no compression feature, so it cannot compress a
file that is currently decompressed.
If volume compression is turned on and you back up compressed files in
a decompressed state, restore speed is degraded if you overwrite existing
files.
To improve restore speed, delete the files you no longer want from the
hard disk before restoring them from the backup media. If you back up
compressed files in a compressed state, restore speed is not affected.
You might run out of disk space if you restore decompressed files to a
volume that compresses files.
Host Server Performance

The speed of the SBCON utility depends upon the configuration of the host
server and whether the server is backing up its own data or that of another
server or workstation.
For information on server configuration and setting parameters, see
Communications Parameters and File Caching Parameters under SET in
NetWare Utilities Reference.
A server backing up its own data runs about twice as fast as a server backing
up data from another server.
This section includes four options using LOAD and SET commands that can
enhance your host server's performance.

103-000134-001
August 29, 2001
Novell Confidential
Setting Minimum Packet Receive Buffers
Packet receive buffers represent the space in the server memory dedicated to
handling network traffic. If the buffers are set too low, the server performance
may be degraded.
To reset the packet receive buffers at the server console prompt, include the
following SET command in the STARTUP.NCF file:
SET MINIMUM PACKET RECEIVE BUFFERS = X
The x represents the number of buffers. Set two buffers for each user on the
system. The minimum is 10. The changes will take effect immediately.
Setting Reserved Buffers Below 16 MB
If your storage device driver requires memory below 16 MB and the server has
more than 16 MB available to it, you must reserve memory below 16 MB for
the driver.
To change the reserve memory at the server console prompt, include the
following command in the STARTUP.NCF file:
SET RESERVED BUFFERS BELOW 16 MEG=X
Replace the x with a number between 8 and 300. The default is 200.
Setting Maximum Subdirectory Level and Minimum Cache Buffers
If you change the maximum subdirectory level in the server's STARTUP.NCF

file, you must also change the minimum cache buffer. The default maximum
subdirectory level is 25.
To change the cache buffers at the server console prompt, include the
following commands in the AUTOEXEC.BAT file:
SET MINIMUM FILE CACHE BUFFERS=X
SET MAXIMUM DIRECTORY CACHE BUFFERS=X
This command changes the minimum and maximum directory in MONITOR

> Available Options > Server Parameters. The changes will take effect
immediately.
Optimizing 103

103-000134-001
August 29, 2001
Novell Confidential

103-000134-001
August 29, 2001
Novell Confidential
5 Troubleshooting
Common Backup Problems

The media owner is unidentified
Possible Cause: Media is blank or was written in a non-SIDF format.
Action: See “Checking the Media Status in a Device” on page 91.
Backup speed is slow

Possible Cause: Compressed files are being backed up in a decompressed format.
Action: See “Compressed Files” on page 101.
Restore speed is slow

Possible Cause: File compression and SBCON are running at the same time.
Compressed files are being overwritten with decompressed files.
Action: See “Host Server Performance” on page 102.
The target you want is not listed

Possible Cause: The Target Service Agent isn't loaded on the desired target.
Action: See “Backing Up Data” on page 49.
Possible Cause: Insufficient time to list the targets.
Action: Allow more time for the software to find the target.
Possible Cause: The host and target are physically far apart and network traffic is heavy.
Action: Wait to perform a backup during nonpeak hours or when fewer users are
logged in.
Troubleshooting 105

103-000134-001
August 29, 2001
Novell Confidential
Data is corrupted, but no error message was given

Possible Cause: Compressed files were restored to a volume without compression.
Action: See Step 10 on page 64.
You (the network administrator) can't back up a workstation

Possible Cause: The /Password option is set and is denying access to data on the workstation.
Action: See “Setting Rights to Back Up Portions of the eDirectory Tree” on page 26.
Possible Cause: Backup was attempted from two different servers at the same time. One
succeeded and the other one failed.
Action: Check to make sure all necessary backup software is installed loaded.
A backup does not contain all changes

Possible Cause: Differential and incremental backups were combined.
Action: Use one or the other of these types in conjunction with full backups. See
“Backup Types” on page 16.
Changed files are not recognized

Possible Cause: The modify bit was cleared after the last customized backup, so changed files
are not recognized.
Action: See “Backup Types” on page 16.
Unable to find the session log file you want

Possible Cause: It might be in a different directory or you might have deleted it accidentally.
Action: See “Deleting the Log Files” on page 97.
Pressing Insert on a device list does not produce a media list at the server
Possible Cause: No medium has been selected.
Action: Use the Select option at the bottom of the screen.
The Time Form Is Invalid message displays when you try to schedule a delayed
backup
Possible Cause: The date has been entered incorrectly in the time form.
Action: Check that the scheduling has been entered correctly.

103-000134-001
August 29, 2001
Novell Confidential
Files were restored but the error file contains a message specifying which name
space formats were not restored
Possible Cause: The file attributes and name space formats are not configured on the volume
you restored to.
Action: Check to make sure you selected the correct name space.
Can't list devices or see the Session/Error Report from the client and the message
Unable to Establish Communication with Server appears
Possible Cause: A client-server communication problem.
Action: Check whether SBSC is loaded on the server. If not, load it.
If SBSC is already loaded, unload and reload it again.
Troubleshooting 107

103-000134-001
August 29, 2001
Novell Confidential

103-000134-001
August 29, 2001
Novell Confidential
Novell
NetWare 6 ®
www.novell.com
S TO R A G E M A N A G E M E N T S E RV I C E S
August 29, 2001

Novell Confidential
Contents
Preface 7
1 Overview 9
Backup Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
SMS Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Supported Storage Devices and Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Storage Management Engine (SME) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Storage Management Data Requester . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Memory Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Backup Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Backup Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Customizing Your Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Scan Data Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Keeping a Backup Logbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Planning a Backup Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Preparing to Back Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Determining an Appropriate Backup Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Backups and eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Backups and the File System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Backups and Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Target Service Agents (TSAs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Restore Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
How SMS Restores Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Restore Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Restoring eDirectory and the File System . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Restoring Cluster-enabled Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Session Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Log and Error Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2 Setting Up 41
SBCON Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Before Loading the Backup Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Before Running the Backup Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Customizing the NetWare Server as the Backup Server . . . . . . . . . . . . . . . . . . . . 43
Loading Controller and Storage Device Drivers on the Server . . . . . . . . . . . . . . . . . 44
Loading the Target Service Agents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Contents 5

103-000134-001
August 29, 2001
Novell Confidential
Loading SBCON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Unloading SBCON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Loading NWBACK32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Exiting NWBACK32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Backing Up Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Backing Up from the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Backing Up from a Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Backing Up Cluster-enabled Pools from the Server . . . . . . . . . . . . . . . . . . . . . . 56
Backing Up a Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Changing Your Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Changing a Target at a Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Changing a Target at a Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Restoring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Restoring Data from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Restoring Data from a Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Restoring eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
eDirectory Restore Session Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Completing the eDirectory Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Restoring Cluster-enabled Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
3 Managing 81
Prerequisites for SBCON Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Storage Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Spanning Storage Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Log and Error Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
4 Optimizing 101
Compressed Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Host Server Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Common Backup Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

103-000134-001
August 29, 2001
Novell Confidential
Preface
Novell® Storage Management ServicesTM (SMSTM) is a collection of software

programs that provides backup and restore services. These services are
performed by a collection of components that are independent of operating
systems and hardware.
You can backup SMS Targets such as Novell eDirectoryTM, binderies, the file
system, cluster-enabled pools or an individual workstation's hard disk onto a
media that can be stored off-site. If you have a hardware failure, natural
catastrophe, corrupted data, or incorrectly deleted or changed data, you can
recover a previous version of the data.
Preface 7

103-000134-001
August 29, 2001
Novell Confidential

103-000134-001
August 29, 2001
Novell Confidential
1 Overview
Backup services is an essential piece of the Novell® Storage Management

ServicesTM (SMSTM) software, a collection of services that provides backup,
restore, and data migration. These services are performed by various
components and are independent of operating systems and hardware.
“Backup Services” on page 9
“Restore Services” on page 31
Backup Services
Storage Management Services (SMS) allows you to back up SMS targets such
as eDirectoryTM, the file system, cluster-enabled pools, or hard disks on
individual workstations to media such as a tape drive for off-site storage, and
gives you a periodic view (daily, weekly, monthly) of your data. Then in case
of hardware failure, natural catastrophe, corrupted data, or incorrectly deleted
or changed data, you can retrieve a previous version of the data.
Backup services provides information on supported devices, the SMS
architecture, memory requirements, types of backup offered, customizable
options, schedules, how to back up eDirectory, how to back up the file system
(both traditional NetWare® file system and Novell Storage ServicesTM), how
to back up cluster-enabled pools, and how to use Target Service Agents (TSA).
Overview 9

103-000134-001
August 29, 2001
Novell Confidential

“Backup Types” on page 16
“Customizing Your Backup” on page 16
“Keeping a Backup Logbook” on page 21
“Preparing to Back Up” on page 22
“Backups and eDirectory” on page 23
“Backups and the File System” on page 27
“Backups and Clusters” on page 29
SMS Components
Storage Management Engine (SME) for backup and restore operations.
Novell provides the SBCON utility as a basic SME for NetWare.
See “Storage Management Engine (SME)” on page 12 for more
information.
Storage Management Data Requester (SMDR) for passing
communication between the backup program (see “Storage Management
Data Requester” on page 13) and the TSA software (see “Target Service
Agents (TSAs)” on page 30.)
Storage device interface is used to pass information between the SME
and the storage device.
Device drivers are used to control the behavior of the storage devices.
Target Service Agents (TSAs) pass requests and commands between the
SME and server or eDirectory database, and prepare the data for the SME.
TSA600.NLM must be loaded on the server where the data is to be
backed up.
See “Target Service Agents (TSAs)” on page 30 for more information.
TSAProxy (TSADOS for DOS workstation) is used to register the
workstation with the host server. TSAProxy also identifies and keeps
track of the stations waiting to be backed up. It receives "I am here"
messages from workstations available to be backed up. The TSAProxy

103-000134-001
August 29, 2001
Novell Confidential
keeps the names of these workstations in an internal list and displays the
list, allowing you to select a target for a backup or restore procedure.
The SBCON process involves two machines:
The host server is typically the NetWare server running the backup
program. The SMS components will include the backup engine, the
SMDR, the Storage Device Driver, the tape device, and the required
Target Service Agents.
A target server is the NetWare server that contains the data to be backed
up or restored. Depending on the data to be backed up, the appropriate
Target Service Agent must be loaded.
Target Software Host Software
Server
NetWare 6 NetWare 6
T
S TSA600 Storage Management Engine (SME) NetWare 6
A T
S TSA600
Server Storage Management Data Requester (SMDR) A
NDS DOS
T Storage Device Driver T Partition
S TSANDS S
A A TSADOSP
Server
Storage Device
SBCON can also be loaded and used on one machine.

SBCON uses an application on the host server to communicate with modules
on target devices. The application reads the information from the target device
and sends it to a storage medium, such as a tape drive.
Overview 11

103-000134-001
August 29, 2001
Novell Confidential
Supported Storage Devices and Drivers

SBCON supports 0.25-inch, 4mm, and 8mm storage devices. If you are using
4mm tape, use only DDS (Digital Data Storage)-certified, computer-grade
tapes.
IMPORTANT: To ensure reliable operations, pretest all media storage devices
that are not Novell certified with the appropriate NetWare device driver and SBCON
backup and restore utility.
Use the driver files recommended by your hardware manufacturer.
Storage Management Engine (SME)

The Storage Management Engine (SME) is central to the SMS architecture.
The SME communicates with the network clients to back up and restore
information.
SBCON has three modules:
User interface - Creates a job and submits to the NDS Queue.
Q Manager (QMAN) - Takes the job from the NDS Queue which is ready
for execution.
Engine - Completes the job.
Q Manager facilitates multiple job scheduling plus other features. Loading Q
Manager automatically loads the backup engine. The user interface can be
loaded after you load the Q Manager. See “Setting Up” on page 41 for
information on Q Manager.
SME
User Interface
NDS Queue Q Manager
1 2 3
1 User Interface creates a job and submits to the NDS queue

2 Q Manager takes the job from the NDS Queue which is ready for execution
3 The engine

103-000134-001
August 29, 2001
Novell Confidential
Storage Management Data Requester

The Storage Management Data Requester (SMDR) is the communication
module in the SMS architecture. It provides transparent access to SMS
services in an intranet as it allows access to local or remote SMS services. The
SMDR APIs are used by SBCON and other third-party applications as well.
SMDR uses TCP Port Number 413.
Features of SMDR
The features of the SMDR 6.00 include the following:

Protocol Independence: SMDR 6.00 is protocol independent and does not
depend on Sequenced Packet ExchangeTM (SPXTM) or Internetwork Packet
ExchangeTM (IPXTM) protocols. From NetWare 5.1 onwards, the requester also
uses TCP/IP for communicating with other SMDRs. Although SMDR 6.00
can be configured to support TCP/IP, SPX/IPXTM, or TCP/IP and SPX/IPX,
both protocols are supported by default. SMDR versions prior to 5.00 use the
SPX protocol.
If cluster-enabled pools are to be backed up or restored, use SLP as the
discovery mechanism.
The protocols can be specified in the configuration file, SMDR.CFG (see
“Using the SMDR Configuration File” on page 14 for more information).
NDS Registration and Name Resolution: SMDR creates an SMS Remote
Procedure Call (RPC) object in eDirectory. The default tree of the server (the
tree in which the server is present) is used for eDirectory registration.
The SMS RPC object is defined with the following attributes:
Common Name - Name of the server on which the SMDR is located
Status - Indicates whether the SMDR is active or inactive
Protocol - List of protocols for which the SMDR has listeners
Version - Version number of the SMDR
Services - List of services registered with the SMDR
The SMDR creates an instance of this RPC class at the SMDR Context
location in the server's default tree. The SMDR Context is specified in the
SMDR.CFG file, which can be edited at any given time.
Multiple SMDRs are grouped together to reduce the search scope in
eDirectory. A SMDR Group object defines this search scope. This group
Overview 13

103-000134-001
August 29, 2001
Novell Confidential
represents an instance of a predefined group class in the eDirectory schema.

Any number of such groups can exist in eDirectory. The SMDR can become
a member of one or more groups by registering its object's (SMS RPC object)
context.
When SMDR requires name resolution, it searches all members of the SMDR
Group at SMDR Group Context. The SMDR Group Context and SMDR
Group are specified in the SMDR.CFG file.
Name Resolution Using SAP: SMDR can also be configured to use Service
Advertising Protocol (SAP) for locating other SMDRs in an IPX environment.
Each SMDR advertises the server name where it is loaded using service type
0x23F. But in an IP environment, NDS and Service Location Protocol (SLP)
replaces SAP.
Name Resolution Using SLP: SMDR can also be configured to use Service
Location Protocol (SLP) for locating other SMDRs. This enables SMDRs to
locate other SMDRs running on servers that belong to different trees. Every
SLP enabled SMDR will register itself in the smdr.novell domain when
loaded. The SLP enabled SMDRs will query this domain for locating
registered SMDRs.
SLP, SAP, and NDS discovery mechanisms are enabled by default.
Using the SMDR Configuration File
The SMDR.CFG file is a text file located in the SYS:\ETC\SMS\ directory on

your server.
You can modify the configuration file from the command prompt by entering:
LOAD SMDR NEW
The SMDR Configuration screen is displayed where you can make the
required modifications.
SMDR Configuration Problem
If you try to load SBCON when you have not set the SMDR on a server with
the corresponding eDirectory objects and configuration, SBCON will
autoload the SMDR and prompt you for configuration information. (This
screen is hidden by the SBCON screen). To rectify this problem, press
Alt+Esc to allow the SMDR to complete its setup before loading SBCON.

103-000134-001
August 29, 2001
Novell Confidential
If NetWare Common Install is used to install SMS (see “Customizing the

NetWare Server as the Backup Server” on page 43 for more information), this
problem will not occur. If the SMDR is explicitly loaded for the first time, the
screen for configuration information will not be hidden.
Memory Requirements
To run SBCON, the host server requires the following:
A minimum of 3 MB free memory for SBCON
Memory required to run NetWare 6 (currently 256 MB RAM)
Memory required to run the clients
If 3 MB of memory is not available, try setting the storage buffers lower than
the default and still run SBCON.
Backup Files
Each backup session produces three types of files:
Data files are copied to the selected storage media.
Log files are produced by the engine during backup and restore. Log files
are placed in a directory on the host server and accessed through the
SBCON Main Menu or from a Windows* 95, 98, 2000 or Windows NT*
Error files are produced by the engine while backing up. Error files are
placed in a directory on the host server and accessed through the SBCON
Main Menu or from a Windows 95, 98, 2000 or Windows NT workstation
using NWBACK32.
Both log and error files contain information such as the date, time, and
media identification for a session. But the error file also contains a list of
any errors that occurred during the backup session, such as files that were
not backed up (see “Log and Error Files” on page 93 for more information
on these files). The log and error files are labeled with the same
description you give the session.
Overview 15

103-000134-001
August 29, 2001
Novell Confidential
Backup Types
SBCON has three types of backup sessions:
Full backup—Backs up the entire file system of the selected target
regardless of whether the data has changed since the last backup, and
clears the Modify bit after the backup.
Differential backup—Available only for the file system; backs up only
data that has been changed since the last full or incremental backup.
When you perform a differential backup, the modify bit is not cleared
after the backup. All files modified since the last full backup are included
in the backup (unless they have been deleted). Each differential backup
uses more media and is slower than an incremental backup because it
backs up more files.
IMPORTANT: Do not interchange differential backups and incremental backups.
If you do, the differential backup will not contain all changes since the last full
backup. Use full backups interspersed with differential backups or full backups
interspersed with incremental backups.
Incremental backup—Available only for the file system; backs up only

data that has been changed since the last full or incremental backup
(whichever was last). Incremental backup sessions back up only files that
have the modify bit set (that is, files that changed since the last full or
incremental backup session when the modify bit was cleared).
Customizing Your Backup

All backup types contain advanced options to allow you to customize your
backup. These options allow you to
Choose subsets of data to back up
You can choose specific subsets of a data set to exclude from or include
in the backup session by selecting major resources, such as volumes, files,
directories, or path.
See “Exclude and Include Options” on page 17.
Specify how to scan what you are backing up
See “Scan Data Sets” on page 19.

103-000134-001
August 29, 2001
Novell Confidential
Exclude and Include Options
Whenever you perform a custom backup or restore, you can use the exclude
and include options to select subsets of what you want to back up.
Whether you use exclude or include usually depends on the size of the data
you want to back up, compared to the size of the data you do not want to back
up.
Exclude
To back up most of the file system structure or eDirectory tree structure while
omitting only a small part, use the exclude option to omit the part you do not
want to back up. Everything that you do not specifically exclude is included.
After you exclude part of the structure such as a volume, directory, or
container, you cannot include any subdirectories, files, or objects beneath that
excluded volume, directory, or container.
Include
To back up a small part of the file system structure, use the include option to
specify the data you want. Everything you do not specifically include is
excluded.
When you select only part of the file system structure to include (such as a
volume), all directories, subdirectories, and files under that selection are
included in the backup by default.
In the figure given below, volume SYS: is selected as an include option. All
other areas of the file system structure are excluded from the backup. You can
exclude some subdirectories or files beneath your selection if necessary.

Mail Widget.exe
System
February.prj
Appl
Nu_Artco
Mary Directories
Subdirectories
Files
Thomas Directories
Subdirectories
Files
Overview 17

103-000134-001
August 29, 2001
Novell Confidential
The same principle applies when you specify a directory with the include
option. The figure below shows that all directories, subdirectories, and files
under the NetUsers directory are included in the backup. All other areas of the
file system structure are excluded from the backup.

Mail Widget.exe
System
February.prj
Appl Proposal Tessier.Inc

Nu_Artco
Mary Directories
Subdirectories
Files
Thomas Directories
Subdirectories
Files
The reverse is true when you select a major TSA resource, a directory, or a file
as an exclude option. All other areas of the file system structure are included
in the backup.
Combining Include and Exclude Options
By combining the include and exclude options, you can control what is backed
up.
For example, the following command sequence results in volume HOME
being included in the backup with the exception of the MARY directory and
the WIDGET.EXE file.
Include major TSA resources HOME:
Exclude directories (full path): HOME:NETUSERS/MARY
Exclude path/files HOME:NETUSERS/KARL/PROJECT/WIDGET.EXE

103-000134-001
August 29, 2001
Novell Confidential

Mail Widget.exe
System
February.prj
Appl
Nu_Artco
Mary Directories
Subdirectories
Files
Thomas Directories
Subdirectories
Files
Scan Data Sets

You can specify a different type of data set to be scanned.
A data set is a group of data that can be manipulated by SBCON. Each data
set in the file system structure can be classified as a parent or a child, and each
class includes different types of data items.
Within SBCON, a parent might be a server, eDirectory, a volume, or a
directory. A child is a file, which is the lowest level of the directory structure.
The unit below a parent is not necessarily a child; it might be another parent,
or the line might end with the parent. The unit above a child must always be a
parent.
Overview 19

103-000134-001
August 29, 2001
Novell Confidential

Mail Widget.exe
System
February.prj
Appl
Nu_Artco
Mary Training Workbook

Viewgraph
Script
Schedules June
July
August
Thomas Manuals Widget.Co chapt.1

chapt.2
chapt.3
chapt.4
appx.A
appx.B
glossary
index
Acme.Inc pamphlet
Parents (all units above final) art
maps
Children (final units only) plans
Items in a data set for either a parent or child should be items that do not
frequently change. You might choose to exclude from the backup session one
or more items in the data set of your target.
Overwriting a Parent or Child
SBCON allows you to overwrite all existing parents or children. Children can
be overwritten only if the date on the data set on the hard disk is more recent
than the date of the data set backup.

103-000134-001
August 29, 2001
Novell Confidential
Keeping a Backup Logbook

Keep a hard copy log of your backups in case your online log and error files
become corrupted. The log should contain the following information:
Source backed up (such as the server or workstation name)
Full path for session log and error files directory
Full path for backed-up data
Label of the media on which the backup is stored
Description of the session
Name or initials of the person performing the backup
Date and time of the backup session
Planning a Backup Schedule

Before you begin backup procedures, plan a backup schedule based on your
needs. Consider such factors as the number of users and frequency of changes
to files.
You can perform different types of backups on different schedules:
Daily—Perform an incremental or differential backup after the close of
business. If revisions are heavy and rapid, consider several backup
sessions each day.
Weekly—Perform an incremental or differential backup after the close of
business on the last day of the week for three of the four weeks in the
month.
Monthly—Perform a full backup on the last business day of the month
(for example, the last Friday).
Major changes—Perform a full backup before and after you change your
configuration, and before and after you upgrade your server to a new
version of NetWare.
Application changes—Perform a custom backup before and after you
modify applications.
Overview 21

103-000134-001
August 29, 2001
Novell Confidential
Preparing to Back Up
Careful planning can help you minimize the impact of data loss. Before you
back up, consider the following:
What should be backed up
Where to back up
Backup type
Who should back up
When to back up
How to prepare for a backup
How to track backup
Open Files Backup
TSA600.NLM supports backup of open files on Novell Storage Services

(NSS) volumes if the CopyOnWrite feature is enabled.
To enable CopyOnWrite on a single NSS volume, do the following:
nss /FileCopyOnWrite=volume_name
2 Dismount and remount the volume.
2a To dismount the volume, enter
dismount volume_name
2b To remount the volume, enter
mount volume_name
To enable the feature on all NSS volumes, enter
nss /FileCopyOnWrite=all
Continue with the next sections to prepare for the backup session.

103-000134-001
August 29, 2001
Novell Confidential
Determining an Appropriate Backup Type

Each type of backup has a different effect on the backup and restore process.
When planning your backup schedule, consider all of the following variables
before determining which schedule is right for you.
Media usage and backup speed. This helps increase the speed of the restore.
Restoring after incremental backups. If you have performed full and
incremental backups and need to restore data, you must restore the last full
backup as well as all subsequent incremental backups.
Restoring after differential backups. If you have performed full and
differential backups and need to restore data after an unexpected loss, restore
only the last full and differential backup.
Backups and eDirectory

The best way to protect your eDirectory database is to use replicas.
Replication, however, is not sufficient protection for a single server network
or when all copies of the replicas are destroyed or corrupted. In these
instances, if the eDirectory data has been backed up regularly, the eDirectory
tree structure can be restored using SMS.
You can back up the entire tree or a selected section of the tree starting with a
particular container. You can back up the schema and schema extensions.
Trustee assignments are backed up as part of the file system.
You cannot back up partition information. If the eDirectory tree structure
becomes corrupted and you restore the eDirectory data, all data is restored to
one partition, [Root]. You need to repartition that portion of the tree.
It is important that you keep a written copy of the tree structure and the
partitions. You can use the DSMISC.LOG file that is backed up with the file
system as part of the server-specific information.
Managing “Distributed Database” on page 24, “Server Interdependence”
on page 24, “Object ID Numbers” on page 24, “Placeholder (Unknown)
Objects” on page 25, and “Schema Backup” on page 24
“Backup Software for eDirectory” on page 25
“Setting Rights to Back Up Portions of the eDirectory Tree” on page 26
“Frequency of Backup” on page 27
Overview 23

103-000134-001
August 29, 2001
Novell Confidential
Distributed Database
The network of servers that comprise an eDirectory tree structure continually

exchange updates and other time-sensitive information. The eDirectory
database exists as a set of files that are stored in the SYS: volume and are
hidden so they are not accidentally tampered with or deleted.
The eDirectory database files cannot be backed up, as was the case with
bindery files in NetWare 3.12 or earlier versions.
Server Interdependence
eDirectory is not server-centric, and neither are its backup and restore
processes. Backing up eDirectory, for example, backs up data that is spread
out over multiple servers. SMS Directory database backups gather all the
necessary eDirectory data.
To handle the necessary links and dependencies between objects, the backup
and restore system must be able to navigate the entire eDirectory tree
structure.
Object ID Numbers
In NetWare, a random ID number is assigned when an object is created.

NetWare uses object ID numbers to keep track of information such as users'
trustee rights to directories and files in the file system. These object ID
numbers are stored in the directory entry table (DET) of each file and directory
and are server-centric.
When NetWare is backed up, SMS-compatible products store the objects' fully
distinguished names on the backup media, not the objects' ID numbers. If an
object with the same distinguished name as on the backup media already exists
in the eDirectory tree structure, its object ID is not overwritten during a
restore. If an object with the same name does not already exist in the
eDirectory tree structure, it is assigned a new object ID when it is restored.
This occurs on every server where the object is used.
Schema Backup
The schema is backed up automatically with a full eDirectory backup. You can
also choose to back up the schema separately using a custom eDirectory
backup.

103-000134-001
August 29, 2001
Novell Confidential
Placeholder (Unknown) Objects
Whenever insufficient information is known about an object, such as when

one of its mandatory attributes is missing, eDirectory creates as a placeholder
an Unknown object.
During a restore session of the eDirectory database information, Unknown
objects are created when restoring an object that has an access control list
(ACL) or any other attribute that refers to other objects that do not currently
exist in the eDirectory tree structure.
This condition is common in a restore, because only one object can be restored
at a time. When this condition arises, an Unknown object is created until the
real object is restored.
For example, User object User1 has been given property and object rights to
User object User2. If User1 and User2 are deleted and only User2 is restored,
an object named User1 will be created but it will have a base class of
Unknown. This occurs because the access control list of User2 lists User1,
which was not restored. The Unknown object is used as a placeholder in the
tree. If User1 is later restored, it will replace the Unknown object.
If the restore session does not include the object for which the placeholder was
created, the object remains in the eDirectory tree structure as type Unknown.
Expect to see Unknown objects after a restore session if all network resources
such as servers, volumes, and users are not in place before the restore session
starts.
Objects that remain unknown after a restoration is completed are objects for
which eDirectory could not resolve the dependencies.
In this case, you can do one of two things:
1. Delete the Unknown objects and re-create the original object.
2. Perform a selective restore to overwrite the Unknown objects.
Backup Software for eDirectory
In order to back up the eDirectory database, the TSANDS.NLM software must

be loaded on one server in the eDirectory tree structure—preferably the server
containing a replica of the largest partition.
For large or complex networks, you can improve performance by loading the
TSANDS.NLM software for a particular partition. This minimizes network
Overview 25

103-000134-001
August 29, 2001
Novell Confidential
traffic during the backup process and improves performance when the backup
program performs name resolution across the eDirectory tree structure.
The version of TSANDS.NLM that ships with NetWare allows selective
backup and restoration of an eDirectory tree structure.
HINT: Not all third-party backup applications support this selective backup and
restoration. Check with the application vendor for details on product features.
In SBCON, you can begin the backup of the eDirectory database from any
server in the eDirectory tree structure. The backup process continues from that
point downward to the end of that portion of the tree. If the selected container
is [Root], the entire eDirectory tree structure is processed.
This allows you to back up the entire eDirectory tree structure or subsets such
as a single branch, a single container, or even a single leaf object. Also, a scan
option allows backup of only those objects for which the backup user has the
Supervisor right.
When you back up eDirectory, we recommend that you back up the eDirectory
tree structure in one session whenever possible. Although partial eDirectory
backups and restores are possible, numerous precautions and additional issues
must be noted. See “Partial eDirectory Restores” on page 79 for more
information.
Setting Rights to Back Up Portions of the eDirectory Tree
The network administrator can assign backup administrators with limited

rights to the eDirectory tree structure.
For example, suppose in your company you have three Organizational Units
that need to be backed up (East, West, Mid). You could create three User
objects—BackAdmin1, BackAdmin2, and BackAdmin3—and give them
rights to the Organizational Unit that they are responsible to back up.
You then create a TSANDS.CFG file that lists the fully distinguished name of
the contexts where the backup administrators' rights begin. It would look
.OU=East.O=Acme
.OU=West.O=Acme
.OU=Mid.O=Acme
Backup administrators have rights to back up the eDirectory tree structure

beginning only at the context listed, and the rights continue until the tree stops
or the rights are filtered out. Backup administrators should use a custom

103-000134-001
August 29, 2001
Novell Confidential
eDirectory backup to back up the portions of the tree for which they have
rights.
The network administrator assigns the Supervisor right to the backup
administrators for the section of the eDirectory tree structure that they are
responsible to back up. The network administrator then needs to create a
TSANDS.CFG file that lists the fully distinguished names of the containers
where each of the backup administrators' rights begin. The TSANDS.CFG file
should be saved in the SYS:SYSTEM\TSA directory of the server.
Frequency of Backup
In general, the eDirectory database should be backed up on a weekly basis.

The frequency of this backup depends on how often changes and updates are
made to the eDirectory tree structure. For a tree that changes often, you might
want to perform an eDirectory backup every time you do a full backup of all
servers on the network.
IMPORTANT: Always back up eDirectory prior to major tree modifications.
To get a full backup, the entire eDirectory tree structure needs to be

functioning, meaning that all partitions are synchronizing normally. An
eDirectory tree cannot be backed up entirely if any replicas of any partition are
offline.
Backups and the File System

Back up your volumes so that in the case of hardware failure, natural
catastrophe, or accidental change or deletion of files, you can restore the file
system to a previous state and not lose the data.
To back up file system data, an appropriate SMS TSA must be loaded on each
server for which a file system backup is to be created (see “Loading the Target
Service Agents” on page 45). To back up file system information, make sure
your backup application can handle the NetWare file system name spaces,
extended attributes, trustee rights, compression, etc.
Once the device drivers for your backup hardware and the SMS TSA software
is loaded, you can run the backup program of your choice (see “Loading
SBCON” on page 46).
Overview 27

103-000134-001
August 29, 2001
Novell Confidential
Trustee Assignments
Trustee assignments are stored as part of the file system as an ID. They are
backed up by default when the file system is backed up with the SMS TSA
software. If a User object is deleted and then re-created or restored, its object
ID changes. This is why the SMS TSA module uses fully distinguished names
for objects to back up the trustee rights from the file system. If a User object
is deleted and re-created with a new ID, the user's trustee assignments in the
file system can be restored.
As long as an object with the same name on the backup media exists in the
eDirectory tree structure when the file system is restored, the TSA can interact
with eDirectory to rebuild the directory entry table (DET) to reflect new object
ID numbers.
For additional information about object ID and trustee issues, see “Restoring
eDirectory” on page 69.
Server-Specific Information
Server-specific information such as the replica information, ID information,

name spaces loaded, and system configuration is stored on the volume SYS:.
This information is backed up as part of the file system as a single resource.
This resource includes the following five files:
SERVDATA.NDS contains server-specific eDirectory data.
DSMISC.LOG contains a replica list and replica types on the server at
backup.
STARTUP.NCF contains a disk driver, name spaces, and SET
parameters.
AUTOEXEC.NCF contains load modules and the NetWare operating
system configuration.
VOL$INFO.TXT contains volumes on the server, name spaces loaded,
compression, and migration information.
You can also choose to back up this information individually. The information
is not restored unless you specifically choose to restore it. It does not need to
be restored unless you have lost the SYS: volume. In that case, you must
replace the hardware and restore this information. For more information, see
“Restoring the Entire eDirectory Tree Structure” on page 72.

103-000134-001
August 29, 2001
Novell Confidential
Backups and Clusters

Novell Cluster ServicesTM allows you to configure up to 32 NetWare servers
into high-availability cluster, where resources can be dynamically switched or
moved to any server in the cluster. Consolidation of applications and
operations on a cluster has benefits such as lower costs, scalability, and
increased availability. See the Novell Cluster Services documentation (http://
www.novell.com/documentation) for more information.
For a cluster to work as a high-availability system, the file system, the
applications, and services that run on the cluster should be cluster-
enabled.SBCON supports backup and restore of cluster-enabled pools. In
addition, the backup session can be automatically recovered in case of a
failover or failback condition.
NOTE: Backup and restore of cluster-enabled pools is not supported in NetWare
versions earlier than NetWare 6.
SBCON supports automatic recovery of backup sessions if failover or failback

occurs. The backup engine reconnects to the Target Service Agent and
resumes the backup from where it had terminated. Various cluster options like
Enable Auto-Recovery and Retry Interval are provided by SBCON. You can
use the default values or reset the values while submitting the backup job. The
engine begins the reconnection attempts after waiting for a configurable time,
and then retries at regular intervals until the connection is re-established or the
number of retries has expired.
After the connection is re-established, the internal structures of the TSA are
built and the recovered session is continued from where it had terminated.
User intervention is not required during the recovery period. You can view the
status in the Session Report screen.
Consider the following before preparing for backup and restore of cluster-
enabled pools:
Use TSA600.NLM to backup or restore cluster-enabled pools. (See
“Target Service Agents (TSAs)” on page 30 for details.)
If SBCON is loaded on a cluster node and a backup session for a cluster-
enabled pool is submitted, the session cannot be recovered if a failover or
failback condition occurs on the host server.
SBCON can backup and restore only one cluster-enabled pool per
session. This is because the engine is connected to the cluster pool instead
of the server.
Overview 29

103-000134-001
August 29, 2001
Novell Confidential
If a cluster server is chosen as the target, only noncluster volumes will be

backed up. You have to back up each pool individually.
You might abort an ongoing backup job with the intention of resubmitting
the same job later. In such situations, the job will not restart from where
it was terminated; it will restart from the beginning.
For more information, see “Backing Up Cluster-enabled Pools from the
Target Service Agents (TSAs)

In SMS, a target is any machine on the network that requires backup.
Examples of targets include SQL database engines, eDirectory databases,
workstations, and NetWare servers.
Through specific TSAs, SBCON allows you to back up the information that
exists on the following targets. These TSAs are listed in general as follows:
Table 1 Target Services and Their Corresponding Target Service Agents
Target Service Corresponding Target Service

Agent
NetWare 6 TSA600
Windows 95 and 98 workstation W95TSA
Windows 2000 and Windows NT Windows NT TSA

workstation
MAC workstation MACTSA
GroupWise® data GWTSA
OS/2 machine OS/2 TSA
A Target Service Agent (TSA) is a software module that understands how to

scan, read, and write the target data. The primary functions of an SMS TSA
are to prepare the target data for backup or restoration, and to communicate
with the storage management engine (SME). For example, an SMS TSA for a
NetWare server understands name spaces, file and directory attributes,
security privileges, etc., for the data on that server.

103-000134-001
August 29, 2001
Novell Confidential
The TSA packages data from the target and presents it to the SME in a generic
format. This allows one SME to interact with many types of TSAs.
NetWare 6 provides TSA600.NLM, with the following features:
Supports backup and restore of traditional NetWare file system and NSS
file system
Supports backup and restore of cluster-enabled pools (see “Backups and
Clusters” on page 29)
Recovers the backup session in failover and failback conditions
Provides the caching feature for optimizing backup performance (see
“Customizing Backup” on page 53.) The TSA will scan the data sets prior
to the engine request and commit the data set information to the cache.
When the request comes in, the data is read from the cache instead of from
the disk
NOTE: To use this feature, ensure that your backup engine supports the scan-
ahead option. If the option is enabled without appropriate changes to the engine,
unexpected results may occur. Also note that performance might vary from engine
to engine.
Restore Services
Restore services provides information on how SMS restores data from
eDirectory, volume SYS: and other volumes, single servers, multiple servers,
and the eDirectory tree structure.
Use SBCON to retrieve and reinstate data you have backed up to storage
media. You restore data if it has been lost or corrupted since a backup was
made.
A restore session restores data from a backup. The restore session produces
the requested data, which is retrieved from the storage media and restored to
the location you specify. If an error occurs during the restore session, an error
message is appended to the error file on the host server.
“How SMS Restores Data” on page 32
“Restore Options” on page 34
“Restoring eDirectory and the File System” on page 35
“Restoring Cluster-enabled Pools” on page 37
Overview 31

103-000134-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
How SMS Restores Data

During a restore session, SBCON reads the backup storage media, and the
Target Service Agent (TSA) compares the media data set to the existing hard
disk data set. The Target Service Agent evaluates each data set according to
the following criteria:
Is this data set a subset of what is being restored?
Is this data set found on the hard disk?
Which parts of the data set are subject to restoring?
Is this data set a parent or a child, and is the Overwrite parameter set to
Yes or No?
If the parameters for a child are set to Overwrite Only if Newer, does the
backup copy have a more recent date than the existing copy?

103-000134-001
August 29, 2001
Novell Confidential
BEGIN END
Go to backup session
on storage media. no
Is
yes there
Read data set. another data set
to read?
Overwrite
Is the data set?
data set to
be yes
renamed
yes no only if newer
no
ignore Open mode
Rename the dataset option
Is
data set restore
a subset of what
you´re
restoring? Compare date of
no yes data set on media
to date of
data set on disk.
ignore
Is Is
data set date of
on the data set on media
hard disk? the newer
date?
no yes no yes
Open mode
option Open mode
ignore option
restore
Is restore
data set
a parent or
a child?
parent child
Consult Consult
"Overwrite" "Overwrite"
parameters for parameters for
parent child
Overview 33

103-000134-001
August 29, 2001
Novell Confidential
Restore Options
For a custom restore session, you can specify exactly which data to restore.
Several options work together to allow you maximum flexibility in your
restore session. These options allow you to do the following:
Choose subsets of data to restore
Open mode options
Overwrite an existing parent (such as a container) or child (such as an
object)
Subsets of Data to Restore
You can choose specific subsets of a backup session to include in or exclude

from the restore session by selecting major resources (such as volumes,
server-specific info, or containers) or minor resources (such as directories,
paths, files, or objects).
For more information about including and excluding, see “Customizing Your
Backup” on page 16.
Open Mode Options
Open mode options allows you to customize data for restore. File system data
can either be included or excluded for the session. The speed of the restore
depends on the options you set.
Overwriting Existing Parents or Children
Be careful when you perform a selective restore and choose whether to

overwrite existing parents or children, especially eDirectory objects. Objects
such as groups and users have references to other objects in the eDirectory tree
structure that will be affected by a selective restore.
For example, suppose a part of the eDirectory tree structure gets corrupted and
several users are deleted from the tree. There is a group that contains those
users, but once the users are gone, the group purges the membership list to
remove those users; the group, however, continues to exist in the eDirectory
tree structure.
If you perform a selective restore and choose not to overwrite existing objects,
the group membership list remains empty even if you restore the users. You
need to either add the users manually to the group membership list or restore
the original group.

103-000134-001
August 29, 2001
Novell Confidential
Restoring eDirectory and the File System

The only way to ensure that your eDirectory database can be fully restored is
through partition replication, with replicas of the entire database on multiple
servers.
On a single-server network, you need to rely more heavily on backing up the
data because you do not have replicas to restore information.
If part of the eDirectory tree structure, including partitions and replicas, exist
when the eDirectory database information is restored, those partitions and
replicas will be restored also, and you will not need to repartition the tree.
In case of corrupted data, follow these general steps:
1. Delete the corrupted eDirectory data.
2. Allow time for the deletion to propagate throughout the network. The
allotted time depends on the size of the data to be backed up, the size of
your network, the number of servers you have, and the number of
containers and users you have.
3. Restore the eDirectory data.
A replica containing the object does not have to be on the server. The
eDirectory database creates external reference when necessary.
NOTE: An external reference is a pointer to an eDirectory object not found locally
on the server; it is used to authenticate and reference objects that are not local to
the server.
There are specific recovery procedures for the following scenarios:

“Loss of a Volume Other Than SYS:” on page 35
“Loss of the SYS: Volume or an Entire Server” on page 35
“Loss of the Entire eDirectory Tree” on page 37
Loss of a Volume Other Than SYS:
Loss of a volume other than SYS: does not affect eDirectory. The only
requirement is to restore the file system data and trustee rights.
Loss of the SYS: Volume or an Entire Server
A hard disk failure involving the SYS: volume affects the entire server and
halts all NetWare operating system activities. Because the eDirectory files are
Overview 35

103-000134-001
August 29, 2001
Novell Confidential
stored on volume SYS:, losing SYS: is equivalent to removing NetWare and

eDirectory from the file server. You must reinstall NetWare and eDirectory
before you restore your data.
The procedures for this scenario are divided into two cases:
Loss of the only server in a single-server network.
Loss of a single server in a multiple-server network.
In a single-server network, server failure brings all network operations to a

halt. The same situation exists if the failure affects only the hard disks
containing the SYS: volume.
eDirectory information from a replica.
2. Reinstall NetWare.
3. Restore eDirectory from an SMS backup. (See “Restoring Data” on page
62.)
4. Restore the file system. (See “Restoring Data” on page 62.)
In a multiple-server environment, it is possible for one server to go down and

for the rest of the servers in its replica list to remain intact. The same situation
exists if the hard disks containing volume SYS: on one server gets damaged,
causing the failure of the entire server.
2. Restore SERVDATA.NDS (the server-specific eDirectory information)
for the failed server to another server on the network. (See “Restoring
Data” on page 62.)
3. Reinstall NetWare, including restoring the SERVDATA.NDS file
(located in SYS:) to the original server.
4. Restore eDirectory. (See “Restoring Data” on page 62.)

103-000134-001
August 29, 2001
Novell Confidential
5. Restore the file system. (See “Restoring Data” on page 62 and “Custom
File System Restore” on page 74.)
6. Restore any replicas that were removed from the server.
Loss of the Entire eDirectory Tree
If all servers on a network are destroyed because of a disaster, you must

perform a complete restore of NetWare, eDirectory, and file system data.
IMPORTANT: We recommend that you document your eDirectory tree structure;
the location of Server objects, partitions, and replicas; and record bindery context
settings and other relevant information.
Use the following general steps to restore the eDirectory tree structure:
2. Reinstall NetWare on the first server.
3. Install NetWare on remaining servers to create a skeleton of the tree.
4. Restore eDirectory. (See “Restoring eDirectory” on page 69.)
5. Restore the file system to all servers. (See “Custom File System Restore”
on page 74.)
6. Re-establish partition boundaries and distribute replicas.

Restore of cluster-enabled pools is similar to a normal restore session (see
“Restoring Data” on page 62.)
supported.
Session Files
Whenever you back up or restore files/directories, a log and corresponding
error files are created for that particular session on the server on which you are
executing the job. The .LOG file is the session file for that particular job.
The need to create a session file arises when you are restoring the data on a
server other than the one you backed up from. The server should possess the
session ID of all the jobs that are present on the tape so that the SME can
restore it. These session IDs are created from the .LOG files. See “Creating
Session Files” on page 98.
Overview 37

103-000134-001
August 29, 2001
Novell Confidential
Log and Error Files

The files of the backup session are stored in a default directory (such as
SYS:SYSTEM\TSA\LOG). If you prefer, you can create your own directory
for the log and error files as long as it resides on the host server.
The files of the restore session are stored in the directory
(SYS:SYSTEM\TSA\RESTORE). You cannot modify the location for the
files.
The files can be accessed through the SBCON Main Menu or from a Windows
95, 98, 2000 or Windows NT workstation using NWBACK32.
The error file is labeled with the same description that you give the restore
session (such as Friday's Full Backup) and is accessed through the Log/Error
File Administration option of the SBCON Main menu.
HINT: You might want to create individual log directories for the different types of
backup or restore session targets or different organizational units. For example,
you could create one directory for workstation backups and another for server
backups.
SBCON keeps a list of all the log and error files. These lists show
The description you enter for the session.
The date and time the session was begun or, in the case of a delayed
backup session, the time the session was scheduled.
The name of the target the data was backed up from.
Log File
The log file is created on the host server the first time a particular set of data
is backed up. This file contains the following:
The area of the file system structure that was backed up or restored
(volume name, directory name, etc.).
The names of files that were backed up or restored.
The numerical location of the data on the storage media.

103-000134-001
August 29, 2001
Novell Confidential
Error File
The error file is created on the host server the first time a particular set of data
is backed up. It contains a list of any errors that occurred during a backup or
restore session.
This file contains the following:
The area of the file system structure that was backed up or restored.
The total number of parents and children that were backed up or restored.
The names of files that were not backed up or restored, along with any
error messages or information.
Skipped data sets (any file that is open when a session begins, is not
backed up or restored, and is listed as a skipped data set).
Overview 39

103-000134-001
August 29, 2001
Novell Confidential

103-000134-001
August 29, 2001
Novell Confidential
2 Setting Up
In addition to being able to back up data from a server with SBCON, you can
use a Windows 95, 98, 2000 or Windows NT workstation to perform your
backups using the graphical interface.
How to customize the NetWare server as the backup server. See
“Customizing the NetWare Server as the Backup Server” on page 43.
How to load the backup software. See “Loading Controller and Storage
Device Drivers on the Server” on page 44, “Loading the Target Service
Agents” on page 45, and “Loading SBCON” on page 46.
How to unload the backup software. See “Unloading SBCON” on page
47.
How to back up your data. See “Backing Up from the Server” on page 50,
“Customizing Backup” on page 53, or “Backing Up from a Workstation”
on page 55.
How to restore your data. See “Customizing Restore” on page 66, or
“Restoring eDirectory” on page 69, and “Restoring a Volume Other Than
SYS:” on page 69.
Setting Up 41

103-000134-001
August 29, 2001
Novell Confidential
SBCON Guidelines
Before you set up and begin backups, follow these guidelines to make backups
easier and to avoid problems later.
Log in. You will have limited success backing up and restoring if you log
in without the Supervisor right.
For security reasons, many SBCON options are limited to the network
administrator.
Reserve disk space for temporary files. Make sure you have disk space
available (1 to 2 MB) on the target server's volume SYS: to accommodate
log and error files.
SBCON creates temporary files on the target server during backup. If you
have linked UNIX* files or files with extended attributes, the temporary
files might be larger than 1 MB.
Do not mount or dismount volumes during a backup or restore
session. The data might be corrupted or an association might occur at the
host server.
Use the correct name space and name space formats. If you do not use
the correct name space and name space formats when entering paths and
file names, files can't be restored.
Name spaces: DOS, FTAM, Macintosh, NFS, OS/2
Name space formats:
For Macintosh, use Volume::directory:directory:filename
For all others, use Volume:/directory/directory/filename
Exit SBCON before unloading drivers. If you unload a manually
loaded driver (such as aha1740.dsk or aspitran.dsk) before exiting
SBCON, you might cause the host server to abend.
Use original case for non-DOS names. Non-DOS pathnames and
filenames are case-sensitive. NetWare recognizes DOS pathnames and
filenames in uppercase only. If you're not sure of the original case, refer
to your log file.

103-000134-001
August 29, 2001
Novell Confidential
Before Loading the Backup Software

Before you load the backup software on the server or on a Windows machine,
you need to configure a server to execute your backups.
The tree to which the server belongs which must be made the current tree
The full eDirectoryTM context of the server
Before Running the Backup Software

Before backing up software, in general you must:
Load the controller and storage device drivers on the server. See “Loading
Controller and Storage Device Drivers on the Server” on page 44.
Load the TSAs on a server, workstations, or both. See “Loading the
Target Service Agents” on page 45.
Load the backup engine on the server or the workstation. See “Loading
SBCON” on page 46 or “Loading NWBACK32” on page 47.
Customizing the NetWare Server as the Backup Server

SMS allows you to configure a NetWare®server as a backup server while
installing NetWare 6. It also allows you to create NDS® Backup Queue and
SMDR Group objects.
To customize the settings while running the Install program, do the following:
1 In the Final List of Products to be Installed dialog, click Customize.
2 Select Storage Management Services from the list of NetWare Services >
click Configure.
The SMS Setup dialog box with default values for NDS Backup Queue
and SMDR Group objects displays.
3 Enter the name of the eDirectory tree where the SMS objects will be
created.
4 Enter the name of the backup server and the context.
5 Accept the default for the SMDR Group context where the SMDR Group
object is to be created, or enter a new context.
Setting Up 43

103-000134-001
August 29, 2001
Novell Confidential
The SMDR Group object is where all NetWare and workstation SMDRs
are registered for name resolution purposes.
6 Accept the default name of the Backup Queue where all backup jobs will
be submitted, or enter a new name and context.
Loading Controller and Storage Device Drivers on the Server

Controller and device drivers control the mechanical operation, such as read,
write, forward, back, and stop of various storage devices and media.
Ensure that you have installed the storage device controller and storage device
according to the hardware manufacturer's instructions.
When NetWare 6 is installed, the device drivers are placed in the
startup.ncffile automatically.
Whenever you want to add new drivers, you can either place them in
STARTUP.NCF or use the following steps:
1 At the server console prompt, enter:
LOAD PATH CONTROLLER_DEVICE_DRIVER_NAME(S)
LOAD PATH STORAGE_DEVICE_DRIVER_NAME(S)
For example, to load the drivers from drive C:, enter:
LOAD SCSI154X.HAM PORT=24
LOAD SCSIHD.CAM
LOAD SCSI2TP.CDM
2 In NWCONFIG, select Driver Options > Configure Disk and Storage
Device Drivers > Discover and Load Additional Drivers [or] Select an
Additional Driver.
3 (Conditional) If you loaded HAM drivers, or if you added an external
device, enter the following at the server console prompt:
LIST DEVICES
4 To register the storage device with the system, enter the following at the
server console prompt:
SCAN FOR NEW DEVICES
NOTE: If you load the drivers from the STARTUP.NCF file, you do not need to use
the SCAN FOR NEW DEVICES command.

103-000134-001
August 29, 2001
Novell Confidential
Loading the Target Service Agents

Target Service Agents are loaded on servers and workstations. If you want to
back up a server, load the TSA on the server. Ensure that the controllers and
device drivers are loaded.
Table 2 Server Console Commands for Backup and Restore of Various Target Services
To Back Up or Restore At This Console Enter This Command
NetWare 6 Host server LOAD TSA600
eDirectory database NetWare 4 or later server (preferably a LOAD TSANDS

server with a copy of the largest
partition)
DOS partition on NetWare Host server LOAD TSADOSP
OS/2*, UNIX, and Host server LOAD TSAPROXY

Macintosh* workstations
Target workstation See the documentation that
came with the OS/2, UNIX, and
Macintosh workstation software.
Windows 95 and 98 Target workstation W95TSA.EXE (installed with the

Novell ClientTM). See the online
help for more information.
Windows 2000 and NT Target workstation TSAPREFS.EXE,

TSAMAIN.EXE (installed with
the Novell Client). See the
online help for more information.
Follow these general steps when backing up or loading the software:

Backing up the eDirectory database. Load TSANDS.NLM once on the
server with a replica of the largest partition.
Backing up the file system. Load TSA600.NLM for its server and on
every server to be backed up.
Backing up cluster-enabled pools. Load TSA600.NLM on the target
server and the backup servers.
Backing up workstations. Load the appropriate TSA on the workstation.
For more information about backing up workstations such as UNIX,
OS/2, or Macintosh, see the documentation included with the client
software.
Setting Up 45

103-000134-001
August 29, 2001
Novell Confidential
Loading the files when the server starts. Place the commands in the
server's STARTUP.NCF, and in the workstation's NET.CFG file,
AUTOEXEC.BAT file (for DOS), or Startup folder (for OS/2).
Loading SBCON
You can load SBCON from the server command line.
If you use NWBACK32 on a client, you do not need to load SBCON.
SMSSTART
TSA600.NLM, TSAPROXY.NLM, and SMDR.NLM modules are
loaded with default configuration values.
SBSC.NLM, QMAN.NLM, SMSDI.NLM and TSANDS.NLM must be
manually loaded on need basis; SBSC.NLM, QMAN.NLM,
SMSDI.NLM when storage devices are used, and TSANDS.NLM for
backup and restore of eDirectory.
2 Load SBCON by entering
LOAD SBCON
Prerequisites
Controller and storage device drivers are loaded on the server.
page 44.
SMDR.NLM, TSA600.NLM, SMSDI.NLM, QMAN.NLM, SME.NLM,
SBSC.NLM, and SBCON.NLM are installed on the server.
They should have been installed automatically during NetWare 6
installation.
Each NLMTM listed above is in the search path.
TSA is loaded on each machine to be backed up.

103-000134-001
August 29, 2001
Novell Confidential
Unloading SBCON
To ensure maximum memory utilization and throughput, you should unload
backup software and other Storage Management ServicesTM (SMSTM) modules
when you are finished performing your backup. That way, more memory will
become available on your host or target.
1 Exit SBCON from the Main Menu.
Press Esc until you reach the SBCON Main Menu; then press Esc again
and confirm the prompt.
2 Unload all the modules by entering the following command at the server
console:
SMSSTOP
WARNING: The system displays a warning message on the console if you
attempt to unload a module being used by another NLM. If you continue, your
server might abend.
Loading NWBACK32
1 Log in to the desired eDirectoryTM tree structure.
If this is the first time you have used NWBACK32, go to Step 2 on page
47 Otherwise, go to Step 3 on page 48.
2 (Conditional) If this is the first time you have used NWBACK32, do the
following:
2a Log in to the server running the backup engine.
2b Enter your user name and password.
2c Configure eDirectory information.
Tree Name. Enter the name of the eDirectory tree you will be using
to backup and restore data.
SMDR Context. Enter the context you created during the server
configuration.
SMDR Group Context. Enter the context you created during the
server configuration.
Check the SAP (IPX) box if you want to use IPX. Uncheck the box
for IP.
Setting Up 47

103-000134-001
August 29, 2001
Novell Confidential
3 Run NWBACK32.EXE from SYS:PUBLIC.

The following screen appears.
You are now ready to back up data. Go to “Backing Up Data” on page 49 to

continue.
Exiting NWBACK32
1 Exit NWBACK32 from the Quick Access window.
2 Unload all the modules loaded on the server by entering the following
command at the server console:
SMSSTOP

103-000134-001
August 29, 2001
Novell Confidential
Backing Up Data
You can use SBCON to create a tape backup of the eDirectory database or of
the file system on your servers or workstations. The prerequisites listed here
use SBCON as the Storage Management Engine (SME).
Prerequisites
Understand the process for loading SBCON.
See “Loading SBCON” on page 46
Ensure that you know the workstation password if you are backing up a
workstation. For DOS workstations, make sure the Target Service Agent
was loaded with the /Password parameter instead of the /Trust parameter,
as explained in Table 2 on page 45.
Set the backup server and its tree as the primary resource using the Novell
Client. This lets you view the tape devices in NWBACK32.
If you are backing up the eDirectory database, ensure that eDirectory
synchronization and communication are functioning properly.
Before starting the backup, make sure eDirectory is fully functional. This
means that all partitions are synchronizing correctly.
If your backup host and targets communicate across a WAN, check the
status of the WAN links to verify that they are operating properly.
If you are backing up the file system, make sure you have Read and File
Scan rights to the directories/files you are backing up.
Ensure that you know what type of backup you want to perform: full,
differential, or incremental.
For more information, see “Backup Types” on page 16.
If you use the Advanced Options, ensure that you know the file system
structure of the target you are backing up. You will be prompted for the
paths to the volumes and directories that you want to include in or exclude
from your backup.
Ensure that you have loaded the drivers for your specific device and
controller board.
Ensure that the required files for your target are loaded.
Ensure that you have loaded the SBCON files for your specific target.
Setting Up 49

103-000134-001
August 29, 2001
Novell Confidential
Ensure that media is inserted into your storage device.

You can back up your data two ways: from a server using SBCON or from a
Windows workstation using NWBACK32.
Backing Up from the Server

When you back up your data from one server to a target server or workstation,
you should use the command line.
3 Click Target Service to select the NetWare server running your backup or
restore Target Service Agent.
To be able to select the server, you need to load the correct Target Service
causes:

103-000134-001
August 29, 2001
Novell Confidential

The following table describes the targets that can be selected for backup.
If you are Backing Up Then Select
Cluster-enabled pools The cluster-enabled pool you want to back up
The file system The server whose file system you want to back
up
The eDirectory database The server with TSANDS loaded
A workstation The workstation's host server, and then the

workstation

information you want to back up, and then choose to back up
the file system.
target.
SBON will take a few moments to attach to that target.
differential backup, select Advanced Options.
Setting Up 51

103-000134-001
August 29, 2001
Novell Confidential
SYS:HOME\REPORTS\JULY.02) which you will need to know if a restore session
is necessary.

WARNING: If you are appending a backup session to a media set (two or more
tapes), use the tape with maximum space.

103-000134-001
August 29, 2001
Novell Confidential
14 To return to the Main Menu, press Esc until you back out to the Main
Menu.
Customizing Backup
You can customize your backup using the Advanced Backup Options form
when you use SBCON at the server to launch your backup program. This form
allows you to specify exactly what you want to back up data. It could be the
server, the eDirectory database, workstation, directory, or file. You can even
specify subsets of groups. The Advanced Backup Options form activates only
after you have selected at least one of the resources (directory/file). Select
Advanced Options from the Backup Options form to perform advanced
backup sessions. See “Backing Up from the Server” on page 50.
HINT: SBCON displays prompts and messages at the bottom of the screen. For
example, you can press F1 for help at any time.
If you want to perform a series of backups and restores and need to change your
target, see “Changing Your Target” on page 61.
A custom backup allows you to specify exactly what you want to back up:
server, volume, the eDirectory database, workstation, directory, or file.
To customize a backup, do the following:
1 Select Backup Options > Advanced Options.
2 Select Backup Type.
By default, Storage Management Engine (SME) performs a full backup.
See “Backup Types” on page 16. Differential and incremental backups
are not interchangeable. See “Planning a Backup Schedule” on page 21.
IMPORTANT: If you choose to include migrated data, ensure that your backup
media capacity matches the jukebox media capacity.
Setting Up 53

103-000134-001
August 29, 2001
Novell Confidential
3 Select Subsets of What To Backup.

The default setting means that everything in the Subsets of What You
Want to Backup screen is backed up.
Include/Exclude TSA Resources—Includes or excludes resources such
as servers or volumes.
Include/Exclude Directories—Includes or excludes directories.
Include/Exclude Files—Includes or excludes files.
Include/Exclude path/files—Includes or excludes pathnames and files.
4 Select Scan Options.
The How to Scan What you are Backing Up screen appears.
If you do not want to accept the default (nothing will be excluded),
type Y (Yes) and press Enter.
Choose to exclude subdirectories, hidden files, system files, etc.
Enable the Scan-ahead option, if required.
6 Press Esc to Finish.
For information about how SBCON scans data, see “Scan Data Sets” on
page 19.
7 Select Execution Time.
The Edit Date and Time screen appears. You can choose the default date
and time shown for the backup to begin, or you can type a new date and
time. You can change the month/day/year and hour/minute/second fields.
The engine should initiate the rescheduled job.
To schedule the job to run another time, press Enter and go to Step 8 on
page 54. Otherwise, go to Step 7 on page 54.
8 (Optional) Select Scheduling.
Reschedule—Select Yes to reschedule.
Rerun Interval—Specify the duration in terms of elapsed time and days,
months or years to rerun an already scheduled job.
The Edit Date and Time screen appears. You can specify the number of
days, months, or years after which an already scheduled job will run.

103-000134-001
August 29, 2001
Novell Confidential
The day, month, or year you enter should not be the actual date when you
want the job to run; rather, it is the duration after which the job gets
executed.
Example
If you have scheduled a job to run on 03/20/1999 and want to rerun the
job after two months and at the same time, then the Rerun Interval field
should be the following:
Year: 0, Month: 2, Day: 0
Hour: 0, Minute: 0, Second: 0
Rerun Count—Specify the number of times you want to rerun a job after
the current execution.
Keep Finished jobs—Select Yes to keep the job in the queue after
execution so that it can be rescheduled when you need it.
NOTE: If you are performing a series of backups or restores and need to change
your target, follow the procedures in “Changing Your Target” on page 61.
Backing Up from a Workstation

When you load the backup software from a workstation to the target server or
workstation, you are using the graphical interface.
To back up from a Windows workstation, do the following:
1 Run NWBACK32.
3 Select what you want to back up.
3a Double-click What to Backup.
3b Click eDirectory, NetWare Servers, or Workstations.
3c Double-click a server to back up.
3d Enter the username and password to authenticate to the server.
A list of resources to back up appears, such as volumes and files.
3e Click the resources to back up.
3f Click OK to finish.
Setting Up 55

103-000134-001
August 29, 2001
Novell Confidential
4 Select where you want your backup data to go.

4a Double-click Where to Backup.
4b Change to the correct eDirectory tree structure and context by
clicking the Change to Context button on the toolbar.
4c Double-click Queues.
4d Select a Queue object from the list.
4e Right-click the server to open the drop down box.
4f Click Submit the Job.
This step allows you to submit the job to a queue on the chosen server
or on the chosen media type.
Queue. Double-click to expand the queue.
Server. Double-click to expand the queue, double-click to select a
server, and then right-click to submit the job.
Media. Double-click to expand the queue, double-click to select a
server, double-click to view a list of devices, double-click to view a
media list, and then right-click to submit the job.
Backing Up Cluster-enabled Pools from the Server

3 Click Target Service to select a cluster-enabled pool name.
To be able to select the target, you need to load the correct Target Service
causes:

103-000134-001
August 29, 2001
Novell Confidential
target.
SBCON will take a few moments to attach to that target.
differential backup, select Advanced Options. For more details on the
Advanced options, see “Customizing Backup” on page 53.
SYS:HOME\REPORTS\JULY.02), which you will need to know if a restore session
is necessary.

Setting Up 57

103-000134-001
August 29, 2001
Novell Confidential
11 Select Advanced Options and set the desired values for all the fields.
NOTE: If you set Enable Auto Recovery to NO in Cluster Options, the remaining
options become invalid.

WARNING: To append a backup session to a media set (two or more tapes), use
the tape with maximum space.
14 To return to the Main Menu, press Enter and then press Esc until you back
out to the Main Menu.

103-000134-001
August 29, 2001
Novell Confidential
Backing Up a Workstation
To back up the workstation (the target), a Target Service Agent (TSA) must
be loaded on the workstation. (See “Loading the Target Service Agents” on
page 45.)
You can select the directories to back up or back up the entire workstation.
Windows 95 and 98 Workstation
Make sure that the W95TSA is installed and configured. It is a part of the
Novell Client modules (checkbox for Target Service Agent).
NOTE: If W95TSA is installed and registered, a shield-like icon appears in the
system tray and indicates Novell TSA (Listening) message. You will also see an
SMS screen popup when you log in to NetWare.
1 At the target workstation, register with the W95TSA.

1a Double-click the shield-like icon that appears in the system tray.
The Novell Target Service Agent for Windows Properties box
appears.
1b Enter your user name and password for TSA.
1c Enter the server name that will be servicing this Windows client.
1d Select the disk drive you want to register.
1e (Recommended) Check Auto Register. This automatically registers
your workstation with the server after you restart.
1f Click OK.
1g Restart your workstation.
The TSA must be installed and registered with the host server, along with
the TSA username and password.
2 At the host server, load TSAPROXY.
3 Select the NetWare server running the target service agent.
4 Follow the procedure from Step 3 on page 50 to complete your backup.
Setting Up 59

103-000134-001
August 29, 2001
Novell Confidential
Windows 2000 and Windows NT Workstation
Make sure that the NT TSA is installed and configured. It is a part of the
Novell Client modules (checkbox for Novell Target Service Agent).
The Windows NT TSA has two parts:
TSA Service (TSAMAIN.EXE) is a service that waits for and acts when
there is a request from the backup engine.
TSAPrefs (TSAPREFS.EXE) allows an NT administrator to set
preferences and monitor the activities of the TSA Service.
1 Right-click Network Neighborhood and then click Properties > Novell
Target Service Agent > Properties.
2 Click Preferences and fill in the following fields:
Workstation: Enter the name of the workstation.
Preffered Server: Enter the name of the server on which you want to
connect. This server must have TSAProxy installed.
Protocol: Select SPX/IPX or TCP/IP.
Events to Log: Check the items you want to log: Connection,
Registration, Security, or Service.
Allow Backup User: This grants the backup user rights depending on the
group.
Auto Register: This automatically registers the Windows workstation
with the server after you restart.
3 Click Registration.
4 Check the fields in the Registration page and, if correct, click Register.
If information in any of the fields is incorrect, click Withdraw and return
to the Preferences page to change the information. Then repeat Steps 4
and 5.
5 Click Connections.
6 Check the fields in the Connections page and then click OK.
If you need to add or change information, click Apply.
You can also delete connections in this page under Current Connections
and then click Apply.

103-000134-001
August 29, 2001
Novell Confidential
Changing Your Target

Any time you are performing a series of backup or restore sessions, you might
need to change your target. This can be easily done from the SBCON Main
Menu either at the command line or from the Windows workstation using
NWBACK32.
If you do not specify a new target, SBCON automatically selects the target
used during the last session and continues without asking you to make a
selection.
Load the required TSA. (See “Loading the Target Service Agents” on
page 45.)
Changing a Target at a Server

1 Select Main Menu > Change Target to Back Up From or Restore To.
2 Select one server.
3 From the list of Target Service Agents, select a target.
If the target you select includes more than one TSA loaded, SBCON will
show you a list of their full names.
4 Enter the username and password for the target you just selected.
Changing a Target at a Workstation

1 Run NWBACK32.
You can use the toolbar to open this window if preferred.
3 Double-click What to Backup.
4 Double-click Workstations (or NetWare Servers).
5 Select the workstation (or server) to use as the target.
Setting Up 61

103-000134-001
August 29, 2001
Novell Confidential
Restoring Data
Use SBCON to restore information from tape backup. These procedures use
SBCON as the Storage Management Engine (SME).
Know the username and password for the target server or workstation to
which you want to restore data.
Know the session description that you want to restore. You can get this
information from your session log and error files. (See “Session Files” on
page 37.)
For an Advanced Options restore session, ensure that you know the file
system structure of the data you are restoring. You will be prompted for
specific paths and filenames while setting the restore options.
If you restore the server-specific information from the file system backup
of the failed server to a functioning server or location, you can use the
VOL$INFO.TXT file as a reference for this information.
If you want to restore data to a new location (different from where the
original data was located), you must specify the full path to both the
original data and the new location. If the new location does not exist,
SBCON will create a new file system structure.
You can get the original path from your backup logbook or from the
session log files if you noted the path at the time the backup was
performed.
Replace faulty hardware or correct the problems that caused data loss (if
applicable).
Ensure that media is inserted in your storage device.
You can restore data either from the server command line or from a Windows
Restoring Data from a Server

1 Load the drivers for your specific device and controller board.
page 44.
2 Load the appropriate Target Service Agents.

103-000134-001
August 29, 2001
Novell Confidential
3 Load SBCON.
5 Select Target Service and then the NetWare server running your backup
and restore Target Services Agent.
This is the name of the server or workstation on which you want to restore
your data. Before selecting it, you must load the correct TSA. See
“Loading the Target Service Agents” on page 45.
causes:
The proper TSA is not loaded on the target.
Network traffic is heavy. In these circumstances, it might take
SBCON a few moments to detect all the targets. Press Esc to return
to the Main Menu, and then press Enter again. Your target should
now be listed. From the Target Services list, select a target.
If the target you select has more than one TSA loaded, SBCON shows
you a list of their full names in the Backup/Restore Target Services on
This Server.
NOTE: When you are trying to connect to a different server, SBCON uses the
same username and password you gave the first time. It prompts only if it fails.
The following table lists the target services and their associated datasets.
Cluster-enabled pool The cluster-enabled pool that you backed up
File system The server whose file system you want to restore
eDirectory database The server with TSANDS loaded
Setting Up 63

103-000134-001
August 29, 2001
Novell Confidential
Workstation The workstation's host server and then the

workstation

information you want to restore and then the file system to
restore
6 When prompted for the target username, enter your username (and
context if required) as the network administrator for the target.
include the context of where the user object is located. For example,
instead of entering ADMIN as the username, enter a complete name such
as .CN=ADMIN.O=COMPANY_NAME or .ADMIN.COMPANY_NAME.
exists in an eDirectory container that is different from the context set on
the server running SBCON.
7 If a password is requested, enter the password for the target.
SBCON will take a few moments to attach to the target. Wait for the
confirmation box, and then press any key to continue.
8 Enter a descriptive name for the restore session in the Description field.
The descriptive name of the job will help you identify the session.
9 Select the device and media for restore by pressing Enter at the Device/
Media Name field and decide where you want to restore from.
If you enter *.* (DEVICE NAME.MEDIA NAME), the engine selects
the device and media that it encounters first.
indicating that the media cannot be identified. You should set the label
before selecting it for a backup job.
10 On the Select a Session screen, select the Session to Restore.
WARNING: TSA600.NLM backs up files in compressed or uncompressed format
as specified by the user. However, if you try to restore a compressed file to a

103-000134-001
August 29, 2001
Novell Confidential
volume without compression, the file is corrupted and no error message is

displayed.
11 Specify the path to the session log file of the session you want to restore.
Use one or more of the following methods:
Press Enter to accept the default; then go to Step 12 on page 65.
Press Insert to select from a list of directories, press Esc to return to
the previous window, and then go to Step 12 on page 65.
in a new directory or path, and then go to Step 12 on page 65.
Press Insert any time during this process to choose parts of the existing
path from a list.
NOTE: At the present, it takes the default. This will be implemented in the future
release.
12 When a list of sessions is displayed, select the session you want to restore.
If the media on which the data resides is not loaded on the device you
choose, you will be prompted to insert the correct media.
13 Select Advanced Options to make the selective restore.
The Advanced Restore Options screen appears. See “Customizing
Restore” on page 66. You can perform the advanced restore, specify the
execution time, reschedule the job, etc., using this form.
14 Complete the Advanced Restore Options form.
15 Press Esc and answer the prompt at the Submit Job screen to begin the
restore session.
16 Press Alt+Esc to view the activity log screen.
If the job execution starts and is not successfully completed, the error
messages appear on this screen. The activity log file ACTIVITY.LOG is
located at the server's SYS:\SYSTEM\TSA\LOG directory.
17 To view the Run Time Status of a job, select Job Administration >
Current Job List > job name.
18 When the restore session finishes, your screen display reads the
following:
The restore process was completed normally.
Setting Up 65

103-000134-001
August 29, 2001
Novell Confidential
reach the Main Menu. If you want to exit SBCON, answer the
confirmation prompt.
NOTE: To unload SBCON and applicable Target Service Agents, see “Unloading
SBCON” on page 47.
Customizing Restore
Using the Advanced Restore Options form at the server, you can perform a
custom restore of the database you need.
3 Select Rename Data Sets to restore data to a location different from the
backup location.
4 At the Restore Datasets to a Different Location screen, do the following:
4a Press Insert to select the namespace type.
4b Enter the source path (where the data originally was backed up
from).
4c Enter the destination path you want the data restored to, in the entry
box.
Both the source and destination paths must include the volume names (for
network server) or the hard disk drive letter (for example, C:\) for
workstations.
IMPORTANT: When you specify a particular portion of the file structure as the
source location, it does not necessarily mean that this will be the only data
restored. What is restored can be influenced by the include and exclude settings
on the Subsets of What You Want to Restore form. If you do not want to overwrite
any subdirectories that might exist in the area you have included, you must
specifically exclude them by their full path.
5 Select Subsets of What to Restore.

Use this screen to specify which parts of the file structure you want to
restore. Various data sets to be included or excluded are listed in this
form. You can include or exclude any or all items listed. For more
information about including and excluding items, see “Exclude and
Include Options” on page 17.

103-000134-001
August 29, 2001
Novell Confidential
The screen lists major and minor resources. Default indicates that none of
that type of subset has been specified.
6 To specify a subset, do the following:
6b Edit the Include or Exclude screens using Insert and Enter.
6c Press Esc to save changes.
6d To view a list of values associated with major TSA resources (for
example, server or volumes) select either the include or exclude line.
The Selection List Options form appears. Any value you previously
selected is shown on the form. If you did not select a value, the form
is blank.
6e To select a value for this major resource, press Insert and select the
value from the list that appears by pressing Enter.
7 Select Open Mode Options and select parts of the backed up data
structure to be restored.
The backed-up data set contains various types of data that are listed on the
screen. By default, all the types of data are included in the restore.
7a To exclude a particular type of data from the restore, select that line
and type Y.
7b When all the data items are selected correctly, press Esc.
8 Specify whether to overwrite the existing parent by typing Y (Yes) or N
(No).
For more information, see “Overwriting a Parent or Child” on page 20.
9 Specify whether to overwrite the existing child by typing Y (Yes) or N
(No).
10 Specify the execution time.
11 Select Scheduling to reschedule the job.
12 Press Esc as required and then select Yes to confirm the Submit Job?
prompt.
The job is submitted and is listed in the Current Job List menu.
Setting Up 67

103-000134-001
August 29, 2001
Novell Confidential
Restoring Data from a Workstation

When you restore data, you are copying your backed up data to a server or
workstation.
1 Run NWBACK32.
You can run the NWBACK32 program (NWBACK32.EXE) from
SYS:PUBLIC.
2 At the Quick Access window, click Restore.
3 Click What you Want to Restore.
3a Double-click What to Restore.
3b Select the context.
3c Double-click Queues and select the queue.
3d Double-click Servers and select a server.
3e Double-click Devices and select a device.
3f Double-click the device to view the media list.
3g Select a medium.
4 Click where you want the restored data to go.
4a Double-click Where to Restore.
4b Select eDirectory, NetWare Servers, or Workstations.
4c Click the server to which you want to restore your data.
4d Enter your username and password to authenticate to the server.
4e Click OK.
5 Submit the restore job by clicking Restore > Submit the Job on the
toolbar.
6 (Optional) Click Next to display more information about the restore.

103-000134-001
August 29, 2001
Novell Confidential
Restoring eDirectory
The procedures in the following sections are performed at the beginning of the
restore process.
“Restoring a Volume Other Than SYS:” on page 69
“Restoring Volume SYS: in a Single-Server Network” on page 69
“Restoring Volume SYS: in a Multiple-Server Network” on page 70
“Restoring the Entire eDirectory Tree Structure” on page 72
Restoring a Volume Other Than SYS:

WARNING: Do not delete the Volume object for the failed volume from the
eDirectory tree structure. The Volume object preserves any references that other
objects (such as Directory Map and Queue objects) might have to that volume. If
the Volume object is deleted and you have objects that depend on this volume, you
must re-establish the relationships through a selective eDirectory restore. See
“Custom eDirectory Restore” on page 73.
1 Bring down the server.
2 Correct the problem.
3 Bring the server back up and re-create the volume.
4 Perform an advanced file system restore.
See “Customizing Restore” on page 66 for the procedure.
Restoring Volume SYS: in a Single-Server Network
eDirectory information from a replica. After repairing or replacing the failed
hardware, you must restore the entire NetWare environment, including
eDirectory, from an SMS backup.
To restore a single SYS: volume, do the following.
1 Correct the problem that caused volume SYS: to fail.
2 Reinstall NetWare and eDirectory.
When NWCONFIG asks for the names for Organization objects
before in the eDirectory tree. Otherwise you will end up with new, empty
containers in the restored eDirectory tree structure.
Setting Up 69

103-000134-001
August 29, 2001
Novell Confidential
Make sure disk partitions are at least as large as they were before, and that
the volumes are defined as before.
3 Restore eDirectory using “Customizing Restore” on page 66.
Restoring Volume SYS: in a Multiple-Server Network
To restore SYS: volumes on several servers, do the following.

1 Restore the server-specific eDirectory information file
(SERVDATA.NDS) to another server on the network following the
custom (advanced) file system restore (see “Customizing Restore” on
page 66).
By default, the file is placed into the SYS:SYSTEM\server_name
directory on the server you have selected.
2 Use the DSMISC.LOG file (part of the information restored with the
server specific information) to see if the failed server had a master replica
of any partition.
3 If the failed server had a master replica of any partition, select the server
you want to hold the master replica and load DSREPAIR on that machine.
3a Select Available Options > Advanced Options Menu.
3b Select Replica and Partition Operations.
NOTE: Use the NDS Manager utility to perform regular partition operations.
3c Select the partition you want to edit.

3d To see the list of servers that have replicas of that partition, select
View Replica Ring.
3e Press Esc.
3f Select Designate This Server as the New Master Replica.
3g Repeat Steps 3a through 3f for each master replica that the failed
server contained.
4 (Conditional) If the failed server contained any replicas, remove them.
4a Select Available Options > Advanced Options > Replica and
Partition Operations.
4b Select the partition the server held replicas of.
4c Select View Replica Ring.
4d Select the name of the failed server.

103-000134-001
August 29, 2001
Novell Confidential
4e Select Remove This Server from the Replica Ring.

4f Enter the supervisor name and password.
4g Select Yes to continue.
5 Exit DSREPAIR.
6 Reinstall NetWare.
6a Begin the installation.
6b When prompted for DS install, select Create a New DS Tree and
complete the installation.
6c Load NWConfig and remove DS.
6d Install DS, when prompted for DS install and select Install into an
Existing Tree.
6e When prompted to choose a eDirectory tree structure, press F5.
This allows you to choose to restore the SERVDATA.NDS file to the
failed server.
6f To specify the path where the SERVDATA.NDS file exists, press F3
and enter the path.
HINT: If the information fits on a diskette, you can save the information on a
diskette instead of another server on the network.
6g Press Enter to accept the path.

6h Log in to the server that contains the SERVDATA.NDS file.
6i Log in to the eDirectory database.
6j If the START.NCF file of the failed server is different from the
default, you can edit the default file.
6k You now can choose from the following:
To continue the install and not copy the files from install, but use
the backup tapes to finish restoring the information, press Enter.
To go back to the previous screen, press Esc.
To copy the files from install and then restore the files from tape,
press F3.
7 Restore the file system using “Restoring Data” on page 62.
Setting Up 71

103-000134-001
August 29, 2001
Novell Confidential
Restoring the Entire eDirectory Tree Structure
To restore an entire network from a full backup in a multiple-server

environment, do the following:
1 Reinstall NetWare on the first server.
By default, this server will hold the master replica of the [Root] partition.
When NWCONFIG asks for the names of Organization objects
before in the eDirectory tree.
In NWCONFIG, select Directory Options > Directory backup and restore
options to obtain the information.
Otherwise you will end up with new empty containers in the restored
eDirectory tree.
When this installation is complete, you will have a working eDirectory
tree containing one NetWare server with a master [Root] partition.
2 Add name spaces as required.
3 Install the remaining servers to complete a skeleton of your network.
Before restoring a full eDirectory session, you should create a skeleton of
your network.
All servers and volumes should be up and running.
The eDirectory objects should exist in the eDirectory tree in the same
context as before. (NWCONFIG prompts you for the container in
which you want each server to be placed.)
Make sure all servers are communicating with one another.
Make sure time synchronization is working properly.
NOTE: If you can get some, but not all of the servers backed up, you can still
proceed with the restoration. However, you might see errors and experience
problems due to eDirectory objects having dependencies that cannot be resolved.
The User object (Admin or equivalent) used to create the backup session
must exist in the same container with the same password and eDirectory
rights as when the backup was performed.
Once this step is completed, you still have just one partition: [Root].
Because of the NWCONFIG program defaults, you now have two
replicas of that partition. These are stored on the second and third servers
you installed.
4 Restore eDirectory on one server using “Restoring Data” on page 62.

103-000134-001
August 29, 2001
Novell Confidential
eDirectory Restore Session Types

You can choose to restore eDirectory in one of the following ways:
“Single Server or an Entire Tree Restore” on page 73
“Custom eDirectory Restore” on page 73
“Custom File System Restore” on page 74
“Server-Specific Information Restore” on page 76
“Single File or Directory Restore” on page 76
Single Server or an Entire Tree Restore

1 Restore the entire eDirectory session from your SMS backup.
You will have no session file to work from at this point. Choose the option
to restore without session files.
2 Continue through Step 15 on page 65 to Step 19 on page 65 to restore
eDirectory.
Custom eDirectory Restore
To perform a custom eDirectory restore, do the following.

2 Select Job Administration.
3 Select Restore Options > Advanced Restore Options > Subsets of What
to Restore.
5 Specify whether or not to overwrite the existing parent or child.
A parent is a container. A child is an object, which is the lowest level of
the latest date, accept YES for parent, child, or both.
Setting Up 73

103-000134-001
August 29, 2001
Novell Confidential
If you do not want to overwrite the parent or child that exists on the hard
has the latest date, select the option (parent or child or both), and enter N.
Custom File System Restore
To perform a custom file system restore, do the following.

2 Select Job Administration > Restore Options > Advanced Restore
The screen lists major and minor resources. The word DEFAULT
indicates that none of that type of subset has been specified.
4 (Conditional) If you want to exclude certain types of data from the restore
session, select Job Administration > Restore Options > Advanced Restore
Options > Open Mode Options, and then edit the form.
The backed-up data set contains the various types of data items listed on
the screen. By default, all types of data items are included in the restore.
If you want to exclude any item, select it and enter Y. Press Esc when you
are finished editing the form.
5 (Optional) Restore data to a different workstation or location on a
different NetWare server.
5a Back up the data from the server where it resides.
5b Exit to the Main Menu.
5c Select Change Target to Back Up From or Restore To screen from
the Main Menu.
6 (Optional) Restore data to a different workstation or location within the
backed-up server's file system structure.

103-000134-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Follow these important rules about restoring to a new location:

When you specify a particular portion of the file system structure as
the source location, it does not necessarily mean that this will be the
only data restored. You can influence what is restored by using the
Include and Exclude options on the Choose Subsets Of What You're
Restoring screen (Job Administration > Restore Options > Advanced
Restore Options > Subsets of What to Restore).
You can restore only to a new location in the name space that is
supported by the drive you are restoring to.
OS/2 workstation only—On an HPFS drive you can rename only in
the OS/2 name space, and on a FAT file system you can rename only
in the DOS name space. However, SBCON displays both names
spaces in the log file even though only one is valid.
If you do not want to overwrite any subdirectories that might exist in
the area you have included, you must specifically exclude them by
their full path.
6a Go to Subsets of what you want to restore, press Enter, and then
Insert, select the name space you want, and enter the name you used
for your backup at the Enter the Data Set Name field.
6b Enter the full directory path of the source including the volume
name.
6c Enter the full directory path to the new destination.
6d Press Esc to save your changes.
NOTE: The eDirectory Target Service Agent (TSANDS) does not support
restoration of data to a different location.
7 Specify whether to overwrite the existing parent or child.

A parent might be a server, a volume, or a directory. A child is a file,
which is the lowest level of the file system structure.
the latest date, accept YES for parent or child or both.
If you don't want to overwrite the parent or child that exists on the hard
has the latest date, select the option (parent or child or both), enter N.
Setting Up 75

103-000134-001
August 29, 2001
Novell Confidential
If you want to overwrite the child that exists on the hard disk only if the
date of the backed-up copy on the media is later than the date of the copy
on the hard disk, select Overwrite Existing Child and select the option.
Server-Specific Information Restore
To view and restore server information, do the following.

Options > Subsets of What to Restore > Include Major TSA Resources.
The Selection List Options screen appears and is empty.
2 Press Enter to see the Selection List Options. Press Insert to see the server
specific information.
3 Select the Server-Specific Info and press Enter.
Esc returns you to the Selection List Options.
This will return you to the Choose Subset of the Session to be Restored
screen.
4 Complete the form and press Esc.
This will return you to the Restore Options screen.
5 Complete the Restore Options form and press Esc.
The server-specific information will be restored to the
SYS:SYSTEM\failed_server_name directory of the server on which you
are running SBCON.
Single File or Directory Restore

2 Enter the full path and name of the file or directory, including full
directory and volume names.
The following options appear:
Include/Exclude directories (full path)
Include/Exclude files
Include/Exclude path/files

103-000134-001
August 29, 2001
Novell Confidential
3 Press Insert and enter the name space for the name space format you used
when entering the file or directory name.
The name space allows SBCON to correctly interpret the path
information entered earlier in this menu in either the directory field or the
location field.
IMPORTANT: If files are restored to a new location, the name spaces must be the
same or an error message will occur.
You can restore to a new location only in the name space that is supported
by the drive to which you are restoring.
The supported name spaces are DOS, FTAM, Macintosh, NFS, and long.
SBCON provides a list of the name spaces currently loaded on the target
to which you are restoring.
For example, if you are restoring to a new Macintosh location, enter a
path, (for example, SYS::test:monday) and then enter Macintosh
as your name space.
4 (Optional) Restore to a new location (located in Rename Data Sets).
4a Enter the source path, including the volume name, to the target
directory (a location different from where the data was backed up).
Enter Volume:/directory/directory
4b If the new location you are restoring to is a different NetWare server,
do the following:
1. Back up the data from the server where it resides.
2. Exit to the Main Menu.
3. Change your target to the server you want to restore the data to.
Setting Up 77

103-000134-001
August 29, 2001
Novell Confidential
Completing the eDirectory Restore

If you restored the eDirectory database to volume SYS:, you should complete
the restoration for the following to make sure the eDirectory database is
working properly:
Volume Other than SYS:
To finish restoring eDirectory on a volume other than SYS:, do the following.

1 Bring the server up.
To finish restoring eDirectory on a server, do the following.

1 Restore the full file system following “Restoring Data” on page 62.
To finish restoring eDirectory on multiple servers, do the following.

1 Restore replicas to the server.
The DSMISC.LOG file, which is created when the SERVDATA.NDS is
restored, contains the partition and replica information that resided on the
failed server at the time of the backup. This will show you what replicas
were on the server when it failed.

103-000134-001
August 29, 2001
Novell Confidential
Entire Tree
To finish restoring eDirectory on the tree, do the following.

1 Restore the file system information to each server following “Restoring
Data” on page 62.
2 Re-create partitions and replicas.
Partial eDirectory Restores
Certain conditions might arise in special cases involving the backup and
restoration of eDirectory information.
The SMS TSA software allows you to do selective restores from the backup
media. However, partial restoration of eDirectory from a backup can have
many subtle consequences, particularly when only a single object or a selected
group of objects is restored.
For partial eDirectory restores, keep these two main issues in mind:
Object ID numbers—If you restore objects that no longer exist in the
eDirectory tree, those objects receive new ID numbers when restored.
New object IDs affect file system trustees, print queue directories, user
mail directories, etc.
If you restore objects on top of objects that exist in the eDirectory tree,
the objects do not receive new ID numbers. These objects' current
attribute and property information is overwritten with previous
information from the SMS backup.
Objects that depend on other objects—In the eDirectory schema,
objects are defined to have certain attributes. Some of these attributes are
mandatory (meaning they must contain a value); others are optional.
For some eDirectory objects, the value for a particular attribute is a
reference to another object upon which the object depends. For example,
Queue object has a Queue Directory attribute that contains the file system
path to the queue directory. It also has a Host Server attribute that
Setting Up 79

103-000134-001
August 29, 2001
Novell Confidential
identifies the file server on which the queue directory resides. This
information is used to determine the physical location of the resource.
The specifics of restoring objects vary depending on what type of object
is involved and whether the object's dependencies are physical entities
(servers and volumes) or logical entities.
In some cases, you can simply restore an object and everything will work
fine. In other cases, an object might be restored but not be functional
unless you first restore its dependent objects.

Restore of cluster-enabled pools is similar to a normal restore session.
See “Restoring Data” on page 62.
supported.

103-000134-001
August 29, 2001
Novell Confidential
3 Managing
After you install and load SBCON, you can manage your jobs, data, devices,
reports, and so on either from the server or workstation. Though the screens
might look different, you can perform the same tasks in each interface.
Be sure to read “Prerequisites for SBCON Tasks” on page 81 before
performing any tasks in this section.
“Administering Jobs” on page 82
“Storage Devices” on page 86
“Erasing or Retaining Media” on page 90
“Log and Error Files” on page 93
“Creating Session Files” on page 98
“Verifying Backup Data” on page 99
Prerequisites for SBCON Tasks

Before you can manage any backup tasks, ensure the following:
Drivers for your specific device and controller board are loaded.
SBCON files for your specific target are loaded.
The media is inserted into your storage device.
You can see the SBCON Main Menu on your server console or the Quick
Access window on your Windows 95, 98, 2000 or Windows NT
workstation.
Managing 81

103-000134-001
August 29, 2001
Novell Confidential
Jobs
The backup or restore jobs created by you can be administered anytime. You
can delete, hold, reschedule, abort, or enable a job.
Administering Jobs
Jobs can be managed either from the server or from the workstation.
From the Server
On the SBCON Main Menu at the server, the Current Job List option gives you
a job management facility where you can delete a job, hold a job, or enable it
if it has been disabled after a job failure. You can even monitor the status of
the backup/restore jobs you have submitted.
Current Job List provides the following information about all jobs submitted.
The name of the server from which the job was submitted. If you
initiated the job from the client, locate the workstation name. See
“Viewing the Job Queue” on page 83.
The job name that you entered on the Backup Options form. The job
name can be renamed using the Job Details screen if you are rescheduling
it to run another time and you want to change the name. See “Viewing Job
Details” on page 84.
The Hold status. If you want to prevent a prescheduled job from
execution, you can put it on Hold. See “Postponing a Job” on page 85.
The job status, whether it finished the execution of the request, or if
it was submitted for execution at a later time. Other statuses are: active
currently, could not run, processing, failed, and success. The log of each
of these status reports can be viewed using the log and error reporting. For
more details see “Log and Error Files” on page 93.
From a Workstation
From Job Administration at the Quick Access window of a Windows

workstation or at the toolbar, you can access the current list of jobs. If you
select a job, you can see the properties, which include the following:
General properties contains fields for the Job Name, Job Type,
Submitted By, Entry Open, and Serviced By. These fields are the same as
the Job Details screen at the server.
Static properties contains fields for the Job Status, Job Submitted At,
Execution Time, and Job's Rescheduled Count.

103-000134-001
August 29, 2001
Novell Confidential
Dynamic properties contains data that indicates how much data has been
backed up along with the filenames. This dialog box appears when a job
is running and SBSC is loaded on the server.
Enable job allows you to start a job that has been disabled.
Delete the job allows you to remove a job.
Start/Hold the job allows you to start a job that is in the hold state or
place it on hold if it is not in a hold state.
Reschedule options contains fields for changing the backup schedule.
Abort cancels an active job.
“Viewing the Job Queue” on page 83
“Viewing Job Details” on page 84
“Postponing a Job” on page 85
Viewing the Job Queue
You can view the job queue from the server or a workstation.
From the Server

The Queue Jobs screen displays a list of all jobs, showing each job name,
hold status, status of the job, and name of the server from where the job
was submitted.
From a Workstation
1 At the Quick Access window, click Job Administration
2 Double-click the context of the queue location.
A list of jobs appears.
4 (Optional) Select a job from the list > right-click and then click Dynamic
Properties to view the dynamic properties of the job.
You can also view the properties using the toolbar. Click Job
Managing 83

103-000134-001
August 29, 2001
Novell Confidential
Viewing Job Details
This screen gives you all the details of the job you submitted including job
name, the time the job was submitted, and the time the job should be executed.
You can also schedule the job to run at a predefined time again after its
execution.
You can view job details from the server or a workstation.
From the Server

2 Select one of the jobs listed and press Enter.
The Job Details screen appears displaying the following information:
Job Name—A descriptive name of the job for your identification.
You can change the name if you want to reschedule the job and run
it again.
Disabled— Indicates whether the job is disabled. If it is, this field
displays Yes; if enabled, it displays No. Updates to this field depend
on the job status. If the job status is Could Not Finish, the
message is Yes. You can perform the required troubleshooting and
change this field to No, subsequently allowing the job to execute.
After completion of the job, the Disabled field indicates Yes.
Submitted By—The name of the server where you have submitted
the job. If you submitted the job from a client, it displays the name of
the workstation and is the same as the Owner in the Queue Jobs
screen.
Submitted at—The date and time the job was submitted. The
execution time could be different depending upon the specifications
you defined in Execution Time and Scheduling Options in the same
screen.
Entry Open—The status is Yes when the job is active and No when
it is inactive. This is one of the fields that is updated automatically.
Execution Time—An option to give the time and date when you
want the job to run. It is the same as the Execution Time in the
Advanced Backup Options form.

103-000134-001
August 29, 2001
Novell Confidential
Serviced By—This indicates the name of the server where the job is
to be executed. From a single server, you can submit jobs to various
servers. This field indicates which job is serviced by which server.
This field is active only when the job is active; otherwise, it indicates
None.
Scheduling Options—You can schedule the same job to run at
another time. For information, see “Customizing Backup” on page
53.
Session Report—Press Enter at this field to view the session log
report or the session error report for the particular session you
selected. The same information can be seen in the Error Log File
where it gives a log of all the jobs. For information, see “Viewing a
Log File” on page 93.
From a Workstation
4 Select the job from the list.
5 Right-click the job and then Dynamic Properties to view the dynamic
properties of the job.
(Optional) You can view the properties using the toolbar. Click Job
Postponing a Job
This task lets you to place a job on hold from either the server or a workstation.
From the Server

The Queue Jobs screen appears with a list of jobs.
2 Select a job and press Tab.
The job is on hold if Hold is displayed in the column. If no status is
displayed, it is ready for execution at the time you configured it. Press Tab
to toggle holding a job.
Managing 85

103-000134-001
August 29, 2001
Novell Confidential
From a Workstation
4 Select the job to place on hold.
5 Right-click the job and then click Start/Hold the Job.
(Optional) You can also hold the job using the toolbar. Click Job
Administration > Start/Hold the Job.
Storage Devices
The Storage Device Administration option of the SBCON Main Menu at the
server or the Device Administration button at a Windows workstation lists the
devices and the media you can access.
You can perform the following administrative tasks:
“Checking the Device Status” on page 86
“Changing the Device Label” on page 87
“Viewing the Media List” on page 88
SBCON supports autoloader, which holds multiple media within a magazine.
Every magazine has slot numbers given by the manufacturer and each slot
holds a single medium. This is extremely useful when you are backing up a
large server. If one medium is fully written, the SME automatically writes to
the other available media.
IMPORTANT: Any media under a device becomes inaccessible if a job is running
on it because it is reserved by the engine. Any job scheduled to be executed at that
instance will fail.
Checking the Device Status
The Device Status screen displays information about the current status of a
device, such as read, write, and format from the server or workstation. It also
gives information on the storage capacity.

103-000134-001
August 29, 2001
Novell Confidential
From the Server

2 Select a device and press Insert.
3 Select Utilities > Device Status.
The Device Status screen is displayed listing the following information:
Current Operation—Indicates whether the device is currently
reading, writing, formatting the media, or none of these.
Device Mode—Indicates whether the device is selected for reading,
writing, or both.
Maximum Capacity—Indicates the total storage capacity of the
media currently present in the device.
From a Workstation
8 Right-click the device and then click Properties to view the Device Label
or Device Type.
(Optional) You can also view the properties using the toolbar. Click
Device Administration > Properties.
Changing the Device Label
The default names for storage devices are controlled by the device
manufacturers. These names are often not descriptive, so you change the name
of the device during multiple backup sessions. However, this change is
temporary, and it is lost after a reboot. If you have several devices, it might be
difficult to remember which name goes with which device. For this reason,
renaming storage devices is helpful.
Managing 87

103-000134-001
August 29, 2001
Novell Confidential
You can change a device label from the server or a workstation.

From the Server

2 Select a device name and press Insert.
3 Select Utilities > Change the Device Label.
4 Enter the new name in the field.
5 Press Esc as required to return to the Main Menu.
From a Workstation
8 Right-click the device to change.
9 Click Properties > Device Label.
10 Change the name in the Device Label field.
11 Click OK.
Viewing the Media List
This task allows you to view your list of devices from the server or a
workstation.

103-000134-001
August 29, 2001
Novell Confidential
From the Server

If no device is displayed in the list, run LIST DEVICES at the server
prompt.
2 Select a device name and press Enter.
The List of Media screen appears displaying the following information:
Slot—The slot number given by the manufacturer.
Media name—The name of the media, which can be changed using
the Utilities menu. See “Erasing or Retaining Media” on page 90.
Number—The sequential number of the media (tape) in a particular
backup set. SBCON automatically labels and appends an
incremental number to any backup session that spans multiple media.
HINT: It takes a lot of time to display the media in an Autoloader. However, once
the media list is displayed, press Tab to access it. This will not rescan the device
for new media. Press Enter only when you remove or add media.
From a Workstation
8 Right-click the preferred device.
9 View the media list.
Managing 89

103-000134-001
August 29, 2001
Novell Confidential
Erasing or Retaining Media
This task erases media headers, erases all data on the media, or retentions
media in tape devices.
The following table describes all media options.
Option Explanation
Change the Media Label This is permanent. Blank media (tape) does not have a label. Before
submitting a job to the media, you need to label it.
Erase the Media This option erases the tape completely. It might take up to two hours,
depending on the size of the media.
Erase the Media Header This is a quick method of making the media appear blank. Although it
is less secure than erasing all the data, this method is quick and
effective.
Media Status This option lets you view the status of the media.
Move the Media This option moves the media from one slot of an autoloader to another
slot. It is not a valid operation on a single media device.
Retention of Media This option is for tape devices that allow retention (for example, 0.25-
inch cartridges). This rewinds the tape, which might resolve a problem
reading the tape. An error appears if the driver does not support this
method on the device.
From the Server

4 Select Utilities > Erase the Media [or] Retention of Media.
From a Workstation

103-000134-001
August 29, 2001
Novell Confidential
8 Right-click the media > click Erase Media [or] Retension.
(Optional) You can also use the toolbar. Click Device Administration >
Media > Erase Media [or] Retension.
Checking the Media Status in a Device
This task lets you check the status of a particular media type from either the
server or a workstation.
From the Server

4 Select Utilities > Media Status.
A screen is displayed listing the following information:
Number in Media Set—The sequential number of the media within
a particular media set.
SBCON automatically labels and appends an incremental number to
any backup sessions that span multiple media.
Creation time—The time the current media label was first used on
this media.
Mount status—Whether the media is Mounted (ready for reading or
writing). There are two status messages:
Mount Pending: The request to mount is waiting to be processed.
Not Mounted: The media not ready to access.
Managing 91

103-000134-001
August 29, 2001
Novell Confidential
Media mode—Whether the media is selected for reading, writing or

both, or whether the mount request is pending.
Media type—The type of media in the device, such as 4mm DDS
(Digital Data Storage) tape, or 8mm tape.
Total capacity—The total capacity of the media, if known.
Sometimes it is not displayed, depending on the media manager.
The type of media manager controls the display of the total capacity
of the media.
From a Workstation
1 Click Device Administration at the Quick Access window.
8 Right-click the preferred media > Properties > Media Status.
Spanning Storage Media

If the storage media you are using does not have enough space for the entire
backup, SBCON will span the media, prompting you to insert additional
media when the first medium is full.
HINT: Always have extra media on hand in case the backup session spans more
than one medium.
SBCON designates the first media as label #1 and increments any subsequent
medium with the same label.
WARNING: To help safeguard your network, SBCON disconnects from the target
when a delayed backup is complete. If the delayed backup session cannot fit on
the media, SBCON prompts you to insert additional media. If additional media are
not inserted, the backup does not finish and SBCON does not disconnect, thereby
compromising security.

103-000134-001
August 29, 2001
Novell Confidential
Log and Error Files

SBCON keeps a list of all the log and error files, which show specific
information about the backup and restore session. See “Session Files” on page
37 for more information.
You can manage these files as follows:
View information contained in the log and error files.
See “Viewing a Log File” on page 93 and “Viewing an Error File” on
page 94 for information.
Create these files.
See “Creating Log and Error Files” on page 96 for information.
Change the location of these files.
See “Setting the Location of Backup Log and Error Files” on page 96 for
information.
Delete these files.
See “Deleting the Log Files” on page 97 for information.
Viewing a Log File
This task lets allows you to view your log file for backup and restore
information from either the server or a workstation. The log file is created on
the host server the first time data is backed up or restored and contains details
about the session.
From the Server

Log File.
page 94.
directory, and then press Esc to return to the previous window, and
then go to Step 3 on page 95.
Managing 93

103-000134-001
August 29, 2001
Novell Confidential
The backup log displays all supported name space types. The DOS name
space is the first in the group. A right-angle bracket (>) appears next to
the file creator's name space type.
If you have linked UNIX files, SBCON retains both symbolic and hard
links created under the NFS name space type, but links are not listed in
the backup log. Restoring the original file restores associated links.
3 To return to the Main Menu, press Enter and then Esc.
answer the confirmation prompt.
From a Workstation
1 At the Quick Access window, click Reports
7 Select Session Report.
The server displays where the report is located.
Viewing an Error File
An error file records any errors that occurred during the backup or restore
session. (See “Session Files” on page 37.) It can be viewed from the server or
a workstation.

103-000134-001
August 29, 2001
Novell Confidential
From the Server

1 From the SBCON Main Menu, select Log File Administration > View an
Error File.
page 95.
Press Insert to choose from a list of network directories, choose a
directory, press Esc to exit and then go to Step 3 on page 95.
Restore errors are appended to a session's backup error file. A Restore
Session Begins message marks the beginning of the restore errors,
if any exist.
If you linked UNIX files, symbolic and hard links created under the NFS
name space type might not be restored if the pathname is not recognized.
When this happens, the error file contains messages similar to the
following:
Error restoring namespace specific information of
XXXX:tmp/hosts in NFS namespace, error 0x7!
Unable to allocate directory handle for XXXX:tmp/test!
3 When you are finished viewing the file, press Esc.
respond at the confirmation prompt.
From a Workstation
1 At the Quick Access window, click Reports.
Managing 95

103-000134-001
August 29, 2001
Novell Confidential

7 Select Error Report.
Creating Log and Error Files
and error files, you can re-create them.
To create a log or error file, see “Creating Session Files” on page 98.
Setting the Location of Backup Log and Error Files
Every time you do a backup, you are required to set a location (or directory
path) for the log and error files. The restore log and error files are always
located in the directory, SYS:SYSTEM/TSA/RESTORE.
You can set the location when requested in the backup procedures, or you can
use the following method prior to beginning the backup procedures.
1 From the SBCON Main Menu, select Log File Administration > Set
Location of Log and Error Files.
2 Set the location using one or more of the following methods:
Press Enter to accept the default location, and then press Esc to return
to the Main Menu.
directory, and press Esc twice to return to the Main Menu.
a new directory or path, press Enter, and then press Esc to return to
the Main Menu.

103-000134-001
August 29, 2001
Novell Confidential
Deleting the Log Files
SBCON allows you to overwrite sessions and reuse storage media.

When you delete the log file for a session using the following procedure, you
automatically delete the corresponding error file as well.
To prevent outdated session information from taking up disk space and to help
prevent confusion when you select sessions to view or restore, delete the
session log files for any session that has been overwritten.
NOTE: You cannot delete log and error files at the workstation.
To delete the log and error files from the server, do the following.
Log File.
2 If you have not set the location of log and error files, do so now using one
or more of the following methods:
page 97.
Press Insert to select from a list of directories, select a directory, press
Esc to return to the previous window, and then go to Step 3 on page
97.
a new directory or path, and then go to Step 3 on page 97.
You can also press Insert during this process to select existing parts of the
path from a list.
3 Select the description of the session that you have overwritten (or plan to
overwrite) and press Delete.
A confirmation prompt is displayed.
4 To delete the log and error file for that session, click Yes.
Managing 97

103-000134-001
August 29, 2001
Novell Confidential
Creating Session Files
and error files, you can re-create them from either the server or a workstation.
From the Server

1 From the SBCON Main Menu, select Job Administration > Create
Session File.
The Session Files Options screen appears.
2 Enter a descriptive name.
3 Select the media you will be using.
If you have only one loaded, press Enter to accept the default.
4 To verify the media, press Enter.
SBCON reads the media and shows you the selected session.
5 Confirm the creation of the session files.
If the session selected is the session you want for log and error file
creation, click Yes, Create Files for This Session.
If the session selected is not the session you want for log and error file
creation, click No, Go to the Next Session.
If you elect to create session files, they will be created in the location you
chose.
From a Workstation
1 At the Quick Access window, click Create Session.
4 Select the preferred queue.
6 Select the preferred server.
8 Select the preferred device.

103-000134-001
August 29, 2001
Novell Confidential
9 Select the preferred media.

10 Right-click the job and select Submit the Job.
11 Check the appropriate fields in the Submission of Job dialog box.
Verifying Backup Data
This option allows you to check the data on the media from either the server
or a workstation to make sure it has been backed up properly, and to check
later that the data is valid and can be restored.
You can verify the backup data in two ways:
If you know what sessions are on the media and you have the log and error
files, you can select the session from the list.
If you do not know what sessions are on the media, and if you are not sure
the log and error files still exist, you should create the session files.
From the Server

1 Select Main Menu > Job Administration > Verify
The Verify Options screen appears.
2 Enter a descriptive name for the verify job.
3 Select the device and media of the job.
You can also manually enter this in the form device name.media name.
4 Press Enter in the Session to Restore field.
A list of all backup sessions is displayed in the Select a Session screen.
5 Select a session from the list.
6 Submit the job after confirming the Submit Job? prompt.
7 Select Job Administration > Current Job List.
8 Select the job you have submitted.
If there were no problems with the verification or the data, the Run Time
Status screen displays the following message:
The verification process was completed normally.
Managing 99

103-000134-001
August 29, 2001
Novell Confidential
From a Workstation
1 At the Quick Access window, click Verify.
2 Double-click the context if necessary.
8 Double-click the preferred device.
9 Right-click the preferred media.
10 Select Submit the Job.
11 In the Submission of Job dialog box, click the session.
12 Click Finish.

103-000134-001
August 29, 2001
Novell Confidential
4 Optimizing

Whether you should compress your files before backup. See
“Compressed Files” on page 101.
How to increase speed when backing up your files. See “Host Server
Performance” on page 102.
How to enhance or optimize server performance. See “Setting Minimum
Packet Receive Buffers” on page 103.
How to synchronize memory between your media and your server. See
“Setting Reserved Buffers Below 16 MB” on page 103.
Compressed Files
WARNING: SBCON and file compression should not be run simultaneously.
Because the default time for both delayed SBCON sessions and compression is
midnight of the current day, change one of these defaults to another time
immediately.
If you want to perform a delayed backup that includes files flagged for
compression, schedule the delayed backup after the compression time to allow
time for the compression to be completed.
When a NetWare 6 volume is mounted, file compression is set to On by

default. When you perform a backup, you can specify whether to keep already
compressed files in a compressed state for the backup, or back them up in a
decompressed state.
Optimizing 101

103-000134-001
August 29, 2001
Novell Confidential
To help you make a decision about whether to compress or decompress your

backed up data, follow these guidelines:
Backups are faster if files already compressed are left compressed.
Compression is not supported in some environments (such as a NetWare
3.11 server, a DOS workstation, or Novell Storage ServicesTM). If you
intend to restore a file that is currently compressed to an environment that
does not support compression, back it up in a decompressed state.
The SBCON utility has no compression feature, so it cannot compress a
file that is currently decompressed.
If volume compression is turned on and you back up compressed files in
a decompressed state, restore speed is degraded if you overwrite existing
files.
To improve restore speed, delete the files you no longer want from the
hard disk before restoring them from the backup media. If you back up
compressed files in a compressed state, restore speed is not affected.
You might run out of disk space if you restore decompressed files to a
volume that compresses files.
Host Server Performance

The speed of the SBCON utility depends upon the configuration of the host
server and whether the server is backing up its own data or that of another
server or workstation.
For information on server configuration and setting parameters, see
Communications Parameters and File Caching Parameters under SET in
NetWare Utilities Reference.
A server backing up its own data runs about twice as fast as a server backing
up data from another server.
This section includes four options using LOAD and SET commands that can
enhance your host server's performance.

103-000134-001
August 29, 2001
Novell Confidential
Setting Minimum Packet Receive Buffers
Packet receive buffers represent the space in the server memory dedicated to
handling network traffic. If the buffers are set too low, the server performance
may be degraded.
To reset the packet receive buffers at the server console prompt, include the
following SET command in the STARTUP.NCF file:
SET MINIMUM PACKET RECEIVE BUFFERS = X
The x represents the number of buffers. Set two buffers for each user on the
system. The minimum is 10. The changes will take effect immediately.
Setting Reserved Buffers Below 16 MB
If your storage device driver requires memory below 16 MB and the server has
more than 16 MB available to it, you must reserve memory below 16 MB for
the driver.
To change the reserve memory at the server console prompt, include the
following command in the STARTUP.NCF file:
SET RESERVED BUFFERS BELOW 16 MEG=X
Replace the x with a number between 8 and 300. The default is 200.
Setting Maximum Subdirectory Level and Minimum Cache Buffers
If you change the maximum subdirectory level in the server's STARTUP.NCF

file, you must also change the minimum cache buffer. The default maximum
subdirectory level is 25.
To change the cache buffers at the server console prompt, include the
following commands in the AUTOEXEC.BAT file:
SET MINIMUM FILE CACHE BUFFERS=X
SET MAXIMUM DIRECTORY CACHE BUFFERS=X
This command changes the minimum and maximum directory in MONITOR

> Available Options > Server Parameters. The changes will take effect
immediately.
Optimizing 103

103-000134-001
August 29, 2001
Novell Confidential

103-000134-001
August 29, 2001
Novell Confidential
5 Troubleshooting
Common Backup Problems

The media owner is unidentified
Possible Cause: Media is blank or was written in a non-SIDF format.
Action: See “Checking the Media Status in a Device” on page 91.
Backup speed is slow

Possible Cause: Compressed files are being backed up in a decompressed format.
Action: See “Compressed Files” on page 101.
Restore speed is slow

Possible Cause: File compression and SBCON are running at the same time.
Compressed files are being overwritten with decompressed files.
Action: See “Host Server Performance” on page 102.
The target you want is not listed

Possible Cause: The Target Service Agent isn't loaded on the desired target.
Action: See “Backing Up Data” on page 49.
Possible Cause: Insufficient time to list the targets.
Action: Allow more time for the software to find the target.
Possible Cause: The host and target are physically far apart and network traffic is heavy.
Action: Wait to perform a backup during nonpeak hours or when fewer users are
logged in.
Troubleshooting 105

103-000134-001
August 29, 2001
Novell Confidential
Data is corrupted, but no error message was given

Possible Cause: Compressed files were restored to a volume without compression.
Action: See Step 10 on page 64.
You (the network administrator) can't back up a workstation

Possible Cause: The /Password option is set and is denying access to data on the workstation.
Action: See “Setting Rights to Back Up Portions of the eDirectory Tree” on page 26.
Possible Cause: Backup was attempted from two different servers at the same time. One
succeeded and the other one failed.
Action: Check to make sure all necessary backup software is installed loaded.
A backup does not contain all changes

Possible Cause: Differential and incremental backups were combined.
Action: Use one or the other of these types in conjunction with full backups. See
“Backup Types” on page 16.
Changed files are not recognized

Possible Cause: The modify bit was cleared after the last customized backup, so changed files
are not recognized.
Action: See “Backup Types” on page 16.
Unable to find the session log file you want

Possible Cause: It might be in a different directory or you might have deleted it accidentally.
Action: See “Deleting the Log Files” on page 97.
Pressing Insert on a device list does not produce a media list at the server
Possible Cause: No medium has been selected.
Action: Use the Select option at the bottom of the screen.
The Time Form Is Invalid message displays when you try to schedule a delayed
backup
Possible Cause: The date has been entered incorrectly in the time form.
Action: Check that the scheduling has been entered correctly.

103-000134-001
August 29, 2001
Novell Confidential
Files were restored but the error file contains a message specifying which name
space formats were not restored
Possible Cause: The file attributes and name space formats are not configured on the volume
you restored to.
Action: Check to make sure you selected the correct name space.
Can't list devices or see the Session/Error Report from the client and the message
Unable to Establish Communication with Server appears
Possible Cause: A client-server communication problem.
Action: Check whether SBSC is loaded on the server. If not, load it.
If SBSC is already loaded, unload and reload it again.
Troubleshooting 107

103-000134-001
August 29, 2001
Novell Confidential

103-000134-001
August 29, 2001
Novell Confidential
iPrint Administration Guide
Novell
NetWare 6 ®
www.novell.com
I P R I N T A D M I N I S T R AT I O N G U I D E
August 31, 2001

Novell Confidential
Contents
Contents 5
Simplify Printing Using iPrint 7
1 Understanding iPrint 9
The Novell iPrint Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Scenario 1: Printing across the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Scenario 2: Mobile Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Scenario 3: Printing Instead of Faxing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2 Setting Up iPrint on Your Server 13

Installing iPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
iPrint System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Setting Up DNS for the Print Services Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Enable DNS on the Print Services Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Add the DNS Name to the DNS Name Server . . . . . . . . . . . . . . . . . . . . . . . . . 15
Configuring iPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Using iManage for Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Configuring iPrint Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Disabling iPrint Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Enabling iPrint on All Printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3 Setting Up iPrint on Client Workstations 19

Client Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Using the Default Printer Lists Generated by iPrint . . . . . . . . . . . . . . . . . . . . . . . . 20
Creating Location-based Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Using ZENworks to Distribute iPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Auto-client Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Saving Passwords for Secure Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Uninstalling the Novell iPrint Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4 Customizing iPrint 23
Setting Up Location-based Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Creating Location-based Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Creating Printer Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Customizing the HTML Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Contents 5

103-000136-001
August 31, 2001
Novell Confidential
Printer Availability on Workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Printer Driver Default Install Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
5 Setting Up a Secure Printing Environment 31

Secure Printing Using SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
A Configuring the HTML Interface 33

iPrint Client HTML Interface Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Internet Explorer Browser Customization . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Netscape Browser Customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
HTML Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
call-back-url . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
debug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
driver-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
error-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
file-path-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
job-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
job-list-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
persistence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
printer-url. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
result-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
target-frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Supported Operations Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
op-client-interface version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
op-client-is-printer-installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
op-client-version-info. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
op-job-cancel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
op-job-get-info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
op-job-hold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
op-job-hold-release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
op-printer-get-info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
op-printer-get-status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
op-printer-install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
op-printer-list-all-jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
op-printer-pause . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
op-printer-purge-jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
op-printer-remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
op-printer-resume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
op-printer-send-file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
op-printer-send-test-page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
6 iPrint Administration Guide

103-000136-001
August 31, 2001
Novell Confidential
Simplify Printing Using iPrint
iPrint is Novell’s® next generation of printing software that lets users to print
from anywhere to anywhere. Utilizing the Internet Printing Protocol
standarad, iPrint lets users use their Web browser to install printers on their
workstations. Once installed, users can print to iPrint printers through their
applications just like any other printer. These printers can be located down the
hall or across the ocean.
The following chapters provide information you need to implement iPrint:
Chapter 1, “Understanding iPrint,” on page 9
Chapter 2, “Setting Up iPrint on Your Server,” on page 13
Chapter 3, “Setting Up iPrint on Client Workstations,” on page 19
Chapter 4, “Customizing iPrint,” on page 23
Simplify Printing Using iPrint 7

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
1 Understanding iPrint
iPrint lets mobile employees, business partners, and customers access printers
from a variety of remote locations using existing Internet connections.
Whether users are located in an office building, telecommuting from home, or
attending a sales meeting in another country, iPrint ensures that they can print
documents quickly, easily, and reliably.
Using a Web browser, users point to a Web page that displays the available
printers. By clicking a printer, the iPrint client is installed (if not installed
previously), the printer’s driver is downloaded, and a printer is created in the
user’s Printer folder, enabling the user to print to the printer from any
application on his or her desktop.
iPrint uses the Internet Printing Protocol (IPP), an industry standard, to
eliminate the complexities of printing over the Internet and to make location-
based printing a reality.
The benefits of IPP include the following:
Uses simple protocol
Provides broad vendor support
Works over local networks and the Internet
Provides for print data encryption (SSL, TLS)
Provides a standard print protocol for all platforms (Windows*,
Macintosh*, Linux*, UNIX*, etc.)
For more information about IPP, see the documents available at the Printer
Working Group (http://www.pwg.org/ipp/index.html) Web site.
Understanding iPrint 9

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
In addition to the benefits of IPP, Novell’s implementation of iPrint adds the

following value:
One Net printing for global access
Print driver download and installation
Location-based printing
Browser-enabled print interface
Customizable user interface
Secure information transfer
Using iPrint, mobile users no longer have to hunt down administrators to find
out a printer’s name and context and the required print driver. Instead, mobile
users use a Web browser to locate nearby printers and download and install the
latest print drivers. Companies can reduce communication costs by reducing
the need to fax documents between offices. Instead, companies can use their
existing Internet connections to print documents to remote printers.
For secure printing needs, iPrint integrates with Novell® eDirectoryTM to
ensure that only authorized users can access the printer. Users are challenged
with their eDirectory username and password. Print data is also encrypted to
ensure that sensitive print data is kept secure and unaltered.
The Novell iPrint Solution

Novell iPrint utilizes the NDPS® infrastructure, while improving the user’s
print experience. The Novell implementation of the Internet Printing Protocol
comprises three components:
A print provider and a set of browser plug-ins that are installed on a user’s
workstation. The Novell ClientTM is not required.
The IPPSRVR.NLM runs on a NetWare® server. When an NDPS printer
is configured as an IPP printer, the print services manager automatically
loads this NLMTM on the server.
A set of HTML pages are provided to install the iPrint client software and
printers as well as to view and manage print jobs. These pages are
customizable. For more information, see Chapter 4, “Customizing
iPrint,” on page 23.
After setting up iPrint for your network, the system easily expands to support
the following scenarios.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Scenario 1: Printing across the Internet

John is an employee working at home who wants to send a document to a
printer at his office. John does not remember how to dial into the company’s
network, but he has access to the Internet.
1. After the administrator has set up iPrint, he will need to enable a port on
his firewall to allow access to the company’s intranet from the Internet.
For security, the administrator should enable port 443, which uses SSL.
Port 443 requires users to authenticate using their eDirectory username
and password. If a user does not have an eDirectory account, then the
administrator can use the unsecured port 631.
2. John points his Web browser to the URL, http://server_IP_address_
or_DNS_name:443/ipp.
3. From the Web page, John selects the printer to install. The iPrint client is
automatically downloaded and installed on the computer. The printer
driver is also downloaded and the printer installed in the workstation’s
Printer folder.
4. From any application on his home computer, John can now print to the
company’s printer.
Scenario 2: Mobile Users

Gail is visiting her company’s branch office in Dallas, Texas. She needs to
print a presentation for an upcoming meeting. Outside of the office she is
using is a printer, but she does not know the printer’s name, eDirectory
context, make, model, or required print driver. Gail has used iPrint in a
different branch office and she knows that a link to iPrint is available from the
company’s intranet Web page.
1. Gail connects her laptop to the company network, clicks the iPrint link on
the company’s intranet Web page, and then clicks a link for the branch
office she is visiting. A map of the branch office and iPrint printers
displays.
2. Gail locates the office she is using and clicks the printer icon just outside
the office door.
3. The print driver is dowloaded and a printer is created in the user’s Printer
folder. She didn’t need to install the iPrint client software again because
she had used iPrint previously at a different branch office.
4. From her presentation application, Gail prints her presentation for the
upcoming meeting.
Understanding iPrint 11

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Scenario 3: Printing Instead of Faxing

Dan has just returned to his hotel room in Chicago after visiting with some
clients. While checking his email, he is reminded that he needs to submit a
color report to his boss in the corporate office in New York. The report is due
by 8 a.m.Although he could send the report by fax, he wants a high-quality
printout in color and he does not want to incur additional telephone charges.
1. Using his Web browser, Dan accesses the Internet and logs in to the
company’s intranet. Using the iPrint map pages, he locates an iPrint color
printer adjacent to his boss’ office.
2. After downloading and installing the print driver, Dan uses his
application to send the report to the printer.
3. Dan returns to the iPrint Web page and clicks the printer again to display
printer management options. He monitors the printer job list to see that
his print job is completed.
4. Finally, Dan sends an e-mail to his boss telling him that the report is
available at the printer.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
2 Setting Up iPrint on Your Server
iPrint is based on the Novell® Distributed Print ServicesTM (NDPS®)

architecture. In order to use iPrint, you must have NDPS installed and
configured. If you do not have an NDPS system set up, refer to the Novell
Distributed Print Services Administration Guide for more information.
The following sections will assist you in preparing NDPS to work with iPrint
“Installing iPrint” on page 13
“iPrint System Requirements” on page 14
“Setting Up DNS for the Print Services Manager” on page 14
“Configuring iPrint” on page 15
Installing iPrint
If you chose to install iPrint/NDPS during the NetWare® 6 installation, iPrint
software components were automatically installed on the server. If iPrint was
not installed during the installation, you need to install it by completing the
following steps.
1 From the GUI screen on the server, click Novell > Install.
2 If an iPrint/NDPS entry is listed, iPrint is already installed. If an entry
does not exist, click Add.
3 Insert the NetWare 6 Operating System CD into the drive.
4 Browse to the PRODUCT.NI file at the root of the CD.
5 Follow the installation prompts to install iPrint/NDPS.
Setting Up iPrint on Your Server 13

103-000136-001
August 31, 2001
Novell Confidential
iPrint System Requirements

Before you set up iPrint, you must have the following:
NDPS Broker:Provides network support services. For more information,
see Creating NDPS Brokers in the Novell Distributed Print Services
Print Services Manager: Provides a platform for printer agents. When
IPP printing is configured for a printer, the print services manager loads
the IPP software, IPPSRVR.NLM.
For more information, see Creating NDPS Manager in the Novell
Distributed Print Services Administration Guide.
NDPS Printer Object: Represents the printer and is associated to a
printer agent that combines the functions previously performed by a
printer, print queue, print server, and spooler.
For more information, see Creating NDPS Printers in the Novell
Distributed Print Services Administration Guide.
iManage : Provides browser-based management of Novell eDirectoryTM.
For more information on iManage, see Novell iManage Administration
Guide.
Setting Up DNS for the Print Services Manager

Each server that is running the print services manager loads IPPSRVR.NLM
when iPrint is enabled for a printer associated with that manager. Prior to
configuring printers for iPrint, you should configure a DNS name for each
print services manager. This lets you move the print services manager to a
different server while maintaining the iPrint URLs for the associated printers;
otherwise, iPrint will no longer work.
To correctly enable DNS for each print services manager, first “Add the DNS
Name to the DNS Name Server” on page 15 and then “Enable DNS on the
Print Services Manager” on page 15.
NOTE: If DNS is not set up for the print services manager and the manager is
moved to another server, users will have to reinstall their iPrint printers.
If a DNS name is added to the print services manager after iPrint is set up, iPrint
printers enabled before the DNS will not use the DNS name until the manager is
restarted.
If users install printers prior to the DNS name being added, their printing will work
only until the IP address of the print services manager changes. Then users will
have to reinstall their printers.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Enable DNS on the Print Services Manager

To configure a DNS name for the print services manager, use the print services
manager startup switch.
Syntax
NDPSM NDPS_Manager_Object_Name /dnsname=NDPS_Manager_DNS_Name
Example
NDPSM PrintManager1 /dnsname=Printing.MyCompany.Com
where PrintManager1 is the print services manager name and

Printing.MyCompany.Com is the desired DNS name.
Add the DNS Name to the DNS Name Server

After you enable the DNS name on the print services manager, you need to add
the DNS name to your DNS name server. For more information, see the Novell
DNS/DHCP Services Administration Guide.
Configuring iPrint
Using iManage for Network Management

iManage is a Web-based management utility to administer eDirectory objects.
For information on using and configuring iManage, see the Novell iManage
Administration Guide. Once iManage is installed and configured, you can
manage iPrint. This includes the ability to create, delete, and modify printers
and other NDPS objects.
The iPrint Management plug-in for iManage works only with Internet
Explorer 5.5 with Service Pack 2.
If you encounter a "Page Not Found" error while running iManage, do the
following:
1 Check that you are running Internet Explorer 5.5 with Service Pack 2
installed.
2 From Internet Explorer, click Tools > Internet Options > Advanced.
3 Uncheck Show Friendly HTTP Error Messages.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Configuring iPrint Printers

Complete the following steps for printers that are already set up in NDPS. For
more information on creating an NDPS printer, see Creating NDPS Printers
in the Novell Distributed Print Services Administration Guide.
1 From iManage, click iPrint Management > Manage Printer.
2 Browse to and select the printer you want to enable IPP printing for.
3 Click Client Support > IPP Support.
4 Check the Enable IPP Access check box.
The URL that appears in the Accepted IPP URL(s) box is the URL used
when the printer is created on a workstation. This is also the URL you
should use when creating map. For more information, see “Using the
iPrint Map Designer” on page 23.
5 (Optional) For secure printing, check the Require Security check box.
This requires users to authenticate to eDirectory using their usernames
and passwords.
6
7 Click Apply or OK to update the printer settings.
The IPPSRVR.NLM is automatically loaded on the server where the printer’s

print services manager is running.
Disabling iPrint Services

2 Browse to and select the Printer you want to modify.
4 Uncheck the Enable IPP Access check box.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Enabling iPrint on All Printers

To enable iPrint on all printers associated with a print services manager,
complete the following:
1 From iManage, click iPrint Management > Enable iPrint Access.
2 Browse to and select the print service manager you want to enable IPP
printing for.
3 To enable all printers associated with this print services manager, check
the first check box next to Enabled. To select printers individually, check
the check boxes next to the printers in the Enabled Column that you want
iPrint enabled for.
4 (Optional) To enable all printers associated with this print services
manager to use Secure printing, check the first check box next to Secure.
To select secure printers for specific printers, check the check boxes next
to each printer in the Secure column.
For more information on implementing SSL, see “Secure Printing Using
SSL” on page 31.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
3 Setting Up iPrint on Client

Workstations
In order for users to use iPrint, they need to install the Novell® iPrint Client
software and a printer. When a user selects a printer to be installed by iPrint,
iPrint checks to see if the Novell iPrint Client software is installed and installs
it if necessary. Then the printer driver is downloaded, and the printer is
installed in the user’s Printer folder.
iPrint Client files and printers can be installed from a Web page, or they can
be distributed using ZENworksTM. For more information on using ZENworks,
see “Using ZENworks to Distribute iPrint” on page 21.
This chapter helps you with the following:
“Client Requirements” on page 19
“Using the Default Printer Lists Generated by iPrint” on page 20
“Creating Location-based Printing” on page 20
“Using ZENworks to Distribute iPrint” on page 21
“Uninstalling the Novell iPrint Client” on page 22
Client Requirements
In order for iPrint to work properly, workstations should have the following:
Windows 95/98/ME or Windows NT*/2000
Web browser with Java Script* enabled and
Microsoft Internet Explorer 5.0 or later
Netscape 4.76 (iPrint is not supported on Netscape 6)
Setting Up iPrint on Client Workstations 19

103-000136-001
August 31, 2001
Novell Confidential
Using the Default Printer Lists Generated by iPrint

To enable users to use iPrint, you must give them the iPrint URL, which is
http://server_IP_ address_or_dns_name:631/IPP.
For example, if the DNS name is printing.mycompany.com, then the user
would access IPP from the following URL:
http://printing.mycompany.com:631/ipp
If users need to print through a secure port using SSL, they should use port
443. This requires users to authenticate using their eDirectoryTM usernames
and passwords. Using the above example, this URL would be the following:
https://printing.mycompany.com:443/ipp
From a Netscape or Internet Explorer browser, users enter the URL provided.
A Web page displays a listing of available printers they can install and a link
to install the client software. Users should select Install iPrint client software
to install the client pieces required. If they try to install a printer before
installing the iPrint client software, they are prompted to install the client
software first.
If you associate a printer driver with a printer being installed, the driver is
automatically installed on the user’s workstation. If the driver already exists,
the driver is overwritten even if it is a newer driver.
After installing a printer, it is added to the user’s Printer folder. Users can print
to the printer by selecting the printer from any application. For more
information on using Resource Management Systems in NDPS® to distribute
and update printer drivers, see Designating Printers to Be Automatically
Installed in the Novell Distributed Print Services Administration Guide.
Creating Location-based Printing

Location-based printing lets users select printers based on location by using a
list view or a map. Using a list view, printer locations can be displayed by
building, office location, eDirectory context, etc. You can configure the lists
in a way that best suits the users’ needs.
For more information, see “Creating Printer Lists” on page 26.
Using the iPrint Map Designer, you can create maps of printer locations by
using drag-and-drop technology. Once the maps are created, they can be

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
posted on a Web server for users to access. As users view the maps, they find
a printer close to their location to install and then click a printer icon. The
client software (if not yet installed) and the printer are installed on their
workstation.
For more information, see “Using the iPrint Map Designer” on page 23.
Using ZENworks to Distribute iPrint

You can use ZENworks to distribute the Novell iPrint Client and printers to
users’ workstations. Following the ZENworks instructions, you take a
snapshot of a workstation before installing the client and another snapshot
after. ZENworks creates a list of files to install and makes the necessary
changes to the Windows Registry.
You could also use ZENworks to install an HTML file on the users’
workstations that would take them to your iPrint Web site. This would save
you from having to distribute a URL to your users. Many other
implementations are at your fingertips depending on your specific needs. For
more information on using ZENworks, see the ZENworks (http://
www.novell.com/documentation) documentation.
Auto-client Update
Periodically, users will need to update their Novell iPrint client. When a user
boots his machine, iPrint checks the default printer to ensure the user is using
the latest Novell iPrint Client. When needed, a newer client is installed. Using
a configuration file, you can control how this update takes place.
An IPRINT.INI file is located in SYS:\LOGIN\IPPDOCS on each server
where iPrint is installed is This file controls if the user should be prompted
before the updated client is installed or if the updated client should be installed
without user intervention. When the client is installed without user
intervention, the user will still see the installation program.
Using a text editor, edit the IPRINT.INI file to reflect the settings you want.
Information on the different settings is contained in the file.
IMPORTANT: The IPRINT.INI file should be synchronized across all servers
running where iPrint and a NDPS Manager are running.
Setting Up iPrint on Client Workstations 21

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Saving Passwords for Secure Printers

When users print to a secure printer, they are prompted for the eDirectory
username and password. Users can select to have their workstation remember
their password for printing. For Windows NT/2000 users, passwords are saved
on a per-user basis.
By default the Remember Password feature is enabled. To disable it, use a text
editor to edit the SYS:\LOGIN\IPPDOCS\IPRINT.INI file to reflect the
settings you want. Information on the settings is contained in the file.
IMPORTANT: The IPRINT.INI file should be synchronized across all servers
running where iPrint and a NDPS Manager are running.
Uninstalling the Novell iPrint Client

To remove the Novell iPrint Client, use Remove Programs option in the
Windows Control Panel or use the uninstall program that is available under the
Novell iPrint program group in the Start menu.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
4 Customizing iPrint
This chapter describes how to customize iPrint for your company by using the
iPrint Map Designer and modifying the HTML pages and iPrint Client
interface.
“Setting Up Location-based Printing” on page 23
“Customizing the HTML Interface” on page 27
“Printer Availability on Workstations” on page 27
“Printer Driver Default Install Options” on page 28
Setting Up Location-based Printing

Using the iPrint Map Designer tool, you can quickly create a map showing
printer locations. The tool lets you import floor plans that can be used to drag
and drop printers to actual locations. These maps are then published on a Web
server so users can install printers that are closest to their location.
Creating Location-based Maps
Prerequisites
Microsoft Internet Explorer 5.5 or later
Novell iPrint Client installed on the workstation
Using the iPrint Map Designer
Use the iPrint Map Designer to create location-based maps using background
images of your buildings. Once the map is created, you must use the iPrint
Map Designer to modify or update your maps. Changes to a map file that are
Customizing iPrint 23

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
made outside of the iPrint Map Designer are not supported. If you need to add
links to a map, you should create a frameset file and then display the map file
in one frame and display your links in a different frame.
Creating a Map
1 Copy all of your background images (maps) to
SYS:LOGIN\IPPDOCS\IMAGES\MAPS on the server.
File types that can be used for background images are .JPEG, .GIF, and
.BMP.
Using a mapped drive, open
SYS:LOGIN\IPPDOCS\MAPTOOL.HTM in Microsoft Internet
Explorer.
Open http://server_address:port/login/ippdocs/maptool.htm where
server_address is the server’s IP address or DNS name of the server
where the printer agent is running.
3 Click Background and select an image from
SYS:LOGIN\IPPDOCS\IMAGES\MAPS.
4 To add a printer to the map, select the Printer icon and the printer size.
5 Drag and drop the printer onto the map in the design area.
6 Next to the Printer List field, click the Browse icon and enter the IP
address or DNS name of the server where the print services manager is
running.
7 From the Printer list, select the printer agent you want associated with this
printer icon.
If the printer is not listed, then you have not enabled IPP for the printer.
See “Configuring iPrint Printers” on page 16 for more information.
The Printer URL and Mouse Over Text is automatically filled in with the
printer agent information.
Printer URL: The URL created for the printer when IPP is enabled for
the printer. You should not need to change the URL.
Mouse Over Text: By default, displays the printer agent’s name. You can
override this information by entering the text you want to display when a
user moves the mouse over the Printer icon.

103-000136-001
August 31, 2001
Novell Confidential
8 (Optional) In the Printer Caption field, enter the information to display,

using Enter to parse the information onto multiple lines.
9 Repeat Step 4 through Step 8 and to add additional printers to your map.
10 To edit a printer’s information, click the desired printer’s icon and then
edit the printer information fields.
To deselect a Printer icon while in the map, click anywhere in the design
area.
11 Click Save, and save the Map to SYS:LOGIN\IPPDOCS.
WARNING: If you click Refresh or exit Internet Explorer without saving the map,
all changes since the last time the map was saved will be lost.
To retrieve and modify an existing map file, click Open and browse to the
directory where the map is located.
Adding Printers from Different Print Service Managers
You can add printers from different print services managers to the same map.
Add the printers from the first print services manager. Then click the Browse
icon and select a different manager.
If you need to add or modify printers from a previously used print services
manager, click a Printer icon from that manager and the Printer List will be
populated with printers from that manager.
Hosting the Maps on a Web Server
After creating your maps, you need to post them on a Web server. Copy the
contents of the \IPPDOCS directory and its subdirectories to the Web server
in order for your maps and iPrint to work properly. You can link to your maps
from your company’s internal Web page or send the URL out to your users.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Using the Keyboard with iPrint Map Designer
You can use the keyboard to create maps using iPrint Map Designer. The table
below lists the tasks to complete and the corresponding keystrokes required.
Table 1 Using the Keyboard
Task Press
Move between fields Tab
Insert printer icon Insert key
Before you can insert a priner, your focus

must be the design area.
Move printer icon within the design area Arrow keys
Select a field Enter
Creating Printer Lists

Printer lists allow users to select printers using categories that are meaningful
to them. For example, you could create a list of printers by building location,
department names, eDirectory Context, etc.iPrint provides a defalut list of
printers organized by print services manager. To create a custom list you will
have to use an HTML editor and create links to the printer’s IPP URL. This
URL is displayed when you enable IPP for a printer.
To view a printer’s URL, do the following:
2 Browse to and select the printer you want.
The printer’s URL is displayed under Accepted IPP URL.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Customizing the HTML Interface

You can edit any of the HTML files provided or you can create your own to
customize iPrint for your environment. The HTML files are installed in the
SYS:LOGIN\IPPDOCS directory. For information on the HTML interface,
see Appendix A, “Configuring the HTML Interface,” on page 33.
Some examples of ways to present printers to users are located in the
SYS:LOGIN\IPPDOCS\EXAMPLES directory:
Example 1 shows a fully graphical interface for locating and installing
printers using standard HTML. This type of approach can also be created
using the iPrint Map Designer. For more information, see “Using the
iPrint Map Designer” on page 23. Using your Web browser, view this
example from
SYS:\LOGIN\IPPDOCS\EXAMPLES\EXAMPLE1\INNERWEB.HTM
Example 2 shows a lower maintenance approach for locating and
installing printers using standard HTML. Using your Web browser, view
this example from
SYS:\LOGIN\IPPDOCS\EXAMPLES\EXAMPLE2\INNERWEB.HTM
Printer Availability on Workstations

You might want printers to remove themselves automatically from a
workstation. For example, you have a printer in your lobby for customers to
use. When the customer leaves, you want the printer to be removed from the
customer’s laptop. Setting the persistence of the printer allows you to
automatically remove the printer when the customer reboots his laptop.
Complete the following to set the persistence of a printer:
1 Using a text editor, open SYS:\LOGIN\IPPDOCS\INST.HTM.
2 Edit the file by searching for "persistence=".
The setting occurs twice: once for Internet Explorer and once for
Netscape browsers.
3 Replace the printer setting value, located after the comma (,) with reboot.
4 Save the file.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Printer Driver Default Install Options

You can change the default options for the printer driver when it is installed
on the workstation. For example, you might want the printer driver default for
paper size to be 8-1/2 x 11. This means every time the printer and
corresponding driver is installed on a workstation, the paper size is set at 8-1/
2 x 11. If this printer is being deployed in a company like a law office, you
might want the printer driver to default to 8-1/2 x 14 so users will not have to
change this setting when they print.
Complete the following steps to change the printer driver default settings:
1 Using a text editor, open SYS:\LOGIN\IPPDOCS\INST.HTM.
2 Edit the file by searching for PARAM NAME= .
The setting occurs twice: once for Internet Explorer and once for
Netscape browsers.
3 Replace the value= setting located after the colon(:) with the value you
want.
Table 2 Driver Default Setting Options
Printer Setting Acceptable Parameter Values
Orientation landscape, portrait
Paper size letter, lettersmall, tabloid, ledger, legal,

statement, executive, A3, A4, A4small, A5,
B4, B5, folio, quatro, 10x14, 11x17, note,
env_10, env_12, env_14, csheet, dsheet,
esheet, env_dl, env_c5, env_c4, env_c3,
env_c65, env_b5, env_b6, env_italy,
env_monarch, env_personal, fanfold_us,
fanfold_std_german, fanfold_lgl_german,
iso_b4, japanese_postcard, 9x11, 10x11,
15x11, env_invite, letter_extra, legal_extra,
tabloid_extra, A4_extra,
letter_extra_transverse, a_plus, b_plus,
letter_plus, A4_plus, A5_transverse,
B5_transverse, A3_extra, A5_extra,
B5_extra, A2, A3_transverse,
A3_extra_transverse
Copies Enter the number of copies you want

printed.

103-000136-001
August 31, 2001
Novell Confidential
Printer Setting Acceptable Parameter Values
Color yes=color
no or false=monochrome
Duplex simplex, horizontal, vertical
Collate yes or true=collate
no=do not collate
4 Save the file.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
5 Setting Up a Secure Printing

Environment
Setting up a secure printing environment can be done on three different levels.

Access Control lets you assign users to a User, Operator or Manager role
to control printers, print services managers, and brokers. For more
information, see Managing Printing Security in the Novell Distributed
Print Services Administration Guide.
Printer Security For more information, see Setting Printer Security
Levels in the Novell Distributed Print Services Administration Guide.
Using SSL with iPrint requires users to authenticate before installing
and printing to a printer. For more informaiton, see “Secure Printing
Using SSL” on page 31.
Secure Printing Using SSL

Secure printing takes advantage of SSL, which requires users to authenticate
using their eDirectory™ usernames and passwords. Users authenticate once
per eDirectory tree per session. The print data is encrypted, and all print
communication uses port 443. Without secure printing, the printer is available
to anyone inside the firewall on the network and the print data is not
encrypted. Secure printing works in conjunction with the security level set for
the printer.
The following table shows how access is determined, depending on the level
of printer security and if secure printing is enabled or disabled.
Setting Up a Secure Printing Environment 31

103-000136-001
August 31, 2001
Novell Confidential
Table 3 Effects of Printer Security with Secure Printing Enabled
Printer Security Level Secure Printing Disabled (No SSL) Secure Printing Enabled (With SSL)
Low Full access eDirectory authentication
Medium Check of user’s effective rights eDirectory authentication and

check of user's effective rights
High Users must use SSL and eDirectory authentication, check

authenticate to eDirectory user’s effective rights, and
connection verification
Users will receive an error if they
do not use SSL
For more information on Printer Security Levels, see Setting Printer Security
Levels in the Novell Distributed Print Services Administration Guide.

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
A Configuring the HTML Interface
This appendix discusses the HTML parameters and operations used in the
iPrint interface. This information is provided to give developers insight into
how to customize their HTML files.
Using this information, HTML developers can edit iPrint Web pages to
customize them for their companies.
The iPrint HTML files are located in the SYS:\LOGIN\IPPDOCS directory.
iPrint Client HTML Interface Description

The list of operations and identifiers is the same for each browser. The printer
name and the operation to be performed are required parameters for all
operations except “op-client-interface version” on page 41 and “op-client-
version-info” on page 41. All other parameters are operation-specific or
optional. Operation-specific parameters that are used out of context are
ignored.
If the desired output from the plug-in is HTML, a frameset needs to be used.
This is to prevent some browsers from failing when they try to write to the
document that invoked the plug-in. The name of the frame to receive the
HTML page generated by the plug-in can be passed in using the target frame
option. This target frame needs to be a named frame in the same frameset as
the frame invoking the plug-in.
Configuring the HTML Interface 33

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Internet Explorer Browser Customization

“HTML Script Example” on page 34
“HTML Code Example” on page 35
HTML Script Example
The ExecuteRequest() operation simplifies HTML coding when working with

Internet Explorer. It lets you pass/get information from the iPrint without
having to reload a Web page.
A result type called object is implemented and should be used only in
conjunction with ExecuteRequest(). You can use ExecuteRequest and have it
return results via HTML, URL, message box, or cookie. All data can be passed
via the ExecuteRequest() second parameter. The first parameter is the
operation. Both of the parameters are strings.
Syntax:
variable=variable.ExecuteRequest("operation_string",additional_operation
strings);
<object ID=iPrintAccess classid=clsid:36723f97-7aa0-11d4-
8919-ff2d71d0d32c>
</object>
<script Language="javascript1.1">
var pStatus;
var params;
params = "printer-url=" + printerNameHere + "&result-

type=object"
pStatus=iPrintAccess.ExecuteRequest("op-printer-get-status",
params);
alert(pStatus);
</script>

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
HTML Code Example
The following defines the interface between HTML pages and the browser
plug-in. The HTML element <OBJECT> is used to invoke the Internet
Explorer plug-in (IENIPP.OCX).
<OBJECT ID=TESTID
CLASSID="clsid:36723f97-7aa0-11d4-8919-FF2D71D0D32C"
CODEBASE=v:\src\work\bart\ipp\ieNIpp\final\novipp.ocx>
<PARAM NAME=operation VALUE=op-printer-get-status>
<PARAM NAME=printer-url VALUE=http://100.100.100.100/ipp/

lpr>
<PARAM NAME=result-type VALUE=html>
<PARAM NAME=target-frame VALUE=displayFrameName>
</OBJECT>
Netscape Browser Customization

The following defines the interface between HTML pages and the browser
plug-in. The HTML element <EMBED> is used to invoke the Netscape plug-
in (NPNIPP.DLL).
<EMBED TYPE=application/x-Novell-ipp
width=100
height=30
operation=op-printer-get-status
printer-url=http://1100.100.100.100/ipp/lpr
result-type=html
target-frame=displayFrameName
>

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
HTML Parameters
The following parameters can be used to enhance the iPrint HTML pages. The
parameters are used in the HTML files as PARAM NAME=parameter
VALUE=identifier statements.
call-back-url (page 36)
debug (page 36)
driver-options (page 37)
error-type (page 37)
file-path-name (page 37)
job-list (page 38)
job-list-options (page 38)
persistence (page 38)
printer-url (page 39)
result-type (page 39)
target-frame (page 39)
call-back-url
Used to target the results from the onchange JavaScript function associated
with selecting jobs from the job list. The JavaScript function causes the
browser to reload the indicated control frame passing the list of selected jobs
as a parameter.
Example:
PARAM NAME=call-back-url VALUE=CONTROL.HTM
debug
If debug is set to True, message boxes with debug and profiling information
are displayed.
Example: PARAM NAME=debug VALUE=true

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
driver-options
As a printer is being installed, the plugi-n can optionally set some default
driver options. For a list of driver options, see Table 2, “Driver Default Setting
Options,” on page 28
Example:
PARAM NAME=driver-options
VALUE=papersize:A4;duplex:vertical;color:false
error-type
Used to tell the plug-in how to report errors associated with the requested
operation. The plug-in has the ability to return the errors in.
Option Description
none No response.
msgBox Display results in a message box.
html Display results as an HTML page generated by the plug-in.
cookie Put the error information in a cookie.
url Pass the results as a url parameter.
The plug-in defaults to the same reply mechanism that is specified in results-
type if error-type is not specified.
Example:
PARAM NAME=error-type VALUE=html
file-path-name
Specifies a printer ready file that can be passed to the plug-in for printing. This
mechanism bypasses the print provider and the print driver. The printer does
not need to be installed on the workstation to use this operation.
Example:
PARAM NAME= file-path-name VALUE=directory path\filename

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
job-list
The plug-in can perform several operations on jobs. job-list is a comma-
delimited string of job IDs to indicate which jobs to operate on. A job list with
the job ID of -1 is equivalent to selecting all jobs
Example:
PARAM NAME=job-list VALUE=3,5,7
job-list-options
When the plug-in creates the HTML for job-list, it can add buttons to allow
the user to hold, resume, delete, or display information for selected jobs. This
parameter is used to specify which buttons to display and support.
The following are the possible buttons:
op-job-hold (page 42)
op-job-hold-release (page 42)
op-job-cancel (page 41)
op-job-get-info (page 42)
Example:
PARAM NAME=job-list-options VALUE= op-job-hold,op-job-hold-
release,op-job-cancel, op-job-get-info
persistence
Printer installation can be temporary or permanent. If not specified,
persistence defaults to persistent. Persistence is used to indicate the duration
the printer is to be installed for. The choices include the following:
Option Description
persistent Printer will not be removed.
volatile-reboot Printer will be removed as the workstation reboots.
volatile-date-time Printer will be removed at the indicated time (year,

month, day, hour, minute).

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Examples:
PARAM NAME=persistence VALUE=volatile-reboot
PARAM NAME=persistence VALUE=volatile-date-time:2001,3,22,8,30
printer-url
Indicates which printer the operation should be directed to.
Example:
PARAM NAME= printer-url VALUE=ipp://DNS name/ipp/printername
result-type
Used to tell the plug-in how to report the results of the requested operation.
The plug-in has the ability to return the results in one of the following ways:
Option Description
none No response.
msgBox Displays results in a message box.
html Displays results as an HTML page generated by the

plug-in.
cookie Puts the results in a cookie.
url Passes the results as a url parameter.
The plug-in defaults to none if results-type is not specified.

Example:
PARAM NAME=result-type VALUE=html
target-frame
Used to specify the name of the frame in which to put the results and/or error
information into. If the operation results type is url, the target frame will be the
one reloaded with the indicated URL.
Example:
PARAM NAME=target-frame VALUE=FrameName

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Supported Operations Strings

All requests to the plug-in have two required parameters. The first is
operation, and the second is results-type. All operations except op-client-
interface-version and op-client-version-info require the parameter printer-url.
All requests support the optional parameter error-type.
With the exception of op-printer-send-test-page and op-printer-remove the
printer does not need to be installed to use the following operations:
op-client-interface version (page 41)
op-client-is-printer-installed (page 41)
op-client-version-info (page 41)
op-job-cancel (page 41)
op-job-get-info (page 42)
op-job-hold (page 42)
op-job-hold-release (page 42)
op-printer-get-info (page 43)
op-printer-get-status (page 43)
op-printer-install (page 43)
op-printer-list-all-jobs (page 44)
op-printer-pause (page 44)
op-printer-purge-jobs (page 44)
op-printer-remove (page 44)
op-printer-resume (page 45)
op-printer-send-file (page 45)
op-printer-send-test-page (page 45)

103-000136-001
August 31, 2001
Novell Confidential
op-client-interface version
Description: Determines a version associated with the plug-in’s HTML

interface. Can also determine if a client upgrade needs to be
invoked or for any other client plug-in/HTML file compatibility
issues.
Required None
information:
Supported URL, Cookie
return types:
op-client-is-printer-installed
Description: Determines if the indicated printer is installed on the

workstation.
Required Printer URL
information:
Supported URL, Cookie
return types:
op-client-version-info
Description: Determines the version of the Novell iPrint Client files running
on the workstation.
Required None
information:
Supported Cookie, URL, Object
return types:
op-job-cancel
Description: Deletes the indicated jobs.

Required Printer URL, job-list
information
Supported None, Message box, HTML, URL, Cookie
return types:

103-000136-001
August 31, 2001
Novell Confidential
op-job-get-info
Description: Gets job information for indicated jobs. The information

returned depends on the printer's capabilities. This information
can include job name, ID, owner, size, bytes processed, hold
until, priority, time created, time started printing, and time
finished printing.
information:
Supported Message box, HTML, URL, Cookie
return types:
op-job-hold
Description: Put sa hold on the indicated jobs. A job that is printing might not
be held.
information:
return types:
Supported parameter is indefinite.
op-job-hold-release
Description: Removes the hold on the indicated jobs.

information:
return types:

103-000136-001
August 31, 2001
Novell Confidential
op-printer-get-info
Description: Gets additional information about the printer. The information

returned depends on the printer's capabilities. This information
can include printer location, printer make and model, and
supported document formats (PDLs).
information:
return types:
op-printer-get-status
Description: Gets status information from the indicated printer. The

information returned depends on the printer’s capabilities.
Status can include printer state, printer state reasons, printer
state message, printer accepting jobs, and printer job count.
information:
return types:
op-printer-install
Description: Installs the indicated printer to this workstation.

information:
Optional driver-options, persistence
information:
return types:

103-000136-001
August 31, 2001
Novell Confidential
op-printer-list-all-jobs
Description: Lists jobs for this printer.

information:
return types:
op-printer-pause
Description: Pauses the printer. If results are requested for this operation,
the op-printer-get-status operation is executed to provide the
new printer status.
information:
return types:
op-printer-purge-jobs
Description: Deletes all jobs for this printer.

information:
return types:
op-printer-remove
Description: Deletes the indicated printer from this workstation.

information:
return types:

103-000136-001
August 31, 2001
Novell Confidential
op-printer-resume
Description: Resumes the printer. If results are requested for this operation,
the op-printer-get-status operation is executed to provide the
new printer status.
information:
return types:
op-printer-send-file
Description: Sends a printer-ready file to this printer.

Required Printer URL, file-path-name
information:
return types:
op-printer-send-test-page
Description: Sends a test page to this printer.

information:
return types:

103-000136-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000136-001
August 31, 2001
Novell Confidential
Novell Distributed Print Services Administration Guide
Novell
NetWare 6 ®
www.novell.com
N O V E L L D I S T R I B U T E D P R I N T S E RV I C E S
August 31, 2001

Novell Confidential
Contents
Welcome to Novell Distributed Print Services 11

1 Understanding Novell Distributed Print Services 13

Overview of NDPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Bi-directional Feedback and Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Configurable Event Notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Tight Integration with eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Automatic Printer Driver Download and End User Convenience . . . . . . . . . . . . . . . . 16
Printer and Job Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Job Scheduling Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Protocol Independence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Compatibility with Multiple Clients, Applications, and Operating Systems . . . . . . . . . . . 17
Support for Existing Printers (Full Backward Compatibility) . . . . . . . . . . . . . . . . . . 18
Comparing NDPS with Queue-Based Print Services . . . . . . . . . . . . . . . . . . . . . . . 19
Understanding NDPS Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Understanding the Architecture of NDPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Understanding Printer Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Understanding the NDPS Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Where to Place NDPS Managers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Understanding Printer Gateways. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Understanding the Broker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Understanding the Service Registry Service . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Understanding the Event Notification Service . . . . . . . . . . . . . . . . . . . . . . . . . 29
Understanding the Resource Management Service . . . . . . . . . . . . . . . . . . . . . . 31
Where to Place NDPS Brokers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2 Planning the Migration to Novell Distributed Print Services 35

Establishing a Planning Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Assessing Your Current Printing Environment . . . . . . . . . . . . . . . . . . . . . . . . . 36
Identifying Critical Planning Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Designing Your New System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Determining Your Implementation Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
General Transition Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Making the Transition Gradually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Maintaining Your Queues during the Transition . . . . . . . . . . . . . . . . . . . . . . . . 42
Understanding Your Implementation Options . . . . . . . . . . . . . . . . . . . . . . . . . 44
Contents 5

103-000137-001
August 31, 2001
Novell Confidential
Using Legacy Printers and NDPS Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Printing through Third-party Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Printing through the Novell Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Using Printers with Embedded NDPS Technology . . . . . . . . . . . . . . . . . . . . . . . . 47
Migration Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Migrating from Queue-Based Printing to NDPS . . . . . . . . . . . . . . . . . . . . . . . . 48
Migrating from IPX-Based NDPS to IP-based NDPS . . . . . . . . . . . . . . . . . . . . . . . 50
Migrating an IPX-Based Third-Party Gateway to IP . . . . . . . . . . . . . . . . . . . . . . 51
Migrating a Printer in RP Mode to IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Migrating a Printer in QServer Mode to IP . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Migrating from NFS to NDPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
NetWare-to-UNIX Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
UNIX-to-NetWare Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
3 Setting Up a New NDPS Printing System 57

Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Setting Up NDPS on Your Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Rights Required for Configuring NDPS Installation . . . . . . . . . . . . . . . . . . . . . . 60
Using iManage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Changing the Location of a Broker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Updating the AUTOEXEC.NCF File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Creating NDPS Brokers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Creating NDPS Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Creating NDPS Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring LPR Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Setting Up NDPS Printers to Service Legacy Queues . . . . . . . . . . . . . . . . . . . . . . 65
Configuring Queue-Based Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Using Bindery Reference Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Printing from Macintosh Workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Setting Up LPR Clients on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Preparing Client Workstations to Use NDPS . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Installing the Novell Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Enabling NDPS on a Previously Installed Client . . . . . . . . . . . . . . . . . . . . . . . . 70
Adding NDPS Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Removing CAPTURE Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
4 Managing Printers 71
Managing Print Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Viewing Print Job Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Deleting Print Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Changing the Order of Print Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Moving Print Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Modifying Print Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
6 Novell Distributed Print Services Administration Guide

103-000137-001
August 31, 2001
Novell Confidential
Installing Printers on Workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Designating Printers to Be Automatically Installed . . . . . . . . . . . . . . . . . . . . . . . 75
Designating a Default Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Using Remote Printer Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
How Remote Printer Management Works . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Accessing Remote Printer Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Setting Up Printer Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Creating Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Modifying Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Setting Configuration Locks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Optimizing Event Notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Notification Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Delivery Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Configuring Job-Owner Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Configuring Interested-Party Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Setting Print Job Spooling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Supporting Queue-Based Client Workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
5 Managing the Print Services Manager 87

Optimizing Fault Tolerance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Modifying the Database Backup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Restoring a Database from eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Moving the NDPS Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
NDPS Manager Startup Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
6 Managing the Broker 91

Adding or Updating Brokered Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Adding Banner Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Adding Banners to the Resource Management Service . . . . . . . . . . . . . . . . . . . . 93
What Printer Types Support What Kind of Banner . . . . . . . . . . . . . . . . . . . . . . . 93
Creating Banner Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Adding or Updating Printer Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Prerequisite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Enabling Event Notification Delivery Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Enabling and Disabling Brokered Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Reconfiguring an NDPS Broker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Broker Startup Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Contents 7

103-000137-001
August 31, 2001
Novell Confidential
7 Managing Printing Security 103

Setting Printer Security Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Setting Access Control for NDPS Printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Printer Access Control Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Assigning Printer Access Control Roles through NDPS Printer Objects. . . . . . . . . . . . 107
Assigning Printer Access Control Roles through User Objects . . . . . . . . . . . . . . . . 107
Planning Your Printer Connections and Locations for Better Security. . . . . . . . . . . . . 108
Setting Access Control for NDPS Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
NDPS Manager Access Control Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Assigning the Manager Role for NDPS Managers. . . . . . . . . . . . . . . . . . . . . . . 109
Setting Access Control for NDPS Brokers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Broker Access Control Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Assigning Managers for NDPS Brokers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
8 Troubleshooting Your Print System 111

Initial Troubleshooting Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
A1. Attempt to resolve the error and try again . . . . . . . . . . . . . . . . . . . . . . . . . 113
A2. Try some quick fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
A3. Determining your printing environment . . . . . . . . . . . . . . . . . . . . . . . . . . 114
A4. All queue-based environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
A5. All NDPS environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
A6. Mixed NDPS and queue-based environment . . . . . . . . . . . . . . . . . . . . . . . 115
Narrowing Your Focus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
B1. Send job to same printer from other workstations . . . . . . . . . . . . . . . . . . . . . 117
B2. Has workstation printed to this printer before? . . . . . . . . . . . . . . . . . . . . . . 117
B3. Gather information on setup and configuration . . . . . . . . . . . . . . . . . . . . . . 117
B4. Has printing ever worked with the current configuration? . . . . . . . . . . . . . . . . . 117
Determining Your Platform When Problem Affects Only One Workstation . . . . . . . . . . . . 118
C1. Are queues being serviced by an NDPS printer? . . . . . . . . . . . . . . . . . . . . . 119
C2. All queue-based printing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
C3. Queue-NDPS integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
C4. Look in iManage for NDPS Printer objects . . . . . . . . . . . . . . . . . . . . . . . . 119
Isolating Printing Problems Affecting Only One Windows Workstation . . . . . . . . . . . . . . 120
D1. Check status of printer in Windows Control Panel . . . . . . . . . . . . . . . . . . . . 121
D2. Check to see what network object the installed printer is servicing . . . . . . . . . . . . 121
D3. Check status of printer in NDPS Manager. . . . . . . . . . . . . . . . . . . . . . . . . 121
D4. Determine problem from error message. . . . . . . . . . . . . . . . . . . . . . . . . . 121
D5. NetWare queue object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
D6. Are queues going to an NDPS printer? . . . . . . . . . . . . . . . . . . . . . . . . . . 122
D7. Queue-NDPS integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
D8. All queue-based printing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
D9. Printer is set for working offline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
D10. Other possibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

103-000137-001
August 31, 2001
Novell Confidential
Tracking Jobs from a Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

E1. Pause output of NDPS printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
E2. Check job list in iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
E3. Resume printer output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
E4. Job printed this time but nothing was changed. . . . . . . . . . . . . . . . . . . . . . 125
E5. Job did not print and is still in the job list . . . . . . . . . . . . . . . . . . . . . . . . . 125
E6. Job did not print but is no longer in the job list . . . . . . . . . . . . . . . . . . . . . . 125
Checking Printer Output and Using Test Files . . . . . . . . . . . . . . . . . . . . . . . . . . 126
F1. Check availability of network printer . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
F2. Check for error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
F3. Test file prints but jobs from application do not. . . . . . . . . . . . . . . . . . . . . . 127
F4. Job is being held in spooler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
F5. Job did not print but is no longer in the job list . . . . . . . . . . . . . . . . . . . . . . 127
Printing Problems Affecting All Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
G1. Determine severity and scope of printing problems . . . . . . . . . . . . . . . . . . . 130
G2. No print jobs are printing from any networked printer . . . . . . . . . . . . . . . . . . 130
G3. No print jobs are coming from a specific printer . . . . . . . . . . . . . . . . . . . . . 130
G4. Jobs are printing slowly or are corrupted . . . . . . . . . . . . . . . . . . . . . . . . 130
G5. Check status of NDPS Printer in iManage . . . . . . . . . . . . . . . . . . . . . . . . 131
G6. A problem is identified in an error message . . . . . . . . . . . . . . . . . . . . . . . 131
G7. Jobs are getting to the job list but the printer is unable to print them . . . . . . . . . . 131
Problems Integrating with Queue-Based Components . . . . . . . . . . . . . . . . . . . . . 132
H1. Check the printer's spooling configuration . . . . . . . . . . . . . . . . . . . . . . . . 133
H2. Reconfigure spooling for this printer . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
H3. Check the job list for the queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
H4. Make sure the job is being redirected to the queue properly. . . . . . . . . . . . . . . 133
9 Selecting the Correct Gateway to Use 135

Using Third-party Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
A Configuring Remote Printers 137

Configuring Remote Printers Using NPRINTER . . . . . . . . . . . . . . . . . . . . . . . . . 137
Configuring Remote Printers Running in RP Mode . . . . . . . . . . . . . . . . . . . . . . . 139
Configuring Remote Printers Running in LPR Mode . . . . . . . . . . . . . . . . . . . . . . . 140
Contents 9

103-000137-001
August 31, 2001
Novell Confidential

103-000137-001
August 31, 2001
Novell Confidential
Welcome to Novell Distributed Print Services
Novell® Distributed Print ServicesTM (NDPS®) offers improvements over

Novell's legacy queue-based print service architecture. NDPS was designed to
handle the increased complexity of managing modern printers in a network
environment and to exploit the new functionality offered by these printers.
The power and versatility of NDPS will help you get the most out of your
printing resources, whether you're in a small workgroup or an enterprise-wide
system.
NDPS works in conjuction with iPrint to allow true location-based printing.
With iPrint, users use their Web browser to locate and install printers and their
print drivers on their workstations. NDPS provides the infrastructure to move
the print jobs between the workstations and the printers.
NDPS is fully compatible with your existing queue-based printing resources,
which means that you can make the transition from your legacy printing setup
gradually.
For more information about migrating your queue-based system to NDPS, see
the Chapter 2, “Planning the Migration to Novell Distributed Print Services,”
on page 35.
The following information will assist you in understanding and setting up
NDPS:
Chapter 1, “Understanding Novell Distributed Print Services,” on page
13
Chapter 2, “Planning the Migration to Novell Distributed Print Services,”
on page 35
Chapter 3, “Setting Up a New NDPS Printing System,” on page 57
Chapter 4, “Managing Printers,” on page 71
Welcome to Novell Distributed Print Services 11

103-000137-001
August 31, 2001
Novell Confidential
Chapter 5, “Managing the Print Services Manager,” on page 87

Chapter 6, “Managing the Broker,” on page 91
Chapter 8, “Troubleshooting Your Print System,” on page 111

103-000137-001
August 31, 2001
Novell Confidential
1 Understanding Novell Distributed

Print Services
Novell® Distributed Print ServicesTM (NDPS®) is the default and preferred

print system in NetWare®. It is designed to handle the increased complexity
of managing printing devices in any type of network environment, ranging in
size from small workgroups to enterprise-wide systems. NDPS allows you to
use iManage, Novell’s Web-based management tool. You can also designate
those printers for automatic installation on user workstations, without any
action by your users.
NDPS replaces the existing queue-based printing technology. You don't have
to set up print queues, printer objects, or print servers, and link them together.
Instead, all of your management tasks are focused on the printer itself, which
can be configured as an eDirectoryTM object.
To better understand how NDPS works, read the following sections:
“Overview of NDPS” on page 13
“Comparing NDPS with Queue-Based Print Services” on page 19
“Understanding NDPS Printers” on page 20
“Understanding the Architecture of NDPS” on page 21
Overview of NDPS
NDPS is the default and preferred print system in NetWare. Novell's legacy,
queue-based print system is also fully supported, which allows your users to
continue printing as they always have until you complete the transition to
NDPS. NDPS provides full support for IP-based as well as IPXTM-based
printing, giving you a wide variety of system configuration options to fit your
organization's specific needs.
Understanding Novell Distributed Print Services 13

103-000137-001
August 31, 2001
Novell Confidential
Some of the most significant features of NDPS include the following:

“Bi-directional Feedback and Control” on page 14
“Configurable Event Notification” on page 15
“Tight Integration with eDirectory” on page 16
“Automatic Printer Driver Download and End User Convenience” on
page 16
“Printer and Job Configuration Options” on page 17
“Job Scheduling Options” on page 17
“Protocol Independence” on page 17
“Compatibility with Multiple Clients, Applications, and Operating
Systems” on page 17
“Support for Existing Printers (Full Backward Compatibility)” on page
18
Bi-directional Feedback and Control

Novell Distributed Print Services lets clients and printers exchange
information about printers and print jobs. For example, this interchange
allows users and administrators to get real-time information about a printer
such as
Its status
For example, it reports such information as whether the printer needs
toner or paper, whether it is online, and whether the lid is open.
Its configuration properties and features
For example, does it support color? Duplexing? How many pages has it
printed since it was last serviced?
NDPS also lets you view information about a print job's properties and status,
including
The number of copies being printed
Job hold and scheduling information
Notification when the job has actually been completed

103-000137-001
August 31, 2001
Novell Confidential
is the printer available? printer is available

what is the status of the printer? toner is low
what features are available? duplex, tabloid-size, color, . . .
how many copies are printing? five copies will be printed
what media is being used? upper tray, transparency
has the job actually printed out? job has been printed
The bi-directional feedback provided by NDPS is limited only by the bi-

directional capabilities of the printer itself. In many cases, NDPS actually
enhances information provided about printers that do not have bi-directional
capabilities.
Configurable Event Notification

With Novell Distributed Print Services, you can customize event notification.
Event notification allows you to specify who should be notified of an event or
problem, and how that person should be notified. It also allows you to identify
the specific events or problems that you want notification messages sent for.
For example, you can configure notification so that the owner of a print job
will receive a screen pop-up message when the job has actually been printed.
Print 5 copies of this job at the

color printer on the second floor at
3 p.m. and notify the department
admin when it is complete.
You can also ensure that the printer operator is notified when a problem such
as a paper jam occurs on the printer. Notification methods provided by NDPS
include pop-up screen messages, e-mail, and log file records, while third-
parties can develop other mechanisms such as beeper notification if they wish.

103-000137-001
August 31, 2001
Novell Confidential
Tight Integration with eDirectory

Novell Distributed Print Services is designed to take full advantage of Novell
eDirectory. Integration with eDirectory allows you to create a single
eDirectory object—an NDPS Printer object—to represent each printer on the
network. As a Printer object, printers become as secure as the other objects in
the tree, and they are just as easy to manage.
In the eDirectory tree, printers can be conveniently grouped. For example, you
can group and manage all of your printers by department, workgroup, or
location. You can also search for printers with specific capabilities, because
those capabilities are properties of the NDPS printer object.
Automatic Printer Driver Download and End User Convenience

Not only does NDPS make printer management easier for you as an
administrator, it also makes printing easier for end users. NDPS provides a
database that includes drivers for most printers in common use today. From
this database, you can select drivers you want to be automatically installed on
client workstations when a user adds a printer. This eliminates the need for
users to provide the printer driver themselves. You can add drivers to this
database as they become available.
Printer driver database
Add
drivers
Server Workstation
Auto-download
drivers
An NDPS client can also modify printer configurations. For example, a user
can configure a printer to use a different size paper or to print a cover page.
Users can change the properties of any installed printer that the administrator
has not locked. Also, using NDPS, users can view the current status of any
available printer to see how many print jobs are waiting to be printed before
they send their jobs. These NDPS features help make end-user printing easier
and more effective than the methods of the past.

103-000137-001
August 31, 2001
Novell Confidential
From this list, you can select drivers you want to be automatically downloaded
and installed on client workstations. You can add drivers to this database as
they become available.
Printer and Job Configuration Options

The NDPS interface supports many printer options in common use today,
while the open architecture of NDPS allows printer manufacturers to add their
own custom interfaces for specific printers. This means that as new printer
features become available, you can access them through NDPS.
Job Scheduling Options

NDPS allows you to configure and schedule print jobs to be processed
according to time of day, job size, or media availability.
Protocol Independence
The entire NDPS architecture is protocol independent. NDPS can be used in
an IPX-based environment, a pure TCP/IP environment, or a combination of
both. The third-party gateways being developed to work with NDPS are also
protocol independent.
Most printers that support TCP/IP today do not have a discovery protocol like
SAP for IPX-based networks. The Service Locator Protocol (SLP) will
eventually be embedded in printers and will provide a discovery protocol that
can be used with NDPS.
Compatibility with Multiple Clients, Applications, and Operating

Systems
NDPS provides an enhanced Windows* client to take advantage of all of the
advanced features provided by NDPS. All clients that are not NDPS-aware
can still print to NDPS printers, and you can use all of your existing
applications with NDPS. Although your queue-based print clients won't be
able to take full advantage of the advanced features available in NDPS, they
won't lose any of the printing ability they have now. This backward-
compatibility feature of NDPS makes it well-suited for heterogeneous
networks.

103-000137-001
August 31, 2001
Novell Confidential
Non-enhanced clients
NDPS
OS/2 DOS printer
NON-NDPS
PRINT JOBS
Queue
Mac Unix
Enhanced clients
NDPS-aware
Windows NT/2000 Windows 95/98/ME printer
Server
ADVANCED NDPS FEATURES
Support for Existing Printers (Full Backward Compatibility)

NDPS lets you preserve your investment in your existing printing resources.
All clients can print to legacy printers. All currently available printers can be
used in NDPS environments. In fact, major printer manufacturers have
developed gateways for their existing printers to enable them to take
advantage of many new features available with NDPS.

103-000137-001
August 31, 2001
Novell Confidential
Comparing NDPS with Queue-Based Print Services

The architecture of Novell legacy queue-based print services was based on the
creation and linking of three components: printers, print queues, and print
servers. Setting up queue-based printing was often a complex task. In order to
print, users first had to capture the printer port. Then the client would redirect
the data to a file in a print queue, where it was stored while waiting to be sent
to a printer by the print server.
With NDPS, printer, print queue, and print server functions are combined into
a single entity called a Printer Agent. The need to create print queues has been
eliminated, and users send print jobs directly to printers.
Even though NDPS does not require queues, your networks might continue to
include queue-based printers and clients not currently supported by NDPS.
The backward compatibility of NDPS allows you to continue using these
queue-based services and resources transparently, as is illustrated in the
following scenarios:
You can print through NDPS to an existing queue, allowing you to access
systems that require a queue connection (for example, mainframe systems
using NetWare HostPrint® and certain proprietary systems).
NDPS can service existing queues, allowing you to use NDPS on the
server even though your client platform is not currently running NDPS.
This allows you to install and run NDPS while you are changing your
client workstations to NDPS.
For a discussion of NDPS support for legacy printing, see “Supporting Queue-
Based Client Workstations” on page 86.
The following table summarizes the major differences between NDPS and
queue-based printing services.
Queue-Based (Legacy) Print Services Novell Distributed Print Services
Administrators create and link print queues, Administrators create Printer Agents, allowing
printers, and print servers, and users submit print users to submit print jobs directly to printers. All
jobs to the queues. These three objects must be management functions are centered on the printer
maintained separately once the system is in place. itself.
Uni-directional communications only. Feedback Bi-directional communications supported.

consists of pop-up windows reporting a Configurable event notification includes e-mail,
nonconfigurable set of events. pop-up windows, event logs and other methods,
including third-party methods such as beepers and
faxes. Events reported are limited only by a printer's
capability.

103-000137-001
August 31, 2001
Novell Confidential
Queue-Based (Legacy) Print Services Novell Distributed Print Services
Does not accommodate add-ons or extensions Extensible framework for print devices, including
from third parties. snap-in interfaces.
Administrators must create and configure Printer Plug-and-print option available for installing public
objects manually. Plug-and-print public access access printers using specially designed third-party
printing not available. gateways.
Understanding NDPS Printers

NDPS printers can be any of the following types:
Network-direct printers using a gateway provided by a third-party printer
manufacturer
Remote printers using RP, LPR, or queue-based protocols
Local printers attached directly to a file server
Any printer, regardless of its physical type or connection mode, can be
configured as either a public access printer or a controlled access printer.
The following table compares the two types of printers.
Issue Public Access Printers Controlled Access Printers
Integration with Not associated with an eDirectory Associated with an eDirectory Printer
eDirectory Printer object. object.
Availability Immediately available to everyone on Available only to network users who

the network. Can be made have rights assigned to them.
automatically available through third-
party gateways or embedded
solutions.
Administration Require minimal administrative Created and administered as an

action. eDirectory object.
Network security No network security. Full range of network security options

through eDirectory.
Event notification Provide only job event notification. Full range of event and status
notification options including e-mail, pop-
up windows, event logs and third-party
methods, such as beepers and faxes.

103-000137-001
August 31, 2001
Novell Confidential
Understanding the Architecture of NDPS

The architecture of Novell Distributed Print Services ensures the scalability of
the printing environment, allowing you to print in LAN, WAN, and enterprise
document production environments. It also allows you to print to devices
ranging from simple dot-matrix printers to laser printers and large-scale
production devices.
eDirectory Object & Broker

NDPS Manager eDirectory Object
BROKER.NLM
Services & NDPSM.NLM
SERVICE Printer Agent:
PA PA
REGISTRY server-based
EVENT 3rd- type
NOTIFICATION party NDPS
RESOURCE gateway gateway
MANAGEMENT PH.NLM &
Printer Agent: PA
PDS.NLM
embedded
type Third-party
gateway
NDPS-enabled Server
printer
To understand exactly how NDPS works, you need to understand its major
architectural components. See the following sections for information on the
various components:
“Understanding Printer Agents” on page 22
“Understanding the NDPS Manager” on page 24
“Understanding Printer Gateways” on page 25
“Understanding the Broker” on page 27

103-000137-001
August 31, 2001
Novell Confidential
Understanding Printer Agents

Before a printer can be incorporated into a NDPS printing environment, it
must be represented by a Printer Agent. No Printer Agent can represent more
than one printer, and no printer can be represented by more than one Printer
Agent.
The Printer Agent lies at the heart of NDPS, combining the functions
previously performed by a printer, print queue, print server, and spooler into
one intelligent and simplified entity.
The Printer Agent can be any of the following:
A software entity running on a server that represents a printer attached to
a server or workstation.
PA PA
Server Workstation
A software entity running on a server that represents a network-attached

printer.
PA
Network-
attached
Server printer
An entity embedded within a network-attached printer.
Network- PA
attached
printer

103-000137-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
A Printer Agent provides the following services:

It manages the processing of print jobs and many operations performed
by the printer itself.
Manages job processing
PA
job job
Client Printer
It answers queries from network clients about a print job or document, or

about the attributes of the printer.
Client Answers client

queries
query
PA
reply
It generates event notification so that interested parties can be notified of

job completion, printing problems, errors, or changes in the status of a
print job, document, or printer.
Notifies Users
PA
error error
Client Printer
For information about other major NDPS components, see the following:

103-000137-001
August 31, 2001
Novell Confidential
Broker
NDPS Manager
Services
SERVICE PA PA
REGISTRY
EVENT 3rd-
MANAGEMENT
Understanding the NDPS Manager

A NDPS Manager provides a platform for Printer Agents that reside on the
server. An NDPS Manager must be created as an object in the eDirectory tree
before you can create server-based Printer Agents.
The NDPS Manager object stores information used by the NetWare Loadable
ModuleTM (NLMTM), NDPSM.NLM. You can manually load this NLM at the
server console.
A single NDPS Manager can control multiple Printer Agents. (There is no
hard limit.)
A specific NDPS Manager can be loaded only on one server. If it controls a
local printer, it must be loaded on the server that the local printer is attached to.
While you can perform some configuration and management tasks directly
through the NDPS Manager console interface, iManage is the main tool for
performing these tasks.
Broker
NDPS Manager
Services
SERVICE PA PA
REGISTRY
EVENT 3rd-
MANAGEMENT

103-000137-001
August 31, 2001
Novell Confidential
Where to Place NDPS Managers

Use the following guidelines to determine where and when to place an NDPS
Manager.
Only one NDPS Manager can be loaded per server. Load this resource
only on servers configured to service print jobs. The only exception to this
rule is any server which has a printer connected directly to it. In that case,
the NDPS Manager must be loaded on that server as well.
Whenever possible, place the NDPS Manager and the printers it controls
on the same LAN segment for optimal performance.
Whenever possible, consider assigning your Printer Agents to more than
one NDPS Manager so that the print load will be spread over multiple
servers. This will facilitate load balancing and reduce the possibility of a
single point of failure which would disable all printing on your network.
Understanding Printer Gateways

Gateways allow NDPS clients to send jobs to printers that are not NDPS-
aware (that is, printers that are not equipped with embedded NDPS Printer
Agents). You select and configure a printer gateway when you create a new
Printer Agent.
Gateways translate NDPS queries or commands to printer-specific language
that the physical printer can use. This is possible because gateways are
configured to know the specific type (make and model) of printer being used.
The following diagram illustrates a typical gateway configuration.
Third-party gateway
Printer Gateway
Agent
GW
PA
NDPS NDPS Existing

client server printer
Third-party gateways are developed by printer manufacturers to support

printers directly attached to the network. Because these gateways are

103-000137-001
August 31, 2001
Novell Confidential
developed to interact with specific proprietary printers, they can provide a

wider array of information and offer options that are not available for the
generic Novell gateway. Some third-party gateways provide utilities that can
be configured to automatically create Printer Agents when one of their printers
is attached to the network.
For more information, see Chapter 9, “Selecting the Correct Gateway to Use,”
on page 135.
The Novell gateway (illustrated below) supports LPR/LPD and IPP printing,
local and remote printers, including those using NPRINTER or queue-based
technology as well as those configured with RP mode enabled in IPX
environments or LPR mode enabled in TCP/IP environments.
Printer Novell Gateway

Agent
PA PDS PH
NPRINTER
NDPS Local printer attached to
server attached to workstation or
server remote server
The Novell gateway is designed to be used with printers that don't have an
embedded Printer Agent and don't yet have a proprietary, third-party gateway
provided for them by their manufacturers.
RP printers are those that support Novell's legacy Remote Printer protocol. It
is supported by many network-attached printers. LPR is a UNIX*-based
printing protocol used by network-attached printers in TCP/IP environments
to service jobs submitted to print queues.

103-000137-001
August 31, 2001
Novell Confidential
Broker
NDPS Manager
Services
SERVICE PA PA
REGISTRY
EVENT 3rd-
MANAGEMENT
Understanding the Broker

The Broker provides three network support services not previously available
in NetWare: the Service Registry Service (SRS), Event Notification Service
(ENS), and Resource Management Service (RMS).
While these services are invisible to end users, network administrators should
be aware of them. NDPS uses these services in the following ways:
Service Registry Service. The Service Registry allows public access
printers to advertise themselves so that administrators and users can find
them. This service maintains information about device type, device name,
device address, and device-specific information such as the manufacturer
and model number. See “Understanding the Service Registry Service” on
page 28.
Event Notification Service. This service allows printers to send
customizable notifications to users and operators about printer events and
print job status. The Notification Service supports a variety of delivery
methods including NetWare pop-up, log file, e-mail, and programmatic.
See “Understanding the Event Notification Service” on page 29.
Resource Management Service. This service allows resources to be
installed in a central location and then downloaded to clients, printers, or
any other entity on the network that needs them. The Resource
Management Service supports adding, listing, and replacing resources
including printer drivers, printer definition (PDF) files, banners, and
fonts. See “Understanding the Resource Management Service” on page
31.

103-000137-001
August 31, 2001
Novell Confidential
Broker
NDPS Manager
Services
SERVICE PA PA
REGISTRY
EVENT 3rd-
MANAGEMENT
Understanding the Service Registry Service

The Service Registry allows public access printers to advertise themselves so
that administrators and users can find them. This service maintains
information about device type, device name, device address, and device-
specific information such as the printer manufacturer and model number.
Service Registry
Public Access Printer

type
Broker name
address
manufacturer
model number
etc.
Administrator User
Before Novell Distributed Print Services (NDPS), each printer had to

periodically advertise its availability through the Service Advertising Protocol
(SAP), which was effective but created a lot of traffic on the wire.
The Service Registry Service helps minimize the network traffic problem
created by many printers advertising through the SAP. (For information on
turning off the SAP, see the documentation for your printer.) When you attach
a public access printer to the network, it registers with the SRS. When an
application or user wants to use a printer, it can contact an SRS and retrieve a
list of all registered printers on the network.

103-000137-001
August 31, 2001
Novell Confidential
NOTE: For IPX, the SRS uses SAP type 8202; for IP environments, it uses
Multicast.
Through the SRS, plug-and-print public access printers, as well as those

created manually, are immediately made available to users.
If there are multiple Service Registries running on the network, they
synchronize automatically. This synchronization allows users to choose public
access printers anywhere on the network.
In addition to printer information, the SRS also maintains lists of other
services available, such as Event Notification Services and Resource
Management Services. For more information, see “Understanding the Event
Notification Service” on page 29, “Understanding the Resource Management
Service” on page 31, and “Enabling and Disabling Brokered Services” on
page 98.
Understanding the Event Notification Service

Novell Distributed Print Services (NDPS) printers can be configured to
provide event notification regarding print jobs and printer status.
Administrators can configure event notification for interested parties, that is,
non-job-owners that you wish to be notified of a defined printer or server
event that occurs during the processing and printing of a job. See “Configuring
Interested-Party Notification” on page 84 for more information.
Notification Service
printer events,
Broker print job status,
etc.
screen log e-mail 3rd-party

pop-up file notify
User Operator

103-000137-001
August 31, 2001
Novell Confidential
The Event Notification service supports both consumers of events (users) and
suppliers of events (printers). Users can register with the ENS by identifying
the types of events they want to be notified about, while the printer can register
the kinds of events it is capable of reporting. For example, the administrator
for a specific printer (by default a Manager of that printer) can designate an
Operator to be notified if the printer runs out of paper or if the toner is low.
Similarly, users can be notified when their jobs have finished printing.
Delivery Methods
The availability of the following delivery options is dependent on which of

them you have enabled. (See “Enabling Event Notification Delivery
Methods” on page 97 for more information.)
Pop-up notification. Messages will pop up on the screen for individuals
designated to receive them. (Pop-up notification is always enabled when
the ENS is enabled.)
SMTP notification. Messages will be sent to the recipient through SMTP
(Simple Mail Transfer Protocol) in IP-based systems.
Log file notification. Messages are written to a file at a designated
location on a NetWare server that the recipient has rights to.
Programmatic notification. Two programmatic notification delivery
methods are shipped with NDPS: SPXTM and RPC.
The open architecture of NDPS allows third parties to develop additional
delivery methods as well.
NDPS is enabled to work with SNMP. In addition, some third-party gateways
are SNMP-enabled independently of the NDPS software.
For more information about other brokered services, see the following:
“Understanding the Service Registry Service” on page 28
“Understanding the Resource Management Service” on page 31

103-000137-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Understanding the Resource Management Service

This service allows resources to be installed in a central location and then
downloaded to clients, printers, or any other entity on the network that needs
that resource. It provides a single place where a variety of file types are stored
for immediate access by Novell Distributed Print Services (NDPS). The
Resource Management Service (RMS) supports adding, listing, and replacing
resources including printer drivers, printer definition files (PDFs), banners,
and fonts.
Resource Management Service
Broker
Allows adding,
listing,
or replacing
of . . . drivers banners definition
files
Resources
The Resource Management Service allows you to add, list, and replace the
following resources:
Banners (see “Adding Banner Pages” on page 92)
Windows printer drivers (see “Adding or Updating Printer Drivers” on
page 96)
Benefits
Some of the benefits offered by the Resource Management Service include

Improved resource sharing
More manageable resource distribution and updating

103-000137-001
August 31, 2001
Novell Confidential
Automatic printer driver download from a central repository

Plug-and-print printer availability
Availability of network resources to applications through a common
interface
For more information about other brokered services, see the following:
“Understanding the Service Registry Service” on page 28
“Understanding the Event Notification Service” on page 29
Where to Place NDPS Brokers

Although the distribution of your Brokers is not really a critical issue initially,
you will probably want to give some thought to this issue as you do your
preliminary planning. You will not need to create a Broker on all of your
servers, but you will want your Brokers sufficiently well distributed so that
your brokered services (Service Registry Service, Event Notification Service,
and Resource Management Service) will be readily available on the system
when needed. When possible, you should run the Broker on the same server
as the NDPS Manager.
As you gain experience with your new system, you might want to add or delete
Brokers to optimize the efficiency of your system or to store your brokered
resources (maintained in the Resource Management database) where you want
them.
Given Novell's minimum design requirements, at least one Broker object
should be created at each physical WAN location. To clarify this statement,
let's take a quick look at the three services offered by the Broker object:
Service Registry Service (SRS), Event Notification Service (ENS), and
Resource Management Service (RMS). These services are transparent to end
users, administrators must be aware of them and understand how they affect
printing, LAN traffic, and the minimum implementation requirements needed.
Service Registry Service: The Service Registry Service allows public access
printers to advertise themselves so that end users can find them. This service
maintains information about device type, device name, device address, and
device-specific information such as the printer manufacturer and model
number. For more information, see “Understanding the Service Registry
Service” on page 28.
The following table summarizes the issues and recommendations regarding
SRS.

103-000137-001
August 31, 2001
Novell Confidential
Issue Recommendations
Reliability of server / fault On multi-server networks, enable

tolerance at least two SRS per
network.Network traffic (network
layout) Enable at least one SR
per site (WAN link).
Memory 1MB base for SR, an additional

10KB per resource added (such
as NDPS Manager)
Event Notification Service: NDPS printers can be configured to provide

event notification of print jobs and printer status. Administrators can
configure event notification for all interested parties. That is, non-job owners
as well can be notified of a defined printer or server event which occurs during
the processing and printing of a job. For more information, see
“Understanding the Event Notification Service” on page 29
Here are the issues and recommendations relating to ENS.
Number of trees Enable at least one ENS per tree.
Reliability of server / fault On multiserver networks, enable

tolerance at least two ENs per tree.
Performance Enable additional ENS as

needed.
Methods availability Make sure that the methods you

need are enabled for each ENS
you have installed. Novell
provides NetWare pop-up, log
file, e-mail, and programmatic
methods. Third parties can
develop other types of notification
methods as well.
Resource Management Service: This service allows resources to be installed

in a central location and then downloaded to clients, printers, or any other
entity on the network that needs that resource. It provides a single place where

103-000137-001
August 31, 2001
Novell Confidential
a variety of file types are stored for immediate access by NDPS. For more
information, see “Understanding the Resource Management Service” on page
31.
Number of trees Enable at least one RMS per tree.
Reliability of server / fault On multiserver networks, enable

tolerance at least two RMS per tree. Be
sure to keep the databases
synchronized after you have
created them
Disk Space Allow 50 MB for each RMS to

ensure adequate space for
resources added in the future.
Size may vary considerably
depending on the number of
languages, platforms, and drivers
your system supports.

103-000137-001
August 31, 2001
Novell Confidential
2 Planning the Migration to Novell

Distributed Print Services
There is no single ideal strategy for implementing the Novell® Distributed

Print ServicesTM (NDPS®) printing system or for upgrading your current
queue-based system to take advantage of the many printer management and
ease-of-use features provided by NDPS. However, the information provided
in this section will help you understand the planning issues you should
consider and the migration scenarios available to make a successful transition.
Once the transition to NDPS is complete, you can follow the steps in the iPrint
Administration Guide to set up and configure iPrint.
Because NDPS provides full support for IP-based as well as IPXTM-based
printing, it offers a wide variety of system configuration options to fit your
organization's specific needs. Novell's legacy, queue-based print system is
also fully supported, which allows your users to continue printing as they
always have until you complete the transition to NDPS.
If you have not already done so, read in the Chapter 1, “Understanding Novell
Distributed Print Services,” on page 13 before you proceed further to ensure
that you understand the terms and concepts discussed in this section.
Establishing a Planning Base

The key to a successful move to NDPS lies in understanding both what you
are starting with and what you want when you have completed your move. As
part of this understanding process, you should also anticipate the critical
issues and decisions you will need to deal with as you implement the
transition.
Planning the Migration to Novell Distributed Print Services 35

103-000137-001
August 31, 2001
Novell Confidential
Establishing your planning base consists of the following tasks:

“Assessing Your Current Printing Environment” on page 36
“Identifying Critical Planning Issues” on page 37
“Designing Your New System” on page 39
Assessing Your Current Printing Environment

Beginning with NetWare® 5, NDPS became the default and preferred print
system while still offering compatibility with Novell’s legacy, queue-based
print system. Because both printing systems are supported, your users can
continue printing as they always have until you complete the transition to
NDPS.
For information about the differences between queue-based print services and
NDPS, see Chapter 1, “Understanding Novell Distributed Print Services,” on
page 13.
Your first planning task should be to determine what kind of printing system
you currently have. You can then begin narrowing down your options for how
to proceed. In nearly all cases, your system will consist of one or more of the
following:
NetWare Legacy (Queue-Based) Printing System—If your current
printing solution is based on the NetWare legacy, queue-based system,
you will find information on upgrading to NDPS in “Migrating from
Queue-Based Printing to NDPS” on page 48.
NetWare 3.x Printing System—If you currently have a NetWare 3.1x
server bindery and file system and you are using a relatively small
number of printers, you should consider implementing your NDPS
system from scratch and then deleting all of your legacy printing objects.
However if your system is large and you do not want to create your NDPS
printing system from scratch, you can implement an NDPS printing
system on your network using the process described in “Migrating from
Queue-Based Printing to NDPS” on page 48.
NetWare for UNIX or NFS Printing SystemSeveral scenarios can be
used to incorporate NDPS into environments that use NFS* Print
Services:
“NetWare-to-UNIX Printing” on page 54
“UNIX-to-NetWare Printing” on page 55

103-000137-001
August 31, 2001
Novell Confidential
Migrating any of these configurations to NDPS will result in simpler and

more reliable printing, in addition to the benefits inherent in using NDPS.
Non-NetWare SystemIf you are implementing a new Novell network
from scratch, or if you are changing over from a different networking
system altogether (such as Windows* NT*, Windows 2000, 3COM*, or
LAN Manager*), you should implement NDPS as your printing solution.
If any of your current printers or print clients require queues, the
backward compatibility of NDPS allows you to integrate those printers
and clients into your system. In all other cases, we recommend that you
use an all-NDPS printing setup.
Identifying Critical Planning Issues

The transition to your new printing system will go much more smoothly if you
have identified the major issues involved before you begin the process. The
following items provide a starting point for accomplishing this. We suggest
that you develop your own checklist of issues, using the following as a starting
point.
“Which Protocol(s) Will Be Used (IP and/or IPX)?” on page 37
“When Will Clients Be Upgraded?” on page 38
“How Much Network Security Will Be Needed?” on page 38
“How Will Brokered Services Be Distributed?” on page 38
Which Protocol(s) Will Be Used (IP and/or IPX)?
A prominent feature of NetWare is support for IP-based communication and

system technologies. Selecting the protocol family (IP, IPX, or both) to be
used by a network has a direct impact on the way you must configure your
printers for NDPS. NetWare provides a rich variety of print configurations so
that one or more print systems and one or more protocol families may be
employed to best accomplish the goals of a system.
In NetWare, NetWare Core ProtocolTM (NCPTM) communication can travel on
top of IPX or on top of IP in a configuration referred to as Pure IP (the IP NCPs
are no longer IPX packets encapsulated inside IP). All applications that use
NCP and do not interface directly with IPX or SPXTM can operate as Pure IP
applications.
NetWare also supports existing applications that directly access IPX-based
protocols (make IPX/SPX or SAP calls) through its Compatibility Mode

103-000137-001
August 31, 2001
Novell Confidential
(CMD). Compatibility Mode is implemented as a set of system components

that allow IPX client or server applications to locate and communicate with
their IPX counterparts without IPX packets being visible on the wire.
Compatibility Mode components translate SAP advertise and query requests
into their SLP equivalents, allowing IPX applications to dynamically
advertise and/or discover without generating IPX traffic on the wire.
All NDPS components are IP-aware and IPX-aware, so they do not rely on
Compatibility Mode to implement IP-based communication.
When Will Clients Be Upgraded?
If you have a fairly large number of workstation clients, you might find it
inconvenient to try to upgrade them to NDPS all at once. Because NDPS
allows you to implement all of the server management components while
allowing your workstation users to continue to print to queues just as they
always have, you can upgrade these clients at a pace that suits your needs
while you take advantage of the management benefits NDPS provides
immediately. See “Making the Transition Gradually” on page 41 for more
information.
How Much Network Security Will Be Needed?
NDPS is tightly integrated with eDirectoryTM to maximize both the security

and ease-of-management that eDirectory provides. The level of security you
desire for each of your printers can be as flexible as you want it to be, ranging
from total public access to tightly controlled access. Printer security for
controlled access printers is ensured through the assignment of the Manager,
Operator, and User access control roles. For more information, see Chapter 7,
“Managing Printing Security,” on page 103.
How Will Brokered Services Be Distributed?
While the distribution of your Brokers is not a critical issue initially, you will
probably want to give some thought to this issue as you do your preliminary
planning. You will not need to create a Broker on all of your servers, but you
will want your Brokers sufficiently well distributed so that your brokered
services (Service Registry Service, Event Notification Service, and Resource
Management Service) will be readily available on the system when needed. As
you gain experience with your new system, you may want to add or delete
Brokers to optimize the efficiency of your system or to store your brokered
resources (maintained in the Resource Management database) where you want
them.

103-000137-001
August 31, 2001
Novell Confidential
For guidelines on when and where to enable various brokered services, see
Chapter 6, “Managing the Broker,” on page 91.
Designing Your New System

As a final planning step, before you begin the implementation process, you
should create a written record of all the network resources and components
that will be incorporated into your new printing system (printers, servers,
workstation clients, routers, etc.). Then, you should draw a diagram of how
these components will fit together in your modified eDirectory tree.
The steps to designing your NDPS system are described below:
Make a record of your printing resources.
Write a list that you can refer to as you make a diagram of your eDirectory
tree. This record helps you to include all of the printing resources you
need for your network when you start to create the eDirectory objects.
For example, you might record that you have two printers for one location
on your network. One will be used for everyone in the office, and the
other is used only by the production team. This information can guide you
in creating your diagram.
Create a diagram of the new eDirectory tree.
We recommend that you create a diagram of the printing layout you want
to implement in your new system. The diagram will help you simplify and
reorganize your setup.
The diagram you create can take a variety of forms. Drawing a tree
diagram is the most common. You can also create a list that includes all
the objects that will be in the tree. Or you might prefer to create an
organization chart with responsibilities and resources listed by each
name.
The diagram should be centered on the printers and the NDPS Manager.
(Keep in mind that only one NDPS Manager can be loaded on a server.)
Although there are other items that might be included in the diagram, such
as the NDPS Broker; printer users, managers, and Operators; or printer
configuration information, the printers and the NDPS Manager are all that
is necessary at this stage. Place the printers in the appropriate areas. Place
an NDPS Manager on the server that you want to handle the Printer
Agents that correspond with those printers.

103-000137-001
August 31, 2001
Novell Confidential
Determining Your Implementation Strategy

Now that you have done some initial information-gathering, identified the
major issues you will face, and created a diagram of the new eDirectory layout
you want to implement, you can now consider your strategy for implementing
your new or upgraded NDPS system.
If you have not already done so, be sure to read Chapter 1, “Understanding
Novell Distributed Print Services,” on page 13 in the before you proceed.
“General Transition Guidelines” on page 40
“Making the Transition Gradually” on page 41
“Maintaining Your Queues during the Transition” on page 42
“Understanding Your Implementation Options” on page 44
General Transition Guidelines

The following guidelines generically apply to any transition scenario and
should expedite your decision process.
NDPS provides simple and reliable configurations for Pure IP
environments. You will need to use a gateway that supports IP like the
Novell gateway or a third-party gateway.
Migrate the server side first, then migrate your end-users gradually. A
sensible approach to deploying NDPS into a system is to first replace the
server components of your legacy printing system with the NDPS server
components. Since the NDPS Manager (NDPSM.NLM) and the Print
Server (PSERVER.NLM) can run simultaneously on a server, this
transition can be accomplished one queue/printer at a time. Users can then
be gradually switched to print directly to NDPS printers instead of
queues.
This transitional configuration would look this way:
PA
Novell NDPS
Queue Printer
client Printer Agent

103-000137-001
August 31, 2001
Novell Confidential
See “Maintaining Your Queues during the Transition” on page 42 for

more details on this printing configuration.
Eventually, only a few queues serviced by NDPS Printer Agents will
remain to support your DOS and Windows DOS-box printing needs,
while most printing will be through the following basic NDPS
configuration and its variations, which will be explained in “Using
Legacy Printers and NDPS Gateways” on page 44.
Determine which gateway you will use. For more information about
available gateways, see Chapter 9, “Selecting the Correct Gateway to
Use,” on page 135.
Making the Transition Gradually

If you are using a queue-based printing system, you can continue to use your
existing system without modification. Because of the advantages provided by
NDPS, however, we recommend that you begin the transition as soon as it
becomes convenient.
In general, we suggest you make the move gradually, and begin by
implementing the NDPS server components and management features. This
strategy allows you to set up your new printers and optimize the distribution
of your brokered resources while your end users continue printing through the
same queues they always have. Then, when you are satisfied that your NDPS
printing components are set up and configured the way you want them, you
can begin upgrading your end users to the new system gradually.
If you will be implementing iPrint, the Novell Client 32TM is not required.
Instead, users install a browser plug-in that allows them to install printers and
print drivers to their workstations. See the Novell Client for Windows for more
information.
Advantages to Running NDPS on the Additional Advantages of Running

Server NDPS on Clients also
Easier (and in many cases, the only Automatic driver download when a
way) to support Pure IP user logs on to the network
(assuming that you have
implemented this Remote Printer
Management function)
Custom printer management tools Remote workstation printer

management

103-000137-001
August 31, 2001
Novell Confidential
Advantages to Running NDPS on the Additional Advantages of Running

Server NDPS on Clients also
Simpler management and Local printer installation and

configuration management integrated into native
operating system facilities
Advanced error reporting and Public access printing

troubleshooting tools for
administrators
Queues no longer needed
Potentially less network traffic
Improved error reporting and

troubleshooting tools for users
Advanced job-related event

notification
Maintaining Your Queues during the Transition

NDPS Printer Agents, either embedded into printers or running as part of an
NDPS Manager, can be configured to retrieve jobs from queues in addition to
accepting jobs from NDPS users.
PA
Novell NDPS
Queue Printer
client Printer Agent
Maintaining your queues allows you to gradually migrate users to NDPS

because users' workstations can continue to print to existing queues and be
moved to NDPS as time permits. Workstations can even be configured to print
to both queues and NDPS printers.
In addition to allowing for a gradual transition to NDPS, this configuration is
also the only support currently available for DOS and Windows DOS-box
printing and for handling printing requests from other systems such as UNIX
or Macintosh*. It also allows Novell clients to submit jobs to NetWare queues,
providing these clients with access to NDPS-managed printers.

103-000137-001
August 31, 2001
Novell Confidential
After you have created NDPS Printer objects to represent the printers that are
still servicing queues, you can delete your legacy Print Server and Printer
objects (but not your Queue objects) if you want, reducing the number of
objects in your tree you need to manage.
In most cases, you will want to upgrade your administrator workstations to
NDPS first because NDPS allows administrators to quickly benefit from its
advanced capabilities such as automatic printer driver download, extended job
management, and event notification.
Administrators can accomplish much of the migration remotely by removing
the CAPTURE statements from users' login scripts and installing NDPS
printers on their workstations using the NDPS Remote Printer Management
functionality. For more information, see Chapter 1, “Understanding Novell
Distributed Print Services,” on page 13.
Advantages to Maintaining Your Queues Disadvantages to Maintaining Your

While Transitioning to NDPS Queues While Transitioning to NDPS
Allows gradual migration to NDPS Users printing through queues don't

have access to the NDPS advanced
features
Allows administrators quick access to Two levels of indirection for queue

NDPS management tools users
Supports clients not directly Requires management of both NDPS

supported by NDPS (UNIX, printers and legacy queues
Macintosh, OS/2*, DOS)
Supports NetWare 4 clients

103-000137-001
August 31, 2001
Novell Confidential
Understanding Your Implementation Options

Possible scenarios for printing with NetWare range from maintaining a legacy
queue-based system (available only for IPX-based systems), to integrating
NDPS into a heterogeneous print system, to implementing a pure NDPS
printing system in a Pure IP environment. A wide range of heterogeneous
configurations exist between all IPX and Pure IP systems, and between all-
queue-based and all-NDPS systems. However, becoming one hundred percent
Pure IP and utilizing the most advanced printing features of NetWare implies
full deployment of NDPS.
Keep in mind that there is no requirement to modify current NetWare printing
configurations immediately, and any modifications you make may be
implemented gradually (see “Making the Transition Gradually” on page 41).
Your available implementation options are described in the following
sections:
“Using Legacy Printers and NDPS Gateways” on page 44
“Using Printers with Embedded NDPS Technology” on page 47
Using Legacy Printers and NDPS Gateways

Gateways allow NDPS clients to send jobs to printers that are not NDPS-
aware (that is, printers that are not equipped with embedded NDPS Printer
Agents). You select and configure a printer gateway when you create a new
Printer Agent.
You can implement NDPS through two types of gateways: third-party
gateways and the generic Novell gateway. Each type of implementation is
described here.

103-000137-001
August 31, 2001
Novell Confidential
Printing through Third-party Gateways

A third-party gateway is designed specifically for a printer or printer family.
NDPS Manager
PA
Novell
client 3rd- Printer
party Agent
gateway
Printer
This scenario requires two components running on a NetWare server: the

NDPS Manager and the third-party gateway. The NDPS Manager is an
integral part of NDPS and implements a platform on which to run Printer
Agents. The third-party gateway is provided by the printer manufacturer for a
specific printer or class of printers.
Printer Agents (unless embedded in the printer itself) are created to run on the
NDPS Manager to front-end printers which do not contain NDPS capabilities
and make them appear to users and administrators as full NDPS printers. The
NDPS Manager uses NDPS to communicate with users and administrators on
one end, but requires a gateway to communicate with the printer on the other.
Some printer manufacturers have developed proprietary mechanisms for
dynamically discovering their printers and for providing comprehensive
access to their printers' capabilities. Gateways developed by these printer
manufacturers can be snapped in to the NDPS Manager to give NDPS
administrators and users enhanced access to the printers.
Different levels of NDPS functionality are available depending on the actual
implementation of a specific gateway and the capabilities of the protocols
used by the gateway.
Advantages of Printing through a Third- Disadvantages of Printing through a

Party Gateway Third-Party Gateway
Might support Pure IP Currently not all existing printers have

third-party gateways
Might provide pseudo plug-and-print Some manual configuration might be

capabilities required

103-000137-001
August 31, 2001
Novell Confidential
Advantages of Printing through a Third- Disadvantages of Printing through a

Party Gateway Third-Party Gateway
Feedback and control as good as the

protocols used by the gateway
Simple administration
Printing through the Novell Gateway

For legacy and specialized printers that are not supported by third-party
gateways, NetWare includes a generic Novell gateway that allows the NDPS
Manager to communicate with print devices using the LPR/LPD protocol on
IP, the Internet Printing Protocol, and the RP protocol on IPX.
NDPS Manager
Novell
PA
client Printer
Agent Novell
gateway
Printer
Using the Novell gateway, jobs can also be written to a queue as a way to route
them to a different print system or to network printers set up in QServer mode.
Advantages of Printing through the Disadvantages of Printing through the

Novell Gateway Novell Gateway
Support for Pure IP via LPR as well as Some manual configuration required
support for IPX during the creation of the Printer
Agent
Feedback and control as good as the Typically less printer information

protocol employed available than with third-party
gateways

103-000137-001
August 31, 2001
Novell Confidential
Using Printers with Embedded NDPS Technology

As printers with embedded NDPS technology become more available, this
will become the optimal configuration and achieve the most powerful NDPS
capabilities.
PA
Novell NDPS-embedded
client printer
With this configuration, administrators and end-users can directly interact

with print devices. This configuration requires printers to have an embedded
NDPS Printer Agent. A Printer Agent is the NDPS component that receives
and processes NDPS printer and job requests and provides a standard interface
to all NDPS users and administrators regardless of the type of printer it
represents. As with other printing solutions, in order for users to print, these
printers must be installed on the users' workstations. Administrators can
remotely install these printers for users by using NDPS Remote Printer
Management functionality. Many printer manufacturers are working to embed
NDPS into their next generation of printers.
Advantages of using Printers with Disadvantages of using Printers with

Embedded NDPS Technology Embedded NDPS Technology
True plug-and-print capability At present, limited availability of fully

enabled NDPS printers
Peer-to-peer printing
Exceptional feedback and control
Simplest administration

103-000137-001
August 31, 2001
Novell Confidential
Migration Scenarios
The following scenarios will help you better understand the process for
making the transition to a NDPS environment that will best meet your printing
needs.
“Migrating from Queue-Based Printing to NDPS” on page 48
“Migrating from IPX-Based NDPS to IP-based NDPS” on page 50
“Migrating from NFS to NDPS” on page 53
Migrating from Queue-Based Printing to NDPS

Most queue-based printing in NetWare networks is currently realized through
one of the following configurations:
QServer-mode
printer
RP-mode
printer
1
2
NPRINTER.EXE
Novell client Queue

3
Print Server Printer attached to

workstation
Printer attached to server

(local printer)
When migrating to NDPS from any of these configurations, you should first
consider the protocols, connection methods used, and potential need to
configure the printer in determining which gateway to use. If a third-party
gateway is used, the resulting configuration would look as follows:

103-000137-001
August 31, 2001
Novell Confidential
NDPS Manager
PA
Novell
client 3rd- Printer
party Agent
gateway
Printer
The Novell gateway provides a straightforward migration path. The NDPS

configurations corresponding to the queue-based printing configurations
illustrated earlier, as well as an additional configuration for Pure IP support,
are shown in the following illustration:
QServer-mode See “Important”

Queue
printer note below
RP-mode
printer
NDPS Manager
NPRINTER.EXE
Novell client PA
Printer 3
Agent Novell
gateway
Printer attached to
workstation

(local printer)
LPR/LPD
printer
5

103-000137-001
August 31, 2001
Novell Confidential
The first NDPS configuration above is not recommended because a back-end

queue is still required, increasing network traffic and delaying job completion.
In addition, while transitioning to NDPS, there would be two queues in the
print path as shown in the following illustration:
NDPS Manager
PA
Novell client Queue
Printer
Agent Novell
gateway
QServer-mode
Queue
printer
If you are migrating a QServer-mode printer, we recommend that you

reconfigure it for LPR as in configuration #5 or RP as in configuration #2 if
possible. Choose configuration #5 if the network supports IP and the printer
supports LPR/LPD. Choose configuration #2 if the network supports IPX and
the printer supports RP. Configurations #3 and #4 are available if the printer
does not support LPR or RP, but you still want to benefit from many NDPS
features without the need for a queue. Notice that configurations #2 through
#5 require you to configure the print device to enable a new protocol.
Notice that if the NPRINTER.EXE in configuration #3 is running on a
NetWare client, it is possible to realize IP-only printing to a remote printer,
though not Pure IP. However, if IP is desired, configuration #5 is preferable
and is Pure IP.
Migrating from IPX-Based NDPS to IP-based NDPS
IPX NDPS IP NDPS
NDPS 3.0, which is included in NetWare 6, is written to support IP natively.

All communication between NDPS clients and NDPS back-end services will
automatically switch to use the protocol or protocols available at the client and
server. Thus, much of the effort to switch to an IP network will consist of
configuring the clients and servers to use IP only. (This is normally done
during the installation process.) However, there are some protocols used by

103-000137-001
August 31, 2001
Novell Confidential
NDPS gateways to communicate with printers that have inherent IPX

dependencies. This section provides guidelines for switching these
configurations to use IP-based protocols. None of the changes described will
require the clients' installation and configuration to change.
The following scenarios are described in this section:
“Migrating an IPX-Based Third-Party Gateway to IP” on page 51
“Migrating a Printer in RP Mode to IP” on page 51
“Migrating a Printer in QServer Mode to IP” on page 53
Migrating an IPX-Based Third-Party Gateway to IP
NDPS Manager
PA
3rd- Printer
party Agent
gateway
Printer
Several third-party gateways support both IPX-based and IP-based

communication to printers. The process to switch a third-party gateway to use
IP is likely to differ from gateway to gateway and should be explained in each
gateway's documentation. If a specific third-party gateway doesn't support IP,
you might need to use the Novell gateway.
Migrating a Printer in RP Mode to IP
NDPS Manager
PA
RP
Printer
Agent Novell
gateway RP-mode
printer

103-000137-001
August 31, 2001
Novell Confidential
The Remote Printer protocol (RP) is inherently IPX-based. Configurations

using printers in remote printer mode can use one of the following
configurations to conform to an IP setting:
LPR/LPD-mode
printer
2
RP-mode
Printer NDPS Manager
Migration printer
Agent
Agent
PA PA LPR
3rd- 3
party Novell RP
gateway gateway LPT/COM
IP
NPRINTER.EXE
4
1
Printer attached to
Printer 5 IP CMD client

(local printer)
As stated before, the best way today to communicate to a printer with NDPS
is through a third-party gateway. If you plan to reconfigure a printer to support
IP, you should check whether a third-party gateway for that printer has become
available.
Option #2 is simpler and offers better performance than option #3, but it
requires the printer to support LPR/LPD mode and have IP configured.
Options #4 and #5 are also simple, but they might not be a viable option in
some settings because they require the printer to be directly attached to a
workstation or server. Of the three options, only #5 maintains a Pure IP
environment.
Option #3 requires an isolated IPX segment to exist in the network.
Communication with this segment can be filtered and/or translated by a
Migration Agent, thus maintaining the IP segments free of IPX
communication. The advantages of option #3 are that it doesn't require any
changes to the current printing configuration and doesn't add much overhead
to networks that already manage isolated IPX segments.

103-000137-001
August 31, 2001
Novell Confidential
Migrating a Printer in QServer Mode to IP
NDPS Manager
PA
Printer
Agent Novell
gateway
QServer-mode
Queue
printer
The best alternatives for this scenario to support IP are to (1) use a third-party
gateway (see “Migrating a Printer in RP Mode to IP” on page 51) or (2)
reconfigure the Novell gateway to communicate with the printer through a
different protocol altogether. If neither of these options are feasible, the
following configuration is available to isolate the IPX traffic generated by
printers in QServer mode:
NDPS Manager
PA
Printer
Agent Novell
gateway
Queue QServer-mode
Migration
printer
Agent
The advantages of this option are that it doesn't require any changes to the
current printing configuration and doesn't add much overhead to networks that
already manage isolated IPX segments.
Migrating from NFS to NDPS

Several scenarios can be used to incorporate NDPS into environments that use
NFS Print Services:
“NetWare-to-UNIX Printing” on page 54
“UNIX-to-NetWare Printing” on page 55
In most cases, migrating one of these configurations to NDPS will result in
simpler and more reliable printing, in addition to the benefits inherent in using
NDPS. This section discusses how NDPS can be used to replace or work with
NFS Print Services.

103-000137-001
August 31, 2001
Novell Confidential
NetWare-to-UNIX Printing
The following shows how to route jobs from NetWare out to a UNIX system.
This configuration is as follows:
NLM
Novell Queue Print NetWare-to-Unix Unix Printer

client server printer gateway host
Again, by replacing the Print Server and NetWare-to-UNIX Printer Gateway

with the NDPS Manager, the following configuration is possible:
NDPS Manager
PA
Novell Queue
client Printer
Agent Novell
gateway
Unix Printer
host
The Novell gateway uses LPR to communicate with the UNIX host.
Eventually the clients can also be switched to NDPS, yielding the following
configuration:
NDPS Manager
Novell PA
client Printer
Agent Novell
gateway
Unix Printer
host

103-000137-001
August 31, 2001
Novell Confidential
UNIX-to-NetWare Printing
This configuration uses the NFS Print Services to route print jobs from a
UNIX system into NetWare. The following is a common use of the UNIX-to-
NetWare Printer Gateway:
UNIX UNIX-to-NetWare Queue Print Printer

system printer gateway server
As discussed in “Maintaining Your Queues during the Transition” on page 42,

a Printer Agent can be set to service queues, enabling one of the following
setups:
PA
Printer Printer
Agent
UNIX UNIX-to-NetWare Queue

system printer gateway
PA
Printer with
embedded
Printer Agent
This configuration allows administrators to route jobs out of UNIX systems

into NDPS using the same mechanism they use today, while giving them
extended capabilities to manage the printers that service those jobs.

103-000137-001
August 31, 2001
Novell Confidential

103-000137-001
August 31, 2001
Novell Confidential
3 Setting Up a New NDPS Printing

System
Creating a new Novell® Distributed Print ServicesTM (NDPS®) system will

not automatically disable your current printing setup. Users can continue to
print just as they always have until you decide to replace old printing setup
with NDPS. You can do this gradually or all at once.
Before setting up your new NDPS printing system, we recommend that you
read Chapter 2, “Planning the Migration to Novell Distributed Print Services,”
on page 35.
“Creating NDPS Brokers” on page 61
“Creating NDPS Manager” on page 61
“Creating NDPS Printers” on page 62
“Setting Up NDPS Printers to Service Legacy Queues” on page 65
“Configuring Queue-Based Printers” on page 65
“Printing from Macintosh Workstations” on page 68
“Setting Up LPR Clients on UNIX” on page 69
“Preparing Client Workstations to Use NDPS” on page 69
For information on setting up printing in other situations, see Appendix A,
“Configuring Remote Printers,” on page 137.
Setting Up a New NDPS Printing System 57

103-000137-001
August 31, 2001
Novell Confidential
Getting Started
The following tasks are basic to creating a new NDPS printing system. These
steps assume that NetWare® is installed and running.
1. Create an NDPS Broker, if one does not exist.
The Broker provides three network support services: the Service Registry
Service, Event Notification Service, and Resource Management Service.
See “Creating NDPS Brokers” on page 61 for more information.
2. Create an NDPS Manager.
The NDPS Manager is used to create and manage server-based Printer
Agents (similar to the way PSERVER is used on servers to manage
printing resources in legacy printing). You must create an NDPS Manager
on each server you will be controlling NDPS printers from.
See “Creating NDPS Manager” on page 61 for more information.
3. Create one or more NDPS Printer Agents.
NDPS printers must be represented by a logical entity known as a Printer
Agent. You will need to create one for each printer.
The Printer Agent lies at the heart of NDPS, combining the functions
previously performed by a printer, print queue, print server, and spooler
into one intelligent and simplified entity.
For more information, see “Understanding Printer Agents” on page 22.
Create a controlled access printer (NDPS Printer Object).While any
printer, regardless of its physical type or connection mode, can be
configured as either a public access printer or a controlled access printer,
we recommend you create an NDPS priner when possible.
For more information, see “Creating NDPS Printers” on page 62.
4. Install a client on each workstation.
iPrint: If you will be implementing iPrint, the Novell iPrint Client (a
set of browser plug-ins) will need to be installed on each workstation.
For more information on setting up workstations to work with iPrint,
see Setting Up iPrint on Client Workstations in the iPrint
Printing for UNIX and Macintosh: Unix and Macintosh users can
print to NDPS using LPR. See “Printing from Macintosh

103-000137-001
August 31, 2001
Novell Confidential
Workstations” on page 68 and “Setting Up LPR Clients on UNIX”

on page 69 for more information.
Novell Client 32: The Novell Client is required in order for NDPS
features to be available on your client workstations. Other clients can
print to NDPS printers through the backward compatibility feature,
but only NDPS clients can take full advantage of the advanced
features offered by NDPS.
See “Preparing Client Workstations to Use NDPS” on page 69 for
more information.
NOTE: If users will be accessing printers through iPrint, you do not need to
install the Novell Client. For more information on iPrint, see Setting Up iPrint
on Client Workstations in the iPrint Administration Guide.
5. Install printers on individual workstations.

You can do this in any of the following ways:
If you are using iPrint, see Setting Up iPrint on Client Workstations
in the iPrint Administration Guide for more information.
Designate printers to be automatically installed on users'
workstations through the NDPS Remote Printer Management feature
available through iManage. See “Designating Printers to Be
Automatically Installed” on page 75 for more information.
Install printers manually on each workstation using the Windows
Add Printer function in the Printers folder.
Setting Up NDPS on Your Servers

During the initial installation and setup process, there are some issues you
should be familiar with:
“Rights Required for Configuring NDPS Installation” on page 60
“Using iManage” on page 60
“Changing the Location of a Broker” on page 60
“Updating the AUTOEXEC.NCF File” on page 60

103-000137-001
August 31, 2001
Novell Confidential
Rights Required for Configuring NDPS Installation

You must have the Supervisor right at the root of the tree because the schema
will be modified. In order to install the resource database (in the SYS:NDPS\
RESDIR directory), the administrator must also have file system rights (rights
to the volume) where it will be installed.
After the schema has been extended, a user installing another Broker must
have at least Read, Write, Modify, and Create rights for the container where
the Broker will reside.
Using iManage
To set up NDPS you will need to use iManage, a browser-based management
tool for eDirectory. For more information about setting up iManage, see the
Novell iManage Administration Guide.
Changing the Location of a Broker

NDPS allows you to customize your printing setup for maximum efficiency.
You might occasionally want to change the location of one or more Brokers.
For example, you might want a Broker to be in a different eDirectory
container. If you want to change the location of a Broker after it has been
created, you can use NetWare Administrator to move the Broker object into
the desired container, provided you have Supervisor or equivalent rights to the
new container.
Updating the AUTOEXEC.NCF File

After creating a Broker, you should add the following command to the
AUTOEXEC.NCF file to automatically load the broker when the server is
started.
load broker brokername.context
For more information about the managing the Broker, see Chapter 6,
“Managing the Broker,” on page 91.

103-000137-001
August 31, 2001
Novell Confidential
Creating NDPS Brokers

Each eDirectoryTM tree should have at least one NDPS Broker. You might
want to create additional Brokers in certain situations. For example, you might
want to create a Broker on a local server for each site on a wide area network
(WAN). See “Where to Place NDPS Brokers” on page 32 for information on
broker placement.
1 In iManage, click iPrint Management > Create Broker.
2 Fill in the fields.
Click help for explanations about the fields.
3 Click OK.
To modify the Broker properties, click Manage Broker, and then select the
Broker you want to modify.
Creating NDPS Manager

A NDPS Manager provides a platform for Printer Agents that reside on the
server. An NDPS Manager must be created as an object in the eDirectory tree
before you can create server-based Printer Agents.
The NDPS Manager object stores information used by the NetWare Loadable
ModuleTM (NLMTM), NDPSM.NLM. You can manually load this NLM at the
server console.
A single NDPS Manager can control any number of Printer Agents.
A specific NDPS Manager can be loaded only on one server. If it controls a
local printer, it must be loaded on the server the local printer is attached to.
While you can perform some configuration and management tasks directly
through the NDPS Manager console interface, iManage is the main tool for
performing these tasks.
Ensure you have at least Read, Write, Modify, and Create rights for the
container where the NDPS Manager object will be reside.
1 In iManage, click iPrint Management > Create Print Services Manager.

103-000137-001
August 31, 2001
Novell Confidential
IMPORTANT: If you move the NDPS Manager to a different server, its database
will move also. As a result, local printers assigned to this NDPS Manager will no
longer work. To avoid this, you can assign a DNS name to the Manager before
creating Printer Agents associated to it using the /dnsname= startup switch. For
more information, see “NDPS Manager Startup Switches” on page 89.
Any printer you designate as a local printer when you are configuring Printer
Agents assigned to this NDPS Manager must be directly attached to this server.
3 Click OK.
4 To autoload the NDPS Manager when you bring up the server, add the
following line to your server's AUTOEXEC.NCF file:
load ndpsm NDPS_Manager_name_and_context
For example:
load ndpsm .sales_manager.corp.acme
To modify the Print Services Manager properties click Manage Print Services
Manager, and then select the Manager you want to modify.
For a discussion of Access Control roles, see “Setting Access Control for
NDPS Manager” on page 108.
Creating NDPS Printers

NDPS printers can be either public access or controlled access. For an
explanation of each type, see “Understanding NDPS Printers” on page 20. In
most cases, we recommend that you make all of your NDPS printers
controlled access printers as soon as possible in order to take full advantage of
the management and security benefits offered by eDirectory.
Before you can create an NDPS printer, you must first have created an NDPS
Manager on your server. See “Creating NDPS Manager” on page 61 for more
information.
After creating an NDPS Manager, you can create NDPS printers. Some third-
party gateways have server-based utilities that can be configured to search for
new printers attached to the network and to automatically create Printer
Agents to represent them. For more information about gateways, see
“Selecting the Correct Gateway to Use” on page 135.
NDPS printers added to the eDirectory tree by iManage are referred to as
controlled access printers. As eDirectory objects, access to them is controlled
and they are no longer available directly as public access printers. They are
available to the workstation user only through the eDirectory object list
instead of through the list of public access printers.

103-000137-001
August 31, 2001
Novell Confidential
Prerequisites
Have at least Read, Write, Modify, and Create rights for the destination
container where its associated Printer object will reside
Be designated as a Manager of the NDPS Manager that will control this
Printer Agent
Have a Broker running
Have an NDPS Manager object created
Procedure
1 In iManage, click iPrint Management > Create Printer.
3 Click OK.
4 Select the printer driver for each client operating system.
These drivers will be automatically downloaded to users' workstations
when they install this printer in the future.
If you choose a Windows 3.x driver but not a Windows 95/98/ME or
Windows NT/2000 driver, a 16-bit driver will be selected. Normally this
will not create problems.
Since the list of printer drivers shipped with this product is limited, you
can add drivers to the Resource Management Service database. (See
“Adding or Updating Printer Drivers” on page 96 for more information.)
If the driver you need is not in the drivers list, rather than adding it to the
RMS, you can select [None] at the top of each list. Users will then be
asked to provide a disk with the appropriate driver the first time they
install this printer on their workstations.
5 Click Continue.
Workstation users can now select the printer and print to it.

103-000137-001
August 31, 2001
Novell Confidential
Configuring LPR Printers

UNIX, Macintosh, and other LPR clients can print to iPrint printers using
LPR.
IMPORTANT: In order for LPR to work, the printer agent name cannot contain
spaces. If it does, you will need to rename the printer agent or select a different
printer.
1 In iManage, click iPrint Management > Manage Printer.
2 Browse to and select the printer you want to enable LPR printing for.
3 Click Client Support > LPR Support.
4 Check the Enable LPR/LPD Client Support check box.
The LPR Host and LPR Printer/Queue fields display information required
when setting up printing for Macintosh, UNIX, or other LPR clients.
LPR Host: The server name where the Print Services Manager is
running.
LPR Printer/Queue:The same as the printer agent's name. The printer
agent name cannot have any spaces in its name; otherwise, LPR will not
work properly.
5 (Optional) Enable the following options:
Filter All LF to CRLF and Append FF to Jobs: Checking this check
box changes bytes in the LPR data stream of all incoming LPR print jobs
from Line Feeds to Carriage Returns with Line Feeds and appends a Form
Feed to the end of the print job. Typically, these changes are made at the
LPR client; however, if you are sure of your users' configurations, you can
implement this option.
Address Ranges: Add an address range only if you want to restrict access
to this printer to LPR clients within the address range. When the list is
empty, all addresses are allowed to print (default).

103-000137-001
August 31, 2001
Novell Confidential
Setting Up NDPS Printers to Service Legacy Queues

In many cases, you will want to continue using print queues while you make
the transition to NDPS. This strategy is discussed in detail in “Making the
Transition Gradually” on page 41. For information on how to set up your
NDPS printers to service legacy queues, see “Supporting Queue-Based Client
Workstations” on page 86.
Configuring Queue-Based Printers

Users can submit jobs through NDPS to printers and print systems that still
require queues, such as the following:
Printers controlled by PSERVER.NLM (either locally attached or
attached directly to the network) running on servers that have not been
upgraded to NDPS
Printers attached directly to the network that are configured for queue-
server mode
Mainframe systems using NetWare HostPrint® and certain proprietary
systems
The following procedure allows you to configure the Printer Agent to redirect
print jobs to a NetWare queue.
HINT: While this procedure allows you to connect to queue-based printers
controlled by NetWare servers in the current eDirectory tree, you might also need
to create one or more bindery reference queues to provide access to printers
controlled by a NetWare 3 file server and printers controlled by a NetWare 4 or
NetWare 5 server in a different tree. For more information, see “Using Bindery
Reference Queues” on page 67.
1 In NetWare Administrator, select the container where you want the NDPS
Printer object to reside.
2 From the Object menu, click Create > NDPS Printer.
3 Enter a name in the Printer Name field.
4 At the Printer Agent Source field, select Create a New Printer Agent, and
then click Create.
5 Confirm the Printer Agent name (default is the name of the new printer
you are creating) and browse to select the NDPS Manager you want to
assign it to.

103-000137-001
August 31, 2001
Novell Confidential
6 At the Gateway Types window, select the Novell Printer Gateway.

For more information about using gateways, see “Selecting the Correct
Gateway to Use” on page 135.
7 Configure the Novell PDS by selecting the Printer Type and Port Handler
Type, and then click OK.
8 At the Connection Type field, select Forward Jobs to a Queue and then
click Next.
The Port Type options are grayed when you select the Queue connection
type.
9 Provide the Queue Name and Queue User Name.
Browse for the target print queue. If no queues are listed, none exist in the
current context. Browse the tree to find a queue in a different context. The
queue you select must exist in the current tree, or else you will need to
create a bindery reference queue in your own container to allow access to
the actual queue. See “Using Bindery Reference Queues” on page 67.
The user you specify might need to log in to the server that this queue
resides on. This user must have full rights to manage this queue.
10 Click Finish.
when they install this printer in the future. Select a driver for each
operating system.
12 Click Continue.
The main browser window appears with your new controlled access
printer listed.

103-000137-001
August 31, 2001
Novell Confidential
You can select it from the browser to complete the following tasks:
“Assigning Printer Access Control Roles through NDPS Printer
Objects” on page 107
“Optimizing Event Notification” on page 82
Using Bindery Reference Queues

While we strongly urge you to upgrade all of your printers to NDPS as soon
as possible, you might still want to provide your users with access to queue-
based printing resources for a variety of reasons. While connecting to queue-
based printers can be accomplished directly when you configure a Printer
Agent, you might need to create one or more bindery reference queues to
provide access to the following:
Printers controlled by a NetWare 3 file server
Printers controlled by a NetWare 4 or NetWare 5 server in a different tree
A bindery reference queue serves as a pointer to a real NetWare queue. After
you have created a bindery reference queue, you can then configure a Printer
Agent to send jobs to that queue just as you would if the queue actually resided
on another server in the same tree. The following discussion explains how to
accomplish this procedure using NetWare Administrator.
If a bindery reference queue already exists, you can use it with NDPS with no
modification. A new reference Queue object does not need to be created in
eDirectory.
Prerequisites
The print queue you want to reference must already exist on the server
you want to point to
A bindery object of the same name as the one you are using must exist on
that server and must have rights to the print queue you are referencing
Procedure
The following procedure lets you reference a bindery queue and make it
available to NDPS printers.
1 In NetWare Administrator, select the container where you want the
reference queue to reside.
2 From the Object menu, click Create > Print Queue.

103-000137-001
August 31, 2001
Novell Confidential
3 In the Create Print Queue dialog box, select Reference a Bindery Queue.
Notice that the dialog changes when you select this option.
4 (Optional) If you want to assign a bindery reference queue name different
from the queue's name on the legacy server, enter the reference name in
the Print Queue Name field.
If you do not want to assign a reference name, leave the field blank.
5 Click the browser button to select a bindery server and queue.
6 Click List Only Attached Servers to specify whether you want this option
turned on or off.
To see a list of all available servers, turn off this option. Select the name
of the server you want to attach to. Log in to this server at the prompt.
7 Double-click the server you want to use.
If you are not attached, you must authenticate to that server.
To complete this procedure, a bindery object of the same name as the one
you are using must exist on that server and must have rights to the print
queue you are referencing.
If no queue names appear, no queues have been defined on that server.
8 Select the queue you want to create a reference for and click OK.
9 Click Create.
10 Return to Step 9 on page 66 of the procedure for “Configuring Queue-
Based Printers” on page 65 as a controlled access printer.
Now that this queue is created, you can configure a Printer Agent to service
jobs from a queue or to submit jobs to a queue.
Printing from Macintosh Workstations

Macintosh users can submit print jobs to NDPS using LPR. This entails using
the Macintosh Desktop Printer Utility to set up a printer on the MacInstosh
client and enabling LPR support for the printer. To enable LPR printer support,
see “Configuring LPR Printers” on page 64.
NOTE: When using LPR printing, printer agent names cannot include spaces.
1 In the Macintosh Desktop Printer Utility, select LPR Printer.

2 If necessary, select any appropriate PPD files.

103-000137-001
August 31, 2001
Novell Confidential
3 Enter the printer address information.

LPR Address: Enter the DNS name or IP address of the server where the
NDPS printer agent is running. This is the LPR Host address displayed
when enabling LPR for a printer.
Queue: Enter the printer agent name. This name may not include spaces.
This is the LPR Printer/Queue name displayed when enabling LPR for a
printer.
4 Click Create and save the printer to a desired location on the Macintosh.
Setting Up LPR Clients on UNIX

The implementation of LPR printing in UNIX systems varies greatly.
Typically, UNIX or LPR users will know how to set up LPR Printing (BSD-
style printing) on their system. In order to complete the configuration, users
will need to know the LPR Host and the LPR Printer/Queue information
provided in iManage.
Preparing Client Workstations to Use NDPS

If you will not be using iPrint, you will need to install the Novell Client that
accompanies NetWare. The Novell Client is required in order for NDPS
features to be available on your client workstations.
The NDPS components of the Novell Client require approximately 800 KB of
random access memory (RAM). If you select the Custom install option, make
sure you have enabled NDPS.
The following sections will help you implement the Novell Client on users’
workstations.
Installing the Novell Client

For specific instructions on installing the Novell Client, see the Novell Client
for Windows documentation.

103-000137-001
August 31, 2001
Novell Confidential
Enabling NDPS on a Previously Installed Client

If you have previously installed the correct version of the Novell Client on one
or more Windows workstations but you did not enable NDPS at that time, you
will need to add go to your network properties and add the service Novell
Distributed Print Services.
On Windows 3.x workstations, you must reinstall the Client to enable NDPS.
Adding NDPS Printers

For a discussion of how to add printers automatically to your NDPS client
workstations, see “Designating Printers to Be Automatically Installed” on
page 75.
You can install printers manually at individual workstations using the Add
Printer wizard.
Removing CAPTURE Statements

Existing CAPTURE statements should be removed from your NDPS clients
for NDPS to be fully enabled. These statements might exist in container or
user login scripts, in batch files, or other locations. After you have tested your
new system thoroughly, you can safely remove these statements.

103-000137-001
August 31, 2001
Novell Confidential
4 Managing Printers
Although the default settings in Novell® Distributed Print ServicesTM

(NDPS®) allow your users to print without further configuration being
necessary, you will probably want to modify some of those settings so that you
can manage your printing resources most effectively. While most tasks can be
done in iManage, some tasks will require you to use NetWare® Administrator.
“Installing Printers on Workstations” on page 74
“Using Remote Printer Management” on page 75
“Setting Up Printer Configurations” on page 77
“Creating Configurations” on page 78
“Optimizing Event Notification” on page 82
“Setting Print Job Spooling” on page 85
“Supporting Queue-Based Client Workstations” on page 86
Managing Print Jobs

The following sections provide specific information about the NDPS print job
management features. All of the procedures listed below can be performed
either through NetWare Administrator or through the Novell Printer Manager.
Users designated as Managers or Operators for a printer can perform these
tasks for all jobs routed to that printer; individual job owners can only perform
these tasks for their own print jobs.
Managing Printers 71

103-000137-001
August 31, 2001
Novell Confidential
Viewing Print Job Information

You can view information about individual print jobs waiting to be processed
by a specific printer by using the following procedure.
1 In iManage, click Print Management > Manage Printer.
2 Browse to and select the printer the job was sent to.
3 Click Printer Control > Jobs.
Information about the print jobs is displayed.
Deleting Print Jobs

Administrators can delete any print job after it has been submitted if the job
has not yet started printing. Users can delete only their own print jobs.
NDPS allows you to delete a print job from the jobs list by using the following
procedure.
1 In iManage ,click Print Management > Manage Printer.
4 Check the checkbox next to the job you want to delete.
5 Click delete.
Changing the Order of Print Jobs

Occasionally, you might need to print a job sooner than other jobs that have
already been submitted to a printer and are awaiting servicing. Administrators
can move jobs up or down the list. Users can only move jobs down the list.
Administrators can reorder any print job after it has been submitted if the job
has not yet started printing. Users can reorder only their own print jobs.
The following procedure explains how this is done.
4 Check the checkbox next to the job you want to modify.
5 Click Promote to move a print job up the list.

103-000137-001
August 31, 2001
Novell Confidential
Moving Print Jobs

NDPS allows operators and job owners to copy or move a print job to another
printer. The target printer must be running on the same server (managed by the
same NDPS Manager) as the printer on which the job currently resides. Also,
the target printer must be compatible with the driver that formatted the job. For
example, if a job was formatted with an HP5si driver, it should not be copied
or moved to an HP LaserJet* III.
Administrators can copy or move any print job after it has been submitted if
the job has not yet started printing. Users can copy or move only for their own
print jobs.
To move a print job using iManage, do the following.
4 Check the checkbox next to the job you want to modify.
5 Click Move to move the print job to another printer in the list.
Modifying Print Jobs

You can modify a print job in two ways:
Modifying the printer configuration
Before the job is submitted, you can modify the printer configuration on
your workstation. Then every time you send a job to that printer, those
modifications will be used. For information, see “Modifying
Configurations” on page 80.
Modifying the specific job
When a job is submitted, it inherits the properties of the installed printer's
configuration. The configuration of the job can then be modified, if
needed, by the job's owner or the printer's Operator.
When jobs are modified, additional configurable properties are available
which are not included in the original printer configuration. For example,
the job can be delayed, and advanced attributes can be viewed and
modified.

103-000137-001
August 31, 2001
Novell Confidential
Administrators can modify any print job after it has been submitted if the job
has not yet started printing. Users can modify only their own print jobs.
To modify a job, do the following.
1 In NetWare Administrator, select the printer the job was sent to from the
browser window, and then click Jobs/Job List.
If you want to see a list of jobs already processed and being retained, click
the Show Retained Jobs option.
2 Select the job you want to modify.
3 Click Job Configuration > Job Options and then select Configurations
from the drop-down list.
4 Select the properties you want and click OK.
Installing Printers on Workstations

You can install printers on NDPS workstations in either of the following ways:
By designating printers to be automatically installed on user workstations
through the Remote Printer Management feature available in iManage.
See “Using Remote Printer Management” on page 75 for more
information.
By allowing Windows workstation users to install printers on their
workstation by using the Windows Add Printers wizard in the Windows
Printers folder.
Certain drivers (mostly older drivers) will not work when the printer name/
port name has a long name (32 characters or more). The port name looks
something like \\TREE_NAME\SERVER_NAME\installed_printer_name.
To resolve this problem for NDPS, a new flag has been added to the Windows
registry that will allow for printer names to be less than 31 characters in length
so that old applications can still print. The key is as follows:
HKEY_LOCAL_MACHINE\Software\NDPS\RPM\TruncatePrinterNames
0 = use long names
1 = truncate the printer names

103-000137-001
August 31, 2001
Novell Confidential
Designating Printers to Be Automatically Installed

While NDPS allows users to download and install printers on their
workstations, it also allows administrators to designate printers to be
downloaded and installed automatically. These printers then appear on the
user's installed printers list with no action required by the user.
You can designate a printer to be installed automatically by using the Remote
Printer Management feature in iManage. See “Using Remote Printer
Management” on page 75 for more information.
Designating a Default Printer

When you use the Remote Printer Management (RPM) feature to designate a
printer for automatic installation on each user workstation, you can also
designate that printer to be the default for users in the same context
(container). This way, the user never has to install or configure that printer or
designate it as the default. Instead, a configured default printer is installed
automatically on each workstation.
The assignments made through the RPM are limited to the specific container.
They do not flow down to subcontainers.
Even though you designate a printer as the default, users can specify a
different default printer if they want.
Using Remote Printer Management

While NDPS allows users to download and install printer drivers on their
workstations, the Remote Printer Management feature also allows
administrators to designate printers to be downloaded and installed
automatically. These printers then appear in the Windows Printer Folder for
the user's workstation. Administrators can also use this feature to remove
printers, assign a printer to be the default printer, and update printer drivers
from the NDPS Resource Management Service database (RESDIR).
Remote Printer Management configures printing on workstations based on a
User object, group membership, and container.

103-000137-001
August 31, 2001
Novell Confidential
How Remote Printer Management Works

After a printer has been designated for automatic installation on a user's
workstation, this information is stored on the eDirectory container object
where the administrator has configured it. When a user logs in after the
machine is rebooted, the workstation's client software checks the container
object where the User object resides for the Remote Printer Management
configuration. The client software compares time stamps stored on the
workstation and in eDirectoryTM to determine whether any changes have
occurred. If the time stamp is different, action is taken, and the printer list on
the client is automatically updated to match the printer list maintained by
eDirectory on the container.
If the client finds a printer designated for installation that has not yet been
installed, it is automatically installed.
If a currently installed printer is added to the Printers to Remove list, that
printer will be uninstalled automatically.
If you designate a different printer to be the default in the Remote Printer
Management list, the change will be automatically made on each client
when it logs in.
If the Do Not Update Workstations control is checked, you can update the
Remote Printer Management configuration, but no changes will occur on
the workstation.
When you install a printer using Remote Printer Management, its installed
name will be limited to no more than 31 characters (including the periods).
The name will be broken off at a logical point from the beginning of the
installed name. This will not affect the ability of the printer to service jobs.
The reason that names are limited to this length is that some applications
cannot handle printer names of over 31 characters.
Accessing Remote Printer Management

Remote Printer Management can be accessed in any of the following ways
using NetWare Adminsitrator. Somewhat different functionality is available at
each location.
From the Tools menu in NetWare Administrator.
By selecting the NDPS Remote Printer Management option from this
menu, you can manage printers in all containers for which you have the
Supervisor right at the container object.

103-000137-001
August 31, 2001
Novell Confidential
From the Details page for the Container object

By pressing the NDPS Remote Printer Management button from this
page, you can manage printers for this container only.
From the Details page for a specific printer
By pressing the NDPS Remote Printer Management button from this
page, you can remotely manage that printer.
From Users and Groups
Setting Up Printer Configurations

If you use configurations wisely, they can help you manage your system more
effectively. You can also create configurations that will help workstation users
meet their specific printing needs efficiently and conveniently.
Configurations are properties assigned to a NDPS Printer object that specify
how the printer will handle print jobs. For example, configuration properties
can specify the number of copies to print, event notification, what kind of
media to use, job priority, banner instructions, and whether to hold or retain a
job and for how long.
NDPS automatically assigns a default configuration to all NDPS Printer
objects when they are created. However, administrators can modify that
configuration or create new configurations for use by workstation users.
NDPS Printer objects can have multiple configurations. When a user installs
a printer on his or her workstation, that user chooses one of those
configurations. Each time a job with a particular configuration is submitted,
the printer will handle the job according to the instructions contained in that
configuration.
When a job is submitted, it inherits the properties of the installed printer's
configuration. The configuration of the job can then be modified, if needed,
by the job's owner or a printer Operator. When configurations are modified at
the individual job level, additional configurable properties are available which
are not included in the original configuration. For example, the job can be
delayed, and advanced attributes can be viewed and modified.
“Creating Configurations” on page 78
“Configuration Options” on page 78

103-000137-001
August 31, 2001
Novell Confidential
“Modifying Configurations” on page 80

“Setting Configuration Locks” on page 81
Creating Configurations
Use the following procedure in NetWare Administrator to create a new
configuration based on the current Default Configuration.
1 Select the NDPS Printer object that you want to create a configuration for.
2 Click the Configuration button.
The Printer Configurations window in that dialog lists the Default Printer
Configuration and any other configurations that have been created for this
printer in NetWare Administrator.
3 Click Create.
4 Enter the name you want to assign to this configuration.
5 Assign the configuration properties you want for print jobs.
For specific information about these tabs, see “Configuration Options” on
page 78.
If you want to lock certain configuration properties so that workstation
users cannot modify them, see “Setting Configuration Locks” on page 81.
6 Click OK in the Printer Configuration dialog box.
7 Click OK in the NDPS Printer Details dialog box.
Your new configuration will not be saved until you have done this.
Configuration Options
The following sections describes the configuration options available in NDPS.
General Properties
Copies: The number of copies that will be printed for this configuration.
Max Copies: The maximum number of copies that a user can print using
this printer.
Priority: The priority assigned to jobs using this configuration.
Max Priority: The maximum priority (Low, Medium, High) set by the
administrator for jobs using this printer. This setting determines when the

103-000137-001
August 31, 2001
Novell Confidential
job will print in relation to other jobs with different priorities sent to this
printer.
Banner: A list of banner pages users can select from. Banner pages will
be printed at the beginning of print jobs using the configuration. (If
multiple copies of a document are printed, the banner page will only be
printed at the beginning of the first copy.)
If your client, printer, and server are not all configured for the same
language, you may experience problems with the output of your banner
pages, such as the job name being corrupted. If you are working in this
type of mixed environment, you should consider not using banner pages.
Medium: The medium (form) on which jobs can be printed without
stopping the printer to mount a different medium (form). The default on
the printer is Any Medium, which allows jobs to be printed using the
currently mounted medium regardless of media specified in the job data.
If a medium is specified for this configuration, and a different medium
(anything other than Any Medium) is mounted on the printer, this
condition will cause the printer to pause for the given amount of time
(default is 15 minutes) or until the new media is mounted. If this Job Wait
Time expires, the job is placed on hold and returned to the spooling area.
Media are mounted by the administrator or Operator at the Printer
Control/Control pull-down menu of NetWare Administrator.
Job Hold Properties

Operator Hold. Jobs do not print until the Operator releases them.
User Hold. Jobs do not print until the user who submitted the job releases
it.
Delay Printing Until. Jobs do not begin printing until the time and date
specified.
Pause Printer on Job Start. Force the printer to pause at the beginning
of jobs submitted using this configuration. The message entered is sent to
the printer Operator. Only an Operator can release the pause. (By default,
the printer will resume printing after a 15-minute pause if an Operator
does not intervene. This setting can be changed at the server console by
changing the Configuration setting Job Wait Time.)
Pause Printer on Job End. Force the printer to pause after printing each
job that is submitted using this configuration. The message entered is sent
to the printer Operator. Only an Operator can release the pause. (By
default, the printer will resume printing after a 15-minute pause if an

103-000137-001
August 31, 2001
Novell Confidential
Operator does not intervene. This setting can be changed at the server
console by changing the Configuration setting Job Wait Time.)
Retain Job No Longer Than. The maximum amount of time that jobs
using this configuration can be retained after printing before being
deleted (Minutes, Hours, Days, Years). By default, jobs are not retained.
Retain Job For. The amount of time that a job using this configuration
should be retained (regardless of when it is printed) until it is deleted
(Minutes, Hours, Days, Years).
Event Notification Properties
By specifying event notification for a printer configuration, you allow job

owners to receive notification of printer or job events that occur during the
processing and printing of a job. Notification configured in this way is sent by
pop-up message box only.
Print job notification allows you to designate the event types for which
notification messages should be generated (warnings, errors, or reports). For
more information, see “Optimizing Event Notification” on page 82.
In NetWare Administrator, administrators can use the Access Control feature
to configure event notification for interested parties, that is, non-job-owners
you wish to be notified of specific events. See “Configuring Interested-Party
Notification” on page 84 for more information. At the workstation, individual
users can use the Novell Printer Manager to configure event notification
pertaining to their own jobs only. See “Configuring Job-Owner Notification”
Modifying Configurations
To modify an existing configuration, complete the following procedure.
1 At the main NDPS Printer Details window in NetWare Administrator,
click the Configuration button.
2 In Printer Manager, select the printer you want to work with and then
select the Printer/Configuration option.
The Printer Configurations window lists the default printer configuration
and any other configurations that have been created for this printer in
NetWare Administrator.
3 Select the configuration you want to modify and click Modify.

103-000137-001
August 31, 2001
Novell Confidential
4 Assign the configuration properties you want for print jobs.

For specific information about these tabs, see “Configuration Options” on
page 78.
If you want to lock certain configuration properties so that workstation
users cannot modify them, see “Setting Configuration Locks” on page 81.
5 Click OK in the Printer Configuration dialog box.
6 Click OK in the NDPS Printer Details dialog box.
Your changes will not be saved until you have done this.
Setting Configuration Locks

Properties of the Default Printer Configuration can be locked by the
administrator to be nonconfigurable; that is, they cannot be modified or
overridden by the user. Locked properties can be either of the following:
Maximum limits. Certain properties, those that specify limits, are always
locked: Maximum Copies, Maximum Priority, and Retain Job No Longer
Than. Even if the Manager does not specify a limit for these properties,
they are grayed out and inaccessible to users who are modifying their own
configurations.
These properties relate to a range in which the maximum value in that
range is specified. For example, if the default configuration has a locked
property limiting the maximum number of copies of a job that can be
printed to five, any number of copies up to five is allowed, but a job
calling for 10 copies will be rejected.
Individual locked properties. Many properties are tied to a specific
setting. For example, you can lock the priority of jobs to be printed using
this configuration, or designate a specific banner page that must be used
when jobs are submitted.
Once a default configuration property has been locked, it will be locked for all
jobs submitted to that printer and for all new configurations created for that
printer as well, whether that configuration has been created with NetWare
Administrator or by a workstation user when creating a new configuration for
an installed printer.
Any job submitted to an old configuration must conform to the new locked
property or the job will be rejected.

103-000137-001
August 31, 2001
Novell Confidential
Use the following procedure to lock one or more properties for a printer.
2 Browse to and select the printer you want to lock a property on.
3 Click the Configuration tab.
4 Check the check boxes of the properties you want to lock.
5 Click OK.
Optimizing Event Notification

In NetWare Administrator, administrators can configure event notification for
users who want to be notified of a defined printer or server event that occurs
during the processing and printing of a job.
For example, the administrator for a specific printer (by default a Manager of
that printer) can designate an Operator to be notified if the printer runs out of
paper or if the toner is low.
Notification Types
In NetWare Administrator, administrators can configure two types of event
notification:
Job-owner notification. You can configure event notification for job
owners only through the printer's Configuration dialog box. When
notification is part of a configuration, the owner of a job submitted to a
printer with that configuration will receive the notification specified. For
more information, see “Configuring Job-Owner Notification” on page 83.
At the workstation, individual users can use the Novell Printer Manager
to configure event notification pertaining to their own jobs.
Interested-party notification. You can use the Access Control
Notification feature to configure notification to be sent to a printer's
Managers, Operators, or other interested parties about specified events,
normally those that require intervention of some kind.
Because this feature is tied to the Printer Access Control feature, it allows
you to restrict the list of individuals who will be receiving this notification
as much as you want. For more information, see “Configuring Interested-
Party Notification” on page 84.

103-000137-001
August 31, 2001
Novell Confidential
Delivery Methods
The availability of the following delivery options are dependent on which of
them you have enable. See “Enabling Event Notification Delivery Methods”
Pop-up notification. Messages will pop up on the screen of individuals
designated to receive them. Users designated for pop-up notification must
have a default server defined in their User Environment specified in
NetWare Administrator. They also must be currently authenticated to that
server or they will not receive notification.
SMTP notification. Messages will be sent to the recipient through SMTP
(Simple Mail Transfer Protocol) in IP-based systems.
Log file notification. Messages are written to a file at a designated
location on a NetWare server that the recipient has rights to. This is
especially useful for keeping a record of printing events for auditing
purposes (such as job completions, how often the toner ran out, etc.).
Programmatic notification methods. Two programmatic notification
delivery methods are shipped with NDPS: SPXTM and RPC.
Third-party notification methods. The open architecture of NDPS
allows third parties to develop additional delivery methods.
Configuring Job-Owner Notification

Job-owner notification can be configured for specific print jobs or for printer
configurations. This section provides procedures for each method.
Notification for Specific Print Jobs
Configuring notification for a specific print job can be done as follows.

1 From the main Printer Control view of the printer's Details page, click
Jobs/Job List.
2 (Conditional) If you want to see a list of jobs being retained and not
currently scheduled for processing, click Show Retained Jobs.
3 Click Options and select Configurations from the drop-down list.
4 Click Notification.
5 Select the notification methods and events you want.
6 Click OK.

103-000137-001
August 31, 2001
Novell Confidential
Notification for a Configuration
The following procedure explains how to configure job-owner notification by

modifying an existing configuration. You can also configure job-owner
notification when creating a new configuration.
1 In NetWare Administrator, select the printer that you want to configure.
2 Click the Configuration button.
The Printer Configurations window lists the default printer configuration
and any other configurations that have been created for this printer in
NetWare Administrator.
3 Select the configuration you want to modify and click Modify.
4 Click the Notification tab.
5 Click the icon representing the method you want to use.
7 Click OK.
Configuring Interested-Party Notification

The following procedure allows you to specify the users who will receive
event notification for a NDPS Printer object, the method of notification, and
the types of events they will receive notification for.
1 In NetWare Administrator, select the Printer you want to configure.
2 Click the Access Control button.
Three roles are available: Manager, Operator, and User.
3 Select the role you want to configure Access Control notification for.
4 Select the object you want to configure notification for and click
Notification.
5 Click the icon representing the method you want to use.
7 Click OK.

103-000137-001
August 31, 2001
Novell Confidential
Setting Print Job Spooling

Although NDPS has eliminated the need to send print jobs through queues,
jobs submitted to NDPS printers will often need to be stored somewhere when
the printer is already processing other jobs or when the job is on hold or retain
status. Job spooling allows you to specify where you want jobs to be stored
while they await processing.
By default, the spooling area for a printer is located on the same volume as the
database for the NDPS Manager supporting that printer. However, the
Spooling Configuration option allows you to spool jobs to a different location
through the following procedure.
Job spooling as used by NDPS offers greater simplicity and management
convenience than queue-based printing. In NDPS, spooling requires only that
a directory be designated where jobs can be stored while awaiting processing.
You can modify job spooling at any time, even when a job is already being
processed.
The following procedure explains how to optimize job spooling.
2 Browse to and select the printer you want to enable Access Control for.
3 Click Configuration > Spooling.
4 Modify the spooling information.
Spooling Location: Specify the path where print job data will be stored
while waiting to be printed. By default, the spooling area for a printer will
be located in the same volume as the database for the NDPS Manager
supporting that printer.
Available Disk Space: The amount of disk space available on the
volume.
Limit Disk Space: To limit the amount of disk space to be used for
spooling, check the check box and sent the limits you want.
Spooling Space: The total amount of disk space in kilobytes (KB) you
want to set aside for print job spooling.
Retained Job Space: The amount of disk space in kilobytes (KB) you
want to set aside for holding retained print jobs. This amount should be
sufficiently less than the total spooling space to ensure that new print jobs
can be processed efficiently.

103-000137-001
August 31, 2001
Novell Confidential
There are four common job scheduling algorithms available: First In,
First Out, Print Shortest Job First, Minimize Media Changes, Backward
Compatibility.
5 Click OK.
Supporting Queue-Based Client Workstations

If your network includes clients like Macintosh and OS/2 that are not able to
send jobs to Printer Agents directly, the backward compatibility of Novell
Distributed Print Services (NDPS) allows these clients to submit jobs to the
same queues they always have. Then the Printer Agent can retrieve jobs from
these queues and print them.
If you want a printer to service legacy queues, here's how to set it up.
1 In iManage click iPrint Management > Manage Printer.
3 Click Client Support > QMS Support.
4 Modify (add to/delete from) the Service Jobs from NetWare Queues list.
5 Click OK or Apply to save the settings.

103-000137-001
August 31, 2001
Novell Confidential
5 Managing the Print Services Manager

necessary, you will probably want to modify some of those settings so that you
can manage your printing resources most effectively.
“Optimizing Fault Tolerance” on page 87
“Moving the NDPS Manager” on page 88
“NDPS Manager Startup Switches” on page 89
Optimizing Fault Tolerance

The NDPS Manager uses a database to store information about the printers it
controls. This database is backed up and replicated in eDirectoryTM. The
database is automatically backed up, by default, once a day. You can modify
the backup options or manually backup the database using server console
interface for the Manager.
If the database fails to load through normal mechanisms, you can retrieve the
database from eDirectory and load the NDPS Manager on any other server in
IMPORTANT: You cannot restore a database from eDirectory to the same server
that it was backed up from. In order to restore a database from eDirectory to its
original source server, you must first restore it to a different server, and then back
the database up to eDirectory from that server. You can then restore it to its original
server.
Managing the Print Services Manager 87
Place Book Title Here

August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Modifying the Database Backup Options

1 At the server console, go to the Available Options menu for the NDPS
Manager.
2 Select NDPS Manager Status and Control > Database Options.
3 Modify the desired settings.
4 Escape back out to the Available Options menu.
Restoring a Database from eDirectory

1 At the server where you want to restore the database, enter
load ndpsm /dbvolume
See “NDPS Manager Startup Switches” on page 89 for more information.
2 Select the name of the NDPS Manager whose database you want to
restore.
If the server with the original database is up and running, its name will
appear in this menu. If the server is down, no server name will appear
here. The only Source option available will be eDirectory (existing jobs
will be lost).
3 Select the source of the backup you want to restore.
In most cases, you will be selecting eDirectory as the source.
You will be prompted to select a volume.
4 Select the volume where you want the database placed.
The restored database is then copied to the location you selected.
Moving the NDPS Manager

Sometimes it is necessary to move the NDPS Manager from one server to
another. If you assigned a DNS name to the NDPS Manager, you should
update the DNS entry with the new IP Address the Manager is running on.
1 If the NDPS Manager is currently running, exit the Manager.
WARNING: All printing associated with this NDPS Manager will cease and waiting
print jobs will be lost.
2 At the other server console enter

load ndpsm
88 Place Book Title Here

August 31, 2001
Novell Confidential
If you need to use a startup switch, see “NDPS Manager Startup

Switches” on page 89.
3 Select the NDPS Manager object you want to load.
A specific NDPS Manager can run only once.
You will be prompted to download the database, and the Manager will
start running.
NDPS Manager Startup Switches

Syntax :
load ndpsm NDPS_Manager_name_and_context /startup
parameter
Example:
load ndpsm .sales_manager.corp.acme /
dbvolume=sales_sys
The following table lists the startup switches you can use when loading
NDPSM.NLM.
Startup Parameter Description
nodatabase Load the NDPS Manager without

opening the database. The Database
Options menu is displayed which lets
you examine, backup, restore,
resynchronize, and uninstall the
NDPS Manager database. See
“Understanding the NDPS Manager”
on page 24 for more information
about the NDPS Manager database.
noipx The NDPS Manager will not support

the IPXTM protocol.
noip The NDPS Manager will not support

the IP protocol.
Managing the Print Services Manager 89

August 31, 2001
Novell Confidential
dbvolume=full_DNS_volume name Download the database from NDS®

and reconnect pointers to the local
server where the command is
executed. This is useful for moving
the NDPS Manager to a new volume.
dbvolume=nocheck The NDPS Manager will not validate

that the database volume is local.
This is used with Clustering.
setens=broker_name Set the Event Notification Service to

the specified broker for all printers
associated this NDPS Manager.
setrms=broker_name Set the Resource Management

Service to the specified broker for all
printers associated this NDPS
Manager.
qloadbalance The NDPS Manager evenly

distributes the waiting print jobs
among printers that are ready. This is
used when pooling printers.
iprinton The IPP attribute is turned on for all

printers associated with the
associated NDPS Manager.
dnsname=NDPSM_DNS_name This sets a DNS name to an NDPS

Manager object. You will need to
include the DNS information in your
DNS lookup tables.
If you included the DNS Name before

deploying printing with this manager,
then you can easily move the NDPS
Manager to another server without
disrupting printing.
NOTE: The DNS name must be

assigned before printing on the NDPS
Manager is deployed.

August 31, 2001
Novell Confidential
6 Managing the Broker

necessary, you will probably want to modify some settings so that you can
manage your printing resources most effectively.
“Adding or Updating Brokered Resources” on page 91
“Adding Banner Pages” on page 92
“Adding or Updating Printer Drivers” on page 96
“Enabling Event Notification Delivery Methods” on page 97
“Enabling and Disabling Brokered Services” on page 98
“Reconfiguring an NDPS Broker” on page 99
“Broker Startup Switches” on page 101
Adding or Updating Brokered Resources

The following procedure explains how to add banner pages, printer drivers,
and printer definition (NPD) files to the resource database available through a
Broker's Resource Management Service.
Resources cannot be installed from multiple diskettes. If a printer driver or
other resource is shipped on more than one diskette, copy the files to a
directory on a hard disk or network drive and install it from there.
Managing the Broker 91

103-000137-001
August 31, 2001
Novell Confidential
To add new resources through the Resource Management Service, do the

following.
1 Make sure the Resource Management Service is enabled either in
iManage or by going to your server console and viewing the Broker status
screen.
2 In iManage, click Manage Broker and then browse to and select the
Broker you want to work with.
3 Click Resource Management Service and then the resource you want to
work with.
4 Add or delete resources.
5 Click OK.
Adding Banner Pages

Banner pages are pages that are printed at the beginning of a print job and that
normally contain job identification information. In NDPS, banner pages can
be configured for PostScript*, PCL*, and text formats.
NDPS provides you with a variety of options for creating and selecting banner
page designs. You can choose from several ready-to-use banner page designs,
or you might create a unique design that includes your company's logo, a
drawing, or even a photograph.
When you add a new banner, it will be immediately available for printer
configurations. If you want a banner page to be printed, you can select which
banner design you want to use at the General tab on the Configuration page.
The Configuration page lists only banners available in the format your printer
supports. For example, if you are using a PostScript printer, only banners in
PostScript format will be available at the General configuration page.
Each banner page includes the following information in an information box at
the bottom of the page: Job Name, Job Owner, Time Printed, Date Printed.
If your client, printer, and server are not all configured for the same language,
you might experience problems with the output of your banner pages, such as
the job name being corrupted. If you are working in this type of mixed
environment, you should consider not using banner pages.
Banners are added to the resource database through the Broker's Resource
Management Service.
See the following topics for information about specific tasks associated with
using banners.

103-000137-001
August 31, 2001
Novell Confidential
Adding Banners to the Resource Management Service

screen.
2 In iManage, click Manage Broker and then browse to and select the
Broker you want to work with.
3 Click Resource Management Service > Banners.
4 Add or delete banners.
5 Click OK.
What Printer Types Support What Kind of Banner

A list of supported banners is supplied by both the Novell Gateway (through
the PDS) and third-party gateways. The gateway first determines which file
extension (.PCL, .PS, or .TXT) is appropriate for the way the Printer object (or
Printer Agent) was configured during creation. It then queries the associated
Broker for a list of banner page files with that extension. For a list of formats
supported by a specific NDPS printer, go to the main Printer Details page and
click the Features button.
Creating Banner Files

Administrators with knowledge of printer languages can create custom
banners for use with NDPS. NDPS currently supports three types of custom
banners:
PCL (.PCL extension). See “Creating a PCL Banner” on page 94.
PostScript (.PS extension). See “Creating a PostScript Banner” on page
95.
Generic text (.TXT extension). See “Creating a Generic Text File” on
page 95.

103-000137-001
August 31, 2001
Novell Confidential
All custom banners that are created should have one of these extensions.
When creating custom banners, keep in mind that complex banners will
increase the print time for jobs. Here are some tips for creating an efficient
banner:
Use internal/resident printer fonts instead of rasterized system fonts.
When using graphics, use vector graphics when possible. Bitmaps take up
a lot more space.
Avoid half-toned images.
Creating a PCL Banner
A working knowledge of the Hewlett Packard* (HP*) PCL printer language

is needed in order to create a custom PCL banner. The easiest way to create a
PCL banner is to create the banner using an application like WordPerfect or
MS Write. Be sure to leave the lower third of the custom banner page blank
because NDPS will overlay the following information in a PCL banner page:
Job Name
Job Owner
Time Printed
Date Printed
1 After formatting the banner page, print the banner document to a file
using the appropriate PCL printer definition.
The driver properties will have to be changed from printing to a port/
network to printing to a file on disk. All PCL banners must have the .PCL
extension.
2 Remove the form feed and reset commands in the file that was printed to
disk.
You will need a binary editor to remove the form feed and any reset
commands from the file. The form feed and reset commands will be in the
overlay that NDPS provides. A form feed in PCL is a decimal 12 (hex
0C). There are several possible reset commands that need to be removed.
Decimal 27, 69 (hex 1B,45) is the printer reset in PCL. The following
Universal Exit Command (UEL) also needs to be removed:
Decimal 27,37,45,49,50,51,52,53,88
(Hex 1B,25,2D,31,32,33,34,35,58)
Once the form feed and reset are removed, you have a banner file that can
be used with NDPS.

103-000137-001
August 31, 2001
Novell Confidential
3 Add the banner to the Resource Management Service.

See “Adding or Updating Brokered Resources” on page 91 for more
information.
Creating a PostScript Banner
A working knowledge of the Adobe* PostScript printer definition language is

needed in order to create a custom PostScript banner. The easiest way to create
a PostScript banner is to create the banner using an application like
WordPerfect or MS Write. Be sure to leave the lower third of the custom
banner page blank because NDPS will overlay the following information in a
.ps banner page:
Job Name
Job Owner
Time Printed
Date Printed
1 After formatting the banner page, print the banner document to a file
using the appropriate PostScript printer definition.
The driver properties will have to be changed from printing to a port/
network to printing to a file on disk. All PostScript banners must have the
.PS extension.
2 Using a text editor, remove the PostScript operator called showpage from
the file that was printed to disk.
The driver will probably have a procedure that includes the showpage
command. (The showpage command will be in the overlay that NDPS
provides.) Sometimes showpage is embedded in another function within
the driver and you will have to use care in removing it.
3 Add the banner to the Resource Management Service.
See “Adding or Updating Brokered Resources” on page 91 for more
information.
Creating a Generic Text File
A generic text banner must have a .TXT extension. The banner can be
formatted in any printer language. NDPS will not overlay any additional
information on this banner page.

103-000137-001
August 31, 2001
Novell Confidential
Adding or Updating Printer Drivers

A printer driver is a software entity that directly supports a physical printer,
enabling it to carry out the functions it is intended to perform.
Hardware vendors develop printer drivers, which are specific to each printer.
Most printers require different printer drivers for each operating system they
interact with. NDPS allows you to view a complete list of printer drivers
currently loaded in the Broker's Resource Management Service (RMS)for
Windows, and to add additional printer drivers from diskettes and Windows
.CAB files.
NDPS ships with only English-language drivers. To make drivers in other
languages available for installation on workstations, you will first need to add
those drivers to the RMS through the procedure described in this section.
While the majority of printer drivers in common use today can be used with
NDPS, some cannot. A few drivers do not work on a network at all, while
others might not contain an index file or have an index file that is incorrectly
formatted. If you attempt to add a printer driver to the Resource Management
Service from a diskette and receive an error message stating that a printer
driver cannot be found, you should contact the driver's vendor.
Prerequisite
Printer drivers cannot be installed to the Resource Management Service from
multiple floppy disks. If a printer driver is shipped on more than one disk,
copy the files to a directory on a hard drive or network drive and install the
driver from there.
Procedure
screen.
2 In iManage, click Manager Broker and then select the Broker you want to
work with.
3 Click Resource Management Service and then the type of printer driver
you want to add.
4 Add or delete printer drivers to the list.

103-000137-001
August 31, 2001
Novell Confidential
When adding a resource, you will need to browse to the location of the
print driver’s .INF file. If the file contains multiple print drivers, you will
need to select the drivers you want to add to RMS.
5 Click OK or Apply to save your changes to the database.
The drivers will not be added to the database until you do this.
The process described above might not work if the driver installation .INF file
uses subdirectory paths in filename designations within the copy files sections
of the .INF file. This format is not currently supported by NDPS. There are
two possible solutions for this problem:
Look for an .INF file that does not use this format for filenames. Often
one may exist in a subdirectory of the installation disk.
Edit the .inf file and remove path information from filenames. Then
ensure that all the files are in the same directory as the .INF file.
Enabling Event Notification Delivery Methods

The NDPS Broker provides an Event Notification Service (ENS) that allows
printers to send customized notifications to users and operators about printer
events and print job status. ENS supports a variety of delivery methods,
including pop-up messages, log files, e-mail and programmatic. Third parties
can also develop additional methods.
The Event Notification Service allows you to enable delivery methods such as
e-mail and third-party methods not provided directly with NDPS. The
executable files for these methods have an .ENM extension (filename.ENM)
and must be added to the server\SYS:SYSTEM directory or another location
in the server's search path.
For more information about Event Notification, see “Understanding the Event
Notification Service” on page 29.
1 Be sure the Event Notification Service is enabled by going to your server
console and viewing the Broker status screen.
2 In NetWare Administrator, select the Broker you want to work with.
3 Select the Event Notification view.
4 Click the Load or Unload button.
WARNING: Do not unload the RPC and SPXTM Programmatic Notification
methods. These are needed for communication between printers and the
workstation Printer Manager utility to occur and for driver download to take place.

103-000137-001
August 31, 2001
Novell Confidential
5 Specify the ENM filename for the notification method you want to load.
This ENM must be in your server\SYS:SYSTEM directory or in another
location in your server's search path in order to be loaded.
The Broker object will load this notification method automatically in the
future.
Enabling and Disabling Brokered Services

When NDPS is initially installed, the three network services provided by the
NDPS Broker are automatically enabled on the Broker object. As your
printing needs grow or change and you add additional Brokers to your
network, you might want to disable certain services provided through a Broker
on a specific server and allow them to be provided through a different Broker
(to save disk space on the first server, for example), or you might want to
enable services on a Broker that are currently disabled. This procedure
explains how these tasks are performed.
1 In NetWare Administrator, select the Broker object you want to work
with.
2 Click the button for the service you want to enable or disable.
3 At the Service Status line, select either Enable or Disable.
The service is now either enabled or disabled. If disabled, services will
need to be provided by a different Broker.
Printer Agents using the services that were disabled will automatically
search for another Broker on the network that will provide these services,
so normally these printers should continue to be available for processing
jobs.
However, if you want to specify a preferred Broker for a Printer Agent to
use for these services, you must do this from each NDPS printer's Printer
Control page in NetWare Administrator by selecting Features/Services.
If a Broker is unloaded and then is brought back up, Printer Agents that
have designated that Broker as their preferred service provider will not be
automatically reconnected to it. In order to reconnect to the preferred
service provider, you must either unload each Printer Agent and bring it
back up, or unload the NDPS Manager that controls the affected Printer
Agents and bring it back up, thus bringing up all the Printer Agents with
it.

103-000137-001
August 31, 2001
Novell Confidential
If the Resource Management Service cannot be enabled, check for one of

the following problems:
The Broker object does not have rights to access the RMS data
storage area (the default is NDPS\RESDIR\). Use NetWare
Administrator to grant the Supervisor right to the Broker for that
subdirectory.
The RMS data storage area has a directory name that is longer than
eight characters or includes invalid characters.
Reconfiguring an NDPS Broker

In most instances, the default configuration for the three support services it
provides will result in satisfactory performance. However, in certain
circumstances you might want to change that configuration. Here are a couple
of examples:
As you gain experience with your NDPS setup, you might want to
reconfigure the default properties assigned to the Broker.
If disk space on your volume is limited, you might want to move the
managed resources database accessed by the Resource Management
Service to a different volume on the same server or to a different server in
the same eDirectory tree where more disk space is available. (The default
location for the RMS resources is server\SYS:NDPS\RESDIR\)
Prerequisites
To reconfigure a Broker, you must have at least Read, Write, and Modify
rights for the container where the Broker resides.
If you change the location of your Resource Management Service
database, you need to have rights to the new location.
If you change the location of your Resource Management Service
database, you need to have an existing Resource Management Service
database directory to point to when you specify the volume for the RMS
during this process. The path you specify must point to a directory that
currently exists and that already contains resources. (The RMS data
storage area must not have a directory name that is longer than eight
characters or includes invalid characters.) If you point to an empty
directory, you will receive an error message from the server when loading

103-000137-001
August 31, 2001
Novell Confidential
the Broker saying that the Broker cannot be enabled. (You can copy
resources from another RMS to this directory if you want.)
Procedure
The following procedure explains how to reconfigure an existing Broker
object or move your brokered resources to a different location.
1 In NetWare Administrator, select the Broker object you want to
reconfigure.
2 If you want to change the location of your resources, complete the
following:
2a Click Resource Management.
2b Enter in the resource path you want to use for storing these resources.
You might need to assign the Broker all rights (Supervisor right) to
the new area.
3 If you want to modify the Access Control list, click Access Control and
add or remove users from the Managers list.
See “Managing the Broker” on page 91 for more information.
4 If you want to enable or disable your Service Registry, click Service
Registry Service.
See “Enabling and Disabling Brokered Services” on page 98 for more
information.
5 If you want to load or unload Notification methods, click Event
Notification.
See “Enabling Event Notification Delivery Methods” on page 97 for
more information.

103-000137-001
August 31, 2001
Novell Confidential
Broker Startup Switches

Syntax:
load broker broker_name_and_context /
startup_parameter
Example:
load broker .sales_manager.corp.acme /
dbvolume=sales_sys
The following lists the startup switches you can use when loading
BROKER.NLM.
noui Loads the Broker without displaying the user

interface.
noipx The NDPS Manager will not support the IPXTM

protocol.
noip The NDPS Manager will not support the IP

protocol.
allowdup The NLMTM will not check for two brokers using the
same Broker object.

103-000137-001
August 31, 2001
Novell Confidential

103-000137-001
August 31, 2001
Novell Confidential
7 Managing Printing Security
NDPS® is designed to take full advantage of eDirectoryTM. You receive all the
benefits of eDirectory security and the easy management provided by the
industry's most advanced and robust directory service. The Access Control
feature for NDPS allows you to specify the access each User, Group, or
container object will have to your NDPS printing resources.
Access control roles are mutually exclusive, even though the same individual
might need to perform tasks reserved for different roles. For example, only
printer Managers can add or delete printer Operators or printer Users. In a
similar way, Managers and Operators must also be designated as Users for a
printer before they can submit print jobs to it.
In actual implementation, the NDPS defaults prevent most problems that
might occur from these distinctions. For example, a printer Manager is
automatically designated an Operator and User as well, while an Operator of
a printer is automatically designated a User of that printer also. You cannot
remove the User role from an Operator, and you cannot remove the Operator
and User roles from a Manager.
The creator of an NDPS object is automatically granted privileges for all
available roles for the type of object being created.
The following sections illustrate some of the security issues and features you
might find useful as you plan your NDPS setup.
“Setting Printer Security Levels” on page 104
“Setting Access Control for NDPS Printers” on page 105
“Setting Access Control for NDPS Manager” on page 108
“Setting Access Control for NDPS Brokers” on page 110
Managing Printing Security 103

103-000137-001
August 31, 2001
Novell Confidential
Setting Printer Security Levels

Printer security levels affect how rights to a printer are determined and
enforced. The default security level is Medium. With sensitive print data, you
might want to set the security level to High; however, performance will be
effected.
Printer Security Level Secure Printing Enabled
Low Security is enforced by the client

applications only
Medium (default) Security is enforced by NDPS

Manager if print data integrity is
involved. Otherwise, security is
enforced by the client
applications.
High Security is enforced by the NDPS

Manager for all operations.
To set a printer’s security level, do the following:

3 Click the Access Control > Security.
4 Select the level of security you want for the printer.
5 Click OK or Apply to save your changes.

103-000137-001
August 31, 2001
Novell Confidential
Setting Access Control for NDPS Printers

Printer security is ensured through the assignment of the Manager, Operator,
and User access control roles and by the strategic placement of your printers
and printer configurations.
You can assign multiple Printer objects to represent a single Printer Agent.
You can then make different access control assignments to each Printer object.
This can be an especially useful option if you want to allow users in different
containers to use the same printer, because each group of users can be given
different rights to the printer.
A physical printer cannot be a controlled access printer and a public access
printer at the same time. However, if you delete all the Printer objects
representing a Printer Agent, that printer will become a public access printer.
The following sections discuss security options for NDPS printers in more
detail.
“Printer Access Control Roles” on page 105
“Assigning Printer Access Control Roles through NDPS Printer Objects”
on page 107
“Assigning Printer Access Control Roles through User Objects” on page
107
“Planning Your Printer Connections and Locations for Better Security”
on page 108
Printer Access Control Roles

Different User, Group, or Container objects can have different access rights to
the same printer. For example, if you want only certain users to be able to send
jobs to a particular printer, you can specify which users should have access and
what access roles each will have.
The following table describes the rights and privileges associated with each of
the NDPS Printer access control roles.

103-000137-001
August 31, 2001
Novell Confidential
Role Description
Manager NDPS tasks performed exclusively by the Printer Manager are those that
require the creation, modification, or deletion of NDPS Printer objects, as well
as other eDirectory administrative functions. Printer Managers are
automatically designated as printer Operators and Users as well, so they can
perform all tasks assigned to the Operator role. Typical Manager functions
include the following:
Modifying and deleting Printer objects
Adding or deleting Operators and Users for a printer
Adding other Managers
Configuring interested-party notification
Creating, modifying, or deleting printer configurations
Operator Printer management tasks performed by the Operator include the following:
Performing all of the functions available through the Printer Control page
Pausing, restarting, or reinitializing printers
Reordering, moving, copying, and deleting jobs
Setting printer defaults, including locked properties
Configuring print job spooling
Operators cannot create, modify, or delete eDirectory objects or perform other

eDirectory administrative functions.
User NDPS tasks performed by Users include the following:

Submitting print jobs
Managing print jobs they own (Users cannot copy, move, reorder, or
remove jobs they do not own)
To simplify administration, the container a printer resides in is automatically

assigned as a User for that printer, so all users in that container and its
subcontainers can use that printer without being added to the list. You can
delete the container from the list if you want to limit access to certain users,
groups, or roles.

103-000137-001
August 31, 2001
Novell Confidential
Assigning Printer Access Control Roles through NDPS Printer

Objects
Different User, Group, or container objects can have different access rights to
the same printer. For example, if you want only certain users to be able to send
jobs to a particular printer, you can specify which users should have access and
what access roles each will be given.
3 Click the Access Control tab.
4 Add or delete Users, Groups, or Container objects to the different Access
Control roles.
5 Click OK.
Assigning Printer Access Control Roles through User Objects

In addition to configuring access control through NDPS printers, you can also
configure access control through User objects.
The following procedure assumes that you are modifying the attributes for an
existing User. You can also adapt this procedure if you are creating a new User
object.
1 From the NetWare Administrator browser's Object menu, select the User
object you want to configure access control for, and then click NDPS
Printer Access Control.
A list of available NDPS printers is displayed with icon representations
of the three NDPS Access Control roles: User, Operator, and Manager.
2 Select the printer that you want to assign this user an access control role
for.
3 Check the roles you want this user to be assigned for this printer.
If you check Manager, this user is automatically assigned Operator and
User roles as well. Operator and User roles are assigned independently.
Keep in mind that a User object must be assigned the access control role
of User in order to submit print jobs to that printer.
4 (Optional) Click the Event Notification button to configure event
notification for this user.
5 Click OK.

103-000137-001
August 31, 2001
Novell Confidential
Planning Your Printer Connections and Locations for Better Security

Depending on your organization's needs, the network administrator can attach
printers directly to NetWare® servers or to the network. Both types of setup
can provide security and administrative advantages. The ideal combination for
each installation is different and will change as needs change. Be sure to
consider the advantages of each approach when you set up your network.
Connecting the printer to the server places the two resources in close
proximity to each other. If the server is in a secure location, this means that the
printer is locked up with the server. This might be an advantage. For example,
your company might use that printer to print confidential documents. Having
the printer in a secure location protects these documents.
Because most printers are already network-enabled, the most common type of
network setup includes printers attached directly to the network. This allows
the printer to be placed in a convenient location for all users, and places it
away from the server for security reasons. Users who use the printer normally
will not have access to the server console. Security is still maintained by
requiring users to use a password to log in to the network before they can use
the printer.
Setting Access Control for NDPS Manager

NDPS Manager security is ensured through the assignment of the Manager
access control role.
NDPS Manager Access Control Role

The only access control role available for the NDPS Manager is that of
Manager. The following table explains the tasks performed by the Manager
role.

103-000137-001
August 31, 2001
Novell Confidential
Role Description
Manager NDPS tasks performed exclusively by the Manager are those that require the
creation, modification, or deletion of eDirectory objects, or that involve other
eDirectory administrative functions. Typical Manager functions include the
following:
Creating Printer Agents and NDPS Manager objects
Adding or deleting Operators and Users for a printer
Configuring interested-party notification
Creating, modifying, or deleting printer configurations
Assigning the Manager Role for NDPS Managers

The following procedure explains how to make Manager assignments for your
NDPS Manager objects.
1 In iManage, click iPrint Management > Manage Print Service Manager.
2 Browse to and select the Print Service Manager you want to enable
Access Control for.
4 Add or delete Users, Groups, or Containers to the Manager role.
5 Click OK

103-000137-001
August 31, 2001
Novell Confidential
Setting Access Control for NDPS Brokers

Broker security is ensured through the assignment of the Manager access
control role and by the optional assignment of a password to the Broker.
Broker Access Control Roles

The access control roles available to the NDPS Broker are Manager and Public
Access User. The following table explains the roles
Role Description
Manager NDPS tasks performed exclusively by the Broker Manager are those that
require the creation, modification, or deletion of Broker objects, as well as
those that involve other eDirectory administrative functions. Typical Manager
functions include the following:
Creating, modifying, and deleting Broker objects
Enabling or disabling brokered services
Adding resources to the Resource Management Service
Assigning or changing a Broker password
Public Access User A public access user is a role assigned to all individuals on the network who
are users of printers receiving services and resources provided by the Broker.
This role is assigned by default and does not require specific administrative
action by the Broker Manager.
Assigning Managers for NDPS Brokers

The following procedure explains how to make Manager assignments for your
NDPS Broker objects.
1 In iManage, click iPrint Management > Manage Broker.
2 Browse to and select the Broker you want to enable Access Control for.
4 Add or delete Users, Groups, or Containers to the Manager role.
5 Click OK.

103-000137-001
August 31, 2001
Novell Confidential
8 Troubleshooting Your Print System
This chapter focuses on troubleshooting issues that might arise with Novell®
Distributed Print ServicesTM (NDPS®) printing. It also presents general
principles that can be of value for a variety of network printer configurations,
and it provides help for troubleshooting problems with the printer itself.
Troubleshooting Your Print System 111

103-000137-001
August 31, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Initial Troubleshooting Steps
Chart A NDPS Troubleshooting
INITIAL PRINTING PROBLEM
Are
Attempt to resolve there any error
YES
the error and try messages on printer,
again. server, or client?
SEE NOTE A1
NO
Try some quick

fixes.
SEE NOTE A2
Determine printing
environment.
SEE NOTE A3
Mixed NDPS and

All queue-based All NDPS queue-based Don't know
SEE NOTE A4 SEE NOTE A5 SEE NOTE A6
GO TO CHART B

103-000137-001
August 31, 2001
Novell Confidential
A1. Attempt to resolve the error and try again

With many printing problems, an error will be reported on the printer, the
client trying to print, or the server. If an error condition exists, use the
information provided to try to resolve the problem and then try again. If the
error is on the printer, see your printer's operating manual.
A2. Try some quick fixes

Many times, printing problems occur due to simple or temporary conditions.
The following are some common quick-fix techniques.
If the problem is limited to a single workstation client, try the following:

Check the printer's job list to ensure the job is getting to the spooling area.
Review what has changed since the printer was working properly.
Check printer forms and job configurations.
If the problem is affecting other workstation clients, try the following:

Check Printer Information in the Novell Printer Manager for NDPS error
messages.
Look for printer error conditions (such as beeps or LCD panel lights) and
printing error messages.
Turn the printer off and on.
Check the printer's cabling.
Look for messages on the server console.
Check the printer's job list to ensure the job is getting to the spooling area.
Review what has changed since the printer was working properly.
Check printer forms and job configurations.
Search the online Novell Support ConnectionTM for known issues.
Make sure you have the most current NDPS software.

103-000137-001
August 31, 2001
Novell Confidential
A3. Determining your printing environment

If there is no obvious solution to the problem, then you will need to begin
analyzing your printing system. In order to find the problem, the printing
environment being used must be identified.
NetWare provides two printing environments: the legacy queue-based printing
(see “A4. All queue-based environment” on page 114) and NDPS (see “A5.
All NDPS environment” on page 115). Either print system can be used alone
or the two can be used together (see “A6. Mixed NDPS and queue-based
environment” on page 115). Here are some ways to determine your printing
environment:
User. If the client platform is DOS, Macintosh, OS/2, or UNIX, these
clients are not directly supported by NDPS and can only print to a
network printer by submitting jobs to queues or use LPR printing. For
more information, see “Setting Up LPR Clients on UNIX” on page 69.
If the client platform is Windows, then they can be using either NDPS or
queues. Check the printer configuration under the Windows control panel
and check its network setting. Identify the network object being printed
to and determine if it is a Queue object or an NDPS Printer object.
Server files. At the server console look to see if the following are loaded:
NDPSM.NLM (the server is using NDPS)
PSERVER.NLM (the server has been, or still is, using queue-based
printing)
iManage. Load iManage and look at printing object configurations to
determine printing setup.
A4. All queue-based environment

If clients are submitting jobs to NetWare queues and the jobs are sent to the
printer through the PSERVER.NLM, then you are using queue-based printing.
Printing in a queue-based system consists of submitting jobs to a queue, from
which the print server sends the job to the printer based on the settings of the
Printer object. In queue-based printing, a problem usually occurs in one of
three general areas:
Getting the print job into the print queue
Transferring the job to the printer in the proper format
Printing the job properly

103-000137-001
August 31, 2001
Novell Confidential
For more information, see Troubleshooting General Printing Problems (http:/

/www.novell.com/documentation/lg/nw51/printenu/data/hlgnvvum.html) in
NetWare 5.1 Queue-Based Print Services.
A5. All NDPS environment

If you have the new client software and are submitting jobs to the printer
through Printer Agents and a Print Device Subsystem, then you are using
NDPS. See “Narrowing Your Focus” on page 116 for more information.
A6. Mixed NDPS and queue-based environment

For backward compatibility, it is possible to be using both queue-based
printing and NDPS together. Here are the two ways this can happen:
Clients such as DOS, Macintosh, OS/2, and UNIX are unaware of NDPS
and are unable to submit jobs to NDPS Printer Agents directly. The clients
must therefore send jobs to a print queue. An NDPS Printer Agent can be
configured to emulate a print server and service jobs from the queue to an
NDPS printer.
Some network printers can receive jobs only from a NetWare queue and
print server (for example, remote printers). If a client is configured to
send jobs only to a Printer Agent, the Printer Agent might be configured
to transfer the job to a queue where it can be serviced by a print server.
Because two different print systems are being used, the problem could exist in
either print system. See “Narrowing Your Focus” on page 116 to continue.

103-000137-001
August 31, 2001
Novell Confidential
Narrowing Your Focus
Chart B NDPS Troubleshooting
START HERE
Gather information Send job to same

on setup and printer from other
configuration. workstation(s).
SEE NOTE B3 SEE NOTE B1
NO
Has Can
printing ever NO other users print to
worked with the current the printer from their
configuration? workstations?
NOTE B4
YES YES
SEE CHART G
Has Gather information
workstation NO on setup and
printed to this printer configuration.
before?
NOTE B2 SEE NOTE B3
YES
GO TO CHART C

103-000137-001
August 31, 2001
Novell Confidential
B1. Send job to same printer from other workstations

Try printing to the same printer from one or more different workstation. This
will help you narrow your search to the specific workstation or to the whole
printing system.
B2. Has workstation printed to this printer before?

Has this workstation submitted jobs to this printer that printed successfully?
Is this a new setup?
Is this the first time printing was attempted from this workstation since
any changes were made?
Has this setup been working before and now is not?
If this is a new setup or a new configuration, then something might not be
configured.
If a job sent from this workstation has been printed successfully before, go to
“Determining Your Platform When Problem Affects Only One Workstation”
on page 118 to further track the problem.
B3. Gather information on setup and configuration

The initial setup might have been done incorrectly. Refer to “Creating NDPS
Printers” on page 62 for more information.
B4. Has printing ever worked with the current configuration?

Have any users been able to print jobs from their workstations using this
configuration? Determine the following:
Is this a new setup?
Is this the first time printing since any changes were made?
Has this setup been working before and now is not?
If this is a new setup, or a new configuration then something might not be
configured properly.
If other users have been printing successfully, then go to “Tracking Jobs from
a Workstation” on page 123 to further track the problem.

103-000137-001
August 31, 2001
Novell Confidential
Determining Your Platform When Problem Affects Only

One Workstation
Chart C NDPS Troubleshooting
DETERMINE WORKSTATION'S PLATFORM
DOS, Mac, UNIX Windows

(legacy, non-NDPS
clients)
GO TO CHART D
Are
NO queues being
serviced by an NDPS Don't know.
printer? SEE NOTE C4
NOTE C1
YES
Go to Go to Chart H.
“Troubleshooting
General Printing SEE NOTE C3
Problems” in Queue-
Based Print
Services.
SEE NOTE C2

103-000137-001
August 31, 2001
Novell Confidential
C1. Are queues being serviced by an NDPS printer?

Clients running on DOS, Macintosh, OS/2, and UNIX platforms are either
queue-based, meaning that they print to network printers by redirecting jobs
to a queue, or set up for LPR printing. You will need to determine whether the
network printer is being serviced by a queue-based print server (such as
PSERVER.NLM) or if NDPS is redirecting jobs through a Printer Agent.
C2. All queue-based printing

If clients are submitting jobs to a queue that is being serviced by a print server,
then the printing environment is all queue-based. For more information, see
Troubleshooting General Printing Problems (http://www.novell.com/
documentation/lg/nw51/printenu/data/hlgnvvum.html) in NetWare 5.1
Queue-Based Print Services.
C3. Queue-NDPS integration

The clients are unaware of NDPS and are unable to submit jobs to NDPS
Printer Agents directly. The clients must therefore send jobs to a print queue.
An NDPS Printer Agent can be configured to emulate a print server and
service jobs from the queue to a NDPS printer. See “Supporting Queue-Based
Client Workstations” on page 86 for more information. Then go to “Printing
Problems Affecting All Users” on page 128.
C4. Look in iManage for NDPS Printer objects

Load iManage and look to see if any NDPS Printer objects are defined.
If no NDPS Printer objects are defined, there should be a Print Server
object. Check the configuration of the print server to if the queue is
configured to be serviced by it.
If there are NDPS objects defined, look at the Printer objects to see if they
are configured to emulate a print server and service jobs from a queue.

103-000137-001
August 31, 2001
Novell Confidential
Isolating Printing Problems Affecting Only One

Windows Workstation
Chart D NDPS Troubleshooting
START HERE
Check Status of
printer in Windows
Control Panel.
SEE NOTE D1
Status is good. Status is not good.
Check to see what Printer is set for

network object working offline Other possibilities
installed printer is
servicing. SEE NOTE D9 SEE NOTE D10
SEE NOTE D2
NDPS object Netware Queue

(controlled access object
printer or public
access printer) SEE NOTE D5
Check Status of Are

printer in NDPS queues going to NO
Printer Manager. an NDPS printer?
SEE NOTE D3 NOTE D6
Go to
YES
“Troubleshooting
General Printing
Problems” in Queue-
Status is good. Status is not good. Go to Chart H. Based Print
Services.
SEE NOTE D7 SEE NOTE D8
Determine problem
GO TO CHART E from error message.
SEE NOTE D4

103-000137-001
August 31, 2001
Novell Confidential
D1. Check status of printer in Windows Control Panel

Printing from a Windows environment introduces several complexities which
might or might not be related to the network or the printer. Some problems can
be found and resolved right in the Windows environment. Check the status of
the printer in the Windows Control Panel to see if any problems are evident.
D2. Check to see what network object the installed printer is

servicing
Determine the network object print jobs are being redirected to.
1 Select the Printers folder from the Windows Control Panel or the Start/
Settings menu.
2 Select the installed printer and click File/Properties (or use the right-click
Properties option).
3 Click the Details tab.
4 Look at Print to the Following Port.
Identify the network object being printed to and determine if it is a Queue
object or an NDPS Printer object.
D3. Check status of printer in NDPS Manager

If the job did not appear in the job list, view information about the specific
installed printer using the NDPS Health Monitor.
D4. Determine problem from error message

D5. NetWare queue object

This printer is queue-based, meaning that the print driver prints to network
printers by redirecting jobs to a queue.

103-000137-001
August 31, 2001
Novell Confidential
D6. Are queues going to an NDPS printer?

The next thing you need to know is whether the network printer is being
serviced by a queue-based print server (such as PSERVER.NLM) or if NDPS
is redirecting jobs through a Printer Agent. Load iManage and look to see if
any NDPS Printer objects are defined.
If no NDPS Printer objects are defined, there should be a Print Server
object. Check the configuration of the print server to see if the queue is
configured to be serviced by it.
If there are NDPS objects defined, look at the Printer objects to see if they
are configured to emulate a print server and service jobs from a queue.
D7. Queue-NDPS integration

The clients are submitting jobs to a print queue which is then being serviced
by NDPS Printer Agents. See “Problems Integrating with Queue-Based
Components” on page 132 for more information.
D8. All queue-based printing

If clients are submitting jobs to a queue that are being serviced by a print
server, then the printing environment is all queue-based. For more
information, see Troubleshooting General Printing Problems (http://
www.novell.com/documentation/lg/nw51/printenu/data/hlgnvvum.html) in
NetWare 5.1 Queue-Based Print Services.
D9. Printer is set for working offline

Under certain circumstances, the printer might be set for working offline. This
can happen if Windows loses communication with the network, for example.
A user can also set it offline. If the printer is set to work offline, reset it to
online and try to print. If you cannot set the printer to online, then Windows
has lost communication with the network print system. Reboot the
workstation and if the condition still exists, check the client's connection to the
network.
D10. Other possibilities

Other negative status flags.

103-000137-001
August 31, 2001
Novell Confidential
Tracking Jobs from a Workstation
Chart E NDPS Troubleshooting
START HERE
Pause output of
NDPS printer.
SEE NOTE E1
Resend the print

job.
Check job list in

NetWare
Administrator.
SEE NOTE E2
No Yes
Resume printer
SEE CHART F Does print job appear output.
in the job list?
SEE NOTE E3
SEE NOTE E6
No
No
Is job still in Recheck the job list. Did job print?
job list?
Yes Yes
SEE NOTE E5 SEE NOTE E4

103-000137-001
August 31, 2001
Novell Confidential
E1. Pause output of NDPS printer

One method of troubleshooting is putting stops in the printing process and
then resending a job and testing how far in the process the job gets. The first
stop you can make is pausing the printer output.
Pausing printer output is a common technique used when troubleshooting
printing; it forces NDPS to spool your print job and save it as a file. Stopping
and evaluating the printing process midway helps you to identify early
problems and limits your troubleshooting to a few components.
To pause printer output for a controlled access printer, do the following:
1 Locate the NDPS Printer object in iManage.
2 Double-click the NDPS Printer object to open its Details page.
3 Click the Pause Output button.
The Pause Output button changes to a Resume Output button.
E2. Check job list in iManager

You can view the job list for a NDPS printers from iManage, the server
console, or the workstation Printer Manager. To view the job list from
iManage, see “Managing Print Jobs” on page 71.
The job list for a public access printer can be viewed from either the server
console or the Novell Printer Manager.
E3. Resume printer output

To resume printer output for a controlled access printer, do the following:
1 In iManage, click Manage Printer and then select the NDPS printer you
want to control.
2 Click the Resume Output button.
The Resume Output button changes to a Pause Output button.

103-000137-001
August 31, 2001
Novell Confidential
E4. Job printed this time but nothing was changed

If the job printed now, there is no authoritative explanation as to why it didn't
print the first time. If you followed these steps, no configurations have been
changed; the job was only paused and released. Try printing the job again and
see if normal printing continues. If not, try pausing the printer again and see if
any other symptoms occur.
E5. Job did not print and is still in the job list
If the job does not print and is still in the job list, then check for job holds,
delays, and priority settings.
E6. Job did not print but is no longer in the job list
If the job did not print, but it is not in the job list, then the job was sent to the
printer and no error was reported back to the system. Check these issues:
Are you are checking the correct physical printer?
Are you are using the correct print driver in your application?
Are your drivers and printers talking the same language (for example
Postscript or PCL)?

103-000137-001
August 31, 2001
Novell Confidential
Checking Printer Output and Using Test Files
Chart F NDPS Troubleshooting
START HERE
Check availability of
network printer.
SEE NOTE F1
Pause output of
NDPS printer.
SEE NOTE E1
No Does print job Yes

Resume printer
SEE NOTE F2 appear in the job list? output.
SEE NOTE E3
NOTE E2
SEE NOTE F5
No
No
Is the job still in Recheck the job list. Did the job print?
the job list?
Yes Yes
SEE NOTE F4 SEE NOTE F3

103-000137-001
August 31, 2001
Novell Confidential
F1. Check availability of network printer

Make sure that the printer is set to accept jobs. In iManage, verify that input is
not paused.
F2. Check for error messages

Also confirm that your NDPS objects are configured properly.
F3. Test file prints but jobs from application do not

If the test file prints but jobs from the application do not, then there is a
problem with the way the job is being formatted by the application or handled
by the driver. Reinstall the current print driver provided by the printer
manufacturer. Also try printing from different applications to determine
whether one application works while another does not. If this is the case, the
problem is related to the application itself.
F4. Job is being held in spooler

The job is being held in the job spooler. Check for job holds, delays, and
priority settings. If one of these conditions exists, change the status to print the
job. If the job prints, then see “F3. Test file prints but jobs from application do
not” on page 127.
F5. Job did not print but is no longer in the job list
If the job did not print but it is not in the job list, then the job was sent to the
printer and no error was reported back to the system. Make sure you are
checking the right physical printer.

103-000137-001
August 31, 2001
Novell Confidential
Printing Problems Affecting All Users

103-000137-001
August 31, 2001
Novell Confidential
Chart G NDPS Troubleshooting

START HERE
Determine degree of
printing problems.
SEE NOTE G1
No print jobs are No print jobs are

printing from any coming from a Jobs are printing
networked printer. specific printer. but are slowed or
corrupted.
SEE NOTE G2 SEE NOTE G3
SEE NOTE G4
Determine printing
environment.
SEE NOTE A3
Printer Agent is
pulling jobs from a Printer receiving
queue. jobs from an NDPS
Printer Agent.
SEE NOTE A6
Printer is a q-based Printer Agent is

printer serviced by submitting print Don't know.
a Print Server .jobs to a queue.
SEE NOTE A4 SEE NOTE A6
Check Status of
Go to NDPS printer in
“Troubleshooting NetWare
General Printing Administrator.
Problems” in Queue- See CHART H
Based Print SEE NOTE G5
Services.
Do print Does
No jobs No the NDPS status
appear in the job screen show
list? any errors?
NOTE E2
Go to CHART E Yes Yes
See Note G7 See Note G6

103-000137-001
August 31, 2001
Novell Confidential
G1. Determine severity and scope of printing problems

If printing is affecting all users, determine the degree of severity of the
printing problems. Can no users print from specific printers, or are no jobs
printing from any network printer? Or are jobs printing, but printing slowly?
G2. No print jobs are printing from any networked printer

If no users can print at all from any network printer, the problem is probably
a universal problem such as
The printing system is disabled or printing system files are unloaded.
The servers are in a critical state due to problems with memory, disk
space, LAN connections, etc.
The LAN has a bottleneck or is otherwise dysfunctional.
G3. No print jobs are coming from a specific printer

If the printing problem is limited to a certain printer, then the problem is either
at the printer itself or the configuration of the printer. Continue to determine
which printing environment you are using.
G4. Jobs are printing slowly or are corrupted

Jobs might be printing but are either slow or appear corrupt.
Slow Printing
There are several explanations for slow printing.

If only one workstation is having problems with slow printing, the application
might be generating the output for the printer. This can cause a long delay
before the job is even sent to the spooler. Look at the print status of the
application to determine if this is the case.
If all workstations are having the problem, one of the following conditions
might exist:
Interrupt conflicts might exist between the port and another device.
Configure the printer for no interrupts (polled mode).
The baud rate might be slow (serial printers).

103-000137-001
August 31, 2001
Novell Confidential
XON/XOFF might need to be enabled (serial printers).

Your hardware (cable, port, printer) might be faulty.
Job Corruption
If jobs are printing in pieces, the printer might not have sufficient memory to
hold the entire page to be printed. If it does not, it will print the part of the page
it has in memory and continue printing on the next page. This problem occurs
when printing jobs that contain large graphics.
G5. Check status of NDPS Printer in iManage

From iManager, click Manage Printer and then select the NDPS printer you
want to check. View the information on the Printer Control page.
G6. A problem is identified in an error message

Try to determine problem from the status or error message and resolve it.
Make sure that job input or output is not paused.
Check for any details that are grayed out and not available; these might
show you a problem.
G7. Jobs are getting to the job list but the printer is unable to print
them
Do the following:
Make sure there are no holds or delays.
Make sure the printer is configured properly.
Check the status of the gateway if one is being used. (A gateway is always
needed unless the Printer Agent is embedded in the printer itself.)
See “Tracking Jobs from a Workstation” on page 123 for more information.

103-000137-001
August 31, 2001
Novell Confidential
Problems Integrating with Queue-Based Components
Chart H NDPS Troubleshooting
PROBLEM: Jobs sent through a

queue are not printing.
PA
Non-NDPS Queue NDPS Printer

NDPS Printer
Client Agent
Printer is receiving jobs from an NDPS

Printer Agent which is pulling the print jobs
from a queue.
Reconfigure
Check Printer Agent spooling.
job list.
SEE NOTE H2
SEE NOTE E2
NO
Is the
Are print jobs NO
Check spooling job spooling
getting to Printer Agent configuration of the configured with the
job list? printer. correct queue
name?
SEE NOTE H1
YES YES
See CHART E Check job list for

queue.
SEE NOTE H3
Make sure jobs are NO YES Make sure NDPS

redirected to queues Are print jobs in printer input is not
correctly. queue job list? paused.
SEE NOTE H4 SEE NOTE E3
Or reconfigure
spooling.
SEE NOTE H1

103-000137-001
August 31, 2001
Novell Confidential
H1. Check the printer's spooling configuration

Make sure the printer is configured to service the queue you are expecting the
job to go to. See “Setting Print Job Spooling” on page 85 for more
information.
H2. Reconfigure spooling for this printer

The spooling configuration specifies a different queue than the one you want
this printer to service. See “Setting Print Job Spooling” on page 85 for
information on how to configure job spooling.
H3. Check the job list for the queue

Make sure the job is actually getting to the queue.
H4. Make sure the job is being redirected to the queue properly
Many applications are not designed for network printing. CAPTURE is a
command line utility that configures print job redirection from applications
not designed for NetWare print services.

103-000137-001
August 31, 2001
Novell Confidential

103-000137-001
August 31, 2001
Novell Confidential
9 Selecting the Correct Gateway to Use
Gateways allow Novell® Distributed Print ServicesTM (NDPS®) clients to

send jobs to printers that are not NDPS-aware (that is, printers that are not
equipped with embedded NDPS Printer Agents). You select and configure a
printer gateway when you create a new Printer Agent.
The following diagram illustrates a typical gateway configuration.
Third-party gateway
Printer Gateway
Agent
GW
PA
NDPS NDPS Existing

client server printer
Third-party gateways are developed by printer manufacturers to support

printers directly attached to the network. Because they are developed to
interact with specific proprietary printers, can provide a wider array of
information and offer options that are not available for the generic Novell
gateway. Some third-party gateways provide utilities that can be configured to
automatically create Printer Agents when one of their printers is attached to
the network.
Selecting the Correct Gateway to Use 135

103-000137-001
August 31, 2001
Novell Confidential
The Novell gateway supports most printers and provides support for other
print systems. The gateway supports LPR/LPD printing and IPP printing. LPR
is a UNIX-based printing protocol used by network-attached printers in TCP/
IP environments to service jobs submitted to print queues.
Using Third-party Gateways

A number of printer vendors have created their own gateways to run with
Novell Distributed Print Services. The documentation for implementing these
gateways is available at the Novell DeveloperNet Web site (http://
developer.novell.com/devres/nest/ndpsdown.htm).

103-000137-001
August 31, 2001
Novell Confidential
A Configuring Remote Printers
The NDPS® gateway allows you to configure all of your current remote
printers so that they will work just as they always have, whether they are
attached to a workstation or a remote file server or are directly attached to the
network running in RP mode. A remote printer controlled by an NDPS Printer
Agent will emulate a legacy print server (PServer Emulation) and will no
longer require PSERVER.NLM.
We recommend that you reconfigure your direct-connect printers currently
configured for Queue Server mode to run in RP mode so that they can take
advantage of the advanced features NDPS provides.
For detailed information, see the following:
“Configuring Remote Printers Using NPRINTER” on page 137
“Configuring Remote Printers Running in RP Mode” on page 139
“Configuring Remote Printers Running in LPR Mode” on page 140
Configuring Remote Printers Using NPRINTER

Use the following procedure to configure a new Novell® Distributed Print
ServicesTM (NDPS) printer attached to a workstation client or remote server
that is running NPRINTER.EXE or NPRINTER.NLM.
1 In NetWare Administrator, select the container where you want the NDPS
Printer object to reside.
2 From the Object menu, click Create > NDPS Printer.
The name should distinguish it from other printers on your system.
Configuring Remote Printers 137

103-000137-001
August 31, 2001
Novell Confidential
4 In the Printer Agent Source field, select Create a New Printer Agent and
click Create.
assign it to.
6 In the Gateway Types window, select the Novell Printer Gateway.
7 Configure the PDS by selecting the Printer Type and Port Type and then
click OK.
8 Configure the Connection Type as Remote and specify the Port Type as
LPT, COM, or Other. Then click Next.
9 In the PServer Emulation field, modify or use the default SAP Name,
specify a Printer Number, if needed, and specify any address restrictions
you want to impose for this printer. Then click Next.
10 Configure the Controller Type and Interrupts, if needed, and then click
Finish.
operating system.
12 Click OK.
printer listed.

103-000137-001
August 31, 2001
Novell Confidential
13 At the workstation or remote server that this printer is attached to, run
NPRINTER and select the SAP name specified in Step 10.
Workstation users can now select the printer and print to it.
Configuring Remote Printers Running in RP Mode

These instructions are for configuring a printer attached directly to the
network and running in RP mode, unless that printer is an HP printer.
If you are using a direct-connect printer configured for Queue-Server mode,
we recommend that you reconfigure that printer to RP mode and then
configure it as a NDPS printer using RP. This allows you to gain the
management benefits of NDPS while eliminating a Queue object from your
system.
1 From the browser's Object menu for the organization or organizational
unit, click Create > NDPS Printer.
click Create.
assign it to.
5 In the Gateway Types window, select the gateway you want to use.
6 Configure the Novell PDS by selecting the Printer Type and Port Type,
and then click OK.
7 Configure the Connection Type as Remote and specify the Port Type as
LPT, COM, or Other. Then click Next.
8 In the PServer Emulation field, modify or use the default SAP Name,
specify a Printer Number, if needed, and specify any address restrictions
you want to impose for this printer. Then click Next.
9 Configure the Controller Type and Interrupts, as needed, then click
Finish.

103-000137-001
August 31, 2001
Novell Confidential

operating system.
11 Click Continue.
Configuring Remote Printers Running in LPR Mode

Use the following procedure to configure a remote printer running in LPR
mode in TCP/IP environments, unless that printer is an HP printer.
LPR will work only if TCP/IP is configured correctly.
1 From the browser's Object menu for the organization or organizational
unit, click Create > NDPS Printer.
click Create.
assign it to.
5 In the Gateway Types window, select the Novell gateway.
6 Configure the Novell PDS by selecting the Printer Type and Port Type,
and then click OK.
7 Configure the Connection Type as Remote LPR/TCPIP and specify the
Port Type as LPT, COM, or Other. Then click Next.

103-000137-001
August 31, 2001
Novell Confidential

operating system.
9 Click Continue.
printer listed.

103-000137-001
August 31, 2001
Novell Confidential

103-000137-001
August 31, 2001
Novell Confidential
Novell eDirectory 8.6 Quick Start
Novell
eDirectory ™
www.novell.com
8.6
Q U I C K S TA R T S B O O K L E T
November 30, 2001

Novell Confidential
Contents
Novell eDirectory Overview . . . . . . . . . . . . . . . . . . . . . . . 7
Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Installing or Upgrading Novell eDirectory on NetWare . . . . . . 9
System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Forcing the Backlink Process to Run . . . . . . . . . . . . . . . . . . . . . . . . . 10
Installing Novell eDirectory on NetWare . . . . . . . . . . . . . . . . . . . . . . . 11
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Updating the eDirectory Schema . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installing a Support Pack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installing eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Lost Trustee Assignments on NFS Gateway Volumes . . . . . . . . . . . . . . . . 15
Installing or Upgrading Novell eDirectory on Windows NT/2000 17
Installing Novell eDirectory on Windows NT/2000 . . . . . . . . . . . . . . . . . . . 19
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Updating the eDirectory Schema . . . . . . . . . . . . . . . . . . . . . . . . . 20
Installing eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Installing Novell eDirectory on Solaris . . . . . . . . . . . . . . . . 23
Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Installing eDirectory on Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
configuring eDirectory on Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Installing Novell eDirectory on Linux . . . . . . . . . . . . . . . . . 29
Software requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
160-000267-001
November 30, 2001

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Installing eDirectory on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
ConfigurinG eDirectory on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . 32
160-000267-001
November 30, 2001
Novell
eDirectory
8.6
Q U I C K S TA R T
Novell eDirectory Overview
Novell® eDirectoryTM is a highly scalable, high performing, secure directory service. It can store
and manage millions of objects, such as users, applications, network devices, and data. Novell
eDirectory natively supports the directory standard Lightweight Directory Access Protocol (LDAP)
version 3 over Secure Socket Layer (SSL).
Novell eDirectory provides the basic foundation for the directory service, which provides
replication and partitioning capabilities, along with other utilities. Additional packages that
build upon this basic directory structure, such as DirXMLTM and Account Management, are also
available separately to increase functionality.
SUPPORTED PLATFORMS
NetWare®
Windows* NT*
Windows 2000
Solaris*
Linux*
FOR MORE INFORMATION

For more information on Novell eDirectory, refer to the following sources:
Product information (http://www.novell.com/products/nds)
Product support (http://support.novell.com)
Online forums (news://forums.novell.com)
Product catalog (http://www.novell.com/catalog)
Product documentation (http://www.novell.com/documentation)
000-0000-000
November 30, 2001

Novell Confidential
000-0000-000
November 30, 2001
Novell
eDirectory
8.6
Q U I C K S TA R T
Installing or Upgrading Novell eDirectory

on NetWare
Use the following instructions to install or upgrade Novell® eDirectoryTM on a NetWare® server.
Novell eDirectory for NetWare can co-exist with the following NDS® or eDirectory versions:
NetWare 4.11 or 4.2 with NDS 6.09 or later
NetWare 5 with Support Pack 5 or later, and NDS 7.47 or later (but earlier than NDS 8)
NetWare 5 with Support Pack 5 or later, and NDS 8.51 or later
NetWare 5.1with Support Pack 1 or later
NDS eDirectory 8.5 on Windows* NT*, Windows 2000, NetWare, Solaris*, Linux*, or Tru64
UNIX*
Novell eDirectory 8.6 on Windows* NT*, Windows 2000, NetWare, Solaris*, or Linux*
SYSTEM REQUIREMENTS
If you are using RCONSOLE, a ConsoleOneTM administrator workstation with the following:
A 200 MHz or faster processor
A minimum of 64 MB RAM (128 MB recommended)
The Novell ClientTM that shipped with NetWare 5 or later.
The Novell Cryptography Support Modules (Novell International Cryptographic

Infrastructure [NICI] 1.5.1 or later), available from the product CD or from the Novell
Cryptography Web site (http://www.novell.com/products/cryptography).
Administrative rights to the eDirectory tree so that you can modify the schema.
000-0000-000
November 30, 2001

Novell Confidential
HARDWARE REQUIREMENTS
Hardware requirements depend on the specific implementation of eDirectory.
For example, a base installation of eDirectory with the standard schema requires about 74 MB of
disk space for every 50,000 users. However, if you add a new set of attributes or completely fill
in every existing attribute, the object size grows. These additions affect the disk space,
processor, and memory needed.
Two factors increase performance: more cache memory and faster processors.
For best results, cache as much of the DIB Set as the hardware allows.
eDirectory scales well on a single processor. However, Novell eDirectory 8.6 takes advantage of
multiple processors. Adding processors improves performance in some areas, for example, logins
and having multiple threads active on multiple processors. eDirectory itself is not processor-
intensive, but it is I/O-intensive.
The following table illustrates typical system requirements for eDirectory for NetWare:
Objects Processor Memory Hard Disk
100,000 Pentium* III 450-700 MHz 384 MB 144 MB

(single)
1 million Pentium III 450-700 MHz (dual) 2 GB 1.5 GB
10 million Pentium III 450-700 MHz (2 to 4) 2 GB + 15 GB
Requirements for processors might be greater than the table indicates, depending upon
additional services available on the computer as well as the number of authentications, reads,
and writes that the computer is handling. Processes such as encryption and indexing can be
processor-intensive.
Of course, faster processors improve performance. Additional memory also improves

performance because eDirectory can then cache more of the directory into memory.
FORCING THE BACKLINK PROCESS TO RUN

Because the internal eDirectory identifiers change when upgrading to Novell eDirectory, the
backlink process has to update backlinked objects for them to be consistent.
10
000-0000-000
November 30, 2001
Backlinks keep track of external references to objects on other servers. For each external
reference on a server, the backlink process ensures that the real object exists in the correct
location and verifies all backlink attributes on the master of the replica. The backlink process
occurs two hours after the database is open and then every 780 minutes (13 hours). The interval
is configurable from 2 minutes to 10,080 minutes (7 days).
After migrating to eDirectory, we recommend that you force the backlink to run by issuing a SET
DSTRACE=*B command from the server console. Running the backlink process is especially
important on servers that do not contain a replica.
INSTALLING NOVELL EDIRECTORY ON NETWARE

If your eDirectory tree does not have a Novell Certificate ServerTM, the eDirectory installation
program does the following:
Creates a Security container object for the entire eDirectory tree
This object is created at the top of the eDirectory tree and must remain there.
Creates an Organizational Certificate Authority (CA) object
Places the Organizational CA object in the Security container
Only one Organizational CA object can exist in an eDirectory tree. Because you must not move
this object from one server to another, ensure that the first eDirectory server is the one that you
intend to permanently host the Organizational CA object.
Prerequisites
If you are installing into a tree that has NetWare 5 servers, each NetWare 5.0 server must be
running NetWare 5.0 Support Pack 5 or later. Each NetWare 5.1 server must be running NetWare
5.1 Support Pack 1 or later.
If you are upgrading eDirectory on a NetWare 5.1 server, the NetWare 5.1 server must be running
NetWare 5.1 Support Pack 2a or later.
Updating the eDirectory Schema

To upgrade an existing NetWare 5.x server to eDirectory into an existing tree, update the
eDirectory schema by running DSREPAIR on the server that has the master replica of the Tree
partition.
IMPORTANT: If the master replica of the Tree partition resides on a Windows NT/2000 server,
follow the instructions in “Updating the eDirectory Schema” on page 20.
11
000-0000-000
November 30, 2001
If one or both of the following conditions exist, you must run DSREPAIR.NLM before installing the
first eDirectory server in your tree:
Any NetWare 5 server in your eDirectory tree is eDirectory 8.
Your first installation of eDirectory 8.6 is on a NetWare 5 server that does not hold a writable
replica of the root partition.
To update the eDirectory schema:
1 Copy the appropriate DSREPAIR.NLM file from the product CD to the SYS:\SYSTEM directory
of the server that contains the master replica of the Tree partition.
Table 1
For This Version of With This Version of NDS Copy

NetWare
4.11 or 4.2 6.09 or later PATCHES\DSREPAIR\

NW4X\DSREPAIR.NLM
5.0 or later NDS 7 version 7.47 or later PATCHES\DSREPAIR\

NW5X\DSREPAIR.NLM
5.0 or later 8.11 or 8.17 Not supported
5.0 or later 8.51 or later PATCHES\DSREPAIR\

NWNDS8\DSREPAIR. NLM
2 At the server console of the master replica of the Tree partition, load DSREPAIR.NLM.
3 Select Advanced Options Menu > Global Schema Operations.
4 Enter the Administrator’s name (for example, .Admin.VMP) and password.
5 Select Post NetWare 5 Schema Update > Yes.
DSREPAIR.NLM updates the schema and posts the results to the DSREPAIR.LOG file.
Ignore errors associated with adding object classes. DSREPAIR.NLM is simply applying the
Post NetWare 5 Schema Update changes to each object.
6 Copy the appropriate patch version of DSREPAIR.NLM to each NetWare server in the
eDirectory tree.
Use Table 1 as a reference. Having a correct version on each server ensures that the schema
needed for eDirectory is properly maintained when DSREPAIR.NLM is run in the future.
If you use an earlier version of DSREPAIR.NLM and select Rebuild Operational Schema,
schema enhancements made by the Post NetWare 5 Schema Update will be lost. To resolve
lost schema enhancements, run DSREPAIR.NLM according to the following table.
12
000-0000-000
November 30, 2001
If you are running DSREPAIR.NLM from Do this

here
A server that holds a writable replica of Reapply the Post NetWare 5 Schema Update
the root partition to your eDirectory tree.
From any other server Click Advanced Options > Global Schema
Operations > Request Schema from Tree.
This action resynchronizes the schema from the root of the tree.
7 Close DSREPAIR.NLM before installing eDirectory on the server.
If DSREPAIR.NLM is loaded, the server might not restart.
Installing a Support Pack
Table 2
Before installing eDirectory on this server Install this support pack
NetWare 5 NetWare 5 Support Pack 6a
NetWare 5.1 NetWare 5.1 Support Pack 2a or later
1 (Conditional) Download the latest support pack to the NetWare 5.x server.
For example, download to SYS:\.
If you purchased a support pack CD from Support Connection, skip this step.
2 (Conditional) Expand the support pack.
For NW51SP1.EXE, the support pack might take several minutes to verify an ARJ-SECURITY
envelope. After verification, the support pack creates an NW5SPX directory and places
subdirectories and files there.
If you purchased a CD from Support Connection, skip this step. The support pack is already
expanded.
3 At the server console, start NWCONFIG.NLM.
4 Select Product Options > Install a Product Not Listed.
5 Press F3 (F4 if you're using RCONSOLE) > specify the path to the expanded Support Pack files,
such as SYS:\NW5SP4.
13
000-0000-000
November 30, 2001
6 Select options.
Follow the online instructions to install the support pack.
During installation, the support pack might prompt you concerning extending the schema.
Although you have already extended the schema for eDirectory, you most likely need to
extend the schema for other functionality, such as Novell Licensing Services.
7 Take the server down, then restart it.
If you checked the Reboot Server option in Step 6, the server automatically restarts.
Installing eDirectory
1 (Conditional) If you are upgrading eDirectory, do the following:
1a In the AUTOEXEC.NCF file, comment out the lines that load virus scanners, database
applications such as Sybase* or Oracle*, backup applications, and other programs that
rely on files being continually open and volumes being mounted.
During the eDirectory installation, the software must dismount volumes so that trustee
assignments can be migrated.
Be aware that virus scanners and other programs might be embedded inside other
products, for example, ZENworksTM, ManageWiseTM, and BorderManagerTM.
1b Restart the server and verify that the programs and applications referred to in Step 1a
are not running.
HINT: If you uncompress the volume you are installing eDirectory on, the install will finish
quicker.
2 (Conditional) If you have an IP-only environment, load IPXSPX.NLM.
NWCONFIG.NLM looks to Btrieve* for the product list. Btrieve subsequently requires IPXTM.
Loading IPXSPX.NLM allows Btrieve to load. When you reboot the server, IPXSPX.NLM does
not reload, so you have an IP-only environment again.
3 At the server console, load NWCONFIG.NLM.
4 Select Product Options > Install a Product Not Listed.
5 Press F3 (F4 if you're using RCONSOLE) > enter the path to the eDirectory files under the NW
directory, for example, SYS:\NW.
Follow on screen prompts concerning license agreements, the readme file, and tips.
After files are copied, the server automatically restarts and begins to install components for
ConsoleOne and Novell Certificate Server.
6 Enter the administrator’s login name (for example, Admin.VMP).
IMPORTANT: This window might close before you enter this information. If it does, toggle
(Alt+Esc) to the screen and enter the information. Otherwise, the installation will not be
complete.
14
000-0000-000
November 30, 2001
7 Follow the online instructions concerning the Certificate Server, LDAP, languages,
components, and products to install.
8 When the installation is completed, restore the lines that you commented out in Step 1a on
page 14 > restart the server by clicking Yes.
Repeat this procedure for each NetWare server you want to upgrade to eDirectory for NetWare.
Lost Trustee Assignments on NFS Gateway Volumes

The eDirectory installation process does not upgrade trustee assignments on NFS Gateway
volumes. If you are hosting NFS Gateway volumes on a server upgraded to eDirectory, those
trustee assignments are mapped to non-existent trustees.
To delete the inaccurate trustee assignments, complete the following steps:
1 On the server, load UNICON > authenticate to eDirectory.
2 Select Start/Stop Services > NFS Gateway Server > Del.
3 From a workstation, log in to the server > delete the file SYS:\NFSGW\SFSxxxx.DAT.
4 At the server, load UNICON again > authenticate to eDirectory.
5 Select Start/Stop Services > NFS Gateway Server.
You will need to manually create new trustee assignments for eDirectory objects to any NFS
Gateway volumes.
15
000-0000-000
November 30, 2001
16
000-0000-000
November 30, 2001
Novell
eDirectory
8.6
Q U I C K S TA R T
Installing or Upgrading Novell eDirectory

on Windows NT/2000
Use the following instructions to install or upgrade Novell® eDirectoryTM on a Windows* NT* or
Windows 2000 server.
SYSTEM REQUIREMENTS
A Windows NT server 4.0 with Service Pack 4 or later (or Windows 2000 Server) and an
assigned IP address.
A Pentium* 200 with a minimum of 64 MB RAM (128 MB recommended) and a monitor color
palette set to a number higher than 16.
(Optional) One or more workstations running one of the following:
Novell ClientTM for Windows 95/98 3.0 or later
Novell Client for Windows NT 4.5 or later
NT client
Administrative rights to the NT/2000 server and to all portions of the eDirectory tree that
contain domain-enabled User objects. For an installation into an existing tree, you need
administrative rights to the Tree object so that you can extend the schema and create
objects.
For example, a base installation of eDirectory with the standard schema requires about 74 MB of
disk space for every 50,000 users. However, if you add a new set of attributes or completely fill
in every existing attribute, the object size grows. These additions affect the disk space,
processor, and memory needed.
000-0000-000
November 30, 2001

Novell Confidential
For best results, cache as much of the DIB Set as the hardware allows.
eDirectory scales well on a single processor. However, Novell eDirectory 8.6 takes advantage of
multiple processors. Adding processors improves performance in some areas, for example, logins
and having multiple threads active on multiple processors. eDirectory itself is not processor-
intensive, but it is I/O-intensive.
The following table illustrates typical system requirements for Novell eDirectory for Windows NT
and Windows 2000:
10,000 Pentium* III 450-700 MHz (single) 384 MB 144 MB
Requirements for processors might be greater than the table indicates, depending upon
additional services available on the computer as well as the number of authentications, reads,
and writes that the computer is handling. Processes such as encryption and indexing can be
processor-intensive.

Because the internal eDirectory identifiers change when upgrading to eDirectory, the backlink
process has to update backlinked objects for them to be consistent.
Backlinks keep track of external references to objects on other servers. For each external
reference on a server, the backlink process ensures that the real object exists in the correct
location and verifies all backlink attributes on the master of the replica. The backlink process
occurs two hours after the database is open and then every 780 minutes (13 hours). The interval
is configurable from 2 minutes to 10,080 minutes (7 days).
After migrating to eDirectory, we recommend that you force the backlink to run by issuing a SET
DSTRACE=*B command from the server console. Running the backlink process is especially
important on servers that do not contain a replica.
18
000-0000-000
November 30, 2001
INSTALLING NOVELL EDIRECTORY ON WINDOWS NT/2000

Novell eDirectory 8.6 for NT upgrades NT servers running NT Service Pack 4 or later and
eDirectory 8.35 or later.
If no eDirectory tree exists, you can install eDirectory 8.6. The installation program creates an
eDirectory tree.
If your eDirectory tree does not have a Novell Certificate ServerTM, the eDirectory installation
program does the following:
Creates a Security container object for the entire eDirectory tree
This object is created at the top of the eDirectory tree and must remain there.
Creates an Organizational Certificate Authority (CA) object
Places the Organizational CA object in the Security container
Only one Organizational CA object can exist in an eDirectory tree. Because you must not move
this object from one server to another, ensure that the first eDirectory server is the one that you
intend to permanently host the Organizational CA object.
Prerequisites
Because NTFS provides a safer transaction process than a FAT file system provides, you can
only install eDirectory on an NTFS partition. Therefore, if you only have FAT file systems,
do one of the following:
Create a new partition and format it as NTFS.
Use Disk Administrator. Refer to Windows NT Server User Guide for more information.
Convert an existing FAT file system to NTFS, using the CONVERT command.
If your server only has a FAT file system and you forget or overlook this process, the
installation program prompts you to provide an NTFS partition.
If you are installing eDirectory for NT/2000 into an eDirectory tree that has NetWare® and
NT/2000 servers, each NetWare server must be running one of the following:
NetWare 4.2 with NDS 6.09 or later
NetWare 6
Each NT/2000 server must be running eDirectory 8.0 or later.
19
000-0000-000
November 30, 2001
Updating the eDirectory Schema

To upgrade an existing tree, run DSREPAIR on the server that contains the master replica of the
Tree partition.
IMPORTANT: If the master replica of the Tree partition resides on a NetWare server, follow the
instructions in “Updating the eDirectory Schema” on page 11.
The eDirectory installation program checks the existing schema’s version. If the schema has not
been upgraded, the installation program instructs you to run DSREPAIR, then discontinues.
1 Copy PATCHES\DSREPAIR\ NTNDS8\DSREPAIR. DLL from the product CD to the directory

where you installed eDirectory, for example, G:\NOVELL\NDS.
This file is version 8.35.
2 Start NDSCONSOLE by running NDSCONS.EXE.
This file is in the directory where you installed eDirectory.
3 Select DSREPAIR from the NDS® Service list.
4 Enter -ins in the Startup Parameters field > click Start.
After the schema has been updated, the status field next to the DSREPAIR module in
NDSCONSOLE will be blank.
5 To see the results of the schema update, select DSREPAIR in NDSCONSOLE.
6 Click Start > File > Open Log File > Open.
The last entry of the log file will contain the results of the schema update.
Installing eDirectory
1 At the NT/2000 server, log in as Administrator or as a user with administrative privileges.
2 Run SETUP.EXE from the NT directory on the product CD.
3 Select which components to install.
You can install the components separately or together.
Install Novell Directory Services®
This option installs eDirectory in an NT/2000-only or mixed NetWare/NT/2000 server

environment.
Follow the online instructions in the Installation Wizard.
SLP Directory Agent
Installs SLP Directory Agent, which allows you to control the collection and
dissemination of network service information through advanced features.
20
000-0000-000
November 30, 2001
Follow the online instructions in the Installation Wizard. Select the type of setup you
want to install:
Directory: Use eDirectory to manage, configure, and store Directory Agents, scopes,
and services.
Local: The Directory Agent and its associated scopes and services are stored and
configured through the local machine.
Install ConsoleOne
This option installs ConsoleOneTM 1.3.
Follow the online instructions in the Installation Wizard.
The installation program checks for the following components. If a component is missing or is an
incorrect version, the installation program automatically launches an installation for the
component.
Novell Client for Windows NT/2000
For more information on the Novell Client for Windows NT, see the Novell Client for Windows
online documentation (http://www.novell.com/documentation/lg/client/docui/
index.html).
Novell licensing
Evaluation licenses (http://www.novell.com/products/edirectory/licenses/eval_861.html)

are available.
21
000-0000-000
November 30, 2001
22
000-0000-000
November 30, 2001
To begin a QuickStart (English): Click in the box under the word Novell. Insert QuickStart and Title elements. 2. Type the product name. 3. Insert the HeadQS element and type the title of your card.
4. Put in your product version: Click Special > Variable > select the variable named Version > Edit Definition > enter the version number > click Done > Done. It will appear as background text replacing
Version X.X.
For a card that’s part of a booklet: Use Special > Master Page Usage to change to using “First” master page on the first page of the card. It doesn’t show the part number, since part number will be
noted in the front of the booklet.
Novell
eDirectory
8.6
Q U I C K S TA RT
Installing Novell eDirectory on Solaris
This section contains the minimum system requirements for Novell® eDirectoryTM on Solaris*, basic
installation commands, and a brief description of the eDirectory configuration utilities.
SYSTEM REQUIREMENTS
All recommended Solaris OS patches are available at the SunSolve* Online Web page (http://
sunsolve.sun.com)
Solaris 2.6 (with patch 105591-07 or later)
Solaris 7 (with patch 106327-06 or later for 32-bit systems)
Solaris 7 (with patch 106300-07 or later for 64-bit systems)
Solaris 8 (with patch 109461-02 and patch 108827-10 or later)
74 MB of disk space to install eDirectory. Additional disk space required based on data.
SOFTWARE REQUIREMENTS
Netware Time Protocol
ConsoleOne 1.3 or later
Two factors increase performance: more cache memory and high end processors.
For best results, cache as much of the DIB Set as the hardware allows up to 2GB.
eDirectory scales well on a single processor. However, eDirectory 8.6 takes advantage of multiple
processors. Adding processors improves performance in some areas, for example, logins and having multiple
000-0000-000
Instructions for International. For SINGLE cards: 1. After importing SGML, click the BookQS element in the "Structure View" window. 2. Select QuickStart in the "Elements" window and click
Wrap. 3. Right-click the BookQS element in the "Structure View" to bring up menu, and select Unwrap. 4. Highlight the Front element in the "Structure View" and delete it. 5. Right-click the nested
QuickStart element in the "Structure View" to bring up menu, and select Unwrap. 6. You can continue with print prep and creating PostScript and PDF, even though the file is not completely valid
because the ID on the QuickStart element is missing. That’s okay—it will not affect the appearance of the document, so PostScript and PDF will be correct. For cards in a booklet: To remove part
number from f irst page, use the master page "First."
November 30, 2001

Novell Confidential
threads active on multiple processors. eDirectory itself is not processor-intensive, but it is I/O-intensive.
The following table illustrates typical system requirements for Novell eDirectory for Solaris.
100,000 Sun* Enterprise 220 384 MB 144 MB
1 million Sun Enterprise 450 2 GB 1.5 GB
10 million Sun Enterprise 4500 with multiple 2 GB + 15 GB

processors
Requirements for processors might be greater than the table indicates, depending upon additional services
available on the computer as well as the number of authentications, reads, and writes that the computer is
handling. Processes such as encryption and indexing can be processor-intensive.

Because the internal eDirectory identifiers change when upgrading to Novell eDirectory, the backlink
Backlinks keep track of external references to objects on other servers. For each external reference on a
server, the backlink process ensures that the real object exists in the correct location and verifies all backlink
attributes on the master of the replica. The backlink process occurs two hours after the database is open and
then every 780 minutes (13 hours). The interval is configurable from 2 minutes to 10,080 minutes (7 days).
After migrating to eDirectory, start the ndstrace process by issuing the ndstrace -l >log& command,
which runs the process at the background. You can force the backlink to run by issuing the ndstrace -c
SET DSTRACE=*B command from the ndstrace command prompt. You can then unload the ndstrace
process by issuing the ndstrace -u command. Running the backlink process is especially important on
servers that do not contain a replica.
24
000-0000-000
November 30, 2001
PREREQUISITES
eDirectory Server must be installed on all servers that you want to place an eDirectory replica on.
Meet the “System Requirements” on page 23.
Enable the Solaris host for multicast routing on the server on which you are installing the product.
Enter the following command to check whether the host is enabled for multicast routing:
/usr/bin/netstat -nr
The following entry should be present in the routing table:
224.0.0.0 host_IP_address
If the entry is not present, log in as root, and enter the following command to enable multicast routing:
route add -net 224.0.0.0 -net 224.0.0.0 netmask 240.0.0.0 hme0
NICI 2.3 is a pre-requisite for installing eDirectory. eDirectory prompts for the installation of NICI 2.3
if it is not installed. The NOVLniu0-2.3.0 package contains NICI 2.3.
For secure Novell eDirectory operations, you will need the NICI Foundation Key file. You can obtain
an evaluation license file from the Novell eDirectory Eval License Download (http://www.novell.com/
products/edirectory/licenses/eval_861.html) Web site. If you do not use the NICI Foundation Key, you
will not be able to create Certificate Authority and Key Material objects.
If you have more than one server in the tree, the time on all the network servers should be
synchronized. Use Network Time Protocol (NTP) to synchronize time.
If you are installing a secondary server, all the replicas in the partition where you have installed the
product should be in the On state.
INSTALLING EDIRECTORY ON SOLARIS

Use the nds-install utility to install eDirectory components on Solaris systems. This utility is located in the
Setup directory on the CD for the Solaris platform. The utility adds the required packages based on the
components you select to install.
To install eDirectory components on Solaris systems:
1 Log in as root on the host.
2 Enter the following command from the setup directory:
nds-install
3 When prompted, accept the license agreement.
The installation program displays a list of Novell eDirectory components that you can install.
25
000-0000-000
November 30, 2001
4 Specify the option for the component you want to install. The appropriate packages are installed on the
Solaris host.
Table 3 lists the packages installed for each eDirectory component.
Table 3
eDirectory Component Packages Installed Description
eDirectory Server NDSbase, NDScommon, The eDirectory replica server will

NDSsecur, NDSsecutl, be installed on the specified server
NDSmasv, NDSserv,
NDSimon, NDSrepair, NDSslp
and NDSdexvnt.
Administration Utilities NDSadmutl, NDSsecutl, The Novell Import Conversion

NDSbase, and NLDAPbase Export and LDAP Tools utilities
will be installed on the specified
workstation
Management Console for NDSbase, NDSslp, NovLC1, The management console for
eDirectory C1JRE, NDSadmutl, eDirectory will be installed on the
NLDAPbase, and NDS set of specified workstation
packages
NMAS (Novell Modular NDSnmas The NMAS server components

Authentication Service) and the configuration utilities will
server be installed on the specified server.
5 If you are prompted, enter the complete path to the NICI Foundation Key file.
You will be prompted to enter the complete path to the NICI Foundation Key only if the installation
program is not able to locate the file in the default location (/var, the mounted license diskette, or the
current directory).
IMPORTANT: Before you begin to use Novell eDirectory, ensure that SLP has been installed for the
eDirectory tree to be advertised. To determine the advertisement of the eDirectory tree, enter the following:
/usr/bin/slpinfo -s "ndap.novell//(svcname-ws==*tree_name.)/"
CONFIGURING EDIRECTORY ON SOLARIS

1. Use the ndsconfig utility to configure eDirectory.
To create a new tree, enter ndsconfig new -t corp-tree -n o=company -a

cn=admin.o=company
To add a replica into an existing tree, enter ndsconfig add -t corp-tree -n

o=company -a cn=admin.o=company
To remove a replica, enter ndsconfig rm -a cn=admin.o=company
26
000-0000-000
November 30, 2001
2. Use the ldapconfig utility to modify, view, and refresh LDAP object attributes.
3. Use the nmasconfig utility to configure NMAS and the policy-based authentication methods (log in
methods).
4. Use the pkiconfig utility to create the following Novell PKI Objects:
Organizational Certificate Authority (CA)
Server Certificates (Stored as Key Material Objects (KMO))
User Certificates
Security Container
SAS Service object
27
000-0000-000
November 30, 2001
QuickStart Rev 99a
44 August 22, 2001
28
000-0000-000
November 30, 2001
To begin a QuickStart (English): Click in the box under the word Novell. Insert QuickStart and Title elements. 2. Type the product name. 3. Insert the HeadQS element and type the title of your card.
4. Put in your product version: Click Special > Variable > select the variable named Version > Edit Definition > enter the version number > click Done > Done. It will appear as background text replacing
Version X.X.
For a card that’s part of a booklet: Use Special > Master Page Usage to change to using “First” master page on the first page of the card. It doesn’t show the part number, since part number will be
noted in the front of the booklet.
Novell
eDirectory
8.6
Q U I C K S TA RT
Installing Novell eDirectory on Linux
This section contains the minimum system requirements for Novell® eDirectoryTM on Linux*, basic
installation commands, and a brief description of the eDirectory configuration utilities.
SYSTEM REQUIREMENTS
Linux 2.2 and glibc 2.1.3 (Recommended glibc 2.2)
74 MB of disk space for minimum of 50,000 users. Additional disk space required based on data.
SOFTWARE REQUIREMENTS
Netware Time Protocol
ConsoleOne
ConsoleOne 1.3 or later
200 MHz processor (a faster one is recommended)
For best results, cache as much of the DIB Set as the hardware allows up to 2GB.
eDirectory scales well on a single processor. However, eDirectory 8.6 takes advantage of multiple
processors. Adding processors improves performance in some areas, for example, logins and having multiple
threads active on multiple processors. eDirectory itself is not processor-intensive, but it is I/O-intensive.
The following table illustrates typical system requirements for eDirectory for Linux:
000-0000-000
Instructions for International. For SINGLE cards: 1. After importing SGML, click the BookQS element in the "Structure View" window. 2. Select QuickStart in the "Elements" window and click
Wrap. 3. Right-click the BookQS element in the "Structure View" to bring up menu, and select Unwrap. 4. Highlight the Front element in the "Structure View" and delete it. 5. Right-click the nested
QuickStart element in the "Structure View" to bring up menu, and select Unwrap. 6. You can continue with print prep and creating PostScript and PDF, even though the file is not completely valid
because the ID on the QuickStart element is missing. That’s okay—it will not affect the appearance of the document, so PostScript and PDF will be correct. For cards in a booklet: To remove part
number from f irst page, use the master page "First."
November 30, 2001

Novell Confidential
100,000 Pentium* III 450-700 MHz 384 MB 144 MB

(single)
Requirements for processors might be greater than the table indicates, depending upon additional services
available on the computer as well as the number of authentications, reads, and writes that the computer is
handling. Processes such as encryption and indexing can be processor-intensive.

Because the internal eDirectory identifiers change when upgrading to Novell eDirectory 8.6, the backlink
Backlinks keep track of external references to objects on other servers. For each external reference on a
server, the backlink process ensures that the real object exists in the correct location and verifies all backlink
attributes on the master of the replica. The backlink process occurs two hours after the database is open and
then every 780 minutes (13 hours). The interval is configurable from 2 minutes to 10,080 minutes (7 days).
After migrating to eDirectory, start the ndstrace process by issuing the ndstrace -l >log& command,
which runs the process at the background. You can force the backlink to run by issuing the ndstrace -c
SET DSTRACE=*B command from the ndstrace command prompt. You can then unload the ndstrace
process by issuing the ndstrace -u command. Running the backlink process is especially important on
servers that do not contain a replica.
30
000-0000-000
November 30, 2001
PREREQUISITES
eDirectory Server must be installed on all servers that you want to place an eDirectory replica on.
Meet the “System Requirements” on page 29.
Enable the Linux host for multicast routing on the server on which you are installing the product. Enter
the following command to check whether the host is enabled for multicast routing:
/bin/netstat -nr
The following entry should be present in the routing table:
224.0.0.0 0.0.0.0
If the entry is not present, log in as root, and enter the following command to enable multicast routing:
route add -net 224.0.0.0 netmask 240.0.0.0 dev -interface
NICI 2.3 is a pre-requisite for installing eDirectory. eDirectory prompts for the installation of NICI 2.3
if it is not installed. The NOVLniu0-2.3.0 package contains NICI 2.3.
For secure Novell eDirectory operations, you will need the NICI Foundation Key file. You can obtain
an evaluation license file from the Novell eDirectory Eval License Download (http://www.novell.com/
products/edirectory/licenses/eval_861.html) Web site. If you do not use the NICI Foundation Key, you
will not be able to create Certificate Authority and Key Material objects.
If you have more than one server in the tree, the time on all the network servers should be
synchronized. Use Network Time Protocol (NTP) to synchronize time.
If you are installing a secondary server, all the replicas in the partition where you have installed the
product should be in the On state.
INSTALLING EDIRECTORY ON LINUX

Use the nds-install utility to install eDirectory components on Linux systems. This utility is located in the
Setup directory on the CD for the Linux platform. The utility adds the required packages based on the
components you select to install.
To install eDirectory components on Linux systems:
1 Log in as root on the host.
2 Enter the following command from the setup directory:
nds-install
31
000-0000-000
November 30, 2001
3 When prompted, accept the license agreement.
The installation program displays a list of eDirectory components that you can install.
4 Specify the option for the component you want to install. The appropriate RPMs are installed on the
Linux host.
Table 4 lists the RPMs installed for each eDirectory component.
Table 4
eDirectory Component Packages Installed Description
eDirectory Server NDSbase, NDScommon, The eDirectory replica server will

NDSsecur, NDSsecutl, be installed on the specified server
NDSmasv, NDSserv,
NDSimon, NDSrepair, NDSslp
and NDSdexvnt
Administration Utilities NDSadmutl, NDSsecutl, The Novell Import Conversion

NDSbase and NLDAPbase Export and LDAP Tools utilitites
will be installed on the specified
workstation
Management Console for NDSbase, NDSslp, NovLC1, The management console for
eDirectory C1JRE, and NDS set ot eDirectory will be installed on the
packages specified workstation
NMAS (Novell Modular NDSnmas The NMAS server components

Authentication Service) and the configuration utilities will
server be installed on the specified server.
5 If you are prompted, enter the complete path to the NICI Foundation Key file.
You will be prompted to enter the complete path to the NICI Foundation Key only if the installation
program is not able to locate the file in the default location (/var, the mounted license diskette, or the
current directory).
IMPORTANT: Before you begin to use eDirectory, ensure that SLP is installed for the eDirectory tree to be
advertised. To determine the advertisement of the eDirectory tree, enter the following:
/usr/bin/slpinfo -s "ndap.novell//(svcname-ws==*tree1.)/"
CONFIGURING EDIRECTORY ON LINUX

1. Use the ndsconfig utility to configure eDirectory.
To create a new tree, enter ndsconfig new -t corp-tree -n o=company -a

cn=admin.o=company
To add a replica into an existing tree, enter ndsconfig add -t corp-tree -n

o=company -a cn=admin.o=company
32
000-0000-000
November 30, 2001
To remove a replica, enter ndsconfig rm -a cn=admin.o=company
2. Use the ldapconfig utility to modify, view, and refresh LDAP object attributes.
3. Use the nmasconfig utility to configure NMAS and the policy-based authentication methods (log in
methods).
4. Use the pkiconfig utility to create the following Novell PKI Objects:
Organizational Certificate Authority (CA)
Server Certificates (Stored as Key Material Objects (KMO))
User Certificates
Security Container
SAS Service object
33
000-0000-000
November 30, 2001
QuickStart Rev 99a
44 August 22, 2001
34
000-0000-000
November 30, 2001
Novell Native File Access Protocols Installation and Administration Guide
Novell
NetWare 6 ®
www.novell.com
N O V E L L N AT I V E F I L E A C C E S S P R O TO C O L S
I N S TA L L AT I O N A N D A D M I N I S T R AT I O N G U I D E
September 4, 2001
Novell Confidential
Contents
Contents 5
Preface 9
1 Overview 11
Native Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Network Neighborhood and Macintosh Chooser. . . . . . . . . . . . . . . . . . . . . . . . . . 12
Understanding Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Local Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Domain Controller Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
NetWare Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Simple Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Get Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2 Installing Novell Native File Access Protocols 15

NetWare Server Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Administrator Workstation Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Computer Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Installing the Software during the Server Installation . . . . . . . . . . . . . . . . . . . . . . . 18
Installing the Software after Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Accessing the Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Installing the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Starting and Stopping Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3 Assigning Simple Passwords 27

Using ConsoleOne to Create Simple Passwords . . . . . . . . . . . . . . . . . . . . . . . . . 28
Using NetWare Remote Manager to Create Simple Passwords . . . . . . . . . . . . . . . . . . 29
Creating Simple Passwords for Multiple Users . . . . . . . . . . . . . . . . . . . . . . . . . 30
Creating a Simple Password for a Single User . . . . . . . . . . . . . . . . . . . . . . . . . 31
Managing Users and Rights to Network Resources . . . . . . . . . . . . . . . . . . . . . . . . 31
Contents 5

103-000162-001
September 4, 2001
Novell Confidential
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4 Working with Macintosh Computers 33

Administrator Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Creating Simple Passwords for Several Macintosh Users. . . . . . . . . . . . . . . . . . . 33
Editing the Context Search File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Creating a Guest User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Renaming Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Macintosh End User Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Accessing Network Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Logging In to the Network as Guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Changing Passwords from a Macintosh Computer . . . . . . . . . . . . . . . . . . . . . . 37
Assigning Rights and Sharing Files from a Macintosh Computer . . . . . . . . . . . . . . . 37
5 Working with Windows Computers 41

Administrator Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Specifying Contexts in the Context Search File . . . . . . . . . . . . . . . . . . . . . . . . 41
Providing Network Access to Domain Users. . . . . . . . . . . . . . . . . . . . . . . . . . 42
Customizing the Network Environment Using a Configuration File . . . . . . . . . . . . . . 43
Viewing Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Windows User Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Accessing Files from a Windows Computer . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Mapping Drives from a Windows Computer . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Changing Passwords from a Windows Computer . . . . . . . . . . . . . . . . . . . . . . . 48
6 Setting Up Novell Native File Access Protocols in a NetWare 6 Cluster 51

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Setting Up for Macintosh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Setting Up for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
7 Working with UNIX Machines 55

Features of Novell Native File Access for UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Overview of Native File Access for UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
NFS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Network Information Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
UNIX User Management Using eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . 63
ConsoleOne-Based Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Novell Cluster Services Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Administration Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Upgrade Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Setting Up and Managing Novell Native File Access for UNIX . . . . . . . . . . . . . . . . . . 69
Configuration Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Configuring Server General Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
NFS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
6 Novell Native File Access Protocols Installation and Administration Guide

103-000162-001
September 4, 2001
Novell Confidential
NIS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Setting Up Novell Native File Access for UNIX with Novell Cluster Services . . . . . . . . . . 112
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Configuring the Properties of Cluster Volume Resource . . . . . . . . . . . . . . . . . . . 113
Component-Specific Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Location of Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Starting and Stopping Native File Access for UNIX with Cluster Services . . . . . . . . . . 117
Contents 7

103-000162-001
September 4, 2001
Novell Confidential

103-000162-001
September 4, 2001
Novell Confidential
Preface
This book is divided into the following sections.

Chapter 1, “Overview,” on page 11—An explanation of the benefits of
Novell® Native File Access Protocols and the concepts required to
understand its implementation.
Chapter 2, “Installing Novell Native File Access Protocols,” on page
15—Instructions for meeting the prerequisites and installing the software.
Chapter 3, “Assigning Simple Passwords,” on page 27—Instructions for
creating passwords and managing users for Macintosh* and Windows*
computers.
Chapter 4, “Working with Macintosh Computers,” on page 33—
Instructions for simplifying the task of setting up and managing
Macintosh workstations. Also includes instructions that describe how
Macintosh end users access files on the network with Novell Native File
Access Protocols.
Chapter 5, “Working with Windows Computers,” on page 41—
Instructions for simplifying the task of setting up and managing Windows
workstations. Also includes instructions that describe how Windows end
users access files on the network with Novell Native File Access
Protocols.
Chapter 6, “Setting Up Novell Native File Access Protocols in a NetWare
6 Cluster,” on page 51—An explanation of the concepts relating to Novell
Cluster ServicesTM and instructions for configuring Novell Native File
Access Protocols for Macintosh and Windows computers in a clustered
environment.
Chapter 7, “Working with UNIX Machines,” on page 55—Instructions
for setting up Novell Native File Access Pack for UNIX* computers.
Preface 9

103-000162-001
September 4, 2001
Novell Confidential

103-000162-001
September 4, 2001
Novell Confidential
1 Overview
Novell® Native File Access Protocols let Macintosh, Windows, and UNIX
workstations access and store files on NetWare® servers without having to
install any additional software—such as Novell ClientTM software. The
software is installed only on the NetWare server and provides "out of the box"
network access. Just plug in the network cable, start the computer, and you
have access to servers on your network. No client configuration, no client
software, no problem.
NetWare
Server
CIFS
AFP
NFS
IP
CIFS AFP NFS
Windows MAC UNIX
Native Protocols
Novell Native File Access Protocols enable the NetWare server to use the
same protocol (referred to as native) as the client workstation to copy, delete,
move, save, and open files. Windows workstations perform these tasks using
the native Common Internet File System (CIFS) protocol, and Macintosh
workstations use the native Apple* Filing Protocol (AFP). UNIX computers
use the Network File System (NFS*) protocol.
Overview 11

103-000162-001
September 4, 2001
Novell Confidential
Network Neighborhood and Macintosh Chooser

Enabling native protocols on NetWare means that users can access files, map
network drives, and create shortcuts to NetWare servers using the native
methods available in their specific operating system. Windows users can use
their familiar Network Neighborhood. Macintosh users can use Chooser or the
Go menu to access network files and even create aliases. Because the NetWare
server is running native protocols, users can copy, delete, move, save, and
open network files—just like they would if they were working locally.
Network Neighborhood Chooser
Understanding Passwords
To understand how Novell Native File Access Protocols incorporate the
security of NetWare, you must understand the different types of passwords
used in networking—local, domain controller, NetWare, and simple.
Local Password
The Windows operating system requires a username and password to log in to
the computer. This password, called the local password, is stored locally on
the computer’s disk drive.
Domain Controller Password

Windows networking uses a domain controller to restrict access to the
network. When Windows users log in to the network using a Domain
Controller, they are required to enter a username and password for
authentication. This password, called the domain controller password, is
stored on the domain controller computer on the network.

103-000162-001
September 4, 2001
Novell Confidential
NetWare Password
To access the network, each user must have a network account created
specifically for them. This account is called a User object. It consists of a
NetWare username and a corresponding NetWare password. When the
workstation is running Novell Client software, the user logs in by entering the
NetWare username (including context) and password. NetWare usernames
and passwords are stored securely on NetWare servers.
Simple Password
Another password, called the simple password, is required to provide access
to workstations not running Novell Client software. Just like the NetWare
password, the simple password is stored on the network. Each user must have
a simple password to access network resources using native protocols.
When users access a network resource using their native methods (such as My
Network Places or Chooser), they enter their NetWare username and the
simple password. The username and password are verified by NetWare, and
if they are correct, access is granted to the network resource.
Get Started
Novell Native File Access Protocols are easy to install on a NetWare 6 server.
Follow the instructions beginning in Chapter 2, “Installing Novell Native File
Access Protocols,” on page 15 to get started.
Overview 13

103-000162-001
September 4, 2001
Novell Confidential

103-000162-001
September 4, 2001
Novell Confidential
2 Installing Novell Native File Access

Protocols
To install the Novell® Native File Access Protocols, you must complete the
following:
1. Prepare the NetWare 6 server according to the instructions in “NetWare
Server Prerequisites” on page 15.
2. Set up a client workstation following the instructions in “Administrator
Workstation Prerequisites” on page 17.
3. Make sure that the computers to access the network are running a
supported version of the operating system as described in “Computer
Prerequisites” on page 17.
4. Install the software following the instructions in “Installing the Software
after Server Installation” on page 18.
After installing Novell Native File Access Protocols, you must create simple
passwords before users can access network resources. For instructions, see
Chapter 3, “Assigning Simple Passwords,” on page 27.
NetWare Server Prerequisites

The server must have the following configuration to run Novell Native File
Access Protocols.
HINT: Check the server configuration at the server console by entering
NWCONFIG; then select Product Options > View.
NetWare 6 server operating system

(For Macintosh only) Macintosh Name Space loaded on each traditional
volume before installing Novell Native File Access Protocols.
Installing Novell Native File Access Protocols 15

103-000162-001
September 4, 2001
Novell Confidential
To load Macintosh Name Space to a volume, enter the following

commands at the server console:
LOAD MAC.NLM
ADD NAME SPACE MACINTOSH TO VOLUME volume_name.
(For Macintosh only) AFP.NLM and APPLETLK.NLM must be
unloaded from the server (if loaded).
If BorderManagerTM Enterprise Edition version 3.5 or later is running in
the same tree as the NetWare server, the Login Policy Object (LPO) must
be created by completing the following procedure.
Creating the Login Policy Object

1 Log in to the server running BorderManager.
2 Run the NetWare Administrator utility located in the public\win32\
directory.
3 From the Object menu, click Create > Login Policy > OK.
4 (Conditional) If the server running BorderManager does not have a local
NDS replica, complete the following:
4a From NetWare Administrator, select the Security container and the
LPO.
4b Click Trustees of This Object > Add Trustee.
4c Select the Server object of the server running BorderManager.
4d Deselect all Object rights.
4e Click Selected Properties > SAS: Policy Credentials.
4f From Property Rights, click Read/Write > OK.

103-000162-001
September 4, 2001
Novell Confidential
Administrator Workstation Prerequisites

To install, set up, and administer Novell Native File Access Protocols, make
sure that at least one workstation meets the following requirements:
Windows workstation running one of the following:
Windows 95/98 running Novell Client for Windows 95/98 version
3.21.0 or later. Download the client software. (http://
www.novell.com/download/)
Windows NT/2000 running Novell Client for Windows NT/2000
version 4.80 or later. Download the client software. (http://
www.novell.com/download/)
Client NICI 1.5.7 (Strong Encryption) version 1.5.7. Download the NICI
software. (http://support.novell.com/)
NICI is required to perform password administration using
ConsoleOneTM. It must be installed only on the Administrator
Workstation. NICI (Weak Encryption) will work for user authentication
but does not support changing passwords from a Windows workstation.
Computer Prerequisites
To access NetWare servers running Novell Native File Access Protocols,
computers must be connected to the network, properly configured to run TCP/
IP, and must be running one of the following operating systems:
Mac OS version 8.1 or later, Mac OS X
Windows 95/98/ME, Windows NT* version 4, Windows 2000
Windows computers must be running Client for Microsoft Networks,
which is a standard Windows component that is installed by selecting
Control Panel > Network > Add > Client > Microsoft.
Any version platform capable of NFS v2 or NFS v3 such as UNIX,
Linux*, and Free BSD.
For more information on computers running NFS, see the Chapter 7,
“Working with UNIX Machines,” on page 55.

103-000162-001
September 4, 2001
Novell Confidential
Installing the Software during the Server Installation

Novell Native File Access Protocols are part of the NetWare 6 server
installation program. Instructions are located in the NetWare 6 Overview and
Installation Guide.
If you did not install the software during the NetWare 6 server installation, you
can install it by following the steps beginning with “Installing the Software
after Server Installation” on page 18.
Installing the Software after Server Installation

Novell Native File Access Protocols can installed after installing a NetWare 6
using NetWare Deployment Manager or the Graphical Server Console screen.
Each method provides an easy-to-follow installation program that guides you
through the required steps.
Before You Begin

1 Obtain the NetWare 6 Operating System CD.
2 Make sure that your NetWare server meets the prerequisites described in
“NetWare Server Prerequisites” on page 15.
3 Set up an Administrator Workstation by meeting the prerequisites
described in “Administrator Workstation Prerequisites” on page 17.
Accessing the Software

From the NetWare 6 Server Console
1 At the NetWare 6 server console, enter STARTX to launch the graphical
server console.
2 Click Novell > Install.
3 From the Installed Products screen, click Add.
4 Enter the path to the NetWare 6 Operating System CD and select the
PRODUCT.NI file.
The installation program begins.

103-000162-001
September 4, 2001
Novell Confidential
From NetWare Deployment Manager

1 At the Administrator Workstation, log in to the destination server that will
run the Novell Native File Access Protocols.
2 Insert the NetWare 6 Operating System CD.
3 Run NetWare Deployment Manager (NWDEPLOY.EXE) located on the
root of the NetWare 6 Operating System CD.
4 Click Post-Installation Tasks > Install NetWare 6 Products.
5 At the Product Selection screen, check the Novell Native File Access
Protocols checkbox.
6 Click Next.
The installation program begins.

103-000162-001
September 4, 2001
Novell Confidential
Installing the Software

1 Select to install Macintosh, UNIX, and/or Windows components.
2 Click Next.
3 (Conditional) If you choose to install the Windows component (CIFS),
complete the following steps:
3a Log in as a user with the Supervisor right.
You must specify the full context for the user.
3b Enter the Server Name and Server Comment that will appear in
Network Neighborhood.

103-000162-001
September 4, 2001
Novell Confidential
The Server Name must be 11 or fewer characters and must be

different from the actual NetWare server name. The Server
Comment is optional.
3c Specify whether to enable UNICODE.
When checked, this option enables Unicode characters used in
double-byte languages.
NOTE: To support Unicode, an additional file named UNINOMAP.TXT must
be created and saved in the SYS:\ETC directory. When the -UNICODE value
is set to ON, the UNINOMAP.TXT file is used to resolve Unicode-to-ASCII
"no-map" problems.
To specify "no-map" cases in the UNINOMAP.TXT file, enter the first Unicode
value to watch for and then the second value representing the ASCII
replacement code. For example:
0178 98
20AC CC
encountered, the system uses the ASCII substitution character specified in
the file.
3d Select one of the following and click Next.

If users will authenticate using NDS, select Local.
If users will authenticate using a Domain, select Domain.

103-000162-001
September 4, 2001
Novell Confidential
For Windows users, there are two types of authentication methods

available with Novell Native File Access: Local and Domain. Local
authentication requires a simple password to log in to a NetWare
server, but a simple password is not required for Domain
authentication.
When Novell Native File Access Protocols are configured for
domain authentication, it is not possible to change the simple
password or the NetWare password using Windows’ native Change
Password feature. To change the password, you must use Windows’
domain management utilities.
3e (Optional) Specify the IP address to be attached to the Windows
(CIFS) protocol.
The default is to bind all IP addresses to the CIFS protocol.

3f (Optional) Specify additional NetWare volumes or folders that you
want to appear as share points in Network Neighborhood.

103-000162-001
September 4, 2001
Novell Confidential
To specify a new share point, click New and then enter the path to the
directory, a name, and a description. The directory name must end
with a backslash (\). For example, SYS:\SYSTEM\.
3g Specify the NDS contexts for all Windows users who need access to
the server.
The list of NDS contexts are maintained in the CIFSCTXS.CFG file

that can also be updated after installation. For more information, see
“Specifying Contexts in the Context Search File” on page 41.

103-000162-001
September 4, 2001
Novell Confidential
4 (Conditional) If you choose to install the Macintosh component (AFP),

4a From the Administrator Workstation, log in as a user with the
Supervisor right.
4b Open the SYS:ETC\CTXS.CFG file in a text editor.
4c Enter the contexts of each Macintosh user that requires access to the
server. For example:
sales.hongkong.acme
graphics.ny.acme
sales.ny.acme
The Native File Access Protocols software will search each context
in order until it finds the User object. For more information on
editing the CTXS.CFG file, see “Editing the Context Search File” on
page 34.
4d Save the file.
4e (Optional) Rename a volume by editing the
SYS:ETC\AFPVOL.CFG file.
5 Read the Summary Window and then click Finish.
Starting and Stopping Services

Each time the server starts, Novell Native File Access Protocols are loaded
from commands in the AUTOEXEC.NCF file. You can also load and unload
the service from the server console.
Starting and Stopping the Macintosh (AFP) Protocols

1 At the server console, enter AFPSTRT to load the Macintosh (AFP)
protocols on the server.
Any changes in the configuration files are applied when the protocols are
loaded.
2 At the server console, enter AFPSTOP to unload the Macintosh (AFP)
protocols.

103-000162-001
September 4, 2001
Novell Confidential
Starting and Stopping the Windows (CIFS) Protocols

1 At the server console, enter CIFSSTRT to load the Windows (CIFS)
protocols.
Any changes in the configuration files are applied when the service is
loaded.
2 At the server console, enter CIFSSTOP to unload the Windows (CIFS)
protocols.
What’s Next?
After completing the installation, you need to assign simple passwords to
users before Windows and Macintosh users can access the network. Proceed
to Chapter 3, “Assigning Simple Passwords,” on page 27.

103-000162-001
September 4, 2001
Novell Confidential

103-000162-001
September 4, 2001
Novell Confidential
3 Assigning Simple Passwords
Windows, Macintosh, and UNIX users must have a User object and simple
password before they can access network resources using native protocols.
A User object specifies attributes and information about which network
resources the user can access. User objects are created using ConsoleOneTM.
For more information about creating User objects, see the ConsoleOne Users
Guide. (http://www.novell.com/documentation/lg/consol12d/index.html)
A simple password lets users log in to the network without any client software.
To log in to the network, users are prompted from their operating system’s
native network access method, such as Network Neighborhood or Chooser, to
enter their username and simple password.
Simple passwords can be easily created for one or many users by using one of
the following procedures.
Create simple passwords for a single user by following the instructions in
“Using ConsoleOne to Create Simple Passwords” on page 28.
Create simple passwords for one or more users by following the
instructions in “Using NetWare Remote Manager to Create Simple
Passwords” on page 29.
After setting up Novell® Native File Access Protocols, you can manage
network access by following the instructions in “Managing Users and Rights
to Network Resources” on page 31.
Assigning Simple Passwords 27

103-000162-001
September 4, 2001
Novell Confidential
Using ConsoleOne to Create Simple Passwords

ConsoleOne lets you create simple passwords for users one at a time by
completing the following procedure.
1 From the Administrator Workstation, log in as a user with the Supervisor
right.
Make sure that the Administrator Workstation meets the prerequisites
2 Run CONSOLEONE.EXE (located in
\PUBLIC\MGMT\CONSOLEONE\1.2\BIN\).
Novell ConsoleOne
3 Right-click the User object and then click Properties.

4 Click the Login Methods tab and select Simple Password.
5 Click Assign Simple Password.
6 Enter the simple password in the fields provided.
If the simple password is different than the NetWare® password, the user
would enter the simple password when accessing the network with native
protocols and would enter the NetWare password when logging in with
the Novell ClientTM software.
7 Click Apply.
8 Repeat these steps to create a simple password for each user that requires
network access using Novell Native File Access software.

103-000162-001
September 4, 2001
Novell Confidential
Since you have created simple passwords for User objects in NetWare, those
users can now use native access methods (Network Neighborhood, Chooser,
etc.) to access network resources. When prompted, they will enter their
NetWare username (without context) and the corresponding simple password.
Using NetWare Remote Manager to Create Simple

Passwords
You can use NetWare Remote Manager (previously known as NetWare
Management Portal) to create simple passwords for users one at a time and
you can use it to create simple passwords for many network users.
1 Run NetWare Remote Manager following the instructions described in
the NetWare Remote Manager Administration Guide.
HINT: To run NetWare Remote Manager, enter the IP address of the server into
the URL field of an Internet browser.
2 From the left frame, click Manage eDirectory > NFAP Security.

103-000162-001
September 4, 2001
Novell Confidential
Creating Simple Passwords for Multiple Users

1 Select an option to identify the users to receive simple passwords.
Select all User objects in a context by typing in the context in the
NDS Context field.
Select all User objects in the NDS® tree by clicking Traverse Context
Tree for User Objects.
NOTE: Searching the entire NDS tree may take several minutes.
2 Select an option for choosing and communicating the password to the

user.
Send an e-mail to each user notifying them of their simple password
by clicking Send Password to User.
To use the Send Password to User feature, you must first use the
Access Mail Notification Control Page to set up NetWare Remote
Manager to perform e-mail notification.
The Access Notification Control Page is available by clicking the
configuration icon on the top of the screen. For more information, see
the NetWare Remote Manager Administration Guide.
Specify a common password by clicking User Supplied Password
and entering a password in the field provided.
The text entered in this field is used as the password for all selected
users receiving simple passwords.
3 (Optional) Use a script file to test the results before processing.
Before you commit to assigning simple passwords, you can run and
review a script file to make sure that you get the desired results.
3a Click an option for selecting User objects and an option for choosing
and communicating the passwords as described above.
3b Click Generate Script File and type a filename in the field provided.
3c Click Start.
3d Open and review the script file using a text editor.
3e Repeat the above steps until the script file contains the appropriate
information.
3f Click Process Script File and type the filename of the script in the
field provided.
4 Click Start to process the commands.

103-000162-001
September 4, 2001
Novell Confidential
Creating a Simple Password for a Single User

1 In the Username.Context field, type the username and context of the user
to receive the simple password.
2 In the New Password field, type the text to be used as the simple
password.
3 Click Set.
You will need to notify the user of the password
Managing Users and Rights to Network Resources

ConsoleOne helps you manage Novell Native File Access Protocols for each
computer platform (Macintosh, Windows, and UNIX). You can create users
and groups, assign and restrict rights to directories, and view the rights of
specific users.
To provide rights to network access, do the following:
1 From the Administrator Workstation, log in to the NetWare server
running Novell Native File Access Protocols.
You must use a Windows workstation that meets the prerequisites as
2 Run CONSOLEONE.EXE located in
\PUBLIC\MGMT\CONSOLEONE\1.2\BIN\.
3 Set up and manage rights as described in the Console One User Guide
(http://www.novell.com/documentation/lg/consol12d/index.html).
What’s Next?
You have now installed the software and set up passwords so Macintosh and
Windows users can access files on the network with no additional software.
For an explanation of how Macintosh users access network files and for more
information on managing Macintosh workstations, see Chapter 4, “Working
with Macintosh Computers,” on page 33.
For an explanation of how Windows users access network files and for more
information on managing Windows workstations, see Chapter 5, “Working
with Windows Computers,” on page 41.
To set up access for UNIX workstations, see Chapter 7, “Working with UNIX
Machines,” on page 55.

103-000162-001
September 4, 2001
Novell Confidential

103-000162-001
September 4, 2001
Novell Confidential
4 Working with Macintosh Computers
This chapter is divided into two sections—tasks administrators can perform

and tasks end users can perform using Macintosh computers.
Administrator Tasks
There are several ways that you can simplify your administration tasks and
customize how Macintosh workstations interact with the network.
Creating Simple Passwords for Several Macintosh Users

You can create simple passwords for users one at a time using ConsoleOneTM,
but if you want to create passwords for many Macintosh users, there is a
quicker way. You can add the CLEARTEXT option to the LOAD AFPTCP
command at the server console. For example:
LOAD AFPTCP CLEARTEXT
When the CLEARTEXT option is added to the AFPTCP command, users
logging in to the server from a Macintosh workstation are prompted to provide
their NDS® username and NDS password. Once the NDS password is
verified, a simple password is automatically created and stored in NDS. The
simple password is the same as the NDS password.
The CLEARTEXT option is meant to be a temporary way to create simple
passwords for many Macintosh users. After Macintosh users have created
simple passwords, the AFPTCP NLM should be loaded without the
CLEARTEXT option.
WARNING: The CLEARTEXT option allows unencrypted passwords to be sent
over the network. If you are concerned about someone capturing your password
over the network, you should not use this option. Instead, you should manage
passwords using ConsoleOne on the Administrator Workstation.
Working with Macintosh Computers 33

103-000162-001
September 4, 2001
Novell Confidential
Editing the Context Search File

A context search file allows Macintosh users to log in to the network without
specifying their full context. The context search file contains a list of contexts
that are searched when no context is provided or the object cannot be found in
the provided context. When the Macintosh user enters a username, the server
searches through each context in the list until it finds the correct User object.
Macintosh allows only 31 characters for the username. If the full NDS context
and username are longer than 31 characters, you must use a search list to
provide access.
HINT: Macintosh users do not need to enter a context or have an entry in the
context search file if their User objects are placed in the same container as the
Server object.
If User objects with the same name exist in different contexts, the first one in
the context search list will be used.
To edit the context search file, do the following:
1 Using any text editor, edit the CTXS.CFG file stored in the SYS:\ETC
directory of the server running Novell® Native File Access Protocols.
2 On separate lines, enter the contexts to search.
For example, if you had users with full NDS distinguished names such as
Robert.sales.acme, Maria.graphics.marketing.acme,
Sophia.graphics.marketing, and Ivan.marketing.acme, then you would
enter the following contexts to the CTXS.CFG file:
sales.acme
marketing.acme
3 Save the file in the SYS:\ETC directory.
The file is read the next time a Macintosh user logs in.
When Macintosh users log in, they enter only a username and the simple
password. The system finds the User object in the context specified in the
CTXS.CFG file.

103-000162-001
September 4, 2001
Novell Confidential
Creating a Guest User Account

Novell Native File Access Protocols let you create a Guest User object.
Macintosh users are accustomed to being able to log in as Guest with no
password required.
1 From the Administrator Workstation, use ConsoleOne to create a User
object named Guest.
2 Determine and assign the appropriate rights to the Guest object by
double-clicking the Guest object and then clicking Rights to Files and
Folders.
3 Remove the ability for the user to change the password by clicking
Restrictions and then unchecking Allow User to Change Password.
4 Enable the Guest account by adding the full NDS context of the Guest
object to the context search file as described in “Editing the Context
Search File” on page 34.
5 Unload and reload the AFPTCP.NLM program with the GUESToption to
make the Guest button available on the login screen.
Any Macintosh user can now log in as Guest with no password and receive the
access rights assigned to the Guest object.
Renaming Volumes
Volumes can be renamed so that they appear in Chooser under a different
name.
1 Using any text editor, create a file named AFPVOL.CFG.
2 On separate lines, enter the current name of the volume and, in quotes, the
new name of the volume. For example:
server1.sys "System Volume"
server1.img "Graphics"
#The above volume contains image files.
NOTE: The pound sign (#) marks a line as a comment.
3 Save the file in the SYS:\ETC directory of the server running Novell
Native File Access Protocols.
Once the volume has been renamed, it keeps the name even if you delete
the file and restart the server. To return to the previous name, repeat these
steps and rename the volume to its original name.

103-000162-001
September 4, 2001
Novell Confidential
For example:
System volume "server1.sys".
4 Unload and reload the AFPTCP.NLM program.
Volumes will appear to Macintosh users with the new volume names.
Macintosh End User Tasks
Accessing Network Files

Once the Novell Native File Access Protocols are properly configured on the
server, Macintosh users can use Chooser to access files and directories each
time they are required or they can create an alias on the desktop that is retained
after rebooting.
1 In Mac OS 8 or 9, click the Apple menu > Chooser > AppleTalk > Server
IP Address.
In Mac OS X, click Go > Connect to Server.
2 Enter the IP address or DNS name of the NetWare® server, and then click
Connect.
3 Enter the username and password, and then click Connect.
4 Select a volume to be mounted on the desktop.
Although you now have access to the files, mounting the volume to the
desktop does not make it available after rebooting.
5 (Optional) Create an alias to the desired volume or directory.
Aliases are retained after rebooting.
5a Click the NetWare server icon.
5b Click File > Make Alias.
The alias icon appears on the desktop.

103-000162-001
September 4, 2001
Novell Confidential
Logging In to the Network as Guest

If the network administrator has set up the Guest User object account as
described in “Creating a Guest User Account” on page 35, Macintosh users
can log in to the network as Guest with no password required.
IP Address.
2 Enter the IP address or DNS name of the NetWare server, and then click
Connect.
3 Click Guest Login > Connect.
The Guest user has rights to access network resources as configured by the
network administrator.
Changing Passwords from a Macintosh Computer

Macintosh users can change their passwords. When they change their simple
password, their NDS password is automatically synchronized.
IP Address.
2 Enter the IP address or DNS name of the NetWare server, and then click
Connect.
3 Enter the username.
4 Click Change Password.
5 Enter the old password and the new password, and then click OK.
Assigning Rights and Sharing Files from a Macintosh Computer

Although using ConsoleOne from the Administrator Workstation is the
recommended method for managing rights, Macintosh users have some file
sharing and management capability using Chooser.
HINT: For more information on how to use ConsoleOne to set up and manage
rights, see the ConsoleOne Users Guide (http://www.novell.com/documentation/lg/
consol12d/index.html) or view the ConsoleOne online Help.

103-000162-001
September 4, 2001
Novell Confidential
NetWare Rights versus Macintosh Rights
Using Chooser to access network files and folders is fairly consistent with the
Macintosh environment, but there are some differences between NetWare and
Macintosh file sharing. Macintosh users can view the sharing information
about specific folders by clicking Get Info/Sharing.
Inherited Rights and Explicit Rights
The Macintosh file system uses either inherited rights (which use enclosing
folder’s privileges) or explicit rights (which assign rights to a group or user).
A folder in the Macintosh file system cannot have both inherited and explicit
rights.
NetWare uses both inherited and explicit rights to determine the actual rights
that a user has. NetWare allows a folder (or directory) to hold file rights for
multiple groups and users. Because of these differences, Macintosh users will
find that access rights to folders and files might function differently than
expected.
NetWare uses inherited rights, so Macintosh’s "Use Enclosing Folder's
Privileges" is automatically turned off. When a Macintosh user views the Get
Info/Sharing dialog box for a NetWare folder, only the User/Group
assignments are visible if there is an explicit assignment on the folder. If the
NetWare folder inherits User/Group rights from a parent group or container,
those rights are not displayed in the dialog box, nor will there be any
indication that the folder is inheriting rights from a group or container.
Owner, User/Group, and Everyone Rights
Because NetWare allows multiple groups and users to have rights to a single
folder, users are not able to delete rights assignments using the Apple
Macintosh interface. Users can add assignments to allow basic file sharing,
but more complex rights administration must be done using the NetWare
utilities such as ConsoleOne.
When specifying Owners, Users, and Groups, there is no way to select from
current groups. You must enter the correct NetWare name and context (fully
distinguished NDS name).
HINT: No context is required if the context is specified in the context search
file.

103-000162-001
September 4, 2001
Novell Confidential
Owner Rights
In the Apple File Sharing environment, an owner is a user who can change
access rights. In the NetWare environment, users can change access rights if
they have been granted the Access Control right for the folder. In NetWare, an
owner means the one who created the file. A NetWare owner has no rights by
virtue of ownership. In the NetWare environment, the owner is the current
user if he has Access Control rights to the folder.
If the user does not have Access Control rights, the NetWare owner will be
shown if the NetWare owner is not the current user. If the current user does
not have rights to change access and is also the NetWare owner, a message to
"Use NetWare Utility" is displayed in the Owner field.
In Apple File Sharing, there can be more than one owner. If you change the
owner, Access Control rights are added to the new owner, but are not remove
from the current owner. In NetWare, there are two ways to have Access
Control rights: (1) have the Access Control right and (2) have the Supervisor
right. Adding a new owner only adds the Access Control rights, not the
Supervisor right. If the current owner already has the Supervisor right through
other NetWare utilities, that right will remain. The Supervisor right also gives
full file access rights. This means that if you are the current user and have the
Supervisor right, you also have read/write access and you cannot change those
rights.
Display only allows for one owner. If multiple users have file access rights,
only the current user is shown in the Owner field. This means you could
change the owner (which in NetWare simply means adding the Access
Control right to the new user) and when you open the file sharing dialog box
again, you will be listed as the Owner, even though you have just given
ownership or the Access Control right to someone else.
User / Group
Only one User/Group can be displayed for a folder, although NetWare allows
multiple users and groups to be assigned file access rights. If both Users and
Groups have access to a NetWare folder, Groups are displayed before Users.
The Group with the most access rights is preferred over Groups with lesser
access rights. Only users or groups with explicit rights (not inherited rights)
are shown in the User/Group field. Users and Groups with inherited rights are
not shown in the dialog box nor is there any indication that there are Users and
Groups with inherited rights.

103-000162-001
September 4, 2001
Novell Confidential
Adding a group or user does not remove the current group or user; it simply
adds the rights to the group or user specified. If the user enters the wrong user
or group name, the user gets no feedback. If multiple users or groups are
assigned to the folder, it is possible that the user is unable to see the user or
group that was just assigned. It could be very difficult to know if the rights
assignment worked or not.
Rights set through this interface are inherited by the folder's subfolders. It is
impossible to manage all inherited rights from the Macintosh interface.
(Although not recommended, you could set the inherited rights filters from the
NetWare utilities to turn off inherited rights.)
Everyone
Assignment of rights to Everyone acts like the Macintosh user expects, with
the exception that Everyone's rights are inherited. In NetWare, the object that
represents the rights of any authenticated user is used to set Everyone's rights.
Everyone's rights can change from folder to folder, but once they are set, they
are inherited by subfolders.

103-000162-001
September 4, 2001
Novell Confidential
5 Working with Windows Computers
This chapter is divided into two sections—tasks administrators can perform

and tasks end users can perform using Windows computers.
Administrator Tasks
There are several ways that you can simplify your administration tasks and
customize how Windows workstations interact with the network.
Specifying Contexts in the Context Search File

During the installation, you specified the NDS® contexts of Windows users
that required access to the network. These contexts are saved in the context
search file. When the Windows user enters a username, the Novell® Native
File Access Pack component running on the server searches through each
context in the list until it finds the correct User object.
NOTE: In Domain mode, if User objects with the same name exist in different
contexts, each user object attempts authentication in order until one succeeds with
the corresponding password.
You can add or remove contexts by editing the context search file.
1 Using any text editor, edit the CIFSCTXS.CFG file stored in the
SYS:\ETC directory of the server running Novell Native File Access
Protocols.
2 On separate lines, enter the full contexts to search.
For example if you had users with full NDS distinguished names such as
Robert.sales.acme, Maria.graphics.marketing.acme,
Working with Windows Computers 41

103-000162-001
September 4, 2001
Novell Confidential
Sophia.graphics.marketing, and Ivan.marketing.acme, then you would

enter the following contexts to the CIFSCTXS.CFG file:
sales.acme
marketing.acme
3 Save the file in the SYS:\ETC directory.
4 At the server console, enter CIFSSTOP to unload the current context
search file.
5 Enter CIFSSTRT to load the new context search file and apply the
changes.
When Windows users log in, they enter only a username and the simple
password. The system finds the User object in the context specified in the
CIFSCTXS.CFG file.
NOTE: Remember that users must have a simple password before they can
access the network.
Providing Network Access to Domain Users

You can provide access to users from an existing NT domain by importing
them into NDS.
1 Configure the Novell Native File Access Protocols software for Domain
authentication.
Importing users from an NT domain is not supported in Local Mode. In
Local Mode, the main NetWare® Remote Manager page is displayed
rather than the NFAP Import Users page.
2 Run NetWare Remote Manager following the instructions described in
the NetWare Remote Manager Administration Guide in the NetWare 6
documentation. (http://www.novell.com/documentation/lg/nw6p)
The NetWare Remote Manager is launched by entering the IP address of
the server into the URL field of an Internet browser.
3 In the left frame, click Manage eDirectory > NFAP Import Users.
4 Browse to the NDS Context that you will import the users into.
Any time you reach a valid context for importing users, a Start button will
appear.
5 Click Start to import users.

103-000162-001
September 4, 2001
Novell Confidential
The context that you select will be automatically written to the

CIFSCTXS.TXT file, which contains all the contexts of all users.
Status of the import is given on the interval that you select.
6 When the import is complete, click Done to clear the screen.
Customizing the Network Environment Using a Configuration File

1 Log in to the server running the Novell Native File Access Protocols.
2 Change to the SYS:\ETC\ directory.
3 Edit CIFS.CFG using a text editor.
Enter the desired parameters following the rules for syntax.
4 Save the CIFS.CFG file to the same directory (SYS:\ETC).
Configuration File Parameters
The following parameters can be set in the SYS:\ETC\CIFS.CFG file to

customize the user experience for your environment.
HINT: Any parameter can be excluded by placing a # at the beginning of the
command line. If the parameter is excluded, the default value is used.
-SERVERNAME
The name of the server running Novell Native File Access Protocols. The
length can be a maximum of 15 characters. This name is displayed in Network
Neighborhood. This server name must be different from the NetWare Server
name.
Value: ‘Server_Name’
Default: None
-COMMENT
The comment associated with the server name listed above. This comment is
displayed when viewing details.
Value: ‘Comments’
Default: None

103-000162-001
September 4, 2001
Novell Confidential
-AUTHENT
The method of authentication used by Novell Native File Access Protocols.

Domain—Clients are members of a domain. A Windows domain
controller performs user authentication.The username and password on
the domain controller must match the username and password used to log
in to the Windows workstation.
Local—Clients are members of a workgroup. The server running Novell
Native File Access Protocols performs the user authentication. The
username and password on NetWare must match the username and
password used to log in to the Windows workstation.
Value: Domain | Local
Default: Local
-DOMAIN
The domain or workgroup that the server will belong to.

Value: ‘Domain_Name’
Default: Workgroup
-WORKGROUP
The domain or workgroup that the server will belong to. Workgroup and
Domain can be used intergchangeably.
Value: ‘Workgroup_Name’
Default: Workgroup
-PDC
The PDC server name and static IP address. This is needed if the PDC is on a
different subnet. This option should be used only when there is a valid reason
for overriding WINS or DNS.
NOTE: The address of the PDC must be static; otherwise, if the PDC reboots and
the address changes, the server running Novell Native File Access Protocols will
not be able to contact the PDC.
Value: ‘PDC_Name’ Address

Default: None

103-000162-001
September 4, 2001
Novell Confidential
-PDCNAME
The PDC server name. If the PDC and server running Novell Native File
Access Protocols are on different subnets, clients must use DNS name
resolution to find the server. PDCNAME does not include the IP address.
Value: ‘PDC_Name’
Default: None
-WINS
Address of WINS server to be used to locate the PDC, if the PDC and server
running Novell Native File Access Protocols are on different subnets.
Value: IP_Address
Default: None
-ATTACH
Bind the CIFS protocol to the IP address specified. For multiple addresses,
repeat the command as needed.
Value: IP_Address
Default: Bound to all addresses.
-SHARE
Allow any volumes or directories on the server to be specified as shared points

and to be accessible via the Network Neighborhood. If no -SHARE line is
specified (or is commented out), then all mounted volumes are displayed.
Localpath is the path to the server volume or directory which becomes the
root of the sharepoint. This path must end with a backslash (\).
Sharename is the name by which the sharepoint is known to the Windows
computers.
Connection Limit is the number of connections allowed to the sharepoint
(0 is unlimited).
Comment is a description for the sharepoint that appears in Network
Neighborhood or My Network Places.
Value: ‘Localpath’ ‘Sharename’ Connection Limit ‘Comment’
Default: All mounted volumes are shared.

103-000162-001
September 4, 2001
Novell Confidential
-UNICODE
When On (enabled), this command enables Unicode characters (used in

double-byte languages).
Value: On | Off
Default: Off (disabled)
IMPORTANT: To support Unicode, an additional file named UNINOMAP.TXT
must be created and saved in the SYS:\ETC directory. When the -UNICODE value
is set to On, the UNINOMAP.TXT file is used to resolve Unicode-to-ASCII "no-
map" problems.
To specify "no-map" cases in the UNINOMAP.TXT file, enter the first Unicode
value to watch for and then the second value representing the ASCII replacement
code. For example:
0178 98
20AC CC

encountered, the system uses the ASCII substitution character specified in the file.
Sample Configuration File

#This name will display in Network Neighborhood with the
#following comment.
-SERVERNAME ‘NW6-NNFAP’
-COMMENT ‘Server running Novell Native File Access Protocols’
#Novell Native File Access Protocols is configured to use

Local #authentication.
-AUTHENT LOCAL
#The workgroup name is ONENET.
-WORKGROUP ‘ONENET’
#When this volume is mounted, the local path CIFSVOL:\ will

appear as a sharepoint named Graphics Volume with unlimited
connections (0) and its corresponding comment.
-SHARE ‘CIFSVOL:\’ ‘Graphics Volume’ 0 ‘Lots of image files’

103-000162-001
September 4, 2001
Novell Confidential
Configuration File Shortcuts
You can enter the following commands at the server console to modify the
configuration file.
CIFS SHARE ADD ‘localpath’ ‘sharename’
connectionlimit ‘comment’ adds a new sharepoint and also adds
the command to the CIFS.CFG file.
CIFS SHARE REMOVE ‘sharename’ removes the sharepoint and
comments it out of the CIFS.CFG file.
Viewing Configuration Details

You can view details about how Novell Native File Access Protocols are
configured by entering the following commands at the server console.
CIFS INFO displays operational information.
CIFS SHARE displays all active sharepoints.
CIFS SHARE sharename displays information about a specific
sharepoint.
Windows User Tasks

When Novell Native File Access Protocols are properly configured, Windows
users can access files, map drives, and change passwords on NetWare servers.
Accessing Files from a Windows Computer

From a Windows computer, you can access a file and folder each time it is
required or you can map drives and create shortcuts that are retained after
rebooting.
1 Enter your username (no context) and local password to log in to the
computer.
2 Access the network by clicking the network icon.
In Windows 2000 or Windows ME, click My Network Places >
Computer Near Me. In Windows 95/98, click Network Neighborhood.
3 Browse to the workgroup or domain specified during the Novell Native
File Access software installation.
4 Select the server running Novell Native File Access Protocols.

103-000162-001
September 4, 2001
Novell Confidential
Although it is the same computer, the Novell Native File Access server
name is not the same as the NetWare server name. For more information,
ask your network administrator.
HINT: You can enter the server name or the server IP address in Find Computer
to quickly access the server running Novell Native File Access software.
5 Browse to the desired folder or file.
Mapping Drives from a Windows Computer

1 Enter your username and local password for Microsoft* Networking.
2 Click Map Network Drive.
There are several ways to access Map Network Drive. For example, you
can use the Tools menu in Windows Explorer or you can right-click
Network Neighborhood.
3 Browse to or enter the following path:
\\server_running_Novell_Native_File_Access_softw
are\sharepoint | volume | directory\
4 Select the server running Novell Native File Access Protocols.
Although it is the same computer, the Novell Native File Access server
name is not the same as the NetWare server name. For more information,
contact your network administrator.
5 Complete the on-screen instructions for mapping the drive.
Changing Passwords from a Windows Computer

Windows users can change and synchronize their local password and their
simple password. When users change the local password, they also change and
synchronize their simple password.
From a Windows 2000/NT Computer

1 Press Ctrl+Alt+Delete.
2 Click Change Password.
3 In the Domain field (or the Log On To field in Windows 2000), enter the
name of the server running Novell Native File Access Protocols.
If your Windows computer is running Novell ClientTM software, click
Show All Resources and select the appropriate server.

103-000162-001
September 4, 2001
Novell Confidential
4 Enter the username, old password, and new password as prompted.

The NetWare password and the simple password will be synchronized
only if the old simple password matches the NetWare password. If they
are different, the NetWare password will not be changed and access to the
network will be denied. To change and synchronize the NetWare
password, you must use the Administrator Workstation running Novell
Client software.
From a Windows 95/98/ME Computer

1 Change the local password.
1a Click Start > Control Panel > Passwords.
1b Click Change Passwords > Change Windows Password.
1c Enter the username, old password, and new password as prompted.
2 Change the simple password.
2a Click Start > Run.
2b Enter
NET PASSWORD
server_running_Novell_Native_File_Access_soft
ware
For example:
NET PASSWORD NetWare1
WARNING: The Windows NET PASSWORD utility sends unencrypted text
(called clear text) over the network. If you are concerned about someone
capturing your password over the network, you should manage passwords
using ConsoleOneTM from the Administrator Workstation. For more
information on why this issue exists, contact Microsoft Corporation.
2c Enter the same username, old password, and new password when
prompted.
The NetWare password and the simple password will be
synchronized only if the old simple password matches the NetWare
password. If they are different, the NetWare password will not be
changed and access to the network will be denied. To change and
synchronize the NetWare password, you must use the Administrator
Workstation running Novell Client software.

103-000162-001
September 4, 2001
Novell Confidential
For Computers Using Domain Authentication
If the computer is configured to use domain authentication, then the password

checking is done by the domain controller. The password can be changed
using the Windows administration tools for a domain controller. For more
information, contact your network administrator.

103-000162-001
September 4, 2001
Novell Confidential
6 Setting Up Novell Native File Access

Protocols in a NetWare 6 Cluster
NetWare® 6, Novell® Cluster ServicesTM software, and Novell Native File

Access Protocols provides high availability, scalability, and security to your
network while reducing administrative costs associated with managing client
workstations.
This chapter describes how to set up a NetWare 6 clustered environment so
that Macintosh and Windows computers can use Novell Native File Access
Protocols to access files on the network.
NOTE: For information on setting up UNIX computers to use Novell Native File
Access Protocols in a clustered NetWare 6 environment, see Chapter 7, “Working
with UNIX Machines,” on page 55.
Prerequisites
Before installing Novell Native File Access Protocols in a clustered
environment, make sure that you have met the following prerequisites:
Novell Cluster Services 1.6 installed on NetWare 6 servers
For information on configuring Novell Cluster Services, see Novell
Cluster Services Overview and Installation.
NetWare 6 configured as described in “NetWare Server Prerequisites” on
page 15
Administrator workstation configured as described in “Administrator
Workstation Prerequisites” on page 17
Novell Native File Access Protocols installed on each server in the cluster
that you want users to access. Follow the instructions in “Installing the
Software after Server Installation” on page 18
Setting Up Novell Native File Access Protocols in a NetWare 6 Cluster 51

103-000162-001
September 4, 2001
Novell Confidential
Setting Up for Macintosh

To set up the Macintosh portion of Novell Native File Access Protocols in an
environment running Novell Cluster Services, complete the following:
1 Load AFPTCP.NLM on all servers in the cluster by entering LOAD
AFPTCP at the server system console.
HINT: You can add this command to the AUTOEXEC.NCF file of each server.
2 Cluster-enable the shared-disk volumes by following the procedures

described in the Cluster Services documentation. (http://
www.novell.com/documentation/lg/ncs/index.html)
3 (Optional) Rename cluster-enabled volumes so Macintosh users will see
the same volume name regardless of what server has the volume
mounted.
For instructions, see “Renaming Volumes” on page 35.
Volumes are displayed as "ServerName.VolumeName." If the server fails
over, the user sees the next failover server with the same volume name.
For example, Server1.VOL1 becomes Server2.VOL1. Renaming each
ServerName.VolumeName to a common name displays the common
name regardless which server is providing the volume. For example,
renaming Server1.VOL1 to Graphics, Server2.VOL1 to Graphics, and
Server3.VOL1 to Graphics displays Graphics regardless which server is
providing VOL1.
Macintosh clients should now be able to access files on the server cluster by
entering the IP address or server name of the cluster-enabled volume.
NOTE: Novell Native File Access Protocols does not support automatic reconnect
for Macintosh computers. If the network connection between a Mac computer and
one of the servers in the cluster fails, the user must reconnect using the same IP
address for the cluster-enabled volume.
Setting Up for Windows

To set up the Windows portion of Novell Native File Access Protocols in an
environment running Novell Cluster Services, complete the following steps:
1 Remove the CIFSSTRT.NCF command from each server’s
AUTOEXEC.NCF file.
2 Create a Cluster Resource object that corresponds with the Novell Native
File Access Protocols support for Windows.

103-000162-001
September 4, 2001
Novell Confidential
2a Log in as a user with the Supervisor right to a server in the cluster.

2b Run ConsoleOneTM located in
SYS:\PUBLIC\MGMT\CONSOLEONE\1.2\BIN\.
2c Select the Cluster Resource object.

2d Click File > New > Cluster > Cluster Resource.
2e Name the Cluster Resource (for example, Native_File_Access).
2f Enter CIFS Server in Inherit From Template.

2g Click Create.
3 Follow the instructions and substitute variables in the template to
customize the resource for your environment.
Setting Up Novell Native File Access Protocols in a NetWare 6 Cluster 53

103-000162-001
September 4, 2001
Novell Confidential
What’s Next?
With the NetWare 6 cluster configured with Novell Native File Access
Protocols, Macintosh and Windows users can receive the benefits of a
clustered environment—without needing additional client software.
For an explanation of how Macintosh users access network files and for more
information on managing Macintosh workstations, see “Working with
Macintosh Computers” on page 33.
For an explanation of how Windows users access network files and for more
information on managing Windows workstations, see Chapter 5, “Working
with Windows Computers,” on page 41.

103-000162-001
September 4, 2001
Novell Confidential
7 Working with UNIX Machines
Novell® Native File Access for UNIX* provides an NFS Server that lets
UNIX workstations access and store files on NetWare® servers. It is an
implementation of the Network File System (NFS) protocol. The required
software components are installed and run only on the NetWare servers; no
additional software is required on the UNIX workstations. UNIX users attach
to NetWare storage using NFS over the TCP/IP protocol. They can mount the
exported network storage and use it as their own file system.
The traditional NetWare file system is supported only on NFS version 2. The
NSS file system, however, is supported on NFS versions 2 and 3. NFS Server
provides mount protocol versions 1, 2, and 3 over UDP. The NFS Server
supports NFS protocol versions 2 and 3 on UDP and TCP.
Native File Access for UNIX also provides a complete Novell eDirectoryTM-
enabled Network Information Services (NIS) with which UNIX and NetWare
users can be administered from a single point, namely eDirectory. NIS
maintains its information in eDirectory and integrates the user information so
that the eDirectory User object also represents the NIS user.
Features of Novell Native File Access for UNIX

Novell Native File Access for UNIX includes the following features:
NFS Server
Network File System (NFS) enables UNIX users to access a NetWare file
system as if it were a local directory on the UNIX workstation. Any client
that supports the NFS protocol can also access NetWare files using the
NFS Server.
See “NFS Server” on page 57.
Working with UNIX Machines 55

103-000162-001
September 4, 2001
Novell Confidential
Network Information Services

NIS is a yellow pages service widely implemented in UNIX
environments. NIS on NetWare acts as a central repository for NIS
information by storing them as eDirectory objects that can be centrally
maintained and administered.
See “Network Information Service” on page 59.
UNIX User Management
With the implementation of NIS over eDirectory, there exists only one
user/group in the network which contains both eDirectory information
and UNIX information. This brings up the user management to single
point, namely eDirectory.
See “UNIX User Management Using eDirectory” on page 63.
ConsoleOne-Based Administration
By using ConsoleOne’s snap-in utility for Native File Access for UNIX,
you can administer and manage the services.
See “ConsoleOne-Based Administration” on page 65.
Cluster Services Support
To achieve high availability of services, Native File Access for UNIX can
be run on Novell Cluster ServicesTM.
See “Novell Cluster Services Support” on page 66.
Upgrade Utility
The upgrade utility helps to retain the configurations of previous
installations of NetWare NFS Services (versions 2.x and 3.x) during a
NetWare 6 upgrade.
See “Upgrade Utility” on page 68.

103-000162-001
September 4, 2001
Novell Confidential
Overview of Native File Access for UNIX
NFS Server
Network File System (NFS) enables UNIX users to access a NetWare file
system as if it were a local directory on the UNIX workstation. Any client that
supports the NFS protocol can also access NetWare files using the NFS
Server.
This section uses the UNIX operating system as the example when referring
to the remote NFS client. The following figure shows an example of the NFS
Server file sharing process.
Figure 1 NFS Server Functionality
NetWare Server UNIX Host

SFO-ARGOS MADRID
1 2
This path The UNIX host
(/vol/memos) MADRID mounts
is exported the exported path.
for access
by the UNIX 3
host MADRID. This path is now
accessible as if it
were a local
directory.
Making the NetWare File System Available to NFS Clients
Before UNIX users can access the NetWare file system, it must be made
available to the UNIX workstations. This process is called exporting the file
system. When exporting, you can define who should access the information
and how it is accessed by specifying the trusted systems and export options.
For example, you can restrict the access to specific UNIX workstations, export
the directory as Read-only, etc.

103-000162-001
September 4, 2001
Novell Confidential
Accessing the NetWare File System from NFS Clients
After exporting the NetWare file system from a NetWare server, you must
mount the exported file system on the UNIX workstation for normal access.
This process is called mounting the file system. Mounting a NetWare file
system from a UNIX workstation consists of the following:
Creating a mount point
A mount point is an empty directory you create. This directory becomes
the access point for the NetWare file system. If you choose an existing
directory as a mount point, the contents of the existing directory become
unavailable until you unmount the remote file system.
Mounting the NetWare directory
Most UNIX systems use the MOUNT command to mount a remote file
system.
After these steps are complete, UNIX users can access the NetWare file
system by accessing the local mount point. Different UNIX systems can use
slightly different commands or user interfaces to mount a remote file system.
Accessing the NFS Server from the Web
The Web-NFS component of the NFS software enables direct Web access to
data on NFS servers. It defines a new NFS URL that complements HTTP. The
format is as follows:
NFS://Hostname or IP Address
Using this URL, browsers with Web-NFS support can access data from any
server.
Web-NFS extends NFS to support operations over a WAN. With Web-NFS,
clients can obtain file handles more easily without going through the
portmapper or the mount protocols. This makes it firewall-friendly and
enables NFS operations across WANs and the Internet. It also improves
performance over a WAN by reducing the number of turnarounds.
For each NFS server, only one of the exported paths can be enabled for Web-
NFS access.

103-000162-001
September 4, 2001
Novell Confidential
NFS Server Access Control
NetWare and UNIX use different methods for controlling access to files.
Although both have similar directory and file security, NetWare security is
more elaborate. At a basic level, both systems assign access controls to similar
user types.
The access control mode is known as Independent Mode wherein there are no
rights/permissions mappings. NFS Client rights apply to NFS client access
and NetWare rights apply to NetWare client access.
For information about NFS Server configuration and management, see “NFS
Network Information Service

Network Information Service (NIS) software lets you administer both UNIX
and NetWare from a single point, namely eDirectory.
NIS is a yellow pages service widely implemented in UNIX environments.
NIS contains common information about users, groups, and hosts and other
information that any client might require. This information could include a list
of network hosts, protocol information, and even non-standard information
that is likely to benefit from a centralized administration like phone lists.
NIS maintains its information in eDirectory and also integrates the user/group
information so that the eDirectory User/Group object also represents the NIS
user/group. In the eDirectory-enabled NIS, all NIS-related information is
stored as eDirectory objects. The NetWare NIS can also be set up to work in
the various NIS configurations available.
NetWare Implementation of NIS: In the NetWare implementation of NIS,
individual NIS Records, NIS Maps, NIS Domains, and NIS Servers are
eDirectory objects with additional custom attributes defined to accommodate
the NIS-specific information.
NetWare NIS is installed as part of the Native File Access for UNIX
installation, and the NIS Server eDirectory object is created with the name
NISSERV_ServerName in the default bindery context of the server or in the
Server's eDirectory Context.

103-000162-001
September 4, 2001
Novell Confidential
This NISSERV_ServerName is the main NIS Server eDirectory object. It

maintains a list of all the NIS Domains it is serving. To view and edit the list,
do the following:
1 Right-click NISSERV_Servername object.
2 Click Properties.
3 Click the Memberships Tab to display the list of NIS Domains served by
this NIS Server object.
4 Click the Others Tab to view the IP Address of the NetWare server where
NIS server is installed.
NIS Information on eDirectory
NIS Domain
The NIS system organizes nodes into administrative segments called domains.
The NIS domain exists only in the local environment and usually covers a
single network. An NIS domain is a hierarchical structure; hence it is stored
as a container in eDirectory. NIS does not impose any strict rules on domain
naming; however, each domain must have a unique name.
An administrative NIS domain could be a company or a division of a
company. Many administrators using DNS choose to relate their NIS domain
name to their DNS domain name, but this is not necessary.
NIS Maps
NIS stores all the common information pertaining to a domain as a set of NIS
Maps. Users can access the information in these NIS maps. In the eDirectory-
enabled NIS, these maps are stored as containers under the NIS domain
container. A migration utility is available to create the NIS maps under a
specified domain. The NIS Server supports both standard and custom maps.
Standard NIS Maps: Standard maps are created from the standard NIS text
files.
The following standard maps are supported. They are classified according to
the type of records they contain.
Ethers Map—A source of information about the Ethernet addresses (48-bit)
of hosts on the Internet. The Ether objects (ieee802Device) store information
about the Ethernet address and hostname.

103-000162-001
September 4, 2001
Novell Confidential
Bootparams Map—A source of information for various boot parameters.

The Boot objects store information about the boot parameters of the various
devices that are running. If the Bootparams text filename is to be migrated
from the ConsoleOne, it should be named bootp.
Hosts Map—Contains one entry for each IP address of each host. If a host has
more than one IP address, it will have one entry for each. The Hosts objects
store the IP address and hostname as distinguished values of CN, and aliases
and nicknames are stored as other values of CN attributes.
Netgroup Map—A source of information about Net Group parameters. It
provides the abstraction of net groups.
Networks Map—Contains a single object for each network. The Network
objects store network names as distinguished values of CN, and aliases and
nicknames are stored as other values of CN attributes.
Protocols Map—Contains one object for each protocol. The Protocols
objects store protocol names as distinguished values of CN, and aliases and
nicknames are stored as other values of CN attributes.
RPC Map—Contains one object for each Remote Procedure Call (RPC)
program name. The RPC objects store RPC program names as distinguished
values of CN, and aliases and nicknames are stored as other values of CN
attributes.
Services Map—Contains an object for each service. The Services objects
store service names, ports, and protocols as distinguished values of CN, and
aliases and nicknames are stored as other values of CN attributes.
Passwd Map—Maintains the details of the users such as UID, Username,
home directory etc.
Group Map—Maintains the details of the groups present such as GID, Group
name, and Group members.
Ypservers Map—Maintains a list of NIS slave servers which can also serve
the NIS domain.
Custom NIS Maps: You can use NIS to store any common configuration
information that is valuable to NIS clients. Maps you create in addition to the
standard NIS maps are called custom maps. For example, you can create an
NIS map that provides an employee phone list.
You can create custom maps by creating a text file that contains the relevant
configuration information. After creating the text file, you convert it into an
NIS map through migration.

103-000162-001
September 4, 2001
Novell Confidential
To create a phone list map, you would begin by creating a text file containing
each employee's name and phone number. An NIS map text file must conform
to the following rules:
Each data line begins a new entry key.
The backslash character (\) at the end of a line appends the next line to the
current line.
The pound sign (#) at the beginning of a line tells the converter to ignore
the line.
Blanks separate the key and the value. Therefore, you must use
underscores to replace all other blanks within the key, such as the space
between an employee's first and last names. Blanks are acceptable within
the key values such as the phone list.
The following is an example of the phone list text file:
# This is the text file for the phone list map.
Janice_SmithMS 881-1456
Bob_SpillerMS 235-6777
Jim_Miller MS 769-8909
Various NIS Configurations
NIS can be configured in the following ways:

NIS Master Server
NIS Slave Server
NIS Client
NIS Master Server
The master server is the true single owner of map data. It is responsible for all
map maintenance and distribution to slave servers. Once an NIS map is built
on the master, the new map file is distributed to all slave servers for that
domain, through the client-server relationship. You must, therefore, make all
the modifications only on the master. The master maintains a list of slave
servers within its domain in the form of a map named Ypservers.

103-000162-001
September 4, 2001
Novell Confidential
NIS Slave Server
You can set up read-only copies of the NIS database on secondary servers. The
secondary servers are referred to as slaves. When the server is set up as an NIS
slave, it contacts the master NIS server and requests a complete copy of the
NIS maps on that server.
Once the slave server is set up, you don’t need to manage the update process
manually. The slave servers periodically query the master and request an
update when the slave detects a more recent time stamp on the master. A slave
server can be added to the Ypservers map in the master.
We recommend that you set up at least one slave server for each NIS domain.
The slave server can then function as a standby if the master server goes down,
although it might not be necessary in all networks. Slave servers can also be
used for load distribution in the network. A master NIS server for one domain
can also function as a slave NIS server for another domain.
NIS Client
NIS client enables users to query NIS map information from NIS servers.
For more information on setting up and managing NIS, see “NIS Server” on
page 94.
UNIX User Management Using eDirectory

With the implementation of NIS over eDirectory, there exists only one user/
group in the network which contains both eDirectory information and UNIX
information. This brings up the user management to single point, namely
eDirectory.
For this purpose, the eDirectory schema has been extended and the relevant
user information is placed in the eDirectory Library. The User object now
stores UNIX information such as UID, GID, password, home directory, and
shell on eDirectory.
By default, UNIX users /groups are looked for within the containers specified
by the parameter SEARCH_ROOT in the configuration file NFS.CFG. The
search is recursive within the containers specified by this parameter. In case
the parameter does not contain any value, then the search is done under the
default bindery or servers context.
When a set of users/groups are migrated to eDirectory from a UNIX server,
corresponding User/Group objects are created /updated in eDirectory. During

103-000162-001
September 4, 2001
Novell Confidential
migration, if the UNIX user or group is not present, a new eDirectory User or
Group object is created with default NetWare rights. If the User or Group
object exists, the user or group's UNIX-related information is updated by
default during the migration.
User and Group Information
NetWare and UNIX both use the same User and Group objects to get the
information they need.
When a user/group makes a request to access one of the services, it searches
for the User object on eDirectory by default. The services can also be
configured to look for users and groups from a remote NIS database.
Information about UNIX Users and Groups
The user information includes the following:

Username
UNIX User Identification Number (UID)
Home directory
Preferred shell
UNIX Group Identification Number (GID)
Comments
The Group Information includes the following:
Group name
Group Identification Number (GID)
Users present in this group
A typical UNIX system stores user account information in the /ETC/
PASSWD file and stores group information in the /ETC/GROUP file. You can
migrate this data directly into eDirectory using the migration utility.
UNIX Usernames, Group Names, and ID Numbers
Each user uses a username to log in to the system. The UID identifies file and
directory ownership information. The user's UID can be a number between 0
and 65,535, with the numbers 0 through 99 usually reserved. (0 is usually
assigned to the Superuser.)

103-000162-001
September 4, 2001
Novell Confidential
NFS group names also have identification numbers. The range of numbers is
between 0 and 65,535, with the numbers 0 through 99 reserved. The GID
identifies the user as a member of the primary group identified by that GID.
User Home Directories
The home directory is the absolute pathname of the user's home directory on
UNIX machines.
User Preferred Shells
The shell information identifies the path of the shell program that runs when
the UNIX user logs in to the system. You can set the login account to run any
program when a user logs in to the system, but the program typically creates
an operating system working environment.
Handling UNIX User Passwords
The current implementation does not migrate the existing UNIX password
field in the password map.
Before migrating the users and groups, remove the password field ("*", "x",
or "!") from the corresponding text file and then migrate. After doing this, you
can set the UNIX password from the UNIX machine. This is done by making
the UNIX machine an NIS client to the NetWare machine, logging in as that
NIS user and running an NIS client utility named YPPASWD to set the UNIX
password.
For information about UNIX user management, see “Migration” on page 74.
ConsoleOne-Based Administration
You can use ConsoleOne to perform the following Native File Access for
UNIX tasks:
Configure the server's global parameters
Start and stop services
Configure and manage services
Configure error reporting
Monitor performance and adjust parameters affecting performance
Configure user and group UNIX information
For more information, see “ConsoleOne-Based Configuration” on page 69.

103-000162-001
September 4, 2001
Novell Confidential
Novell Cluster Services Support

In a non-cluster environment, if the server running Native File Access for
UNIX fails, then UNIX users will not be able to use this service until the
NetWare server is up. To achieve high availability, you can run Native File
Access for UNIX on Novell Cluster ServicesTM.
The product is installed on all the required nodes in the cluster. Cluster
enabling is achieved by storing the required configuration files on the shared
disk in the cluster. Native File Access for UNIX then accesses these files
through an always or highly available virtual IP address. NFS/NIS clients
must, therefore, use the virtual IP Address for NFS mounts and issuing NIS
client calls. In case the server where the services are currently running fails,
the shared disk volume with configuration files automatically remounts along
with the virtual IP on a designated node in the cluster.
Native File Access for UNIX supports only active-passive mode on the
cluster. This means that only one node in the cluster will be running NFS
Services.
Running Novell Native File Access for UNIX on Novell Cluster Services
provides the following benefits:
There is no need to replicate configuration information as the
configuration files are stored on the shared disk.
Services can be automatically restarted without user intervention in case
of a node failure in a cluster.
The services can be migrated and controlled between the various nodes in
the cluster using ConsoleOne.
Since the cluster volume is the same regardless of which server it is
mounted on, no configuration information is lost or out of date.
For information on configuring Native File Access for UNIX on Novell
Cluster Services see “Setting Up Novell Native File Access for UNIX with
Novell Cluster Services” on page 112.

103-000162-001
September 4, 2001
Novell Confidential
Administration Utilities
The following administration utilities are provided with Novell® Native File
Access for UNIX:
SCHINST
This utility is run automatically during the installation of Native File Access
for UNIX. This utility extends the schema necessary for storing the UNIX
information of objects. If the directory services are reinstalled or if the
NISUserDef/NISUser object is deleted, run this utility manually. The syntax
is as follows:
schinst [ -f filename]
The -f filename is an optional parameter. It is the name of the file that contains
the list of schema files that need to be extended. If a filename is not specified,
the default file, SYS:\ETC\UNIXSCH, is used.
SCHINST takes the administrator's FDN and password as input for extending
the schema.
SCHINST extends the UAM schema only if N4S schema is not already
extended in the tree. If N4S is present, SCHINST will not extend the UAM.
It creates NISUserDef object if N4S schema is available or else creates
NISUser object if UAM schema is extended. It also adds the UNIX Profile of
the root user as UID=0, GID=1, Home Directory=/home to this object. It
updates the parameter NIS_ADMIN_OBJECT_CONTEXT in the
configuration file NFS.CFG with the context where the object is present.
To extend UAM schema deliberately when N4S schema is already present in
the tree, execute the following command after stopping the NFS services
running (use nfsstop):
schinst -n
NOTE: You also have to run nisinst after this.
All log messages generated by SCHINST are written to the

SYS:\ETC\SCHINST.LOG file. All information regarding schema extension
can be found in SYS:\SYSTEM\DSMISC.LOG.

103-000162-001
September 4, 2001
Novell Confidential
NISINST
This utility creates an eDirectory object with the name

NISSERV_Servername by default or whatever name was specified with the -
s option. NIS Server uses this object to store the domains served by the NIS
Server. NIS Server validates every request against the list of domains
specified in this object. It serves the request only when the domain in the
request is present in the above list. The syntax is as follows:
nisinst [-s name] [-x context]
The parameter -s is optional. It specifies the name to be given to the nisserver

object. The parameter -x is also optional. It specifies the context where the
object should be created in eDirectory.
Run the NISINST manually, if the nisserver object is deleted.
IMPORTANT: If directory services are removed, you need to comment the
SEARCH ROOT parameter in NFS.CFG and do the following:
nfsstop
schinst
nisinst
nfsstart
Upgrade Utility
The upgrade utility (NFAUUPGR.NLM) is automatically invoked to upgrade
the default configuration of NetWare NFS Services 2.x or 3.0 when you
choose Native File Access for UNIX while upgrading the operating system
from NetWare 4.x or NetWare 5.x to NetWare 6.
When invoked during installation, the upgrade utility retains the existing
configuration into the new configuration files, NFS.CFG, NIS.CFG, and
NFSSERV.CFG located in SYS:\ETC. The existing configuration files
NFSTHOST, and NFSEXPRT are retained.
During installation, if N4S schema is detected, then some of the features
available for the UAM schema will not be available. Some such features are,
multiple domain support, RFC2307 compliance for NIS, starting and stopping
NIS services from ConsoleOne. To enable these features, you need to extend
the new schema by executing schinst -n.

103-000162-001
September 4, 2001
Novell Confidential
Setting Up and Managing Novell Native File Access for

UNIX
This section explains how to set up and manage Native File Access for UNIX.
It includes information on the following:
Configuration Methods (page 69)
Configuring Server General Parameters (page 71)
Migration (page 74)
NFS Server (page 82)
NIS Server (page 94)
Configuration Methods
Novell Native File Access for UNIX can be configured using ConsoleOneTM
and also by setting the file-based configuration parameters of the various
components.
ConsoleOne-Based Configuration
To start ConsoleOne from the client, complete the following steps.

IMPORTANT: Before starting ConsoleOne, ensure that you run NFSSTART on
the server that you want to administer.
1 Start ConsoleOne from the server where Native File Access for UNIX is
installed.
2 Click NFSAdmin and then the login toolbar icon.
3 Enter the tree name, context name, authorized username, and authorized
password.
4 Click OK.
5 Enter the hostname or IP address and then click OK.
IMPORTANT: To log in successfully, make sure that your file server name and
hostname are the same and that you have logged in to the tree of the server you
want to administer. You will not be able to administer a NetWare NFS Services 3.0
on NetWare 5.1 from ConsoleOne on NetWare 6.

103-000162-001
September 4, 2001
Novell Confidential
Figure 2 Novell Native File Access for UNIX Objects
WARNING: After the Novell Native File Access for UNIX installation, two objects
are created in the tree: NISUser / NISUserDef and NISSERV_Servername. These
objects should not be deleted.
File-Based Configuration
The configuration (.CFG) files are used to configure the services. All of these
files have the following format:
PARAMETER_NAME = VALUE
Within the .CFG files, a pound sign (#) indicates a comment.

In addition to these configuration files, there are specific files for exported
volumes for the NFS Server and for the migration utility. All the configuration
files are usually located in the SYS:\ETC directory. To configure the modules,
you need to change the desired parameter value in the corresponding .CFG file
and restart the module.
NOTE: In a cluster environment, the configuration files will be located in the ETC
directory of the shared volume.

103-000162-001
September 4, 2001
Novell Confidential
Configuring Server General Parameters

The server general parameters required by Native File Access for UNIX are
located in the NFS.CFG file. These parameters are common to NFS and NIS.
When modifying this file, make sure you stop the services using nfsstop
and restart using nfsstart.
File-Based Configuration of Server General Parameters
The following table lists the configuration parameters in NFS.CFG.
Table 1 Novell Native File Access for UNIX General Parameters
Parameter Default Value Description
NDS_ACCESS 1 Lets you set the default access to eDirectory or NIS. To

set the default access to eDirectory and retrieve all
information from eDirectory, set this parameter to 1. (This
is the default value.) Set this parameter to 0 to retrieve
information from NIS server.
NIS_CLIENT_ACCESS 1 Lets you enable or disable NIS client. By default, NIS

client access is enabled. To disable NIS client access, set
this parameter to 0.
NIS_DOMAIN Sets the NIS domain for NIS client access. No default
can be provided.
NIS_SERVER Provides the NIS server servicing the domain. If a specific

server is needed for the domain, this parameter must be
set. Otherwise, the NIS server is discovered using the
broadcast.
No default can be provided.
SEARCH_ROOT Contains a list of fully distinguished names of containers

separated by commas. These containers indicate where
the search for users and groups should start.
The NDSILIB module uses this parameter. The value can

be either 25 containers or a string whose length should
not exceed 2000 bytes, whichever is less.
If you do not set any search containers, search will start

from the bindery and then in the server’s default context.

103-000162-001
September 4, 2001
Novell Confidential
ConsoleOne-Based Configuration of Server General Parameters
This section explains the following tasks:

Viewing the Server General Parameters (page 72)
Configuring the Server General Parameters (page 73)
Viewing the Server General Parameters

1 In the ConsoleOne main menu, right-click the server you want to
configure and then click Properties.
The following panel appears:
Figure 3 Server General Parameters Panel
These are the general parameters. The fields are read-only.

Host Name—The name of the NetWare server.
IP Address—The primary IP address of the NetWare server.
Subnet Mask—The subnet mask that, when added to the IP address,
provides the IP network number.
Server Name—The name of the NetWare server.
Operating System—The version of the operating system being used by
the host.

103-000162-001
September 4, 2001
Novell Confidential
Context—The context or logical position of the server within the

eDirectory tree.
Tree—The current eDirectory tree.
Time Zone—The world time zone reference for your area. The time zone
is used for time stamps and to set time synchronization. The time zone
reference is set during the NetWare installation.
Configuring the Server General Parameters

1 In the ConsoleOne main menu, right-click the server you want to
configure and then click Properties > Directory Access.
Figure 4 Server General Parameters - Directory Access Panel
This panel contains the parameters that can be configured to set the
directory access of NetWare NFS Server.
2 Modify the following Directory Access parameters as necessary:
NDS—Sets the access to eDirectory.
Search Root—Lists the Fully Distinguished Name of containers from
where the search should start for users and groups only. The names are
separated by commas. Make sure that the parameter has valid values
whenever the eDirectory structure changes.
NIS—Enables remote NIS.

103-000162-001
September 4, 2001
Novell Confidential
Enable NIS Client—Specifies whether the NIS Client is enabled or not.

NIS Server—Specifies the remote NIS server name.
NIS Domain—Specifies the domain served by that remote NIS.
3 Click OK.
4 Modify the following parameters as necessary:
SNMP Alert Level—The level of SNMP alerts reported to SNMP
management stations. Select an alert level from the drop-down list. You
can also turn off SNMP reporting from this list.
None—Suppresses SNMP reporting.
Critical—Warns you about urgent problems that require immediate
action to prevent widespread failure.
Major—Warns you about serious problems that require prompt
action to prevent failure of the object and possibly some related
objects.
Minor—Provides information about problems that can be addressed
as work schedules permit.
Informational—Provides descriptive information that can be used
for such things as trend analysis and planning.
Each level incorporates the information from the levels listed above it.
For example, if you select Minor, you also receive messages about major
and critical alerts.
Migration
If you already have an UNIX NIS Server (text-based) and you want the new
NetWare NIS Server to serve the same data served by the old NIS server, you
can copy all those text files into the specified location and then run the
migration utility to create eDirectory entries for a specified domain.
The migration utility creates the Domain object in the default context as well
as two other containers in the same context with the names domainname_U
and domainname_G. During the migration, the utility searches for existing
eDirectory users and groups under the containers specified by the
SEARCH_ROOT configuration parameter (specified in NFS.CFG) and,
based on the migration option specified, modifies the UNIX information of
those objects. If the objects are not found, the users are migrated to

103-000162-001
September 4, 2001
Novell Confidential
domainname_U and the groups are migrated to domainname_G. The rest of

the data is migrated under the Map objects created under the Domain object.
IMPORTANT: The User and Group objects will not be created under the passwd
and group Map object. They will spread across the eDirectory tree and
DomainName_U, DomainName_G depending upon the SEARCH_ROOT
configuration parameter.
Maps can be migrated using the following three options:

UPDATE—(Default) Updates all existing objects' information with the new
information. If no objects exist, it creates new ones.
REPLACE—Deletes all existing objects and creates new ones. For passwd
and group maps, the old objects are not deleted.
MERGE—Retains all existing objects' information and logs them as
conflicting records in the MAKENIS.LOG file. If no objects exist, it creates new
ones.
Before migrating the users and groups, remove the password field ("*", "x",
or "!") from the corresponding text file and then migrate. After doing this, you
can set the UNIX password. This is done by making the UNIX machine an
NIS client to the NetWare machine, logging in as that NIS user, and running
an NIS client utility named YPPASWD to set the UNIX password.
NOTE: The password for a migrated UNIX user (one who already has the
password) cannot be set from an NIS client. A password can be set only for users
who do not have a password.
For more information on UNIX user management, see “UNIX User

Management Using eDirectory” on page 63.
File-Based Migration
Migration, by default uses the makefile SYS:ETC/NIS/NISMAKE, which

contains the location of the text file for every map. The general syntax of the
migration utility is:
makenis [-r resultfilename -[r]d domainname [-n context] [-f
nismakefilename] {[mapname -[l|b]p line or byte object in
mapname]...}
NOTE: All options should be used only in the specified order.
In general, to create a domain and migrate data or to use the existing

domain object, use the following format:
makenis -d domainname
The parameter domainname is mandatory.

103-000162-001
September 4, 2001
Novell Confidential
To capture the results of the migration, use the following format:

makenis -r resultfilename -d domainname
To remove the existing domain data and then migrate, use the following
format:
makenis -rd domainname
To specify the context where you want to create your Domain object and
data, enter it as the contextname:
makenis -d domainname -x contextname
Edit the context parameter by prefixing each of the dots in the Relative
Distinguished Names with a backslash (\) to distinguish them from
eDirectory names.
To specify an NIS makefile other than the default SYS:ETC/NIS/
NISMAKE, use the following format:
makenis -d domainname -f makefilepath
To specify the text files that you want to migrate, modify the NIS
makefile. The NIS makefile is in the following format:
map name full path parameters (if any)
The comment character is the pound sign (#).

If nothing is specified, all the files in the makefile are migrated.
For each map, you can specify the SECURE parameter so that only
requests coming from secure ports are able to access the data. You can
also specify the migration options: UPDATE, REPLACE, or MERGE.
For the Password map, you can specify two additional parameters: -u uid
(which stops users with a UID less than a particular value from migrating
to eDirectory) and AUTOGEN (which generates a UID from the program
itself).
You must specify the text file in the full path in DOS name format.
To migrate specific maps, use the following format:
makenis -d domainname mapname1, mapname2
To migrate a map from a particular offset in a specified map text file, use
the following format:
makenis -d domainname mapname -lp lineoffset
Or
makenis -d domainname mapname, -bp byteoffset

103-000162-001
September 4, 2001
Novell Confidential
Line offset is used to start migration from a particular line from the map
text file. If the migration fails while migrating large maps, instead of
migrating it again from the beginning, you can specify the byteoffset to
start from the offset specified in the migration log file. For more details
on this offset, refer to the description of the configuration parameter
FILEMARK_LOG_FREQ in NIS.CFG.
ConsoleOne-Based Migration
1 In the left panel of ConsoleOne, click The Network.
2 Select the server’s tree where you want to manage the domains and maps.
3 Click the toolbar M icon.
Figure 5 Migration Panel
4 To migrate a domain, enter the NetWare Host Name/IP Address, Domain

Name, and Domain Context.
5 To set the NIS Server as master for this specified domain, check Set the
Specified Host As Master Server.
6 In the Master Server Info section, check Clear Existing Maps if you want
to clear the maps already present.

103-000162-001
September 4, 2001
Novell Confidential
7 Click the radio button for the type of the migration you want to perform:
Replace, Update, or Merge.
8 To set the NIS Server as Slave Server, enter the Master Server Name/IP
Address in the Slave Server Info section.
9 To migrate the domain for default maps, click Migrate.
The available default maps are ethers, hosts, networks, protocols, RPC,
services, passwd, group, netgroup, and bootparams. By default, these
files should be present in SYS:\ETC\NIS.
10 To migrate the domain for specific maps, click Advanced to go to the
Map Information panel.
Figure 6 Map Information Panel
10a Click either Default Maps or Other Maps.

10b Select the desired maps from the list, deselect the maps you do not
want to migrate, and click OK.
11 To modify an existing map or add a new map, click Add to go to the Add
Map panel.

103-000162-001
September 4, 2001
Novell Confidential
Figure 7 Add Map Panel
11a Enter the Map Name and the Text File name.
11b If you want to enable secure access to the map, click Secure.
11c In the Comment Character box, enter the comment character present
in the specified text file and click OK.
The default comment character is #.
12 Click Migrate.
Managing Users and Groups
You can add and modify the information of a User or Group object that
already exists in eDirectory.
Modifying User Information

1 In the left panel of the ConsoleOne main menu, click the eDirectory tree
where the object resides.
If you do not find the tree, click Novell Directory Services and then select
the tree and log in to it.
2 Double-click the container named domainname_U, where the User
objects reside.
The User objects under this particular container appear.
3 Right-click the User object whose properties you want to change and
click Properties.
The following panel appears, displaying the various tabs that should be
specified to add and modify the user information in eDirectory.
All the tabs except the UNIX Profile tabs are standard forms.

103-000162-001
September 4, 2001
Novell Confidential
Figure 8 UNIX Profile Tab of User Properties Panel
4 To modify the UNIX user profile, click UNIX Profile and specify the
information in the following fields:
User ID—The users’ UNIX UID.
Primary Group—The group ID (GID) of the group this user belongs to.
To enter the GID of the user, click Browse and select the appropriate
group.
Login Shell—The preferred login shell of the user.
Home Directory—The home directory the user wants to be placed in
while logging in to the system.
Comments—Any other comments that the user might want to specify.
Reset UNIX Password—Use to reset the user’s UNIX password.
5 Click Apply > OK.
Modifying Group Information

1 In the left panel of the ConsoleOne main menu, click the eDirectory tree
where the object resides.
If you do not find the tree, click Novell Directory Services and then select
the tree and log in to it.
2 Double-click the container domainname_G, where the Group objects
reside.
The groups under this particular container appear.

103-000162-001
September 4, 2001
Novell Confidential
3 Right-click the Group object whose properties you want to change and
click Properties.
The following panel appears, showing the various forms which should be
specified to add and modify the group information in eDirectory.
All the forms except the UNIX Profile form are standard forms.
Figure 9 UNIX Profile Tab of Group Properties Panel
4 To modify the UNIX group profile, click the UNIX Profile tab and
specify the information in the following field:
Group ID—The group’s UNIX GID.
5 Click Apply > OK.
Adding a New User or Group
To add a new user, do the following:

1 In the left panel of the ConsoleOne main menu, click the context where
you want to add the new user.
2 Select File > New, and then click User.
3 Enter the user information.

103-000162-001
September 4, 2001
Novell Confidential
To add a new group, do the following:

1 In the left panel of the ConsoleOne main menu, click the context where
you want to add the new group.
2 Select File > New, and then click Group.
3 Enter the group information.
To make this newly added user/group an NIS User and NIS Group record, add
the attribute nisUserGroupDomain to the object. This attribute holds a list of
the domains to which that record belongs.
IMPORTANT: When any update to a UNIX profile is done from ConsoleOne,
execute NFSSTOP and NFSSTART, for NFS server to get the modified UNIX
information.
Managing Migration Utility Log Files
When the migration utility, makenis is executed, the log file

MAKENIS.LOG is created by default in SYS:\ETC\NIS. This file records
messages that provide following information:
The containers added such as domainname container, domainname_U
(for users), domainname_G (for groups)
The maps added and attached to the container
Parsing statistics for each map. For example, the number of records read,
migarated, conflict and invalid records
Conflicting record details are logged
NFS Server
The NFS Server uses the following files:
NFSSERV.CFG which contains the configuration parameters
NFSEXPRT which contains the exported path information
NFSTHOST which contains the trusted hosts list for the exported path
For more information on NFS Server, see “NFS Server” on page 57.

103-000162-001
September 4, 2001
Novell Confidential
File-Based Management for NFS Server
NFS Server Configuration Parameters
The following table lists the parameters that can be set in NFSSERV.CFG:
Parameter Default Value Range Description
REQ_Q_FULL_ALERT 90 20 - 99 Minimum percentage of request

queue utilization which triggers an
SNMP alert.
REQ_CACHE_FULL_ ALERT 90 20 - 99 Minimum percentage of request

cache utilization which triggers an
SNMP alert.
OPEN_FILE_CACHE_ 90 20 - 99 Minimum percentage of open file

FULL_ALERT cache utilization which triggers an
SNMP alert.
OPEN_FILE_CACHE_ ENTRIES 512 32 - 1024 Number of open file cache entries.
CACHE_AGING_ INTERVAL 60 0 - 2000 Duration (in seconds) the NFS

server keeps a file's information in
cache memory. The value 0
disables the open file cache.
REQ_CACHE_ ENTRIES 256 64 - 512 Number of request cache entries.
CACHE_WRITE_ THROUGH NO YES / NO Indicates whether cached data

should be written to disk
immediately.
TYPE_OF_ TRANSPORT BOTH TCP, UDP, or Whether the NFS Server should
BOTH support TCP, UDP, or BOTH.
NFS_VERSION 0 0/2/3 (0 = Indicates which version of NFS

Both, 2 = only protocol should be currently
V2, and 3 = supported.
only V3)
NFS_UMASK 022 000 - 777 File mode creation mask for default
UNIX permissions.
NFS_V2_THREADS 5 1 -150 Number of NFS Server threads

servicing the NFS 2 protocol.

103-000162-001
September 4, 2001
Novell Confidential
Parameter Default Value Range Description
NFS_V3_THREADS 5 1 - 150 Number of NFS Server threads

servicing the NFS 3 protocol.
MOUNT_V2_THREADS 1 1 - 150 Number of threads servicing Mount

V2 requests.
MOUNT_V3_THREADS 1 1 - 150 Number of threads servicing Mount

V3 requests.
NFS_V2_TCP_SEND_Q_ 30 1 - 150 Size of the TCP send queue for the

ENTRIES NFS V2 protocol.
NFS_V3_TCP_SEND_Q_ 30 1 -150 Size of the TCP send queue for the

ENTRIES NFS V3 protocol.
NFS_V2_RECV_Q_ENTRIES 20 1 - 150 Size of the receive queue for the

NFS V2 protocol.
NFS_V3_RECV_Q_ENTRIES 20 1 - 150 Size of the receive queue for the

NFS V3 protocol.
LOG_DIR SYS:\ETC Directory where the NFS Server

creates the log file.
LOG_FILE NFSSERV The name of the NFS server log file.

A .LOG extension is automatically
added to the file.
LOG_LEVEL 7 1 = Error The log level indicates the types of

Messages, messages to be logged. You can
2 = Warning either choose one of these or a
Messages, combination of these. To get the
4 = Information combination, add two or more log
Messages levels. For example, to get Error and
Information Messages, set the Log
level to, 5= (1+4). By default, you
will get all the messages.

103-000162-001
September 4, 2001
Novell Confidential
Exporting NetWare Volumes and Directories
The Export Path information file, NFSEXPRT, contains the list of the paths
that are exported from the system. It also gives the specified properties for the
exported path.
This file contains one exported path per line. The format of each line is as
follows:
ExportedPath isReadonly anonymousAccess mode webccess
Exported Path—The directory path to be exported. For example /nfsvol.
isReadOnly—Specifies whether to export the path in read-only mode or
not. Values = 1 (read-only), 0.
anonymousAccess—Specifies whether anonymous access to the
exported path is allowed or not. Values = 1, 0.
mode—Specifies the rights and permission mapping modes for the
directory. Novell Native File Access for UNIX supports independent
mode (value 512).
Web—Specifies if Web access is allowed for this exported path. At any
point in time, only one path can be enabled for Web access.
Example of an exported path:
/nfsvol 0 1 512 0
NFS Trusted Host File
The NFSTHOST file contains the list of all the trusted hosts that can access
the exported directory. This is specified in conjunction with the NFSEXPRT
file.
The format of every line is as follows:
Exported Path Host Name Access-Type Host/Hostgroup
Exported Path—Gives the directory path to be exported. For example,

/nfsvol.
Host Name—Gives access to the client host named by the user. To give
access to all hosts, select (*).

103-000162-001
September 4, 2001
Novell Confidential
Access Type (1, 2, 3)—Specifies the type of access to be granted to a

specific host. The values it can take are as follows:
Trusted 1
RootAccess 2
ReadWriteAccess 3
Host/Hostgroup (1, 0)—This field shows whether the Host Name
specified is a Host or a Hostgroup. This field should always be set to 1
(Host).
Example of an exported directory:
/nfsvol nfs-sun2 3 1
/nfsvol * 3 1
/nfsvol * 2 1
/nfsvol * 1 1
Removing an Exported Path
To remove an exported path, delete the corresponding directory entries from

the files NFSTHOST and NFSEXPRT.
Getting the UNIX information from Remote NIS
For file system sharing by NFS server, the UNIX user and group information
is obtained from eDirectory by default. This can be modified so that UNIX
information is obtained from a remote NIS server. To set this, do the
following:
1 Run NFSSTOP.
2 In the NFS.CFG file, set the parameters as follows:
NDS_ACCESS=0
NIS_CLIENT_ACCESS=1
NIS_DOMAIN= nis domainname
NIS_SERVER= servername which is servicing the specified domain
3 Run NFSSTART.
4 Load NFSSERV.

103-000162-001
September 4, 2001
Novell Confidential
Starting and Stopping NFS Server
To start NFS Server enter at the system console, enter:

load nfsserv
To stop NFS Server enter at the system console, enter:
unload nfsserv
ConsoleOne-Based Management for NFS Server
This section describes how to manage the NFS Server from ConsoleOne.
NFS Server General Configuration Parameters

1 After logging in, click the server you want to administer from the list of
servers under NFSAdmin in the ConsoleOne left panel.
The NFS Server toolbar icon and the NFS Server on the menu bar are
displayed.
2 To administer NFS Server, click NFS Server on the menu bar and then
click Options.
The following panel, which shows the NFS Server basic parameters and
their default values, appears.
Figure 10 General Parameters in NFS Server Options Panel

103-000162-001
September 4, 2001
Novell Confidential

Request Q Alert Level—After what percentage of request queue
utilization an SNMP alert is sent. Default = 90. Range = 20 - 99.
Request Cache Alert Level—After what percentage of request cache
Open File Cache Alert Level—After what percentage of open file cache
Number of Open File Cache—Number of files the NFS server can have
open simultaneously. Default = 512. Range = 32 - 1024.
Open File Aging Interval—How many seconds the NFS server keeps a
file's information in cache memory. When a file is held in cache, NetWare
users cannot access it. Larger values produce better performance, but they
also make NetWare users wait longer to access files that are being
manipulated by NFS. Default = 60. Range = 0 - 2000. Open File Caching
is disabled at 0.
Number of Request Cache Entries—Number of requests that can be
held in cache memory. Default = 256. Range = 64 - 512.
Enable Cache Write Through—Whether cached data should be written
to disk immediately or not. By default, the data is not written
immediately.
Transport Mode—Which transport mode NFS Server should support.
The modes could be UDP, TCP, or Both. Default = Both.
NFS Protocol Version—Version of the NFS protocol to be loaded. The
values are 0/2/3.
NFS File Creation Mask—File mode creation mask in Independent
Mode for default UNIX permissions of files and directories created from
the NetWare side.
4 To specify the advanced parameters, click Advanced on the NFS Server
Options panel.
The following panel, which shows the NFS Server advanced parameters
and their default values, appears.

103-000162-001
September 4, 2001
Novell Confidential
Figure 11 Advanced Parameters in the NFS Server Options Panel

NFS V2 Threads—Number of NFS Server threads servicing the NFS 2
protocol. Default = 5. Range = 1 - 150.
NFS V3 Threads—Number of NFS Server threads servicing the NFS 3
Mount V2 Threads—Number of NFS Server threads servicing the
Mount V2 Requests. Default = 1. Range = 1 - 150.
Mount V3 Threads—Number of NFS Server threads servicing the
Mount V3 Requests. Default = 1. Range = 1 - 150.
NFS V2 TCP Send Q Entries—Size of the TCP send queue for the NFS
2 protocol. Default = 30. Range - 1 - 150.
NFS V3 TCP Send Q Entries—Size of the TCP send queue for the NFS
3 protocol. Default = 30. Range = 1 - 150.
NFS V2 Q Entries—Size of the receive queue for the NFS 2 protocol.
Default = 20. Range = 1 - 150.
NFS V3 Receive Q Entries—Size of the receive queue for the NFS 3

103-000162-001
September 4, 2001
Novell Confidential
Log File Path—Directory that NFS Server creates the log file in. Default
directory is SYS:\ETC.
Log File Name—Name of the NFS Server Log File. Default name is
NFSSERV. A .LOG extension is automatically added.
NFS Server Log Level—Indicates the types of messages to be logged.
6 Click OK.
Exporting NetWare Volumes and Directories
Exporting a directory enables NFS client users to view NetWare volumes and
directories as part of the client file system.
You can export a NetWare path and manage it.
1 Make sure you have added the NFS name space, and then select Export
New Path from the NFS Server drop-down list.
The Export New Path panel appears.
Figure 12 NFS Server Export New Path Panel
2 To export a new directory, click the Browse icon in the upper-right corner
of the panel.
The Export Path panel appears.

103-000162-001
September 4, 2001
Novell Confidential
Figure 13 Browse Panel for exporting NetWare Volumes and Directories
3 Double-click the server name to see the volumes with NFS name space.
4 Select the volume or directory you want to export and click OK.
5 On the Export New Path panel, modify the following fields as necessary:
Export Path—Path of the directory to be exported.
Access Control Mode—The access control mode that applies to this
directory: independent mode.
Read-Only—Indicates whether user access is limited to read-only.
Selecting No (the default) provides all users with read/write access.
Selecting Yes limits users to read-only access. If Yes is specified, even
users on hosts identified as trusted are limited to read-only access. The
same also applies to root users. To override this option, enter the name of
that host in the Hosts with Read-Write Access field.
Anonymous Access—Indicates whether the users Nobody and Nogroup
can access the exported path. Selecting Yes (the default) provides these
users with access. Selecting No denies access.
Web Access—Enables WebNFS access for the selected directory when
checked. At any point in time only one of the exported paths can be
enabled for Web Access.
6 Click Add Trustee. Enter the hostname that you want to give exported
directory/volume access to.
An asterisk (*) will give access to all the hosts.
You can also specify the type of access you want to give to the host.

103-000162-001
September 4, 2001
Novell Confidential
7 Click the Trustee name on the Export New Path panel to set their access
rights.
Hosts with Root Access—The host whose users with root privileges
have Admin rights to the exported directory. Select this field to display a
list of these hosts. If a host with access is not specified as having root
access, root users on that host have the rights of the NFS user Nobody.
Hosts with Read-Write Access—The hosts with access whose users
have read/write access to the exported path. Select this field to display a
list of these hosts.
8 To remove a host from the Trustee list, select the trustee and click
Remove Trustee.
Modifying the Exported Path

1 In the left panel of the ConsoleOne main menu, click the server that you
want to administer.
The Export icon appears in the right panel.
2 Double-click Exports to see the currently exported path.
3 Right-click the exported path you want to modify and then click
Properties.
You can now see the properties of the exported path and modify them.
4 Make the changes as required and then click OK.
Removing an Exported Path

want to administer.
2 Double-click Exports to see the currently exported path.
3 Right-click the exported path you want to delete and then click Remove.

103-000162-001
September 4, 2001
Novell Confidential
Getting the UNIX information from Remote NIS
For file system sharing by NFS server, the UNIX user and group information
is obtained from eDirectory by default. This can be modified so that UNIX
information is obtained from a remote NIS server. To set this, do the
following:
1 Run NFSSTOP.
2 Set the parameters in the NFS.CFG file as follows by following Steps 1
to 5 in “Configuring the Server General Parameters” on page 73.
NDS_ACCESS=0
NIS_CLIENT_ACCESS=1
NIS_DOMAIN= nis domainname
NIS_SERVER= servername which is servicing the specified domain
3 Run NFSSTART.
4 Load NFSSERV.
Starting and Stopping NFS Server from ConsoleOne

1 Click NFSAdmin and log in to the server that you want to administer.
2 Click the S icon on the toolbar to start/stop the NFS Server. The
background color of the S icon indicates the status of the NFS Server
Software.
Refreshing the Exported Paths View
If the NFSEXPRT file is modified outside ConsoleOne, then to view the

current contents of the file, do the following:
want to administer.
2 Right-click Exports and then click Refresh to view the currently exported
paths.

103-000162-001
September 4, 2001
Novell Confidential
Managing NFS Server Log Files
When NFS Server service is running it logs messages into a log file named
NFSSERV.LOG created by default in SYS:\ETC. This file records messages
that provide following information:
When and where the serivices are started and stopped
Clients where the exported volumes are mounted.
NIS Server
There is an NIS Server object in eDirectory called NISSERV_Servername.
This object is created during installation. Migration utility adds the domain
details to this object when a domain is migrated. NIS Server will service the
list of domains present in this object.
For information about NIS, see “Network Information Service” on page 59.
File-Based Management for NIS Server
NIS Server Configuration Parameters
The configuration parameters required for NIS Services is available in the file
NIS.CFG. The following table lists the parameters in NIS.CFG.
Table 2 NIS Parameters
NIS_SERVER_CONTEXT The eDirectory context where the NIS server

object is created. It holds all the domain
FDNs, and the NIS server reads the domains
from here.
NIS_SERVER_NAME The name by which the NIS server will be

referenced. By default the NISINST utility will
create an object named
NISSERV_ServerName.
INTERDOMAIN_RESOLUTION 0 Specifies whether interdomain resolution is

allowed or not. If allowed, DNS is contacted
for hostname resolution even if NIS is not
running. This is used for host maps only.

103-000162-001
September 4, 2001
Novell Confidential
FILEMARK_LOG_FREQ 100 Puts the file in the log after parsing the
specified number of records. This is used by
the migration utility when the administrator
wants to migrate maps which have large
records.
After transferring a number of records

successfully, an index is maintained. If a
transfer breaks, it can start from the index
kept previously.
LOG_FILE_PATH SYS:ETC\NIS The path in the NetWare server where you

want to write the log file for migration.
MAX_LOG_MSG 5000 Upper limit of number of log messages that

can be logged. The information is specific to
each log file. By default the last 5000
messages are displayed.
If the number of log messages is set to n, the

last n messages are retained.
NIS_LOG_LEVEL 7 The log level indicates the types of messages

to be logged. You can either choose one of
these or a combination of these. To get the
combination, add two or more log levels. For
example, to get Error and Information
Messages, set the Log level to, 5= (1+4). By
default, you will get all the messages.
MAP_REFRESH_DEFAULT 24:00:00 Specifies the default time interval for

refreshing the maps by synchronizing the
maps in the slave server with the master.
NIS_ADMIN_OBJECT_ The context where the NIS Admin object will

CONTEXT be created.

103-000162-001
September 4, 2001
Novell Confidential
Setting Up a NetWare Server as a NIS Master

1 Copy the NIS related text files required for the domain from the
UNIX machine (which are available in /ETC in UNIX) into
SYS:\ETC\NIS.
2 (Conditional) If you want to set up other NIS server as slave to this NIS
server, do the following:
2a Create a text file called YPSERV in SYS:\ETC\NIS. For every slave
server enter the hostname of the slave server in this file in the
following format:
slaveserverhostname1 slaveserverhostname1
NOTE: The first field should not be IP Address.
2b Enter the YPSERVERS map entry in SYS:\ETC\NIS\NISMAKE

with its path in the following format:
YPSERVERS SYS:\ETC\NIS\YPSERV
3 Migrate the domain. For migration information, see “File-Based
Migration” on page 75.
4 Load NISSERV.NLM. Now the NetWare NIS Server is setup as Master
NIS Server.
5 (Conditional) If the map data in NIS master is modified anytime, and the
changes done needs to be updated in the slave servers immediately then
execute the following command:
yppush -d domainname [-v] mapname
NOTE: The changes done on the NIS master are automatically updated on the
slave servers periodically.
Setting Up a NetWare Server as NIS Slave Server

1 While setting up the UNIX machine as the master, add the NetWare
server name to the slave server list.
2 In the NetWare server, make sure that the parameter
NIS_CLIENT_ACCESS=1 in the file SYS:\ETC\NFS.CFG.
3 Set the domain to the one that is being served by the UNIX NIS server,
using the following command:
ypset domainname hostname

103-000162-001
September 4, 2001
Novell Confidential
4 Make sure NISSERV.NLM is loaded.

5 Run MKSLAVE, to setup the NetWare machine as slave, with the
following parameters:
mkslave -d domainname -m master [-x contextname]
Setting Up a NetWare Server as NIS Client

1 Run NFSSTOP.
2 In the NetWare server, make sure that the parameter
NIS_CLIENT_ACCESS=1 in the file SYS:\ETC\NFS.CFG.
3 Run NFSSTART.
4 Set the default domain by entering
ypset domainname hostname/IP_address
ConsoleOne- Based Management for NIS Server
Nis Server Configuration Parameters
To Configure The Parameters Required For Nis Services, Right-click The

Nisserv_servername > Click Properties. A Panel Similar To The Following
Appears:
Figure 14 Nis Server-general Parameters Panel

103-000162-001
September 4, 2001
Novell Confidential
Map Refresh Frequency— The Frequency At Which All The Records Of

The Map Should Be Refreshed. Range = 1 To 2400 Hours (100 Days).
Log File Path—The Path In The Netware Server Where You Want To Write
The Nis Log Files.
Maximum Log Messages—The Maximum Number Of Log Messages That
Can Be Logged. The Information Is Specific To Each Log File. By Default
The Last 5000 Messages Are Displayed. If The Number Of Log Messages Is
Set To N, The Last N Messages Are Retained.
Log File Error Level—The Level Of Error Messages Written To The
Audit.log File. Select An Error Level From The Drop-down List.
Enable Interdomain Resolution—Check This Box To Allow Interdomain
Resolution. Dns Is Then Contacted For Hostname Resolution For Nis Client
Calls On Host Maps Only.
Viewing Domains Served By NIS Server

To View The Domains Served By The Nis Server Right-click
Nisserv_servername > Click Properties > Memberships Tab. A Panel Similar
To The Following Appears.
Figure 15 Nis Server: Membership Panel
You Can Add Or Delete Domains From This Panel. For More Details, See The
Online Help.

103-000162-001
September 4, 2001
Novell Confidential
Setting Up a NetWare Server As a NIS Master

1 Copy the NIS related text files required for the domain from the
UNIX machine (which are available in /ETC in UNIX) into
SYS:\ETC\NIS.
2 (Conditional) If you want to set up other NIS server as slave to this NIS
server, do the following:
2a Create a text file called YPSERV in SYS:\ETC\NIS. For every slave
server enter the hostname of the slave server in this file in the
following format:
NOTE: The first field should not be IP Address.
2b Enter the YPSERVERS map entry in SYS:\ETC\NIS\NISMAKE

with its path in the following format:
YPSERVERS SYS:\ETC\NIS\YPSERV
3 Migrate the domain. For migration information, see “ConsoleOne-Based
Migration” on page 77.
4 Start NISSERV.
5 (Conditional)You can use the YPPUSH utility to update the Slave NIS
Server.
The YPPUSH utility copies a new version of the named NIS map from
the master NIS server to the slave NIS servers. The YPPUSH utility is
normally run only on the master NIS server after the master databases are
changed and the changes need to be updated in the NIS slave servers
immediately. The YPPUSH utility first constructs a list of NIS slave
server hosts by reading the NIS map Ypservers within the same domain.
Then a transfer map request is sent to the NIS server on each host.

103-000162-001
September 4, 2001
Novell Confidential
Right-click NISSERV_Servername > click Update Slave Server . A panel

similar to the following appears:
Figure 16 YPPUSH Dialog Box
Enter the required details such as HostName or IP Address of the Master

Server, Domain Name, and Map Name. For more details, see the online
help.
NOTE: The changes done on the NIS master are automatically updated on the
slave servers periodically.
Setting up a NetWare Server As a NIS Slave Server

1 While setting up the UNIX machine as the master, add the NetWare
server name to the slave server list.
2 In the left panel of ConsoleOne, click The Network.
3 Select the server tree where you want to manage the domains and maps.
4 Click the M icon on the toolbar to display the Migration panel.
5 To migrate a domain, enter the NetWare Host Name/IP Address, slave
Domain Name, and context where the domain object is to be created.
6 To set the NIS Server as slave for this specified domain, uncheck Set the
Specified Host As Master Server.
7 Enter the Master Server’s Name /IP Address in the Slave server
information.
8 To migrate the domain, click Migrate.

103-000162-001
September 4, 2001
Novell Confidential
Configuring eDirectory Objects to be Served by NIS Server
NIS Server recognises eDirectory users/groups as NIS users/group only if

they have a UNIX profile attached to them. To configure existing eDirectory
user/group objects to be served by NIS Server, complete the following steps.
1 Choose the eDirectory User/Group object > right-click Properties >
UNIX Profile. Enter the required fields in this page and move to the Other
tab.
2 In the Other tab, choose Add > nisUserGroupDomain attribute.
3 Browse and select the NIS Domain Object to which you want to
attach these Users and Groups.
This is a multi-valued attribute and you can attach as many NIS Domains
to this as you want. These Users and Groups now belong to these NIS
Domains and will be listed under all these domains.
4 Verify if the eDirectory Context under which these User and Groups exist
is listed in the NIS Domain object. Right-click Domain Object >
Properties > Memberships tab.
You can also create new NIS maps and NIS map records under NIS
domain object as you create normal eDirectory objects.
NOTE: No objects will be there under the passwd and group map objects in the
domain.

103-000162-001
September 4, 2001
Novell Confidential
Managing NIS Data on eDirectory
After migration the NIS maps and records will be available as objects under
the migrated NIS domain object.
Figure 17 Maps under the Migrated Domain
When a client call is made to this domain, the NIS Server will list the data
present under the corresponding domain object. However, for user/group
details, it will look for users and groups belonging to the domain under the
contexts specified by an attribute of the domain object.
To view the list of contexts where the users and groups will be located, right-
click Domain object > click Properties > Membership Tab. A panel similar to
the following appears.

103-000162-001
September 4, 2001
Novell Confidential
Figure 18 Domain Properties Panel
In case the NetWare NIS Server is a slave for a domain and the master NIS
server for that domain is changed to some other server; to get the updates from
the new master, you need to change the NIS master server name for the
domain object present in the NetWare NIS slave server.
Right-click Domain object > click Change Master. A panel similar to the
following appears:
Figure 19 Change Master Dialog Box
Enter the IP address of the new NIS master server. The NIS slave server will
now contact the new master server for updates on all the maps under this
domain.

103-000162-001
September 4, 2001
Novell Confidential
You can view the properties for each map. Right-click Map object > click
Properties. A panel similar to the following appears:
Figure 20 General Map Properties Panel
Map Master—The name of the master server serving this map.

Map Last Modified—The last time the map was modified by adding or
removing records.
Is Map Secure—Sets the secure flag of the map when checked.
Description—Any general comments that you want to record.
Click each map to perform operations on it and to see the records present
under the map.
To add an object to a map, right-click the map in the left panel, click New,
select the object and then specify the details of the object in the dialog box.
While the panels for records on the same map are the same, they differ from
map to map.

103-000162-001
September 4, 2001
Novell Confidential
Administering Maps
The following figures show the main map panels and are followed by
procedures for using each panel’s basic fields. Using these panels, you can
view or modify the map record’s properties. The standard fields remain the
same.
Figure 21 Ethers Map Records Properties Panel
This panel shows the Ethernet address of the host.

The standard address form is x:x:x:x:x:x, where x is a hexadecimal number.
Click the icon to enter the Ethernet address of the host, and then click Apply
> OK.

103-000162-001
September 4, 2001
Novell Confidential
Figure 22 Boot Map Records Properties Panel
1 To add the device’s boot parameter, click Add, enter the boot parameter
of the device in the Boot Parameter field, and then click Apply > OK.
2 To delete the device’s boot parameter, select the boot parameter of the
device in the Boot Parameter field, and then click Delete > Apply > OK.

103-000162-001
September 4, 2001
Novell Confidential
Figure 23 Host Map Records Properties Panel
1 To add the host address, click Add, enter the IP address of the host, and
then click Apply > OK.
The network addresses are written in the conventional decimal dot
notation.
2 To delete the host address, select the host’s IP address from the IP
Address field, and then click Delete > Apply > OK.

103-000162-001
September 4, 2001
Novell Confidential
Figure 24 Netgroup Map Records Properties Panel
To add a netgroup address, enter the name of the Map Record, browse the icon
for the Map Name, enter the description of the map, and then click Apply >
OK.
Figure 25 Network Map Records Properties Panel

103-000162-001
September 4, 2001
Novell Confidential
1 To enter the IP network number, click Browse, enter the network number,
and click OK.
2 To enter the IP netmask number, click Browse, enter the netmask number,
click OK, enter the description of the record, and then click Apply > OK.
Figure 26 Protocols Map Records Properties Panel
1 Enter the protocol number and a brief description of the record.

2 Click Apply > OK.

103-000162-001
September 4, 2001
Novell Confidential
Figure 27 RPC Map Records Properties Panel
1 In the ONC RPC Number field, enter the RPC number of the program.
2 Enter a brief description of the record.
3 Click Apply > OK.
Figure 28 Services Map Records Properties Panel

103-000162-001
September 4, 2001
Novell Confidential
1 In the IP Service Port field, enter the port number that this service is
available on.
2 In the IP Service Protocol field, enter the protocol used to access the
specified service.
4 Click Apply > OK.
Figure 29 General Map Records Properties
1 In the Map Record field, specify the map record using the following
format:
key record
2 Enter the map name that the record belongs to.
4 Click Apply > OK.
Starting and Stopping NIS Server from ConsoleOne
Right-click NISSERV_Servername object > click Start/Stop Services.

NOTE: You can also start and stop the NIS Services by using the NIS Server
menu. Make sure you refresh ConsoleOne after you change the status of NIS using
the menu.

103-000162-001
September 4, 2001
Novell Confidential
Setting Up Novell Native File Access for UNIX with

Novell Cluster Services
To get the full benefit of using Novell Native File Access for UNIX with
Novell Cluster ServicesTM, the software must be installed and configured to
work in a cluster environment.
This section describes the following:
Prerequisites (page 112)
Configuring the Properties of Cluster Volume Resource (page 113)
Component-Specific Configuration (page 116)
Starting and Stopping Native File Access for UNIX with Cluster Services
(page 117)
Prerequisites
Before installing Native File Access for UNIX with cluster support, create a
shared volume and a Cluster Volume object.
1 Create a shared volume using NWCONFIG > NSS volumes.
NOTE: Do not use the name nfsclust because it is a reserved word.
2 To create a Cluster Volume object from ConsoleOne, complete the

following:
2a Select the Cluster object.
2b Click File > New > Cluster > Cluster Volume.
2c Browse and select the shared volume.
2d Enter the secondary IP address or the virtual IP address associated
with the cluster.
The address will be in the following format:
AAA.BBB.CCC.DDD
2e Check the Define Additional Properties check box and click Create.
2f Set the Start, Failover, and Failback Modes.
2g Verify the order of the servers in the nodes list.
2h To save the changes to the Cluster Volume object, click OK.

103-000162-001
September 4, 2001
Novell Confidential
IMPORTANT: After the shared volume servername_shared vol name is cluster-

enabled, ConsoleOne renames it to cluster object name_shared vol name.
ConsoleOne creates a virtual server associated with the shared volume called
cluster object name_shared vol name_SERVER.
ConsoleOne also creates a Cluster Volume object called shared vol

name_SERVER in the Cluster object container.
3 Install Native File Access For UNIX on all the nodes in the cluster.
4 If the NFS Services are running, run NFSSTOP. Remove NFSSTART
from AUTOEXEC.NCF.
5 Delete all the NISSERV_servername objects in eDirectory.
6 Run nisinst -s shared vol name_SERVER from one of the nodes in the
cluster. Modify the IPAddress attribute of this newly created
NISSERVER object to the virtual IP Address.
7 In the shared volume which is cluster-enabled for the Native File Access
for UNIX, make a directory named ETC.
8 From the node, where Step 6 was executed, copy the following files from
SYS:\ETC to the ETC directory on the shared volume.
nfs.cfg
nis.cfg
nisserv.cfg
nfsexprt in case of upgrade from NetWare 4.1 or 5.1
nfsthost in case of upgrade from NetWare 4.1 or 5.1
nfsstart.ncf from SYS:\SYSTEM
nfsstop.ncf from SYS:\SYSTEM
Configuring the Properties of Cluster Volume Resource
Load and Unload Script
To customize your specific NetWare NFS Services configuration, edit the IP

addresses and volume-specific commands in the load and unload scripts of the
cluster volume object to which you are going to associate NFS Services.
Select and right-click the Cluster Volume object and then click Properties to
find the Cluster Resource Load Script and Cluster Resource Unload Script.
Following are the formats for these scripts.

103-000162-001
September 4, 2001
Novell Confidential
Load Script
To the load script, add the following at the end of the existing script:
nfsclust AAA.BBB.CCC.DDD shared vol name shared vol
name_SERVER
shared vol name:\ETC\NFSSTART
Unload Script
To the unload script, add the following at the beginning of the existing script:
shared vol name:\ETC\NFSSTOP
unload nfsclust
unload nfsadmin
unload pkernel
Setting the Start, Failover, and Failback Modes
The following table explains the different resource modes.
Mode Setting Description
Start AUTO, MANUAL AUTO allows Native File

Access for UNIX to
automatically start on a
server when the cluster is
first brought up.
MANUAL lets you

manually start Native File
Access for UNIX on a
server whenever you
want.
Default = AUTO

103-000162-001
September 4, 2001
Novell Confidential
Mode Setting Description
Failover AUTO, MANUAL AUTO allows Native File

Access for UNIX to
automatically start on the
next server in the
Assigned Nodes list in
the event of a hardware
or software failure.
MANUAL lets you

intervene after a failure
occurs and before Native
File Access for UNIX is
moved to another node.
Default = AUTO
Failback AUTO, MANUAL, AUTO allows Native File

DISABLE Access for to UNIX
automatically move back
to its preferred node
when the preferred node
is brought back online.
MANUAL prevents
Native File Access for
UNIX from moving back
when that node is
brought back online until
you are ready to allow it
to happen.
DISABLE causes Native

File Access for UNIX to
continue running in an
online state on the node it
has failed to.
Default = DISABLE
To view or change the Start, Failover, and Failback modes, do the following:
1 In ConsoleOne, double-click the cluster object container.
2 Right-click the cluster resource object shared vol name_SERVER and
select Properties.

103-000162-001
September 4, 2001
Novell Confidential
3 Click the Policies tab on the property page.

4 View or change the Start, Failover, or Failback mode.
Component-Specific Configuration
The procedure to configure the components of Native File Access for UNIX
is much the same as when you configure the components without cluster
services. However, some points must be kept in mind while configuring the
following components:
NFS Server (page 116)
Network Information Service (page 116)
For the location of the configuration files for Native File Access for UNIX
with and without Cluster Services, see “Location of Configuration Files” on
page 117.
NFS Server
While configuring the NFS Server, note the following:

Export only the shared volumes from NFS Server. For exporting other
shared volumes, make sure you mount those volumes in the load script by
adding the following before the nfsclust entry:
mount volumename volid = 253 or lesser than this number
After this, deactivate and dismount them in the unload script:
dismount volumename
When mounting from an NFS client, use the virtual IP address of the
cluster volume object.
For more information on configuring the NFS Server, see “ConsoleOne-
Based Management for NFS Server” on page 87.
Network Information Service
While configuring the NIS clients, note the following:

Bind the NIS clients to NIS server running on the cluster using a virtual
IP address.

103-000162-001
September 4, 2001
Novell Confidential
Location of Configuration Files

Most of the configuration files are now located in the shared volume’s ETC
directory. The following table lists the location with and without the cluster
services.
Table 3 Location of Configuration Files
Filename Without Cluster Services With Cluster Services
NFS.CFG SYS:\ETC shared_vol_name:\ETC
NIS.CFG SYS:\ETC shared_vol_name:\ETC
NFSSERV.CFG SYS:\ETC shared_vol_name:\ETC
NFSEXPRT SYS:\ETC shared_vol_name:\ETC
NFSTHOST SYS:\ETC shared_vol_name:\ETC
Log file for NFSSERV (default is SYS:\ETC shared_vol_name:\ETC

NFSSERV.LOG)
NISMAKE SYS:\ETC\NIS SYS:\ETC\NIS
NFSSTART.NCF SYS:\SYSTEM shared_vol_name:\ETC
NFSSTOP.NCF SYS:\SYSTEM shared_vol_name:\ETC
Starting and Stopping Native File Access for UNIX with Cluster
Services
1 To start NFS Services, from Cluster ConsoleOne, click Cluster Object >
View > Cluster State > Cluster Vol Object Online.
2 To stop NFS Services, from ConsoleOne, click Cluster Object > View >
Cluster State > Cluster Vol Object Offline.
For additional information on setting up and configuring Novell Cluster
Services, see the Novell Cluster Services documentation. (http://
www.novell.com/documentation/lg/ncs/index.html)

103-000162-001
September 4, 2001
Novell Confidential

103-000162-001
September 4, 2001
Novell Confidential
Server Communications Administration Guide
Novell
NetWare 6 ®
www.novell.com
8.5
S E R V E R C O M M U N I C AT I O N S
August 30, 2001

Novell Confidential
Contents
Server Operating System Communications 9

1 Understanding Network Communications 11

Identifying Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Finding Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Moving Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Coordination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
IP Subnetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
IPX Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
SLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
SLP Agents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Directory Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Service Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Service Deregistration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Service Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Service Type Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Attribute Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Novell's Enhancements to SLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Scope Container Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
How SLP Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
SLP NDS Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
SLP Scope Container Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
SLP Service Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Directory Agent Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
NCP Server Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
SAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
OSPF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
NLSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
RIP, RIP II . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
NDS Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Contents 5

103-000145-001
August 30, 2001
Novell Confidential
2 Planning 29
Protocol Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Planning Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Compatibility Mode (CM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
IPX Compatibility Feature Dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
The Virtual IPX Network Created for the IPX Compatibility Feature . . . . . . . . . . . . . . 32
Migration Agent (MA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Migration Agent Dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Dynamic Discovery of Migration Agents by IP Systems . . . . . . . . . . . . . . . . . . . . 35
Protocol Stack Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
IP Install Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
IPX Install Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
IP and IPX Install Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Servers Installed with MA, IPX and IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3 Setting Up 41
Migrating IPX to IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Migrating to Obtain Internet Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Migrating to Cut IPX Administrative Costs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Migrating a Section of the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Migrating Leaf Networks First . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Migrating the Backbone First . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Avoiding Inefficient Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
SAP/RIP Filters and the Migration Agent Backbone Support Feature . . . . . . . . . . . . . . 51
Placing of SLP Directory Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Turning Off Microsoft IPX Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Migrating To Have an IP Only Network Eventually . . . . . . . . . . . . . . . . . . . . . . . . 52
Migrating from IPX to IP without Using the IPX Compatibility Feature . . . . . . . . . . . . . . 52
Configuring the Compatibility Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Enabling the Migration Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Changing the CMD Network Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Setting the Preferred IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Configuring the Preferred Migration Agent . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Setting the SCMD.NLM to Provide IP Backbone Support . . . . . . . . . . . . . . . . . . . 55
Configuring for SLP Independent Backbone Support . . . . . . . . . . . . . . . . . . . . . 55
Enable Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Viewing the Migration Agent List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Updating the Router Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Viewing the CMD Server Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Supporting the Network Address Translator . . . . . . . . . . . . . . . . . . . . . . . . . . 57
6 Server Communications Administration Guide

103-000145-001
August 30, 2001
Novell Confidential
4 Optimizing 63
Using Large Internet Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Using Packet Burst . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Increasing Maximum and Minimum Packet Receive Buffers . . . . . . . . . . . . . . . . . . . 65
Increasing the Maximum Number of Packet Receive Buffers . . . . . . . . . . . . . . . . . 65
Increasing the Minimum Number of Packet Receive Buffers. . . . . . . . . . . . . . . . . . 66
5 Managing 67
Overview of Loading and Binding LAN Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Loading and Binding LAN Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Unbinding and Unloading LAN Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Using Logical Boards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Unloading Logical Boards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Shutting Down and Resetting Logical Boards . . . . . . . . . . . . . . . . . . . . . . . . . 72
Removing Network Boards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Resetting Network Boards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Preventing Cabling Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Contents 7

103-000145-001
August 30, 2001
Novell Confidential

103-000145-001
August 30, 2001
Novell Confidential
Server Operating System Communications
NetWare® has traditionally used IPXTM and its protocols for network
communication. NetWare 4 supported IP networks through NetWare/IPTM.
The release of NetWare 6 allows a choice of running networks with just IPX,
with both IP and IPX, or with pure IP.
The Internet Protocol comprises a set of publicly available protocols that
provides the means by which computers communicate on the Internet.
IPX comprises a set of protocols that facilitate communication between
computers on NetWare networks.
In order to make IP run on NetWare, the public protocols of IP had to be
incorporated into, and replace, the proprietary protocols in NetWare. Since
NDS® is the heart of NetWare, it was used to bring all the Internet Protocols
together in NetWare 6. This makes it possible to configure and maintain the
protocols using NetWare Administrator.
Compatibility Mode (CM) (page 31) maintains backward compatibility with
IPX NetWare systems. You can install a server or client using one of three
methods: IP (with compatibility mode), IPX, or both IP and IPX. CM provides
translation between IP and IPX by recognizing IPX packets and then
determining how to forward them. A Migration Agent (MA) (page 32) on the
server uses CM to bridge IP and IPX networks while maintaining protocol
purity on each of the respective networks.
No other networking software vendor has combined Internet protocols with a
proven networking platform to provide a pure IP networking solution.
Novell® has accomplished this because of the flexibility and scalability
inherent in NDS. By extending the NDS schema and adding objects, Novell
has built a network operating system out of publicly available Intenet
Protocols and made it work with IPX for backward compatibility. The Server
Server Operating System Communications 9

103-000145-001
August 30, 2001
Novell Confidential
Operating System Communications documentation outlines and contrasts the

protocols used in Novell's IP and IPX implementations of NetWare 6.

103-000145-001
August 30, 2001
Novell Confidential
1 Understanding Network
Communications
Network communications involve many complex operations, but these

operations can be grouped into four major categories:
Identifying Devices (page 12)
For computers to communicate on networks, each must have an address.
Just as postal services are unable to deliver a package without an address,
computers are unable to communicate without an address. Since
computers use numbers for addresses, but humans have an easier time
distinguishing names, computers use protocols to match the number
address to a name.
Finding Services (page 13)
Once a computer has an address and/or name, it can start communicating
with other computers. Its first communication is to let other computers
know what services it has to offer. Then it must find out what services are
being offered by other computers on the network. This is accomplished
by using one of several service advertising and location protocols.
Moving Packets (page 13)
Having discovered other computers' addresses and the services they offer,
a computer can start moving packets between itself and other hosts. To
communicate efficiently, though, computers must know the fastest way to
move data from point A to point B. Computers determine the best route
from computer to computer with routing protocols.
Coordination (page 14)
Finally, network communication depends upon maintaining data
integrity. NetWare® servers must coordinate time and NDS® replicas to
ensure data integrity on the network. Time servers coordinate their time
Understanding Network Communications 11

103-000145-001
August 30, 2001
Novell Confidential
with other servers and relay the correct network time to NetWare clients.
NDS replication is similar to time synchronization in that servers must
keep and share accurate information to maintain fault tolerance and
distributed access to the database.
Identifying Devices
Devices on networks must be uniquely identified so that other devices can find
and use their services. Since IPX Addressing (page 16) was designed to be
simple and require little maintenance, it doesn't rely on protocols to enhance
its functionality.
IP Addressing (page 14) and IP Subnetting (page 15) are both more complex,
however, and require maintenance type protocols to make administration
manageable. ARP (page 16) and DHCP (page 17) are two commonly used IP
addressing protocols.
Two kinds of addresses identify hosts on the network: hardware or media
access control (MAC) addresses, and software addresses. IPXTM uses the
MAC address of the Ethernet or token ring network board to identify the host
on the network. Since the MAC and node addresses are the same, there is no
further translation required to identify the host. IP addresses are not the same
as the MAC address of the network board, so IP addresses must be translated
into MAC addresses. Address Resolution Protocol (ARP) translates IP
addresses to MAC addresses on IP networks.
Dynamic Host Control Protocol (DHCP) is an Internet protocol that provides
dynamic distribution of IP addresses to workstations. DHCP helps network
administrators with the task of assigning IP addresses to workstations and
lessens the problems associated with a shortage of IP addresses. There is no
equivalent to DHCP in IPX networks because of the abundance of IPX
addresses and their ability to use the MAC address as the software address.

103-000145-001
August 30, 2001
Novell Confidential
Finding Services
Once a computer is uniquely identified on the network, it can let other
computers know what services it offers, or it can request services from another
computer. There are three service protocols that maintain lists of computers
and the services they offer:
Protocol Name Protocol Type
Service Location Protocol (SLP) IP
Service Advertising Protocol (SAP) IPX
Domain Name Service (DNS) IP
SLP (page 17), an Internet protocol, and SAP (page 24), an IPX protocol, are
both used to locate and advertise network services.
DNS (page 24) is an Internet standard service that provides IP address-to-host
name resolution. Its primary purpose is to match the name of a computer, such
as host1.novell.com, with its IP address. DNS can also map certain Internet
server services, such as E-mail and Web, to specific hosts.
Host files can also be used on private networks to accomplish IP address-to-
host name resolution.
Moving Packets
Computers use and provide services by exchanging packets. Packet exchange
can be accomplished only if the computers know how to move information
amongst themselves. Computers learn the path, or route, to other computers
by using routing protocols such as the following:
OSPF (page 25)
NLSP (page 25)
RIP, RIP II (page 25)
There are two kinds of routing protocols, distinguished by their mode of best
route discovery:
Distance Vector
Link State

103-000145-001
August 30, 2001
Novell Confidential
Distance vector routing protocols determine the best route from one computer
to another based on the distance, or number of hops, and the time, or ticks, that
separate hosts. Link state routing protocols use a cost metric to determine the
best path between hosts.
Link state routing protocols are generally more accurate and efficient than
distance vector routing protocols and are better suited for traversing WAN
links. The table below shows the protocol and routing types associated with
the routing protocols:
Routing Protocol Protocol Type Routing Type
OSPF IP Link State
NLSP IPX Link State
RIP IP and IPX Distance Vector
RIP II IP Distance Vector
Open Shortest Path First (OSPF) is a link state IP routing protocol. Its IPX
equivalent is NetWare Link Service ProtocolTM (NLSPTM). Routing
Information Protocol (RIP) is a distance vector routing protocol used for both
IP and IPX routing, but with some variation between protocols. RIP II is a
newer IP routing protocol based on RIP that adds support for a subnet mask.
Coordination
See “Time Synchronization” on page 26 and “NDS Replication” on page 27.
IP Addressing
The IP address for a node is a logical address, independent of any particular
hardware, network topology, or media type. The IP address is a 4-byte (32-bit)
numeric value that identifies both a network and a local host or node
(computer or other device) on that network. The 4-byte IP address is usually
represented in dotted decimal notation. Each byte is represented by a decimal
number, and periods separate the bytes, for example, 129.47.6.17.
A conflict arises with Ethernet networks, because IP uses a 32-bit address and
Ethernet uses a 48-bit Ethernet address. To associate the IP address to a
physical address on an Ethernet network, a mapping must occur between the

103-000145-001
August 30, 2001
Novell Confidential
two types. The Address Resolution Protocol (ARP) maps the IP address to the
physical address. ARP mapping is limited to networks that support hardware
broadcast.
IP Subnetting
One IP network can be divided into smaller networks, called subnets. The
following are reasons to divide your network:
Use multiple media—It can be impossible, inconvenient, or too
expensive to connect all nodes to a single network medium when these
nodes are too far apart or already connected to different media.
Reduce congestion—Traffic between nodes on a single network uses
network bandwidth. As a result, more bandwidth is required when you
have more nodes. Splitting a network reduces the number of nodes on a
data-link network. Fewer nodes generate less traffic and, as a
consequence, less congestion.
Reduce processor use—Because each node on a network must react to
every broadcast, reducing the number of nodes reduces processor use and
congestion.
Isolate a network—By splitting a large network into small networks, you
limit the impact of one network's problems on another. Such problems can
include network hardware failures, such as an open Ethernet tap, or
software failures, such as a broadcast storm.
Improve security—On a broadcast network medium such as Ethernet,
each node on a network has access to all packets sent on that network. By
enabling sensitive network traffic on only one network, other network
monitors can be prevented from accessing this sensitive traffic.
Make efficient use of IP address space—If you are using a Class A or B
network number and have multiple small physical networks, you can
divide the IP address space into multiple IP subnets and assign them to
individual physical networks. Another option is to obtain several Class C
network numbers, although this is less desirable.

103-000145-001
August 30, 2001
Novell Confidential
IPX Addressing
IPX defines its own internetwork and intranode (or intranetwork) addressing.
For intranode addressing, IPX uses the physical address assigned to the
network board. The IPX network address uniquely identifies an IPX server on
an IPX network and individual processes within the server. A complete IPX
network address is a 12-byte hexadecimal number comprising the following
components:
A 4-byte network number (server)
A 6-byte node number (server)
A 2-byte socket number (server process)
The following is an example of a complete IPX network address:
FEDCBA98 1A2B3C5D7E9F 0453
Each number in an IPX address is contained in a field in the IPX header and
represents a source or destination network, node, or socket. The network
number is used only for network-layer operations, namely routing. The node
number is used for local, or same-segment, packet transmission. The socket
number directs a packet to a process operating within a node.
ARP
Unlike IPX, IP addresses are not the same as the hardware address of the
network board, so there must be a way to discover the physical, or media
access control (MAC) address. The Address Resolution Protocol (ARP)
performs this task. When an IP address is mapped to a MAC address, ARP is
used on broadcast networks such as Ethernet, token ring, and ARCnet. When
a node uses IP to send a packet, it must determine which physical address on
the network corresponds to the destination IP address. To find the physical
address, the node broadcasts an ARP packet containing the destination IP
address. The node with the specified destination IP address sends its physical
address back to the requesting node.To speed packet transmissions and reduce
the number of broadcast requests that must be examined by every node on the
network, each node keeps an address resolution cache, or ARP table. Each
time the node broadcasts an ARP request and receives a response, it creates an
entry in its address resolution cache. The entry maps the IP address to the
physical address. When the node sends an IP packet, it looks up the IP address
in its cache and uses the physical address, if found. The node broadcasts an
ARP request only if the IP address is not in its cache.

103-000145-001
August 30, 2001
Novell Confidential
DHCP
The Dynamic Host Configuration Protocol (DHCP) uses a client-server
structure to provide configuration parameters to hosts. DHCP consists of a
protocol for providing host-specific configuration parameters from a DHCP
server (or collection of DHCP servers) to a host and a mechanism to allocate
network addresses to a host.
When the DHCP server is loaded, it reads its configuration information from
NDS and stores the information in its cache. As the DHCP server assigns
addresses to clients, it updates NDS, adding IP address objects or modifying
their NDS status information. The DHCP server can be configured to maintain
an audit log of this activity.
The administrator can use the DNS/DHCP Administration utility to view
objects to see how addresses have been assigned.
SLP
The Service Location Protocol provides the same function in IP networks as
SAP provides in IPX networks. It registers information in a database and
allows clients to query the database to find services. There are, however, two
principal differences between SAP and SLP:
SLP does not maintain a global database of services. It registers services
only in the local area. It discovers services in the local area via multicast
requests, which are forwarded using NDS replication from network to
network within a site.
SLP assumes that the client is able to locate either services themselves, or
a database server representing those services, using these pan-network
multicasts.
Through Novell's integration of SLP with NDS, local SLP information is
compiled to provide a global representation of all available services on the
network. This provides dynamic discovery of services locally and scalability
in large networks.
The topics listed below explain the components of SLP:
“How SLP Works” on page 20
“SLP Agents” on page 18
“SLP NDS Objects” on page 22

103-000145-001
August 30, 2001
Novell Confidential
SLP Agents
The three types of agents that NetWare 5 SLP uses are
User agents, which acquire service handles for user applications
Service agents, which advertise service handles
Directory agents, which collect service handles in internetworked
enterprises
Applications running on a computer are represented by a User agent that
understands the service and resource needs of the application. Each network
service is represented by a Service agent, which makes it available to user
agents. SLP dynamically maintains service attributes, so that a User agent can
obtain current information.
Of the agents, the Directory Agents (page 18) have the largest role in NDS
SLP.
Directory Agents
The point of interface between SLP and NDS is the SLP Directory agent. The
Directory agent is a common data storage of network service information
collected through SLP. The Directory agent uses NDS as its database for
network service information that is distributed globally. NDS adds significant
value to SLP by leveraging existing NDS standards for configuring NDS tree
structures, for a central point of administration, and for the ability of NDS to
replicate service information.NDS replication services allow Directory agent-
to-Directory agent communication. This is unique in SLP implementations
and it facilitates global distribution of SLP database information. NDS replica
services give the Directory agent the ability to access global services from a
local replica. The Directory agent is responsible for processing the following
SLP protocol messages:
Service Registration
Service Deregistration
Service Request
Service Type Request
Attribute Request
These SLP protocol messages either enter, delete, or query information in the
Directory agent's service database.

103-000145-001
August 30, 2001
Novell Confidential
Service Registration
A Service agent forwards all known services to the Directory agent using a
service register request. The register contains the URL, attributes, language
indicator, and a time to live (lifetime). The service registration occurs when
attributes are being updated or modified and once every lifetime period.
Service Deregistration
A Service agent sends a service deregister request to the Directory agent when
the service is no longer available.
Service Request
A User agent sends a service request to the Directory agent when it is looking
for services. The Directory agent returns only those services with a valid
lifetime. The User agent might filter services by providing a predicate list. The
Directory agent must filter services when the predicate list is supplied.
Service Type Request

A user agent sends a service type request to the Directory agent when it is
looking for all service types or all service types within a specific name
authority.
Attribute Request
A User agent sends an attribute request to the Directory agent either for a
specific URL or for a group of URLs specified by the service type.
Novell's Enhancements to SLP

As mentioned previously, once the SLP service information has been stored in
the NDS tree, the normal replication and distribution processing of NDS will
guarantee its global accessibility. Only those Directory agents granted access
rights to the Scope container object will have access to the SLP service
information in that scope.To reduce bandwidth requirements on large
networks, the NetWare SLP Directory agent doesn't use IP multicast. In a
small network, IP multicast is a viable technology that can be coupled with the
SLP user and Service agents to provide acceptable discovery service. As the
network expands, the IP multicast can cause some bandwidth reduction, as

103-000145-001
August 30, 2001
Novell Confidential
routers must forward the multicast packets to all registered nodes. To solve
this problem, NetWare SLP Directory agents collect the information from
local segments and then establish IP unicast relationships. Although the SLP
RFC defines the Directory agent and its relationship to the user and Service
agents, the specification doesn't address the relationship among multiple
Directory agents. A Directory Agent-to-Directory Agent protocol is
mentioned in the specification, but the work has been left to a future version
of the RFC. NDS, however, provides a solution. The NDS replicated database
can provide authenticated and synchronized information across networks
while preserving network bandwidth.
Scope Container Object

SLP employs the Scope container object which defines a logical grouping of
services. The Scope object allows network administrators to logically group
services according to geographical, geo-political, service type, or any other
administrative criteria in order to control distribution or visibility on the
network. The primary goal of the SLP Scope is to enhance the scalability of
gathering and distributing network service information.
How SLP Works

The following figure illustrates how SLP registers a service provider on a local
segment. Each agent must register its own services. Whether the User agent is
on the server or on a workstation, it can register as a client after it
communicates with the Directory agent to see what services are available.
Once the service is registered with the Directory agent or Service agent, you
can register or deregister the service.

103-000145-001
August 30, 2001
Novell Confidential
Figure 1 Service Location Protocol
User Agent
(Server) Directory Agent Service Agent
User Agent
(Workstation)
Once the application has registered with the SLP User agent, it can look up a
service or get a list of services and read the attributes of a service, using either
blocking calls or synchronous calls. In the IP environment, this information is
pulled out of the Directory agent and put into NDS so that users and
administrators can know what services are available in a local area, provided
the proper security rights are granted.
A Novell client can use the User agent to go into an SLP Directory agent or
Service agent, or into NDS to reach out to other LAN or WAN segments, as
shown in Figure 2 on page 22.
This method does not rely on service information obtained from routers.
Instead, NDS is used for global communication of information. Through this
method, service updates on local segments are just as reliable and dynamic as
on IPX SAP-based networks.

103-000145-001
August 30, 2001
Novell Confidential
Figure 2 Integrated Network Services Discovery
WAN & LAN Segments
Other Naming X.500 DNS

Services
LDAP
NDS
(NetWare, NT, Unix)
Local Segments
SrvLoc SrvLoc
DHCP Directory Service
Server Agent Agents
DHCP IntranetWare SrvLoc User

Client Client Agent
SLP NDS Objects

Following are the NDS objects represented by SLP:
Scope container object
SLP Service object
SLP Directory Agent object
The SLP Scope container object represents an SLP scope and is the container
in which SLP Service objects are stored.
SLP Service objects represent a network service discovered through the
Service Location Protocol. They contain all of the SLP information about the
network service, including its network address and attributes.
The SLP Directory Agent object represents an SLP Directory agent.

103-000145-001
August 30, 2001
Novell Confidential
SLP Scope Container Object

The SLP Scope container object is the storage container for SLP service
information. Each object contains all the SLP Service objects for the specific
scope. The NDS administrator can replicate the container into other partitions
within the tree or within federated trees. The object is a stand-alone entity
within the NDS tree and there is no relationship between its distinguished
name, the tree name, and the scope name. When a Service agent forwards a
service record to a Directory agent within a specific scope, the scope name is
mapped to the Scope object by using the name attribute within the container
object. The SLP Scope object must contain rights to read, write, and browse
the container because the access rights of the Directory Agent object access
are equivalent to the access rights of the Scope object.Because the Scope
object uses distinguished name syntax, the Scope object can be moved to a
different location in the tree and NDS will automatically change all values to
reflect the new location.
SLP Service Object

The SLP Service object is a leaf object that represents a service registration.
SLP Service objects are subordinate to the SLP Scope object and contain all
information supplied by a service registration. SLP Service objects are stored
in the appropriate SLP Scope object according to their scope.
Directory Agent Object

The SLP Directory Agent object is a leaf object that represents a single
instance of a Directory agent. Multiple Directory agents cannot share a single
object. This object defines the Directory agent's configuration, scope, and
security. The Directory agent uses this object to log in to the server and operate
under the access control requirements assigned to the NCP Server object.
NCP Server Object

The NetWare installation program creates an NCP_SERVER object for every
server within the tree. The Directory agent adds an attribute to the
NCP_SERVER class definition called SLP Directory Agent DN. The SLP
Directory Agent DN contains the distinguished name of the Directory Agent
object. It is used as a pointer from the NCP Server object to the Directory
Agent object.

103-000145-001
August 30, 2001
Novell Confidential
SAP
The Service Advertising Protocol provides the same function in IPX networks
as SLP in IP networks. It registers information in a database and allows clients
to query the database to find services.NetWare servers using IPX use SAP to
advertise their services and network addresses. Routers gather this
information and share it with other routers. Workstations on the network
access the information provided by routers to determine which services are
available on the network and to obtain the IPX address of the services.
Workstations use this information to initiate a session with a service.SAP
makes the process of adding and removing services on an internetwork
dynamic. As servers start up, they use SAP to advertise their services; as they
are brought down, they use SAP to indicate that their services are no longer
available.As a router becomes aware of any change in the internetwork server
layout, this information is broadcast immediately to all neighboring routers.
SAP broadcast packets containing all server information known to the router
are sent periodically—the default is every 60 seconds. These broadcasts keep
all routers on the internetwork synchronized and provide a means of updating
routing information when a router or server has become inaccessible since the
last broadcast. A server might be inaccessible because a router went down, or
because a router dropped a packet containing a notification that the route to
the server is unreachable. Servers that are inaccessible do not appear in the
SAP broadcast.
DNS
The Domain Name System (DNS) is a distributed database system that
provides hostname-to-IP resource mapping (usually the IP address) and other
information for computers on an internetwork. Any computer on the Internet
can use a DNS server to locate any other computer on the Internet.
DNS is made up of two distinct components:
The DNS hierarchy specifies the structure, naming conventions, and
delegation of authority in the DNS service.
The DNS name service provides the actual name-to-address mapping
mechanism.

103-000145-001
August 30, 2001
Novell Confidential
OSPF
Open Shortest Path First (OSPF) is an IP link state routing protocol. Link state
routers exchange information about the state of their network connections or
links. Using this information, each router can construct the topology of the
internetwork, and from that derive a routing table consisting of the most
efficient paths between devices.
OSPF offers the following advantages over IP RIP:
Faster convergence of router information tables
First hand routing information
Generates less traffic
No count-to-infinity problem
NLSP
NLSP is an IPX link state routing protocol that was developed to respond to
limitations that arise when implementing IPX RIP and SAP in larger
internetworks, particularly over WAN links. Link state routers exchange
information about the state of their network connections or links. Using this
information, each router can construct the topology of the internetwork and
derive routing information.
NLSP offers the following advantages over IPX RIP
Faster convergence of router information tables
First hand routing information
Generates less traffic
RIP, RIP II
RIP is a distance vector routing protocol used for both IP and IPX routing, but
with slightly different implementations. IP RIP and IPX RIP use similar
processes for discovering, maintaining, and prioritizing routes. They both
send route requests for obtaining routing information and send periodic route
updates to make sure the routing information tables are synchronized. The
major differences between IP RIP and IPX RIP are the protocols they are
associated with, the way they prioritize routes, and the routing table update
interval.

103-000145-001
August 30, 2001
Novell Confidential
RIP II is an IP routing protocol that includes the following enhancements over

RIP:
Provides a password for authentication
Allows specification of a subnet mask
Allows multicast addressing
Time Synchronization
Synchronizing time across the network provides a service that maintains
consistent time stamps for enterprise environments with several servers in
different time zones.
Time synchronization provides network time for the following:
File systems
Messaging services
Network applications
NDS Time Servers use TIMESYNC to provide synchronized time for network
services.
If there are fewer than 30 servers on the network, use the default settings of a
single reference time server and a secondary time server.
For more than 30 servers, plan a custom environment using a reference time
server, primary time server, and secondary time servers. You can also specify
which communication method the time servers will use: SAP or a configured
list.
TIMESYNC allows NetWare servers to synchronize their time with an
authoritative external time source, such as an atomic clock, through an
asynchronous connection such as a modem. NTP (Network Time Protocol) is
an Internet Protocol that can be used with TIMESYNC to query authoritative
time servers over the Internet rather than with a dialup connection.

103-000145-001
August 30, 2001
Novell Confidential
NDS Replication
NDS replica synchronization ensures that changes to NDS objects are
synchronized among all replicas of the partition. This means that any server
that holds a replica of a partition must communicate with the other servers to
synchronize a change.
In NetWare 6, NDS replica synchronization is more efficient and produces
less network traffic than previous versions, because instead of automatically
synchronizing replicas, servers are queried to find out if they are synchronized
or not. If a server is out of synchronization, the update is sent. But if the server
is synchronized, there is no need to send the update.

103-000145-001
August 30, 2001
Novell Confidential

103-000145-001
August 30, 2001
Novell Confidential
2 Planning
As an open standard, pure IP offers flexibility and interoperability, now

available to users of NetWare®. Although many customers may use both IP
and IPXTM on their networks, a pure IP network is easier to administer and
more easily integrated with other systems, such as UNIX* and Windows NT*.
New IP migration tools and services in NetWare 6TM make migrating to a pure
IP network managable, even for the largest networks. Whether you choose to
migrate from IPX to IP will largely depend on the goals of your
organization.One of the biggest advantages of migrating a network from IPX
to IP is reduced administrative costs. Migrating from IPX to IP will be most
beneficial for customers already supporting both protocols, and for those
expending a significant portion of their Information Services (IS) budget
managing IPX.
Migrating the network from IPX to IP is not necessary to take advantage of
the increased connectivity of NetWare 6. If you are satisfied with your existing
network infrastructure, but would like to make NetWare services available to
IP clients, you can upgrade servers and clients to NetWare 6 and load both
protocol stacks.
If you are installing or upgrading a server, see NetWare 6 Installation
Guide.
To decide what protocol to use, see “Protocol Selection” on page 30.
Planning 29

103-000145-001
August 30, 2001
Novell Confidential
Protocol Selection
Previous versions of NetWare used Internetwork Packet Exchange (IPX), a
proprietary protocol developed by Novell®, for network communications.
NetWare 6 uses TCP/IP (Transmission Control Protocol/Internet Protocol),
IPX, or a combination of both IP and IPX.
With increasing access to worldwide data exchange through the Internet, IP
has become so popular that many companies'networks now require it. But IPX
and IP are two separate protocols. If you run both, you must maintain both.
Administering routers, bridges, switches and other hardware components
required for multiprotocol network communications can prove prohibitive.
Potentially, migrating from IPX to IP could prove costly, and there are some
important considerations. Attempting to move a large number of servers and
clients to NetWare 6 simultaneously won't generally be practical. It may be
neccessary to introduce IP components over time, depending on the size and
complexity of your network. You might choose to upgrade only servers as a
preliminary phase, and later upgrade clients. To understand your migration
options, see “Planning Migration” on page 30.
Although Novell now recommends the use of pure IP on your network, small,
private networks might be more efficient using an IPX-only implementation.
As you'll see in the discussion regarding addressing, IPX requires no special
address resolution protocols—it can assign addresses dynamically, and
addresses are abundant. IP is better suited for large IP-based networks
attached to the Internet, to WAN links, or where IP is the exclusively required
protocol. If you don't require IP for any of these reasons, and you can use a
pure IPX network, you might find IPX implementation easier to administer.
Planning Migration
However you choose to migrate from IPX to IP, the cost and difficulty usually
associated with a major change such as this is offset by NetWare 6 migration
tools designed to facilitate migration without loss of connectivity or IPX
application support. The migration tools include the following:
Compatibility Mode (CM) (page 31)
Migration Agent (MA) (page 32)
These components can be loaded on the same server. The CMD runs on all
NetWare 6 servers by default. Only one MA is required for each IPX network
connected to the IP backbone.

103-000145-001
August 30, 2001
Novell Confidential
Because most existing NetWare servers have some dependency on IPX

applications and services, NetWare 6 installs with IP running Compatibility
Mode as the default. When you install NetWare 6, you can choose to load with
IPX only, or IP with Compatibility Mode. Although the Compatibility Mode
driver is loaded on the server by default, it remains dormant until the server
receives a request for IPX services. This allows backward compatibility with
IPX while using minimal system resources.
Use of the other components of Compatibility Mode will be determined by
your networking requirenment and existing infrastructure. Each component's
role in a multiprotocol network is described to help you determine if you need
to use it.
Compatibility Mode (CM)

The Compatibility Mode driver (CMD) has two parts, one for the server and
one for the client. At the server, the CMD is viewed as a network adapter. You
can bind both protocols to the CMD and it acts like a router when IPX packets
need to be sent within the server. Otherwise, the CMD patiently waits in the
background, doing nothing and using no resources.
At the workstation, the CMD is invisible because it is an integral part of the
new client. It provides the IP communications link required by an IP client.
Because NetWare 6 is pure IP, there is no need for IPX at the client.
The IPX Compatibility driver's job is to provide IPX connectivity over the IP
network, allowing applications using the IPX stack for communications to
function in an IP network. The IPX Compatibility driver also allows IP
systems to communicate with IPX systems by using the services of Migration
Agents.The IPX Compatibility driver treats the IP network as a virtual IPX
network segment (CMD network segment), by encapsulating IPX datagrams
inside UDP datagrams, and by resolving RIP and SAP requests through the
use of the Service Location Protocol (SLP).
IPX Compatibility Feature Dependencies

If you want to run IPX applications in your IP network, or you need to connect
IP systems with IPX systems, you must ensure that the Service Location
Protocol is enabled across the networks, because the IPX Compatibility
drivers are dependent on the capabilities of SLP. Customers who want to
interconnect IPX and IP systems must introduce at least one Migration Agent
on the network.
Planning 31

103-000145-001
August 30, 2001
Novell Confidential
The Virtual IPX Network Created for the IPX Compatibility Feature
The default IPX network number (CMD network number) assigned to the
virtual IPX network created by the IPX Compatibility drivers is
0xFFFFFFFD. If you want to set up Migration Agents to interconnect IP
systems with IPX systems, you must ensure that the CMD network number
does not conflict with the internal IPX network number of a server or with the
IPX network number of a network segment. You must also ensure that IPX
routers are not filtering this address.If you find a system or a segment that
conflicts with the CMD network number, you have the option of overriding
the default CMD network number by modifying the configuration of IP-only
clients and servers. You might find it easier to change the network number of
the conflicting system or segment, rather than trying to override the default
CMD network number.
Migration Agent (MA)

The Migration Agent is a tool that enables communication between IPX and
IP systems. It also enables you to create an IP backbone that interconnects IPX
segments. Use this tool when you want to migrate systems from IPX to IP in
a phased manner without losing connectivity.
The MA takes the IPX requests, which are in an IP packet, and tunnels the IP
packet in an IPX wrapper to be sent out on the IPX wire. The opposite occurs
when an IPX packet is sent across the IP backbone.
In previous versions of NetWare, IP access was provided on NetWare
networks with NetWare/IPTM. NetWare/IP took every packet (all were IPX
packets) and tunneled each in an IP wrapper. This kind of IP tunneling is no
longer needed, because tunneling has been reversed in NetWare 6—instead of
tunneling IP packets in IPX with NetWare/IP, IPX packets are now tunneled
in IP packets with the Migration Agent. Now, only the few IPX requests
require tunneling, providing better throughput and efficiency.
The MA serves as a router between the IPX network and the virtual IPX
network segment created by the IPX Compatibility drivers as illustrated in
Figure 3 on page 33.

103-000145-001
August 30, 2001
Novell Confidential
Figure 3 Migration Agent Interconnecting IP and IPX Nodes
IPX IPX IPX

server client printer
IPX network
NetWare 5
Migration Agent
Server
CMD network
IP IP
client server
More than one MA is needed to enable resiliency and load-sharing, or when

you want to interconnect IPX segments with an IP backbone. Figure 4 on page
34 shows two Migration Agents interconnecting two IPX segments.
Planning 33

103-000145-001
August 30, 2001
Novell Confidential
Figure 4 Migration Agents Interconnecting IPX Segments
IPX IPX
server client
IPX segment
NetWare 5
Migration Agent
Server
IP
backbone
NetWare 5
Migration Agent
Server
IPX segment
IPX IPX
client server
The MA is supported only at the NetWare server. The MA is enabled by

loading the IPX Compatibility driver (scmd.nlm) with the Migration Agent
option. The Migration Agents are then used by the IP systems on the
network.If more than one MA is needed, all Migration Agents must be able to
access the same IPX networks or be able to exchange IPX network
information. Migration Agents exchange IPX network information by
invoking the IP Backbone Support feature, which is accomplished by loading
the scmd.nlm with the backbone support options.

103-000145-001
August 30, 2001
Novell Confidential
Migration Agent Dependencies

To set up an MA, the Service Location Protocol must be enabled across the
networks, because Migration Agents are dependent on the capabilities of SLP.
Dynamic Discovery of Migration Agents by IP Systems

The IPX Compatibility drivers are capable of dynamically discovering
Migration Agents, but you can also choose to statically configure the address
of the MA if more control is desired.The IPX Compatibility driver will
discover an MA if it is in the same IP network, and will give preference to an
MA within the local IP subnet. The address of the MA must be specified in IP
systems that reside in different IP networks.The address of the MAcan be
configured either by manipulating the local configuration files or by
disseminating the information through DHCP.
Protocol Stack Options

The server and client connectivity capabilities are limited by the options
selected when systems are installed. Systems can be installed with the
following protocol options:
IP Only
IPX Only
IP and IPX
The protocol install option determines the binding between protocol stacks
and network adapters. It does not determine which protocol stacks are loaded
in the system. For example, if the IP option is selected, only the TCP/IP stack
is attached to the network adapter.
IP Install Option
Servers installed with IP alone have both the TCP/IP and the IPX stacks
loaded, but only the TCP/IP stack is bound to the network adapter. (Systems
installed with IP and IPX are configured to establish NCP connections over
either the TCP/IP stack or over the IPX stack.) Figure 5 on page 36 shows the
relationship between the protocol stacks when installing a system with IP only.
Planning 35

103-000145-001
August 30, 2001
Novell Confidential
Figure 5 IP Only Architecture Diagram
Application APIs
SPX / IPX NCP TCP / IP
IPX Compatibility Driver
Network adapters
The IPX stack is loaded on systems installed with IP to give those systems the
ability to execute IPX applications and to connect with IPX systems through
a Migration Agent.
NetWare 6 servers installed with IP only have the following capabilities:
They can establish NCPTM connections with clients installed with one of
the install options that include IP.
They can establish NCP connections through a Migration Agent with pre-
NetWare 6 clients (these clients support only NCP connections over IPX)
or with NetWare 6 clients installed with IPX.
They can execute IPX applications and communicate directly with other
NetWare 6 systems installed with IP.
They can execute IPX applications and communicate through a Migration
Agent with IPX nodes.
NetWare 6 clients installed with IP have the following capabilities:
They can establish NCP connections with servers installed with one of the
install options that include IP.
They can establish NCP connections through a Migration Agent with pre-
NetWare 6 servers (these servers support only NCP connections over
IPX) or with NetWare 6 servers installed with IPX only.

103-000145-001
August 30, 2001
Novell Confidential
NetWare 6 systems installed with IP.
Agent with IPX nodes.
IPX Install Option

These systems have the IPX stack loaded and may also have the TCP/IP stack
loaded. Systems installed with IPX only are configured to establish only NCP
connections over the IPX stack. Figure 6 shows the relationship between the
protocol stacks when a system is installed with IPX alone.
Figure 6 IPX Only Architecture Diagram
Application APIs

(optional)
Network adapters
NetWare 6 servers installed with IPX have the following capabilities:

They can establish NCP connections with pre-NetWare 6 clients or with
NetWare 6 clients installed with one of the install options that include
IPX.
They can establish NCP connections through a Migration Agent with
NetWare 6 clients installed with IP.
IPX nodes.
Agent with NetWare 6 systems installed with IP.
Planning 37

103-000145-001
August 30, 2001
Novell Confidential
NetWare 6 clients installed with IPX have the following capabilities:

They can establish NCP connections with pre-NetWare 6 servers or with
NetWare 6 servers installed with one of the install options that include
IPX.
NetWare 6 servers installed with IP.
IPX nodes.
IP and IPX Install Option

These systems have the TCP/IP and IPX stacks loaded. Systems installed with
both IP and IPX are configured to establish NCP connections either over the
TCP/IP stack or over the IPX stack. Figure 7 shows the relationship between
the protocol stacks when installing a system with IP and IPX.
Figure 7 IP and IPX Architecture Diagram
Application APIs
Network adapters
NetWare servers installed with IP and IPX have the following capabilities:
They can establish NCP connections with pre-NetWare 6 clients or with
NetWare 6 clients without regard for the option used to install it.
IPX nodes.
Agent with NetWare 6 systems installed with IP alone.

103-000145-001
August 30, 2001
Novell Confidential
NetWare clients installed with IP and IPX have the following capabilities:
They can establish NCP connections with pre-NetWare 6 servers or with
NetWare 6 servers installed with one of the install options that include
IPX.
They can establish NCP connections with NetWare 6 servers installed
with IP if the clients are able to obtain IP addresses for those servers.
NetWare 6 servers installed with IP if the clients are only able to obtain
IPX addresses for those servers.
IPX nodes.
Having a NetWare client installed with IP and IPX does not guarantee that the
client will be able to establish an NCP connection with a server installed with
IP without the use of a Migration Agent. The type of address obtained by the
client when trying to connect to a server determines the protocol stack utilized
to establish the connection. Applications that obtain address information from
the bindery will not be able to connect with servers installed with IP if there is
no Migration Agent installed, and if the client is installed with IP and IPX.
Notice that this problem does not exist if the client and the server are installed
with IP alone.
Servers Installed with MA, IPX and IP

The Migration Agent can be enabled only in a NetWare 6 server installed with
both IP and IPX. Figure 8 on page 40 shows the relationship between the
protocol stacks when installing a system with the MA enabled.
Planning 39

103-000145-001
August 30, 2001
Novell Confidential
Figure 8 Migration Agent Architecture Diagram
Application APIs
IPX Router
IPX Compatibility Driver

in Migration Agent Mode
Network adapters
Notice that the MA makes use of the IPX router present in the IPX stack to
route packets between the CMD network and the IPX networks.
NetWare 6 servers installed with the MA enabled are capable of
communicating directly with other systems without regard for the install
option used to install them. They are also capable of routing network traffic
between IP and IPX systems.

103-000145-001
August 30, 2001
Novell Confidential
3 Setting Up
If you want to migrate from your existing IPX-based network to a NetWare®

6 pure IP-based network, you should first read the Planning section. It
discusses Compatibility Mode Drivers (CMD) and Migration Agents (MA),
the building blocks needed to successfully migrate an IPXTM network to
NetWare 6 and pure IP.
Also discussed in the Planning section are the NetWare 6 server and client
installation options. You can install using IP only, IPX only, or IP and IPX.
The following section describes network scenarios that use the building
blocks discussed in Planning. Existing networks will likely be a subset or
superset of the examples presented. Regardless, once you understand how the
building blocks work together, you should be able to architect your own
migration strategy based on your unique network topology.
To install or upgrade a NetWare Server, see NetWare 6 Installation Guide.
To upgrade an existing server using IP only, see “Migrating IPX to IP” on page
41.
Migrating IPX to IP
There are many reasons to migrate from IPX to IP, but three of the most
important are discussed in the following sections. These sections describe
migration strategies that are effective in meeting the following goals.
“Migrating to Obtain Internet Connectivity” on page 42
“Migrating to Cut IPX Administrative Costs” on page 42
“Migrating To Have an IP Only Network Eventually” on page 52
Setting Up 41

103-000145-001
August 30, 2001
Novell Confidential
Migrating to Obtain Internet Connectivity

To add Internet connectivity to NetWare systems, simply upgrade to
NetWare 6 using the IP and IPX option. This upgrade path requires
administration of both IP and IPX networking protocols.Those who choose
this migration path do not have to worry about setting up Migration Agents to
maintain connectivity as they upgrade their systems.
Migrating to Cut IPX Administrative Costs

To migrate networks from IPX to IP and maximize the return on your
investment, you will want to take advantage of the functionality provided by
the IPX Compatibility drivers and the Migration Agents. The IPX
Compatibility feature is critical in this scenario because it allows migration
without losing connectivity and without having to upgrade existing
applications.Administrators wanting to migrate networks using the IPX
Compatibility feature must understand that the IPX Compatibility drivers are
dependent upon the functions of SLP, and that there are costs associated with
setting up an SLP infrastructure. Additionally, setting up an SLP infrastructure
is an investment in the future because SLP is an emerging Internet standard
that will be leveraged by future applications and devices.When using the IPX
Compatibility feature to migrate, start the migration with the leaves of the
network and finish with the backbone of the network, or vice-versa. Complex
network environments are characterized by a backbone formed by a variety of
systems interconnected with a combination of WAN and LAN links. The
following topics describe three ways to migrate:
“Migrating a Section of the Network” on page 42
“Migrating Leaf Networks First” on page 44
“Migrating the Backbone First” on page 46
Migrating a Section of the Network

The steps below describe how to migrate a section of the network. To
complete this procedure successfully, the network section being migrated
must not be used to interconnect other sections of the network using IPX. The
following steps allow upgrading or installing clients and servers in a phased
manner without losing connectivity.

103-000145-001
August 30, 2001
Novell Confidential
1 Select and upgrade/install some servers to serve as Migration Agents in

the network section to be migrated.
2 Upgrade/Install all servers in the network section using the IP and IPX
option.
3 Upgrade/Install all clients in the network section using the IP only option.
4 Modify the configuration of the servers in the network section to be IP
only.
5 Turn off IPX networking between the selected section of the network and
the rest of the network.
The following figure shows how the steps above are applied in a sample
network.
Figure 9 Migrating a Section of the Network
WAN
link Server A Server B
Router
Client A Client B Client C
1 Upgrade Server A to NetWare 6 as a Migration Agent.

2 Upgrade Server B to NetWare 6 using the IP and IPX install option.
3 Upgrade Server B to NetWare 6 using the IP and IPX install option.
4 Unbind IPX from the network adapters in server B and load scmd.nlm.
Unbind IPX from the network adapters in server A and reload scmd.nlm
without the Migration Agent option.
5 Turn off IPX routing at the router.
Setting Up 43

103-000145-001
August 30, 2001
Novell Confidential
Migrating Leaf Networks First

Migrating leaf networks first reduces the impact of the migration on the IPX
routing infrastructure of the network, and it allows the administrator to focus
efforts on specific sites. However, since the backbone is the last portion of the
network migrated, administrative costs may not be offset as quickly.
The steps below describe how to migrate a network from IPX to IP starting
with the leaf networks first.
1 Identify the nodes and links that form the backbone of the network.
2 Select and upgrade/install some servers in the backbone to serve as
Migration Agents.
3 Select the leaf portion of the network to be migrated. This may be a group
of segments connected to the backbone via a WAN link. Migrate the
selected portion of the network following the steps outlined in “Migrating
a Section of the Network” on page 42.
4 Repeat Step 3 until all networks connected to the backbone are migrated.
5 Migrate the backbone section using the steps outlined in “Migrating a
Section of the Network” on page 42.
network.

103-000145-001
August 30, 2001
Novell Confidential
Figure 10 Migrating a Leaf of the Network First
Servers . . . Clients . . .
Segment C
WAN WAN
link link
Servers . . .
Router B Router C
Segment B Se
Router A
Clients . . . Servers . . . Clients . . .
Segment A
1 Identify Segment C as the backbone.

2 Upgrade/Install two servers in Segment C as NetWare 6 Migration
Agents.
3 Upgrade/install servers in as NetWare 6 Migration Agents to minimize
performance degradation while these segments are being migrated.
4 Migrate Segment A and Segment B, following the steps outlined in
“Migrating a Section of the Network” on page 42.
5 Turn off IPX routing in routers A and B when all the nodes in the section
have been migrated to IP only.
6 Migrate Segments C and D following the steps outlined in “Migrating a
Setting Up 45

103-000145-001
August 30, 2001
Novell Confidential
Migrating the Backbone First

Migrating the backbone first alleviates administrative costs associated with
maintaining IPX over the backbone. This migration path requires the
following before IPX routing is disabled on the backbone:
Migration Agents at each of the segments connected to the backbone
Backbone Support feature enabled in the Migration Agents
Migration Agents with the Backbone Support feature enabled can
interconnect IPX segments by exchanging RIP and SAP information and by
routing encapsulated IPX datagrams.
The steps below describe how to migrate a network from IPX to IP starting
with the backbone first.
1 Identify the nodes and links that form the backbone of your network.
2 Select and upgrade/install some servers in each of the segments
connected to the backbone to serve as Migration Agents with the
Backbone Support feature enabled.
3 Migrate the backbone section using the steps outlined in “Migrating a
4 Select a leaf portion of the network to migrate. This can be a group of
segments connected to the backbone via a WAN link. Migrate the selected
portion of the network following the steps outlined in “Migrating a
5 Repeat Step 4 until all networks connected to the backbone are migrated.
network.

103-000145-001
August 30, 2001
Novell Confidential
Figure 11 Migrating the Backbone First
Segment A
Router A
WAN
link
Segment B
WAN WAN
link link
Router B Router C
Segment C Segment D
Servers . . . Clients . . . Servers . . . Clients . . .
1 Identify Segment B as the backbone.

2 Upgrade/Install one or two servers in segments A, C, and D as NetWare
6 Migration Agents with the Backbone Support feature enabled.Migrate
Segment B (the backbone segment) using the steps outlined in “Migrating
a Section of the Network” on page 42. Turn off IPX routing in routers A,
B, and C to complete the migration of Segment B. Migrate segments A,
C, and D using the steps outlined in “Migrating a Section of the Network”
on page 42.
Setting Up 47

103-000145-001
August 30, 2001
Novell Confidential
Avoiding Inefficient Routing

The following two examples show problems that you can avoid by carefully
selecting the placement of Migration Agents in the network.
Example 1
The following figure shows a client installed as IP only in Segment C trying
to communicate with an IPX server in Segment A. The IPX server knows that
the client is part of the virtual CMD network and that Routers 1 and 2 present
equally efficient paths to the CMD network server (the Migration Agent
servers present the CMD network route to the routers attached to their network
segment).
Under this scenario, Server A might choose to route packets to Client A
through Router 1, resulting in the packets following the inefficient path shown
by the broken line in the figure.
Figure 12 Sample Network Setup for Example 1
IPX
Server A
Segment A
Router 1 Router 2
Segment B Segment C
Migration Migration Client A

Agent 1 Agent 2
IP only

103-000145-001
August 30, 2001
Novell Confidential
The problem presented here could be solved by placing a Migration Agent in

Segment A as shown in the foloowing figure. The Migration Server would
then present to Server A the best route to the CMD network and the packets
from Server A to Client A would follow the path shown by the broken line.
IPX Migration
Server A Agent 3
Segment A
Router 1 Router 2
Segment B Segm
Migration Migration Client A

Agent 1 Agent 2
IP only
Example 2
Figure 14 on page 50 shows segments A and B interconnected via a WAN link.
Nodes A and B want to communicate, but they can do so only through the
Migration Agent in Segment A. Under this scenario, packets sent between
Node A and Node B are forced to traverse the WAN link twice, as shown by
the broken line, resulting in poor performance.
Setting Up 49

103-000145-001
August 30, 2001
Novell Confidential
Migration
Agent
Segment A
WAN
link
Router
Segment B
Client A Client B
IP only IPX only
The problem could be solved by placing a Migration Agent in Segment B as

shown in the following figure.

103-000145-001
August 30, 2001
Novell Confidential
Migration
Agent
Segment A
WAN
link
Router
Segment B
Client A Migration Client B

Agent
IP only IPX only
SAP/RIP Filters and the Migration Agent Backbone

Support Feature
If the Backbone Support feature of the Migration Agents is enabled, then the
SAP/RIP information exchange between these agents can bypass the SAP/RIP
filters that you might have set up in your routers. Refer to the Migration Agent
documentation to learn how to set up SAP/RIP filters using the Migration
Agents.
Placing of SLP Directory Agents

If you set up the SLP infrastructure using Directory agents, and if you rely on
the IPX Compatibility feature to accomplish the migration, you must place
Directory agents so as to minimize the round trip distance between the IP only
nodes and their closest Directory agent. This is necessary to avoid having IPX
applications timing out when they perform RIP or SAP requests.
Setting Up 51

103-000145-001
August 30, 2001
Novell Confidential
Turning Off Microsoft IPX Networking

Clients might be set up to use Microsoft Networking over IPX and/or IP. If
clients are set up this way and you want to migrate them from IPX to IP, you
should first enable Microsoft Networking over TCP/IP and then disable
Microsoft Networking over IPX. This might be necessary to reduce the
demand on the services provided by the IPX Compatibility feature.
Migrating To Have an IP Only Network Eventually

Use this migration method when pure IP is desired but there is no immediate
need to remove IPX from the network.This migration path requires migration
of all applications from IPX to IP before IPX is disabled on the
network.Applications are considered IPX applications if they use the
interfaces provided by the IPX stack, or if they specify IPX addresses when
trying to establish NCP connections. The best way to identify IPX
applications is to run them on a test network on which IPX is absent (no IPX
stacks loaded). Many applications let you specify the networking protocol to
use when communicating.NetWare clients must be configured twice during
the course of the migration. The cost of modifying client configurations can
be minimized by taking advantage of the Automatic Client Upgrade feature
for Novell Clients and the Workstation Manager feature of NDS®.If you later
discover that applications require IPX, you must switch to one of the other
migration strategies:
Migrating to Obtain Internet Connectivity (page 42)
Migrating to Cut IPX Administrative Costs (page 42)
Migrating from IPX to IP without Using the IPX

Compatibility Feature
The steps below describe how to migrate a network from IPX to IP without
relying on the IPX Compatibility feature.
1 Identify IPX applications and make sure that they can be configured/
upgraded/replaced to run over the TCP/IP stack.
2 Start upgrading/installing your servers and clients using the IP and IPX
option.
3 Start migrating applications from IPX to IP.

103-000145-001
August 30, 2001
Novell Confidential
4 Turn off IPX networking at the routers when all the IPX applications have
been migrated and all the NetWare servers and clients have been
upgraded/installed using the IP and IPX option.
5 Modify the configuration of the NetWare servers and clients to be IP only
servers and clients.
Configuring the Compatibility Mode

Compatibility Mode can be loaded in two different modes. When you enter the
command, SCMD.NLM, the product is loaded in Compatibility Mode Server
mode. To enable the Migration Agent (MA) use the /MA option.
Enabling the Migration Agent

By default, loading SCMD.NLM makes a server a simple Compatibility Mode
server. To force it to act as a Migration Agent, enter the following command:
Load Scmd.Nlm /ma
The Compatibility Mode will act as a Migration Agent which can

communicate and exchange details about connected Internetwork Packet
Exchange (IPX) service information with similar Migration Agents. This
facilitates connecting disconnected IPX segments across an IP backbone.
Changing the CMD Network Number

This option can be used when the SCMD.NLM is running either in the
Compatibility Mode Server or Migration Agent mode.
By default, the CMD IPX network number is set to FFFFFFFD. This can
either be changed through the Monitor screen or using the SET command line
parameter.
Set Cmd Network Number=XXXXXXX
The SCMD module must be loaded before changing the value. Subsequently,
unload and reload the module for the change to take effect permanently.
Optionally, the CMD network number can be changed dynamically while
loading the module. To do this, at the console prompt type:
Load Scmd /Net=XXXXXXX
IMPORTANT: In NetWare 4.11 this option changes the network number
temporarily. Once you unload and reload without specifying the /Net option, it will
reset to the original network number.
Setting Up 53

103-000145-001
August 30, 2001
Novell Confidential
Setting the Preferred IP Address

If multiple IP interfaces are present in the server, you can set the preferred IP
address to be used by CMD. Enter the following command:
Set Preferred IP Address=XX.XX.XX.XX
This option can be used when the SCMD.NLM is running either in the
Compatibility Mode Server mode or Migration Agent mode.
Optionally, the Preferred IP address can be changed dynamically while
loading the module. To do so, at the console prompt type:
Load Scmd /PrefIP=XX.XX.XX.XX
Configuring the Preferred Migration Agent

The CMD server when configured on the network, will register itself with
Service Location Protocol (SLP) and register information about the Migration
Agents. It will query the SLP Server Agent or Directory Agent every five
minutes to refresh its records. CMD clients attached to this server can access
all the services that the server can access. This option can be used only when
SCMD.NLM is running in CMD Server mode.
If there are any Migration Agents available on the network, the CMD server
will discover the registered Migration Agent from the SLP database and
register it with the Migration Agent.
IPX services discovered by the Migration Agent are not registered with the
SLP database. The Migration Agent will initially register its own services with
SLP and get information about all the registered services. Once the CMD
server has registered with the Migration Agent, it will get updates from the
Migration Agent through a transfer.
The CMD server algorithm will discover the best Migration Agent registered
with SLP. However, you can statically set the list of Migration Agents by
typing:
Set Preferred Migration Agents List = IP Address/
You can specify a list of preferred migration agents which this node will be
using. The list should not exceed five, should be separated by semi-colons,
and end with a slash (/). For the changes to be effective, unload and reload the
SCMD.NLM.

103-000145-001
August 30, 2001
Novell Confidential
Setting the SCMD.NLM to Provide IP Backbone Support

By default, IP Backbone is enabled when the SCMD.NLM is loaded using the
/MA option. Ensure the following:
Each IPX disconnected network has at least one Migration Agent running
SCMD.
All the Migration Agents should have NetWare Link Service Protocol
(NLSP) routing enabled and should have the same CMD network
number.
SLP visibility exists among all the Migration Agents.
User Datagram Protocol (UDP) communication (Port 2645) is enabled
between all the Migration Agents.
To check whether IP Backbone is working, enter the following command:
Display Servers
This command will display all the services of which the server is aware.
Configuring for SLP Independent Backbone Support

You can configure CMD not to be dependent on SLP to discover other
Migration Agents in the network. By default, the product uses SLP to discover
Migration Agents in the network. To make it SLP independent, enter the
following command at the console prompt:
Set No SLP Option = ON
When the product is operating in the SLP independent mode, you can set the
time for the Migration Agents to exchange discovery information with each
other. The default value is 10 minutes.
NOTE: The time set using this option will not affect the actual service and route
information exchange.
To set the communication time, enter the following command:

Set MA Communication Time = X minutes
The communication time should be the same for all the Migration Agents on
the network.
Setting Up 55

103-000145-001
August 30, 2001
Novell Confidential
Optionally, you can load CMD in the SLP-independent mode and set the
communication time for the Migration Agents to communicate with each
other. To do so, at the console prompt type:
Load Scmd /Noslp /Synctime = X minutes
You can specify the Preferred Migration Agents which this node will be using.
To set the Preferred Migration Agent List, enter the following command:
Set Migration Agent List = IP Address/
This list should not exceed five, the IP addresses should be separated by a
semi-colon, and the list should end with a slash (/). Optionally, you can load
CMD specifying the preferred Migration Agents which this node will be
using. To do so, enter the following command at the console prompt:
Load Scmd /ma/ noslp /MAADDR=XX.XX.XX.XX;XX.XX.XX.XX/
Enable Filtering
You can configure the Migration Agent to filter some of the IPX services and/
or networks between two Migration Agents. This option can be used only
when SCMD.NLM is running in Migration Agent mode. Before using the
filtering option, run the FILTCFG utility to set the filters. Refer to the
FILTCFG documentation available at http://www.novell.com/documentation/
lg/nw5/docui/index.html.
To enable filtering, enter the following command:
Scmd /filter
Viewing the Migration Agent List

You can in identify the number of Migration Agents the CMD server knows
at any point. To view the information, enter the following command:
Scmd /MAList
Updating the Router Table

You can update the SAP and RIP information in the Router table using the
following command:
Scmd /Sync
The information will be gathered from the Migration Agents to which the
CMD server is connected, and the Router table will be updated. This option
can be used when the product is running in CMD server mode.

103-000145-001
August 30, 2001
Novell Confidential
Viewing the CMD Server Statistics

You can use the statistics option to view the current status of the CMD server
or Migration Agent. Enter the following command to view the information on
the CMD information screen:
Scmd /stat
If you want the information to be sent to a file, enter the following command:
Scmd /stat [/Dump]
The information will be written in the CMDSTAT.DAT file in the SYS:\ETC\

directory.
You can use the /search option to list the names of the services the CMD server
or the Migration Agent have located. You can also search for the net number
of the CMD server or Migration Agent. Enter the following command:
Scmd /search [NAME=service name] [NET=net number] [/Dump]
The parameter service name can take one of the following values:
The wildcard *, which will locate all the services in the network
The exact name of the service, for example BLR-ENGR3
The name followed by an asterisk (*), for example BLR*
For the parameter net number you can enter FFFFFFF to list all the services
in the network, or you can enter the matching net number.
Supporting the Network Address Translator

Network Address Translation (NAT) provides a transparent routing solution
using the hosts in a private network that can access an external network and
vice versa. IP address translation is required when a network's internal address
cannot be used outside the network either for reasons of privacy or because the
IP addresses are invalid for use outside the network. Since CMD packets have
IP addresses inside their payload, IP address translation cannot work over
NAT without this feature.
The following diagram is an example on how NAT support can be
implemented. The CMD network spreads across the intranet (which uses the
private addressing scheme) and Internet (which uses the public addressing
scheme). A network with NAT enabled at its border is called a private realm.
The network may or may not use private IP addresses. The Internet is called a
Setting Up 57

103-000145-001
August 30, 2001
Novell Confidential
public realm. A realm should be assigned a unique name. The next figure
depicts two private routing realms, BLR and Provo, connected by a public
realm to the Internet. To enable CMD communication between BLR and
Provo, use the options mentioned in “Configuring CMD to Support NAT” on
page 59.
Figure 16 Two private routing realms, BLR and Provo, connected by a public realm to the Internet
Pb-CMD-Clnt Pb-MA
201.1.1.3 201.1.1.2
201.1.1.1
Internet
NAT Router
172.16.1.1
137.65.2.1 NAT Router

Prv-CMD1 10.1.1.1 Blr-CM
172.16.1.4 10.
193.97.92.1
NAT Realm: NAT Realm:

Provo Blr
Prv-MA Prv-CMD-Clnt1 Blr-MA Blr-CMD

172.16.1.2 172.16.1.3 10.1.1.2 10.1.1.3

103-000145-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
A sample configuration for a section of the network is given below:
Prv-MA Blr-CMD PB-CMD-CLNT
NAT realm = Provo NAT Realm = Blr Preferred MA List = 172.16.1.2

201.1.1.2
Public IP Address = 137.65.2.2 Public IP Address = 193.97.54.3 NA
Public IP Subnet = 255.255.0.0 Public IP Subnet = 255.255.255.0 NA
Local client number = 172.16.0.0/ Local client number = 0.0.0.0/ NA
The NAT support feature cannot be used when CMD is running in SLP-
independent mode. The CMD to MA communication across NAT is not
supported. We recommend that the CMD should be loaded as an MA for such
a communication to happen.
Configuring CMD to Support NAT
To enable the NAT support feature through the SET command, enter the
following command:
Set Cmd Nat Support Option = ON
If SCMD.NLM is running, unload and load the NLM for the changes to be
effective.
To configure CMD to support NAT, as a load line command, enter:
scmd /ma /nat;Public IP Address;Public IP Subnet;Nat Realm
Name;Local IP Network no.1;...Local IP Network no.n /
The load line command is equivalent to using the SET command options given
below. The parameters are explained in “NAT Support Configuration
Parameters” on page 60.
If the MA is in a public realm, enter the following command to support NAT:
scmd /ma /nat
Here, parameters like Public Address, Private IP Subnet, etc., will be assigned
default values.
Setting Up 59

103-000145-001
August 30, 2001
Novell Confidential
You can also use the SET command to configure the CMD for NAT support.
These options are listed below. To assign the public IP address, enter the
following command:
Set Public IP Address = XX.XX.XX.XX
To assign the public IP subnet, enter the following command:

Set Public IP Subnet = XX.XX.XX.XX
To assign the NAT realm, enter the following command:

Set NAT Realm Name = "string"
To assign the local clients IP network numbers, enter the following command:
Set Local Clients IP NetNumber List =
XX.XX.XX.XX;XX.XX.XX.XX/
NAT Support Configuration Parameters
Public IP Address
This is the IP address assigned by the NAT device to a server. Enter the value
in dotted decimal format. By default, the value is set to "0.0.0.0". The public
address is a unique global IP address that is statically configured in the NAT
router.
Public IP Subnet
This is the subnet number of the public IP address assigned by the NAT device
to a server. Enter the value in dotted decimal format. By default, the value is
set to "0.0.0.0".
NAT Realm
This is a realm identifier given to a private routing realm. Enter a string (not
exceeding 30 characters). By default, the value is set to "NONE". The name
should be unique for all private realms.
Local IP Network no.1...Local IP Network no.n
These are a list of IP clients network numbers. Enter the value in dotted
decimal format ; separate each network number by a semi-colon. These
network numbers correspond to clients on the private realm of the CMD
server. You need to specify network numbers of local CMD clients when
CMD clients on the public network are statically pointng to CMD servers or
MAs in the private realm to avoid any errors. If no CMD clients in the public
network are pointing to CMD servers or MAs in the private realm, it is not
necessary to set this parameter.

103-000145-001
August 30, 2001
Novell Confidential
Troubleshooting the NAT Support Feature
If the NAT support feature is not working, check whether:

The Service Location Protocol Directory Agent (SLPDA) has been
loaded on one server and pointed to by all the servers that need to
communicate using NAT.
The NAT router public interface has been set to RIP Receive Only.
All clients in the private realm are pointing to a private interface of the
NAT router.
Default routers are specified on servers.
Set the value for NAT Dynamic mode to pass through to "ON". Also, use
display SLP services to see if the services are visible on both sides of the NAT
router.
Setting Up 61

103-000145-001
August 30, 2001
Novell Confidential

103-000145-001
August 30, 2001
Novell Confidential
4 Optimizing
Once your network is running, the protocols associated with IP and IPXTM are
largely responsible for auto-tuning themselves based on network conditions.
There are, however, some settings that you can change to further optimize the
way your server receives and forwards packets. See the following topics:
“Using Large Internet Packets” on page 63
“Using Packet Burst” on page 64
“Increasing Maximum and Minimum Packet Receive Buffers” on page
65
Using Large Internet Packets

Large Internet Packet (LIP) functionality allows the maximum size of
internetwork packets to be increased. (Formerly, the maximum size was 576
bytes.)
In NetWare® versions earlier than 4.11, the workstation initiated a negotiation
with the NetWare server to determine an acceptable packet size. If, during this
negotiation, the server detected a router between it and the station, the server
limited the maximum packet size to 576 bytes.
However, some network architecture, such as Ethernet and Token ring, can
support packets larger than 576 bytes. Thus LIP allows the workstation to
determine the packet size based on the maximum size supported by the router.
To implement LIP functionality for a Windows 95/98 or Windows NT
workstation, do the following:
1 Click Start > Settings > Control Panel > Network > NetWare Client >
Properties.
2 On the Advanced Settings tab, select Large Internet Packets and click
ON.
Optimizing 63

103-000145-001
August 30, 2001
Novell Confidential
3 Click Large Internet Packet Start Size and enter the size.
4 Click OK.
Using Packet Burst

The Packet BurstTM protocol speeds the transfer of NCPTM data between a
workstation and a NetWare server by eliminating the need to sequence and
acknowledge each packet. With Packet Burst protocol, the server or
workstation can send a whole set (burst) of packets before it requires an
acknowledgment.
Figure 17 Packet Burst Protocol
Without Packet Burst
Packet 1 sent
Packet 1 acknowledged
Client Packet 2 sent

NetWare
server
Packet 2 acknowledged
With Packet Burst
First burst of packets sent
Acknowledged
Client Second burst of packets sent

NetWare
server
Acknowledged
By allowing multiple packets to be acknowledged, Packet Burst protocol

reduces network traffic.
Packet Burst protocol also monitors dropped packets and retransmits only the
missing packets.
NOTE: NetWare doesn't require an NLMTM to enable Packet Burst at the server.

103-000145-001
August 30, 2001
Novell Confidential
For workstations to send and receive Packet Burst data, you must enable
Packet Burst under the NetWare DOS Requester (for DOS or Windows 3.x) or
under the Novell Client Properties, Advanced Settings (for Windows 95 or
Windows NT).
For the procedures, see the help files associated with your client software.
When Packet Burst-enabled servers or workstations transfer data to servers or
workstations that don't have Packet Burst enabled, the data defaults to normal
NCP mode (one-request/one-response).
Increasing Maximum and Minimum Packet Receive

Buffers
Packet receive buffers (also called communication buffers) store incoming
data packets until they can be processed by the server.
The operating system allocates a minimum number of packet receive buffers
as soon as the server boots. The minimum number is specified by the
Minimum Packet Receive Buffers server parameter.
A maximum number of packet receive buffers is specified by the Maximum
Packet Receive Buffers server parameter.
To determine how many buffers the server is currently allocating, refer to the
Packet Receive Buffer value in the General Information window of
MONITOR.
Increasing the Maximum Number of Packet Receive Buffers

If the server is slowing down and losing workstation connections, it might be
running out of packet receive buffers. In this case, you can increase the
Maximum Number of Packet Receive Buffers.
The General Information window of MONITOR displays the total number of
packet receive buffers that are currently allocated.
1 From MONITOR's Available Options, select Server Parameters >
Communications.
A list of Communications Parameters is displayed in the upper window.
The scroll thumb on the right of the window indicates that you can use the
arrow keys to scroll the list.
NOTE: You can also use the SET command to set comunications parameters at
the server console prompt. See Reference > Utilities Reference > Utilities > SET.
Optimizing 65

103-000145-001
August 30, 2001
Novell Confidential
2 Scroll down the Communications Parameters list.

3 Select Maximum Packet Receive Buffers.
4 Increase the value of this parameter and press Enter.
A good guideline is to set this value to twice the size of the Minimum
Packet Receive Buffer value. The changed value is now persistent.
For additional suggestions, see the discussion of the Maximum Packet
Receive Buffer parameter in SET Communication Parameters.
Increasing the Minimum Number of Packet Receive Buffers

Use the following procedure to increase the minimum number of packet
receive buffers if the allocated number is higher than 10 and the server doesn't
respond immediately after starting.
1 From MONITOR's Available Options, select Server Parameters >
Communications.
A list of Communications Parameters is displayed in the upper window.
The scroll thumb on the right of the window indicates that you can use the
arrow keys to scroll the list.
NOTE: You can also use the SET command to change parameter values at the
server console prompt. See Reference > Utilities Reference > Utilities > SET.
2 Scroll down the Communications Parameters list.

3 Choose Minimum Packet Receive Buffers.
4 Increase the value of this parameter.
A good guideline is to allocate at least two packet receive buffers for each
workstation connection. The changed value is now persistent.
For additional suggestions, see the discussion of the Minimum Packet
Receive Buffer parameter in SET Communication Parameters.
NOTE: The Minimum Packet Receive Buffers value should be smaller than the
Maximum Packet Receive Buffers value. If it is greater than the maximum value,
the system changes the maximum value to match the minimum value.

103-000145-001
August 30, 2001
Novell Confidential
5 Managing
Once your network is running, network communications management

involves maintaining the physical connections between machines and
maintaining the drivers that communicate with the network board. To use a
network board, the LAN driver must be bound to the board. The following
topics describe the procedures used to maintain communications between
servers:
“Overview of Loading and Binding LAN Drivers” on page 67
“Loading and Binding LAN Drivers” on page 68
“Unbinding and Unloading LAN Drivers” on page 70
“Using Logical Boards” on page 71
“Removing Network Boards” on page 72
“Resetting Network Boards” on page 73
For ways to prevent physical communication problems, see “Preventing
Cabling Problems” on page 74.
Overview of Loading and Binding LAN Drivers

After you add a network board to your NetWare® server, you must load the
corresponding LAN driver. LAN drivers have .lan extensions.
When you load the LAN driver, you must specify one or more frame types for
the driver. Loading a LAN driver establishes a network connection (if the
server is physically connected to the network cabling). The frame type
specifies how packets will be formatted for transmission across the network.
You can load more than one frame type with each driver.
Managing 67

103-000145-001
August 30, 2001
Novell Confidential
Once the LAN driver is loaded, you must bind the LAN driver to a
communication protocol. Binding a LAN driver assigns a network
communication protocol to the driver and the network board. Without a
protocol, the LAN driver can't process packets, and workstations attached to
the cabling scheme from that board can't log in.
The protocol is actually bound to a protocol ID (PID) that is part of a frame
type. Because a frame type can have multiple PIDs, you can bind one LAN
driver and one frame type to multiple protocols. You can also bind the same
protocol to more than one LAN driver.
To load and bind LAN drivers, you can use
NWCONFIG NLMTM
LOAD and BIND commands
If you know the parameters required by the communication protocol, you
can use the LOAD and BIND commands to load and bind LAN drivers at
the server command line. For more information, see BIND and LOAD in
Loading and Binding LAN Drivers

When you bind the IPXTM protocol to a board, you specify the cabling
scheme's IPX external network number.
The IPX external network number is a hexadecimal number. This number
must be the same for all boards cabled together that use the same frame type.
The IPX external number must be different from the number used by boards
of other frame types and must be different from the addresses of other cabling
systems on the network. The cabling scheme's IPX external network number
must also be different from the internal network address for any node on the
network.
The following procedure explains how to use NWCONFIG to load a LAN
driver and bind a protocol.
1 At the server console prompt, enter
[LOAD] NWCONFIG
2 Select Driver Options > Configure Network Drivers.

103-000145-001
August 30, 2001
Novell Confidential
3 If you want NetWare to automatically detect all the drivers that are
compatible with your network boards, select Discover and Load
Additional Drivers; otherwise, skip to Step 5.
NetWare automatically finds the parameter values for the driver, loads the
driver with the parameters, and then discovers the IPX protocol for the
frame type supported for the driver.
NetWare then displays the IPX internal and external network addresses in
a confirmation box.
NOTE: In machines with PCI buses and sometimes in machines with EISA
hardware, NWCONFIG might not detect all the drivers associated with the LAN
adapters. In other cases, NWCONFIG might find more than one compatible driver
for an adapter. When this happens, NWCONFIG displays a message listing the
hardware. The message prompts you to press Enter to see a list of all available
drivers for the hardware. Press Enter, then Go to Step 6.
4 Confirm the addresses.

After you confirm the addresses, NetWare binds the protocol to the driver.
If you want to load additional drivers that are not autodetected, continue
with Step 5.
5 To select a driver from all the available drivers, choose Select an
Additional Driver.
The screen displays a list of all available drivers.
6 Select the driver you want to load, or, if the driver is not on the list, press
<Insert>.
If you press <Insert> to load an unlisted driver, follow the screen prompts.
If you select a listed driver, continue with Step 7.
NOTE: For some drivers, a message might appear indicating that the driver must
be loaded manually (at the console prompt). To load a driver manually, follow the
screen prompts or press <F1> for more information.
7 Choose Select/Modify Driver Parameters.

The screen displays a window where you can set values for driver
parameters. Depending on the driver you selected, a window containing
protocol options might also be displayed. The cursor is active in the
protocol options window, if it is displayed.
8 If the window containing protocol choices is displayed, check the
protocol you want to use.
9 If you checked TCP/IP, enter the IP address and the IP mask.
Managing 69

103-000145-001
August 30, 2001
Novell Confidential
10 Use the down arrow key to move the cursor to the parameter window;
enter parameter values as needed.
Press <F1> for help if necessary.
In some cases, the system displays a pop-up list of values for the field
from which you select the desired value. In other cases, you must type in
a value and press <Enter> to move to the next field.
You can also specify a specific frame type if desired. If you do not specify
a particular frame type, all frame types are loaded automatically, but only
those found on the network are actually bound to the driver.
11 (Optional) To specify a particular frame type for an Ethernet driver, press
<F3> to display a list of frame types. Use the arrow keys to move up and
down the list. Press <Enter> to select a frame type. When finished, press
<Esc>.
12 When finished, press <F10> to save the values and exit the window.
The system loads the LAN driver and then displays a confirmation
window containing the command line to bind the protocol with the
specified frame type.
At this point, you can either confirm binding of the protocol with the
specified frame type or change the frame type.
13 To bind the protocol, press <Enter>. To display the command line with a
different frame type, press <F3>, then press <Enter> when the desired
frame type is displayed.
NWCONFIG automatically places the LOAD and BIND commands in the
autoexec.ncf file.
Unbinding and Unloading LAN Drivers

To remove a communication protocol from a board and driver, you can use the
UNBIND console command. If you have loaded the driver more than once,
specify the board you want to unbind. See UNBIND in Utilities Reference.
When the protocol is unbound, users attached to the cabling scheme of the
board can't log in. If users are already logged in, they receive a message when
they attempt to access the server.
To unload a LAN driver, use the UNLOAD command or NWCONFIG. See
NWCONFIGUNLOAD in Utilities Reference.

103-000145-001
August 30, 2001
Novell Confidential
Using Logical Boards

A LAN driver can be loaded with multiple frame types. Each instance of a
LAN driver and an associated frame type is one logical board. Therefore,
while there might be only one physical network board in the server with one
LAN driver, there can be multiple logical boards.
For example, if your server contains an NE2000TM board, you can load the
NE2000 LAN driver with frame types Ethernet_802.2 and Ethernet_II. In this
situation there is one physical board and one LAN driver, but there are two
logical boards.
In older versions of NetWare, you could not unload individual logical boards.
To remove a particular logical board, you had to unload the LAN driver, which
in turn deactivated all network adapters associated with the LAN driver, and
also unloaded all the frame types associated with the driver. You then had to
reload the driver for each board you wanted to use and each frame type you
wanted to keep. On large networks this process was extremely time
consuming.
In NetWare, you can now unload, shut down, and reset individual logical
boards, and also remove or reset individual adapters associated with a LAN
driver.
Unloading Logical Boards

1 Determine the logical board number or name.
A name can be assigned to a logical board when the board is loaded with
the LOAD command. If no name was assigned to the board, you can
determine the logical board number by using MONITOR.
1a At the server console prompt, load MONITOR.
1b Select LAN/WAN Drivers and highlight the desired LAN driver.
A screen is displayed containing the logical board numbers and other
data associated with the driver. Note the logical board number you
want to unload.
2 Enter the following at the server console prompt:
REMOVE NETWORK INTERFACE board_number | board_name
Specify either the logical board number or the board name. NetWare
unloads the logical board and deletes its resources.
Managing 71

103-000145-001
August 30, 2001
Novell Confidential
Shutting Down and Resetting Logical Boards

You can shut down a logical board without removing its resources. In this
case, you can restart the board, if needed, without reloading and binding the
LAN driver.
1 Determine the logical board number or name.
A name can be assigned to a logical board when the board is loaded using
the LOAD command. If no name was assigned to the board, you can
determine the logical board number by using MONITOR.
A screen is displayed containing logical board numbers and other
data associated with the driver. Note the logical board number you
want.
SHUTDOWN NETWORK INTERFACE board_number | board_name
Specify either the logical board number or the board name.
3 To restart the logical board, enter the following at the server console
prompt:
RESET NETWORK INTERFACE board_number | board_name
NOTE: Resetting the logical board does not reset the network board.
Removing Network Boards

If you want to remove a network board and there is only one instance of the
board in the server, you can simply unload the LAN driver and physically
remove the board. Unloading the LAN driver releases the memory resources
used by the board and driver. See UNLOAD in Utilities Reference.
However, if you have several boards of the same kind in the server, and you
want to remove just one, removing the LAN driver would disable all the
boards. You would then have to reload and bind the LAN driver for each board
that remained in the server.
Use the following procedure to unload one board while keeping other boards
of the same type enabled.

103-000145-001
August 30, 2001
Novell Confidential
1 Determine the filename and the instance number for the board you want
to remove.
The filename is the name of the LAN driver, such as ne2000.lan.
The board instance number is the number of the board if there is more
than one board of the same type installed in the server.
A screen displays the instance number and other data for boards
associated with the driver. Note the instance number for the board
you want to remove.
REMOVE NETWORK ADAPTER filename,
[board_instance_number]
The network driver and its resources are deleted.
Resetting Network Boards

WARNING: Resetting a network board stops whatever work the board is doing
and resets it to a clean state.
Network boards will reset themselves automatically if something goes wrong.

About one reset a day is normal. A great number of resets, such as one reset a
minute, usually indicates a hardware problem.
Resets are included in the LAN statistics displayed in MONITOR.
Sometimes it is useful to reset a board manually if you suspect a problem with
the hardware. Resetting the network board also resets the logical boards
associated with the network board. (But resetting the logical board does not
reset the network board). Use the following procedure to reset a board.
1 Determine the filename and the instance number for the board you want
to reset.
The filename is the name of the LAN driver, such as ne2000.lan.
The board instance number is the number of the board if there is more
than one board of the same type installed in the server. If there is only one
instance of the board, you do not need the board instance number.
Managing 73

103-000145-001
August 30, 2001
Novell Confidential
A screen displays the instance numbers and other data for boards
associated with the driver. Note the instance number for the board
you want to remove.
RESET NETWORK ADAPTER filename,
[board_instance_number]
Include the board instance number only if there are multiple instances of
the same adapter in the server.
Preventing Cabling Problems

Use the proper cabling for your network topology as specified by IEEE.
Make sure cable segments do not exceed the recommended lengths.
Make sure cable segments are properly terminated for the type of cabling
being used.
Make sure terminators and in-line cable connectors are working properly.
If you are not sure whether a terminator or connector is working properly,
replace it. If the new components work properly, discard the old ones.
Make sure there are no breaks in the cable or shield. Use a time delay
reflectometer (TDR), a LANalyzer, or a volt ohm meter (VOM) to test
cabling for breaks in the cable conductor or shield.
Make sure cabling is routed away from devices that produce high electric
or magnetic fields, such as fluorescent lights, microwaves, radar, X-rays,
copy machines, etc.

103-000145-001
August 30, 2001
Novell Confidential
TCP/IP Administration Guide
Novell
NetWare 6 ®
www.novell.com
TCP/IP
August 30, 2001

Novell Confidential
Manual Rev 99a 27 18 April 00
Contents
About This Guide 9

1 Understanding 11
The TCP/IP Suite of Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Overview of TCP/IP Protocol Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Transport Layer Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
UDP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Internet Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Path Maximum Transfer Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Assigning IP Network Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Historic IP Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Identifying Network Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Selecting an Appropriate Address Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Reserved IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Physical and IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
IP Address to Physical Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Creating Subnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Subnet Addresses and Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Subnet Zero . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Variable Size Subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Assigning Subnet Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Broadcast Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Multicast Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Error and Control Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Router Discovery Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Router Discovery Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2 Novell TCP/IP 39
Selective Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Large Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
TCP Defend Fin Attack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Classless IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Multihoming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Load Balancing and Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Contents 5
NetWare TCP/IP Administration Guide

103-000151-001
August 30, 2001
Novell Confidential
Multiple Default Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Dead Gateway Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Probe Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Probe Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Path MTU Black Hole Detection and Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Provision of Non-ARPable Secondary IP Address . . . . . . . . . . . . . . . . . . . . . . . . 45
3 Setting Up 47
Configuring Boards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Loading INETCFG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Configuring a LAN Board . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Adding a New Board Driver or NLM File to Your System . . . . . . . . . . . . . . . . . . . 50
Enabling or Disabling a LAN Board . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Deleting a LAN Board . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Enabling TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Binding Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
4 SET Parameters 53
Configuration Using SET Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
ARP Cache Stale Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
ARP Cache Update Timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
BSD Socket Default Buffer Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Discard Oversized Ping Packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Discard Oversized UDP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
IP Address Duplicates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Large Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Largest Ping Packet Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Largest UDP Packet Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Maximum Packet Receive Buffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Maximum Pending TCP Connection Requests . . . . . . . . . . . . . . . . . . . . . . . . 56
Minimum Packet Receive Buffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Path MTU Black Hole Detection and Recovery . . . . . . . . . . . . . . . . . . . . . . . . 57
Selective Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
TCP Diagnostic Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
TCP Defend Fin Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
TCP Defend Land Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
TCP Defend SYN Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
TCP IP Maximum Small ECBs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
TOS Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5 Protocols 59
Configuring RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Configuring OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Basic OSPF Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Advanced OSPF Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Configuring Load Sharing over Equal-Cost OSPF Routes . . . . . . . . . . . . . . . . . . 68
6 NetWare TCP/IP Administration Guide

103-000151-001
August 30, 2001
Novell Confidential
Configuring Static Routes for LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

How to Configure a LAN Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Configuring a Default Gateway (LAN Static Route) . . . . . . . . . . . . . . . . . . . . . . 71
Comparing Different Default Gateway Configuration Methods . . . . . . . . . . . . . . . . . 73
Enabling Dead Gateway Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configuring Dead Gateway Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configuring Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Configuring Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Configuring Router Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Configuring Type of Service (TOS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Enabling TOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Assigning a TOS Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Configuring ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Disabling ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Enabling Proxy ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Enabling ARP Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Configuring ARP Cache Update Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Configuring ARP Cache Stale Timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Configuring Directed Broadcast Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Enabling Directed Broadcast Forwarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Configuring Source Route Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Configuring BOOTP Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Configuring EGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Configuring Multiple Logical Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Merging Two Networks When the Connecting Router Fails . . . . . . . . . . . . . . . . . . 85
Reassigning IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Adding New Nodes to a Full Subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Configuring a Secondary IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
6 Managing 89
Using the TCPCON Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Viewing TCP/IP Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Determining Whether a Remote TCP/IP Node Is Reachable . . . . . . . . . . . . . . . . . . . 91
Monitoring Error Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Monitoring TCP/IP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Checking the TCP/IP Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Monitoring the Configured TCP/IP Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Troubleshooting Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Common Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
LAN Connectivity Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Router Cannot Ping a Remote Router or the Internet . . . . . . . . . . . . . . . . . . . . . 98
Contents 7

103-000151-001
August 30, 2001
Novell Confidential
Routing Table Maintenance Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

IP Address Duplication across Machines . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Server Not Responding under Heavy Stress Conditions . . . . . . . . . . . . . . . . . . . 100
Load Not Balanced across NICs although LB is enabled in INETCFG . . . . . . . . . . . . 100
Network Traffic Is Not Balanced across NICs . . . . . . . . . . . . . . . . . . . . . . . . . 101
Losing INETCFG Configuration Information upon Rebooting . . . . . . . . . . . . . . . . . 101
Loss of Secondary IP Address upon Deleting Any Binding . . . . . . . . . . . . . . . . . . 101
A Planning 103
Configuration Decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
B TCP/IP Database Files 107

Configuring Database Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
HOSTS File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
NETWORKS File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
PROTOCOL File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
SERVICES File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

103-000151-001
August 30, 2001
Novell Confidential
About This Guide
This guide provides the information you need to configure and manage the
Novell® TCP/IP networking software. In addition to planning information,
this guide provides troubleshooting tips, techniques, and tools, as well as the
symptoms of and solutions to commonly occurring problems with the TCP/IP
components.
About This Guide 9

103-000151-001
August 30, 2001
Novell Confidential

103-000151-001
August 30, 2001
Novell Confidential
1 Understanding
This chapter introduces TCP/IP and provides an overview of the TCP/IP suite
of protocols.
The following are discussed here:
“The TCP/IP Suite of Protocols” on page 11
“Overview of TCP/IP Protocol Usage” on page 13
“Transport Layer Protocols” on page 15
“Internet Protocol” on page 18
“Assigning IP Network Addresses” on page 21
“Physical and IP Addresses” on page 26
“Creating Subnets” on page 28
“Routing” on page 35
“Error and Control Messages” on page 37
“Router Discovery Protocol” on page 37
The TCP/IP Suite of Protocols

The protocols in the TCP/IP suite roughly correspond to a network
communications model defined by the International Organization for
Standardization (ISO). This model is called the Open Systems Interconnection
(OSI) reference model. The OSI model describes an ideal computer network
system in which communication on the network occurs between processes at
discrete and identifiable layers. Each layer on a given host provides services
to the layers above it and receives services from the layers below it. Figure 1
Understanding 11

103-000151-001
August 30, 2001
Novell Confidential
illustrates the seven layers of the OSI reference model, as defined by ISO, and
the roughly corresponding layers of the TCP/IP protocol suite.
Figure 1 OSI Reference Model
OSI Reference Model TCP/IP Protocol Suite
Layer Function Protocol
1 Application
2 Presentation TELNET FTP SMTP DNS SNMP
3 Session
4 Transport TCP UDP
ICMP RIP OSPF EGP

5 Network IP
ARP RARP
6 Data Link
Ethernet Token Other
7 Physical Ring Media
The layering system allows the developers to concentrate their efforts on the
functions in a given layer. It is not necessary for designers to create all the
mechanisms to send information across the network. They have to know only
what services the software needs to provide to the layer above it, what services
the layers below it can provide to the software, and which protocols in the
suite provide those services.
Table 1 lists some of the more common protocols in the TCP/IP suite and the
services they provide.
Table 1 TCP/IP Protocols
Protocol Service
Internet Protocol (IP) Provides packet delivery services (routing)

between nodes.
Internet Control Message Provides transmission of error and control

Protocol (ICMP) messages between hosts and routers.

103-000151-001
August 30, 2001
Novell Confidential
Protocol Service
Address Resolution Protocol Maps IP addresses to physical addresses.

(ARP)
Transmission Control Protocol Provides reliable data-stream delivery service

(TCP) between end nodes.
User Datagram Protocol (UDP) Provides unreliable datagram delivery service

between end nodes.
File Transfer Protocol (FTP) Provides application-level services for file

transfer.
TELNET Provides terminal emulation.
Routing Information Protocol Enables the exchange of distance vector

(RIP) routing information between routers.
Open Shortest Path First Enables the exchange of link state routing
(OSPF) information between routers.
Exterior Gateway Protocol Enables the exchange of routing information

(EGP) between exterior routers.
Overview of TCP/IP Protocol Usage

Applications developed for TCP/IP generally use several of the protocols in
the suite. The layers of the protocol suite is also known as the protocol stack.
User applications communicate with the top layer of the protocol suite. The
top-level protocol layer on the source computer passes information to the
lower layers of the stack, which in turn pass it to the physical network. The
physical network transfers the information to the destination computer. The
lower layers of the protocol stack on the destination computer pass the
information to higher layers, which in turn pass it to the destination
application.
Each protocol layer within the TCP/IP suite has various functions; these
functions are independent of the other layers. Each layer, however, expects to
receive specific services from the layer beneath it, and each layer provides
specific services to the layer above it.
Figure 2 on page 14 shows the TCP/IP protocol layers. The layers at the same
level on the source and destination computers are peers. For example, the
application on the source computer and the application on the destination
Understanding 13

103-000151-001
August 30, 2001
Novell Confidential
computer are peers. Each layer of the protocol stack on the source computer
communicates with its peer layer on the destination computer. From the
perspective of the software developer or user, the transfer takes place as if the
peer layers sent their packets directly to one another.
Figure 2 TCP/IP Model
Source Host Destination Host
Application Application
Messages or
Streams
Transport Transport
Datagrams
(UDP) or
Segments (TCP)
Internet Internet
IP Datagrams
Network Network
Interface Interface
Network Frames
Network Hardware
An application for transferring files with TCP, for instance, performs the
following operations to send the file contents:
1. The Application layer passes a stream of bytes to the Transport layer on
the source computer.
2. The Transport layer divides the stream into TCP segments, adds a header
with a sequence number for that segment, and passes the segment to the
Internet (IP) layer. A checksum is computed over the TCP header and
data.

103-000151-001
August 30, 2001
Novell Confidential
3. The IP layer creates a packet with a data portion containing the TCP
segment. The IP layer adds a packet header containing source and
destination IP addresses.
4. The IP layer also determines the physical address of the destination
computer or intermediate computer on the way to the destination host. It
passes the packet and the physical address to the Data-Link layer. A
checksum is computed on the IP header.
5. The Data-Link layer transmits the IP packet in the data portion of a data-
link frame to the destination computer or an intermediate computer. If the
packet is sent to an intermediate computer, steps 4 through 7 are repeated
until the destination computer is reached.
6. At the destination computer, the Data-Link layer discards the data-link
header and passes the IP packet to the IP layer.
7. The IP layer checks the IP packet header. If the checksum contained in the
header does not match the checksum computed by the IP layer, it discards
the packet.
8. If the checksums match, the IP layer passes the TCP segment to the TCP
layer.
9. The TCP layer computes a checksum for the TCP header and data. If the
computed checksum does not match the checksum transmitted in the
header, the TCP layer discards the segment. If the checksum is correct and
the segment is in the correct sequence, the TCP layer sends an
acknowledgment to the source computer and passes the data to the
application.
10. The application on the destination computer receives a stream of bytes,
just as if it were directly connected to the application on the source
computer.
Transport Layer Protocols

The Transport layer of the TCP/IP protocol suite consists of two protocols,
UDP and TCP. UDP provides an unreliable connectionless delivery service to
send and receive messages. TCP adds reliable byte stream-delivery services
on top of the IP datagram delivery service.
The ports numbered between 1 and 1,023 are well-known port numbers. For
dynamically bound ports, an application requests that UDP assign a port to
Understanding 15

103-000151-001
August 30, 2001
Novell Confidential
identify which port the process uses. The port must be in the range of 1,024 to
65,535.
UDP
UDP identifies applications through ports. The protocol defines two types of
protocol ports: well-known port assignments and dynamically bound ports.
For well-known port assignments, certain UDP port numbers are reserved for
particular applications. Then the application can direct UDP datagrams to that
port.
UDP enables multiple clients to use the same port number and different IP
addresses. The arriving UDP datagrams are delivered to the client that
matches both the destination port number and address. (A socket consists of
an IP address and the port number.) If there is no matching client or if the
ICMP destination is unreachable then a port unreachable message is sent and
the packet is dropped.
The UDP datagram is encapsulated in an IP datagram that, in turn, is
encapsulated in physical frames. Figure 3 on page 17 shows a UDP datagram
encapsulated in an IP datagram, which, in turn, is encapsulated in an Ethernet
frame. It also illustrates how the concept of layering, discussed at the
beginning of this section, affects the construction of packets sent across the
network.

103-000151-001
August 30, 2001
Novell Confidential
Figure 3 A UDP datagram encapsulated in an IP datagram which, in turn, is encapsulated in an Ethernet

frame
UDP UDP
Header Data
Source Destination UDP

Port Port Data
UDP Datagram
IP
Header
IP Datagram
Frame Ethernet
Header CRC
Ethernet Frame
In this example, the IP address transmits the IP datagram to the node. At that
destination, the IP software extracts the UDP datagram and delivers it to the
UDP-layer software. The UDP-layer software delivers the UDP data through
the destination port to the receiving application. The process at that port uses
the data in the UDP datagram. The UDP datagram also contains a source port
to ensure that the destination process can reply correctly.
TCP
For applications that must send or receive large volumes of data, unreliable
datagram delivery can become burdensome. Application programmers might
have to develop extensive error handling and status information modules to
track the progress and state of data transfer for every application. The TCP/IP
suite of protocols avoids this problem by using TCP, a reliable byte-stream
delivery protocol. TCP establishes a connection between two applications and
sends a stream of bytes to a destination in exactly the same order that they left
the source. Before transmission begins, the applications at both ends of
transmission obtain a TCP port from their respective operating systems. These
are analogous to the ports used by UDP. The application initiating the transfer,
known as the client side, generally obtains a port dynamically. The application
Understanding 17

103-000151-001
August 30, 2001
Novell Confidential
responding to the transfer request, known as the server side, generally uses a
well-known TCP port. The client side is typically the active side and initiates
the connection to the passive server side.
Like the UDP datagrams, TCP segments are encapsulated in an IP datagram.
TCP buffers the stream by waiting for enough data to fill a large datagram
before sending the datagram. The stream is unstructured, which means that
before transmission of data, both the sending and receiving applications must
agree on the meaning of the contents of the stream. The TCP protocol uses
full-duplex transmission. Full duplex means that two data streams can flow in
opposite directions simultaneously. Thus, the receiving application can send
data or control information back to the sending application while the sending
application continues to send data.
The TCP protocol gives each segment a sequence number. At the receiving
end of the connection, TCP checks successive sequence numbers to ensure
that all the segments are received and processed in the order of the sequence
numbers. The receiving end sends an acknowledgment to the sender for the
segments received. TCP enables the sender to have several outstanding
segments before the receiver must return an acknowledgment. If the sending
node does not receive an acknowledgment for a segment within a certain time,
it retransmits that segment. This scheme, called positive acknowledgment with
retransmission, ensures that the stream delivery is reliable.
Internet Protocol
In the TCP/IP protocol suite, all packets are delivered by the IP datagram
delivery service. Packet delivery is not guaranteed by this service. A packet
can be misdirected, duplicated, or lost on the way to its destination. The
service is connectionless because all packets are transmitted independently of
any other packets. This is in contrast to a telephone network, for instance,
where a connection is established and maintained.
To keep track of the delivery status, TCP/IP applications using the IP
datagram delivery service expect to receive replies from the destination node.
IP defines the form that packets must take and the ways that packets are
handled when they are transmitted or received. The form the packet takes is
called an IP datagram. It is the basic unit of information that is passed across
a TCP/IP network. The IP datagram consists of a header and a data section.
The header section contains the sender's (source) IP address and the receiver's
(destination) IP address and other information. Figure 4 on page 19 shows the
general form of an IP datagram.

103-000151-001
August 30, 2001
Novell Confidential
Figure 4 Basic frame of an IP Datagram
IP Datagram Header IP Datagram Data
Header Source IP Destination

Options Data
Information Address IP Address
The IP address for a node is a logical address and is independent of any

particular hardware or network topology. It has the same form, regardless of
the media type. The IP address (version 4) is a 4-byte (32-bit) numeric value
that identifies both a network and a local host or node (computer or other
device) on that network. The 4-byte IP address is usually represented in dotted
decimal notation. Each byte is represented by a decimal number, and periods
separate the bytes, for example, 129.47.6.17.
The Data-Link layer transmits IP packets in the data section of its physical
frame. Because IP supports a 64-KB packet length, an IP datagram might not
fit in a data-link frame. Also, in traveling to its destination, a datagram can
traverse many different media with different physical frame lengths. An IP
router might have to forward a packet across media in which the inbound and
outbound frame lengths differ.
To handle these potential problems with packet transmission, IP specifies a
method for breaking datagrams into fragments. The fragments are
reassembled when they arrive at the final destination. Reassembling
fragments reconstructs the entire IP datagram.
Path Maximum Transfer Unit

The maximum transfer unit (MTU) is the largest amount of data that can be
transferred across a given physical network. For local area networks, such as
Ethernet, the MTU is determined by the network hardware. For wide area
networks that use serial lines to interconnect packet switches, the MTU is
determined by software.
The Path MTU is the smallest of all MTUs, for the hops along a path from the
source host to the destination host. The Path MTU governs the size of the
Understanding 19

103-000151-001
August 30, 2001
Novell Confidential
largest IP packet that can be sent across the path without fragmentation. This
feature conforms to RFC 1191.
This feature is automatically enabled when you enable TCP/IP.
Path MTU Discovery Process
There are two advantages to this feature. The Path MTU avoids fragmentation
anywhere along the path and it reduces the protocol overhead.
The Path MTU discovery process prevents fragmentation between two
routers. Figure 5 illustrates a sample Path MTU discovery process, followed
by an example of the steps involved.
Figure 5 A sample Path MTU discovery process
Host A, Host B,
4150 MTU 4150 MTU
PPP, 1500 MTU Router 2

Token
Token Router 1 Ring
Ring
The following describes the steps involved in the sample Path MTU discovery
process illustrated above:
1. Host A opens a File Transfer Protocol (FTP) connection to Host B.
2. Host A and Host B negotiate the maximum segment size (MSS) during
their connection. This is the largest TCP segment that a host can send
across a network. The MSS in Figure 5 is 4,110 bytes, which is 4,150
bytes minus 40 bytes for the IP and TCP headers.
3. Host A sends a 4,150-byte packet to 4,110 bytes of data and 40 bytes of
header information to Host B. The Don't Fragment (DF) flag in the IP
header is set to yes in Host A.
4. Router 1 receives the packet from Host A. Then Router 1 determines that
the packet is larger than 1,500 bytes, which is the maximum packet size
that can be sent over a PPP network.
5. Router 1 sends Host A an ICMP destination unreachable error message.
This message indicates that Router 1 must fragment packets larger than
1,500 bytes.

103-000151-001
August 30, 2001
Novell Confidential
6. Host A receives the error message from Router 1. In response, it adjusts

the maximum segment size to 1,460 bytes.
7. Host A resends the data from Step 3. Each packet consists of 1,460 bytes
of data and 40 bytes of header information.
8. Router 1 accepts the packets and forwards them to Router 2, which then
sends them on to Host B.
Assigning IP Network Addresses

IP network addresses should be assigned by one person at your company. We
recommend that a network administrator assign IP network addresses.
Therefore, to obtain a new address, see your network administrator or if you
are a network administrator this section would help you assign IP network
addresses.
For a node using the TCP/IP protocol suite to communicate with other nodes,
including nodes on other private networks and on the Internet, an IP network
address is required. Your IP network address could be determined in one of the
following ways:
If you are accessing the Internet through an Internet Service Provider
(ISP), you can be assigned an IP address by your ISP.
If you are connected directly to the Internet community or if you cannot
connect to the Internet using the registered IP address range you were
assigned by your ISP, contact the following organization:
Network Solutions, Inc.
Attn.: InterNIC Registration Services
505 Huntmar Park Dr.
Herndon, VA, USA 20170
E-mail: hostmaster@internic.net
Web address: http://nic.ddn.mil or http://192.112.36.5

If your network is not attached to the public Internet community, you can
select an arbitrary IP network number. However, if you plan to attach your
network to the Internet later, you should use the guidelines in RFC 1918.
Understanding 21

103-000151-001
August 30, 2001
Novell Confidential
The addresses for all the nodes on the network must meet the following
criteria:
All addresses within a network must use the same prefix. For example,
any node on network 129.47 must have an address in the form 129.47.x.x.
Each node must have a unique IP address.
Historic IP Address Classes

Each 4-byte IP address is divided into two parts:
A network portion, which identifies the network
A host portion, which identifies the node
IP addresses are differentiated into three classes, based on the two most
significant bits of the first byte. This is done so that routers can efficiently
extract the network portion of the address.
This division can occur at any one of three locations within the 32-bit address.
These divisions correspond to the three IP address classes: Class A, Class B,
and Class C. Regardless of address class, all nodes on any single network
share the same network portion; each node has a unique host portion.
Class A Addresses
A Class A IP address consists of a 1-byte network portion followed by a 3-byte

host portion, as shown in Figure 6 on page 23. The highest-order bit of the
network portion is always set to 0. Thus, within an internetwork, there can be
a total of 126 Class A networks (1 through 126), with more than 16 million
nodes in each (networks 0 and 127 are reserved).
The format of a Class A address is as follows:
0nnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh
where n represents the network address and h represents the host address.
Class A addresses contain 7 bits of network address and 24 bits of host
address.

103-000151-001
August 30, 2001
Novell Confidential
Figure 6 A Class A IP address
1 Byte 3 Bytes
0 Network Host Portion

Address
Class B Addresses
A Class B IP address consists of a 2-byte network portion followed by a 2-byte

host portion, as shown in Figure 7. The two highest-order bits of the network
portion are always set to 10. Thus, within a single internetwork there can be
approximately 16,000 Class B networks (128.0 through 191.255), with more
than 65,000 nodes in each.
The format of a Class B address is as follows:
10nnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
Class B addresses contain 14 bits of network address and 16 bits of host
address.
Figure 7 A Class B IP address
2 Bytes 2 Bytes
10 Network
Address Host Portion
Class C Addresses
A Class C IP address consists of a 3-byte network portion followed by a 1-byte

host portion, as shown in Figure 8 on page 24. The three highest-order bits of
the network portion are always set to 110. Within a single internetwork, there
can be approximately 2 million Class C networks (192.0.0 through
223.255.255), with up to 254 nodes in each.
Understanding 23

103-000151-001
August 30, 2001
Novell Confidential
The format of a Class C address is as follows:

110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
Class C addresses contain 21 bits of network address and 8 bits of host
address.
Figure 8 A Class C IP address
3 Bytes 1 Byte
110 Network Host Portion

Address
Identifying Network Classes

The first byte of an IP address identifies which of the three network classes
that address belongs to. The ranges for that first byte are as follows:
Class A: 1 to 126 (1.h.h.h to 126.h.h.h)
Class B: 128 to 191 (128.n.h.h to 191.n.h.h)
Class C: 192 to 223 (192.n.n.h to 223.n.n.h)
An IP address beginning with 154 is a Class B address. The first two bytes of
the address are represented by n for the network portion of the address, and the
last two bytes are represented by h for the host portion. For example, an IP
address of 154.1.0.3 means the IP network portion is 154.1.0.0 and the host
portion on that network is #.#.0.3.
The network portion of an IP address should be the same for all nodes on that
network. Each node connected to the network must have a unique IP host
address assigned to it.
HINT: The key to selecting a number for the host portion of the IP address is to
ensure that the number selected is unique, that is, that no other host on the network
has the same IP address.

103-000151-001
August 30, 2001
Novell Confidential
Selecting an Appropriate Address Class

When selecting an IP address class, you must decide on both network numbers
and host address portions. Because the first 1, 2, or 3 bits of the IP address
determine how the entire address is to be interpreted and where the division
between the network address and host address portion is to occur, you should
know the consequences of your choice. When deciding on a network class,
you should consider the number of IP nodes to be supported on your network
and the number of networks you plan to configure.
For example, if you use Class C addresses (the first 3 bits of the IP address are
110 binary), then you are restricted to 254 nodes. However, the number of
nodes available can be altered by using subnets. Before selecting an IP address
class, see “Creating Subnets” on page 28.
Reserved IP Addresses
The IP addressing rules reserve the following types of IP addresses for special
purposes:
Network addresses—IP addresses in which the host portion is set to all
zeros. For example,129.47.0.0 is the network address (or network
number) for a Class B network. Network addresses identify networks
rather than nodes on a network. By convention, no node is ever assigned
a host portion consisting of all zeros.
Broadcast addresses—Addresses in which the host portion is set to all
ones. A packet with a broadcast address is destined for every node on the
network. By convention, no node is ever assigned a host portion
consisting of all ones.
Loopback addresses—Addresses that cause the protocol software to
return data without sending traffic across a network. Network address
127.0.0.0 and all host addresses on that network (for example, 127.0.0.1)
are reserved.
Multicast addresses—Addresses that are used to send packets to a group
of hosts or routers. They range from 224.0.0.1 to 239.255.255.255.
Reserved addresses—Addresses in which the network portion consists
of all zeros or all ones.
Understanding 25

103-000151-001
August 30, 2001
Novell Confidential
Physical and IP Addresses

Each node has a physical address for the specific hardware device that
connects it to a network. For instance, a physical address on an Ethernet
network is a 6-byte numeric value, such as 08-00-14-57-69-69. It is assigned
by the manufacturer of the Ethernet interface hardware. X.25 networks, which
conform to the specification of the ITU-T (International Telecommunications
Union, Telecommunications sector), previously CCITT, use the X.121
standard for physical addresses, which consist of 14-digit numbers.
NOTE: Physical addresses are also called media access control (MAC)
addresses. Throughout the rest of this section, all references to MAC or physical
addresses assume physical addresses on Ethernet, token ring, or FDDI networks.
Since IP uses a 32-bit address and Ethernet uses a 48-bit Ethernet address
there is a conflict. To associate the IP address to a physical address on an
Ethernet network, a mapping must occur between the two types. The address
resolution protocol (ARP) provides a mapping between the two different
forms of addresses.
IP Address to Physical Address Translation

Each physical medium has its own physical address for nodes on that medium.
The physical addresses are also called MAC addresses. Ethernet and token
ring networks use 6-byte MAC addresses. ARCnet uses a 1-byte MAC
address.
IP addresses are independent of the hardware. When an IP packet is
transmitted on the network, it is first encapsulated within the physical frame
used by that network. Figure 9 shows an IP packet encapsulated in an Ethernet
frame. The IP packet contains an Internet address for a node, but the Ethernet
frame must have a physical address for it to be delivered on the data-link
network. Therefore, the sending node must be able to map an IP address to a
physical hardware address.
Figure 9 A packet encapsulated in an Ethernet frame
IP Datagram
Preamble Destination Source Packet Packet Data Ethernet

Address Address Type CRC
Frame Header Frame Data

Ethernet Frame

103-000151-001
August 30, 2001
Novell Confidential
Mapping Internet Addresses to Physical Addresses
When an IP address is mapped to a physical, or MAC, address, ARP is used

on broadcast networks such as Ethernet, token ring, and ARCnet. When a
node uses IP to send a packet, it must determine which physical address on the
network corresponds to the destination IP address. To find the physical
address, the node broadcasts an ARP packet containing the destination IP
address. The node with the specified destination IP address sends its physical
address back to the requesting node.
Address Resolution Cache
To speed packet transmissions and reduce the number of broadcast requests

that must be examined by every node on the network, each node keeps an
address resolution cache. Each time the node broadcasts an ARP request and
receives a response, it creates an entry in its address resolution cache. The
entry maps the IP address to the physical address.
When the node sends an IP packet, it looks up the IP address in its cache and
uses the physical address, if found. The node broadcasts an ARP request only
if the IP address is not in its cache.
ARP Cache Update Timeout
ARP Cache Update Timeout is a configurable parameter used to specify the

timeout period for an entry to be removed from the ARP table, if the entry has
not been updated. The ARP Cache Update Timeout value should be greater
than or equal to the ARP Cache Stale Timeout value.
ARP Cache Stale Timeout
ARP Cache Stale Timeout ia a configurable parameter used to specify the

timeout period for an entry to be removed from the ARP table, if the entry has
not been used for some time. The ARP Cache Stale Timeout value should be
less than or equal to the ARP Cache Update Timeout value.
Understanding 27

103-000151-001
August 30, 2001
Novell Confidential
Creating Subnets
One IP network can be divided into smaller networks, called subnets. The
following are reasons to divide your network:
Use multiple media—It can be impossible, inconvenient, or too
expensive to connect all nodes to a single network medium when these
nodes are too far apart or already connected to different media.
Reduce congestion—Traffic between nodes on a single network uses
network bandwidth. As a result, more bandwidth is required when you
have more nodes. Splitting nodes into separate networks reduces the
number of nodes on a data-link network. Fewer nodes generate less traffic
and, as a consequence, less congestion.
Reduce CPU use—Reducing CPU use on connected nodes is similar to
reducing congestion. More nodes on a network cause more broadcasts on
that network. Even if a broadcast is not sent to a particular node, each
node on a network must react to every broadcast before deciding to accept
it or discard it.
Isolate a network—By splitting a large network into small networks, you
limit the impact of one network's problems on another. Such problems can
include network hardware failures, such as an open Ethernet tap, or
software failures, such as a broadcast storm.
Improve security—On a broadcast network medium such as Ethernet,
each node on a network has access to all packets sent on that network. By
enabling sensitive network traffic on only one network, other network
monitors can be prevented from accessing this sensitive traffic.
Make efficient use of IP address space—If you are using a Class A or
B network number and have multiple small physical networks, you can
divide the IP address space into multiple IP subnets and assign them to
individual physical networks. Another option is to obtain several Class C
network numbers, although this is less desirable.
For more information about creating subnets, see the following:
“Subnet Addresses and Masks” on page 29
“Subnet Zero” on page 32
“Variable Size Subnets” on page 32
“Assigning Subnet Addresses” on page 33
“Broadcast Addresses” on page 34
“Multicast Addresses” on page 34

103-000151-001
August 30, 2001
Novell Confidential
Subnet Addresses and Masks

Communication between a node on a local subnet and a node on a different
subnet is similar to communication between nodes on two different networks.
To a user, routing between subnets is transparent. Internally, the IP software
recognizes any IP addresses that are destined for a remote subnet and sends
those packets to the router on that subnet.
As in network-to-network communication, the routing information for
communication between subnets is maintained in the routing table (by IP).
When a network is divided into subnets, the host address portion of the IP
address is divided into two parts, just as the IP address itself is divided into
two parts. The host address portion specifies both the subnet of the IP network
and the node on that subnet.
The 4-byte IP address consists of a network address and a host portion, as
shown in Figure 10.
Figure 10 A 4-byte IP address
<Network Address> <Subnet Address> <Host Address>
Network Address Host Portion
For instance, if a network has the Class B IP network address portion 129.47,
the remainder of the IP address can be divided into subnet addresses and host
addresses. Controlled by the local network administrator, this division allows
the most flexibility for network development at the local site. For example, the
subnet address could comprise 4 bits of the remaining 2 bytes. This allows 15
subnets, each with 4,094 nodes. Or, in another case, the subnet address could
comprise 8 bits, allowing 255 subnets (a subnet address of all ones is not
valid), each with 254 nodes.
NOTE: NetWare routing software supports the use of all zeros in the subnet field
(subnet zero). However, a subnet field with all ones denotes all subnets of a
particular network; therefore, a subnet field with all ones cannot be used as a local
IP address.
Figure 11 on page 30 shows a single IP network divided into two subnets. The
router shown has physical attachments and IP addresses on both subnets
(129.47.128.1 and 129.47.192.1). It might also have physical devices and IP
addresses (nn.nn.nn.nn) connecting it to other networks.
Understanding 29

103-000151-001
August 30, 2001
Novell Confidential
Figure 11 A single IP network divided into two subnets
129.47.192.254 129.47.192.253
Subnet
Address: 192(1100)
129.47.193.1
129.47.192.1
Subnet Mask for Network Address
129.47.0.0: Router All Other
255.255.240.0 or 0xFF.0xFF.0xF0.0x00 Networks
(11111111.11111111.11110000.00000000)
129.47.128.1
129.47.129.1
Subnet
Address: 128(1000)
129.47.128.254 129.47.128.253
A subnet mask indicates how the host portion of the IP address is divided into
a subnet address and a local host portion. The network mask is a 32-bit number
with all ones for all network and subnet address portions, and all zeros for the
host field. With a Class B network portion of 129.47 and a 4-bit subnet
address, for instance, the subnet mask consists of 20 ones and 12 zeros. In
essence, a subnet mask locally extends the network address portion of an IP
address and reduces the host portion.
Table 2 on page 31 shows an example of a Class C subnet with an IP address
of 200.2.1.209. To create a subnet address, bits are taken from the local host
portion. As the size of the subnet mask increases, the number of hosts
decreases and the number of subnets increases.

103-000151-001
August 30, 2001
Novell Confidential
Table 2 Subnet Masks with Class C Addresses
Class C IP Network Subnet Host Available Networks,

Address Number Number Number Subnets, and Hosts
200.2.1.209
FF.FF.FF.0 200.2.1.0 None 0.0.0.209 1 network, 0 subnets, and

254 hosts
FF.FF.FF.E0 200.2.1.0 200.2.1.192 0.0.0.17 7 subnets and 30 hosts

per subnet
FF.FF.FF.F0 200.2.1.0 200.2.1.208 0.0.0.1 15 subnets and 14 hosts

per subnet
Figure 12 shows examples of IP network addresses, their relationship to the

subnet mask, and the corresponding subnets.
Figure 12 Examples of IP network addresses
Subnet Address
Network Address Local Host Portion
Subnet 11111111.11111111.11110000.00000000
Mask:
129.47.128.254: 10000010.00111001.10000000.11111110 IP Address on Subnet 128
Understanding 31

103-000151-001
August 30, 2001
Novell Confidential
Subnet Zero
Subnet zero is a subnet with all the bits in the subnet field of the IP address set
to 0. For example, subnet 130.57.0.0, with a mask of 255.255.240.0, is a
subnet zero of network 130.57, as shown in Figure 13 on page 32.
Figure 13 A subnet zero
Subnet Address
Network Address Local Host Portion
Subnet 11111111.11111111.11110000.00000000
Mask:
The official IP specification reserves the subnet addresses with all zeros and
all ones and does not allow them to be used as subnet addresses. However, this
policy wastes one subnet in the IP address space. To counteract this limitation,
Novell's TCP/IP implementation enables the use of subnet zero.
Variable Size Subnets

The subnets of a network can have different length subnet masks, called
variable length subnet masks. These subnets are called variable because the
size, or length, of the subnet varies from subnet to subnet.
A subnet mask defines the number of bits that can be used to define the subnet
and the number of bits to define the host. As the subnet mask increases, the
number of hosts on a subnet decreases. As the subnet mask decreases, the
number of hosts that can be defined increases.
Some network configurations have individual subnets with a large number of
hosts and other subnets with a small number of hosts. Using the same subnet
masks on all subnets can mean either of the following:
The mask is too small and you do not have enough subnet numbers for all
your subnets.
The mask is too big and you do not have enough host IDs for all your
hosts on a subnet.
If the mask is too small or too big, use a variable size subnet. By varying the
size of the subnet mask used on a network, you can match the number and size
of subnets to your configuration.

103-000151-001
August 30, 2001
Novell Confidential
For example, subnet 16 of network 130.57.0.0 with mask 255.255.240.0,

130.57.16.0, can be further divided into 16 sub-subnets with 256 hosts each.
(Actually, this division creates 15 sub-subnets with 254 hosts each because
sub-subnet 130.57.31.0, host 0, and host 255 are not used.)
NOTE: OSPF and RIP II recognize subnet masks and support variable size
subnets. RIP I does not work when the network is partitioned into variable length
subnets because RIP I assumes that all subnets belonging to the same network
use the same subnet mask.
Assigning Subnet Addresses

HINT: Because RIP I packets do not carry subnet mask information, the RIP I
routing protocol imposes several restrictions on the use of subnets. If you are using
RIP I, use the same subnet mask for all subnets belonging to the same network.
Using RIP II lifts this restriction.
If you are installing the routing software on a network with subnets, use the
subnet mask already established for the network.
Subnet addresses and host addresses are typically assigned in numeric order,
where both the subnet and host addresses are assigned from the right edge of
their field. By this method, the border between the subnet address and the host
address becomes fixed when the first subnet (subnet address = 1) is assigned.
If the number of hosts on a subnet or the number of subnets required exceeds
the limits of the subnet mask, using this method makes it difficult to adjust the
subnet mask because each host must be renumbered.
To prepare for changes in the size of the subnet mask, RFC 1219 suggests that
subnets be assigned from the left of the subnet address field, and that hosts be
assigned, in numeric order, from the right of the host address field. In this way,
the subnet bits become a mirror image of the host bits. (You must still select
an initial subnet mask and use it for all subnets in the network.) For example,
to apply this method to a Class B IP network with a subnet mask of
255.255.255.0, you assign subnet addresses as follows:
1000 0000 (Decimal 128)
0100 0000 (Decimal 64)
1100 0000 (Decimal 192)
0010 0000 (Decimal 32)
...
0000 0001 (Decimal 1)
0000 0010 (Decimal 2)
0000 0011 (Decimal 3)
0000 0100 (Decimal 4)
Understanding 33

103-000151-001
August 30, 2001
Novell Confidential
Then, you assign host addresses on each subnet as follows:

...
Using this method leaves a buffer zone between the subnet and host addresses,
which enables future network growth.
The method of assigning subnet addresses described in this section
summarizes the method suggested in RFC 1219, On the Assignment of
Subnetwork Numbers. For a complete description of this method, refer to RFC
1219.
Broadcast Addresses
There are four types of broadcast addresses: directed broadcasts, subnet
directed broadcasts, all-subnets directed broadcasts, and limited broadcasts. A
directed broadcast has a destination IP address with the network portion of the
IP address set to Class A, B, or C network, and the host field set to all ones.
Directed broadcasts are sent to all hosts on the specified network.
If the network is divided into subnets, each subnet has a subnet directed
broadcast. A subnet directed broadcast has an IP address with the network
field set to the network identifier, the subnet field set to the subnet identifier,
and the host field set to all ones.
An IP address with both the subnet and host field set to all ones is interpreted
as a broadcast directed to all the subnets on the network. That is, the first router
on the specified network broadcasts the IP address to one of its subnets. If
broadcast forwarding is enabled, the receiving routers in that network forward
the broadcast to other subnets.
An IP address with all bits set to 1, that is 255.255.255.255, is called a limited
address. It is directed to all hosts on the subnet from which the broadcast
originated.
Multicast Addresses
A multicast address is used to send packets to a group of hosts or routers. A
packet with a multicast address is received by all hosts and routers belonging
to that multicast group. Class D addresses are reserved for multicast addresses.
They range from 224.0.0.1 to 239.255.255.255.
Novell's TCP/IP implementation uses five multicast addresses. Two are used
by OSPF to multicast packets to OSPF routers. These addresses are 224.0.0.5

103-000151-001
August 30, 2001
Novell Confidential
and 224.0.0.6. Two are used by Router Discovery messages to multicast router
advertisements and solicitation messages. These addresses are 224.0.0.1 and
224.0.0.2. RIP II uses multicast address 224.0.0.9.
Routing
The term routing refers to the transmission of a datagram from one node to
another on the same or a different network. The route refers to the path that is
chosen to transmit an IP datagram from its origin to its destination, based on
the IP addresses contained in the datagram.
When a datagram is sent to a node on another network, the network portions
of the source and the destination IP addresses are different. When the packet
is received by a router that connects the source to the destination network, the
router forwards the packet on the correct interface to reach the destination, as
shown in Figure 14 on page 36. Two networks are connected if at least one
router is attached to both networks.
Understanding 35

103-000151-001
August 30, 2001
Novell Confidential
Figure 14 How the router connects the source to the destination network
Token Ring Ethernet

Network Network
130.58.0.0 130.58.1.1
140.88.0.0
140.88.12.1
Router
140.88.3.4
130.58.1.2
Each host has a default router or a list of routers in other networks. When IP
sends a datagram the following happens:
1. IP searches the routing table of the sending node for a default route or a
path to the destination IP address.
2. IP extracts the address of the default router or next-hop router from the
route entry.
3. IP requires ARP to map the next-hop address to its hardware address.
4. IP transmits the packet to the next hop.
5. IP repeats Steps 1 through 4 until the final destination is reached.

103-000151-001
August 30, 2001
Novell Confidential
Error and Control Messages

Another protocol in the TCP/IP suite is the Internet Control Message Protocol
(ICMP). ICMP packets contain information about errors and control on the
network: inoperative nodes and gateways, packet congestion at a gateway, and
so on. The IP software, rather than the application, interprets an ICMP
message. The IP software then takes the appropriate action with respect to the
ICMP message, independently of the application. Because an ICMP message
might need to travel across several networks to reach its destination, it is
encapsulated in the data portion of an IP datagram.
ICMP is also used to test connectivity between two nodes. The originating
node uses PING to send an ICMP echo request and waits for an ICMP echo
response from the destination.
Router Discovery Protocol

The Router Discovery Protocol, an extension to Internet Control Message
Protocol (ICMP), allows hosts to discover routers on their networks and
determine which router to use as the default router. When a host needs to send
a packet to another network, it first sends the packet to a router that forwards
the packet toward the destination. To accomplish this, the host needs to know
where the routers are on its network and which one to send packets to.
When you configure the router discovery mechanism, the router advertises
itself with periodic ICMP router advertisement messages. Then the host
listens to this message and decides whether to use a router as the default router.
You can configure the host to solicit the router advertisement on attached
networks. All participating routers then reply to the inquiry. By collecting
those replies, the host discovers the routers on the network and determines
which router to use.
A host might not select the best router (the router with the optimal path) to
forward packets to a specific destination. When a router receives a packet
from a host that is better forwarded to another router on the network, the router
uses an ICMP Redirect message to notify the host of the optimal path.
NetWare routing software provides both host and router implementations of
the Router Discovery Protocol. The mode of operation of the Router
Discovery Protocol is determined by whether the IP Packet Forwarding
parameter is enabled. If IP Packet Forwarding is enabled, the Router
Discovery Protocol will send Router Advertisement messages. If IP Packet
Understanding 37

103-000151-001
August 30, 2001
Novell Confidential
Forwarding is disabled, the Router Discovery Protocol will send Router

Solicitation Messages. these messages are explained in the next section.
Router Discovery Messages

The two message types that are used by the Router Discovery Protocol to
communicate between hosts and routers are discussed in the following
sections.
ICMP Router Advertisement Message
The ICMP Router Advertisement Message is ICMP message type 9. This

message is used by routers to advertise their presence on the network and is
broadcast or multicast to all hosts on the network.
This message type carries the IP address of the router and its preference level.
Hosts use the preference level to determine which router to use for forwarding.
The router with the highest preference becomes the default router. A value of
0x80000000 indicates the router is not to be used. Routers with this value are
used only when other routers send ICMP Redirect messages to the host.
ICMP Router Solicitation Message
The ICMP Router Solicitation Message is ICMP message type 10. Hosts use
this message to solicit router advertisements from all participating routers on
the network.
Router Discovery Multicast Address
Router Discovery uses two IP multicast addresses. The IP address 224.0.0.1 is

reserved to multicast the Router Advertisement Message to the hosts. The IP
address 224.0.0.2 is reserved to multicast the Router Solicitation Message to
the routers. If the network does not support multicast, then broadcast address
255.255.255.255 is used for both the Router Advertisement and Router
Solicitation messages.

103-000151-001
August 30, 2001
Novell Confidential
2 Novell TCP/IP
The Novell® TCP/IP stack consists of the following five NetWare® Loadable
ModuleTM (NLMTM) programs:
BSDSOCK.NLM provides the BSD standards sockets interface.
TCP.NLM provides the transport layer TCP and UDP interfaces.
TCPIP.NLM provides IP, ICMP, IGMP, Routing and other networking
layer protocols.
NETLIB.NLM is a library of the entire stack.
INETCFG.NLM allows you to configure the stack with the help of
TCPCFG.NLM. The configuration is stored in SYS:\ETC\TCPIP.CFG
and SYS:\ETC\NETINFO.CFG. Please note, an abend may cause the
corruption of both of the above two .CFG files. So always take a back up
of the files.
The Novell TCP/IP software is now multiprocessor (MP) enabled and
multithreaded. The transport layer (TCP & UDP) is completely MP enabled
so that the stack can process any TCP/UDP connections on any processor.
These features are aimed at taking advantage of the multiple processors
available and at making the stack scale more than what it does on a uni-
processor machine.
The stack provides you with the TCP/IP protocols as per the Request For
Comments. NetWare 6 gives you the following new features:
Selective Acknowledgement (page 40)
Large Windows (page 40)
TCP Defend Fin Attack (page 41)
Classless IP Addresses (page 41)
Novell TCP/IP 39

103-000151-001
August 30, 2001
Novell Confidential
Multihoming (page 41)

Multiple Default Gateway (page 43)
Dead Gateway Detection (page 43)
Path MTU Black Hole Detection and Recovery (page 44)
Provision of Non-ARPable Secondary IP Address (page 45)
Selective Acknowledgement
The Selective Acknowledgment (SACK) is a mechanism that includes a
retransmission algorithm which helps overcome weak links on the TCP/IP
stack.
The selective acknowledgment extension uses two TCP options. The first is
an enabling option, SACK-permitted, which can be sent in a SYN segment to
indicate that the SACK option can be used once the connection is established.
The SACK-permitted option is a two-byte option.
The second option is the SACK option itself, which can be sent over an
established connection once both the sender and the receiver have
successfully negotiated the SACK-permit option. Whenever there is loss of
data, the data receiver can send the SACK option to acknowledge the out-of-
order segments.
For more information on this, see “Selective Acknowledgement” on page 57.
Large Windows
The Large Windows option allows windows larger than 2**16. It defines an
implicit scale factor, which is used to multiply the window size value found in
a TCP header to obtain the true window size which can go up to a maximum
limit of 1 GB.
This Large Window option is negotiated while establishing the connection.
For more information on this, see “Large Windows” on page 55.

103-000151-001
August 30, 2001
Novell Confidential
TCP Defend Fin Attack

The TCP Defend Fin Attack solution provides a simple, single tuning option,
the Minimum Threshold parameter. In the TCP stack, the wait states
(FIN_WAIT1, FIN_WAIT2, CLOSED_WAIT, LAST_ACK and CLOSING)
are arranged in ascending order of importance by considering which of the
states are less risky to terminate. The order is static.
The stack assumes that there is no risk in terminating all connections in a less
important state. According to the arrangement of states, if a less important
connection is over using resources then it is selected. Alternately, if an
important state is over using and the less important states do not dominate, it
would be selected for reset only. At any given point in time a Minimum
Threshold number of connections will be permitted.
For more information on this, see “TCP Defend Land Attacks” on page 58.
Classless IP Addresses
The Novell TCP/IP stack implements Classless Inter-Domain Routing
(CIDR). It is now possible to bind to supernetted addresses with non natural
subnet masks. CIDR also allows binding to one or more interfaces. The
NetWare system bound to a system in a supernetted IP address environment
acts as an end node. In such a scenario, forwarding is disabled.
Multihoming
Multihoming enables an interface to assume multiple IP addresses on the same
network. Multihoming can be used for all IP networks bound to a router. This
is irrespective of whether the networks are bound to the same interface or to
different interfaces. The most common use of multiple addresses on the same
network is to enable a Web server to operate as though it were several Web
servers. One application is to use each secondary IP address to point to a
different Web page on the same Web server, depending on the Domain Name
System (DNS) name that is used to reach the server.
Multihoming is also commonly used with network address translation (NAT),
the proxy server, and the virtual private network (VPN). In all cases, the
secondary IP address can be configured on the same interface that has the
primary IP address. Or the secondary address can be configured on a different
interface. When there are multiple interfaces, the secondary address is
associated with the interface that is bound to the network that uses the same
Novell TCP/IP 41

103-000151-001
August 30, 2001
Novell Confidential
address. If the secondary address is not valid on any of the networks bound to
existing interfaces, the address is rejected and an error message is produced.
Load Balancing and Fault Tolerance

With this release, the multihoming feature is extended to help configure the
stack for load balancing and fault tolerance at NIC/Link level. The TCP/IP
stack also provides mechanisms for the administrator to group those NICs
which are similar in characteristics to facilitate load balancing and fault
tolerance across them.
For NetWare 6, TCP/IP has two levels of enabling load balancing and fault
tolerance, one at the system level and another at the local group level. To
benefit from the feature make sure that you have fully enabled it, at both the
levels.
Five types of multihoming configurations are provided:
Single NIC Multiple IP Addresses (Different IP Addresses)—In this type
of multihoming the client to server traffic can be distributed across the routers.
The required level of load balancing can be achieved through static routers and
dynamic DNS. Any dynamic algorithm would take care of the fault tolerance
aspect. In the case of a static route configuration the Multiple Default Gateway
with Dead Gateway Detection support would also help achieve the same
results.
Multiple NIC Multiple IP Address (Different IP Network)—This is a
normal configuration of a router. All the configuration and the advantages
gained by the previous type of multihoming are applicable here also. In
addition, load balancing server-to-client traffic across the NICs and routers is
also possible. This can be achieved with the help of multipath routing.
Multiple NIC Multiple IP Address (Same IP Network)—This type of
multihoming allows for both server-to-client and client-to-server load
balancing and fault tolerance at the Link level. This type of multihoming is
especially helpful in those cases where Route level load balancing and fault
tolerance are not required and become an overhead. Once this type of
multihoming is supported on the server side, the outgoing traffic load is NIC
based on various parameters such as the destination IP address and
interference lead. During NIC failure, the lead is automatically distributed
among the remaining NICs to achieve fault tolerance.

103-000151-001
August 30, 2001
Novell Confidential
Multiple NIC Single IP Address—Here the clients use the same IP address
to communicate with the server. This is achieved through using the round
robin method of distributing the NIC addresses for the ARP requests sent by
the clients. This solution avoids the extra configuration and transparently
achieves the load balancing for incoming packets. During a NIC failure, the
server sends a message to the clients to forcefully use them as the other
interface's MAC address.
Secondary IP Address (Multiple Logical Hosts)—With this type of
multihoming it is possible to create multiple logical hosts belonging to the
same network. In a multihoming setup where multiple NICs are grouped to
support a single network, the secondary IP address with this type of
configuration supports an option to select one of the NICs in the group. By
using the non-ARPable option, these addresses can be used as virtual IP
addresses for load balancing solutions. Through this option, the same IP
address can be configured on all servers and the load balancer can distribute
the client load across these servers.
For more information on this, see “Configuring Load Balancing” on page 75
and “Configuring Fault Tolerance” on page 75.
Multiple Default Gateway

This feature stretches the existing Default Gateway (Default Router) feature,
by allowing you to configure multiple default gateways on your network.
When a default gateway goes offline, the Dead Gateway Detection feature
detects this and uses the Multiple Default Gateway list to switch to the next
preferred default gateway, making your network fault tolerant.
For more information on this, see “Configuring a Default Gateway (LAN
Static Route)” on page 71.
Dead Gateway Detection

This feature is used with the Multiple Default Gateway feature. When the
current default gateway goes offline, this feature detects the failure and
automatically enables the next preferred default gateway from the Multiple
Default Gateway list to act as the current default gateway. When a dead default
gateway with a higher preference is again online, this feature detects this and
switches back to the default gateway with the higher preference.
For more information on this, see “Enabling Dead Gateway Detection” on
page 74 and “Configuring Dead Gateway Detection” on page 74.
Novell TCP/IP 43

103-000151-001
August 30, 2001
Novell Confidential
Probe Interval
This configured parameter lets you fine-tune the performance of the Dead
Gateway Detection feature by modifying the time interval (in seconds) at
which probes are sent to the default gateway to determine whether it is
functional or not.
For more information on this, see “Configuring Probe Interval” on page 74.
Probe Timeout
This configured parameter sets the time interval (in seconds) after which the
next probe is sent to the default gateway, when there is no reply received by
the gateway for the previously sent probe.
For more information on this, see “Configuring Probe Timeout” on page 75.
Path MTU Black Hole Detection and Recovery

This feature provides the facility to detect a connection failure due to black
hole routers and helps to recover such connections.
Whenever a router gets a datagram with Don't Fragment (DF) bit set in its
header and the packet size is greater than the next MTU the router cannot
forward the packet. In such a case, the router sends an ICMP Destination
Unreachable DF bit set message to the host.
Often routers do not send such a message. Instead they ignore the datagram.
Typically, an IP datagram cannot be forwarded because its maximum segment
size is too large for the receiving server and the Don't Fragment bit is set in the
header of the datagram. Routers that ignore these datagrams and send no
message are called PMTU black hole routers. Some routers might silently
drop large frames, even when the DF bit is not set. Firewalls are often
misconfigured to suppress all ICMP messages.
To respond effectively to black hole routers, the Novell TCP/IP stack now
provides a Path MTUBH Detect feature. Path MTUBH Detect recognizes
repeated unacknowledged transmissions and responds by turning off the Don't
Fragment bit. After a datagram is transmitted successfully, the MTUBH
Detect feature reduces the maximum segment size and turns the Don't
Fragment bit on again.

103-000151-001
August 30, 2001
Novell Confidential
The feature specifies the maximum transmission unit size of an interface. Each
media type has a maximum frame size that can't be exceeded. The Link layer
is responsible for discovering this MTU and reporting it to the protocols above
it.
For more information on this, see “Path MTU Black Hole Detection and
Recovery” on page 57.
Provision of Non-ARPable Secondary IP Address

This feature lets you add a secondary IP address which will not reply to any
of the ARP requests coming from the network.
For more information on this, see “ARP Cache Stale Timeout” on page 53 and
“ARP Cache Update Timeout” on page 54.
Novell TCP/IP 45

103-000151-001
August 30, 2001
Novell Confidential

103-000151-001
August 30, 2001
Novell Confidential
3 Setting Up
This chapter describes how to set up the basic components of Novell® TCP/
IP. For this release, only LAN configurations are supported.
The following topics are discussed:
“Configuring Boards” on page 47
“Enabling TCP/IP” on page 51
“Binding Protocols” on page 52
Configuring Boards
Configuring, or reconfiguring, a board involves choosing a driver for the
board, assigning a name to the board, and configuring the board parameters.
When you select and configure a LAN board, you are actually configuring one
or more physical interfaces that correspond to individual connections over
which packets are routed. Configuring a board causes the driver associated
with the board to load each time you initialize the router.
Most drivers that are compatible with NetWare software have a driver
description file that defines the hardware parameters necessary for the driver
to operate with the board you select. This file—sometimes called the .LDI file
— also specifies the valid range of values for each parameter. If a driver has
an .LDI file, the parameters associated with that driver are presented in the
Board Configuration menu; you simply choose a value for each parameter. If
a driver has no.LDI file, you must enter the required values in the Board
Parameters field.
Setting Up 47

103-000151-001
August 30, 2001
Novell Confidential
Loading INETCFG
To load INETCFG at from the server prompt enter
inetcfg
The Internetworking Console interface is displayed. For the next set of
operation you need to select options on the Internetworking Console screens.
Configuring a LAN Board

To configure a board, complete the following steps:
1 Load INETCFG and then click Boards.
2a If you are configuring a new board:
Press Ins to display the list of available drivers.
Scroll through the list of available drivers and select the driver that
corresponds to the type of new LAN board you are installing in your
system. If the driver you need is not in the list, refer to “Adding a
New Board Driver or NLM File to Your System” on page 50.
2b If you are changing an existing board configuration:
Select that board.
Press Enter to see the configured parameters of the board.
Change the required parameters. (The name can not be
changed.)
3 The Configured Boards screen is displayed.
NOTE: If you are doing a new configuration, no existing boards are shown.
Otherwise, boards that have already been configured are shown.
The Configured Boards screen displays a list of configured boards with

some or all of the following information:
Board Name—Name you assign to the board.
Driver—Name of the driver associated with the board.
Int—Interrupt request level (IRQ) used by the board.
IOAddr—Base input/output port address for the board.
MemAddr—Base memory address used by the board.

103-000151-001
August 30, 2001
Novell Confidential
Slot—Number of the slot where the board is installed.

Status—Status of the board, which is Enabled by default.
Comment—Any comments that you enter about the board or its
configuration.
NOTE: Not every board-driver configuration requires all this information; in fact,
some configurations require other, link-specific parameters that are not shown in
the Configured Boards screen. These parameters are displayed in the Board
Configuration menu, as described in the following steps.
If the board driver has an .LDI file, the parameters you need to configure
for the board are displayed as separate fields in the menu.
If the board driver has no .LDI file, only the Board Name, Board
Parameters, and Comment fields are provided as a means for entering the
parameters manually.
4 Specify the board parameters by doing one of the following:
If the driver selected has a description file, the parameters are listed
as separate fields. You must highlight each field one at a time and
select the appropriate value for the parameter from the displayed list.
HINT: Use the context-sensitive help text if you need an explanation of any
parameter. Highlight the parameter and press F1 to display the help text.
Press Esc to exit the help screen. When in doubt, accept the default values.
If the driver selected does not have a description file, the Board
Configuration Without A Driver Description File menu is displayed.
You must type the parameters in the Board Parameters field; use the
following as an example:
PORT=300 INT=3
These parameters are appended to the LOAD driver line.

5 Press Esc to return to the Configured Boards screen; save your changes
when prompted.
The Configured Boards screen now shows the board you just configured.
Note that the board status is Enabled; you can use the Tab key to toggle
between Enabled and Disabled. To ensure that the board is loaded,
continue with the next step.
6 Press Esc to return to the Internetworking Configuration menu; save your
changes when prompted.
7 If you want these changes to take effect immediately, perform the
following actions.
Setting Up 49

103-000151-001
August 30, 2001
Novell Confidential
LAN boards with a single network interface need no further

configuration; however, an enabled driver is not loaded unless a protocol
is bound to it.
After a data-link protocol has been associated with the board, select
Reinitialize System or restart the router to make the changes take effect.
If there are any conflicts with the hardware parameters of other boards,
one or more messages describe them. You must determine whether the
conflicts are acceptable or whether they interfere with the operation of the
router and, if necessary, resolve them.
Adding a New Board Driver or NLM File to Your System

2 Press Ins to display the list of available drivers.
3 Press Ins again.
All the available Novell certified drivers will appear on the screen.
4 Select the driver and then press Enter.
NOTE: You can also use this screen for copying drivers and NLM files from a
floppy diskette to the SYS:/SYSTEM directory.
To add a driver to the list of available drivers, insert the diskette containing the
driver in one of the disk drives, specify the complete path and filename of the driver
(for example, A:\NEWDRV\DRIVER) and then press Enter. The driver and its
description file, if any, are copied into the SYS:SYSTEM directory. (Note that the
file extension is not required.)
5 Configure the new board as described in “Configuring a LAN Board” on

page 48.
Enabling or Disabling a LAN Board

2 Select the board you want to enable or disable and press Tab.
The screen displays the board's new status (Enabled or Disabled).
IMPORTANT: If you disable a board that uses an AIO or CAPI driver and you
reinitialize the system, then all other boards that use the same driver will also be
disabled. If this happens, you must restart the server to reload all instances of the
driver that were loaded for another product in AUTOEXEC.NCF (without
INETCFG). However, the board loaded in AUTOEXEC.NCF will remain inoperable
until you restart the server or until you enter the LOAD command at the console

103-000151-001
August 30, 2001
Novell Confidential
and reinitialize the system. To avoid this problem, use INETCFG to load both
drivers.
3 Press Esc to return to the Internetworking Configuration menu.
Deleting a LAN Board

1 Load INETCFG and then click Boards
2 Select the board you want to delete and press Del.
A message is displayed indicating that deleting the board also deletes all
existing binds to the board's interfaces.
3 When prompted, select Yes to delete the board.
The board is removed from the list of configured boards.
5 Reinitialize system for the changes to take place.
Enabling TCP/IP
1 Load INETCFG and then click Protocols.
2 Select TCP/IP from the list of protocols.
3 In the TCP/IP screen, enable or disable the following:
TCP/IP
IP Packet Forwarding
OSPF
LAN Static Routing
Dead Gateway Detection
SNMP Manager
DNS Resolver
Load Balancing
Fault Tolerance
Filter Support
NAT Implicit Filtering
Expert Configuration
Setting Up 51

103-000151-001
August 30, 2001
Novell Confidential
You can further set the detailed configuration of each of the above fields.
For more information of how to configure TCP/IP, see chapter Chapter 3,
“Setting Up,” on page 47.
Binding Protocols
1 Load INETCFG and then click Binding.
2 Select a protocol.
Here you need to enter data in terms of Protocol, Interface/Group, Status
and Identifier. There might be instances when you need to enter data in
the screens still to come and that is reflected here.
3 Enter the relevant parameter information in the Binding TCP/IP to a LAN
interface screen and then click Configure TCP/IP Bind options.
4 Either set both the Group Interface for LB/FT and Set as Primary
Interface to Yes or set the first one to No.
Setting the first to No enables RIP Bind Options, OSPF Bind Options and
Expert TCP/IP Bind Options. Choose the relevant screen and enter the
data into it.

103-000151-001
August 30, 2001
Novell Confidential
4 SET Parameters
This chapter discusses how to use SET parameters to change some of the
default parameters or enable/disable the various features provided in Novell®
TCP/IP stack.
Configuration Using SET Options

The following SET options allow you to configure certain parameters from the
command line on the host. The SET options are entered at the server console
as commands, and the configuration changes made this way are applied to the
whole system rather than to an individual interface.
ARP Cache Stale Timeout
Syntax set arp entry expiry time = n

Description: Specifies a timeout period (in seconds) for a cache table entry
to be removed from the ARP cache table if the entry has not
been used for some time.
Range: 240 to 14400 (seconds)
Default: 300
SET Parameters 53

103-000151-001
August 30, 2001
Novell Confidential
ARP Cache Update Timeout
Syntax: set arp entry update time = n

Description: Specifies a timeout period for a cache table entry to be
removed from the ARP cache table if the entry has not been
updated.
Range: 240 to 14400 (seconds)
Default: 300
BSD Socket Default Buffer Size
Syntax: set bsd socket default buffer size in bytes = n

Description: Sets the BSD Socket default send and receive buffer sizes.
Range: 4096 to 65536 (bytes)
Default: 32768
Discard Oversized Ping Packets
Syntax: set discard oversized ping packets = string

Description: Enable or disable discarding ping packets of size larger than
the current ping packet size that is set to be received.
Range: On | Off
Default: On (enabled)
Discard Oversized UDP Packets
Syntax: set discard oversized udp packets = string

Description: Enable or disable discarding UDP packets of size larger than
the current ping packet size that is set to be received.
Range: On | Off

103-000151-001
August 30, 2001
Novell Confidential
IP Address Duplicates
Syntax: set allow ip address duplicates = string

Description: Binds the IP address even if it conflicts with another node in the
network. (TCP/IP normally will not allow you to bind IP
addresses that conflict with other nodes in the network.)
Range: On | Off
Large Windows
Syntax: set tcp large window option = string

Description: Enable or disable the Large Window option.
Range: On | Off
Largest Ping Packet Size
Syntax: set largest ping packet size = n

Description: Set the size of the largest ping packet that can be received.
Default: 10240
Largest UDP Packet Size
Syntax: set large udp packet size = n

Description: Set the size of the largest UDP packet that can be received.
Default: 16384
SET Parameters 55

103-000151-001
August 30, 2001
Novell Confidential
Maximum Packet Receive Buffers
Syntax: set maximum packet receive buffers = string

Description: Allocate the maximum packet receive buffers to the server.
This option can be set in the AUTOEXEC.NCF file. You can

also use this option to fine-tune the server when it is stressed.
Range: 50 to 3303820 (packets)
Default: 10000
HINT: If you want to see the current value, do not assign any variable to set the
parameter.
Maximum Pending TCP Connection Requests
Syntax: set maximum pending tcp requests = n

Description: Set the maximum number of pending TCP connections.
Range: 128 to 4096
Default: 128
Minimum Packet Receive Buffers
Syntax: set minimum packet receive buffers = string

Description: Allocate the minimum packet receive buffers to the server.
This option can be set in the AUTOEXEC.NCF file. You can

also use this option to fine-tune the server when it is stressed.
Default: 2000

103-000151-001
August 30, 2001
Novell Confidential
Path MTU Black Hole Detection and Recovery
Syntax: set tcp path mtu black hole detection and recovery = string
Description: Enable or disable the Path MTU Black Hole Detection and
Recovery option.
Range: On | Off
Selective Acknowledgement
Syntax: set tcp sack option = string

Description: Enable or disable the SACK option.
Range: On | Off
TCP Diagnostic Services
Syntax: set tcp diagnostic services = string

Description: Enable or disable the echo, discard and chargen TCP
diagnostic services on the NetWare® system.
Range: On | Off
TCP Defend Fin Attacks
Syntax: set maximum wait states = n

Description: Enable or disable defense against Fin attacks.
Range: 1 to 100000
Default: 0 (disabled)
SET Parameters 57

103-000151-001
August 30, 2001
Novell Confidential
TCP Defend Land Attacks
Syntax: set tcp defend land attacks = string

Description: Enable or disable defense against land attacks.
Range: On | Off
TCP Defend SYN Attacks
Syntax: set tcp defend syn attacks = string

Description: Enable or disable defense against SYN attacks.
Range: On | Off
TCP IP Maximum Small ECBs
Syntax: set tcp ip maximum small ecbs = string

Description: Change the maximum number of small ECBs on the server.
You can also use this option to fine-tune the server when it is
stressed.
Default: 1024
TOS Value
Syntax: set tos for ip packets = n

Description: Specifies a TOS value for all the outgoing IP datagrams
through this interface.
Assign a value to set the TOS and the precedence bits of the
IP header for outgoing packets. To set only TOS bits, use a
value between 0 and 15. To set the TOS and the precedence
bits, use a value between 0 and 127.
Range: 0 to 127
Default: 0

103-000151-001
August 30, 2001
Novell Confidential
5 Protocols
The Novell® TCP/IP software provides a set of configurable parameters with

which you can modify operational characteristics of the Internet Protocol (IP).
You can select its routing protocol and configure it to run over a LAN. In
NetWare® 6, configuration over WAN connections is not supported.
To configure IP, you enable the protocol, set its parameters, and bind it to a
network interface. You configure all IP parameters from the Internetworking
Configuration utility (INETCFG).
To understand what decisions must be taken before you configure TCP/IP
beyond its most basic configuration, refer to Appendix A, “Planning,” on page
103.
NOTE: The configuration you specify with INETCFG does not take effect
automatically. To activate the configuration, save your changes and press Esc until
you see the Internetworking Configuration menu. You can then select Reinitialize
System > Yes to activate your changes.
The following are discussed in this chapter:

“Configuring RIP” on page 60
“Configuring OSPF” on page 63
“Configuring Static Routes for LANs” on page 69
“Configuring Load Balancing” on page 75
“Configuring Fault Tolerance” on page 75
“Configuring Router Discovery” on page 76
“Configuring Type of Service (TOS)” on page 77
“Configuring ARP” on page 78
“Configuring Directed Broadcast Forwarding” on page 81
Protocols 59

August 30, 2001
Novell Confidential
“Configuring Source Route Packet Forwarding” on page 82

“Configuring BOOTP Forwarding” on page 82
“Configuring EGP” on page 83
“Configuring Multiple Logical Interfaces” on page 84
“Configuring a Secondary IP Address” on page 86
Configuring RIP
RIP is probably the most common IP routing protocol in use. It is widely
available and presents few obstacles to interoperability with other IP
internetworks, most notably the Internet.
RIP performs sufficiently well in small IP internetworks that have simple
architectures and few routers. However, RIP reveals its limitations in the large,
complex internetworks that have become common in government and private-
sector organizations throughout the world. Its most apparent limitations are
the following:
All subnets must be contiguous
RIP routes are limited to 15 hops
To overcome or ease some of these limitations, the internetworking
community developed various enhancements to RIP. RIP II, for example, is an
enhanced version of RIP that supports variable-length subnet masks. It carries
a field that contains the subnet mask of the destination network. RIP II also
supports the use of subnet zero, whose addresses were reserved under the
original IP specification. When configuring RIP on your router, you can run
RIP I, RIP II, or both on a single interface.
NOTE: Not all third-party routers support RIP II.
You can also enable poison reverse on an interface. This is a mechanism that
causes RIP to advertise a route back through the same path from which it
learned the route, but with a hop count of 16—that is, unreachable. Although
poison reverse prevents routing loops, the unreachable routes carried in each
RIP packet increase the bandwidth consumed by RIP traffic. This increase
becomes significant in large internetworks.
RIP enables you to assign a cost value between 1 and 15 to each network
interface you configure. This enables you to establish a preferred route
according to the type of network media connected to the interface. For

August 30, 2001
Novell Confidential
example, you might want to increase the cost of an interface that uses a slow
link so that, given the choice, RIP uses the interface to a faster, less costly link.
The default cost for each interface is 1. Do not increase this value on an
interface unless you want to discourage its use as an eligible routing path.
When choosing an IP routing protocol, consider the following guidelines:
If the IP internetwork is small and uses no routing protocol besides RIP,
continue using RIP.
To configure RIP on the router, see “Configuring RIP” on page 60.
However, if the network will continue to grow and perhaps become part
of a larger IP internetwork, you should consider migrating the network
from RIP to OSPF.
If the internetwork uses variable-length subnets or has third-party routers
that support RIP II, use RIP II or OSPF.
To configure RIP II, see “Configuring RIP” on page 60. To configure
OSPF, see “Configuring OSPF” on page 63.
If the internetwork has some third-party routers that support RIP II and
others that do not, use RIP I and RIP II.
For instructions on enabling RIP I and RIP II simultaneously on a
network interface, see “Configuring RIP” on page 60.
If you are currently building a large IP internetwork, use OSPF.
You can also run RIP and OSPF concurrently; for more information, see
“Configuring OSPF” on page 63.
To enable RIP routing on the router and to configure RIP on a network
interface, do the following:
1 Load INETCFG and then select Protocols > TCP/IP
2 Make sure RIP routing is enabled globally by setting the RIP field to
Enabled.
This is the default setting.
If you want to disable RIP routing on a single interface, set the Status
parameter in the RIP bind options to Disabled. This action is described in
Step 3.
3 Press Esc twice to return to the Internetworking Configuration menu and
then select Bindings > an existing binding > RIP Bind Options.
Configure the following parameters:
Protocols 61

August 30, 2001
Novell Confidential
Status—Status of RIP routing on this interface. RIP routing is

enabled by default; to disable RIP routing only on this interface,
select this parameter, then select Disabled.
RIP Version—Version of RIP to use on this interface. Select one of
the following options:
RIP I—Standard version of RIP used by most IP routers and end
nodes. This is the default option.
RIP I & RIP II—Both versions of RIP. Select this option if your
internetwork has nodes that support both RIP I and RIP II.
RIP II—Enhanced version of RIP that supports variable-length
subnet masks.
RIP Mode—Mode of the RIP version you selected in RIP Version.
Normal—Causes the router to send and accept RIP packets, RIP I,
RIP II, or both.
Receive Only—Causes the router to only receive RIP packets.
Send Only—Causes the router to broadcast, in RIP packets, only the
entries in its own routing table.
Some end nodes learn routes only by listening to RIP, even if portions
of the internetwork run OSPF. Select Send Only if you want the
router to broadcast the OSPF routes in its RIP I packets so that every
end node can learn all available routes.
The RIP Bind Options menu also includes the following parameters:
Cost of Interface
Originate Default Route
Poison Reverse
Split Horizon
Update Time
Expire Time
Garbage Time
RIP II Options
IMPORTANT: Because the default settings for these parameters are suitable for
most IP networks, you should change them only for a specific purpose. Incorrectly

August 30, 2001
Novell Confidential
configuring these parameters can increase routing traffic or cause loss of

connectivity on your network.
4 Press Esc until you are prompted to save your changes, and then select
Yes.
6 If you want these changes to take effect immediately, select Reinitialize
System > Yes to activate your changes.
Configuring OSPF
OSPF was developed to satisfy the need for a scalable, open-standards routing
protocol for large IP internetworks. It is a link state protocol that provides
highly efficient routing and fast convergence.
OSPF makes large internetworks more manageable by enabling you to
partition them into administrative domains called areas. Areas impose a
hierarchy to the internetwork. All OSPF areas are connected to a central
backbone area by an Area Border Router (ABR). The ABR shares OSPF
routing information between the area and the backbone.
When configuring an OSPF area, you assign to it a 4-byte decimal number
called the Area ID. You also indicate which of the router's network interfaces
belong to the area and whether the area is a stub area.
Novell TCP/IP supports the use of virtual links between OSPF routers. A
virtual link patches together a partitioned backbone. It creates a direct point-
to-point link between the ABRs that connect the partitioned backbone areas
through the transit area.
Most IP internetworks in use today are not pure OSPF networks; that is,
portions of these internetworks still employ other routing protocols, such as
RIP. OSPF uses an Autonomous System Boundary Router (ASBR) to import
and propagate routing information from these protocols. ASBRs are always
located on the border of an OSPF domain. When configuring OSPF, you can
enable your router to operate as an ASBR. For an ASBR to import RIP routes
learned through an interface, RIP must be enabled on that interface.
Each OSPF router has its own Router ID, a 4-byte number that uniquely
identifies the router and enables it to participate in informational exchanges
with neighboring routers. The default Router ID is the IP address of the first
interface bound to IP on the router. Although INETCFG enables you to change
Protocols 63

August 30, 2001
Novell Confidential
the Router ID, you should use the default unless you need a simpler numbering
scheme for administrating several hundred routers on an internetwork.
HINT: If you are using an unnumbered point-to-point interface, we recommend
that you configure a unique router ID.
Optionally, OSPF can be configured to authenticate its packets by providing

an authentication key —an 8-byte, alphanumeric password—in each OSPF
packet header. OSPF authentication gives you administrative control over
which routers participate in link state exchanges on the internetwork. A router
without proper authentication is excluded from these exchanges and,
essentially, from performing any OSPF routing whatsoever. Novell TCP/IP
enables you to provide authentication for an area and to provide an
authentication key for each network to which the router is connected. By
default, authentication is turned off.
OSPF enables you to assign a cost value to each network interface you
configure. This enables you to establish a preferred route according to the type
of network media connected to the interface. For example, you might want to
increase the cost of an interface that uses a slow link so that, given the choice,
OSPF uses the interface to a faster, less costly link.
Like RIP, OSPF can run over most WAN connections, depending on which
call type you use. On-demand calls, for example, typically use static routes
instead of an active routing protocol.
IMPORTANT: An active routing protocol, such as OSPF, should not be used on
an on-demand link because it will periodically bring up the link and will cause the
link to continue to stay up.
Permanent calls on an IP network typically use a routing protocol, such as

OSPF or RIP, to communicate routing information. However, they can also
use static routes to conserve bandwidth. OSPF can also run over a
nonbroadcast multiaccess network, such as X.25 or frame relay, but you must
provide the IP address of the peer OSPF router at the other end of each
connection.
HINT: Novell TCP/IP enables you to run OSPF and RIP on the same router, but
under normal circumstances, you should run them separately on different
interfaces. Although an ASBR must run both protocols so that it can import RIP
routes and propagate them to other OSPF routers, you should not run both on too
many other routers in your OSPF domain. Doing so consumes additional network
bandwidth and router memory, and might even create routing loops.
The extent to which you must configure OSPF depends on the characteristics
of your network, such as its size and topology, and whether it uses other IP

August 30, 2001
Novell Confidential
routing protocols besides OSPF. To help you configure only what is necessary,
this section provides the following procedures:
Basic OSPF configuration
Advanced OSPF configuration
Basic OSPF Configuration

To enable OSPF routing on the router and to configure OSPF on a network
interface, do the following:
1 Load INETCFG and then select Protocols > TCP/IP
2 Select the OSPF field and then Enabled.
This action enables OSPF routing globally on the router. If you want to
disable OSPF routing on a single interface, set the Status parameter to
Disabled as described in Step 3.
3 Press Esc repeatedly to return to the Internetworking Configuration menu
and then select Bindings > an existing binding > OSPF Bind Options.
The Status field indicates whether OSPF routing is active on this
interface. OSPF routing is enabled by default; to disable OSPF routing
only on this interface, select Status, then select Disabled.
The OSPF Bind Options menu also includes the following parameters:
Cost of Interface
Area ID
Priority
Authentication Password
Hello Interval
Router Dead Interval
Neighbor List
most IP networks, you should change them only for a specific purpose.
Misconfiguring these parameters can increase routing traffic or cause loss of
4 Press Esc until you return to the Internetworking Configuration menu.

Select Yes if you are prompted to save your changes.
Protocols 65

August 30, 2001
Novell Confidential

System > Yes.
Advanced OSPF Configuration

To configure advanced OSPF features, do the following:
1 Load INETCFG and then select Protocols > TCP/IP.
2 Select OSPF Configuration.
The OSPF Configuration menu is displayed and includes the following
parameters:
Router ID
Virtual Link Configuration
IP Load Sharing
IMPORTANT: Most network configurations do not require you to change these
parameters.
3 To configure an ASBR, select Autonomous System Boundary Router >

Enabled.
Enabling this parameter enables the router to operate as an ASBR. In this
capacity, the router advertises non-OSPF routes, such as those generated
by RIP and EGP. In addition, static routes and direct routes to the OSPF
domain are advertised. This is necessary to preserve connectivity
throughout an internetwork that uses routing protocols other than OSPF.
This parameter should be configured only on routers that connect an
OSPF area to an area that uses a different routing protocol.
Do not enable this parameter on an internetwork that uses only OSPF.
Doing so causes unwanted traffic on the route.
4 To configure an OSPF area, select Area Configuration and continue with
Step 5. Otherwise, go to Step 11.
The OSPF Areas menu is displayed.
This menu lists the IDs of all areas to which the router belongs. If you
have not configured an OSPF area on this router, the only area listed is
0.0.0.0, the backbone area.
5 Select an existing area or press Ins to create a new area.
6 Configure the following area parameters:

August 30, 2001
Novell Confidential
Area ID—Four-byte decimal number that identifies the area. For

example, a valid Area ID is 85.8.0.11. However, the Area ID does not
have to be an IP address. You can enter any number, but it must be in
the format of an IP address. If you enter a hexadecimal number,
INETCFG converts it to decimal.
For the router to belong to an area, the Area ID that identifies that
area must be assigned to at least one of the router's interfaces. You
assign an Area ID to an interface in Step 8.
Authentication—Switch that enables or disables authentication for
the area.
If you enable authentication on this router, you must enable
authentication on all other routers in the area. Also, all interfaces
belonging to that area must have an authentication key. You provide
the authentication key in Step 8.
Route Aggregation—Network number of a group of networks that is
aggregated into one network number. Press Ins to assign the Network
and Mask values of this network number. Because supernetting is not
supported, the aggregated network must be the same length as the
natural mask of the network class.
Area Type—Type of OSPF area, which can be Normal or Stub. All
routers in the same area must agree on the area type.
NOTE: The backbone area (0.0.0.0) cannot be a stub area.
Stub Cost—Cost of the default route advertised to the stub area. This
parameter is used only if the Area Type is set to Stub.
Yes.
8 Press Esc until you return to the Internetworking Configuration menu,
then select Bindings > an existing binding > OSPF Bind Options.
9 If you are configuring an OSPF area, configure the following area
parameters:
Area ID—ID of the area to which this interface belongs. Press Enter
to determine the list of available areas. Use the Up-arrow and Down-
arrow keys to select an area, and then press Enter to select it.
Authentication Password—Eight-byte password that authenticates
the router's OSPF packets to the area to which this interface belongs.
Valid characters are 0 to 9, A to Z, a to z, underscore, and dash.
Protocols 67

August 30, 2001
Novell Confidential
This parameter is required only if you enabled the Authentication

parameter for the area you select, as described in Step 6 on page 66.
IMPORTANT: Not all interfaces within the same area are required to have
the same authentication key; however, all interfaces connected to the same
network must have the same authentication key.
Yes.
System > Yes.
Configuring Load Sharing over Equal-Cost OSPF Routes

IP maintains multiple equal-cost OSPF routes. Load sharing enables a router
to divide traffic over equal-cost routes. The router can have several next hops
available toward any destination. With this configuration, the router can
divide the traffic among the various equal-cost routes to the destination. As a
result, load sharing increases the effective bandwidth of an end-to-end path. In
addition, it can improve the traffic distribution on an internetwork.
NOTE: Load sharing is performed only on equal-cost routes learned from OSPF.
You enable load sharing within OSPF. IP maintains a maximum of four equal-
cost routes to each destination network. The OSPF equal-cost routes are
maintained internally and are not displayed in TCPCON.
IMPORTANT: Because OSPF networks tend to be large and complex, we
recommend that you do not manually adjust the cost of the interface to create
equal-cost routes. It is best to let OSPF automatically determine the equal-cost
routes to the destination network.
To configure load sharing on the router do the following:

1 Load INETCFG, and then select Protocols > TCP/IP.
2 Select OSPF > Enabled.
3 Select OSPF Configuration.
4 Select IP Load Sharing > Enabled.
Yes.

August 30, 2001
Novell Confidential

System > Yes.
Configuring Static Routes for LANs

Static routes are useful if you want to do any of the following on your network:
Eliminate routing traffic, which increases the bandwidth available for
data.
Limit user access to one portion of the network. For example, if a static
route for a network is configured on a router, any packets that are received
by the router are forwarded only to the destination network specified by
that static route.
Gain access to isolated areas of the network, which is useful if dealing
with legacy network topologies.
Gain access to a network more than 15 hops away.
Use a static route as a backup route to dynamic routes.
HINT: Use this procedure to configure static routes when the next hop router is on
the same LAN as the router you are configuring.
How to Configure a LAN Static Route

To configure a static route for a LAN do the following:
1 Load INETCFG, and then select Protocols > TCP/IP
2 Configure the following static route parameters:
LAN Static Routing—Enables LAN static routing on the router.
Select this field, and then select Enabled.
LAN Static Routing Table—Entry point to the LAN static route
configuration parameters.
Press Ins and configure the following parameters:
Route Type—Select Network or Host if you want the destination at
the other end of the static route to be a single IP host or an IP network
(that is, a group of hosts). Or, you can select Default Route. If the
router must forward a packet for which it can find no destination in
its routing table, it sends the packet to the address specified by the
next hop for the default route. This type of blind forwarding keeps a
Protocols 69

August 30, 2001
Novell Confidential
packet on the network until a router can forward it to its final

destination.
IP Address of Network/Host—Enter the address of the destination
network or host. To select from a list of symbolic network or host
names and addresses, press Ins. The list of symbolic network names
and addresses comes from the SYS:\ETC\NETWORKS file. The list
of symbolic host names and addresses comes from the
SYS:\ETC\HOSTS file.
Subnetwork Mask—If the destination is an IP network, the subnet
mask of that network.
Next Hop Router on Route—Explicit destination of the next hop.
Enter the IP address of the next-hop router. To select from a list of
symbolic hostnames and addresses, press Ins.
Metric for This Route—Number of hops to the destination. This
metric is directly proportional to the cost of the route. Given two
routes to the same destination, the router chooses the lower-cost
route.
If you want to use the static route as a backup route to a dynamic
route, select a value that is higher than the cost associated with the
dynamic route. This selection ensures that the dynamic route remains
the preferred route under typical conditions.
Do not set this metric value to 16 unless you want to disable the
route.
Type of Route—Specify whether the static route is active or passive.
This parameter specifies whether the next hop router for this route
actively advertises the route to this network.
Usually, static routes are not advertised and are categorized as
passive routes. When a route is marked as active, TCP/IP expects the
next hop router to advertise the route regularly. If a router stops
advertising an active route, TCP/IP assumes the route is no longer
available and deletes it from the routing table.
If the static route is active and the router discovers a lower-cost
dynamic route to the same destination, it uses the lower-cost route
instead of the active static route. If the lower-cost route becomes
unavailable, the router returns to using the active static route.
3 Press Esc twice, and then select Yes to save your changes.

August 30, 2001
Novell Confidential
4 Optional: Disable the routing protocol on this interface to reduce routing

traffic.
4a Select Bindings > an existing binding.
4b Select RIP Bind Options > Status > Disabled
4c Press Esc and then select OSPF Bind Options > Status > Disabled
4d If your router has multiple interfaces and you want to disable them,
repeat these steps for each interface.
Yes.
System > Yes.
Configuring a Default Gateway (LAN Static Route)

You can configure multiple default gateways and provide a fault tolerant
solution on your network. When the Dead Gateway Detection feature is
enabled and a default gateway goes off-line, the Multiple Default Gateway list
is used to switch to the next preferred default gateway, thereby reducing the
downtime of your network.
To configure the Dead Gateway Detection, see “Configuring Dead Gateway
Detection” on page 74. The various ways of configuring multiple default
gateways are explained below. The implications of using different methods for
configuring multiple default gateways are also given in Table 3 on page 73.
Using INETCFG to Add a Default Gateway
To configure multiple default gateways using Internetworking Configuration,

see “How to Configure a LAN Static Route” on page 69.
Using BIND to Add a Default Gateway
To add a new default gateway using BIND, enter the following command at
the server prompt:
bind ip board name addr=x.x.x.x mask=x.x.x.x
gate=x.x.x.x cost=n
Protocols 71

August 30, 2001
Novell Confidential
board name is the name of the interface board that you assigning as the default
gateway. addr is the IP address of the board. mask is the subnet mask address
associated with the IP address of the board. gate is the IP address of the
gateway, and cost is the value associated with the gateway and is also the
primary routing metric for this gateway.
Using TCPCON to Add a Default Gateway

1 Load TCPCON and then select IP Routing Protocol.
2 Select Proceed, press Ins, and configure the following parameters:
Destination—Press Ins to display a list of symbolic network names from
the SYS:\ETC\NETWORKS file. Select Default here.
Next Hop—Enter the IP address of the gateway.
Interface—Enter the interface index value through which the next hop of
this gateway should be reached.
Cost—Enter the primary routing metric for this gateway.
Yes to return to the IP Routing Table screen.
Configuring RIP to Add a Default Gateway

1 Load INETCFG and then select Bindings > an existing TCP/IP binding >
RIP Bind Options.
2 Select Originate Default Route and enable this option.
Yes.
System > Yes.
These advertisements from the router are picked up and used by an end node
to add a default gateway on it. This is possible only when RIP is enabled on
the end node.
Configuring Router Discovery to Add a Default Gateway
You can configure Router discovery options on a system to add a default

gateway. These systems advertise themselves as a gateway and answer queries

August 30, 2001
Novell Confidential
from end nodes. End nodes use it to locate a gateway on their network. To
configure Router Discovery, see “Configuring Router Discovery” on page 76.
Comparing Different Default Gateway Configuration Methods

The table below explains the implications of using different methods for
configuring multiple default gateways and describes the priorities associated
with each method.
Table 3 Comparison of Default Gateway Configuration Methods
Configuration Metric or Cost Assigned to Default Gateway

Method Used to Add
Multiple Default Better Than the Cost of Equal to the Cost of Current Worse Than the Cost of
Gateways Current Default Gateway Default Gateway Current Default Gateway
Using INETCFG to Will be added to the Will not be made the Will not be made the
Add a Default Default Gateway list and default gateway, but entry default gateway, but entry
Gateway (page 71) will be made the default will be added to the will be added to the
gateway. Default Gateway list. Default Gateway list.
Using BIND to Add Will be added to the Will not be made the Will not be made the
a Default Gateway Default Gateway list and default gateway, but entry default gateway, but entry
(page 71) will be made the default will be added to the will be added to the
gateway. Default Gateway list. Default Gateway list.
Using TCPCON to Will be added to the Will be added to the Will not be added to the
Add a Default Default Gateway list and Default Gateway list and Default Gateway list and
Gateway (page 72) will be made the default will be made the default will not be made the
gateway. gateway. default gateway.
Configuring RIP to Will be added to the Will not be added to the Will not be added to the
Add a Default Default Gateway list and Default Gateway list and Default Gateway list and
Gateway (page 72) will be made the default will not be made the will not be made the
gateway. default gateway. default gateway.
Configuring Router Has the least priority. Will Has the least priority. Will Has the least priority. Will
Discovery to Add a be added to the Default be added to the Default be added to the Default
Default Gateway Gateway list but will not be Gateway list but will not be Gateway list but will not be
(page 72) made the default gateway made the default gateway made the default gateway
until the default gateways until the default gateways until the default gateways
added through INETCFG, added through INETCFG, added through INETCFG,
TCPCON, BIND, or RIP TCPCON, BIND, or RIP TCPCON, BIND, or RIP
are absent. are absent. are absent.
Protocols 73

August 30, 2001
Novell Confidential
Enabling Dead Gateway Detection

1 Load INETCFG and then select Protocols > TCP/IP.
2 Select Dead Gateway Detection > Enabled.
Yes.
System > Yes.
Configuring Dead Gateway Detection

You can fine-tune the performance of the Dead Gateway Detection feature.
Probe Interval is the time (in seconds) at which probes would be sent to the
default gateway to determine whether it is functional or not.
The valid range of values for Probe Timeout is from 10 to 1800 seconds.
Default value is 30 seconds.
Probe Timeout is the time interval (in seconds) after which the next probe is
sent to the default gateway, when there is no reply received by the gateway for
the previously sent probe.
The valid range of Probe Timeout values is from 1 to 20 seconds. Default
value is 2 seconds.
Configuring Probe Interval

1 Load INETCFG and then select Protocols > TCP/IP > Dead Gateway
Detection Configuration.
2 Select Probe Interval and then enter a value in seconds.
Yes.
System > Yes.

August 30, 2001
Novell Confidential
Configuring Probe Timeout

1 Load INETCFG and then select Protocols > TCP/IP > Dead Gateway
Detection Configuration.
2 Select Probe Timeout and then enter a value in seconds.
Yes.
System > Yes.
Configuring Load Balancing

Before you configure load balancing check whether you have bound the
desired NIC. If not, go to “Binding Protocols” on page 52 to do so.
1 Load INETCFG and select Protocols.
2 Select TCP/IP from the list of Protocols.
3 Select Load Balancing and enable it.
This switch is for the complete system. You still have to configure load
balancing on your network.
4 Select Load Balancing Configuration.
5 Configure Load Balancing Interval and Configure Individual Groups.
6 In Configure Individual Groups, select the network listed and enable load
balancing.
Configuring Fault Tolerance

Before you configure fault tolerance check whether you have bound the
desired NIC. If not, go to “Binding Protocols” on page 52 to do so.
1 Load INETCFG and select Protocols.
2 Select TCP/IP from the list of Protocols.
3 Select Fault Tolerance and enable it.
This switch is for the complete system. You still have to configure fault
tolerance on your network.
Protocols 75

August 30, 2001
Novell Confidential
4 Select Fault Tolerance Configuration.

5 Configure Fault Detection Interval, Minimum Error Level and Configure
Individual Groups.
6 In the Configure Individual Groups, select the network listed and enable
fault tolerance.
Configuring Router Discovery

Both IP routers and end nodes can use the ICMP Router Discovery Protocol.
Routers use it to advertise themselves as an IP router and to answer queries
from end nodes. End nodes use it to locate an IP router on their network. Your
system acts as a router when Packet Forwarding is enabled for IP and acts as
an end node when Packet Forwarding is disabled for IP.
NOTE: For an end node to locate an IP router by this method, it must also support
the ICMP Router Discovery Protocol.
To configure router discovery on an interface do the following:
1 Load INETCFG and then select Bindings > an existing binding > Expert
TCP/IP Bind Options > Router Discovery Options.
2 Select the Status field > Enabled.
3 Select Destination Address.
This is the method by which the IP router or end node sends router
discovery packets.
4 Select one of the following options:
Broadcast—Sends the packets to all nodes on the network.
Router Discovery Multicast—Sends the packets to an IP multicast
address used specifically for router discovery exchanges. The
packets are received only by nodes that understand this multicast
address.
Yes.
System > Yes.

August 30, 2001
Novell Confidential
Configuring Type of Service (TOS)

Using TOS, you can set the type of service for the IP data packets going out
through an interface over a network.
Assign a value to set the TOS and the precedence bits of the IP header for
outgoing packets. To set only TOS bits, use a value between 0 and 15. To set
TOS and precedence bits, use a value between 0 and 127.
The valid range of values for TOS is from 0 to 127. Default value is 0, which
indicates normal TOS. The four TOS bits are minimize delay (0x10),
maximize throughput (0x08), maximize reliability (0x04), and minimize
monetary cost (0x02).
This value is set only if TOS is enabled for this interface, otherwise, the TOS
value set using SET options will be used. To see how to use SET options, see
“Configuration Using SET Options” on page 53.
NOTE: The TOS value for outgoing IP datagrams can be set by an application
using the WINSOCK API SetSockOpt. The value set by an API takes the highest
preference followed by the value set using the method shown in “Assigning a TOS
Value” on page 77, and then the value set using SET options.
Enabling TOS
TCP/IP Bind Options.
2 Select TOS, then select Enabled.
Yes.
System > Yes.
Assigning a TOS Value

TCP/IP Bind Options.
2 Select TOS Value and then enter a value.
Yes.
Protocols 77

August 30, 2001
Novell Confidential

System > Yes.
Configuring ARP
IP routers and end nodes use ARP to determine the physical address of a node
to which they want to send a packet. ARP is enabled by default. For one node
to send a packet to another, the sending node must know the physical address
of the destination node. The sending node, knowing only the destination IP
address, first checks its ARP table for an entry that maps the destination IP
address to the destination physical address. If the sending node finds the entry,
it inserts the physical address into the packet and sends it. If the sending node
does not find the entry in its ARP table, it broadcasts an ARP address request
to the network. The destination node replies to the request with its own
physical address, which the sending node uses to send the packet and adds to
its ARP table for future use.
ARP Cache Update Timeout is the time period (in seconds) for an entry to be
removed from the ARP table, if the entry has not been updated. This value can
be set only for a primary interface, and if ARP Timer is enabled. ARP Timer
is disabled by default. For best performance, set the ARP Cache Update
timeout value to be greater than or equal to the value of ARP Cache Stale
Timeout.
The valid range of values for ARP Cache Update Timeout is from 240 to
14400 seconds. Default value is 300 seconds.
ARP Cache Stale Timeout is the time period (in seconds) for an entry to be
removed from the ARP table, if the entry has not been used for some time. If
multihoming is enabled then we can set this value for a primary IP interface if
they are grouped for load balancing and fault tolerance. In all other cases this
can be set on all IP interfaces. ARP Timer is disabled by default. For best
performance, set the ARP Cache Stale Timeout value to be lesser than or equal
to the value of ARP Cache Update Timeout.
The valid range of values for ARP Cache Stale Timeout is from 240 to 14400
seconds. Default value is 300 seconds.
An IP router uses Proxy ARP when devices attached to one of its interfaces do
not support IP subnetting and are unaware that they must go through the router
to reach devices on other subnets of the same IP network. A router using Proxy
ARP replies to ARP requests intended for devices on other subnets, but does

August 30, 2001
Novell Confidential
so only if the device is reachable through the router. To determine whether the
device is reachable, the router examines its own routing table.
Proxy ARP is required on the parent network of a stub subnet. The parent
network has an IP address range that includes the IP address range of the stub
subnet. The router responds to ARP requests sent on the parent network on
behalf of devices on the stub subnet.
When both the parent and stub subnet are bound to IP interfaces, the router can
detect the parent/stub subnet and automatically enable Proxy ARP for the
appropriate interfaces. Even if Proxy ARP is not required, and not
automatically enabled, you can still force it to be enabled with the Force Proxy
ARP parameter.
You must enable Force Proxy ARP on each LAN interface on which the router
must reply to ARP requests for destinations it can reach. Force Proxy ARP is
disabled on each interface by default.
“Disabling ARP” on page 79
“Enabling Proxy ARP” on page 80
“Enabling ARP Timer” on page 80
“Configuring ARP Cache Update Timeout” on page 80
“Configuring ARP Cache Stale Timeout” on page 81
Disabling ARP
TCP/IP Bind Options > ARP Options.
2 Select Use of ARP > Disabled.
Yes.
System > Yes.
Protocols 79

August 30, 2001
Novell Confidential
Enabling Proxy ARP

2 Select Force Proxy ARP > Enabled.
Yes.
System > Yes.
Enabling ARP Timer

2 Select ARP Timer and then select Enabled.
Yes.
System > Yes.
Configuring ARP Cache Update Timeout

2 Select ARP Cache Update Timeout and then enter a value in seconds.
Yes.
System > Yes.

August 30, 2001
Novell Confidential
Configuring ARP Cache Stale Timeout

2 Select ARP Cache Stale Timeout, then enter a value in seconds.
3 Press Esc until you are prompted to save your changes, then select Yes.
System and select Yes to activate your changes.
Configuring Directed Broadcast Forwarding

A directed broadcast is a broadcast intended for all nodes on a nonlocal
network. For example, the broadcast address 255.255.255.255 reaches all
nodes on a network; the directed broadcast address 128.1.255.255 is intended
for all nodes whose network address is 128.1.0.0. A router not directly
attached to 128.1.0.0 simply forwards the directed broadcast packet to the next
hop. A router on network 128.1.0.0—if it has directed broadcast forwarding
enabled—accepts and forwards the packet to all nodes whose network address
is 128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward
the packet to the nodes on their respective subnets.
IMPORTANT: For all nodes on network 128.1.0.0 to receive the directed
broadcast, each router attached to network 128.1.0.0 must have Directed
Broadcast Forwarding enabled.
Enabling Directed Broadcast Forwarding

1 Load INETCFG and then select Protocols > TCP/IP > Expert
Configuration Options.
2 Select Directed Broadcast Forwarding > Enabled.
Yes.
System > Yes.
Protocols 81

August 30, 2001
Novell Confidential
Configuring Source Route Packet Forwarding

Source route packets enable you to determine the route a packet takes to reach
its destination. This feature is disabled by default.
2 Select Forward Source Route Packets. Enabled to permit forwarding IP
source route packets.
Yes.
System > Yes.
Configuring BOOTP Forwarding

BOOTP is a protocol that enables end nodes to receive their IP addresses from
a BOOTP server at startup time. If your internetwork has a BOOTP or DHCP
server, you can configure your IP router to accept and forward BOOTP or
DHCP requests to that server.
Configuration Options > BootP Forwarding Configuration.
2 Select BootP Server List and then press Ins.
3 Enter the IP address of the BOOTP or DHCP server at the prompt, or
press Ins to display a list of symbolic hostnames and addresses from the
SYS:\ETC\HOSTS file.
The server address appears in the BOOTP Servers screen.
4 Press Esc.
5 Select BootP Packet Forwarding > Enabled.
6 If you want to record the activity of the BOOTP forwarder, select Log
Operation and then select one of the following options:
Log to BootP Screen—Logs BOOTP activity to the BOOTP screen.
This is a separate screen that you can select and monitor from the
NetWare console. The information logged to this screen is not saved
to a file.

August 30, 2001
Novell Confidential
Log to File—Logs BOOTP activity to the SYS:\ETC\BOOTP.LOG

file by default. To use a different file, type its full path name in the
Log File field.
7 If you do not want to record the activity of the BOOTP forwarder, select
Do Not Log.
Yes.
System > Yes.
Configuring EGP
The Exterior Gateway Protocol (EGP) is an exterior routing protocol that is
supported by the TCP/IP software. Exterior routing protocols exchange
information between different Autonomous Systems (ASs). The local EGP
gets the information about its own AS from the local Interior Gateway
Protocols (IGPs). Usually, exterior routing protocols are used only when
different companies or commercial services are being connected.
The information EGP receives from the IGP must be explicitly configured.
The exterior routing protocol shares only the information specified in the
outgoing route filters. This is desirable because you generally want to limit the
information exchanged between different ASs.
To configure EGP do the following:
2 Select EGP > Enabled.
3 Select EGP Configuration and configure the following parameters:
Autonomous System—Enter the autonomous system number. It
identifies the autonomous system to which the router belongs. The
router establishes an EGP neighbor relationship with routers in other
autonomous systems.
Maximum Neighbors to Acquire—Enter the maximum number of
concurrent EGP neighbors with which this router can exchange EGP
network reachability information.
Protocols 83

August 30, 2001
Novell Confidential
Neighbor List—Select this field to add, modify, or delete EGP

neighbors. This router attempts to establish a relationship with the
configured EGP neighbors to exchange network reachability
information. Press Ins. Configure the following parameters:
Neighbor's Address—Press Ins to display a list of symbolic
hostnames from the SYS:\ETC\HOSTS file. Select a host here or
enter the address.
Neighbor's Autonomous System—Enter the number of the
autonomous system to which this EGP neighbor belongs. The router
is able to be a neighbor with the EGP peer only when the router and
the EGP peer are in different autonomous systems.
Yes.
System > Yes.
Configuring Multiple Logical Interfaces

Novell TCP/IP allows you to bind more than one IP network to a LAN board.
The networks can operate as separate logical interfaces. The ability to
configure multiple logical interfaces simplifies the task of managing a
growing network in the following ways:
You can merge network when a there is a router failure.
For a description, see “Merging Two Networks When the Connecting
Router Fails” on page 85.
You can move hosts from one IP network to another without losing
connectivity.
For a description, see “Reassigning IP Addresses” on page 86.
You can add new nodes to a nearly full subnet.
For a description, see “Adding New Nodes to a Full Subnet” on page 86.
To attach more than one IP network to a LAN board, bind IP to the board as
many times as necessary; then supply a different IP address for each network.
Configuring multiple logical interfaces is different from multihoming, which
enables you to bind multiple addresses belonging to the same IP network to

August 30, 2001
Novell Confidential
the same interface or different interfaces. To configure multihoming, see

“Configuring a Secondary IP Address” on page 86.
Merging Two Networks When the Connecting Router Fails

Suppose a router that connects IP networks 130.81.0.0 and 167.10.0.0 fails.
For simplicity, assume that the physical medium is Ethernet. If the router
cannot be repaired quickly, you can temporarily fix the problem by completing
1 Join the two networks into a single network segment using a barrel
connector, a repeater, or other appropriate means.
2 Find a system operating Novell TCP/IP connected to the joined network.
3 Load INETCFG and select Protocols > TCP/IP.
4 Set IP Packet Forwarding to Enabled ("Router").
Yes.
7 Select Bindings and then bind IP to the joined network twice.
7a Select an existing binding to an interface connected to the joined
network.
7b Set Local IP Address to an available host address on the first
network. In this example, enter an available host address on the
130.81.0.0 network.
7c Press Esc and then save your change when prompted.
7d Press Ins to create a new binding and select the same interface
connected to the joined network.
7e Set Local IP Address to an available host address on the second
network. In this example, enter an available host address on the
167.10.0.0 network.
Yes.
System > Yes.
Protocols 85

August 30, 2001
Novell Confidential
Reassigning IP Addresses
Suppose you must change network number 89 to 130.57. If the system does
not have multiple logical interfaces, you must change all IP addresses on
network 89 at the same time or lose connectivity to any host that did not have
its address changed.
With multiple logical interfaces, you can assign the new IP addresses
gradually. Networks 89 and 130.57 can coexist on the same network segment
until the transition is complete. The router interfaces, attached to both logical
networks, forward packets for each network and route packets between the
two.
Adding New Nodes to a Full Subnet

Suppose you want to add several new nodes to a subnet that has no more
available IP addresses. Assume that the network has enough free connectors
available to physically attach the nodes.
First, you assign a new subnet number to the cable so that both subnets share
the cable. Then to add new nodes, you bind their IP address to the new logical
subnet. The router whose interface is bound to both subnet addresses provides
connectivity between the two subnets and to the rest of the internetwork.
Configuring a Secondary IP Address

A secondary IP address can be configured on the same interface that has the
primary IP address.
When multiple interfaces exist, the secondary address is associated with the
interface that is bound to an address that is on the same network. If there are
more than one interface on the same network, then you can select the interface
to add the secondary IP address. If the secondary address is not valid on any
of the networks bound to existing interfaces, the address is rejected and an
error message is produced.
To configure a secondary IP addresses, do the following:
1 Add a secondary IP address by entering the following at the command
prompt:
add secondary IPAddress x.x.x.x noarp prompt

August 30, 2001
Novell Confidential
Noarp is used to add the secondary IP address as the non-ARPable one.

If you don’t use noarp, it will be added as ARPable. Prompt allows you
to select from the available interfaces. If you don’t use prompt, it will be
added to the first bound interface of the same network.
2 Delete the secondary IP address by entering the following command:
del secondary IPAddress x.x.x.x
3 Display the secondary IP addresses by entering the following command:
display secondary IPAddress
Protocols 87

August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

August 30, 2001
Novell Confidential
6 Managing
This chapter describes the diagnostic utilities used to manage the Novell®
TCP/IP software. These utilities enable you to manage, optimize, and
troubleshoot the product and its connections. The following topics are
discussed here:
“Using the TCPCON Utility” on page 89
“Viewing TCP/IP Configuration Information” on page 90
“Determining Whether a Remote TCP/IP Node Is Reachable” on page 91
“Monitoring Error Counters” on page 91
“Monitoring TCP/IP Information” on page 92
Using the TCPCON Utility

TCPCON is an NLMTM utility that provides access to statistics and
information about the status of various components of the TCP/IP protocol
suite. TCPCON uses SNMP to access this information from any local or
remote system on the network. TCPCON operates over TCP/IP and IPXTM
networks.
To launch TCPCON, enter LOAD TCPCON at the system console prompt.
To monitor a remote system, select SNMP Access Configuration, change the
Transport Protocol option to TCP/IP, and set the Host option to the IP address
of the remote host you want to monitor. Press Esc to exit and save the options.
If details from that remote host are displayed, there is a bidirectional route
available.
Managing 89

103-000151-001
August 30, 2001
Novell Confidential
You can use TCPCON to perform the following tasks:

Monitor activity in the TCP/IP network segments of your internetwork
Display configuration information and statistics about the following
TCP/IP protocols—IP, ICMP, UDP, TCP, OSPF, and EGP
Display the IP routes currently known to a TCP/IP node
Display the network interfaces supported by a TCP/IP node
Access the trap log maintained by SNMPLOG (for the local system only)
Access TCP/IP information in any remote protocol stack supporting the
TCP/IP Management Information Base (MIB)
HINT: TCPCON requires SNMP to be loaded on the remote host; otherwise, you
receive an error message that the host is unavailable. Another cause of the Host
unavailable message might be a routing error. To check for errors in the routing
table, accept the default value of 127.0.0.1 in the Host option under SNMP Access
Configuration. Select Routing Table to view the routing information table that the
routing software has received from routing protocols (RIP and OSPF) or static
routes. Compare this to the address topology of the network.
Viewing TCP/IP Configuration Information

To see how TCP/IP is configured, load TCPCON and select the following
options:
SNMP Access Configuration to view and change SNMP access
configuration
Protocol Information to view and change the run-time configuration of
TCP/IP protocols
IP Routing to view, change, and create IP routes
Statistics to view detailed TCP/IP statistics
Interfaces to view information about network interfaces
Display Local Traps to view the local system SNMP trap log

103-000151-001
August 30, 2001
Novell Confidential
Determining Whether a Remote TCP/IP Node Is

Reachable
To determine whether a remote node is reachable, run an Echo test by doing
the following:
1 Load PING
2 Specify the remote node address in the Host Name field.
3 Specify the number of seconds between each transmission in the Seconds
to Pause between pings field.
4 Specify the packet size to be transmitted in the IP Packet Size to send in
Bytes field.
5 Press Esc to begin transmitting.
If you receive an echo reply packet, the remote node is reachable.
Monitoring Error Counters

Error counters are monitored to make sure they are not increasing rapidly,
because a rapid increase indicates a problem. For information about
troubleshooting these problems, see “Troubleshooting” on page 93. You can
monitor error counters for TCP/IP interfaces in the following ways:
Use MONITOR to view counters such as Checksum Errors, Send and
Receive Packet Errors, and interface-specific errors. To view these
counters, load MONITOR and select LAN/WAN information >
interface you want to view.
Use TCPCON to view the following TCP/IP counters:
IP Errors
IP Address Errors
Unknown Protocol Errors
Local Errors
Reassembly Failures Detected
Fragmentation Failures Detected
To view these counters, load TCPCON and select Statistics > IP > More
IP Statistics.
Managing 91

103-000151-001
August 30, 2001
Novell Confidential
Monitoring TCP/IP Information

Monitoring TCP/IP information can give you a clear view of the status of your
TCP/IP network and whether the router is configured properly to run
efficiently in the network. This information can also be helpful in
troubleshooting and optimizing of the network.
Checking the TCP/IP Routing Table

To check the TCP/IP routing table and information associated with each route,
load TCPCON and select IP Routing Table > Proceed > entry you want to
view.
The IP Routing Table window shows you all known TCP/IP destination
networks and the following information about each item:
IP address of the destination
IP address of the next hop router
Type of the route (direct, remote)
Primary cost for the route
Interface used to reach a route
The IP Route Information window expands on this by showing information
about the mask used, the routing protocol through which the destination was
learned, and the age of the route.
Monitoring the Configured TCP/IP Protocols

You can view, and sometimes change, the configuration of TCP/IP protocols
configured for use in your router. You can reach this information by loading
TCPCON and selecting Protocol Information. You can configure and view
statistics and other information for the following protocols:
EGP
ICMP
IP
OSPF
TCP
UDP
For additional information about each protocol, press F1 to access online help.

103-000151-001
August 30, 2001
Novell Confidential
7 Troubleshooting
This chapter contains IP troubleshooting information that is divided into three

categories:
“Troubleshooting Tools” on page 93
“Troubleshooting Checkpoints” on page 94
“Common Problems” on page 95
If a problem that is general in nature occurs, the procedure described in
Troubleshooting Checkpoints will help you isolate and resolve the problem.
Troubleshooting Tools
TCPCON is an NLMTM utility that provides access to statistics and
information about the status of various components of the TCP/IP protocol
suite. It uses SNMP to access this information from any local or remote system
on the network. TCPCON operates over TCP/IP networks. Use TCPCON to
monitor a remote system.
You can use TCPCON to perform the following tasks:
Monitor activity in the TCP/IP network segments of your internetwork
Display configuration information and statistics about the following
TCP/IP protocols: IP, ICMP, UDP, TCP, OSPF, and EGP
Display the IP routes currently known to a TCP/IP node
Display the network interfaces supported by a TCP/IP node
Access TCP/IP information in any remote protocol stack supporting the
TCP/IP Management Information Base (MIB)
Troubleshooting 93

103-000151-001
August 30, 2001
Novell Confidential
Troubleshooting Checkpoints
To isolate and resolve TCP/IP problems, do the following:
1 To verify that IP is bound to the desired interfaces with the correct
addresses and masks for your internetwork. Load TCPCON Select
Protocols > IP > IP Addresses.
Use INETCFG to make any required corrections.
2 To check the routing table for routes to the required network. Load
TCPCON and select IP Routing Table > Proceed, and then press Enter
If routes are missing, verify that the required routing protocols have been
enabled and bound to the correct interfaces in INETCFG. Also verify that
the routing protocol in use on an interface is correctly configured on other
routers that are accessible through that interface.
3 To verify that static routing is configured if other third-party routers that
do not use RIP or OSPF are connected on the network. Load INETCFG
and select Protocols > TCP/IP > LAN Static Routing
4 To verify that the IP Packet Forwarding statistic is set to Enabled. Load
INETCFG and select Protocols > TCP/IP > IP Packet Forwarding
Use INETCFG to make any required corrections and then reinitialize the
system.
5 Use PING or TPING to test connectivity.
Perform Step 1 through Step 4 on any routers that cannot be reached. Start
with the router that is closest to the local node.
6 Verify that all client software has the Default Router parameter
configured to match the IP address of the network board inside the router
that is connected to the local segment.
7 Load TCPCON for the following IP statistics:
Local errors (memory error)
IP errors (unexpected protocol errors)
Check the configuration of other IP nodes on the network. Reduce IP
traffic or use a network analyzer to identify the source of invalid
packets.
IP address errors (misdirected packets)
Check the Address Translation tables on other IP nodes to determine
the source of the errors.

103-000151-001
August 30, 2001
Novell Confidential
Unknown protocol errors (unsupported IP clients)

Load the required applications.
No route found (router failure)
Check the configuration of the routing protocols.
8 Load TCPCON for the following ICMP statistics:
Destination unreachable (network failure)
Use a network analyzer to determine the unreachable destination.
Check that the routers on the path to the destination advertise the
route.
Time exceeded (network failure)
Reduce the excessive delays by reducing the size of the internetwork
or increasing the speed of WAN links.
Redirects (router failure)
Check that all routers on the network are properly configured and
advertising routes. Verify that the correct Default Router is
configured on the clients.
9 To verify that all configuration options are set correctly. Load INETCFG
and select View Configuration
Common Problems
This section discusses the following common problems and their potential
solutions:
“LAN Connectivity Problems” on page 96
“Router Cannot Ping a Remote Router or the Internet” on page 98
“Routing Table Maintenance Problems” on page 98
“IP Address Duplication across Machines” on page 100
“Server Not Responding under Heavy Stress Conditions” on page 100
“Server Not Responding under Heavy Stress Conditions” on page 100
“Load Not Balanced across NICs although LB is Enabled in INETCFG”
on page 100
“Network Traffic Is Not Balanced across NICs” on page 101
Troubleshooting 95

103-000151-001
August 30, 2001
Novell Confidential
“Losing INETCFG Configuration Information upon Rebooting” on page

101
“Loss of Secondary IP Address upon Deleting Any Binding” on page 101
LAN Connectivity Problems

The router does not forward IP packets
Verify that the IP Packet Forwarding statistic is set to Router Enabled in
TCPCON (Protocols > IP). If routing is not enabled, enable IP Packet
Forwarding under Protocols in INETCFG, and then issue the
REINITIALIZE SYSTEM command.
A TCP/IP host cannot reach the router on the local network
Verify that the network portion of the IP address and the subnet mask
are the same on the router and the host.
Verify that the router and host use the same frame type.
Use PING from the router to verify connectivity to the
TCP/IP host and verify that the IP Address Translation table has an
entry for the host.
If there is no entry, use MONITOR to check the status of the LAN
driver.
TCP/IP host and check for Echo Requests in TCPCON (select
Statistics > ICMP).
If the value of the Echo Requests statistic is not incrementing, check
the IP statistics for errors and perform Step 7 on page 94 in
Troubleshooting Checkpoints.
TCP/IP host and check for Echo Replies in TCPCON (select
Statistics > ICMP).
If the value of the Echo Replies statistic is not incrementing, verify
that IP is bound to the host's interface with the correct address and
mask. Also, verify that the interface driver is loaded with the correct
frame type. If required, check the IP statistics for errors and perform
Step 7 on page 94 in Troubleshooting Checkpoints.

103-000151-001
August 30, 2001
Novell Confidential
A TCP/IP host cannot reach a remote host

Verify that the IP address and mask are proper.
Verify that the local TCP/IP host has the local router listed as the
default router.
Verify that each router has a routing protocol enabled and that it has
not been disabled on the interface.
Starting at the local router, verify that each router has a route to the
remote host's network.
Verify that there are no filters capable of blocking IP traffic
configured on any routers along the path.
Verify that the remote host has a route to the local host's network.
Using PING, verify that the remote host can reach each router on the
path to the local TCP/IP host.
Starting at the router closest to the remote host, verify that each
router has a route to the local TCP/IP host's network.
The router cannot initiate IP traffic to a remote router through a LAN
interface
Verify that IP is bound to the right interface with the correct address
and mask.
Check whether the interface driver is loaded with the correct frame
type.
Check whether a route exists to the network on which the destination
router resides. This can be done through the IP Routing Table
window of TCPCON. If the destination router is accessible, also
verify that it has a route to the source router's network.
A TCP/IP host cannot reach another host when Fault Tolerance is
disabled and the NIC that was handling the data transfer has gone down
Make sure the NIC is grouped for load balancing and fault tolerance.
Make sure that fault tolerance is enabled for the group.
To verify that NIC is grouped, do the following:
1 Load INETCFG and select Bindings > TCP/IP.
2 Select Configure TCP/IP Bind Option.
3 Make sure that the Group interface for LBFT is set to Yes.
Troubleshooting 97

103-000151-001
August 30, 2001
Novell Confidential
To check that fault tolerance is enabled, do the following:

2 In the screen that appears, fault tolerance should be enabled.
This could be for the complete system. You still need to verify whether
Fault Tolerance is enabled for the particular Net Group.
3 Select Fault Tolerance Configuration > Configure Individual Group.
4 Select the particular Net Group and check whether fault tolerance is
enabled for it. If not, set it to Yes.
Router Cannot Ping a Remote Router or the Internet

Load TCPCON and verify select IP Routing Table that there is a destination
that is specified as the default route. If there is no default route, you must
configure it. Load INETCFG to permanently configure the default route.
2 Select the Interface Group for your WAN card.
3 Select WAN Call Destination.
4 Select WAN Call Destination press Ins and then select the WAN card
defined earlier.
5 Select Static Routing Table option and press Ins.
The Static Routing entry sets up the default route that points to the
Internet Service Provider (ISP).
6 Select Route to Network or Host > Default Route.
7 Press Esc to save your changes and exit the menus.
8 For the changes to take effect, reinitialize the system.
Routing Table Maintenance Problems

Routes are not exchanged on a LAN.
Use INETCFG to verify that the IP Packet Forwarding option is
enabled.
Use INETCFG to verify that a routing protocol has been enabled.
Use INETCFG to verify that the routing protocol has not been
disabled on an interface.

103-000151-001
August 30, 2001
Novell Confidential
Use TCPCON to examine the routing table and determine which

routes are missing.
Check TCPCON for IP errors.
Check TCPCON for ICMP errors.
If you are using RIP, then in INETCFG under Bindings, verify that
the RIP Mode option is not set to Send Only or Receive Only.
If the RIP Version option is set to RIPII, verify that the other routers
also support RIP II.
Verify that no route filters are configured that would block route
information packets for that interface.
If you are using OSPF, verify that the following conditions have been
met:
Routers in the area have the same Authentication Type configured.
All routers on the same network have the same Authentication
Password configured for the interface to the network.
All routers on the same network have the same Hello Intervals
configured for the interface to the network.
The state of each neighbor is either two-way or full in TCPCON
(select Protocol Information > OSPF > Neighbors). If it is not, one of
the two conditions described next will occur. Refer to the next two
paragraphs for an explanation of the corrective actions required.
In TCPCON, there is a router link state advertisement for each router
in your area (select Protocol Information > OSPF > Link State
Advertisements). If these advertisements are not present, verify that
the missing router is active and the correct area ID is configured for
the network interface.
In TCPCON, the number of link state advertisements, Area
Boundary Routers, and Autonomous System Boundary Routers are
the same for each router in your area (select Protocol Information >
OSPF > Areas). Verify that the problem routers are active. Bring
down any router whose routing database is not synchronized with the
databases of its routing neighbors. If the problem persists, reduce the
size of your network or add more memory to the router.
Routes are not exchanged on a LAN.
Verify that the broadcast address is correct.
Troubleshooting 99

103-000151-001
August 30, 2001
Novell Confidential
RIP routes are not accessible to hosts on OSPF networks.

Check the status of the Autonomous System Boundary Router
statistic in TCPCON (select Protocol Information > OSPF).
Verify that no filters are configured that would block access to the
network.
IP Address Duplication across Machines

When you are trying to bind an IP address, you get an error message
stating a conflict for the IP address.
Set allow ip address duplicates command off under
SET parameters.
Server Not Responding under Heavy Stress Conditions

Increase the following using the SET command options:
Maximum Packet Receive Buffers (page 56)
Minimum Packet Receive Buffers (page 56)
TCP IP Maximum Small ECBs (page 58)
Load Not Balanced across NICs although LB is Enabled in INETCFG

Load balancing might have been enabled only for the system and not for the
particular group. Check whether you have grouped multiple NICs and enabled
load balancing for them.
To check that load balancing is enabled at group level, do the following:
In the screen that appears load balancing should enabled. This is for the
complete system. You still need to verify whether load balancing is
enabled for the particular Net Group.
2 Select Load Balancing Configuration > Configure Individual Group.
3 Select the particular Net Group and check whether load balancing is
enabled for it. If not, set it to Yes.

103-000151-001
August 30, 2001
Novell Confidential
Network Traffic Is Not Balanced across NICs

If the application is binding to the local host (0.0.0.0), the data is always
sent through the Primary. So the Primary should be inside the LBFT
group for the load to be evenly balanced.
Check whether the interface designated as Primary is within the group or
not. If not, either group the Primary interface or make one of the group
members Primary.
If the application is not bound to the local host, then the data is always
sent through the host where the application is bound. To load balance in
this case, make sure that this host is inside the LBFT Group.
To check whether a particular binding is part of the LBFT Group, do the
following:
2 In the screen that appears, select the Configure TCP/IP Bind option.
3 Make sure that the group interface for LBFT is set to Yes.
Losing INETCFG Configuration Information upon Rebooting

This could happen if the server abended while being configured. This corrupts
the file SYS:\ETC\TCPIP.CFG. Delete this file and copy a backup of the
previous configuration.
Loss of Secondary IP Address upon Deleting Any Binding

This could happen if more than one interface are using the same driver. If this
is the case, never delete any of the bindings. Always disable them if you don’t
want to use them.
Troubleshooting 101

103-000151-001
August 30, 2001
Novell Confidential

103-000151-001
August 30, 2001
Novell Confidential
A Planning
This appendix explains what decisions must be made before you can configure
TCP/IP beyond its most basic configuration.
Configuration Decisions
How you configure TCP/IP beyond the most basic configuration depends on
the following decisions:
Whether a multiprocessor server can use this version of TCP/IP
The TCP/IP stack distributes the connection across all processors
uniformly resulting in packet processing on different processors in
parallel. The TCP/IP stack has been multiprocessor (MP) enabled for
processing TCP and UDP packets.
Whether to use the computer as a router or an end node (that is, a
host)
The IP Packet Forwarding parameter, which controls IP packet routing, is
enabled by default. This parameter permits your computer to operate as
an IP router. When you want your computer to operate as an end node
only, disable this parameter.
Whether to use Routing Information Protocol (RIP), Open Shortest
Path First (OSPF), or a mixed RIP-OSPF environment
RIP and OSPF are IP routing protocols. If you already have IP routers in
your network environment, use the same routing protocol they use. If
your network currently has no other routers, use OSPF.
To configure your router as a RIP router, see “Configuring RIP” on page
60.
Planning 103

103-000151-001
August 30, 2001
Novell Confidential
To configure your router as an OSPF router, see “Configuring OSPF” on

page 63.
To configure a mixed RIP-OSPF environment, refer to both of the
preceding procedures.
Whether to use static routes on a router
Static routes are useful for reducing routing traffic, providing security,
accessing isolated networks, and operating as backup routes on routers.
Static routes are required for on-demand connections.
To configure static routes on a router, see “Configuring Static Routes for
LANs” on page 69.
Whether to filter routes or various TCP/IP packets
Enable filters when you want to do either of the following:
Control access to any services, such as File Transfer Protocol (FTP),
on your network
Reduce the bandwidth consumed by routing traffic
To configure TCP/IP filters, you must enable the Filtering Support
parameter in INETCFG and then load the Filter Configuration utility
(FILTCFG).
Whether to configure router discovery
Router discovery enables end nodes to find an IP router on their network.
If your computer is operating as a router, it can advertise itself
periodically as a router. If your computer is operating as an end node, it
can send queries to locate a router.
To configure router discovery, see “Configuring Router Discovery” on
page 76.
Whether to disable Address Resolution Protocol (ARP) or enable
Proxy ARP
ARP is a LAN protocol that maps Internet addresses to physical
addresses. IP routers and end nodes use ARP to determine a destination
node's physical address.
An IP router using Proxy ARP replies to ARP requests it receives through
an interface on behalf of an end node on a network attached to another
interface.
To change the default settings of ARP and Proxy ARP features, see
“Configuring ARP” on page 78.

103-000151-001
August 30, 2001
Novell Confidential
Whether to enable the router to forward directed broadcasts

A directed broadcast is a broadcast intended only for a subnet rather than
all nodes on the network.
To enable directed broadcast forwarding, see “Configuring Directed
Broadcast Forwarding” on page 81.
Whether to configure the router or end node as a BOOTP forwarder
The BOOTP protocol enables end nodes to obtain an IP address at start-
up time. If there is a BOOTP or Dynamic Host Configuration Protocol
(DHCP) server on your internetwork, any IP routers that are configured
to act as a BOOTP forwarder accept and forward BOOTP or DHCP
requests to the server. The BOOTP or DHCP server then assigns an IP
address to the end station.
To configure BOOTP forwarding, see “Configuring BOOTP
Forwarding” on page 82.
Whether to configure multiple logical interfaces on a single board
Using multiple logical interfaces enables you to bind more than one IP
network to a LAN board. Each binding operates as a separate logical
interface.
To configure multiple logical interfaces on a board, see “Configuring
Multiple Logical Interfaces” on page 84.
Whether to use multihoming
Multihoming enables an interface to be bound to multiple IP addresses on
the same network. Multihoming can be used for all IP networks bound to
a router, whether the networks are bound to on the same interface or
different interfaces.
The most common use of multiple addresses on the same network is to
enable a Web server to operate as though it is several Web servers. In this
application, each secondary IP address is used by a different virtual host
on the same Web server. The Domain Name System (DNS) can be used
to access these virtual hosts using unique hostnames.
Multihoming is also commonly used with network address translation
(NAT), the proxy server, and the virtual private network (VPN).
To configure multihoming, see “Configuring a Secondary IP Address” on
page 86.
Planning 105

103-000151-001
August 30, 2001
Novell Confidential

103-000151-001
August 30, 2001
Novell Confidential
B TCP/IP Database Files
This appendix describes how the database files of the TCP/IP stack should be
configured.
Configuring Database Files

TCP/IP uses four database files in the SYS:\ETC\directory to convert internal
data, such as IP addresses, into more identifiable and workable names.
HOSTS File (page 108) maps hostnames to IP addresses
NETWORKS File (page 109) maps network names to network addresses
PROTOCOL File (page 110) maps protocol names to IP protocol
numbers
SERVICES File (page 111) maps service names to TCP and UDP ports
The user interface for TCPCON and other NLM files uses these database files.
To inform TCP/IP of names and addresses of local nodes and networks, you
must add that information to these files. The files are cached in memory so that
disk access is avoided during lookup. Because of this, TCP/IP takes up more
memory. If this is not desirable, keep the size of the database small or simply
delete the files.
TCP/IP finds the following four database files in the SYS:\ETC\directory:
These files are described in the sections following this discussion.
If you are configuring TCP/IP for the first time, we recommend that you start
by copying the sample database files from SYS:\ETC\SAMPLES to
SYS:\ETC. This provides you with some examples to refer to as you add your
own entries, and also provides TCP/IP with the PROTOCOL and SERVICES
files.
TCP/IP Database Files 107

103-000151-001
August 30, 2001
Novell Confidential
You can modify these files with a standard text editor from any NetWare®
client, or you can use EDIT.NLM from the NetWare system console. The
following sections describe the formats of the files, which are compatible with
the same files on standard 4.3BSD UNIX* systems. The examples in the
sample files can also help you create your own entries.
The files have the same names and format as the files on UnixWare* systems
and other UNIX systems. You can use FTP to transfer the files from a UNIX
host.
Each database file describes a table. Each line of the file describes a separate
table entry. Blank lines and comments are ignored. Comments begin with a
pound sign (#) anywhere in a line and include the pound sign and any
characters following it on the same line.
IMPORTANT: Do not use the sample addresses provided in the database files if
you are connected to the Internet; these addresses are for example only.
HOSTS File
The SYS:\ETC\HOSTS file contains information about the known hosts on
the IP internetwork. Typically, it is centrally administered and distributed to
all local hosts. Its format, as shown in Figure 15, is identical to /etc/hosts on
UNIX systems. Each entry provides information about a single host. An entry
cannot extend beyond one line.
Figure 15 Sample HOSTS File
The HOSTS file entry has the following format:

IP_address host_name [alias [...]]

103-000151-001
August 30, 2001
Novell Confidential
The IP_address is a 4-byte address in standard dotted decimal notation. Each

byte is a decimal, hexadecimal, or octal value and is separated by a period.
Hexadecimal numbers must start with the character pair 0x or 0X; octal
numbers must start with 0.
The host_name is the name of the system associated with this IP address. The
name cannot contain a space, tab, pound sign (#), or end-of-line character.
Each hostname must be unique.
The alias is another name for the same system. Typically, this is a shorter
name. A single host can have from 1 to 10 aliases. For example, the host sales
could have the following address and aliases:
129.0.9.5 sales sa saleshost
The sample file SYS:\ETC\SAMPLES\HOSTS is included with the TCP/IP

software. When you are configuring TCP/IP for the first time, copy the sample
HOSTS file from SYS:\ETC\SAMPLES to SYS:\ETC. You then edit the
SYS:\ETC\HOSTS file. You can change your configuration at any time by
editing your existing SYS:\ETC\HOSTS file.
NETWORKS File
The SYS:\ETC\NETWORKS file contains information about the networks in
your internetwork. Each entry provides information about one network. An
entry cannot extend beyond one line. Figure 16 shows a sample NETWORKS
file.
Figure 16 Sample NETWORKS File
The NETWORKS file entry has the following format:

network_name network_number [/network_mask] [alias [...]]

103-000151-001
August 30, 2001
Novell Confidential
The network_name is the name of the network associated with this network
number. The name cannot contain a space, tab, pound sign (#), or end-of-line
character. The network name must be unique.
The network_number is the number of the network. Hexadecimal numbers
must start with the character pair 0x or 0X. The network_number can be
specified with or without trailing zeros. For example, the addresses 130.57
and 130.57.0.0 denote the same IP network.
The network_mask is the subnet mask of the network. Like IP addresses, it can
be specified in octal, decimal, or hexadecimal notation. This field is optional.
If not specified, the subnet mask is deduced from existing routing table entries.
The alias is another name for the same network; you can specify up to 10
aliases for a network.
The sample file SYS:\ETC\SAMPLES\NETWORKS is included with the
TCP/IP software. When you are configuring TCP/IP for the first time, copy
the sample NETWORKS file from SYS:\ETC\SAMPLES to SYS:\ETC. Then
edit the SYS:\ETC\NETWORKS file. You can change your configuration at
any time by editing your existing SYS:\ETC\NETWORKS file.
PROTOCOL File
The SYS:\ETC\PROTOCOL file, as shown in Figure 17, contains information
about the known protocols used on the internetwork. Each line provides
information about one protocol. An entry cannot extend beyond one line.
NOTE: The PROTOCOL file is called PROTOCOLS on UNIX systems. The name
is shortened to PROTOCOL because of the DOS eight-character limit.
Figure 17 Sample PROTOCOL File

103-000151-001
August 30, 2001
Novell Confidential
The PROTOCOL file entry has the following format:

protocol_name protocol_number [alias [...]]
The protocol_name is the name of the Internet protocol associated with this
protocol number. The name cannot contain a space, tab, pound sign (#), or
end-of-line character.
The protocol_number is the number of the Internet protocol.
The alias is an alternate name for the protocol.
The sample file SYS:\ETC\SAMPLES\PROTOCOL is included with the
TCP/IP software. When you are configuring TCP/IP for the first time, copy
the sample PROTOCOL file from SYS:\ETC\SAMPLES to SYS:\ETC. You
can then edit the SYS:\ETC\PROTOCOL file. You can change your
configuration at any time by editing your existing SYS:\ETC\PROTOCOL
file.
SERVICES File
The SYS:\ETC\SERVICES file, as shown in Figure 18, contains information
about the known services used on the IP internetwork. Each entry provides
information about one service. An entry cannot extend beyond one line.
Figure 18 Sample SERVICES File
The SERVICES file entry has the following format:

service_name port_number /protocol_name [alias [...]]
The service_name is the name of the service associated with this port number
and protocol name. The name cannot contain a space, tab, pound sign (#), or

103-000151-001
August 30, 2001
Novell Confidential
end-of-line character. These are generally Application-layer, Presentation-

layer, or Session-layer services, such as TFTP, FTP, SMTP, and TELNET.
The port_number is the number of the Internet port used by the service.
The protocol_name is the protocol with which the service is associated. This
is generally a Transport- or Network-layer protocol, such as TCP or UDP. You
must put a slash between the port number and the protocol name (for example,
SMTP 25/TCP MAIL).
The alias is an alternate name for the service.
The sample file SYS:\ETC\SAMPLES\SERVICES is included with the TCP/
IP software. When you are configuring TCP/IP for the first time, you should
copy the sample SERVICES file from SYS:\ETC\SAMPLES to SYS:\ETC.
You can then edit the SYS:\ETC\SERVICES file. You can change your
configuration at any time by editing your existing SYS:\ETC\SERVICES file.

103-000151-001
August 30, 2001
Novell Confidential
NetWare FTP Server Administration Guide
Novell
NetWare 6 ®
www.novell.com
6.0
N E T WA R E F T P S E RV E R
August 29, 2001

Novell Confidential
Contents
Preface 7
1 Overview 9
Features of the NetWare FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2 Setting Up 13
Upgrading from NetWare 5.1 to NetWare 6.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configuring FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Configuring FTP Server from NetWare Web Manager. . . . . . . . . . . . . . . . . . . . . . . 19
Configuring Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Configuring Security Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Configuring User Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Configuring Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3 Managing 25
FTP Server Startup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Creating an Anonymous User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Viewing the Active Sessions Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Using the FTP Server from an FTP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Starting an FTP Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Accessing a Remote Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Paths Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Quote Site Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Name Space and Filenames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Administering the NetWare FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Multiple Instances of the FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Intruder Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Access Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Anonymous User Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
FTP Log Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Active Sessions Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4 Configuring with Cluster Services 45

Running FTP Server in Active/Active and Active/Passive Modes . . . . . . . . . . . . . . . . . 45
Editing FTPSERV.CFG Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Editing AUTOEXEC.NCF Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Novell Cluster Services Configuration and Setup . . . . . . . . . . . . . . . . . . . . . . . . . 48
Creating a Cluster Volume Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Configuring FTP Server Load and Unload Scripts . . . . . . . . . . . . . . . . . . . . . . 49
Setting FTP Server Start, Failover, and Failback Modes . . . . . . . . . . . . . . . . . . . . . 50
Contents 5

103-000172-001
August 30, 2001
Novell Confidential
A FTP Server Messages 53

NWFTPD Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
FTPUPGRD Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
6 NetWare FTP Server Administration Guide

103-000172-001
August 30, 2001
Novell Confidential
Preface
Welcome to the NetWare FTP Server Administration Guide. NetWare® FTP

Server software provides FTP service for transferring files to and from
NetWare volumes. You can perform file transfers from any FTP client by
using the FTP server to log in to a Novell® eDirectoryTM tree. After logging
in, you can navigate to other NetWare servers (in the same eDirectory tree)
even if they are not be running FTP service.
Preface 7

103-000172-001
August 30, 2001
Novell Confidential

103-000172-001
August 30, 2001
Novell Confidential
1 Overview
NetWare® FTP Server software is based on the standard ARPANET File

Transfer Protocol that runs over TCP/IP and conforms to RFC 959. You can
perform file transfers from any FTP client by using the FTP Server to log in
to the Novell® eDirectoryTM tree.
Features of the NetWare FTP Server

The main features of NetWare FTP Server software include the following:
Multiple instances of NetWare FTP Server software
Multiple instances of NetWare FTP Server software can be loaded on the
same NetWare server, providing different FTP services to different sets of
users.
See “Multiple Instances of the FTP Server” on page 33.
FTP access restrictions
FTP access can be restricted at various levels through various types of
access rights.
See “Access Restrictions” on page 34.
Intruder detection
An intruder host or user who tries to log in using an invalid password can
be detected and restricted.
See “Intruder Detection” on page 34.
Remote server access
FTP users can navigate and access files from other NetWare eDirectory
servers in the same eDirectory tree and from remote IBM* servers,
Overview 9

103-000172-001
August 30, 2001
Novell Confidential
whether or not the remote servers are running NetWare FTP Server
software.
See “Accessing a Remote Server” on page 28 and Table 5, “Login
Parameters,” on page 15.
Anonymous user access
An Anonymous user account can be set up to provide users with basic
access to public files.
See “Anonymous User Access” on page 37.
Special Quote Site commands
These NetWare-specific commands can be used to change or view some
of the NetWare server-specific parameters.
See “Quote Site Commands” on page 31.
Firewall support
When the FTP client is behind a firewall and the FTP server cannot
connect to the FTP client, NetWare FTP Server software supports passive
mode data transfer and the configuration of a range of passive data ports.
See Table 7, “Firewall Support Parameters,” on page 17.
Active Sessions display
Details of all the active FTP instances at a particular time such as a list of
all instances, details of each instance, all sessions in an instance, and all
details of each session can be viewed.
See “Viewing the Active Sessions Display” on page 26.
Name space support
NetWare FTP Server software can operate in both DOS and long name
spaces. The FTP user can dynamically change the default name space by
using one of the Quote Site commands.
See “Quote Site Commands” on page 31.
Simple Network Management Protocol error reporting service
Simple Network Management Protocol (SNMP) traps are issued when an
FTP login request comes from an intruder host or from a node address
restricted through Novell eDirectory. The traps can be viewed on the
management console.

103-000172-001
August 30, 2001
Novell Confidential
FTP logs
The FTP service maintains a log of various activities: FTP sessions,
unsuccessful login attempts, active sessions details, and system error and
FTP server-related messages.
See “FTP Log Files” on page 38
Welcome banner and message file support
NetWare FTP Server software displays a welcome banner when an FTP
client establishes a connection as well as a message file when a user
changes the directory in which the file exists.
See Table 8, “Welcome Banner and Message Files Parameters,” on page
17.
NetWare Web Manager based management
NetWare Web Manager is a browser-based management tool used to
configure and manage NetWare Web Services (such as NetWare
Enterprise Web Server and NetWare Web Search Server) using a local
database, LDAP, or Novell eDirectory.
The NetWare Web Manager interface can also be used to administer (start
and stop) the FTP server as well as to configure the server, security, user,
and log settings. These settings can then be modified from a client
workstation using an Internet browser.
You can also get information such as the current server status by viewing
different logs through the Web Manager interface.
The Web Manager URL is https://servername: port_number (default port
number = 2200).
See “Configuring FTP Server from NetWare Web Manager” on page 19.
Cluster Services Support
NetWare FTP Server can be configured with Novell Cluster ServicesTM to
achieve high availability. Running FTP Server on Novell Cluster Services
provides benefits such as automatic restart without user intervention in
case of a node failure in cluster.
See “Configuring with Cluster Services” on page 45.
Upgrade Utility
The Upgrade utility helps in upgrading the configuration of FTP Server
when upgrading from NetWare 5.1 to NetWare 6.
See “Upgrading from NetWare 5.1 to NetWare 6.0” on page 13.
Overview 11

103-000172-001
August 30, 2001
Novell Confidential

103-000172-001
August 30, 2001
Novell Confidential
2 Setting Up
This chapter discusses the following sections:

Upgrading from NetWare 5.1 to NetWare 6.0 (page 13)
Configuring FTP Server (page 14)
Configuring FTP Server from NetWare Web Manager (page 19)
Upgrading from NetWare 5.1 to NetWare 6.0

The upgrade utility (FTPUPGRD.NLM) is automatically invoked to upgrade
the default configuration of NetWare FTP Server when you choose NetWare
FTP Server while upgrading the operating system from NetWare 5.1 to
NetWare 6.0.
If invoked during installation, FTP Upgrade utility upgrades the default
configuration file, ftpserv.cfg located in SYS:\ETC.
To upgrade a specific configuration of FTP Server, execute the following
command in the system console, and specify different configuration files in
SYS:\ETC.
FtpUpgrd -c cfg filename
Setting Up 13

103-000172-001
August 30, 2001
Novell Confidential
Configuring FTP Server

Before you start the NetWare FTP Server software, you should configure it by
setting the configuration parameters in the configuration file. The default
configuration file is SYS:/ETC/FTPSERV.CFG. The parameters in this
configuration fils are commented with their default values.
When the NetWare FTP Server is started, the IP address of the host
(HOST_IP_ADDR) and the port number of the NetWare FTP Server
(FTP_PORT), as defined in the configuration file, are used to bind to and
listen for FTP client connection requests. If these parameters are not defined
in the configuration file, the FTP Server binds to all configured network
interfaces and the standard FTP ports.
Multiple instances of the NetWare FTP Server can run on a single machine
with different IP addresses, or port numbers. The various parameters in the
configuration file along with the default values are described in the following
tables:
Table 1 Multiple Instances Parameters
HOST_IP_ADDR IP address of the host The IP address of the host that

the FTP Server software is being
loaded on
FTP_PORT 21 (Standard FTP port) The port number that the FTP
server should bind to and listen
for connection requests from
Table 2 FTP Session Parameters
MAX_FTP_SESSIONS 30 Maximum number of FTP

sessions that can be active at any
point of time.
Minimum value is 1
IDLE_SESSION_TIMEOUT 600 (seconds) Duration in seconds that any

session can remain idle. The
session will never time out if the
value is set as negative.

103-000172-001
August 30, 2001
Novell Confidential
Table 3 Anonymous User Access Parameters
ANONYMOUS_ACCESS No Specifies whether anonymous

user access is allowed.
Valid values are Yes and No.
ANONYMOUS_HOME SYS:/PUBLIC The Anonymous user’s home

directory.
ANONYMOUS_PASSWORD_R Yes Specifies whether to ask for an

EQUIRED Email ID as the password for
Anonymous user to log in.
Table 4 Access Restrictions Parameters
RESTRICT_FILE SYS:/ETC/FTPREST.TXT FTP Server can define access

restrictions to various levels of
users, hosts, etc. These
restrictions are defined in a file,
which can be specified here.
Table 5 Login Parameters
DEFAULT_USER_HOME- Server where FTP is running The name of the server that the
SERVER default home directory is on.
DEFAULT_USER_HOME SYS:\PUBLIC The default home directory of the

user.
IGNORE_REMOTE_HOME No Specifies whether to ignore the

home directory, if it is on a remote
server, and go to the default
directory.
Setting Up 15

103-000172-001
August 30, 2001
Novell Confidential
IGNORE_HOME_DIR No Specifies whether to ignore the

home directory and go to the
default directory.
SEARCH_LIST A list of fully distinguished names

of containers in which FTP users
are be looked for, separated by
commas. The length of this string
including the commas should not
exceed 2048 bytes. You can
specify a maximum of 25
containers.
Table 6 Intruder Detection Parameters
DEFAULT_NS Long The default name space.
The valid values are DOS and

LONG.
INTRUDER_HOST_ ATTEMPTS 20 The number of unsuccessful log

in attempts for intruder host
detection.
When set to 0, intruder host login

detection is disabled.
INTRUDER_USER_ATTEMPTS 5 The number of unsuccessful log

in attempts for intruder host
detection.
When set to 0, intruder host login

detection is disabled.
HOST_RESET_TIME 10 Time interval in minutes during

which the intruder host is not
allowed to log in.
USER_RESET_TIME 5 Time interval in minutes during

which the intruder user is not
allowed to log in.

103-000172-001
August 30, 2001
Novell Confidential
Table 7 Firewall Support Parameters
PASSIVE_PORT_MIN 1 Minimum port number used for

establishing passive data
connection.
The port value range is 1 to

65534.
The minimum value should

always be less than or equal to
the maximum value.
PASSIVE_PORT_MAX 65534 Maximum port number used for

establishing passive data
connection.
The port value range = 1 to

65534.
The maximum value should

always be greater than or equal
to the minimum value.
Table 8 Welcome Banner and Message Files Parameters
WELCOME_BANNER SYS:/ETC/WELCOME.TXT When the FTP client establishes

a connection, the content of this
file is displayed.
MESSAGE_FILE MESSAGE.TXT When the user changes the

directory, the contents of this file
are displayed. For this, the file
with that name should exist in the
directory.
Setting Up 17

103-000172-001
August 30, 2001
Novell Confidential
Table 9 FTP Logs Parameters
FTP_LOG_DIR SYS:/ETC The directory where log files will

be stored.
NUM_LOG_MSG 3200 Maximum number of messages

that will be logged in each log file.
LOG_LEVEL 7 Indicates the level of messages

logged. These are:
1= ERROR
2= WARNING
4= INFORMATION
The following combinations can

be given.
3= ERROR, WARNING
5=ERROR, INFORMATION
6= INFORMATION, WARNING
7=ERROR, WARNING, and

INFORMATION
FTPD_LOG FTPD FTPD.LOG file is automatically

created. This file contains all the
internal system related
information encountered by the
FTP server.
AUDIT_LOG FTPAUDIT FTPAUDIT.LOG file is

automatically created. This file
contains details about the login
activities of the user
INTRUDER_LOG FTPINTR FTPINTR.LOG file is

contains information about
unsuccessful login attempts
STAT_LOG FTPSTAT FTPSTAT.LOG file is

contains details about all active
sessions.

103-000172-001
August 30, 2001
Novell Confidential
Configuring FTP Server from NetWare Web Manager

You can use the NetWare Web Manager for administering FTP Service from
client- side.
To do this, enter the following URL to display the Service Selector panel (the
default port number is 2200):
https://remote_server_name : port_number
Figure 1 Service Selector Panel
In the Service Selector panel, select NetWare FTP Server to display the
Service Manager panel.
Setting Up 19

103-000172-001
August 30, 2001
Novell Confidential
Figure 2 Service Manger Panel
In the Service Manager panel you can view the Server Preferences menu,
which provides links to the configuration pages of FTP Server by clicking the
Server Preferences icon at the top of the panel.
When you click this icon, the initial main panel displays FTP Server On/off
Panel. You can start or stop NetWare FTP Service from the client side by
clicking either of the buttons.

103-000172-001
August 30, 2001
Novell Confidential
Configuring Server Settings

1 In the Server Preferences menu, click Server Settings.
Figure 3 Server Settings Panel
2 Specify the FTP Server settings. For specific information about each
parameter, refer the online help.
3 Click Save to save your settings or click Reset to retain the previous
settings.
Setting Up 21

103-000172-001
August 30, 2001
Novell Confidential
Configuring Security Settings

1 In the Server Preferences menu, click Security.
Figure 4 Security Panel
2 Specify the FTP Server Security settings. For specific information about
each parameter, refer the online help.
3 Click Save to save your settings or click Reset to clear your settings.

103-000172-001
August 30, 2001
Novell Confidential
Configuring User Settings

1 In the Server Preferences menu, click User Settings.
Figure 5 User Settings Panel
2 Specify the FTP Server User Settings. For specific information about each
parameter, refer the online help.
3 Click Save to save your settings or click Reset to clear your settings.
Setting Up 23

103-000172-001
August 30, 2001
Novell Confidential
Configuring Log Settings

1 In the Server Preferences menu, click Log Settings.
Figure 6 Log Settings Panel
2 Select the type of log messages from the Log Messages of Type drop
down list, and enter the Number of Log messages. For specific information
about each parameter, refer the online help.
3 Click Save to save your settings or click Reset to retain previous settings.

103-000172-001
August 30, 2001
Novell Confidential
3 Managing

“FTP Server Startup” on page 25
“Using the FTP Server from an FTP Client” on page 26
“Administering the NetWare FTP Server” on page 33
FTP Server Startup

The FTP Server software can be loaded from the NetWare® server using the
following command:
nwftpd
The server takes the default configuration file SYS:/ETC/FTPSERV.CFG. On

installation, this configuration file has all the parameters, commented, with
their default values.
To start the NetWare FTP Server software with a different configuration file
(for example, MYCONFIG.CFG), place the file in the SYS:/ETC directory
and enter the following at the command line:
nwftpd -c myconfig.cfg
NOTE: If there is any change in the .CFG file, nwftpd should be reloaded.
Managing 25

103-000172-001
August 30, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Creating an Anonymous User

To create an anonymous user, enter
nwftpd -a [-c Configfile]
The server takes the anonymous user home directory from the configuration
file and displays it on the screen with the option to modify the directory.
NOTE: The -a option modifies the configuration file for anonymous user access.
For this change to take place, reload nwftpd.
Viewing the Active Sessions Display

To load the Active Sessions Display utility, enter
ftpstat [-p port number]
The server takes a port number that the HTTP browser should connect to in
order to view the NetWare FTP active sessions. The default port is 2500.
Using the FTP Server from an FTP Client

“Starting an FTP Session” on page 26
“Paths Formats” on page 31
“Accessing a Remote Server” on page 28
“Quote Site Commands” on page 31
“Name Space and Filenames” on page 32
Starting an FTP Session

Users can start an FTP session from a workstation running the FTP client
software using the following command:
ftp hostname | IP Address
where hostname is the name of the server in the DNS or IP address of the
NetWare server running the FTP service. The FTP client then prompts the user
for a username and password.

103-000172-001
August 30, 2001
Novell Confidential
The following are the session-based details and are not tied to individual user
logins: bytes sent, bytes received, session duration, files sent, files received,
and current Novell® eDirectoryTM context.
For more details, see Table 2, “FTP Session Parameters,” on page 14.
Logging In to the eDirectory Tree
A user can login to the FTP server either by specifying the username with full
context or with a context relative to the default context (which is the context
of the NetWare server where FTP is running). If the context is not specified,
the FTP server searches for the user only in the current session context.
If a user with an expired password attempts to log in to the FTP server, a
message stating that the password has expired is returned after the user logs
in. Logging in with an expired password uses the grace logins. If all the grace
logins of the user expire, the user cannot log in and receives an error message.
After the user logs in, the FTP server places the user in the user's eDirectory
home directory (if defined) and attaches the user to the server where the home
directory resides.
If the home directory is not defined or cannot be located, the FTP server places
the user in the default user home directory specified in the configuration file.
The DEFAULT_USER_HOME_SERVER parameter can be used to specify
the name of the server where the default user home directory is located. If the
parameter is not specified, by default the FTP server considers the default user
home directory to be on the server where the FTP server is running.
A user is placed in the default user home directory under the following
conditions:
If IGNORE_DIR_HOME = Yes.
If IGNORE_REMOTE_HOME = Yes, and the user’s home directory is
on a remote server.
Logging In to an IBM Server
To log in to a remote IBM server, the user should have a user account in that
server.
To log in to the IBM server from FTP client, the user should start an FTP
session using FTPHost and should give the username in the following format:
@IBMservername.username
Managing 27

103-000172-001
August 30, 2001
Novell Confidential
To log in to an IBM server from a browser, the following format should be

used:
ftp //+IBMserver+username:password@FTPHost
For logging in as anonymous user, the user name and password can be
omitted:
ftp //+IBMservername@FtpHost
After logging in to an IBM server, the user is placed in the home directory in
that IBM server.
While logging in to an IBM server, the user is not authenticated to the
eDirectory tree. So, navigation between IBM servers and eDirectory servers
is not possible.
Accessing a Remote Server

The double slash (//) indicates that the user wants to access a remote server.
The name of the remote server must be the first entry after the double slash.
Navigating to eDirectory Servers
After logging in to the eDirectory tree, users can access files and directories
on a remote NetWare server whether or not the server is running Novell FTP
Server software.
The NCPTM protocol lets you transfer files and navigate to and from remote
eDirectory servers.

103-000172-001
August 30, 2001
Novell Confidential
Figure 7 How a NetWare FTP Server Accesses Remote NetWare Servers
Workstation running
FTP client software
1
A user uses FTP to connect to
the local NetWare FTP Server.
Remote NetWare server

FTP (running NetWare 4.1 or later)
without the FTP service
News Feed
NCP
2 3
After logging in to Local NetWare server The user can now
the FTP server, the running the access files on the
user accesses the FTP service remote NetWare
remote server from server.
the command line.
To navigate to remote servers, enter

cd //remote server name/volume/directory pathname
File operations such as get, put, and delete can be used on the remote server,
even without changing directory path to that server. For example:
get //remote_server_name/volume/directory path/filename
If the current directory is on a remote server and the remote server goes down,
the user is placed in the home directory in the home server. If the home server
is not available, the user is placed in the default user home directory.
Navigating to IBM Servers
After logging in to the eDirectory tree, users can access files and directories
on a remote NetWare server whether or not the server is running Novell FTP
Server software.
The NetWare FTP Server uses the AFTP Gateway component of NetWare
SAA to access remote IBM servers.
Managing 29

103-000172-001
August 30, 2001
Novell Confidential
Figure 8 How a NetWare FTP Server Accesses Remote IBM Servers
Workstation running
FTP client software
1
A user uses FTP to connect
to the local IBM server.
FTP
Remote IBM server
FTP of NetWare SAA
2
After logging in to Local NetWare server 3
the FTP Server, the running the The user can now
user accesses the FTP service access files on the
remote server from remote IBM server.
the command line.
The IBM server that the user logs in to first will be considered the home server.
Once logged in to an IBM server, the user can navigate to other remote IBM
servers which identify the user with the same username and password. To
navigate to remote servers the following format should be used:
cd //IBM server name/path
File operations such as get, put, and delete can be done only when the user is
currently in that server.
If the current directory is on a remote server and the server goes down, the user
is placed in the home directory in the home server. If the home server is not
available, the remote server is made the home server. If the current directory
is in the home server and the server goes down, the user is logged out.

103-000172-001
August 30, 2001
Novell Confidential
Paths Formats
The volume and directory path name must be specified in following format:.
//server_name/volume_name/directory_path
To navigate to different volumes, enter:

cd /volume_name
To switch back to home directory, enter:

cd ~
To switch to home directory of any user, enter:

cd ~user_name
Quote Site Commands

The SITE command enables FTP clients to access features specific to the
NetWare FTP Server.
The SITE command has the following syntax:
QUOTE SITE [SLIST | SERVER | HELP | CX {CONTEXT} | LONG |
DOS | OU]
NOTE: The settings done through Quote Site Comments is valid only for
current session.
These commands are unique to the NetWare FTP service and are not standard
FTP commands.
A list of quote site commands and their descriptions are given below:
Command Description
SLIST Lists all the NetWare servers within the eDirectory tree
SERVER Lists all NetWare servers in the current eDirectory

context and its sub-OUs.
For example, SITE SERVER displays all NetWare

servers in the current context.
HELP Displays the help file related to the Quote Site

commands. It gives the syntax, and description of all site
commands.
Managing 31

103-000172-001
August 30, 2001
Novell Confidential
Command Description
CX CX without a context displays the current context of the

FTP Server
CX with a context as an argument sets the current

eDirectory context to a given value. For example:
cx ou=test sets the context to the OU test using the

relative context
cx.ou=test.o=acme sets the context to the OU test using

the absolute context
CX with the argument ~ ,resets the context back to user’s

context
OU Shows all the organizational units relative to the current

context
OU enables users to display the eDirectory organizations

(containers) below the current eDirectory context.
LONG Changes the configured namespace to the LONG name

space.
DOS Changes to the configured name space to the DOS name

space.
DOS changes the configured name space to the DOS

name space. This change takes place only for the
current session. All NetWare volumes support the DOS
name space.
Name Space and Filenames

FTP Server software supports DOS and LONG name space. The default name
space is configured in the configuration file. FTP users can also change it
dynamically using the QUOTE SITE DOS command or the QUOTE SITE
LONG command.
NOTE: The namespace changed using Quote Site command is in effect only in the
current status.
The default configured name space is LONG.

When the user changes the name space, the change affects only those volumes
that support the specified name space. If the LONG name space is not

103-000172-001
August 30, 2001
Novell Confidential
supported on a specific volume, users must follow the DOS file naming
conventions of using no more than eight characters for the name plus no more
than three additional characters for the extension.
In both name spaces, the user views the response to the ls or Dir in the
NetWare format only. Format of the directory listing is as follows:
type rights owner size time name
where the above variables stand for:
Type: Type of file, where {-} indicates a file and {d} indicates a directory
Rights: Effective NetWare rights of the user to this file or directory.
Owner: NetWare user who created this file or directory. In case the
mapping of objects and the owner's name is not found, the object ID is
displayed.
Size: The size, in bytes, of the file or directory. In case of a directory, it is
always 512.
Time: The modification date and time of the file or directory.
Name: The name of the file or directory in the current name space.
Administering the NetWare FTP Server

This section discusses the administering the following:
“Multiple Instances of the FTP Server” on page 33
“Intruder Detection” on page 34
“Access Restrictions” on page 34
“Anonymous User Access” on page 37
“FTP Log Files” on page 38
“Active Sessions Display” on page 42
Multiple Instances of the FTP Server

Multiple instances of the FTP server can be initialized if the NetWare server
has multiple network interface cards. Each FTP server should have a unique
IP address and port number combination. Each FTP server instance can have
its own configuration file and access restrictions file, and can listen on
different IP addresses and port numbers.
Managing 33

103-000172-001
August 30, 2001
Novell Confidential
The IP address of the host (HOST_IP_ADDR) and the port number

(FTP_PORT) as defined in the configuration file are used to bind to and listen
for FTP client connection requests. The configuration file can be specified
while starting the FTP server. If these parameters are not defined in the
configuration file, the default IP address and the standard FTP port number are
used.
For more details, see Table 1, “Multiple Instances Parameters,” on page 14.
Intruder Detection
A user is considered an intruder when the number of unsuccessful log in
attempts is greater than those specified by the parameter
INTRUDER_USER_ATTEMPTS in the configuration file. Similarly, a host/
client machine is considered an intruder when the number of consecutive login
failures for any user from that host is greater than the configured limit
specified by the parameter INTRUDER_HOST_ATTEMPTS.
If a successful login is encountered before the attempts limit is reached, the
login failures count is reset to zero.
When a user becomes an intruder, his account is locked out for an interval of
time specified by the parameter USER_RESET_TIME in the configuration
file.
When a host becomes an intruder, access to the FTP Server is denied for that
host machine for an interval of time specified by the parameter
HOST_RESET_TIME in the configuration file.
Access Restrictions
The FTP service enables you to specify access restrictions for a user, a client
host, and the IP address of a client host. The access restrictions are specified
in the restrictions file, which can be configured (RESTRICT_FILE). Access
restrictions can be specified at various levels and multiple access rights are
allowed.

103-000172-001
August 30, 2001
Novell Confidential
Restriction Levels
The following table describes the supported levels of access restrictions.
Restriction Level Description
Container Restriction can be specified for any eDirectory

container. This will control all the users in that
container and its sub-OUs.
Container level: Restriction can be specified for

any eDirectory container. This will control all the
users in that container and its sub-OUs.
*.container name
The asterik (*) indicates the container level

restriction. The container should be a fully
distinguished name.
User Restriction can be specified for a particular user.
.user name
The period (.) indicates user level restriction. The

user name should be a fully distinguished name.
Domain Restriction can be specified at the domain level.

This will control all the hosts in that domain and
its sub domains. The following is the RESTRICT
file format:
DOMAIN= domain name
The DOMAIN= key word indicates the domain

level restriction.
The domain restrictions will not work if the host

does not have a DNS entry.
Host Restriction can be specified for a particular host

machine.
ADDRESS= host name/IP address
The ADDRESS= key word indicates the host

level restriction. The host name or IP address of
the host can be specified.
The DNS configuration should be proper for

address and domain name restrictions.
Managing 35

103-000172-001
August 30, 2001
Novell Confidential
Access Rights
The following table describes the permitted access rights.
Access Right Description
DENY Denies access to the FTP Server for that client.
READONLY Gives read-only access to the client.
NOREMOTE Restricts access to remote server navigation.
GUEST Gives only Guest access to the user. guest users are
those users who cannot navigate to remote servers.
A guest user has access only within the guest user’s
home directory and subdirectories.
ALLOW Gives normal FTP access without restriction.
Keywords
The following table describes the possible keywords.
Keyword Description
ADDRESS= Restricts a particular node. The IP address or

machine name can be used.
DOMAIN= Restricts a particular Domain.
The asterisk (*) should be used for container level

restrictions.
ACCESS= Is mandatory for each line. It should be followed by

access rights.
Restrict File
The format and organization of the restrict file is as follows:

Each line should have one entity name and corresponding access rights.
The rights of the entities will be assigned according to the order of the
RESTRICT file. If different rights apply to the same entity, the latest
entities that appear in the RESTRICT file will be taken.

103-000172-001
August 30, 2001
Novell Confidential
All rights specified in the same line will be applied to that entity.
If the RESTRICT file does not exist or is empty, the access is given to all
users without any restrictions.
Example 1
*.novell ACCESS=ALLOW
*.testou.novell ACCESS=DENY
.user1.testou.novell ACCESS=READONLY
User1 at testou will be allowed read-only rights. The other users at

testou.novell will be denied the right. However, all other OUs at .novell will
be allowed.
Example 2
*.testou.novell ACCESS=DENY
*.novell ACCESS=ALLOW
All OUs at .novell will be allowed because both rights apply to testou and the
later would be taken.
Example 3
ADDRESS=Clientmachine1.blr.novell.com ACCESS=NOREMOTE
.user1.novell ACCESS=READONLY
The user1 logging from clientmachine1 will have read-only and no remote
access.
For more details, see Table 4, “Access Restrictions Parameters,” on page 15
Anonymous User Access

NetWare FTP Server software supports an anonymous user account. This
account provides people with access to public files. Access to the Anonymous
user account can be enabled or disabled by setting the
ANONYMOUS_ACCESS parameter in the configuration file. By default, the
parameter is set to No. The path of the Anonymous user's home directory can
be specified in the configuration file, in the ANONYMOUS_HOME directory
parameter.
An Anonymous user account can be created by loading the FTP server with
the -a option. This creates the Anonymous user, creates the home directory
(if it is not available), and assigns access rights to the Anonymous user. The
Managing 37

103-000172-001
August 30, 2001
Novell Confidential
administrator name and password are then taken from the screen and the
Anonymous user is created in the eDirectory tree at the default context. Also,
the configured anonymous home directory is displayed on the screen with an
option to modify it.
If the administrator does not specify a home directory, then the default
directory is taken. The Anonymous user will have only Read and File Scan
rights to the default directory. If the administrator specifies the anonymous
home directory, then the directory is created and the Anonymous user will
have Read, File Scan, Create, Delete, and Modify rights to that directory.
For more details, see Table 3, “Anonymous User Access Parameters,” on page
15.
FTP Log Files

The FTP server has four log files for recording different activity information.
All the log files are created in the FTP_LOG_DIR directory specified in the
configuration file. The amount and type of information logged is controlled by
the LOG_LEVEL parameter defined in the configuration file.
The log levels indicate bits for which any combination can be give
1= ERROR
2= WARNING
4= INFO
If the LOG_LEVEL = 3, then error messages and warning messages will be
logged. If LOG_LEVEL = 4, then error messages and warning messages will
be logged.At default value of LOG_LEVEL = 7, all messages will be logged.
The parameter NUM_LOG_MSG is used to specify the maximum number of
messages that can be logged into each of the log files. Once this limit is
exceeded the log files are overwritten and the old messages are lost.
All these log files can be viewed from NetWare Web Manager.
Audit Log File
The Audit log contains details about the login and activities of the user. The
default path is SYS:/ETC/FTPAUDIT.LOG. The file has entries for login,
logout and other file system related operations like mkdir, rmdir, put, set, and
delete.

103-000172-001
August 30, 2001
Novell Confidential
The general Audit log format is

Log Level:Thread ID:Date Time:IPaddress:Username:message
Viewing Audit Log File from NetWare Web Manager

1 In the NetWare Web Manager Service Selector panel, click NetWare FTP
Server.
2 In the Service Manager panel, click the Server Status icon.
3 In the Server Log panel, click View Auditor Trail Log to display the
following panel.
Figure 9 Audit Trail Log Panel
Statistics Log File
The Statistics log file contains details of all active sessions in the log file. The
default path is SYS:/ETC/FTPSTAT.LOG.
The Statistics log file maintains three record types, each of which is separated
by a comma.
TRANSFER: Contains information related to the data transfer
USER: Contains information related to users logged in/out
FAILURE: Contains information about the number of failures during data
transfer
Managing 39

103-000172-001
August 30, 2001
Novell Confidential
Viewing Statistics Log file from Web Manager

1 In the NetWare Web Manager Service Selector panel, click the NetWare
FTP Server.
3 In the Server Log menu, click View Statistics Log link to display a panel
Figure 10 Statistics Log Panel
Intruder Log File
The Intruder log file contains information about unsuccessful login attempts.
The default path is SYS:/ETC/FTPINTR.LOG. The following information is
recorded in the file:
The address of the machine where the login originated
The time of the attempted access
The login name of the user
The general Intruder log format is:
ErrorLevel: Date Time : Client IPaddress : UserName :
message

103-000172-001
August 30, 2001
Novell Confidential
If the parameter INTRUDER_HOST_ATTEMPTS = 0 then intruder detection

is disabled.
Viewing Intruder Detection from Web Manager

FTP Server.
3 In the Server log panel, click View Intruder Log to display a panel similar
to the following:
Figure 11 Intruder Log Panel
System Log File
The System log file contains all the internal system-related information
encountered by the FTP Server.
The general System log file format is
Error: Thread ID: Date Time: Message
For more details, see Table 9, “FTP Logs Parameters,” on page 18
Managing 41

103-000172-001
August 30, 2001
Novell Confidential
Active Sessions Display

To load the Active Sessions Display utility, enter
ftpstat [-p port number]
Enter the port number that the HTTP browser should connect to in order to
view the NetWare FTP Active Sessions:
http://servername:port/
The default port is 2500.

You can directly view the active sessions information using NetWare Web
Manager.
FTP Server.
3 In the Server Status menu, click View Server Status to display the View
Server Status panel.
4 Click the View Server Status button in the panel to view the FTP Instance
Panel.
Figure 12 FTP Instance Panel

103-000172-001
August 30, 2001
Novell Confidential
The FTP Instance panel appears displaying active sessions of the FTP
server. You can view details such as the total number of active session, IP
address, port number, number of sessions, peak bandwidth, and
configuration.
Managing 43

103-000172-001
August 30, 2001
Novell Confidential

103-000172-001
August 30, 2001
Novell Confidential
4 Configuring with Cluster Services
Before configuring NetWare® FTP Server with Novell® Cluster ServicesTM,

NetWare FTP Server must be installed on each server in your cluster that will
run it. NetWare FTP Server is selected by default during the NetWare 6.0
installation, and might already be installed.
Running FTP Server in Active/Active and Active/Passive

Modes
Running NetWare FTP Server in the ACTIVE/ACTIVE mode is the
recommended configuration because it provides faster recovery after a failure.
In this mode, FTP Server runs simultaneously on multiple servers in the
cluster. When a Web server fails, the FTP sites on that server fail over to other
FTP servers in the cluster. Only FTP sites move in ACTIVE/ACTIVE mode.
NetWare FTP Server can also be run in ACTIVE/PASSIVE mode. In this
mode, FTP Server runs on only one node in the cluster at a time. When a Web
server fails, FTP Server starts on other specified nodes in the cluster, and the
FTP sites that were on the failed server fail over to other nodes in the cluster.
This makes ACTIVE/PASSIVE mode marginally slower because FTP Server
has to load on other servers in the cluster before FTP sites can fail over.
Editing FTPSERV.CFG Configuration Files

The configuration file FTPSERV.CFG is created by default during the FTP
Server installation and is placed in the SYS:\ETC directory. A separate
FTPSERV.CFG file exists for each FTP Server that is installed on the cluster.
Each FTPSERV.CFG file contains a line that specifies the IP address assigned
to the FTP server. By default, the IP address assigned to the FTP server is the
same IP address that is assigned to the NetWare server where the FTP server
resides.
Configuring with Cluster Services 45

103-000172-001
August 30, 2001
Novell Confidential
A separate unique IP address must be assigned to the FTP server so that it can
move with the FTP server during failover and failback. Edit the
FTPSERV.CFG file and change the HOST_IP_ADDR line to specify the
unique IP address you want to assign to the FTP server. For example, if the
unique IP address you want to assign to the FTP server is 123.45.67.012, the
line would read Host_IP_ADDR=123.45.67.012.
Assigning a unique IP address to the FTP server allows it to bind to the unique
IP address instead of to the IP address of the local host.
FTPSERV.CFG also contains a line that specifies the default home directory
for FTP users. This home directory must reside on a volume on the shared disk
system. The volume where the home directory resides doesn't have to be
cluster enabled.
Edit FTPSERV.CFG and change the DEFAULT_USER_HOME line to
specify the user home directory and volume on the shared disk system. For
example, if the user home directory on the shared volume is SHARE1:/
HOME, the line would read DEFAULT_USER_HOME=SHARE1:HOME.
Editing AUTOEXEC.NCF Files

If you are running NetWare FTP Server in ACTIVE/PASSIVE mode, it should
be launched from the FTP Server Cluster Resource load script. For more
details, see Novell Cluster Services Overview and Installation (http://
www.novell.com/documentation/).
If you are running FTP Server in ACTIVE/ACTIVE mode, it should be
launched from the AUTOEXEC.NCF file of each NetWare server in the
cluster that will run FTP Server.
Add the following lines in the order specified to the AUTOEXEC.NCF file of
each NetWare server in the cluster that will run FTP Server in ACTIVE/
ACTIVE mode:
ADD SECONDARY IPADDRESS A.B.C.D NOARP
NWFTPD
LOAD DELAY.NLM
DELAY 5
DEL SECONDARY IPADDRESS A.B.C.D
Replace A.B.C.D with the unique IP address you assigned the FTP server.

103-000172-001
August 30, 2001
Novell Confidential
If you are running multiple FTP servers on your cluster, repeat the ADD and
DEL SECONDARY IPADDRESS lines for each FTP server, because each
FTP server requires its own IP address. Also, each FTP server must have its
own uniquely named configuration file which specifies the FTP server's IP
address and shared volume directory. Running FTP Server in ACTIVE/
ACTIVE mode is required if you plan to run more than one FTP Server on the
same NetWare server.
For example, if you have three FTP servers on your cluster, you can create
three configuration files named FTPSERV1.CFG, FTPSERV2.CFG, and
FTPSERV3.CFG and then copy them to the SYS:\ETC directory of each
NetWare server in the cluster that will run the FTP servers. Each configuration
file contains the IP address and shared volume directory for its corresponding
FTP server. In this example, you would add the following lines to the
AUTOEXEC.NCF file of each server in the cluster that will run the three FTP
servers in ACTIVE/ACTIVE mode:
NWFTPD -C FTPSERV1.CFG
LOAD DELAY.NLM
DELAY 5
DELAY.NLM provides enough time for the FTP server to load before the
secondary IP addresses are deleted. The delay time might need to be altered to
ensure enough time is allotted.
IMPORTANT: If you are also running Netscape* Enterprise Server in ACTIVE/
ACTIVE mode on the same server, be sure to add the lines in the above example
before the NSWEB command.

103-000172-001
August 30, 2001
Novell Confidential
Novell Cluster Services Configuration and Setup

Once FTP Server is installed, you must create and configure an FTP server
resource in Novell Cluster Services for each FTP server that will run in your
cluster. This includes configuring load and unload scripts; setting Start,
Failover, and Failback modes; and assigning the FTP server resource to
specific nodes in your cluster.
Creating a Cluster Volume Object

Before you start using FTP Server with cluster support, create a shared volume
and a Cluster Volume object.
1 Create a shared volume using NWCONFIG > NSS volumes.
2 Create a Cluster Volume object in ConsoleOne by completing the
following:
2a Select the Cluster object.
2b Click File > New > Cluster > Cluster Volume.
2c Browse and select the shared volume.
2d Enter the secondary IP address or the virtual IP address associated
with the cluster.
The address will be in the following format:
AAA.BBB.CCC.DDD
2e Check the Define Additional Properties check box and click Create.
2f Set the Start, Failover, and Failback Modes.
2g Verify the order of the servers in the nodes list.
2h To save the changes to the Cluster Volume object, click OK.
IMPORTANT: After the shared volume servername_shared vol name is cluster-
enabled, ConsoleOne renames it to cluster object name_shared vol name.
ConsoleOne creates a virtual server associated with the shared volume called
cluster object name_shared vol name_SERVER.
ConsoleOne also creates a Cluster Volume object called shared vol

name_SERVER in the Cluster object container.

103-000172-001
August 30, 2001
Novell Confidential
Configuring FTP Server Load and Unload Scripts

Select and right-click the Cluster Volume object and then click Properties to
find the Cluster Resource Load Script and Cluster Resource Unload Script.
Load and unload scripts are required by Novell Cluster Services to start and
stop the FTP server.
1 To the load script, add the following at the end of the existing script:
NSS /ACTIVATE=VOLUME
MOUNT VOLUME
ADD SECONDARY IPADDRESS A.B.C.D
NWFTPD
2 To the unload script, add the following at the beginning of the existing
script:
UNLOAD NWFTPD
DISMOUNT VOLUME /FORCE
NSS /FORCEDEACTIVATE=VOLUME
Replace VOLUME in both the load and unload scripts with the name of
the shared disk volume where webroot exists. Replace A.B.C.D with the
secondary IP address assigned to the FTP server cluster volume object.
This is the IP address that will move with the FTP Server during failover
and failback. The NWFTPD command is omitted in ACTIVE/ACTIVE
mode.

103-000172-001
August 30, 2001
Novell Confidential
Setting FTP Server Start, Failover, and Failback Modes

The following table explains the different FTP Server resource modes.
Mode Settings Description
Start AUTO, MANUAL AUTO allows FTP Server

to automatically start on a
designated server when
the cluster is first brought
up.
MANUAL lets you

manually start the FTP
Server on a specific
server whenever you
want.
Default = AUTO
Failover AUTO, MANUAL AUTO allows FTP Server

to automatically move to
the next server in the
Assigned Nodes list in
the event of a hardware
or software failure.
MANUAL lets you

intervene after a failure
occurs and before FTP
Server is moved to
another node.
Default = AUTO

103-000172-001
August 30, 2001
Novell Confidential
Mode Settings Description
Failback AUTO, MANUAL, AUTO allows FTP Server

DISABLE to automatically move
back to its preferred node
when the preferred node
is brought back online.
MANUAL prevents FTP

Server from moving back
when that node is
brought back online until
you are ready to allow it
to happen.
DISABLE causes FTP

Server to continue
running in an online state
on the node it has failed
to.
Default = DISABLE
To set FTP Server Start, Failover, and Failback modes, do the following:
1 In ConsoleOne, double-click the cluster object container.
2 Right-click the cluster resource object shared vol name_SERVER and
select Properties.
3 Click the Policies tab on the property page.
4 View or change the Start, Failover, or Failback mode.

103-000172-001
August 30, 2001
Novell Confidential

103-000172-001
August 30, 2001
Novell Confidential
A FTP Server Messages
NWFTPD Messages
Failed to bind to FTP port
Source: NWFTPD.NLM
Explanation: The port that the FTP Server is trying to bind to is busy.
Possible Cause: Another instance of the FTP Server or another application is bound to the port.
Action: Unload the application that is bound to the port, bind the FTP Server to a
different port, or delete the busy port from TCPCON.
Failed to initialize Anonymous user

Source: NWFTPD.NLM
Explanation: The FTP Server failed to create an Anonymous user.
Possible Cause: Incorrect data was entered to create the user.
Action: Enter nwftpd -a [-c Configfile].
Failed to add Anonymous User object to NDS

Source: NWFTPD.NLM
Possible Cause: The user entered has insufficient rights.
Action: Ensure that the user has sufficient rights.
Failed to generate an ObjectKeyPair

Source: NWFTPD.NLM
Possible Cause: The user entered has insufficient rights.
Action: Ensure that the user has sufficient rights.
FTP Server Messages 53

103-000172-001
August 30, 2001
Novell Confidential
Failed to open configuration file

Source: NWFTPD.NLM
Possible Cause: The configuration file is not available at specified location.
Action: Verify if the configuration file is available at the specified location.
Unable to find default configuration file

Source: NWFTPD.NLM
Possible Cause: Configuration file is not available at default location (SYS:/ETC).
Action: Verify if the configuration file is availabl at the default location.
Unable to locate Anonymous user in default context

Source: NWFTPD.NLM
Possible Cause: Anonymous use does not exist at the FTP Server's context
Action: Run nwftpd -a to create anonymous user and reload nwftpd.
USAGE : nwftpd [-c <Config File>] [-a]

Source: NWFTPD.NLM
Source: Possible Cause:
Source: Action
Possible Cause: The user might have tried to load nwftpd.nlm with wrong usage.
Action: Load nwftpd.nlm by typing only nlm name for default configuration file, or
ftpupgrd [-c Config File] for specific configuration file name or
nwftpd [-a] for creating anonymous user.

103-000172-001
August 30, 2001
Novell Confidential
FTPUPGRD Messages
Could not create the .cfg file.
Source: FtpUpgrd.nlm
Possible Cause: Configuration file does not exist for ftp server upgrade, or existing
configuration file has read only access.
Action: Modify the file access if it is read only or specify proper configuration file
name with ftpupgrd [-c Config File] usage.
Could not create the FTP Server Restriction file.

Possible Cause: Restriction file does not exist for ftp server upgrade, or existing Restriction
file has read only access.
Action: Modify the file access if it is read only or specify proper restriction file name.
Failed to upgrade.
Possible Cause: Configuration file does not exist for FTP server upgrade, or existing
configuration file has read only access, or restriction file does not exist for ftp
server upgrade, or existing Restriction file has read only access
Action: Modify the file access if it's read only or specify proper configuration file
name with ftpupgrd [-c Config File] uusage. Modify the file
access if it is read only or specify proper restriction file name
Correct Usage: ftpupgrd [-c <Config File>]

Possible Cause: USER might have tried to load FtpUpgrd.nlm with wrong usage.
Action: Use specified user ftpupgrd [-c <Config File>]
FTP Server Messages 55

103-000172-001
August 30, 2001
Novell Confidential

103-000172-001
August 30, 2001
Novell Confidential
Novell DNS/DHCP Services Administration Guide
September 4, 2001
Novell Confidential
Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
This product may require export authorization from the U.S. Department of Commerce prior to exporting from the
U.S. or Canada.
Copyright © 1993-2001 Novell, Inc. All rights reserved. No part of this publication may be reproduced,
photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
U.S. Patent No. 5,157,663; 5,349,642; 5,455,932; 5,553,139; 5,553,143; 5,572,528; 5,594,863;
5,608,903;5,633,931; 5,652,859; 5,671,414; 5,677,851; 5,692,129; 5,701,459; 5,717,912; 5,758,069; 5,758,344;
5,781,724;5,781,724; 5,781,733; 5,784,560; 5,787,439; 5,818,936; 5,828,882; 5,832,274; 5,832,275; 5,832,483;
5,832,487;5,850,565; 5,859,978; 5,870,561; 5,870,739; 5,873,079; 5,878,415; 5,878,434; 5,884,304; 5,893,116;
5,893,118;5,903,650; 5,903,720; 5,905,860; 5,910,803; 5,913,025; 5,913,209; 5,915,253; 5,925,108; 5,933,503;
5,933,826;5,946,002; 5,946,467; 5,950,198; 5,956,718; 5,956,745; 5,964,872; 5,974,474; 5,983,223; 5,983,234;
5,987,471;5,991,771; 5,991,810; 6,002,398; 6,014,667; 6,015,132; 6,016,499; 6,029,247; 6,047,289; 6,052,724;
6,061,743; 6,065,017; 6,094,672; 6,098,090; 6,105,062; 6,105,132; 6,115,039; 6,119,122; 6,144,959; 6,151,688;
6,157,925; 6,167,393; 6,173,289; 6,192,365; 6,216,123; 6,219,652; 6,229,809. Patents Pending.
Novell, Inc.
Provo, Utah 84606
U.S.A.
www.novell.com
Novell DNS/DHCP Management Utility Administration Guide

September 2001
103-000164-001
Online Documentation: To access the online documentation for this and other Novell products, and to get
updates, see www.novell.com/documentation.

103-000164-001
September 4, 2001
Novell Confidential
Novell Trademarks
NetWare is a registered trademark of Novell, Inc. in the United States and other countries.
NetWare Core Protocol and NCP are trademarks of Novell, Inc.
Novell is a registered trademark of Novell, Inc. in the United States and other countries.
Novell eDirectory is a trademark of Novell, Inc.
Third-Party Trademarks
All third-party trademarks are the property of their respective owners.

103-000164-001
September 4, 2001
Novell Confidential

103-000164-001
September 4, 2001
Novell Confidential

103-000164-001
September 4, 2001
Novell Confidential

103-000164-001
September 4, 2001
Novell Confidential
Contents
About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Trademark Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1 Understanding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Overview of DNS/DHCP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
DNS/DHCP Management Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Understanding the eDirectory Schema Extension . . . . . . . . . . . . . . . . . . . . . . . . . 21
DNS/DHCP Global eDirectory Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
New eDirectory Objects for DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
DNS Zone Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
DNS Resource Record Set Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
DNS Resource Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
DNS Server Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
eDirectory Objects for DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Subnet Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Address Range Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
IP Address Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
DHCP Server Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Subnet Pool Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Understanding DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
DNS Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Domains and Subdomains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Domain Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Domain Delegation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
IN-ADDR.ARPA Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
DNS Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Name Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Resource Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Traditional DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
DNS within eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
DNS Master File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Understanding DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
IP Address Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Dynamic BOOTP Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Dynamic DHCP Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Contents 7

103-000164-001
September 4, 2001
Novell Confidential
Manual Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Lease Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Managing the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
DHCP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Assigning Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
DHCP Options for eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
NetWare/IP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Compatibility with BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Using a BOOTP Relay Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Virtual LAN Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
SNMP Event Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
DHCP Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Console and Debug Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Understanding the DNS/DHCP Management Utility. . . . . . . . . . . . . . . . . . . . . . . . 51
Overview of Interface Interaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
The DNS/DHCP Management Utility Interface . . . . . . . . . . . . . . . . . . . . . . . . 52
Taskbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Roles and Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Object Creation Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
2 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
eDirectory Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Planning a DNS Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Planning Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Novell DNS Server as a Primary Name Server . . . . . . . . . . . . . . . . . . . . . . . . 59
Novell DNS Server as a Secondary Name Server (to a Non-Novell Master) . . . . . . . . . 59
Configuring a DNS Server to Forward Requests . . . . . . . . . . . . . . . . . . . . . . . . . 60
Forwarding Requests for Unknown Addresses . . . . . . . . . . . . . . . . . . . . . . . . 60
Restricting Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Setting Up the IN-ADDR.ARPA Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Registering Your DNS Server with Root Servers . . . . . . . . . . . . . . . . . . . . . . . . . 61
Planning a DHCP Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Migrating from Another DHCP Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Initiating the DHCP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
eDirectory Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Lease Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Considering the Length of Leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Controlling Client Access to Leases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
IP Address Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Identifying Your Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Subnetting Your Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Assigning Addresses Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
8 Novell DNS/DHCP Management Utility Administration Guide

103-000164-001
September 4, 2001
Novell Confidential
Representing Addresses in eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Restricting Address Assignment to Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Hostnames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
3 Setting Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Configuring DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Required eDirectory Rights to Manage DNS/DHCP Configuration . . . . . . . . . . . . . . . . 71
DNS/DHCP Scope Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Importing DNS Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Setting Up DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
DNS Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Loading the DNS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Configuring Clients to Use DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Detailed DNS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Creating a DNS Server Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Modifying a DNS Server Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Starting/Stopping the DNS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Creating a Zone Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Creating a Primary DNS Zone Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Creating a Secondary DNS Zone Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Creating an IN-ADDR.ARPA Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Creating a Primary IN-ADDR.ARPA Zone Object . . . . . . . . . . . . . . . . . . . . . . . 80
Creating a Secondary IN-ADDR.ARPA Zone Object . . . . . . . . . . . . . . . . . . . . . . 81
Modifying a Zone Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Creating Resource Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Modifying Resource Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Configuring DNS Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring an eDirectory Server to Forward Queries to Root Name Servers . . . . . . . . . 85
Configuring a Cache-Only Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring to Support Child Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Configuring DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Importing DHCP Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Setting Up DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
DHCP Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Setting Global DHCP Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Setting Global DHCP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Setting Global DHCP Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Viewing the DHCP Options Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Creating a DHCP Server Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Creating a Subnet Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Creating Subnet Address Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Creating IP Address Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Loading the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Configuring Clients to Use DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Contents 9

103-000164-001
September 4, 2001
Novell Confidential
Detailed DHCP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Modifying a DHCP Server Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Starting/Stopping the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Modifying an Existing Subnet Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Modifying a Subnet Address Range Object . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Modifying an Existing IP Address Object . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Creating a Subnet Pool Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Modifying a Subnet Pool Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Configuring Special Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Configuring a DNS Server to be Authoritative for Multiple Zones . . . . . . . . . . . . . . . 103
Configuring a Multi-Homed Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Configuring Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Configuring Multiple Logical Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Configuring for Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Configuring DNS Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Viewing the DNS Audit Trail Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Viewing the DNS Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Configuring DHCP Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Viewing the DHCP Audit Trail Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Viewing the DHCP Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
NAMED Command Line Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
DHCPSRVR Command Line Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
4 Optimizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Optimizing DNS Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Optimizing DHCP Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
5 Managing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
DNS/DHCP Management Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Installing the DNS/DHCP Management Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Launching the DNS/DHCP Management Utility . . . . . . . . . . . . . . . . . . . . . . . . 118
Using the DNS/DHCP Management Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Managing DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Managing DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Events and Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Auditing Server Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
6 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Troubleshooting Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Common Configuration Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Common Operational Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Troubleshooting Windows 95 TCP/IP Problems . . . . . . . . . . . . . . . . . . . . . . . . 128

103-000164-001
September 4, 2001
Novell Confidential
Using the "-F" Command Line Option for DNIPINST.NLM . . . . . . . . . . . . . . . . . . 134

Server Access to DNS/DHCP Locator Object Not Required . . . . . . . . . . . . . . . . . 134
DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Troubleshooting Checkpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Common Operational Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Releasing and Renewing DHCP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . 139
Contents 11

103-000164-001
September 4, 2001
Novell Confidential

103-000164-001
September 4, 2001
Novell Confidential
About This Guide
This document describes the concepts of the Domain Naming System (DNS)
and the Dynamic Host Configuration Protocol (DHCP), the setup and
configuration of these functions, and how to use Novell DNS/DHCP Services
in NetWare® 6.
The audience for this document is network administrators. This
documentation is not intended for users of the network.
Conventions
In Novell documentation, a greater-than symbol (>) is used to separate actions
Trademark Conventions
In this documentation, a trademark symbol (®, TM, etc.) denotes a Novell
trademark. An asterisk (*) denotes a third-party trademark.
About This Guide 13

103-000164-001
September 4, 2001
Novell Confidential

103-000164-001
September 4, 2001
Novell Confidential
1 Understanding
This chapter describes the eDirectoryTM schema extension, the Domain Name
System (DNS), and the Dynamic Host Control Protocol (DHCP) server, and it
explains their eDirectory-related functions. This chapter also provides
information about the DNS/DHCP Management Utility.
Overview of DNS/DHCP Services

Novell® DNS/DHCP Services in NetWare® 6 integrates the Domain Name
System (DNS) and Dynamic Host Configuration Protocol (DHCP) into the
eDirectory database. Integrating these services into eDirectory provides
centralized administration and enterprise-wide management of network (IP)
addresses, configuration, and hostnames.
The DNS/DHCP Management Utility provides a Web interface to manage the
objects created to support DNS and DHCP. The DNS/DHCP Management
Utility functions as a Web-based utility and runs in a browser window. It does
not require a Novell client or any installed component as a prerequisite. It
shares a common interface with other utilities that are based on the eDirectory
Management (iManage) framework, and is thus tightly integrated with
Netware 6.
NOTE: In this document, the term host refers to a network device that requires an
IP address and might have a hostname.
For more overview information, refer to:

“DNS” on page 16
“DHCP” on page 18
“DNS/DHCP Management Utility” on page 20
Understanding 15

103-000164-001
September 4, 2001
Novell Confidential
DNS
The DNS software in Novell DNS/DHCP Services integrates DNS
information into the eDirectory database. Previously, DNS used Btrieve* as its
database for configuration information. Integrating DNS with eDirectory
moves all the information currently held in Btrieve files into eDirectory.
Integrating DNS with eDirectory greatly simplifies network administration by
enabling you to enter all configuration information into one distributed
database. Furthermore, the DNS configuration information is replicated just
like any other data in eDirectory.
Integrating DNS with eDirectory also enables an update interaction between
DNS and DHCP through the Dynamic DNS (DDNS) feature. When a host is
assigned an IP address by DHCP, the DNS information can be automatically
updated to associate the hostname with the new address when the DDNS
feature is active.
By integrating DNS into eDirectory, Novell has shifted the concept of a
primary or secondary zone away from the server to the zone itself. Once you
have configured the zone, the data is available to any of the Novell DNS
servers you choose to make authoritative for the zone. The Novell DNS server
takes advantage of the peer-to-peer nature of eDirectory by replicating the
DNS data.
Novell DNS/DHCP Services interoperates with other DNS servers. The
Novell DNS server can act as either a master DNS server or a secondary DNS
server in relation to non-Novell DNS servers. The Novell DNS server can act
as the master DNS server and transfer data to non-Novell secondary servers.
Alternatively, one Novell DNS server can act as a secondary DNS server and
transfer data from a non-Novell master server. All Novell DNS servers can
then access the data through eDirectory replication.
Novell DNS/DHCP Services provides the following DNS features:
All DNS configuration is done in eDirectory, facilitating enterprise-wide
management.
A Novell DNS server can be a secondary name server to another zone
(DNS data loaded into eDirectory through a zone transfer), or it can be a
primary name server (on which you configure DNS data using the DNS/
DHCP Management Utility).
DNS data can be read in from a BIND Master file to populate eDirectory
for convenient upgrades from BIND implementations of DNS.

103-000164-001
September 4, 2001
Novell Confidential
DNS data can be exported from eDirectory into BIND Master file format.
Root server information is stored in eDirectory and shared by all
eDirectory-based DNS servers.
Zone transfers are made to and from eDirectory through Novell servers
and include interoperability with non-eDirectory-based DNS.
A Novell DNS server can be authoritative for multiple domains.
Novell DNS servers maintain a cache of data from eDirectory so they can
quickly respond to queries.
A Novell DNS server can act as a caching or forwarding server instead of
an authoritative server for zones.
Novell DNS/DHCP Services supports multihoming.
Novell DNS/DHCP Services software supports round-robin processing
of responses to queries with multiple Address records (A records) for a
domain name.
The DNS software in Novell DNS/DHCP Services conforms to BIND 4.9.5
and supports the standards of the Internet Request For Comments (RFCs) in
the following list:
RFC 819—Domain Naming Convention for Internet User Applications
RFC 920—Domain Requirements
RFC 974—Mail Routing and Domain System
RFC 1032—Domain Administrator's Guide
RFC 1033—Domain Administrator's Operations Guide
RFC 1034—Domain Names - Concepts and Facilities
RFC 1035—Domain Names - Implementation and Specification
RFC 1036—Standard Interchange of USENET Messages
RFC 1101—DNS Encoding of Network Names and other Types
RFC 1122—Requirements for Internet Hosts - Communications Layers
RFC 1123—Requirements for Internet Hosts - Application and Support
RFC 1183—New DNS RR Definitions
RFC 1535—A Security Problem and Proposed Correction with Widely
Deployed DNS Software
Understanding 17

103-000164-001
September 4, 2001
Novell Confidential
RFC 1536—Common DNS Implementation Errors and Suggested Fixes

RFC 1537—Common DNS Data File Configuration Errors
RFC 1591—Domain Name System Structure and Delegation
RFC 1597—Address Allocation for Private Internets
RFC 1627—Network 10 Considered Harmful (Some Practices Shouldn't
Be Codified)
RFC 1713—Tools for DNS Debugging
RFC 1884—IP Version 6 Addressing Architecture
RFC 1886—DNS Extensions to Support IP Version 6
RFC 1912—Common DNS Operations and Configurations Errors
RFC 2010—Operations Criteria for Root Name Servers
RFC 2052—A DNS RR for Specifying the Location of Services (DNS
SRV)
DHCP
A NetWare 6 DHCP server automatically assigns IP addresses and other
configuration information to clients upon request or when the clients are
restarted. Automatic assignment of configuration information reduces the
amount of work required to configure and manage a large IP network.
Furthermore, integrating DHCP with eDirectory enables you to enter all
configuration information into one distributed database. This greatly
simplifies network administration and provides for the replication of DHCP
configuration information.
DHCP provides for both static and dynamic configuration of IP clients. Static
configuration enables you to assign a specific IP address and configuration to
a client with a specific machine or MAC address. When DHCP assigns IP
addresses dynamically, IP clients are assigned an IP address that is chosen
from a range of available addresses. You can use dynamic address assignment
when you are not concerned about which IP address a particular client uses.
Each IP client that requests an address assignment can also use the other
DHCP configuration parameters.
DHCP can limit the amount of time a DHCP client can use an IP address. This
is known as the lease time. You can use the lease time to allow a large number
of clients to use a limited number of IP addresses.

103-000164-001
September 4, 2001
Novell Confidential
DHCP is based on BOOTP and maintains some backward compatibility.

Novell DHCP servers can be configured to respond to requests from BOOTP
clients.
Novell DNS/DHCP Services provides the following DHCP features:
All DHCP configuration is done in eDirectory, facilitating enterprise-
wide management.
DHCP options can be set at three levels:
Enterprise level
Subnet level
Specific client level
The configuration utility has import/export functions that support the
following:
Populating eDirectory from an existing Novell DHCP Server 2.0
DHCPTAB file or from a BOOTPTAB file (for Novell BOOTP)
Saving configuration information out of eDirectory
You can configure the level of SNMP event trap generation using the
DNS/DHCP Management Utility for all events, major events only, or no
events.
Client assignment policy options (to support mobile clients that move
around the network) include:
Allow Duplicate
Delete Duplicate
No Duplicate
You can use the DNS/DHCP Management Utility to maintain a hardware
exclusion list to deny service to unwanted devices by their MAC
addresses.
The DHCP software updates eDirectory to record all address assignments
to LAN clients.
You can use Dynamic DNS (DDNS) to update DNS with information
about addresses assigned and rescinded.
The DHCP software enables the server to cache addresses and other
configuration information from eDirectory for quick response.
Understanding 19

103-000164-001
September 4, 2001
Novell Confidential
The DHCP software has one DHCP server NetWare Loadable ModuleTM
(NLMTM) file that supports both LAN and remote access clients.
You can configure the DHCP server to ping an address to verify that no
other device is using it before assigning the address to a client.
Provides fault tolerance as follows:
A server can survive a temporary local eDirectory service outage and
recover automatically.
DHCP configuration is replicated like other eDirectory data.
DHCP auditing can help diagnose problems. Each incidence of address
deletion, addition, and rejection is recorded.
Novell DNS/DHCP Services supports the features that were previously
provided by Novell DHCP Server 2.0 and supports the standards of the RFCs
in the following list:
RFC 2131—Dynamic Host Configuration Protocol
RFC 2132—DHCP Options and BOOTP Vendor Extensions
RFC 2241—DHCP Options and Novell Directory Services
RFC 2242—NetWare/IP Domain Name and Information
Novell DNS/DHCP Services also supports the BOOTP standards of the RFCs
in the following list:
RFC 1497—BOOTP Vendor Information Extensions
RFC 1534—Interoperation Between DHCP and BOOTP
RFC 1542—Clarifications and Extensions for the Bootstrap Protocol
Refer to “DHCP Options” on page 43 for a list of all supported DHCP options.
DNS/DHCP Management Utility

The DNS/DHCP Management Utility is a Web-based utility used to configure
and manage eDirectory-based DNS and DHCP. eDirectory is used as a
database to store the administered IP address and name service objects.
The DNS/DHCP Management Utility can run on any browser workstation and
does not require a Novell client or any installed component as a prerequisite.

103-000164-001
September 4, 2001
Novell Confidential
It operates within the common eDirectory Management Framework

(iManage) and is thus tightly integrated with Netware 6.
For more detailed information about the DNS/DHCP Management Utility,
refer to “Understanding the DNS/DHCP Management Utility” on page 51.
Understanding the eDirectory Schema Extension

The eDirectory schema extension defines additional objects needed for DNS
and DHCP.
For more information, refer to:
“DNS/DHCP Global eDirectory Objects” on page 21
“New eDirectory Objects for DNS” on page 22
“eDirectory Objects for DHCP” on page 24
DNS/DHCP Global eDirectory Objects

When you select Novell DNS/DHCP Services during NetWare 6 installation,
the eDirectory schema is extended to enable the creation of DNS and DHCP
objects, and the following objects are created:
DNS/DHCP Locator object
DNS/DHCP Group object
RootSrvrInfo Zone
Only one copy of these objects exists in an eDirectory tree. The DNS servers,
DHCP servers, and DNS/DHCP Management Utility must have access to
these objects.
The DNS/DHCP Group object is a standard eDirectory group object. The
DNS and DHCP servers gain the rights to DNS and DHCP data within the tree
through the Group object. When the DNS/DHCP Management Utility is used
to create DNS and DHCP servers, the servers have the rights required to
access data.
The DNS/DHCP Locator object contains global defaults, DHCP options, and
lists of all DNS and DHCP servers, subnets, and zones in the tree. The DNS/
DHCP Management Utility can display these objects without having to search
the tree by using the Locator object. The Locator object is basically hidden by
the DNS/DHCP Management Utility.
Understanding 21

103-000164-001
September 4, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The RootSrvrInfo Zone is a Zone object, an eDirectory container object that

contains resource record sets for the DNS root servers. The resource record
sets contain Address records and Name Server records that provide pointers
for DNS queries to the root servers. The RootSrvrInfo Zone object is the
equivalent of the BIND db.root file.
New eDirectory Objects for DNS

The following new eDirectory objects support DNS:
DNS Zone object
DNS Resource Record Set object
DNS Name Server object
Figure 1 shows an example of a tree of DNS objects.
Figure 1 eDirectory Objects for DNS
Novell
San Jose (SJF)
DNS Zone
Object DNS Server
novell_com.sjf.novell
RRSet
Admin novell_com NS NS2 MX MXN
Objects

103-000164-001
September 4, 2001
Novell Confidential
DNS Zone Object

The DNS Zone object is a container object that contains all the data for a single
DNS zone. A Zone object is the first level of the DNS zone description. A
Zone object can be contained under an Organization (O), Organizational Unit
(OU), a Country (C), or a Locality (L).
Multiple DNS domains can be represented within eDirectory by using
separate, independent DNS Zone objects. A network administrator can
support multiple DNS domains on a single NetWare server by creating
multiple DNS Zone objects and assigning the server to serve those zones.
The DNS Zone object contains data that correlates to a DNS Start of Authority
(SOA) resource record (RR), a member list of all eDirectory-based DNS
servers that serve the zone, and Dynamic DNS (DDNS) server information.
The DNS name space hierarchy is not represented within the eDirectory
hierarchy. A zone and its child zone might appear as peers within the
eDirectory hierarchy, even though they have a parent-child relationship within
the DNS hierarchy.
DNS Resource Record Set Object

The DNS Resource Record Set (RRSet) object is an eDirectory leaf object
contained within a DNS Zone object. An RRSet object represents an
individual domain name within a DNS zone. Its required attributes are a DNS
domain name, a DNS address class, and a Time-to-Live (TTL) record.
Each domain name within a DNS zone object has an RRSet object. Each
RRSet object has one or more resource records beneath it containing
additional information about the domain, including a description of the object
and version information.
DNS Resource Records

A DNS resource record (RR) is an attribute of an RRSet that contains the
resource records type and data of a single RR. RRs are configured beneath
their respective RRSet objects. Resource records describe their associated
RRset object.
The most common resource records are Address (A) records, which map a
domain name to an IP address, and Pointer (PTR) records, which map an IP
address to a domain name within an IN-ADDR.ARPA zone.
Understanding 23

103-000164-001
September 4, 2001
Novell Confidential
DNS Server Object

The DNS Server object (or Service object) is different from the NetWare Core
ProtocolTM (NCPTM ) Server object. A DNS Server object can be contained in
an Organization (O), Organizational Unit (OU), Country (C), or Locality (L).
The DNS Server object contains DNS server configuration parameters,
including the following:
Zone List
DNS Server IP Address
Domain Name of the DNS Server
DNS Server Options
Forwarding List
No Forwarding List
eDirectory Objects for DHCP

The following new eDirectory objects support DHCP:
Subnet object
Address Range object
IP Address object
DHCP Server object
Subnet Pool object
Figure 2 on page 25 shows a basic configuration of the DHCP objects. This
structure might be used for a small to medium size network.

103-000164-001
September 4, 2001
Novell Confidential
Figure 2 eDirectory Objects for DHCP
(O)=NOVELL
(OU)=SAN JOSE
DHCP Server
Subnet (1.2.3.0) Subnet (1.2.4.0) Subnet Pool:

SUBNET_A SUBNET_B Subnet A
Subnet B
IP Address IP Address
Subnet Attr: Bldg8_1ST_FLOOR
(1.2.3.2) (1.2.3.1)
Subnet Attr: Bldg8_2ND_FLOOR
Subnet Address
Range
(1.2.3.10-254) IP Address IP Address
1ST_FLOOR_CLIENTS (1.2.4.2) (1.2.4.1)
Subnet Address
Range
(1.2.4.100-254)
2ND_FLOOR_CLIENTS
(O) = Organization (OU) = Organizational Unit
Subnet Object
The Subnet object represents a subnet and is the most fundamental DHCP
object. The Subnet object can be contained in an Organization (O), an
Organizational Unit (OU), a Country (C), or a Locality (L). The Subnet object
acts as a container object for the IP Address and Address Range objects. A
Subnet object's specific DHCP options and configuration parameters apply to
the entire subnet and override global options.
Address Range Object

The Address Range object is primarily used to denote a range of addresses to
create a pool of addresses for dynamic address assignment or to identify a
range of addresses to be excluded from address assignment. Optionally, the
Address Range object stores the start of a hostname that can be assigned to
clients when addresses are assigned.
Understanding 25

103-000164-001
September 4, 2001
Novell Confidential
You can use multiple Address Range objects under a Subnet object. You can
also specify different range types, such as a range for dynamic address
assignment, a range for BOOTP clients, or a range to be excluded from the
subnet.
IP Address Object
The IP Address object represents a single IP address. The IP Address object
must include an address number and an assignment type. The address can be
assigned manually, automatically, or dynamically, or it can be excluded from
DHCP address assignment.
You must use the DNS/DHCP Management Utility to configure IP Address
objects that are manually assigned or excluded from assignment. For
dynamically or automatically assigned client addresses, DHCP creates an IP
Address object under the subnet where the address is assigned.
An IP address can be assigned to a client based on the client's MAC address.
These IP Address objects can also receive specific DHCP options.
When configuring an individual IP Address object, you can provide specific
options that override global options or those set at the subnet level. When you
create or modify an IP Address object manually, you can also create the
necessary DNS resource records.
DHCP Server Object

The DHCP Server object represents the DHCP server and contains a
multivalued attribute listing of the subnet ranges the DHCP server is
servicing. The DHCP server also contains all server-specific configuration
and policy information. A DHCP Server object can be contained in an O, OU,
C, or L.
Subnet Pool Object

The Subnet Pool object provides support for multiple subnets through a DHCP
or BOOTP forwarder by identifying a pool of subnets for remote LAN address
assignments. A Subnet Pool object can be contained in an O, OU, C, or L.
DHCP servers are not required to be on the local subnet to which they assign
addresses. If desired, they can be deployed centrally and service remote
subnets. Initial DHCP/BOOTP Discover requests, however, are not sent to a

103-000164-001
September 4, 2001
Novell Confidential
DHCP server unless a DHCP/BOOTP forwarder that is on the same computer

as the client has been configured to forward the addresses.
The Subnet Pool object contains a list of subnet object references and
comments.
Understanding DNS
The Domain Name System (DNS) is a distributed database system that
provides hostname-to-IP resource mapping (usually the IP address) and other
information for computers on an internetwork. Any computer on the Internet
can use a DNS server to locate any other computer on the Internet.
DNS is made up of two distinct components, the hierarchy and the name
service. The DNS hierarchy specifies the structure, naming conventions, and
delegation of authority in the DNS service. The DNS name service provides
the actual name-to-address mapping mechanism.
“DNS Hierarchy” on page 27
“DNS Name Service” on page 31
“Traditional DNS” on page 34
“DNS within eDirectory” on page 36
DNS Hierarchy
DNS uses a hierarchy to manage its distributed database system. The DNS
hierarchy, also called the domain name space, is an inverted tree structure,
much like eDirectory.
The DNS tree has a single domain at the top of the structure called the root
domain. A period or dot (.) is the designation for the root domain. Below the
root domain are the top-level domains that divide the DNS hierarchy into
segments.
Listed below are the top-level DNS domains and the types of organizations
that use them. Below the top-level domains, the domain name space is further
divided into subdomains representing individual organizations.
Understanding 27

103-000164-001
September 4, 2001
Novell Confidential
Table 1 Top-Level DNS Domains
Domain Used by
.com Commercial organizations, as in novell.com
.edu Educational organizations, as in ucla.edu
.gov Governmental agencies, as in whitehouse.gov
.mil Military organizations, as in army.mil
.org Nonprofit organizations, as in redcross.org
.net Networking entities, as in nsf.net
.int International organizations, as in nato.int
Additional top-level domains organize domain name space geographically.

For example, the top-level domain for France is fr. Figure 3, “DNS
Hierarchy,” on page 28 illustrates the DNS hierarchy.
Figure 3 DNS Hierarchy
root
“•”
com edu gov mil org net int
novell ucla whitehouse army redcross nsf fr

103-000164-001
September 4, 2001
Novell Confidential
Domains and Subdomains

A domain is a label of the DNS tree. Each node on the DNS tree represents a
domain. Domains under the top-level domains represent individual
organizations or entities. These domains can be further divided into
subdomains to ease administration of an organization's host computers.
For example, Company A creates a domain called companya.com under the
.com top-level domain . Company A has separate LANs for its locations in
Chicago, Washington, and Providence. Therefore, the network administrator
for Company A decides to create a separate subdomain for each division, as
shown in Figure 4, “Domains and Subdomains,” on page 29.
Any domain in a subtree is considered part of all domains above it. Therefore,
chicago.companya.com is part of the companya.com domain, and both are
part of the .com domain.
Figure 4 Domains and Subdomains
root
“•”
com
Company A
(companya.com)
chicago providence
(chicago.companya.com) (providence.companya.com)
washington
(washington.companya.com)
host1
(host1.washington.companya.com)
Understanding 29

103-000164-001
September 4, 2001
Novell Confidential
Domain Names
The domain name represents an entity's position within the structure of the
DNS hierarchy. A domain name is simply a list of all domains in the path from
the local domain to the root. Each label in the domain name is delimited by a
period. For example, the domain name for the Providence domain within
Company A is providence.companya.com, as shown in Figure 4, “Domains
and Subdomains,” on page 29 and the list below.
Note that the domain names in the figure end in a period, representing the root
domain. Domain names that end in a period for root are called fully qualified
domain names (FQDNs).
Each computer that uses DNS is given a DNS hostname that represents the
computer's position within the DNS hierarchy. Therefore, the hostname for
host1 in Figure 4 on page 29 is host1.washington.companya.com.
Domain Delegation
Domain delegation gives an organization authority for a domain. Having
authority for a domain means that the organization's network administrator is
responsible for maintaining the DNS database of hostname and address
information for that domain.
A group of domains and subdomains for which an organization has authority
is called a zone. All host information for a zone is maintained in a single,
authoritative database.
For example, the companya.com. domain is delegated to Company A, creating
the companya.com. zone. There are three subdomains within the
companya.com. domain:
chicago.companya.com.
washington.companya.com.
providence.companya.com.
The Company A administrator maintains all host information for the zone in
a single database and also has authority to create and delegate subdomains.
For example, Company A's Chicago location has its own network
administrator. The companya.com administrator delegates the
chicago.companya.com zone to the Chicago location and no longer has
authority over it. Company A now has two zones: companya.com and
chicago.companya.com.

103-000164-001
September 4, 2001
Novell Confidential
companya.com, which has authority over companya.com,

washington.companya.com, and providence.companya.com zones
chicago.companya.com, which has authority over the
chicago.companya.com zone
IN-ADDR.ARPA Domain
The IN-ADDR.ARPA domain (or zone) provides mapping of IP addresses to
names within a zone, enabling a client (or resolver) to request a hostname by
providing an IP address. Some security-based applications require this
function, also known as reverse-lookup.
The file that stores the IN-ADDR.ARPA data is made up of Pointer records
and additional name server records, including Start of Authority (SOA)
records, similar to other DNS zone files. Within the IN-ADDR.ARPA zone
file, IP addresses are listed in reverse order, and ’in-addr.arpa’ is appended to
the address. A query for a host with an IP address of 1.2.3.4 would require a
PTR query with the target address of 4.3.2.1.in-addr.arpa.
DNS Name Service

DNS uses the name service component to provide the actual name-to-IP
address mapping that enables computers to locate each other on an
internetwork. The name service uses a client-server mechanism in which
clients query name servers for host address information.
Name Servers
DNS name servers maintain a database of information about hosts in a specific
zone. Each DNS zone must include a name server containing authoritative
information about all hosts within the zones it supports. A DNS name server
can be either a primary name server or a secondary name server.
In addition to local host information, name servers maintain information about
how to contact other name servers. Name servers in an internetwork are able
to contact each other and retrieve host information. If a name server does not
have information about a particular domain, the name server relays the request
to other name servers up or down the domain hierarchy until it receives an
authoritative answer for the client's query.
Understanding 31

103-000164-001
September 4, 2001
Novell Confidential
Primary Name Servers
One DNS name server in each administrative zone maintains an authoritative

database of hostname and address information for an entire domain. This
name server is the primary name server, and the domain administrator updates
it with hostnames and addresses as changes occur.
All name servers maintain information about how to contact name servers that
are at higher or lower levels within the DNS hierarchy. The process of
maintaining information about name servers in higher-level domains is called
linking to the existing DNS hierarchy. The administrator also enters
information into the database about name servers in lower-level domains
when creating a subdomain.
Secondary Name Servers
Secondary name servers have read-only copies of the primary name server's
DNS database. Secondary name servers provide redundancy and load
balancing for a domain.
Periodically, and when a secondary name server starts up, the secondary name
server contacts the primary name server and requests a complete copy of the
primary name server's DNS database. This process is called a zone transfer.
If necessary, a primary name server can also function as a secondary name
server for another zone.
Resource Records
Resource records (RRs) contain the host information maintained by the name
servers and make up the DNS database. Different types of records contain
different types of host information. For example, an Address record provides
the name-to-address mapping for a given host, while a Start of Authority
(SOA) record specifies the start of authority for a given zone.
A DNS zone must contain several types of resource records for DNS to
function properly. Other RRs can be present, but the following records are
required for standard DNS:
Name server (NS)—Binds a domain name with a hostname for a specific
name server
The DNS zone must contain NS records for each primary and secondary
name server in the zone. The DNS zone must contain NS records to link
the zone to higher- and lower-level zones within the DNS hierarchy.

103-000164-001
September 4, 2001
Novell Confidential
Start of Authority (SOA)—Indicates the start of authority for the zone.

The name server must contain one SOA record specifying its zone of
authority.
Canonical name (CNAME)—Specifies the canonical or primary name for
the owner. The owner name is an alias.
Address (A)—Provides the IP address for the zone.
For example, the name server for a zone must contain the following:
An SOA record identifying its zone of authority
An NS record for the primary name server within the zone
An NS record for each secondary name server within the zone
An A record that maps each name server specified in the NS records to an
IP address
Table 2 lists the types of resource records and their field differences.
Table 2 Resource Record Types and Field Differences
RR Type Field Differences
A IP Address, eDirectory context, comments, and version
AAAA IPV6 address
AFSDB Subtype and hostname fields
CNAME Domain name of aliased host
HINFO CPU and OS fields of up to 256 characters each
ISDN ISDN address and subaddress fields
MB Mailbox address domain name
MG Mail group member domain name
MINFO Responsible mailbox and error message mailbox
MR Mail rename mailbox
MX Reference and exchange fields
NS DNS server domain name
Understanding 33

103-000164-001
September 4, 2001
Novell Confidential
RR Type Field Differences
PTR Domain name
PX Preference, Map 822 (domain name), and Map x400 fields

(domain name in X.400 syntax)
RP Responsible person's mailbox and TXT RR domain name
RT Preference and Intermediate fields
SRV Service, proto, priority, weight, port, and target fields
TXT Text field for up to 256 characters in multiple strings
WKS Protocol and bit map fields
X25 PSDN address
Traditional DNS
In the past, DNS has been administered by building a database of information
that includes all of a zone's resource records into a textual file. Novell's earlier
support of DNS used Btrieve as its database. Other vendors also use large files
to store the information required for a DNS zone. The administration of these
files is difficult and cumbersome.
Figure 5 on page 35 represents a traditional DNS strategy. A zone, such as
novell.com, uses a master DNS server to handle queries about the entities
within it. A DNS server might support more than one zone, and it would
probably have at least one secondary server for backup (redundancy) or load-
sharing purposes. The master DNS server provides DNS name service for two
zones: novell.com and other.com. The secondary DNS server provides backup
support for the novell.com zone, and the other secondary DNS server provides
backup support for the other.com zone.
Additionally, each name server maintains separate copies of the zone data for
primary and secondary support. When changes occur, all of these files require
updating with zone transfers, which greatly increases network bandwidth use.

103-000164-001
September 4, 2001
Novell Confidential
Figure 5 Traditional DNS Structure
Master
DNS Server
Secondary Secondary
DNS Server 1 DNS Server 2
(novell.com) (other.com)
Replica: novell.com Replica: other.com
Replica:
Resource novell.com
Records Replica: other.com
Resource Records
SOA SOA
A Zone:
Resource novell.com
Records Zone: other.com
Resource
A Records
NS SOA SOA NS
MX A Resource Records Resource
A Records
MX
CNAME
NS SOA NS CNAME
SOA
A MX A MX A
A
A CNAME A
NS NS CNAME
A A A A
MX MX
A A A A
. CNAME CNAME .
. A A A A .
. .
A A A A
. .
. A A .
. .
A A
. .
. .
. .
The file storing the RRs for a zone might have hundreds or thousands of
entries for different types of resources, such as users' addresses, hosts, name
servers, mail servers, and pointers to other resources.
When a client initiates a request to resolve a domain name to an IP address
(perhaps by using an Internet browser or by sending e-mail), the client sends
a query to the name server specified in the client's configuration. The name
server that receives the query searches its authoritative zone information for
the desired record. If the record cannot be found, the name server will forward
the query up the hierarchy to the name server above it for resolution.
When updates are made to the master name server, the entire contents of the
database file must be copied to any secondary name servers.
Understanding 35

103-000164-001
September 4, 2001
Novell Confidential
DNS within eDirectory

Novell has integrated DNS into eDirectory by extending the eDirectory
schema and creating new eDirectory objects to represent zones, RRSets, and
DNS name servers. Integrating these new objects into eDirectory simplifies
the administration of DNS, enabling centralized administration and
configuration.
A Zone object is an eDirectory container object that holds RRSet objects,
which are leaf objects. A DNS Server object is a leaf object. For detailed
information about these objects, refer to “New eDirectory Objects for DNS”
on page 22.
By integrating DNS into eDirectory, Novell has shifted away from the
traditional concept of primary or secondary DNS name servers to the concept
of a primary or secondary zone.
In traditional DNS, all configuration changes are made on a single primary
name server. When changes have been made, the secondary name servers
request transfers of the changes from the primary name server. This process is
called a zone transfer. The master-slave approach has several disadvantages,
the most significant being that all changes must be made at the primary server.
Using the primary and secondary zone concept, Novell's approach allows
changes from anywhere in the network through eDirectory, which is not
dependent on one server. Zone data is stored within eDirectory and is
replicated just like any other data in the eDirectory tree.
Novell's DNS supports the traditional primary-secondary DNS name server
approach to moving DNS data in and out of eDirectory. Although all Novell
servers can recognize DNS data after the data is placed in the directory
through eDirectory replication, only one server is required for a zone transfer.
The server assigned to perform this function in a secondary zone is called the
Zone In DNS transfer.
In a secondary zone, the Zone In server is responsible for requesting a zone
transfer of data from the external primary name server. The Zone In server
determines which data has changed for a zone and then makes updates to
eDirectory so that other servers are aware of the changes.
The Designated DNS (DDNS) server is a server identified by the network
administrator to perform certain tasks for a primary zone. The DDNS server
for a primary zone is the only server in that zone that receives DNS updates
from a NetWare 6 DHCP server to perform Dynamic DNS (DDNS) updates.

103-000164-001
September 4, 2001
Novell Confidential
These updates cause additions and deletions of resource records and updates
to the zone's serial number.
Figure 6 illustrates a Novell server as the primary DNS name server and
primary and secondary zones within eDirectory. In this example, there are two
primary zones. Any of the Novell DNS servers assigned to a zone are able to
respond to queries for the zone. For each zone, one server is designated by the
administrator to act as the DDNS server. In this example, Server1 is the
Designated DNS server for Zone 1 and Server3 is the Zone In server for the
secondary zone called Foreign Zone. Server 2 provides DNS services for Zone
1 and Zone 2, but does not perform DDNS updates or zone transfers. Server 3
occasionally requests zone transfers from the foreign server and places the
modified zone data into eDirectory, where any of the Novell servers can
respond to queries for it.
Figure 6 Novell Server As a Primary DNS Server
DNS Server
NDS
(non-Novell)
Zone 2
Foreign
Zone 1 Zone
Novell Novell
DNS Server 1 DNS Server 3
Novell
DNS Server 2
Understanding 37

103-000164-001
September 4, 2001
Novell Confidential
Figure 7 shows a representation of eDirectory objects within a DNS zone.
Figure 7 DNS Zone
(Locality)=Chicago
DNS Zone DNS Server
chicago.company.com
RRSet RRSet RRSet RRSet

(host) (host2) (printer) (mail server)
DNS Master File

A DNS master file contains resource records that describe a zone. When you
use the DNS/DHCP Management Utility to build a zone, the DNS objects and
their attributes translate into resource records for that zone.
You can use the DNS/DHCP Management Utility to import a DNS master file
if it conforms to IETF RFCs 1035, 1036, and 1183 and is in BIND master file
format. A sample DNS master file is shown in the following example.
$ORIGIN sjf.novell.com. @ soa
sjfns.sjf.novell.com. Smith.novell.com (
1996091454 3600 300 604800 86400 ) ns
sjfns.sjf.novell.com. ns ns.novell.com. mx
5 sjf-mx.idz.sjf.novell.com. $ORIGIN
sjf.novell.com.sjfns a 123.45.67.89bsmith a
123.45.68.103; End of file

103-000164-001
September 4, 2001
Novell Confidential
Understanding DHCP
The Dynamic Host Configuration Protocol (DHCP) uses a client-server
structure to provide configuration parameters to hosts. DHCP consists of a
protocol for providing host-specific configuration parameters from a DHCP
server (or collection of DHCP servers) to a host and a mechanism to allocate
network addresses to a host.
NOTE: In this document, the term host refers to a network device that requires an
IP address and might have a hostname.
When the DHCP server is loaded, it reads its configuration information from
eDirectory and stores the information in its cache. As the DHCP server assigns
addresses to clients, it updates eDirectory, adding IP address objects or
modifying their eDirectory status information. The DHCP server can be
configured to maintain an audit log of this activity. For information about
maintaining an audit log of DHCP server activity, refer to “Configuring DHCP
Auditing” on page 108.
The network administrator can use the DNS/DHCP Management Utility to
view objects to see how addresses have been assigned.
“IP Address Allocation” on page 40
“Managing the Database” on page 42
“DHCP Options” on page 43
“Dynamic DNS” on page 46
“Compatibility with BOOTP” on page 47
“Using a BOOTP Relay Agent” on page 47
“SNMP Event Generation” on page 49
“DHCP Auditing” on page 50
Understanding 39

103-000164-001
September 4, 2001
Novell Confidential
IP Address Allocation
Allocation of IP addresses, either temporary or permanent, is one of the two
primary services provided by DHCP. The client requests an IP address, and the
DHCP server (or collection of DHCP servers) provides an address and
guarantees not to give that address to another client within a specified time.
Additionally, the server tries to return the same address to the client each time
the client requests an address. The period of time over which an IP address is
allocated to a client is called a lease.
DHCP supports three methods of IP address allocation:
Dynamic BOOTP allocation
Dynamic DHCP allocation
Manual (or static) allocation
A network can use one or more of these methods. The network administrator
decides which methods to use.
Dynamic BOOTP Allocation

Dynamic BOOTP enables a DHCP server to assign permanent addresses to
BOOTP clients from a pool of addresses. No manual configuration of the
client is required prior to address allocation.
Dynamic DHCP Allocation

Dynamic DHCP allocation is the only method enabling automatic reuse of
addresses no longer required by a client. Dynamic DHCP allocation is useful
for assigning an address to a client that will be connected temporarily to the
network or for sharing a limited number of IP addresses among a group of
clients that do not require permanently assigned IP addresses.
Dynamic DHCP allocation is also useful for assigning an IP address to a new
client installed on a network on which IP addresses are scarce and must be
reclaimed when older hosts are removed. An additional benefit to dynamic
DHCP allocation is that when a client's lease is renewed, the DHCP server
refreshes the client's configuration.

103-000164-001
September 4, 2001
Novell Confidential
Manual Allocation
Use Manual or static allocation to assign addresses to DHCP or BOOTP
clients using the DNS/DHCP Management Utility. A specific IP address is
assigned to the client based on an identifier such as the client's hardware or
MAC address.
Manual allocation of DHCP eliminates the error-prone method of manually
configuring hosts with IP addresses in networks for which IP address
management without DHCP is desired. Manual allocation can be permanent
or set to expire at a future time. When you manually allocate addresses, you
can also create corresponding DNS Resource Records, thereby eliminating
another error-prone activity.
Lease Options
A client acquires a lease for a fixed period of time. The length of the lease
could be a number of hours or days, or it could be for an indefinite period.
After a lease for an IP address has been granted, a client can issue a request to
extend its lease. The client can also issue a message to the server to release the
address back to the server when the address is no longer required.
If a network has a scarcity of IP addresses and must reassign them, the DHCP
server will reassign an address when the lease has expired. The server uses
configuration information to choose addresses to reuse. For example, the
server might choose the least recently assigned address for reassignment.
After receiving an address assignment, the host determines whether the
address is in use by another host before accepting the address.
IMPORTANT: Address duplication sometimes occurs with Windows 95 clients. If
a Windows 95 client receives a response indicating that the assigned address is in
use by another device, a message indicates the IP address conflict. However, the
client does not send a DHCPDECLINE message as required by RFC 1534, section
4.4.1.
To minimize the chance of address duplication, the DHCP server can be

configured to ping an address to test its validity before assigning it to a host.
If the server receives a response from another device (indicating ownership of
the address), the current address assignment is withdrawn so that another
address can be assigned to the host.
Understanding 41

103-000164-001
September 4, 2001
Novell Confidential
Managing the Database

The Lease Time attribute of the Subnet object enables a dynamic DHCP client
to specify a lease time for the entire subnet. Lease expiration time can be
modified for each manual IP address allocation.
An IP address can be returned to a DHCP server for one of the following
reasons:
The address is explicitly released by a DHCP client.
The address is implicitly released because the lease has expired.
An assigned lease is canceled by the DNS/DHCP Management Utility.
If a DHCP client requests an IP address on the same subnet again before the
previously assigned address expires, the same address is provided. If the IP
address assignment is for a different subnet but the client already has a valid
IP address entry in the DHCP server database, three possible actions can
occur, depending on the IP Address Assignment Policy attribute of the DHCP
server. The three possible actions are listed in Table 3.
Table 3 IP Address Assignment Policy
IP Assignment Policy DHCP Server Action
Delete Duplicate If the client moves to another subnet supported by the same DHCP server,
delete any previous IP address assigned to the client, release the original
address back to the pool, and assign a new address.
Allow Duplicate If the client moves to another subnet, assign the new address and leave the
old address unchanged in the database.
No Duplicate If the client moves to another subnet and the old address is still valid, do not
assign a new address.
The address deletion might delete a permanent IP object that is dynamically

or manually assigned. Therefore, a client with a Delete Duplicate policy can
have a walking manual IP object, but it cannot walk out of the service scope
of a single DHCP server. For a DHCP server to assign an address to a walking
manual IP object, the address assignment must be from a DHCP server's
reserved Subnet Address Range with Range Type set to Dynamic DHCP,
Dynamic BOOTP and DHCP, or Dynamic DHCP with Automatic Hostname
Generation.

103-000164-001
September 4, 2001
Novell Confidential
The DHCPSRVR.NLM software supports local address assignments that

obtain IP addresses from multiple local subnets. For example, a DHCP server
might have multiple IP addresses bound to one of its network interface cards.
Each address is a server address on a separate subnet. No special configuration
of the eDirectory database is required.
The DHCPSRVR.NLM software also supports remote address assignments
that obtain IP addresses from multiple remote subnets. This feature requires
all such subnets to be identified with a Subnet Pool object.
DHCP Options
Novell DNS/DHCP Services supports vendor options, DHCP options, and
BOOTP parameters as defined in Internet RFC 2132 with a few exceptions.
Novell DNS/DHCP Services supports new options defined for NetWare over
TCP/IP and existing NetWare/IP options.
NOTE: The following options are not supported in this release of Novell DNS/
DHCP Services: 56, 57, 60, 66, and 67. Although options 66 and 67 are not
supported, the equivalent BOOTP parameter function is provided.
Assigning Options
DHCP and BOOTP options can be assigned at three levels:
Globally
At the subnet level
IP address level
The DHCP server's options inheritance rules specify that options assigned at
the lowest level override options set at a higher level. For example, options
have been assigned at all three levels for the client on the subnet, as shown in
Table 4.
Table 4 Example of DHCP Options Assignment
Level Option Value
Global 1, Subnet Mask 255.255.0.0
3, Router 132.57.3.8
4, Time Server 129.23.120.5
Understanding 43

103-000164-001
September 4, 2001
Novell Confidential
Level Option Value
Subnet 1, Subnet Mask 255.254.0.0
5, Name Server 10.73.57.251
7, Log Server 10.73.58.2
13, Boot File Size 1024
IP Address 7, Log Server Null
Table 5 lists the effective options for the client with the IP address referred to
in the preceding table.
Table 5 Client's Effective Options
Option Value
1, Subnet Mask 255.254.0.0
3, Router 132.57.3.8
4, Time Server 129.23.120.5
5, Name Server 10.73.57.251
7, Log Server Null
DHCP Options for eDirectory

Novell has defined three DHCP options for eDirectory. These options
eliminate the need to provide this information each time users log in.
Option 85 provides the IP address of one or more eDirectory servers for the
client to contact for access to the eDirectory database. Option 86 provides the
name of the eDirectory tree the client will be contacting. Option 87 provides
the eDirectory context the client should use.
Refer to Internet RFC 2241, DHCP Options for Novell Directory Services,for
more detailed information about using these options in NetWare 6.

103-000164-001
September 4, 2001
Novell Confidential
NetWare/IP Options
Novell uses option codes 62 and 63 in the DHCP packet for Netware/IP.
Option 62 contains the Netware/IP domain name.
Option 63, the IPX Compatibility option, contains general configuration
information such as the primary DSS, preferred DSS, and the nearest servers.
Option 63 provides additional information in the form of sub-options, listed in
Table 6.
Table 6 IPX Compatibility Suboptions
Suboption Meaning
Codes
5 If the value of this field is 1, the client should perform a NetWare

Nearest Server Query to find out its nearest NetWare/IP server.
6 Provides a list of up to five addresses of NetWare Domain SAP/

RIP servers.
7 Provides a list of up to five addresses of the nearest NetWare/IP

servers.
8 Indicates the number of times a NetWare/IP client should

attempt to communicate with a given DSS server at startup.
9 Indicates the amount of delay in seconds between each

NetWare/IP client attempt to communicate with a given DSS
server at start-up.
10 If the value is 1, the NetWare/IP client should support NetWare/

IP Version 1.1 compatibility.
11 Identifies the Primary Domain SAP/RIP Service server (DSS) for

this NetWare/IP domain.
12 Identifies network number of the virtual IPX network created by

the IPX Compatibility feature.
13 The IPX Stale Time suboption specifies the minimum interval in

minutes that must expire before hosts try to refresh their
Migration Agent addressing information.
14 Specifies the addresses of one or more Migration Agent servers

for the IP nodes to use for communicating with IPX Nodes.
Refer to Internet RFC 2242, NetWare/IP Domain Name and Information, for
more detailed information about using these Netware/IP options.
Understanding 45

103-000164-001
September 4, 2001
Novell Confidential
Dynamic DNS
The Dynamic DNS (DDNS) feature of Novell DNS/DHCP Services provides
a way to update DNS with accurate Address (A) records and Pointer (PTR)
records for address assignments made by a DHCP server. Address (A) records
map a domain name to an IP address. A Pointer (PTR) record specifies a
domain name that points to some location in the domain name space.These
resource records are required so that both name-to-address and address-to-
name DNS resolutions can be made. DDNS eliminates the need for further
error-prone configuration of DNS for each host address change.
Enable DDNS by configuring a subnet address range with the Always Update
parameter set to on. You must also specify a zone reference in the Subnet
object so that the DHCP server can determine which zone to update.
When DDNS is active, the DHCP server updates the DDNS server for the
zone, adding or deleting the corresponding Address and Pointer records. The
DHCP server also notifies the DDNS server when leases expire, causing the
A and PTR records to be deleted. If a lease is renewed, no action occurs
because none is necessary.
Only subnet address ranges whose assignment type is either Dynamic DHCP
or Dynamic BOOTP and DHCP can use the Dynamic DNS update feature. For
a DDNS update to occur, the Always Update parameter of the range must be
enabled and a DNS zone must be specified to link the Zone object to the
subnet. When these conditions are met, the DHCP server initiates a dynamic
DNS update when assigning an address to a client.
When the DHCP server grants a lease to a client that is subject to DDNS
updates, the server updates its database and eDirectory to store the transaction.
The DHCP server also contacts the DNS server and submits a request for a
DNS update.
For DDNS updates, the DNS server requires the fully qualified domain name
(FQDN) and the IP address of the client. The DHCP server knows the IP
address, but it must assemble the FQDN from the hostname and the subnet's
domain name.
The DNS server usually maintains two resource records for each client. One
maps FQDNs to IP addresses using A records. The other maps the IP address
to the FQDN using PTR records. When DDNS is enabled and a client receives
an address from the DHCP server, the DNS server updates both of these
records.

103-000164-001
September 4, 2001
Novell Confidential
When a client loses or ends its lease and is subject to DDNS updates, the DNS
server receives the DDNS update request and deletes the PTR and A records
associated with the client.
Compatibility with BOOTP

DHCP is based on the Bootstrap Protocol (BOOTP) and maintains some
backward compatibility. BOOTP was designed for manual configuration of
the host information in a server database. Novell has extended support for
BOOTP to provide Dynamic BOOTP support. A pool of addresses can be set
up for BOOTP address assignment so that each BOOTP address does not have
to be configured separately.
From the clients' point of view, DHCP is an extension of BOOTP, enabling
existing BOOTP clients to interoperate with DHCP servers without requiring
any change to the clients' initialization software. Some new, additional options
optimize DHCP client-server interaction.
There are two primary differences between DHCP and BOOTP. DHCP
defines methods through which clients receive IP addresses for a specified
period of time, enabling serial reassignment of addresses to different clients.
There is no concept of a lease time in BOOTP; address assignments (even in
Dynamic BOOTP) are permanent. Additionally, DHCP provides a method for
a client to acquire all the IP configuration parameters it requires to operate.
If multiple servers service a single subnet, only one server, the principal server
can be designated as an automatic BOOTP server.
Another difference between the two protocols is a change in terminology to
clarify the meaning of the Vendor Extension field in BOOTP messages. With
DHCP, this field is called the Option field.
Using a BOOTP Relay Agent

A BOOTP relay agent (also known as a forwarder) is an Internet host that
passes DHCP messages between DHCP clients and DHCP servers in a subnet
environment. The forwarder usually resides on an IP router; however, any
Novell server on a subnet can run the BOOTPFWD.NLM. The DHCP service
in Novell DNS/DHCP Services provides relay agent functions as specified in
the BOOTP protocol specification (Internet RFC 951).
Understanding 47

103-000164-001
September 4, 2001
Novell Confidential
When a client starts up, it sends a UDP broadcast message, called a Discover
packet, to address 0xFFFFFFFF over port 67 requesting an address.
The forwarder has an IP address on the network and acts like a DHCP server,
listening for Discover packets from clients on its LAN that are meant for a
DHCP server. The forwarder must be configured with the destination address
of the actual DHCP server on a different LAN segment that will provide
DHCP service.
The DHCP server must be configured to serve the subnet on which the
forwarder is located. The DHCP server must have a subnet address range to
provide service.
After receiving a Discover packet from a client, the forwarder reformats the
packet and sends it to the DHCP server. The DHCP server responds to the
forwarder with an Offer packet containing an address for the client.
When the forwarder receives the Offer packet from the DHCP server, the
forwarder contacts the client and provides the IP address and lease
information.
NOTE: The BOOTP protocol, unlike DHCP, does not provide a mechanism for a
client to accept only a single offer of an IP address; therefore, the DNS/DHCP
Management Utility allows only the server that is specified as the default server in
a Subnet object to be assigned to any address ranges that include BOOTP
addresses. If you want to assign other servers to the address ranges, you should
change the address range type so that it doesn't include BOOTP. If the range type
includes BOOTP, you will not be allowed to change the DHCP server assigned to
the range.
Virtual LAN Environments

In environments using a virtaul LAN (VLAN), multiple subnets might be
defined on one physical subnet. For example, one physical subnet might
contain several Class C addresses to form a larger address range than allowed
for a Class C address. To accommodate a VLAN environment, a Subnet Pool
object must be configured on the DHCP server to bind the multiple subnets
together.
If a forwarder forwards client requests from a physical subnet with multiple
subnet bindings and these subnets are bound to a single subnet pool, the
collection of addresses available in configured subnet address ranges are
available to all clients (DHCP or BOOTP) on that physical subnet. This is the
primary use of the subnet pool.

103-000164-001
September 4, 2001
Novell Confidential
Clients that are on the same subnet as the DHCP server do not have to be
configured for the subnet pool if the server is bound to all local subnet
addresses, or if the server has an address on each local subnet.
SNMP Event Generation

You can use the DNS/DHCP Management Utility to set up SNMP event
generation in the case of critical, major, warning, or minor events. The default
setting is Major, which causes the server to log all major and critical events.
Critical events are those that cannot or should not be ignored by the network
administrator. Major events denote a significant change in the state of the
server processing. Warning and Minor events are logged for maintenance and
diagnosis only. Warning and Minor events should not be turned on unless a
problem has developed.
All Critical and some Major events are logged on the local server console.
The following warning events can be logged or trapped for SNMP event
generation:
An eDirectory update to the subnet failed, causing degraded operation
(incomplete transactions are logged to a local file named
DHCPLOG.LOG).
SNMP recovered from an internal fault and the error code was logged.
A subnet was not configured and addresses are not available, causing
degraded operation.
The following minor events are logged and/or trapped for SNMP event
generation:
A Decline was generated against an IP address.
All logged file transactions have been reprocessed (operational).
Major events are logged or trapped for SNMP event generation. For example,
when the DHCPSRVR NLM is loaded and the server is operational and ready
for LAN-based clients.
The following events are logged or trapped for SNMP event generation:
The logger cannot open the recovery log file or is having difficulty
opening it. (The server is inoperative.)
The main thread cannot process lease expiration. (The server is
inoperative.)
Understanding 49

103-000164-001
September 4, 2001
Novell Confidential
DHCP Auditing
Auditing can be used to perform an analysis of historical data and to help
diagnose operational difficulties. Auditing uses a Btrieve database to store and
manage data enabling meaningful trend analysis.
When auditing is enabled, every incidence of address deletion, addition, and
rejection is recorded in the audit log. The beginning and end of each session
is marked to help make sense of the audit log. The beginning session contains
records defining the session in terms of addresses already assigned.
Additionally, other major events or alert situations that cause SNMP traps are
also audited. Other incoming DHCP requests are also logged, including
honored renewal requests and those rejected or dropped.
Console and Debug Logs

The following types of console log entries are generated by both DNS and
DHCP:
Load success or failure
Unload results normal or abnormal
Major SNMP events
For each NetWareAlert message generated, an entry is provided in the /
SYSTEM/SYS$LOG file.
The DHCP server provides a foreground screen log of every packet received
and each reply generated to maintain continuity with the DHCP 2.0 server.
The screen provides a useful real-time indication of DHCP 3.0 server
operations.
The DHCP server has a debug log feature (primarily used by Novell technical
support and engineering groups) that records the exchange of DHCP messages
to a screen log or the DHCPSRVR.LOG file (in ASCII text) in the server's
\ETC\DHCP directory. When loading the DHCPSRVR, the administrator can
use one of three flags to activate the debug log feature.Table 7, “Debug Log -
Use of Flags,” on page 51 explains the use of the flags.

103-000164-001
September 4, 2001
Novell Confidential
Table 7 Debug Log - Use of Flags
Flag Use
-d1 Turns on a background screen log of DHCP packets
-d2 Turns on a background screen log of Debug statements and DHCP

packets
-d3 Turns on a background screen log of Debug statements and DHCP

packets and writes the log to the server's
\ETC\DHCP\DHCPSRVR.LOG file
Understanding the DNS/DHCP Management Utility

This section provides information about the DNS/DHCP Management Utility,
the Web-based utility used to configure and manage eDirectory-based DNS
and DHCP.
The DNS/DHCP Management Utility can run on any browser workstation and
does not require the Novell client or any installed component as a prerequisite.
It operates within the common eDirectory Management framework and is
thus tightly integrated with Netware 6.
Separate Web-based utilities provide configuration and management for the
two major functions of the DNS/DHCP Management Utility: IP address
management and name service management. Each utility is self-contained and
can provide the functions necessary to conduct address or name management.
eDirectory is used as a database to store the administered IP address and name
service objects.
The Locator object is created at the time of Netware 6 installation, if you
choose the DNS/DHCP option. The Locator object serves as the catalog for
most of the DNS and DHCP objects; therefore, the DNS/DHCP Management
Utility is not required to search or scan the entire eDirectory tree to collect all
the DNS and DHCP objects for initial tree display.
The creator of the Locator object should grant Read and Write rights to this
object to the network administrators. They will use the DNS/DHCP
Management Utility to create, update, or delete any DNS or DHCP objects.
This allows the contents of the Locator object to be updated when necessary.
For more information, refer to “Overview of Interface Interaction” on page 52.
Understanding 51

103-000164-001
September 4, 2001
Novell Confidential
Overview of Interface Interaction

The DNS/DHCP Management Utility manages one eDirectory tree at a time.
When the DNS/DHCP Management Utility is started in the browser, the first
interface screen you see is the login screen. You are prompted to enter your
username, password, eDirectory context and the eDirectory tree whose objects
you wish to manage.
Administration authentication in the DNS/DHCP Management Utility is
based on the common authentication mechanism provided by the underlying
eDirectory Management Framework (iManage) architecture.
To manage objects in a different eDirectory tree, you must log in to the utility
again, specifying the eDirectory tree you want to access. Your login identity
is displayed on the top of the screen.
The DNS/DHCP Management Utility Interface

The DNS/DHCP Management Utility is a Web-based utility and runs within a
Web browser window.
In the DNS/DHCP Management Utility, DNS and DHCP administration are
role-based services managed through a set of predefined roles and tasks.

103-000164-001
September 4, 2001
Novell Confidential
Figure 8 The DNS/DHCPManagement Utility Interface
The main screen has three parts: a taskbar on the top of the screen that displays
icons for top-level management functions and is part of the common iManage-
based utilities in Netware 6, a left panel that displays roles, tasks and other
administrative functions, and a main panel that allows you to manage role-
based and administrative tasks. For more information on the taskbar, refer to
“Taskbar” on page 53. For more information on roles and tasks, refer to “Roles
and Tasks” on page 54.
Taskbar
The DNS/DHCP Management Utility shares a common taskbar with other
Netware 6 products that are based on the eDirectory Management
Framework. Figure 9 on page 54 shows the iManage taskbar.The taskbar
displays the following icons:
Home: Takes you to the home page of the utility
Exit: Allows you to logout of the utility
Understanding 53

103-000164-001
September 4, 2001
Novell Confidential
Roles and Tasks: Displays the roles and tasks on the left panel
Administration: Enables you to carry out role intallation and role
management
Help: Launches global help for the utility
Figure 9 The iManage Taskbar
Each button on the taskbar has roll-over help associated with it; if you position
the cursor over the icon, the icon's name appears on the task bar, to the right
of the Help icon.
Roles and Tasks

The DNS and DHCP services have been logically organized into roles and
tasks in a way that is intuitive to network administrators. Each role consists of
a set of tasks arranged in a hierarchical and top-down manner that is easy to
administer.
To view the roles, click the Roles and Tasks icon on the taskbar.
At the top level, there are two roles that you can install and manage: DNS
Management and DHCP Management. The tasks under each of these roles are
logically arranged in a top-down manner. A role, depending on its current
state, is preceded by a plus or a minus sign. An administrator can expand a role
such as DNS Management to see the tasks it contains or collapse it for a more
concise view. This can be done by clicking the plus/minus sign next to the role.
The organization of roles and tasks follows the containership rules of object
creation and manipulation in DNS and DHCP. For example, if you expand the
DNS Management role on the left pane, the logical tasks this role contains

103-000164-001
September 4, 2001
Novell Confidential
appear under it. At the top is the task DNS Server Management . This is
followed by DNS/DHCP Scope Settings that allows you to specify the
location of the Locator object, and the administrative scope for the session. At
the following level is Zone Management, which provides the next level of
DNS entity management that is, managing zones handled by DNS Servers.
Finally Resource Record Management allows you to manage resource records
contained within a zone.
Each task is associated with a set of operations that appear in a drop-down
menu on the main panel when you click on the task..
For example, to create a new DNS zone, click DNS Management > Zone
Management. This launches the Zone Management window on the main panel
of the screen. Select Create Zone from the drop-down menu and click OK.
This opens the Create New Zone window where you can proceed with the task
of creating a new zone.
Object Creation Rules

There are certain rules that govern the creation and manipulation of objects in
the DNS/DHCP object hierarchy.
Subnet and Subnet Pool objects can be created under O, OU, L, or C objects.
Subnet Address Range and IP Address objects must be created beneath the
Subnet container object. However, because of the IP address of an IP Address
object, the subnet address range and IP Address objects can be contained
within a subnet address range's address block. The DNS Zone object, DNS
Server object, and DHCP Server object can be created in the context of an O,
OU, L, or C.
All DNS and DHCP objects are created as NDS objects and are subject to
NetWare Administrator convention.
Some objects, such as DHCP server, DNS server, DNS zone, Subnet, and
Subnet Pool, can be created in any context.
After a new DNS or DHCP object has been created, the DNS/DHCP
Management Utility grants the objects Read and Write rights to the Locator
object.
For fast and efficient searching, the distinguished names of newly created
zones, DNS servers, subnets, and DHCP servers are added to the
corresponding attribute of the Locator object. Renaming or deleting these
objects is automatically performed by NDS because of the built-in feature for
NDS distinguished names.
Understanding 55

103-000164-001
September 4, 2001
Novell Confidential

103-000164-001
September 4, 2001
Novell Confidential
2 Planning
This chapter provides a summary of issues for you to consider as you plan and
design your implementation of and maximize the DNS and DHCP capabilities
of the Novell® DNS/DHCP Services software.
eDirectory Considerations
When installed and configured, the DNS and DHCP servers extend the
eDirectoryTM schema to create new objects with which to administer and
control their services. The DNS/DHCP Group and Locator objects are central
to Novell's implementation of DNS and DHCP.
For information on installing the DNS/DHCP Management Utility, refer to
“Installing the DNS/DHCP Management Utility” on page 118.
We recommend that you place the DNS/DHCP Group, DNS/DHCP Locator,
and the RootServerInfo Zone objects in a separate partition that is accessible
from and replicated to all points of the network where Netware® 6 DNS/
DHCP servers are located. Although changes to the DNS/DHCP Group and
Locator objects occur infrequently (only when you add or delete new servers,
zones, or subnets), all Netware 6 DNS/DHCP servers and the DNS/DHCP
Management Utility require access to these objects.
Consider the following eDirectory issues to maintain optimal performance
when providing DNS and DHCP services on your NetWare network:
Where to locate the DNS/DHCP Group and Locator objects
Where to locate DNS and DHCP servers
What replication strategy to employ
How to provide fault tolerance
Planning 57

103-000164-001
September 4, 2001
Novell Confidential
Plan to create an Organizational Unit (OU) container object near the top of
your eDirectory tree. The location of this container object should be easily and
widely accessible. Locate the DNS/DHCP Group and Locator objects and the
RootServerInfo Zone object under the container object.
Plan to create an Administrator Group object under this container also. An
administrator group should have Read and Write rights to all DNS/DHCP
Locator object attributes except the global data and options fields. Members
of this group can use the DNS/DHCP Management Utility to create and
modify DNS and DHCP objects.
IMPORTANT: A network administrator can access only his or her administrative
domain which might not include the DNS/DHCP Locator object. By creating an
administrative group, you enable administrators who are group members to use the
DNS/DHCP Management Utility.
Plan to locate your DNS and DHCP servers at locations where they are
geographically close to the hosts that require their services. Plan to have one
DHCP server in each partition of your network to minimize any WAN
communications problems caused by normal load, configuration changes, or
replication.
Replicate the partition containing the DNS/DHCP Group and Locator objects
to all parts of the network that use DNS/DHCP services to ensure access in the
event of system unavailability or hardware problems.
When planning your DNS replication strategy, consider that replication is
employed for load balancing when you provide multiple name servers within
the DNS zone.
Well-planned replication is the best way to provide fault tolerance for DNS/
DHCP services.
Planning a DNS Strategy

Plan to install and operate a primary name server and at least one secondary
name server. Secondary name servers provide load balancing and robustness
to your DNS implementation.
When you configure your zone, the primary name server is considered
authoritative for the zone, meaning that it contains the most up-to-date
information about the zone and all the hosts within it.
A secondary name server receives its zone data from the primary name server.
When it starts up and at periodic intervals, the secondary name server queries

103-000164-001
September 4, 2001
Novell Confidential
the primary name server to determine whether the information it contains has
been changed. If the zone information in the secondary name server is older
than the zone information in the primary name server, a zone transfer occurs
and the secondary name server receives the zone information from the primary
name server.
Planning Zones
If you are running a primary name server and providing DNS service for a
zone, the size or geography of your network might require creating subzones
within the zone.
Keep the zone data as a separate partition, and replicate the partition to all
places on your network where you have a name server for the zone. Doing so
enables independent replication of the zone data and also provides a degree of
fault tolerance in the case of server down time.
Novell DNS Server as a Primary Name Server

You must install the Novell DNS server as a primary name server to have
authoritative control over your zone and to take advantage of Dynamic DNS
(DDNS), the dynamic updating of DNS by DHCP.
When operating the Novell DNS server as a primary name server, you use the
DNS/DHCP Management Utility to make configuration changes. When you
operate a primary name server, the zone data can receive dynamic updates
from DHCP servers. Non-Novell secondary name servers can transfer data in
from the Novell primary name server.
Novell DNS Server as a Secondary Name Server (to a Non-Novell

Master)
If you plan to operate secondary DNS servers using Novell DNS/DHCP
Services software to a non-Novell master name server, one Novell secondary
name server must be specified as the Dynamic DNS (DDNS) or zone in
server. The DDNS server receives zone transfer information from the non-
Novell master server and provides updates to eDirectory. Other Novell
secondary name servers can then access the information within eDirectory.
Reasons for operating a Novell secondary name server to a non-Novell master
name server include:
Planning 59

103-000164-001
September 4, 2001
Novell Confidential
You are using a master DNS server and do not want to designate it as a
primary name server because of the responsibility it entails.
This approach is easy to implement in your existing DNS model.
You want to install more secondary name servers to provide better load
balancing.
You want to gradually make the transition to operating a primary name
server.
Configuring a DNS Server to Forward Requests

If a name server cannot answer a query, it must query a remote server. You can
configure primary or secondary name servers to act as forwarders. When you
designate a server to be a forwarder, all off-site queries are first sent to the
forwarder.
Forwarders that handle the off-site queries develop a robust cache of
information. The forwarder probably can answer any given query with
information from its cache, eliminating the need to make an outside query to
a remote server.
When you decide to make a server a forwarder, configure the other servers in
your zone to direct their queries through the forwarder. When a forwarder
receives a query, it checks its cache for the information. If the information is
unavailable, the forwarder issues a query to the root server.
“Forwarding Requests for Unknown Addresses” on page 60
“Restricting Forwarding” on page 61
Forwarding Requests for Unknown Addresses

When you configure your name servers, you provide information about where
to forward requests that the servers cannot answer. If you are configuring to
use forwarders, you provide the names and IP addresses of servers above your
location in your domain. Configure your other name servers to issue queries
to the forwarders for queries they cannot answer.
Even if you are using forwarders, a name server that does not receive a timely
response from its forwarder eventually attempts to query a root server directly.

103-000164-001
September 4, 2001
Novell Confidential
Restricting Forwarding
If you have a primary name server with subdomains below it and the primary
name server is not aware of the subdomains, the name server sends queries to
external name servers.
You can configure your primary name server to not forward queries for
specified internal subdomains to external name servers. Instead, the primary
name server sends a negative response to any queries for the internal
subdomains.
Setting Up the IN-ADDR.ARPA Zone

Just as the data in your name server provides mapping of names to Internet
addresses, the IN-ADDR.ARPA zone provides mapping of addresses to
names. However, in the structure of the IN-ADDR.ARPA zone, the IP address
appears in reverse. For example, an IP address of 100.20.30.4 in the san-jose.
novell.com domain would be 4.30.20.100.in-addr.arpa in the IN-
ADDR.ARPA subdomain.
Registering Your DNS Server with Root Servers

If you plan to operate a primary DNS name server, you must register your
name server with your parent domain. Not all your name servers need to be
registered, but we recommend registering one-third to one-half of your name
servers (up to a maximum of 10) with the parent domain. These servers are
queried by servers outside your domain. The remaining name servers are
queried only by hosts within your domain that are configured to query them.
If you provide DNS service for other domains and provide an authoritative
name server for those domains, you must also register those domains.
To register a domain (and subdomain), you must contact the network
administrators of the parent domain (com, for example) and the in-addr.arpa
domain. Provide the administrators with the name of the domain name server
and the name of the domain and any subdomains for which it is authoritative.
If you are setting up a new domain, you also need to provide the IP address of
any server you want to register.
InterNIC is the organization that registers domain names for the ROOT, com,
org, net, edu, and gov domains. To obtain the form for domain registration
Planning 61

103-000164-001
September 4, 2001
Novell Confidential
from InterNIC, contact them at http://rs.internic.net. You can also obtain the
form for in-addr.arpa domain registration from the same location.
Detailed information about the registration process is available from the
InterNIC web site. You can also use the InterNIC web site to research domain
names to ensure that the name you want is not already registered and to obtain
additional information and help.
Planning a DHCP Strategy

This section provides information to help you plan your DHCP strategy. When
planning your implementation of DHCP, consider the following issues:
Your existing network topology, that is, how you set up your routers and
subnets, provides a basic configuration for the distribution of DHCP
resources such as Subnet objects, Subnet Address Range objects, and IP
Address objects.
Your existing eDirectory implementation should be incorporated into
your planning. Place the Locator object near the top of your eDirectory
tree where it can be easily accessed by all servers.
The length of time you set for your leases affects traffic on the network.
Network Topology
Your existing network topology provides a basic configuration for the
distribution of DHCP resources. There are two paths, however, depending on
whether you are migrating from an existing DHCP solution or you are
installing and configuring DHCP for the first time.
“Migrating from Another DHCP Solution” on page 62
“Initiating the DHCP Service” on page 63
Migrating from Another DHCP Solution

You can import your existing Novell DHCP 2.0 database or BOOTP-based
configuration files using the DNS/DHCP Management Utility. The import
function enables you to specify the context into which you import the data.

103-000164-001
September 4, 2001
Novell Confidential
Initiating the DHCP Service

If you are planning to use DHCP for the first time, you must gather a
significant amount of information. You need to make a list of all hosts to be
served by the DHCP server. You must include all devices that use network
addresses in every segment of your network. You must also compile lists of IP
address assignments.
Organize your lists of hosts and IP addresses by geographic location. For
example, if your network is spread over a WAN, make a list for each location
to help you organize the distribution of DHCP resources.
You must have a list of all permanently assigned network addresses. You
might also want to make a list of devices that are to be denied IP addresses and
those hosts that are to receive strict limitations on leases.
After you gather the necessary information, you need to create the necessary
objects to represent this information. This is done by creating subnet address
ranges for contiguous network addresses and other, more specific information.
You will probably have a separate subnet address range for each LAN segment
of your network. You will also create objects of subnets and DHCP servers.
eDirectory Implementation
Plan to create an Organizational Unit (OU), Country (C), or Locality (L)
container object near the top of your eDirectory tree. Plan to locate the DNS/
DHCP Group and Locator objects under the container object.
The DNS/DHCP Locator object must be easily accessible to all DHCP servers
on the network. Plan to have multiple routes for DHCP servers to access the
DNS/DHCP Group object.
Create Subnet objects to represent each LAN segment. Then create one or
more Subnet Address Range objects to represent all your contiguous strings
of IP addresses.
Place the NetWare Core ProtocolTM (NCPTM) servers that will provide DCHP
service near the data to be updated and close to a writable partition. For fast
access and availability, a DHCP server should be on the same LAN as or
geographically close to the writable partitions the DHCP server uses.
When a DHCP server makes or modifies address assignments, the database is
updated. The partition where this database is stored should have at least two
writable replicas. Only one replica might be unsafe because of fault tolerance
Planning 63

103-000164-001
September 4, 2001
Novell Confidential
considerations, but three might be too costly in terms of eDirectory

performance.
Lease Considerations
Many factors must be considered when you decide how long to set your client
leases. Issues you must consider include the following:
Your site's and clients' usage patterns
Your network's goals
Availability of servers
Availability of network (IP) addresses
Another important consideration is that clients attempt to renew their leases
half-way through the lease duration. The longer the lease, the longer it takes
for client configuration changes to be registered with the DHCP server. It also
takes longer for the server to realize that a previously assigned address is no
longer in use.
Another issue to consider concerns outages and access to the DHCP server. If
a client loses access to its DHCP server before renewing its lease, it must stop
using the network after the lease expires. If a client is turned on and connected
to the network at the time of the outage, however, the lease does not expire.
The longest lease provided by a DHCP server determines the length of time
you might have to wait before configuration changes can be propagated within
a network. This length of time could mean manually restarting every client or
waiting the amount of time required for all leases to be renewed before the
changes take effect. If your site policy is to turn workstation power off at the
end of the day, clients could acquire configuration changes at least once per
day.
NOTE: All lease considerations refer to DHCP clients or devices only. For clients
or devices that use BOOTP, you must bring down the device and restart it to
acquire any new configuration changes.

“Considering the Length of Leases” on page 65
“Controlling Client Access to Leases” on page 67

103-000164-001
September 4, 2001
Novell Confidential
Considering the Length of Leases

When considering the length of leases, ask these questions:
Will the default of three days work well in your environment?
The default of three days provides a good balance between a long-lease
and a short-lease duration.
Do you have more users than IP addresses?
If you have more users than IP addresses, keep leases short to allow
access to more users. A short lease could be 15 to 30 minutes, two to four
hours, or even a matter of days.
If your site's usage pattern shows that all clients request an address every
day and you have half as many addresses as users, lease times in hours or
minutes would provide access to more users.
Do you provide support for remote access?
If your site has mobile users or provides remote access to clients, plan to
provide service for these clients on a specific subnet. Providing support,
including special options the clients might require, makes network
administration of the clients easier.
Do you support a minimum lease time?
If your site's usage pattern indicates that your users typically use an
address for only one or two hours, that should be your minimum lease
time.
How many clients do you plan to support?
Shorter leases support more clients, but shorter leases also increase the
load on the DHCP server and network bandwidth. A lease of two hours is
long enough to serve most users, and the network load should be
negligible. A lease of one hour or less might increase network load to a
point that requires attention.
How fast are your communications connections between your clients and
the DHCP server?
By locating a DHCP server in close proximity to its users, the network
load should be neglible over LAN connections. If a DHCP server must
communicate over WAN links to provide service to clients, slowdowns
and time-outs might occur.
How long does your typical server outage last?
Planning 65

103-000164-001
September 4, 2001
Novell Confidential
If your typical server outage lasts two hours, a lease of four hours would
avoid loss of lease to clients that were active at the time of the server
outage.
We recommend setting your lease times to twice the length of a typical
server outage.
The same recommendation applies to communications line outages. If a
communications line is down long enough that leases expire, you might
see a significant network load when the service is restored.
How long can your clients operate without access to the DHCP server?
If you have users who require a lease for important job functions, consider
lease times for them that are twice the length of a maximum server
outage. For example, if your DHCP server were to go down on Friday
evening and require the entire workday Monday to be restored, that would
be an outage of three days. In this case, a six-day lease covers that
situation.
Do you have users who advertise their IP addresses for services they
render?
If you have users setting up Web pages or archiving data for others to
access, they want addresses that do not change. You might want to assign
permanent addresses for these users instead of assigning long lease times
(three weeks or two months, for example).
The relevant length of time is the maximum amount of time you want to
allow a client to keep an address, even if the host computer is turned off.
For example, if an employee takes a four-week vacation and you want the
employee to keep his or her address, a lease of eight weeks or longer is
required.
Table 8 lists examples of lease times and reasons why these times were
chosen.
Table 8 Lease Time Examples
Lease Time Rationale
15 minutes Keeps the maximum number of

addresses free when there are more
users than available addresses, but
results in significant traffic and
frequent updates to eDirectory

103-000164-001
September 4, 2001
Novell Confidential
Lease Time Rationale
6 hours Covers a DHCP server outage of 6

hours
12 hours Ensures that retraction of address

assignment takes less than one day
3 days Used by many sites simply because

of software defaults
6 days Affords a weekend server outage

without losing leases
4 months Enables students to keep their

address over a summer vacation, for
example
Controlling Client Access to Leases

There usually is a trade-off when an attempt is made to control specific client
access to leases. Typically, you would manually configure each client and
dedicate an IP address permanently to each client. Novell's DHCP server,
however, provides control based on the client's hardware address.
IP Address Availability
This section describes how to identify your IP addresses, how to subnet your
addresses, what to do with addresses assigned by other sources, and how to
restrict address assignments to clients.
Identifying Your Addresses

If you have been using a previous version of Novell DHCP, another vendor's
product, or another method of tracking your IP address information,
information about your addresses should be close at hand. We recommend
verifying the accuracy of your IP address records by performing a site audit to
prevent communication problems.
If you are unsure of the range of your IP addresses, we recommend contacting
your Internet Service Provider (ISP) or checking other records you have on
file.
Planning 67

103-000164-001
September 4, 2001
Novell Confidential
Subnetting Your Addresses

One of the more difficult configuration tasks concerns configuring your
routers if you have multiple subnets. Each might require one or more subnets,
depending on your router configuration. Create a Subnet object for each LAN
segment that requires dynamic IP address assignment.
Assigning Addresses Manually

Your site might have devices, such as servers and printers, that have addresses
assigned by means other than DHCP. Assign addresses to these devices
manually.
You also must provide these devices with any specific configuration
information they might require. If you want to provide configuration using
DHCP, the device must be capable of acting as a DHCP client. You can assign
a static address to a device and still provide configuration information using
DHCP.
To ensure that the assigned addresses are not used by DHCP, use the DNS/
DHCP Management Utility to exclude the addresses from assignment. You
can use the utility to exclude single addresses or entire ranges from address
assignment.
Representing Addresses in eDirectory

IP addresses are represented by IP Address objects under Subnet container
objects. Novell DNS/DHCP Services stores address information and attributes
of these objects, such as hostnames, hardware addresses, the time when an
address lease will expire, and fully qualified domain names (FQDNs), in
eDirectory. You can view this information using the DNS/DHCP Management
Utility.
Restricting Address Assignment to Clients

By using static address assignment, you can ensure that a device, capable of
acting as a BOOTP or DHCP client, receives the same address from the DHCP
server each time it is started. You can also explicitly exclude an address
assignment to a device based on the device's hardware address. This is done
by setting DHCP Global Preferences. To invoke the DHCP Global
Preferences window, click DHCP Global Configuration > DHCP Global
Preferences.

103-000164-001
September 4, 2001
Novell Confidential
Hostnames
Every host on your network that uses the Internet or that can be reached from
the Internet should have a name. Each resource record has a hostname field.
Some simple rules are required for hostnames for conformance to accepted
Internet standards. Hostnames are called labels and can have alphabetic and
numeric characters. A hyphen is allowed if it separates two character strings.
Labels might not be all numbers, but they can have a leading digit. Labels
must begin and end only with a letter or digit.
Planning 69

103-000164-001
September 4, 2001
Novell Confidential

103-000164-001
September 4, 2001
Novell Confidential
3 Setting Up
This document provides information about configuring DNS and DHCP, and
importing and exporting database information.
Configuring DNS
The DNS/DHCP Management Utility provides a common Web-based
interface for configuring both DNS and DHCP.
For information on installing the DNS/DHCP Management Utility, refer to
“Installing the DNS/DHCP Management Utility” on page 118.
For DNS configuration instructions, refer to:
“Importing DNS Configuration Information” on page 74
“Setting Up DNS” on page 74
“Detailed DNS Configuration” on page 76
“Configuring DNS Features” on page 85
Required eDirectory Rights to Manage DNS/DHCP

Configuration
To manage Novell® DNS/DHCP Services, administrators require sufficient
eDirectoryTM rights, depending on the type of operation to be performed.
Administrators who will add new objects and modify existing objects require
Add rights to the appropriate eDirectory container object. The following table
summarizes rights requirements for creating new configuration objects and
modifying existing objects.
Setting Up 71

103-000164-001
September 4, 2001
Novell Confidential
DNS/DHCP Objects Object Rights All Property Rights
Locator object Browse Supervisor
Group object Browse Supervisor
Existing objects Supervisor Supervisor
Administrators who manage a given set of DHCP subnets or DNS zones

require rights to create or delete IP addresses, ranges of addresses, or resource
record sets. The following table lists the rights requirements of administrators
who perform these tasks.
Locator object Browse Read
Group object Browse Read
Existing objects Browse, Create, Delete Supervisor
Administrators or users who need to view DNS/DHCP configuration require

rights as summarized in the following table.
Locator object Browse Read
Group object Browse Read
Existing objects Browse Read

103-000164-001
September 4, 2001
Novell Confidential
DNS/DHCP Scope Settings

For better performance results with the DNS/DHCP Management Utility
particularly in a distributed DNS/DHCP set-up, you should configure the
DNS/DHCP Scope Settings for the session before you proceed with other
administrative tasks.
If you do not configure the DNS/DHCP Scope Settings for the session, you
will receive a warning before every task you attempt to perform that the Scope
Settings are not set. You can however, still proceed with the task.
Setting the scope of the DNS/DHCP services involves two specifications for
the session: the eDirectory context of the Locator object, and the
administrative scope of the session. Specifying the eDirectory context of the
Locator object at the start of the session significantly improves performance
because it eliminates the need to search for the Locator object. Specifying the
administrative scope of the session also improves performance significantly
because it restricts the retrieval of DNS/DHCP objects for viewing to the
scope you specify.
The DNS/DHCP Scope Settings you configure for a session last as long as the
session lasts. If you start a fresh session, you have to configure the DNS/
DHCP Scope Settings afresh.
IMPORTANT: If you configure DNS/DHCP Scope Settings for a session for either
DNS Management or DHCP Management, the settings apply across the session
to both roles.
To configure DNS/DHCP Scope Settings, complete the following steps:

1 Click DNS Management or DHCP Management > DNS/DHCP Scope
Settings to open the DNS/DHCP Scope Settings window.
2 Enter the eDirectory context of the DNS/DHCP Locator object.
3 Enter the eDirectory context of the container object that will provide the
administrative scope of the current session.
NOTE: If you enter only the eDirectory context of the DNS/DHCP Locator object
and not the administrative scope of the current session, you can proceed with
administrative tasks without inviting a warning message. Performance however, is
further optimized if you also define the administrative scope.
4 Click OK.
Setting Up 73

103-000164-001
September 4, 2001
Novell Confidential
Importing DNS Configuration Information

You can use the Novell DNS/DHCP Management Utility to import existing
DNS configuration information. The DNS information should be in DNS
BIND Master file format.
To import existing DNS configuration information using the Management
Utility, complete the following steps:
1 Open the DNS/DHCP Management Utility in a browser window.
2 Click DNS Management > Import DNS File.
This opens the Zone Management window in the main panel.
3 Select Import Zone from the drop-down menu > Click OK.
This opens the Import DNS Zone window.
4 Enter the eDirectory context of the server or browse to select it.
5 From the Select DNS Server name, select a target DNS Server that will
subsequently manage the zone data.
6 Choose either Primary or Secondary to specify the Zone type. If you
choose Secondary as Zone type, you must type the IP address of the zone
server so that zone transfers can take place.
7 Enter the DNS BIND formatted filename in the DNS Bind File field. You
can also browse to select the file to import from the Choose File dialog
box.
8 Click OK to import the file.
9 Click Import.
Setting Up DNS
This section provides the following procedures required to accomplish a basic
DNS setup:
“DNS Prerequisites” on page 75
“Loading the DNS Server” on page 75
“Configuring Clients to Use DNS” on page 75
“Creating a DNS Server Object” on page 76
“Creating a Primary DNS Zone Object” on page 79

103-000164-001
September 4, 2001
Novell Confidential
DNS Prerequisites
The following steps must be completed before setting up DNS:
1. Install Novell Netware® 6 on the selected server or servers.
2. Install iManage on the Netware machine.
3. Install Internet Explorer 5.0.
Loading the DNS Server

After you have created and set up a DNS Server object and a DNS Zone
object, enter the following command at the DNS server console:
LOAD NAMED
After NAMED.NLM is loaded, the DNS server can respond to queries for the
zone. For more detailed information about NAMED.NLM command line
options, refer to “NAMED Command Line Options” on page 111.
After NAMED.NLM is loaded, you can use the DNS/DHCP Management
Utility to start and stop the DNS Server. For more information on starting and
stopping the DNS server, refer to “Starting/Stopping the DNS Server” on page
78.
Configuring Clients to Use DNS

NOTE: This section does not describe how to enable all the available features. For
detailed configuration information, refer to “Detailed DNS Configuration” on page
76.
To configure Windows NT or Windows 95 client workstations to use DNS,

1 At the client desktop, click Start > Settings > Control Panel, and then
double-click Network.
The Network window opens, listing the network components installed on
the client workstation.
2 Select TCP/IP, then click Properties.
The TCP/IP Properties window is displayed.
3 Click the DNS Configuration tab.
4 Provide a hostname and domain name for each client.
Setting Up 75

103-000164-001
September 4, 2001
Novell Confidential
5 Enter the IP address of DNS servers for this client in the search order of
preference, then click OK.
The client can now send DNS queries to the DNS name server.
Detailed DNS Configuration

This section provides detailed information about configuring DNS objects
using the DNS/DHCP Management Utility. All the procedures in this section
assume that you have already launched the utility and used the eMFrame
administration options to install the two role-based services, DNS
Management and DHCP Management. The procedures in this section are:
“Creating a DNS Server Object” on page 76
“Modifying a DNS Server Object” on page 77
“Creating a Zone Object” on page 78
“Creating a Primary DNS Zone Object” on page 79
“Creating a Secondary DNS Zone Object” on page 79
“Creating an IN-ADDR.ARPA Object” on page 80
“Creating a Primary IN-ADDR.ARPA Zone Object” on page 80
“Creating a Secondary IN-ADDR.ARPA Zone Object” on page 81
“Modifying a Zone Object” on page 82
“Creating Resource Records” on page 83
“Modifying Resource Records” on page 84
Creating a DNS Server Object

Use the DNS/DHCP Management Utility to create and set up a DNS Server
object for each DNS server you plan to operate.
To create and set up a DNS Server object, complete the following steps:
1 Click DNS Management > DNS Server Management to open the DNS
Server Management window in the main panel.
2 Select Create Server from the drop-down menu > click OK to open the
Create DNS Server window.
3 Enter a server name, or browse to select a server from the eDirectory tree.

103-000164-001
September 4, 2001
Novell Confidential
4 Enter a unique host name for the DNS server object.

5 Enter a domain name for the server object.
6 Click Create.
A message indicates that the new DNS server was created.
Modifying a DNS Server Object

After you create a DNS Server object you can modify its configuration
parameters. To do so, complete the following steps:
2 Select Modify Server from the drop-down menu > click OK to open the
Modify DNS Server window.
3 Select the DNS Server.
4 Click OK.
You are led through a set of steps that allow you to modify the following DNS
Server configuration parameters:
List of Zones: Lists the names of the zones that the server controls. This
field cannot be edited.
DNS Server IP Address: Lists the set of domains and subdomains that the
server controls. This field cannot be edited.
DNS Server Domain name: Lists the domain name of the DNS server.
DNS Server Comments: You can type comments about the DNS server in
this box. This is an optional parameter.
Forward List: Specifies a list of IP addresses of DNS servers.
- To add servers to the Forward List, click Add > Enter the IP Address of
the server > click OK.
- To remove servers from the Forward List, select the IP Address of the
server from the Forward List > Click Delete.
No Forward List: Specifies a list of hostnames whose unresolved queries
will not be forwarded to other DNS servers.
To add servers to the No Forward List, click Add > Enter the name
of the server > click OK.
To remove servers from the Forward List, select the domain name of
the server from the No Forward List > Click Delete.
Setting Up 77

103-000164-001
September 4, 2001
Novell Confidential
Events Log: Specifies the degree of event data the server is to collect.
Major or critical events denote a significant change in the state of server
processing. To configure the event log, choose from the following
options:
None: Turns off event logging (default)
Major Events: Logs only critical events
All: Logs both major and minor events
Audit Log: Check Enable Audit Trail Log to log audit trails and events.
Starting/Stopping the DNS Server

2 Select Start/Stop Server from the drop-down menu > click OK to open the
DNS Server Start/Stop Services window.
3 Select the DNS server.
4 Click OK.
5 Depending on the state of the DNS Server module, any one of the
following will now appear:
Failure notification message: This appears if the DNS Server module
(NAMED.NLM) is not loaded. In order to start the server, load the
DNS Server module through the system console.
Start button: If the DNS Server module is loaded but in STOP mode,
click to start the DNS server.
Stop button: If the DNS Server module is loaded but in START
mode, click to stop the DNS server.
NOTE: To use the Start/Stop DNS service, NAMED.NLM must be loaded.
Creating a Zone Object

The DNS Zone object is an eDirectory container object that comprises
Resource Record Set (RRSet) objects and resource records. This section
provides information about how to create a Secondary DNS Zone object and
an IN-ADDR.ARPA Zone object. For information about how to create a
Primary DNS Zone object, refer to “Creating a Primary DNS Zone Object” on
page 79.

103-000164-001
September 4, 2001
Novell Confidential
Creating a Primary DNS Zone Object

After you create a DNS Server object, use the DNS/DHCP Management
Utility to create and set up a Primary DNS zone. For information about how
to create a secondary DNS Zone object refer to “Creating a Secondary DNS
Zone Object” on page 79. For information about how to create an IN-
ADDR.ARPA Zone object, refer to “Creating an IN-ADDR.ARPA Object” on
page 80.
To create a primary DNS Zone object, complete the following steps:
1 Click DNS Management > Zone Management to open the Zone
Management window in the main panel.
2 Select Create Zone from the drop-down menu > click OK to open the
Create DNS Zone window.
3 Choose Create New Zone.
4 Enter the eDirectory context for the zone or browse to select it.
5 Enter a name for the zone object.
6 Under Zone Type, choose Primary (default).
7 Select a DNS server from the Assign Authoritative DNS Server drop-
down menu.
or
Enter a unique host name in the Name Server Host Name box and
optionally, select a domain from the Domain drop-down menu.
8 Click Create.
A message indicates that the new primary zone has been created.
Creating a Secondary DNS Zone Object

After you create a DNS Server object, you can use the DNS/DHCP
Management Utility to create and set up Secondary DNS Zone object. To
create a Secondary DNS Zone object, you must provide the IP address of the
DNS server that will perform zone in transfers for the secondary zone.
To create a secondary DNS Zone object, complete the following steps:
Setting Up 79

103-000164-001
September 4, 2001
Novell Confidential
3 Choose Create New Zone.

5 Enter a name for the zone object.
6 Under Zone Type, choose Secondary.
7 Enter the IP address of the DNS server that will provide zone out transfers
for this secondary zone.
down menu. This is an optional parameter.
or
optionally, select a domain from the Domain drop-down menu.
9 Click Create.
A message indicates that the new secondary zone has been created.
Creating an IN-ADDR.ARPA Object

After you create a DNS Server object, you can use the DNS/DHCP
Management Utility to create and set up an IN-ADDR.ARPA Zone object. An
IN-ADDR.ARPA can be either a Primary IN-ADDR.ARPA Zone object or a
Secondary IN-ADDR.ARPA Zone object. For more information about
creating a Primary IN-ADDR.ARPA Zone object, refer to “Creating a
Primary IN-ADDR.ARPA Zone Object” on page 80. For more information
about creating a Primary IN-ADDR.ARPA Zone object, refer to “Creating a
Secondary IN-ADDR.ARPA Zone Object” on page 81.
Creating a Primary IN-ADDR.ARPA Zone Object

To create a Primary IN-ADDR.ARPA Zone object, complete the following
steps:
3 Choose Create IN-ADDR.ARPA.

103-000164-001
September 4, 2001
Novell Confidential
5 Enter the IP address of the zone in the Zone Domain Name field. The IN-
ADDR.ARPA zone name is displayed.
6 Under Zone Type, choose Primary (default).
down menu.
or
optionally, enter a domain name or select it from the Domain drop-down
menu.
8 Click Create.
A message indicates that the new Primary IN-ADDR.ARPA Zone object
has been created.
Creating a Secondary IN-ADDR.ARPA Zone Object

To create a Secondary IN-ADDR.ARPA Zone object, complete the following
steps:
3 Choose Create IN-ADDR.ARPA.
5 Enter the IP address of the zone in the Zone Domain Name field. The IN-
ADDR.ARPA zone name is displayed.
6 Under Zone Type, choose Secondary.
down menu.
or
optionally, enter a domain name or select it from the Domain drop-down
menu.
8 Type the IP Address of the DNS server that will provide zone-out
transfers for this secondary zone.
Setting Up 81

103-000164-001
September 4, 2001
Novell Confidential
9 Click Create.
A message indicates that the new Secondary IN-ADDR.ARPA Zone
object has been created.
Modifying a Zone Object

After you have created a Zone object, you can modify it and provide more
detailed configuration information.
To modify a new Zone object's attributes, complete the following steps:
2 Select Modify Zone from the drop-down menu > click OK to open the
Modify DNS Zone window.
3 Select the DNS Zone object from the drop-down menu.
4 Click OK.
You can now modify the following DNS Zone configuration parameters:
Zone Type: Specifies whether the zone will be a Primary or a Secondary
zone.
Zone Master IP Address: To change a Primary zone to a Secondary zone,
click the Secondary zone box and provide the IP address of the Primary
DNS Server in the Zone Master IP Address field.
Available DNS Servers: Specify the server to which the zone is to be
assigned > click Add. The server will then be displayed in the
Authoritative DNS Servers field.
Authoritative DNS Servers: To delete a DNS server assignment to a zone,
select the server to be removed from the field, then click Remove.
Add All: Click this to add available DNS servers to a zone.
Remove All: Click this to remove available DNS servers from a zone.
Designated DNS Server: Designates a server for the zone if more than one
DNS server is assigned to a zone. This server will be responsible for
getting DHCP updates for the zone, if the zone is a Primary zone.
Comments: Use this field to provide comment information about the
zone. This is an optional parameter.

103-000164-001
September 4, 2001
Novell Confidential
Modify Zone Out Filter: Specifies a list of IP addresses or networks

authorized to do zone out transfers from this zone. Use the Add and
Delete buttons to add or remove particular IP addresses and networks.
Zone Master: Specifies the name of the DNS zone.
E-mail Address: Specifies the e-mail address for the zone.
Serial Number: Use this field to set a date and revision number for the
Start of Authority.
Interval values: Choose from the following values:
- Refresh: Enables the user to specify, in minutes, the time in which the
secondary name server downloads a copy of the zone data to the
primary name server. The default is 180 minutes.
- Retry:Specifies, in minutes, the time that a secondary name server waits
after a failed download before it tries to download the zone database
again. The default is 60 minutes.
- Expire: Specifies, in hours, the time that a secondary name server
continues to try to download a zone database. The default is 168 hours.
- Minimal TTL: Specifies, in hours, the minimum TTL for a resource
record. This parameter determines how long a DNS server retains an
address mapping in cache. The default is 24 hours.
Creating Resource Records

A resource record is a piece of information about a domain name. Each
resource record contains information about a particular piece of data within
the domain.
To create a new resource record, complete the following steps:
1 Click DNS Management > Resource Record Management to open the
Resource Record Management window in the main panel.
2 Select Create Resource Record from the drop-down menu > click OK to
open the Create Resource Record window.
3 From the Select Domain Name drop-down menu, select the domain
where the resource record is to be created.
4 Optionally, from the Select Host Name drop-down menu, select the name
of the host server. This binds a domain name with a hostname for a
specific name server.
5 Click OK to specify the Resource Record type.
Setting Up 83

103-000164-001
September 4, 2001
Novell Confidential
6 Choose the Resource Record Type (RR Type) from the available options
under the Others drop-down menu and enter appropriate Resource
Record data corresponding to the type chosen.
7 Click Create.
For more information on Resource Record Types, refer to Table 2, “Resource

Record Types and Field Differences,” on page 33.
NOTE: Start of Authority (SOA) is defined as part of a Zone object's attributes, and
a Pointer (PTR) record is created automatically when any new A resource record
or IPv6 (AAAA) resource record is created if the IN-ADDR.ARPA zone exists.
Modifying Resource Records

To modify a resource record, complete the following steps:
1 Click DNS Management > Resource Record Management to open the
Resource Record Management window in the main panel.
2 Select Modify Resource Record from the drop-down menu > click OK to
open the Modify RR Set - Resource Record window.
3 From the Select Domain drop-down menu, select the domain that
contains the host or RR Set.
4 From the Select Host drop-down menu, select the host or RR Set that
contains the Resource Record.
5 You can modify the properties of either the entire RR Set or a single
record in the RR Set.
To modify the RR Set, complete the following steps:
Click Modify RR Set to open the Modify RR Set window.
Enter the name of the eDirectory object to be associated with the RR
Set in the Associated eDirectory Object box, or browse to select it.
Optionally, type comments about the RR Set object in the Comments
box.
Click Done to close the Modify RR Set window.
To modify a single Resource Record, complete the following steps:
From the Select Resource Record drop-down menu, select the
Resource Record.
Click OK to view the domain, the hostname and the Type
information associated with the Resource Record.

103-000164-001
September 4, 2001
Novell Confidential
You can now modify the Resource Record Data of all but the
following types of resource records:
- A (or IPv4)
- AAAA (or IPv6)
6 Click Done to save the changes.
Configuring DNS Features

This section provides procedures to help you configure the DNS features of
Novell DNS/DHCP Services. The procedures in this section are:
“Configuring an eDirectory Server to Forward Queries to Root Name
Servers” on page 85
“Configuring a Cache-Only Server” on page 85
“Configuring to Support Child Zones” on page 86
Configuring an eDirectory Server to Forward Queries to Root Name

Servers
When you install Netware 6, the root server information is automatically
loaded into your system. No procedure is required to configure your system to
forward queries to the root name servers.
Configuring a Cache-Only Server

A cache-only server should be located between the clients that require address
resolution and any DNS name servers that communicate over the Internet.
Configure DNS clients to forward their queries to the cache-only server, and
configure the cache-only server to forward its queries to a DNS server (or
servers) attached directly to the Internet.
To configure a server to function as a cache-only server, follow the
instructions to create a DNS server in “Creating a DNS Server Object” on
page 76. After you have created the DNS Server object, do not assign any
zones for it to serve. Configure this server to forward its queries to a DNS
server
Setting Up 85

103-000164-001
September 4, 2001
Novell Confidential
Configuring to Support Child Zones

If you are supporting child zones, you must configure the glue logic or glue
records to associate the child zones with the parent zone.
The parent zone contains a referral to the child zone, meaning that its zone
information contains an Name Server (NS) record that names the zone server
for the child zone and an Address record that specifies the IP address for the
child zone's DNS name server.
When configured, queries to the parent zone for names within the child zone
are returned with the child zone's referral records. The requester can then
query the child zone's name server directly.
Configuring DHCP
To manage an organization's IP address database, you must define the global
address pool in the form of Class A, B, and C network addresses. The
addresses available to a network are managed by the DNS/DHCP
Management Utility and logically organized into the following types of
objects:
Subnet
Subnet Address Range
IP Address
DHCP Server
Subnet Pool
The Novell DHCP server views an organization's network as a collection of
DHCP objects.
For DHCP configuration instructions, refer to:
“Importing DHCP Configuration Information” on page 87
“Setting Up DHCP” on page 88

103-000164-001
September 4, 2001
Novell Confidential
Importing DHCP Configuration Information

You can use the DNS/DHCP Management Utility to import existing DHCP
configuration information. The DHCP information should be in DHCP
version 2.0 or 3.0 file format.
To import existing DHCP configuration information, complete the following
steps:
1 Open the DNS/DHCP Management Utility in a browser window.
2 Click DHCP Management > Global DHCP Configuration to open the
Global DHCP Configuration window in the main panel.
3 Select Import DHCP Configuration from the drop-down menu > Click
OK to open the Import DHCP Configuration File window.
4 Enter the eDirectory context or browse to select it.
5 Enter the name of the DHCP Configuration File or browse to select it.
6 Click OK.
7 The DHCP Subnet configuration information is displayed.
To add an available DHCP Subnet to the list of selected subnets, click
Add.
To include all available DHCP Subnets to the list of selected subnets,
click Add All.
To delete a subnet from the list of selected subnets, click Remove.
To delete all subnets from the list of selected subnets, click Remove
All.
8 Click OK.
The selected subnets are now imported.
Setting Up 87

103-000164-001
September 4, 2001
Novell Confidential
Setting Up DHCP
This section provides the following procedures required to accomplish a basic
DHCP setup:
“DHCP Prerequisites” on page 88
“Setting Global DHCP Options” on page 89
“Creating a DHCP Server Object” on page 91
“Creating a Subnet Object” on page 91
“Creating Subnet Address Ranges” on page 92
“Creating IP Address Objects” on page 92
“Loading the DHCP Server” on page 93
“Configuring Clients to Use DHCP” on page 94
This section does not describe how to enable all the available features. For
more information refer to “Detailed DHCP Configuration” on page 94
DHCP Prerequisites
The following steps must be completed prior to setting up DHCP:
1. Load Netware 6 on the selected server or servers.
2. Install iManage.
3. Install Internet Explorer 5.0.
Setting Global DHCP Preferences

You can use Global Preferences to add, delete, or modify global data, such as
global DHCP options and global DHCP defaults. For more information about
setting global DHCP options, refer to “Setting Global DHCP Options” on
page 89. For more information about setting global DHCP defaults, refer to
“Setting Global DHCP Defaults” on page 89. For more information about
configuring the DHCP Options Table, refer to “Viewing the DHCP Options
Table” on page 90.

103-000164-001
September 4, 2001
Novell Confidential
Setting Global DHCP Options

To define a global DHCP option:
2 Select Set Global Preferences from the drop-down menu > click OK to
open the Global DHCP Preferences window.
3 Click Modify to open the DHCP Options window.
4 The DHCP Options you can configure globally are listed in the Available
DHCP Options list box. To configure an option, complete the following
steps:
Select it from the Available DHCP Options list box and click Add.
Enter the required supporting information as prompted.
5 Click Done to close the DHCP Options window.
The global DHCP Option you added or configured now appears in the
Global DHCP Options list.
To remove a global DHCP option
3 Check the Select column of the DHCP option you want to remove and
click Delete.
The global DHCP Option you deleted is now removed from the Global
DHCP Options list.
Setting Global DHCP Defaults

To define a global DHCP default:
2 Select Set Global Preferences from the drop-down menu > Click OK to
Setting Up 89

103-000164-001
September 4, 2001
Novell Confidential
3 Click Next to open the Excluded Hardware Addresses list in the Global
DHCP Defaults window.
This list contains the MAC addresses of clients that should not receive IP
addresses from DHCP servers. These exclusions apply to all DHCP
servers in the eDirectory tree.
4 Click Next to open the Included Hardware Addresses list in the Global
DHCP Defaults window.
This list contains the MAC addresses of clients that will receive IP
addresses from DHCP servers.
IMPORTANT: The Excluded and Included Hardware Addresses lists are mutually
exclusive. You are expected to configure only one of these lists and ensure that the
other list is empty.
5 Click Add > Enter the MAC Address of the client > Specify the hardware
type.
6 Click OK.
The MAC address is added to the Excluded Hardware Addresses list.
Viewing the DHCP Options Table

The DHCP Options Table provides a list of parameters that can be defined for
use on the network. After an option is defined,you can assign a value to the
option using Global DHCP Options.
To view a DHCP option:
3 Click Next > Next to open the DHCP Options Table window that lists
both the system-defined and user-defined DHCP options.
4 Click Done to return to the home page.

103-000164-001
September 4, 2001
Novell Confidential
Creating a DHCP Server Object

You use the DNS/DHCP Management Utility to create and set up a DHCP
Server object. A DHCP Server object can be created or located under any of
the following objects:
Organization (O)
Organization Unit (OU)
Country (C)
Locality (L)
To create and set up a DHCP server object, complete the following steps:
1 Click DHCP Management > DHCP Server Management to open the
DHCP Server Management window in the main panel.
2 Select Create Server from the drop-down menu > click OK to open the
Create DHCP Server window.
3 Enter the name of the server or browse to select it.
4 Click Create.
A message indicates that the new DHCP Server Object has been created.
Creating a Subnet Object

You use the DNS/DHCP Management Utility to create and set up a DHCP
Subnet object for each of the subnets to which you will assign addresses.
To create and set up a Subnet object, complete the following steps:
1 Click DHCP Management > Subnet Management to open the Subnet
2 Select Create Subnet from the drop-down menu > click OK to open the
Create Subnet window.
3 Enter a unique subnet name.
4 Select the eDirectory context where the new subnet record will be stored.
5 Enter a subnet address, a subnet mask, and the name of a default DHCP
server in the fields provided.
The default DHCP server field designates the principal DHCP server for
a subnet. This server is assigned all address ranges created under the
Setting Up 91

103-000164-001
September 4, 2001
Novell Confidential
subnet, unless a different server is specified when the range is created.

The default server also is the only server that responds to BOOTP
requests for the subnet.
6 Click Create.
A message indicates that the new subnet has been created.
IP address objects are simultaneously created to exclude routing and
broadcast addresses.
Creating Subnet Address Ranges

You use the DNS/DHCP Management Utility to create and set up Subnet
Address Range objects for each pool of addresses you want to be dynamically
assigned by DHCP.
To create and set up a Subnet Address Range object, complete the following
steps:
1 Click DHCP Management > Address Range Management to open the
Address Range Management window in the main panel.
2 Select Create Address Range from the drop-down menu > click OK to
open the Create Subnet Address Range window.
3 From the drop-down menu, select the subnet for which the address range
is required.
4 In the Address Range Name field, type the name of the Subnet Address
Range.
5 Type the Start Address and End Address to specify the lower and upper
limits of the subnet address range.
6 Click Create.
A message indicates that the new subnet address range has been created.
Creating IP Address Objects

You use the DNS/DHCP Management Utility to create and set up any IP
Address objects to be assigned to specific devices or to be excluded from
dynamic assignment. Create an IP Address object for each such device or
address. Assigning a specific address to a client requires you to specify the
client's media-access control (MAC) address or Client ID.

103-000164-001
September 4, 2001
Novell Confidential
If you have set up subnets and subnet address ranges, you are not required to
set up individual IP addresses unless you want to perform manual address
assignment or exclude addresses from assignment.
To create and set up an IP Address object, complete the following steps:
1 Click DHCP Management > IP Address Management to open the IP
Address Management window in the main panel.
2 Select Create IP Address from the drop-down menu > click OK to open
the Create IP Address window.
3 From the drop-down menu select the subnet for which the IP address will
be created.
4 Enter the IP address.
5 Choose an assignment type for the IP address object. Assignment types
for an IP Address object are Dynamic, Manual and Exclusion. If the IP
address is dynamically assigned by the DHCP server, it will be
automatically displayed.
Valid types that can be created manually are Manual and Exclusion. A
manual assignment type must have either a MAC Type or a Client
Identifier for the IP address object to be created.
Client Identifier uniquely identifies the client.
MAC Type specifies the MAC address type.
MAC Address specifies the hardware address of the NIC (Network
Interface Card).
6 Click Create.
A message is displayed indicating that the new IP Address object has
been created.
Loading the DHCP Server

To load a DHCP Server object, complete the following steps:
1 Create a DHCP Server object. For more information, refer to “Creating a
DHCP Server Object” on page 91.
2 Create a Subnet object, and assign a default DHCP server to it. For more
information, refer to “Creating a Subnet Object” on page 91.
3 Enter the following command at the DHCP server console:
LOAD DHCPSRVR
Setting Up 93

103-000164-001
September 4, 2001
Novell Confidential
After you load DHCPSRVR.NLM, the DHCP server can respond to client
requests and assign IP addresses. For information about other command line
options, refer to “DHCPSRVR Command Line Options” on page 112.
After DHCPSRVR.NLM is loaded, you can use the DNS/DHCP Management
Utility to start and stop the DHCP Server. For more information on starting
and stopping the DHCP server, refer to “Starting/Stopping the DHCP Server”
on page 96.
Configuring Clients to Use DHCP

To configure Windows 95 and Windows NT* client workstations to use
DHCP, complete the following steps:
1 At the client desktop, click Start > Settings > Control Panel, and then
double-click Network.
The Network window is displayed, listing the network components
installed on the client workstation.
2 Click TCP/IP and click Properties.
The TCP/IP Properties window opens.
3 Select Obtain an IP Address Automatically > click OK.
The next time the client starts up, it will send a request to the DHCP server for
an IP address.
IMPORTANT: Any client configuration settings override the configuration received
from a DHCP server. The only exception is the hostname parameter set on the
DNS Configuration tab of TCP/IP Properties window.
Detailed DHCP Configuration

This section provides detailed information about configuring DHCP objects
using the DNS/DHCP Management Utility.
Refer to “Setting Up DHCP” on page 88 for information about setting up
DHCP and creating DHCP objects. The following sections provide detailed
information about modifying DHCP objects:
“Modifying a DHCP Server Object” on page 95
“Modifying an Existing Subnet Object” on page 97
“Modifying a Subnet Address Range Object” on page 98

103-000164-001
September 4, 2001
Novell Confidential
“Modifying an Existing IP Address Object” on page 100

“Creating a Subnet Pool Object” on page 101
“Modifying a Subnet Pool Object” on page 102
Modifying a DHCP Server Object

Refer to “Creating a DHCP Server Object” on page 91 for information about
creating a DHCP Server object. After a DHCP Server object has been created,
you can modify its configuration parameters by completing the following
steps:
Modify DHCP Server window.
3 Select the DHCP Server object from the drop-down menu.
4 Click OK.
You are led through a set of steps by which you can modify the following
parameters:
Subnet Address Range Serviced by the Server: This displays
information about the range of addresses that can be dynamically
assigned by the server.
Subnet Serviced by the Server: This displays information about the
subnet to which the server can assign addresses.
Comments: You can type comments about the DHCP server in this
box. This is an optional parameter.
Set SNMP Traps Option: SNMP traps control DHCP server event
trapping. Choose from the following options:
- None: Turns off SNMP traps
- Major Events: Traps only critical events (default)
- All: Traps both major and minor events
Management applications such as Novell ManageWise® software
help you monitor traps.
Setting Up 95

103-000164-001
September 4, 2001
Novell Confidential
Audit Trail and Alerts Option: Auditing allows you to analyze

historical data and diagnose operational difficulties. Choose from the
following options:
- None: Disables auditing
- Major Events: Audits only major events such as SNMP traps
(default)
- All: Audits all events
Enable Audit Trail Log: Check this to log audit trails and events.
Mobile User Option: The DHCP server can be configured to support
mobile users such as laptop users. Choose from the following
options:
- No Mobile Users Allowed: Disables support for mobile users
- Allow Mobile Users but Delete Previously Assigned Address:
Deletes previously assigned addresses while granting an address
to a mobile user (default)
- Allow Mobile Users but Do Not Delete Previously Assigned
Address: Caches previously assigned addresses while granting an
address to a mobile user
Ping Address: Check this to ping an address to ensure that the
address is not in use before it is assigned. Note that enabling ping
increases traffic on the network.
Starting/Stopping the DHCP Server

2 Select Start/Stop Server from the drop-down menu > click OK to open the
DHCP Server Start/Stop Services window.
3 Select the server from the Select DHCP Server drop-down menu.
4 Click OK.
5 Depending on the state of the DHCP Server module, any one of the
following will now appear:
Failure notification message: This appears if the DHCP Server
module (DHCPSRVR.NLM) is not loaded. In order to start the
server, load the DHCP Server module through the system console.
Start button: If the DHCP Server module is loaded but in STOP
mode, click to start the DHCP server.

103-000164-001
September 4, 2001
Novell Confidential
Stop button: If the DHCP Server module is loaded but in START

mode, click to stop the DHCP server.
NOTE: To use the Start/Stop DHCP service, DHCPSRVR.NLM must be loaded.
Modifying an Existing Subnet Object

For information about creating a Subnet object, refer to “Creating a Subnet
Object” on page 91. After a subnet object has been created, you can modify its
configuration parameters by completing the following steps:
1 Click DHCP Management > Subnet Management to open the Subnet
2 Select Modify Subnet from the drop-down menu > click OK to open the
Modify Subnet window.
3 Select the Subnet object from the drop-down menu.
4 Click OK.
parameters:
DNS Zone for Dynamic Update: Specifies the DNS zone where
dynamic updating will occur. The specified DNS zone is then
notified of any changes to the subnet.
Domain Name: Specifies the domain name that will be combined
with the hostname received from the client computer. This name will
be given to DNS during dynamic DNS update. The domain name
must be part of the zone specified for dynamic DNS.
Subnet Pool Preference: Specifies the subnet pool to be used by the
subnet. This parameter setting is optional. Subnet pools enable the
DHCP server to assign addresses to multiple logical networks on a
single physical network. A subnet pool groups logical networks.
Default DHCP Server: Specifies a default DHCP server that will
assign address ranges for the subnet. This server is also the only
server that will respond to BOOTP requests for the subnet.
Comments: Provides an area for comment information about the
subnet. This is an optional parameter.
Lease Type: Specifies the length of time for an address assignment.
A lease type can be permanent or timed. Permanent leases never
expire; the client is assigned an IP address for an indefinite period.
Timed leases are defined in days, hours, and minutes. Timed leases
expire, unless the client renews the lease.
Setting Up 97

103-000164-001
September 4, 2001
Novell Confidential
Set Boot Parameter Options: Check this to specify the Server

Address, Server Name, and Boot File Name for the BOOTP service.
This information, provided at boot time, includes the address and
name of a server the client can contact for a boot image, as well as a
boot filename.
Other DHCP Options: To configure an option, complete the
following steps:
Click Modify to open the DHCP options page that list the
available DHCP Options.
Select the DHCP option and provide the necessary DHCP
information.
Click Add.
To remove a DHCP option:
Check the Select column of the DHCP option you want to
remove > click Delete
Modifying a Subnet Address Range Object

Refer to “Creating Subnet Address Ranges” on page 92 for information about
creating a Subnet Address Range object. After a Subnet Address Range object
has been created, you can modify its configuration parameters by completing
1 Click DHCP Management > Address Range Management to open the
Address Range Management window in the main panel.
2 Select Modify Address Range from the drop-down menu > click OK to
open the Modify Subnet Address Range window.
3 From the Select Subnet drop-down menu, select the subnet that contains
the address range to be modified.
4 From the Select Address Range drop-down menu, select the address
range to be modified.
5 Click OK.
address range parameters:
Range Type: indicates the range of addresses used by the DHCP
server in response to requests from clients.

103-000164-001
September 4, 2001
Novell Confidential
From the Select Range Type drop-down menu, choose one of the
following:
Dynamic DHCP: A range of addresses used by the DHCP server
to assign addresses to clients making only DHCP requests. If the
Dynamic DHCP range type is assigned, the DNS Update Option
parameter can be enabled. If Always Update is selected, the
DHCP server will update DNS as dynamic addresses are
assigned and released
Dynamic BOOTP: A range of addresses used by the DHCP
server to assign addresses to clients making only BOOTP
requests.
Dynamic BOOTP and DHCP: A range of addresses used by the
DHCP server to assign addresses to clients making either DHCP
or BOOTP requests. If the Dynamic BOOTP and DHCP range
type is assigned, the DNS Update Option parameter can be
enabled. If Always Update is selected, the DHCP server will
update DNS as dynamic addresses are assigned and released.
Dynamic DHCP with Automatic Host Name Generation: A
range of addresses used by the DHCP server to assign addresses
to clients making only DHCP requests. Hostnames for this pool
will be generated and entered into the DNS system. Hostnames
are provided to clients as a DHCP option. If you choose this
option, ensure that you create the corresponding IN-
ADDR.ARPA zone.
Excluded: A range of addresses that is excluded by the DHCP
server while assigning IP addresses.
If the Dynamic DHCP with Automatic Host Name Generation range
type is assigned, the Auto Host Name Starts With parameter can be
set. This parameter appends a unique integer to the hostname,
generating a unique hostname for each client.
Additionally, the name of the DHCP Server can be specified by
selecting it from the DHCP Server drop-down menu.
Comments: Type your comments about the Subnet Address Range in
this box. This is an optional parameter.
Setting Up 99

103-000164-001
September 4, 2001
Novell Confidential
Modifying an Existing IP Address Object

Refer to “Creating IP Address Objects” on page 92 for information about
creating IP Address objects. After an IP Address object has been created, you
can modify its configuration parameters by completing the following steps:
1 Click DHCP Management > IP Address Management to open the IP
Address Management window in the main panel.
2 Select Modify IP Address from the drop-down menu > click OK to open
the Modify IP Address window.
3 Select the subnet that contains the IP address to be modified.
4 Select the IP Address.
5 Click OK.
IP Address object parameters:
Assignment Type: Specifies Exclusion or Manual IP address
assignment types.
- Exclusion: Address objects are created to identify IP addresses to
be excluded from DHCP server address assignment. An Excluded
assignment type designates that the IP address will not be used.
- Manual: Address objects are created to identify an IP address to be
assigned to a device. A client identifier or MAC address must be
configured for the manual address so that the DHCP server can
identify the appropriate client. Manual assignment types specify
client identifiers, MAC types, MAC addresses, or hostname
parameters.
Client Identifier: Uniquely identifies the client.
MAC Type: Specifies the MAC address type.
- 15, Frame Relay
- 16, Asynchronous Transfer Mode (ATM)
- 17, HDLC
- 18, Fibre Channel
- 20, Serial Line

103-000164-001
September 4, 2001
Novell Confidential
MAC Address: Specifies the hardware address of the NIC (Network

Interface Card).
Host Name: Specifies the name of the host server.
Associated eDirectory Object : Use this field to select another object
in the eDirectory database to maintain a reference to. For example,
identify a user who typically uses the device associated with this
address.
Comments: You can type comments about the address object in this
box. This is an optional parameter.
Lease Expiration Option: A lease type can be permanent or timed.
Permanent leases never expire; the client is assigned an IP address
for an indefinite period. Timed leases are defined in days, hours, and
minutes. Timed leases expire, unless the client renews the lease.
Last Used: Displays when the IP address was last used.
Other DHCP Options: Use this to add, delete, update, or specify
default DHCP options for a manually assigned address type. Default
is used to display DHCP options inherited from global preferences
and the Subnet object that the address object is under.
Creating a Subnet Pool Object

A Subnet Pool object is a logical group of related Subnet objects of the same
type. A Subnet Pool object can be created or located under any of the
following objects:
Organization (O)
Organization Unit (OU)
Country (C)
Locality (L)
To create a new Subnet Pool object, complete the following steps:
1 Click DHCP Management > Subnet Pool Management to open the Subnet
Pool Management window in the main panel.
2 Select Create Subnet Pool from the drop-down menu > click OK to open
the Create Subnet Pool window.
3 Enter a unique subnet pool name in the Subnet Pool Name field.
Setting Up 101

103-000164-001
September 4, 2001
Novell Confidential
4 Enter the eDirectory context where the subnet pool record will be placed.
5 Click OK.
A message indicates that the new subnet pool object has been created.
Modifying a Subnet Pool Object

Refer to “Creating a Subnet Pool Object” on page 101 for information about
creating subnet pool objects. After a subnet pool object has been created, you
can modify its configuration parameters by completing the following steps:
1 Click DHCP Management > Subnet Pool Management to open the Subnet
Pool Management window in the main panel.
2 Select Modify Subnet Pool from the drop-down menu > click OK to open
the Modify Subnet Pool window.
3 Select the subnet object.
4 Click OK.
You can modify the Subnet Type configuration parameter. You can add a
subnet to a subnet pool or remove a subnet from the pool.
To add a subnet to a subnet pool, complete the following steps:
Click Add.
Select the subnet.
Click OK.
To remove a subnet from a subnet pool, complete the following steps:
Select the subnet.
Click Delete.
Configuring Special Features

This section describes how to configure Netware 6 to use the special features
of Novell DNS/DHCP Services. The following configuration tasks are
described:
“Configuring a DNS Server to be Authoritative for Multiple Zones” on
page 103
“Configuring a Multi-Homed Server” on page 103

103-000164-001
September 4, 2001
Novell Confidential
“Configuring Dynamic DNS” on page 103

“Configuring Multiple Logical Networks” on page 104
Configuring a DNS Server to be Authoritative for Multiple Zones

A Netware 6 DNS server can be authoritative for multiple zones. There is no
limit to the number of zones a Netware 6 server can support other than those
mentioned in “Optimizing DNS Performance” on page 115. Those limitations
have to do with the total number of objects.
When you configure a zone, the Assign Authoritative DNS Server field in the
Create New Zone task is the one that specifies the DNS server that will support
the zone.
Configuring a Multi-Homed Server

A multi-homed server is a server with more than one IP address. In an Internet
environment, a multi-homed server is a single server connected to multiple
data links, which may be on different networks.
When using a DNS server with more than one IP address, you must use an
address that is bound to the server, and that address must match the address
used in the NS and A resource records for the zone.
NOTE: An NS resource record specifies a domain name for an authoritative name
server for the specified class and domain.
Configuring Dynamic DNS

Dynamic DNS (DDNS) provides automatic updating of DNS with Address
and Pointer records for addresses and hostnames assigned using the DDNS
feature. To use DDNS, the following configuration must already exist:
The DNS Zone object to receive DHCP updates must already be created.
Subnet Address Range objects that will use DDNS must be set to range
type Dynamic BOOTP and DHCP or Dynamic DHCP.
To activate the DDNS feature, complete the following steps:
1 Select the Subnet object of the Subnet Address Range on which you want
to activate DDNS and specify a zone in the DNS Zone for Dynamic
Update.
Setting Up 103

103-000164-001
September 4, 2001
Novell Confidential
2 Select the desired Subnet Address Range and ensure that the range type
is set to Dynamic BOOTP and DHCP or Dynamic DHCP.
3 Set the DNS update option to Always Update.
4 Click Save.
Configuring Multiple Logical Networks

When you configure multiple logical networks, also known as virtual local
area networks (VLANs), you associate each individual LAN or Subnet object
with a Subnet Pool object. The Subnet object you associate with the Subnet
Pool object can be created prior to creating the Subnet Pool object, or an
existing subnet can be modified.
To configure multiple logical networks or VLANs, complete the following
steps:
1 Create a Subnet Pool object.
For detailed information about creating a Subnet Pool object, refer to
“Creating a Subnet Pool Object” on page 101.
2 Select a Subnet object or create and configure a new Subnet object.
3 Click Subnet Pool Management > Modify Subnet Pool and add the subnet
to the subnet pool with which to associate the subnet object.
4 Click OK.
5 Repeat Step 2 through Step 4 for each subnet you want to associate with
the Subnet Pool object.
Configuring for Auditing

You configure DNS and DHCP for auditing by using the DNS/DHCP
Management Utility as described in:
“Configuring DNS Auditing” on page 105
“Viewing the DNS Audit Trail Log” on page 105
“Viewing the DNS Event Log” on page 106
“Configuring DHCP Auditing” on page 108
“Viewing the DHCP Audit Trail Log” on page 108
“Viewing the DHCP Event Log” on page 110

103-000164-001
September 4, 2001
Novell Confidential
Configuring DNS Auditing

To configure a DNS server to audit activities, complete the following steps:
Modify DNS Server window.
3 Select the DNS Server.
4 Click OK.
5 Click Next > Next > and select Major Events or All under Event Log.
6 Check the Enable Audit Trail Log check box.
7 Click OK.
Viewing the DNS Audit Trail Log

2 Select Audit Trail Log from the drop-down menu > Click OK to open the
DNS Server Audit Trail Log window
3 Select the server from the Select DNS Server drop-down menu.
4 Modify the Starting Date and Ending Date in the appropriate fields, if you
want to filter the Audit Period.
The following date formats are accepted:
mm-dd-yyyy
mm/dd/yyyy
mm.dd.yyyy
mm dd yyyy
mmm dd yyyy
mmddyyyy
m-d-yyyy
m/d/yyyy
m.d.yyyy
m d yyyy
mmm d yyyy
m-d-yy
Setting Up 105

103-000164-001
September 4, 2001
Novell Confidential
m/d/yy
m.d.yy
m d yy
mmm d yy
where yy represents the last two digits of the year and mmm the first three
letters of the name of the month, for example Jan, Feb etc.
5 Click OK.
This opens the DNS Audit Trail Log table that lists the following data:
Entry Time: Date and time the event occurred.
Type: Type of event.
IP Address: IP Address at which the event occurred.
Domain Name: Domain Name at which the event occurred.
6 To define a view filter on the Audit Trail Log, click the Display Options
button.
You can now filter events on the following parameters:
Start Date: to set a start date for monitoring the DNS audit trail.
End Date: to set an end date for monitoing the DNS audit trail.
Agent Ready. The SNMP (Simple Network Mail Protocol) agent is
ready to receive or transmit requests.
Query Received. The DNS server acknowledges the receipt of a
query by making an entry in the log file.
Query Forwarded. The DNS server forwards a query to a client or
another DNS server.
Response Received. The DNS server responds to a query from a
client or another DNS server.
Viewing the DNS Event Log

2 Select Event Log from the drop-down menu > Click OK to open the DNS
Event Log window.

103-000164-001
September 4, 2001
Novell Confidential
mm-dd-yyyy
mm/dd/yyyy
mm.dd.yyyy
mm dd yyyy
mmm dd yyyy
mmddyyyy
m-d-yyyy
m/d/yyyy
m.d.yyyy
m d yyyy
mmm d yyyy
m-d-yy
m/d/yy
m.d.yy
m d yy
mmm d yy
5 Click OK.
This opens the DNS Event Log table that lists the following data:
Entry Time: Date and time the event occurred.
Severity: Severity of the event - critical, major, warning and
informational.
State: State of the server - operational, degraded and inoperative.
Description: Description of the event that occurred.
6 To define a view filter on the DNS Event Log, click the Display Options
button.
Start and end date settings regulate the time recorded by the event
logger.
Setting Up 107

103-000164-001
September 4, 2001
Novell Confidential
Severity options define which event levels are recorded: critical,

major, warning, and informational.
State settings define the condition of events recorded: operational,
degraded, and inoperative.
Configuring DHCP Auditing

You can configure a DHCP server for auditing using the Audit Trail and Alerts
Option.
To configure a DHCP server to audit activities, complete the following steps:
Modify DHCP Server window.
3 Select the DHCP Server from the Select DHCP Server Name drop-down
menu.
4 Click OK > Next > and check the Enable Audit Trail Log check box.
5 Click OK.
Viewing the DHCP Audit Trail Log

2 Select Audit Trail Log from the drop-down menu > click OK to open the
DHCP Server Audit Trail Log window.
mm-dd-yyyy
mm/dd/yyyy
mm.dd.yyyy
mm dd yyyy
mmm dd yyyy
mmddyyyy

103-000164-001
September 4, 2001
Novell Confidential
m-d-yyyy
m/d/yyyy
m.d.yyyy
m d yyyy
mmm d yyyy
m-d-yy
m/d/yy
m.d.yy
m d yy
mmm d yy
5 Click OK.
This opens the DHCP Audit Trail Log table that lists the following data:
Entry Time
IP Address
Type
Status
Host name
Hardware Address
Client ID
Lease Type
6 To define a view filter on the DHCPAudit Trail Log, click the Display
Options button.
Start Date: to set a start date for monitoring the DHCP audit trail.
End Date: to set an end date for monitoring the DHCP audit trail.
Transaction Type: manual, dynamic, automatic, exclusion,
unauthorised or IPCP, and Fix Host Dynamic.
Setting Up 109

103-000164-001
September 4, 2001
Novell Confidential
Viewing the DHCP Event Log

2 Select Event Log from the drop-down menu > click OK to open the
DHCP Event Log window.
3 Select the server from the Select DHCP Server drop-down menu.
mm-dd-yyyy
mm/dd/yyyy
mm.dd.yyyy
mm dd yyyy
mmm dd yyyy
mmddyyyy
m-d-yyyy
m/d/yyyy
m.d.yyyy
m d yyyy
mmm d yyyy
m-d-yy
m/d/yy
m.d.yy
m d yy
mmm d yy
5 Click OK.
This opens the DHCP Event Log table that lists the following data:
Entry Time: Date and Time the event occurred.
Severity: Severity of the event (critical, major, warning and
informational).
State: State of the server (operational, degraded, and inoperative).
Description: Description of the event that occurred.

103-000164-001
September 4, 2001
Novell Confidential
6 To define a view filter on the DHCP Events Log, click the Display
Options button.
Start Date: to set a start date for monitoring the DHCP Event Log.
End Date: to set an end date for monitoring the DHCP Event Log.
Severity defines the severity level of the event: critical, major,
warning, and informational.
State settings define the condition of events recorded: operational,
degraded, and inoperative.
NAMED Command Line Options

To start a DNS server, enter the following command at the server console
prompt:
LOAD NAMED
The command line parameters listed in the following table are also supported.
Table 9 NAMED Command Line Options
Parameter Function
-a Turns on auto-detect of new zones (default

setting)
-b Turns off auto-detect of new zones
-f <scrpt.txt> [context] Creates multiple zones using a text file in BIND

bootfile format; specifying context enables
zones to be created anywhere in the eDirectory
tree
-h Displays help information
-l Enables a DNS server to login as an

administrator to acquire rights required to create
and delete zones from the command line
-m <file.dat> [context] Imports file.dat and creates a new primary zone;

specifying context enables zones to be created
anywhere in the eDirectory tree
Setting Up 111

103-000164-001
September 4, 2001
Novell Confidential
Parameter Function
-q Disables verbose mode for debug messages

(default setting)
-r <zone name> Deletes and removes an existing zone from the

zone database
-rp <characters> Replaces listed characters with a dash (-) in host

names for which resource records are
dynamically created
-s [zone name] Prints status information; zone name is optional
-u <file.dat> Imports file.dat and updates the contents of a

previously created zone
-v Enables verbose mode for debug messages
-zi <zone name> Forces named zone for zone-in transfer
You can issue the LOAD NAMED command repeatedly to invoke different
command line options. The NAMED.NLM software is loaded only on the first
instance.
DHCPSRVR Command Line Options

To start a DHCP server, enter the following command at the server console
prompt:
LOAD DHCPSRVR
The command line parameters listed in the following table are also supported.
Table 10 DHCPSRVR Command Line Options
Parameter Function
-d1 Turns on a background screen log of DHCP

packets
-d2 Turns on a background screen log of Debug

statements and DHCP packets

103-000164-001
September 4, 2001
Novell Confidential
Parameter Function
-d3 Turns on a background screen log of Debug

statements and DHCP packets and writes the log to
the server's \ETC\DHCPSRVR.LOG file
-h Displays command line syntax
-py Specifies the global polling interval in y minutes
-s Forces server to read from and write to the master

replica
Setting Up 113

103-000164-001
September 4, 2001
Novell Confidential

103-000164-001
September 4, 2001
Novell Confidential
4 Optimizing
You can optimize the performance of Novell® DNS/DHCP Services software

by using state-of-the-art servers. We highly recommend that you use a server
with a 200 MHz (or higher) Pentium* processor with 64 MB of memory. If
your network configuration is large, more memory might provide improved
performance.
For optimum performance, the designated server should be the most powerful
server available. The designated server is the only server in a given tree that
performs Dynamic DNS updates and zone transfers of secondary zone
information.
The I/O subsystem of the servers can also be an issue for server performance.
If you use both DNS and DHCP functions of Netware® 6, you will increase
the number of eDirectoryTM objects and thereby increase the disk space
requirements of your SYS: volume.
Because the DNS and DHCP servers cache the required eDirectory data from
disk into system memory, access to this information is not slowed.
Optimizing DNS Performance

Although there is no limit to the size of a zone when you configure DNS, we
recommend that you limit the size of any zone to no more than 5,000 objects.
If you have a zone with more than 5,000 objects, dividing the objects between
two zones will improve performance.
Optimizing DHCP Performance

Although there is no limit to the size or number of subnets when you configure
DHCP, we recommend that you limit the number of objects within a single
Optimizing 115

103-000164-001
September 4, 2001
Novell Confidential
subnet to no more than 2,048. A Novell DHCP server can support several large
subnets in a DHCP-only configuration. However, the higher the number of IP
Address objects supported, the greater the impact on DHCP server run-time
performance.

103-000164-001
September 4, 2001
Novell Confidential
5 Managing
This document provides information about installing and using the DNS/
DHCP Management Utility to perform management tasks.
DNS/DHCP Management Utility

The DNS/DHCP Management Utility is a Web-based utility that enables
network administrators to set up and manage DNS (DNS Service) and DHCP
(DHCP Service) and the eDirectoryTM objects created for DNS and DHCP.
IMPORTANT: Before you can use the DNS/DHCP Management Utility, the
eDirectory schema must be extended to create the DNS/DHCP Group and Locator
objects and to create the RootSrvrInfo zone. The eDirectory schema is extended
when you activate Novell® DNS/DHCP Services from the Customize Server
window during the installation of Netware® 6.
The DNS/DHCP Management Utility provides the following management

functions from the browser workstation:
Importing and exporting configuration to and from eDirectory
Creating, updating, reading, or browsing configuration information
Viewing DNS and DHCP server status, events, and alerts
After the software installation, existing DNS information is converted to
master file format and can be imported to the server where Netware 6 has been
installed. You must use the DNS/DHCP Management Utility to import any
existing DHCP information. If you have no existing configuration information
to import, you must use the DNS/DHCP Management Utility to create the
necessary objects to support your network. If you have imported configuration
information, use the DNS/DHCP Management Utility to create the DNS and
DHCP server objects prior to operation.
Managing 117

103-000164-001
September 4, 2001
Novell Confidential
Installing the DNS/DHCP Management Utility
Prerequisites
Hardware Requirements
Pentium II processor. Pentium III recommended.
SVGA display
256 MB of RAM (minimum)
50 MB DOS partition (minimum). 1GB recommended.
50 MB of available disk space (minimum). 1GB recommended.
SYS volume of size 2 GB (minimum); 4 GB default.
Software Requirements
Novell Netware® 6
iManage
Internet Explorer 5.0 and above
Launching the DNS/DHCP Management Utility

To launch the DNS/DHCP Management Utility, complete the following steps:
1 Open Internet Explorer from any machine running Windows 95/98/NT/
2000.
2 Type the following URL in the address bar of the Internet Explorer
window:
https:\\xxx.xxx.xxx.xxx:2200\eMFrame\iManage.html
where xxx.xxx.xxx.xxx is the IP Address of the Netware machine.
3 To login to the DNS/DHCP Management Utility, enter the following
details:
- username
- eDirectory context
- password
- eDirectory tree
4 Click the Roles and Tasks icon in the taskbar.

103-000164-001
September 4, 2001
Novell Confidential
The DNS/DHCP Management Utility roles appear in the left pane.

To manage DNS services, click DNS Management and choose from the
available options.
To manage DHCP services, click DHCP Management and choose from
the available options.
Using the DNS/DHCP Management Utility

You must have sufficient rights to use the DNS/DHCP Management Utility.
All network administrators must have Read and Write rights to the container
where the DNS/DHCP Locator and Group objects are located.
Administrators also must have Read and Write rights to the specific containers
they manage. For example, if your company has offices in Chicago,
Washington, and Providence, all administrators would require Read and Write
rights to the container storing the Locator and Group objects. However, the
administrator in Chicago would require Read and Write rights only to the
Chicago part of the tree for the following objects:
DNS and DHCP server objects
DNS Zone object
Subnet container object
Subnet Pool object
It might be convenient to create an eDirectory group object for administrators
and grant that object the necessary rights.
Managing DNS
Managing DNS is managing primary and secondary zones. When beginning
configuration, it might be better to import the data, especially if you have a
large zone. Doing so reduces the chances of error.
If you are using Dynamic DNS (DDNS), when a client receives an address
assignment from the DHCP server, a request is made to update eDirectory. The
only way to override DDNS is by using the DNS/DHCP Management Utility.
After you have installed and configured your zones, you must still use the
DNS/DHCP Management Utility to assign a DNS server to service the zones.
Managing 119

103-000164-001
September 4, 2001
Novell Confidential
Managing DHCP
After configuring your DHCP servers and beginning to provide DHCP
services, you can also perform auditing or generate SNMP traps.
Deciding which DHCP options to use depends on your implementation. Refer
to “DHCP Options” on page 43 for information about available DHCP and
BOOTP options.
Managing DDNS is complicated because each Subnet Address Range type
requires a different configuration. Each type's configuration requirements are
described later in this chapter.
It is important to understand the difference between static (or manual) and
dynamic address assignment. If you use static address assignment, you must
use the DNS/DHCP Management Utility to assign permanent IP addresses to
the clients in your tree. If you are using dynamic address assignment, the
DHCP server assigns the address to a client when it starts.
You can deny address assignment to clients based on hardware address-based
exclusion.
Events and Alerts

You can configure the DNS and DHCP servers to maintain a history of server
activity in the events log. Events are activities that are considered significant,
such as the loading or unloading of the server or problems the server
encounters. The events logged depend on the parameters set on the server.
You can configure DNS and DHCP servers to log major events, all events, or
none (the default).
Event logs can be saved for future reference. When you are logging events, it
is important to pay attention to the event log size. Event logs grow rapidly,
especially if you are experiencing or researching problems. Event logs should
be maintained or purged regularly to control the amount of disk space used.
You can launch the CSAUDIT management utility by typing CSAUDIT at the
server console.
Refer to “Configuring for Auditing” on page 104 for information about
configuring event logging and viewing the event logs.

103-000164-001
September 4, 2001
Novell Confidential
Auditing Server Activity

The audit trail log records a history of activity logged by DNS and DHCP
servers. You can use the Audit Trail log to diagnose network trends. A DNS
audit trail would include a history of DNS queries and the hosts requesting
them. A DHCP audit trail would include a history of address assignments,
including which host had an address during a given period of time and a list
of addresses that had already been in use when pinged.
Refer to “Configuring DNS Auditing” on page 105 for information about
configuring a DNS server for auditing. Refer to “Configuring DHCP
Auditing” on page 108 for information about configuring a DHCP server for
auditing.
Managing 121

103-000164-001
September 4, 2001
Novell Confidential

103-000164-001
September 4, 2001
Novell Confidential
6 Troubleshooting
This chapter contains troubleshooting information for DNS and DHCP.
DNS
This section provides the following troubleshooting information for DNS:
“Common Configuration Problems” on page 124
“Common Operational Problems” on page 125
“Troubleshooting Windows 95 TCP/IP Problems” on page 128
“Using the "-F" Command Line Option for DNIPINST.NLM” on page
134
“Server Access to DNS/DHCP Locator Object Not Required” on page
134
If you experience problems related to DNS or TCP/IP, you can use the
following steps to begin troubleshooting.
1. Run the WINIPCFG utility to determine your IP address, then ping your
address from a functioning client.
If you do not receive a response, your client's TCP/IP stack is not
functioning. One of the following problems might be the cause:
The client's TCP/IP stack might be incorrectly configured.
The client did not receive an IP address from DHCP properly.
Troubleshooting 123

103-000164-001
September 4, 2001
Novell Confidential
The IP address is already in use by another client.

2. Ping an IP address on your local network.
If this approach fails, one of the following conditions might be the cause:
The client you pinged is not operational.
The LAN is experiencing problems.
Your client's TCP/IP stack is experiencing problems.
3. Ping an address on a different network or on the internet.
If this approach fails but the preceding steps were successful, the problem
is probably related to your router or your client's default router. If you are
using DHCP, the default router configured for the DHCP server for each
client is probably incorrectly configured.
4. Verify name resolution within your network. Ping a domain name within
your company's network.
If this approach fails, the default DNS server configured for your TCP/IP
stack is invalid, or the DNS server is not functioning. If you are using
DHCP, the DNS server that is configured on the DHCP server is not
properly configured.
5. Verify name resolution through the internet. Ping a host on the internet,
such as novell.com.
If this approach fails, your company's DNS server (that forwards DNS
requests to the Internet) is not functioning, or the Internet DNS server to
which your DNS server forwards requests is not functioning.
Common Configuration Problems

If you experience problems with DNS, check the following configuration
problems.
1. Check the consistency of glue records that are shared between parent and
child zones. Make sure that Name Server (NS) and Address (A) records
within the parent zone match those in the child zone.
2. Keep the IP addresses of the root name servers configured in the
RootServerInfo zone updated. Changes to this information are not
automatically propagated through a domain; you must enter them
manually. The most recent update of root name server information is
available through FTP at ftp://rzs.internic.net/domain/named/root.

103-000164-001
September 4, 2001
Novell Confidential
3. Verify consistency between Pointer records in the IN-ADDR.ARPA

domain and other domains.
4. If you change the IP address of a name server, ensure that the parent zone
reflects that change.
5. Verify that you have configured a name server to correctly serve every
zone.
6. Verify that zone transfers are occurring properly. Ensure that the
secondary name server can identify the primary name server.
7. If you cannot access a particular host, verify that PTR records exist. When
you create a zone, always select Yes when prompted to create a
companion zone. If you created a companion zone, verify that the IP
address and hostname are correct.
Common Operational Problems

Internet RFC 1912 provides information about common operational errors
found in both the operation of DNS servers and the data the DNS servers
contain. The following list describes the most common operational errors that
occur.
Problem—Hosts cannot access a particular system. You changed the IP
address for this system recently, but the secondary name server has not yet
been updated.
Cause—The Start of Authority (SOA) record's serial number was not
properly incremented. Without the serial number increment, the
secondary name server does not recognize when a change has been made.
This is usually not a problem with eDirectoryTM-based DNS because the
serial number is incremented automatically. With UNIX systems, failure
to increment the serial number is the most common cause of DNS errors.
The secondary server does not automatically test for changes in the SOA
record. Any changes in the SOA record must be accompanied by a change
in the SOA record serial number.
Solution—Do not change the SOA record serial number manually with
eDirectory-based DNS. If the primary server is not eDirectory-based, you
might need to change the serial number manually for the secondary server
to recognize that a change has occurred.
Problem—You cannot access a particular host.
Troubleshooting 125

103-000164-001
September 4, 2001
Novell Confidential
Cause 1—When you created a new zone, the PTR records were not
created or the PTR records have been deleted or changed.
Solution 1—When you configure a zone, always select Yes when
prompted to create a companion zone. If you created a companion zone,
verify that the IP address and hostname are correct. Checkers can easily
catch neglected PTRs. For further information, refer to RFCs 1537 and
1713.
Cause 2—The host is down or is unreachable.
Solution 2—Use PING to locate the connectivity problem. If the problem
exists in your domain, make the necessary repairs to restore connectivity.
Cause 3—The name server for that domain is not configured with
information for the host.
Solution 3—Configure the name server for that domain with information
for the host.
Problem—You cannot access a host in a different domain using its
domain name, but you can access it using its IP address.
Cause—The IP address or CNAME alias entry of the host's primary or
secondary name server was changed, but the parent domain was not
informed of the change. The address information in the glue record
maintained by the parent domain has become invalid. Another possible
cause is that the original address information in the glue record for the
local zone is invalid or missing.
Solution—When you configure a new zone, always enter the IP address
when prompted. Verify that all parent zones have the same address
information.
Problem—Nonlocal hosts cannot find the primary domain server for a
subdomain and, therefore, cannot access hosts in that subdomain.
Cause—The IP address of a subdomain's primary server does not match
the hostname and IP address configured in the parent domain for the
subdomain's primary server.
Solution—Verify that the hostname and IP address for the subdomain's
primary server configured in the parent domain is valid and matches the
information configured in the subdomain.
Problem—A particular host cannot access other hosts.
Cause—The resolv.cfg file (or equivalent) of the host does not contain the
correct domain name or name server address.

103-000164-001
September 4, 2001
Novell Confidential
Solution—Enter the correct domain name or name server address in the

hosts's resolv.cfg file (or equivalent).
Problem—Hosts cannot access an entire external domain.
Cause 1—The root name server information is invalid; therefore, the root
servers are unreachable. For non-eDirectory systems running DNS,
changes to this information are not automatically propagated through a
domain; you must enter the changes manually.
Solution 1—Verify that the IP addresses of the root name servers
configured in the RootServerInfo zone are correct. The most recent
update of root name server information is available through FTP at ftp://
rzs.internic.net/domain/named/root.
Cause 2—The hostname or IP address was not resolved because the
delegation to the zone is incorrect.
Solution 2—Configure the correct hostname or IP address information
for the zone in eDirectory.
Cause 3—The hostname or IP address was resolved to the wrong value.
Solution 3—Change the hostname or IP address information for the zone
to the correct value in eDirectory.
Cause 4—The name server information of the primary name server of the
domain is incorrect or missing in the root name servers.
Solution 4—Verify that the domain is properly registered with the
INTERNIC, the organization that configures the name server information
of the domain.
Cause 5—The name server for the domain is down or is unreachable.
Cause 6—The root name server for the domain is down or is unreachable.
Cause 7—You do not have sufficient rights to access the zone.
Solution 7—Contact the network administrator for the zone and obtain
sufficient rights to access the zone.
Problem: After you create or modify a Resource Record object, the
change is not reflected in the server cache and the zone transfer fails.
Troubleshooting 127

103-000164-001
September 4, 2001
Novell Confidential
Cause 1: The Zone SOA serial number is not automatically updated after
the modification is made.
Solution 1: After you modify the Resource Record, change the Zone SOA
serial number manually.
Cause 2: The server cache is not atomically refreshed after modifications
are made.
Solution 2: Unload the NAMED.NLM module and reload it to refresh the
DNS server settings.
Problem: The client is not assigned an IP address.
Cause: The DHCP Server object is not properly configured.
Solution: Make sure you have created the DHCP Server object, at least
one Subnet object, and one Subnet Address Range object. Verify that
when you load the DHCP Server module, DHCPSRVR.NLM, a message
from the Netware system console indicates that the IP database is loaded.
Troubleshooting Windows 95 TCP/IP Problems

This section provides assistance for those troubleshooting TCP/IP problems
on Windows 95* clients. You should have a basic understanding of TCP/IP
and how it is configured for Windows 95.
Using WINIPCFG
The WINIPCFG utility displays a client's current TCP/IP configuration. To

execute this utility, click Start > Run, enter winipcfg , and click Enter.
If the client's IP address was statically assigned and configured, the
information that was entered under TCP/IP Protocols in the control panel's
Network settings is displayed.
If the client was configured to obtain an address using DHCP, the information
displayed was received from the DHCP server that assigned the IP address.
WINIPCFG provides the following information about the client:
Network adapter address
Assigned IP address
Subnet mask
Default gateway (default router)

103-000164-001
September 4, 2001
Novell Confidential
Hostname
DNS Server
If the client has obtained an address from a DHCP server, click More Info to
identify the DHCP server, when the lease began, and when it expires. Four
additional buttons provide the following functions:
Renew—Sends a DHCPREQUEST to the DHCP server, updates the
lease, and updates any assigned values such as a default gateway or DNS
server.
Release—Sends a DHCPRELEASE to the DHCP server indicating that
the client is giving up its IP address and that the server is free to assign
that address to another client.
Renew All—Sends a DHCPREQUEST to all network interfaces to which
the Windows 95 client is configured.
Release All—Sends a DHCPRELEASE to all network interfaces to
which the Windows 95 client is configured.
If you want another IP address to be assigned to the client, select RELEASE,
then select RENEW.
Using PING
PING is the most basic utility available to test, verify, and troubleshoot TCP/
IP connectivity within a network. PING sends an ICMP packet to a specific
host with a small amount of data and expects that host to respond with the
same data packet. If you receive a response, both TCP/IP and connectivity
between the two hosts are operational. If you do not receive a response, one of
the following conditions exists:
The host is not up.
A router between the connections is not up.
The client's TCP/IP stack is not functioning.
To run PING, from a DOS prompt enter the command followed by a hostname
or IP address, such as the following:
C:\> ping www.novell.com >
If TCP/IP is operational and connectivity exists between the hosts, you will
receive the following type of response:
Troubleshooting 129

103-000164-001
September 4, 2001
Novell Confidential
Pinging www.novell.com [137.65.2.5] with 32 bytes of

data:Reply from 137.65.2.5: bytes=32 time=27ms
TTL=59Reply from 137.65.2.5: bytes=32 time=22ms
TTL=59Reply from 137.65.2.5: bytes=32 time=31ms
TTL=59
If you use the IP address of the host, you will receive the same type of reply.
Using the host's domain name is a good way to determine the host's IP address,
and doing so also causes the client to request DNS name resolution before
sending the ICMP packet. This approach is an excellent way to determine if
DNS name resolution is working. If it is not working, you will receive a
message such as the following:
Unable to resolve www.novell.com.
If DNS name resolution is not working, one of the following conditions might
be the cause:
The DNS server or DNS domain name is not configured properly on the
client.
If using DHCP, the DNS server and/or domain name are not properly
configured on the DHCP server.
The DNS server to which you send DNS name resolution requests is not
functioning.
The PING command has the following syntax:
ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-
v TOS] [-r count] [-s count] [[-j host] | [-k host-
list]] [-w timeout] destination list
Table 11, “PING Options,” on page 130 explains the use of the PING options.
Table 11 PING Options
Option Meaning
-t Ping specified host until interrupted
-a Resolve addresses to hostnames
-n count Number of echo requests to send
-l size Send buffer size

103-000164-001
September 4, 2001
Novell Confidential
Option Meaning
-f Set Don't Fragment flag in packet
-i TTL Time-To-Live value
-v TOS Type of service
-r count Record route for count hops
-s count Time stamp for count hops
-j host-list Loose source route along host-list
-k host-list Strict source route along host-list
-w timeout Timeout in milliseconds to wait for

each reply
NOTE: You can find unauthorized addresses in an exported DHCP configuration

by searching for IP Address objects with an Assignment Type value of 32. Use
FIND in a text editor to quickly identify addresses that have been marked as
unauthorized.
Using TRACERT
TRACERT can be very useful when you are resolving network-wide TCP/IP
problems. TRACERT traces the route to a specific host and displays all hops
that occur to search for the target host.
To run TRACERT, from a DOS prompt enter the command followed by a
hostname or IP address, such as the following:
C:\> tracert www.novell.com
The TRACERT command has the following syntax:
tracert [-d] [-h maximum_hops] [-j host-list] [-w
timeout] target_name
Table 12, “TRACERT Options,” on page 132 explains the use of the
TRACERT options.
Troubleshooting 131

103-000164-001
September 4, 2001
Novell Confidential
Table 12 TRACERT Options
Option Meaning
-d Do not resolve addresses to host

names
-h maximum_hops Maximum number of hops to search

for target
-j host-list Loose source route along host-list
-w timeout Timeout in milliseconds to wait for

each reply
Using ARP
ARP is an advanced utility that should be used only by those who have a
detailed understanding of TCP/IP and must troubleshoot complex problems.
The ARP command enables you to display and modify the ARP cache of a
client.
Following are three examples of use of the ARP command:
ARP -s inet_addr eth_addr [if_addr]ARP -d inet_addr
[if_addr]ARP -a [inet_addr] [-N if_addr]
Table 13, “ARP Options,” on page 132 explains the use of the ARP options.
Table 13 ARP Options
Option Meaning
-a Displays current ARP entries by interrogating the current protocol data. If

inet_addr is specified, the IP and physical addresses for the specified host are
displayed.
-g Displays current ARP entries by interrogating the current protocol data. If

inet_addr is specified, the IP and physical addresses for the specified host are
displayed.
inet_addr Specifies an Internet address.
-N if_addr Displays the ARP entries for the network interface specified by if_addr.
-d Deletes the host specified by inet_addr.

103-000164-001
September 4, 2001
Novell Confidential
Option Meaning
-s Adds the host and associates the internet address inet_addr with the physical
address eth_addr. The physical address is given as six hexadecimal bytes
separated by hyphens. The entry is permanent.
eth_addr Specifies a physical address.
if_addr If present, specifies the Internet address of the interface whose address
translation table should be modified. If not present, the first applicable
interface is used.
Using NETSTAT
NETSTAT is an advanced utility that should be used only by those who have
a detailed understanding of TCP/IP and must troubleshoot very complex
problems. NETSTAT displays protocol statistics and current TCP/IP network
connections.
The NETSTAT command has the following syntax:
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r]
[interval]
Table 14, “NETSTAT Options,” on page 133 explains the use of the NETSTAT
options.
Table 14 NETSTAT Options
Option Meaning
-a Displays all connections and listening ports, but not those of the server side.
-e Displays Ethernet statistics. This might be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto (either TCP or UDP). If
used with the -s option to display per protocol statistics, proto can be TCP,
UDP, or IP.
-r Displays the contents of the routing table.
-s Displays per protocol statistics. By default, statistics are shown for TCP, UDP,
and IP. The -p option can be used to specify a subset of the default.
Troubleshooting 133

103-000164-001
September 4, 2001
Novell Confidential
Option Meaning
interval Redisplays selected statistics, pausing interval seconds between each

display. Press Ctrl+C to stop redisplaying statistics. If omitted, NETSTAT
prints the current configuration information once.
If you suspect that a LAN card is malfunctioning, use the -e option while
troubleshooting. The -e option displays Ethernet statistics, including discards
and errors.
The -a option provides a detailed display of the active TCP connections of the
port number and network host communicating with that port. This information
is useful when you are attempting to relate TCP port numbers of the various
servers with which the client is communicating.
Using the "-F" Command Line Option for DNIPINST.NLM

DNIPINST.NLM is a backup method of extending the schema and creating
the DNS/DHCP Locator and Group objects and the RootSrvrInfo zone.
DNIPINST.NLM can be used if problems occurred during the Netware 6
installation process. Most administrators will not need to use this NLM.
You can use the "-F" command line option in the DNIPINST.NLM to re-create
the DNS/DHCP configuration objects if the initial attempt to set up Novell
DNS/DHCP Services fails during the configuration object creation stage.
When a failure occurs during the object creation phase, we recommend that
you delete the DNS-DHCP (DNS/DHCP Locator), DNSDHCP-GROUP
(DNS/DHCP Group), and the RootSrvrInfo objects (if they have been
created), then use DNIPINST.NLM with the "-F" flag. When the "-F"
command line option is specified, an initial console message confirms the
action and the eDirectory login window appears. After a successful login, the
object eDirectory context query window is displayed. You can enter the data
and create the objects. If a schema extension error occurs, execute
DNIPINST.NLM in the regular mode.
Server Access to DNS/DHCP Locator Object Not Required

The requirement that the DNS and DHCP servers always have access to the
DNS/DHCP Locator object has been relaxed.
The DHCP server can load without having access to the DNS/DHCP Locator
object. However, the first time the server loads it requires access to the DNS/

103-000164-001
September 4, 2001
Novell Confidential
DHCP Locator object to obtain a copy of any global configuration from the
object. The DHCP server saves a copy of the global configuration in
SYS:\ETC\DHCP\DHCPLOC.TAB.
In subsequent loads, the DHCP server will try to obtain the global
configuration information from the DNS/DHCP Locator object. If the
information is not available, the DHCP server will read the information from
the last saved copy of SYS:\ETC\DHCP\DHCPLOC.TAB. Each time the
DHCP server loads and the DNS/DHCP Locator object is available, the
DHCP server updates the DHCPLOC.TAB file.
The DNS server also does not require access to the DNS/DHCP Locator
object. It has been enhanced to require access to the DNS/DHCP Locator
object only if the NAMED command line arguments are specified to create
zones in eDirectory. The DNS server no longer requires access to the
RootSrvrInfo zone stored in eDirectory. The DNS server now first tries to find
the RootSrvrInfo zone in eDirectory, but if it is not available, the DNS server
uses the copy of the information found in SYS:\ETC\DNS\ROOTSRVR.DAT.
DHCP
This section provides the following troubleshooting information for DHCP:
“Common Operational Problems” on page 136
“Releasing and Renewing DHCP Addresses” on page 139
1. Verify that IP hosts with DHCP-assigned parameters operate the same as
when you manually configured them.
If an IP host does not operate the same as when it was manually
configured, verify that the parameters assigned by DHCP are the same as
those when the host was manually configured.
If a node is intermittently inoperable, verify that the node is not using the
same IP address as another IP host. If a duplicate IP address exists, verify
that there is only one DHCP server for the subnet. Also verify that the IP
addresses assigned by the DHCP server are not being used by manual
nodes.
2. Verify that all DHCP hosts can obtain a DHCP lease when required.
Troubleshooting 135

103-000164-001
September 4, 2001
Novell Confidential
If DHCP hosts cannot obtain a DHCP lease when required, verify that
enough leases exist to accommodate all hosts that use DHCP. If there are
too few leases, obtain more IP addresses and configure more leases or
reduce the lease time to a few hours. This ensures that more leases are
made available to other clients that are waiting to use the IP addresses.
If a Windows 95 client cannot acquire a lease and responds with the
messageUnable to obtain an IP network address the
client requires a longer timeout. This problem might occur when the
client and DHCP server are separated by one or more routers. To increase
the timeout for Windows 95 clients, obtain a patch from Microsoft. The
patch is dated 2/12/96 and includes a file named VDHCP.386. The patch
itself is named DCHCPUPD.EXE.
3. Verify that the number of leases available for clients does not decrease
when you are using mobile clients.
If the number of leases available for clients decreases when you are using
mobile clients, verify that the mobile clients' lease is released when the
client connects from a remote office or that the mobile client can use the
same lease and the same IP address at the new location.
If the remote office is on a subnet different from that of the local
office and the subnet is serviced by a different DHCP server, verify
that the lease is released by the first server within a reasonable
amount of time after the mobile client moves to the remote office. If
the lease is not released quickly enough, reduce the lease time.
office and the subnet is serviced by the same DHCP server, verify
that the IPAssignmentPolicy attribute of the DHCP server object in
eDirectory is set to DELETE_DUPLICATE. This ensures that only
one lease is in use at a time because the original lease is deleted when
the mobile client requests a new lease.
If the remote office is on the same subnet as that of the local office,
the mobile client should use the same IP address. If the mobile client
does not use the same IP address, verify that there is only one DHCP
server for the subnet.
Common Operational Problems

The following list describes the most common operational errors that occur.
Problem—A node is intermittently inoperable.

103-000164-001
September 4, 2001
Novell Confidential
Cause—An unauthorized DHCP server has been configured by someone

attempting to control or disrupt your network. The unauthorized DHCP
server is assigning IP addresses and other configuration parameters that
have already been assigned to other nodes by an authorized DHCP server.
The result is that nodes are assigned duplicate IP addresses or incorrect
configuration parameters. Incorrect configuration parameters can
interfere with a node's ability to communicate to the network in any
number of ways. Incorrect parameters can even be used to cause a node
to connect to a server that is controlled by an unauthorized user, thereby
allowing the unauthorized user to take control of the client.
Solution—Find the unauthorized DHCP server and disable it or
disconnect it from the network.
Problem—A Windows 95 client cannot acquire a lease and responds with
the message Unable to obtain an IP network address
Cause—The Windows 95 DHCP client has a two-second timeout for the
time between when it accepts an offer of an IP address in a message sent
to the server and the time it expects an acknowledgment of that
acceptance in a reply from the server. Other clients, such as Windows
NT*, have a four-second timeout.
Solution—Obtain the DCHCPUPD.EXE patch from Microsoft that
changes the timeout on Windows 95 clients from two seconds to four
seconds. The patch is dated 2/12/96 and includes a file named
VDHCP.386.
Problem—The use of mobile clients causes fewer leases to be available.
Cause 1—The mobile clients' lease is not released when the mobile client
moves to a remote office. This can occur when the remote office is on a
subnet different from that of the local office and the remote subnet is
serviced by a different DHCP server.
Solution 1— Determine the lease time assigned to this client. If the lease
is not released quickly enough, reduce the lease time. Otherwise, have the
client manually release the old IP address before it leaves the local office.
Cause 2—The mobile client uses two leases at the same time because it
cannot use the same lease and the same IP address at the new location.
Solution 2—Use one of the following solutions:
office and the subnet is serviced by the same DHCP server, verify
that the IPAssignmentPolicy attribute of the DHCP server object in
Troubleshooting 137

103-000164-001
September 4, 2001
Novell Confidential
eDirectory is set to DELETE_DUPLICATE. This ensures that only

one lease is in use at a time because the original lease is deleted when
the mobile client requests a new lease.
If the remote office is on the same subnet as that of the local office,
the client should use the same IP address. If the client does not use
the same IP address, verify that there is only one DHCP server for the
subnet.
Problem—Clients work properly when manually configured, but some
functions do not work when using DHCP.
Cause—One or more global client parameters were not configured
properly in DHCP.
Solution—Verify that all parameters assigned by DHCP are properly
configured.
Problem—At a site with a limited number of leases, many clients cannot
obtain a lease. The leases are not being efficiently shared by all clients
that must use them.
Cause—Clients are not releasing the leases when they are finished using
them because the lease time is too long.
Solution—Reduce the lease time to a few hours so that leases can be made
available to other clients that are waiting to use the IP addresses.
Otherwise, you might need to purchase more IP addresses and configure
more or larger address ranges to make more IP addresses available.
Problem—It is difficult to identify and manage network resources when
using dynamic DHCP assignments.
Cause—The IP addresses of the clients might change if you use DHCP
continually over a period of time and the lease period is set to a
reasonably low value.
Solution—Use static DHCP assignments when you want to use a specific
IP address assigned to the client for identification and management.
Problem—DHCPSRVR.NLM is loaded and the trace screen has been
activated with the -d flag, but there is no evidence of interaction between
the server and clients, and clients are not receiving IP address
assignments.
Cause—The server is not physically linked to the client's
communications media or the server did not bind its IP protocol to the
interface card, which shares physical media access with the client.

103-000164-001
September 4, 2001
Novell Confidential
Solution—Check the server's physical connections. Load INETCFG to

ensure that proper binding exists.
Problem—DHCPSRVR.NLM is loaded and the trace screen shows client
packets being received, but the server is not responding and the
REQUEST packets are dropped.
Cause—The server's configuration for its local interfaces does not match
the configuration within the Directory for the same server.
Solution—Load INETCFG and check to see if the server has a legal IP
address on each local subnet it serves. Also check that each local subnet
is properly configured using the DNS/DHCP Management Utility.
Releasing and Renewing DHCP Addresses

When a host is powered on, it is leased an IP address for a period of time,
depending on the configuration settings of the subnet from which the address
is assigned. If the machine is moved to another network while the original IP
address lease is still valid, the user must release the lease. Other situations
might also require that a lease be released, such as the use of a laptop computer
in different locations of a given network.
Windows 95
To manually release and renew a DHCP-assigned IP address in Windows 95,

1 Select Start, then Run.
2 Type winipcfg and press Enter.
The IP Configuration dialog box is displayed.
3 Click Release All.
The IP Address, Subnet Mask, and Default Gateway fields should display
no addresses.
4 Click Renew All.
New addresses should appear in the IP Address, Subnet Mask, and
Default Gateway fields.
5 Click OK to close WINIPCFG.
Troubleshooting 139

103-000164-001
September 4, 2001
Novell Confidential
Windows NT
To manually release and renew a DHCP-assigned IP address in Windows NT,

1 Select Start > Programs > MS-DOS Command Prompt.
2 From the DOS prompt, execute the command
ipconfig /release
A message is displayed indicating that the assigned IP address has been
successfully released.
3 From the DOS prompt, execute the command
ipconfig /renew
A message is displayed indicating the new IP address that has been
assigned.
To review DHCP settings,
4 From the DOS prompt, execute the following command to review DHCP
settings:
inconfig /all

103-000164-001
September 4, 2001
Novell Confidential
Internetwork Packet Exchange
Novell
NetWare 6 ®
www.novell.com
I N T E R N E T W O R K PA C K E T E X C H A N G E
August 29, 2001

Novell Confidential
Contents
About This Guide 9

1 Understanding 11
The IPX Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
IPX Packet Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
IPX Addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Network Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Node Number. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Socket Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
How IPX Routing Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
When a Workstation Sends an IPX Packet. . . . . . . . . . . . . . . . . . . . . . . . . . . 21
When a Router Receives an IPX Packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
When a Router Forwards an IPX Packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
IPX Operation over WAN Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Call Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Permanent Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
On-Demand Calls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Routed On-Demand Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Routing Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Static Routes and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Watchdog Packet Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Header Compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Compression Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Compression Packet Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
IPX Route Aggregation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Introducing Aggregated Routes into NLSP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Consistent Use of Routers that Support Route Aggregation . . . . . . . . . . . . . . . . . . . . 36
Interaction with SAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Metrics Used with Aggregated Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
IPX Address Mapping Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2 Planning 41
IPX Configuration Decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
NetWare Mobile IPX Configuration Decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Mobile Client Driver Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Planning for Efficient Use of Your Mobile Client . . . . . . . . . . . . . . . . . . . . . . . . 45
Deciding Where to Locate a Home Router . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Contents 5

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
3 Setting Up 51
Turning Off IPX Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
How to Turn Off IPX Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Configuring Static Routes and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Configuring Static Routes and Services with NIASCFG . . . . . . . . . . . . . . . . . . . . 54
Configuring Static Routes and Services with STATICON . . . . . . . . . . . . . . . . . . . 56
Configuring Watchdog Spoofing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
How to Configure Watchdog Spoofing on an Interface . . . . . . . . . . . . . . . . . . . . 66
How to Configure Watchdog Spoofing for Call Destinations. . . . . . . . . . . . . . . . . . 66
Configuring Routed or Static On-Demand Calls. . . . . . . . . . . . . . . . . . . . . . . . . . 67
How to Configure Routed or Static On-Demand Calls . . . . . . . . . . . . . . . . . . . . . 68
Configuring IPX and NCP Header Compression . . . . . . . . . . . . . . . . . . . . . . . . . 69
How to Configure IPX and NCP Header Compression on an Interface . . . . . . . . . . . . 70
How to Configure IPX and NCP Header Compression per Call Destination. . . . . . . . . . 71
Configuring NLSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
How to Configure NLSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
How to Change the LSP Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Configuring RIP and SAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
How to Configure RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
How to Configure SAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Accepting and Advertising Services from a Network Not Listed in the Routing Information Table
82
Proxying a NetWare File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
How to Proxy a NetWare File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
How to Check the Proxy Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring the IPX Address Mapping Gateway . . . . . . . . . . . . . . . . . . . . . . . . . 86
Configuring IPX Route Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Controlling the Propagation of Type 20 Packets . . . . . . . . . . . . . . . . . . . . . . . . . 89
How to Control Propagation of Type 20 Packets . . . . . . . . . . . . . . . . . . . . . . . 90
Changing the Hop Count Limit for IPX Packets . . . . . . . . . . . . . . . . . . . . . . . . . . 90
How to Change the Hop Count Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Balancing Traffic Loads over Equal-Cost Routes . . . . . . . . . . . . . . . . . . . . . . . . . 92
How to Balance Traffic Loads over Equal-Cost Routes . . . . . . . . . . . . . . . . . . . . 93
Configuring SPX Connection Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
How to Configure SPX Connection Parameters . . . . . . . . . . . . . . . . . . . . . . . . 95
Setting Delay and Throughput for a Slow Link . . . . . . . . . . . . . . . . . . . . . . . . . . 95
How to Set Delay and Throughput for a Slow Link . . . . . . . . . . . . . . . . . . . . . . 97
Configuring IPX for Wireless Connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring a Home Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Configuring a Mobile Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Configuring the MacIPX Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Configuring and Binding the Gateway Driver . . . . . . . . . . . . . . . . . . . . . . . . . 107
Restricting Gateway Service to Selected Networks . . . . . . . . . . . . . . . . . . . . . . 109
6 Internetwork Packet Exchange

103-000176-001
August 29, 2001
Novell Confidential
4 Managing 111
Using the IPXCON Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Using the IPXPING Utility on the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Using the IPXPING Utility on the Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Using the SPFCON Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Main Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Interfaces Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Connections Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Spoofing Statistics Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Viewing NetWare IPX Configuration Information. . . . . . . . . . . . . . . . . . . . . . . . . 116
Determining Whether a Remote IPX Router Is Reachable . . . . . . . . . . . . . . . . . . . 116
Determining Which IPX Services Are Reachable . . . . . . . . . . . . . . . . . . . . . . . . 117
Checking an IPX Network for Inactive Routers . . . . . . . . . . . . . . . . . . . . . . . . . 117
Checking the IPX Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Checking an IPX Network for Duplicate Network Numbers . . . . . . . . . . . . . . . . . . . 118
Checking an IPX Network for Duplicate System IDs . . . . . . . . . . . . . . . . . . . . . . . 118
Determining Where NLSP Is Running in Your Network . . . . . . . . . . . . . . . . . . . . . 119
Finding NLSP Routers with Insufficient Memory . . . . . . . . . . . . . . . . . . . . . . . . . 119
Finding the Designated Router on a LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Monitoring Error Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Viewing the MacIPX Gateway Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Viewing MacIPX Gateway Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
IPXCON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
System Console Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Configuration Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Troubleshooting Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
IPX Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
IPX Connectivity Problems (Duplicate ID or Network Number) . . . . . . . . . . . . . . . 129
NLSP Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Common Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Login Times Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Load Balancing over IPX Is Not Working . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Only One IPX Packet Is Sent and Received . . . . . . . . . . . . . . . . . . . . . . . . . 133
IPXCON Counters Are Increasing (Duplicate ID or Network Number) . . . . . . . . . . . . 133
Error Messages Are Displayed (Duplicate ID or Network Number) . . . . . . . . . . . . . 134
NLSP Decision Process Is Running Frequently (Duplicate System ID) . . . . . . . . . . . 135
Other Router Names Are Not Displayed . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
System Frequently Appears and Disappears on the LAN . . . . . . . . . . . . . . . . . . 135
Contents 7

103-000176-001
August 29, 2001
Novell Confidential
Multiple Systems on a LAN Become Unreachable Intermittently . . . . . . . . . . . . . . . 138

Connectivity Across a Point-to-Point Link Has Been Lost . . . . . . . . . . . . . . . . . . . 139
An NLSP Server on a LAN Cannot Be Accessed . . . . . . . . . . . . . . . . . . . . . . . 140
LAN Is Partitioned . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
No Communication Occurs between Two Networks. . . . . . . . . . . . . . . . . . . . . . 142
Services Are Inaccessible in the Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Number of Routes and Services on a System Shows Local Connectivity Only . . . . . . . . 144
Services or Routes are Fluctuating Excessively . . . . . . . . . . . . . . . . . . . . . . . . 145
Heavy Network-Layer Traffic Occurs on a Point-to-Point Link. . . . . . . . . . . . . . . . . 146
Applications Perform Poorly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
CALLMGR Shows an IPX Circuit but IPXCON Does Not . . . . . . . . . . . . . . . . . . . 149
Many Systems Are Entering an Overloaded State . . . . . . . . . . . . . . . . . . . . . . 149
Connectivity Is Lost on Only One LAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
NetWare Mobile IPX Client Loses Connectivity to the Server . . . . . . . . . . . . . . . . . 151

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
About This Guide
This guide provides the information you need to configure and manage the
Novell® Internet Access Server 4.1 IPXTM routing software. In addition to
planning information, this guide provides troubleshooting tips, techniques,
and tools, as well as the symptoms of and solutions to commonly occurring
problems for the IPX components of Novell Internet Access Server 4.1.
About This Guide 9

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
1 Understanding
This section describes the processes and protocols that govern Internetwork
Packet ExchangeTM (IPXTM) routing in the NetWare® networking
environment. In particular, it examines the mechanics of IPX packet routing
and the administration of routing and service information on an IPX
internetwork.
Each NetWare protocol plays a different role in enabling a NetWare router to
perform its tasks. Media access control (MAC) protocols and IPX provide the
addressing mechanism that delivers packets to their destination. The Routing
Information Protocol (RIP), Service Advertising Protocol (SAP), and
NetWare Link Services ProtocolTM (NLSPTM) protocols provide the means by
which routers gather routing and service information and share it with other
routers on an internetwork.
Although the NetWare Core ProtocolTM (NCPTM) software does not play a
direct role in routing, it does provide session control and packet-level error
checking between NetWare workstations and routers. Similarly, the
Sequenced Packet ExchangeTM (SPXTM) protocol neither routes packets nor
advertises service information, but guarantees delivery of each packet to its
destination.
Figure 1 on page 12 shows how the NetWare protocols correspond to the Open
Systems Interconnection (OSI) reference model. Because this model
represents only a basic framework for networking functionality, not all
NetWare protocols fit neatly into a single functional layer.
Understanding 11

103-000176-001
August 29, 2001
Novell Confidential
Figure 1 How NetWare Protocols Correspond to the OSI Reference Model
Application
NetBIOS
Applications NetWare
Presentation
Applications
Session SAP NCP
NetBIOS
Transport SPX
Network IPX NLSP RIP
Data Link MAC Protocols

(Ethernet, token ring, ARCnet*)
Physical
The higher-level protocols (NetBIOS, SAP, NCP, SPX, NLSP, and RIP) rely
on the MAC protocols and IPX to handle lower-level communications, such
as node addressing. With the exception of NetBIOS, NCP, and SPX, each of
these protocols plays a role in the operation of IPX routing.
The IPX Protocol

Novell adapted IPX from the Xerox* Network System (XNS*) Internet
Datagram Protocol (IDP). IPX is a connectionless datagram protocol.
Connectionless means that when a process running on a particular node uses
IPX to communicate with a process on another node, no connection between
the two nodes is established. Thus, IPX packets are addressed and sent to their
destinations, but there is no guarantee or verification of successful delivery.
Any packet acknowledgment or connection control is provided by protocols
above IPX, such as SPX. Datagram means that each packet is treated as an
individual entity, having no logical or sequential relation to any other packet.
As shown in Figure 1, IPX operates at the OSI Network layer. As a Network-
layer protocol, IPX addresses and routes packets from one location to another
on an IPX internetwork. IPX bases its routing decisions on the address fields
in its header and on the information it receives from RIP or NLSP. IPX uses
this information to forward packets to their destination node or to the next
router providing a path to the destination node.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
For more information about the IPX protocol, refer to

“IPX Packet Structure” on page 13
“IPX Addressing” on page 17
“How IPX Routing Works” on page 21
IPX Packet Structure

The IPX packet is similar to an XNS IDP packet and comprises two parts:
A 30-byte IPX header, which includes the network, node, and socket
addresses for both the destination and the source
A data section, which often includes the header of a higher-level
protocol, such as SPX
The minimum IPX packet size—excluding the MAC header—is 30 bytes
(IPX header only). Historically, the maximum size of routed IPX packets has
been 576 bytes (IPX header and data). Until recently, all routed IPX packets
were between 30 and 576 bytes. However, the IPX protocol has always
allowed packet sizes up to 65,535 bytes.
NOTE: Media constraints typically limit the actual maximum packet size allowed to
something less than 65,535 bytes. Ethernet II packets, for example, are limited to
a data size of 1,500 bytes, not including the MAC header.
The IPX header is placed after the MAC header and before the data. Figure 2
on page 14 shows the structure of an IPX packet.
Understanding 13

103-000176-001
August 29, 2001
Novell Confidential
Figure 2 IPX Packet Structure
IPX Packet
Checksum (2 bytes)
Packet Length (2 bytes)
Transport Control (1 byte)
MAC Protocol Envelope
Packet Type (1 byte)
MAC Header Destination Network (4 bytes)
Destination Node (6 bytes)
Destination Socket (2 bytes)
Data
Source Network (4 bytes)
Source Node (6 bytes)
MAC Trailer Source Socket (2 bytes)
Higher-Level Protocol Headers
Data
The following describes the IPX packet fields:

Checksum —Packet integrity check.
The checksum is used by the NetWare SFTTM IIITM software and NetWare
4 software. Older versions of NetWare did not use the IPX checksum and
required that this field be set to 0xFFFF.
Packet Length —Length, in bytes, of the complete packet, which is the
length of the IPX header plus the length of the data.
The packet length is at least 30 bytes (for the IPX header).
Transport Control —Number of routers a packet has traversed on the way
to its destination.
IMPORTANT: On a traditional, RIP-based IPX router, IPX packets whose
Transport Control field reaches a value of 16 are discarded. With NLSP, an IPX
packet can travel up to 127 hops to reach its destination. You make this possible
by setting the Hop Count Limit parameter from the Novell Internet Access Server
Configuration utility (NIASCFG). This enables you to limit the number of routers
(hops) an IPX packet traverses before it is discarded.

103-000176-001
August 29, 2001
Novell Confidential
Sending nodes always set the Transport Control field to zero when
building an IPX packet. When a router receives a packet that requires
further routing, it increments this field by one and forwards the packet.
Packet Type —Type of service offered or required by the packet.
Novell currently uses the packet types listed in Table 1.
Table 1 Packet Types
Packet Type Field Value (Hex) Purpose
NLSP 0x00 NLSP packets
Routing information 0x01 RIP packets
Service advertising 0x04 SAP packets
Sequenced 0x05 SPX packets
NCP 0x11 NCP packets
Propagated 0x14 NetBIOS and other

propagated packets
Destination Network —Number of the network to which the destination

node is attached.
When a sending node sets this field to 0x0 (that is, 0x00000000), the
destination node is assumed to be on the same network segment as the
sending (or source) node.
A special case exists when a workstation sends SAP Get Nearest Server
and RIP Get Local Target (or Route Request) broadcast requests at
initialization time. Because the workstation does not yet know which
network it belongs to, it sets both the Source Network and Destination
Network fields to 0 for these requests. When a router receives one of these
requests, it sends a reply directly to the sending workstation, filling in the
Source Network and Destination Network fields with the appropriate
network numbers.
NOTE: IPX does not have a broadcast network number (such as 0xFFFFFFFF).
In addition to network number 0, the numbers 0xFFFFFFFF and

0xFFFFFFFE are reserved for specific purposes. For this reason, they
should not be assigned to any IPX network. For more information about
Understanding 15

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
reserved network numbers, refer to “Reserved Network Numbers” on

page 18.
Destination Node —Physical address of the destination node.
Not all LAN topologies use the same size address field. A node on an
Ethernet network requires all 6 bytes to define its address; a node on an
Ammonite network requires only 1 byte.
A node address of 0xFFFFFFFFFFFF (that is, 6 bytes of 0xFF)
broadcasts the packet to all nodes on the destination network.
Destination Socket —Socket address of the packet destination process.
Sockets route packets to different processes within a single node. Novell
reserves several sockets for use in the NetWare environment. Refer to
Table 2 on page 20 for a partial list of NetWare socket numbers.
NOTE: IPX does not have a broadcast socket number (such as 0xFFFF).
Source Network —Number of the network to which the source node is

attached. If a sending node sets this field to zero, the local network to
which the source is connected is unknown. For routers, the rules that
apply to the Destination Network field also apply to the Source Network
field, except that routers can propagate packets that were received with
this field set to zero.
Source Node —Physical address of the source node.
Broadcast addresses are not allowed.
Source Socket —Socket address of the process that transmits the packet.
Processes communicating in a peer-to-peer fashion do not need to send
and receive on the same socket number.
On a network of workstations and servers, the server usually listens on a
specific socket for service requests. In such a case, the source socket is
not necessarily the same or even significant. All that matters is that the
server reply to the source socket. For example, all NetWare file servers
have the same socket address, but requests to them can originate from any
socket number.
Source socket numbers follow the same conventions as those for
destination sockets.
Higher-Level Protocol Headers —Headers of higher-level NetWare
protocols, such as NCP or SPX. These headers occupy the data portion of
the IPX packet.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IPX Addressing
IPX defines its own internetwork and intranode addressing. For intranetwork
(node) addressing, IPX uses the physical address assigned to the network
interface board.
The IPX network address uniquely identifies an IPX server on an IPX network
and individual processes within the server. A complete IPX network address
is a 12-byte hexadecimal number comprising the following components:
A 4-byte network number (server)
A 6-byte node number (server)
A 2-byte socket number (server process)
The following is an example of a complete IPX network address:
FEDCBA98 1A2B3C5D7E9F 0453
Each number in an IPX address is contained in a field in the IPX header and
represents a source or destination network, node, or socket. The network
number is used only for Network-layer operations, namely routing. The node
number is used for local, or same-segment, packet transmission. The socket
number directs a packet to a process operating within a node.
For more information about each address component, refer to
“Network Number” on page 17
“Node Number” on page 19
“Socket Number” on page 20
Network Number
The IPX network number is the 4-byte hexadecimal address that serves as the
basis for IPX packet routing. Each network segment on an internetwork is
assigned a unique network number. NetWare routers use this number to
forward packets to their final destination network.
An IPX network number can contain up to eight digits, including zeros.
(Leading zeros are usually not displayed.) For example, 0xFEDCBA98,
0x1234567D, and 0xC7 are all valid network numbers.
With the fast setup feature available from NIASCFG, the routing software can
automatically detect the network number and data-link frame type used on an
Understanding 17

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IPX network. After you configure a board and select a driver during the initial
router configuration, the router sends a RIP all routes request packet to the
network. From the responses it receives, the router determines the network
number and frame type it needs to use.
Reserved Network Numbers
The destination network of an IPX packet is typically an IPX network to

which a unique network number has been assigned. However, three network
numbers—0x0, 0xFFFFFFFF, and 0xFFFFFFFE—are reserved and cannot be
used to identify a specific network. These numbers have the following
meanings:
0x0 —Represents the local network segment. If a router receives a packet
whose destination network number is 0, the packet's source and
destination nodes are attached to the same segment.
0xFFFFFFFF —Represents an all routes request between NetWare
routers. If a router receives a packet whose destination network number
is FFFFFFFF, it sends all the routes it knows about to the requesting
router.
0xFFFFFFFE —Represents the default route . This is an advertised
destination to which IPX packets with unknown destination networks are
forwarded.
With NetWare routing software, a router that receives an IPX packet with an
unknown destination network can do one of two things: If another router on
the network is advertising 0xFFFFFFFE, the router forwards the packet to that
router. If 0xFFFFFFFE is not advertised on the network, the packet's
destination remains unknown and the router discards the packet.
Both RIP and NLSP have been modified to recognize 0xFFFFFFFE as the
default route. On a RIP network, the default route is typically advertised by a
RIP router that connects the LAN to a larger network infrastructure, such as a
corporate backbone or transit LAN .
The routing software cannot advertise the default route dynamically, but you
can configure the router to advertise it as a static route . To read about static
routes, refer to “Static Routes and Services.”

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Internal Network Number
NetWare 3 servers and NetWare 4 servers have an additional identifier called

an internal network number. This is a unique hexadecimal number between
one and eight digits that is assigned to the server at installation. The internal
network is a logical network that NetWare uses to advertise services and route
IPX packets to the physical networks attached to the server.
The internal network number overcomes some routing and connectivity
limitations inherent in NetWare 2. These are summarized in the following
paragraphs.
A NetWare 2 server selects a primary interface and advertises its services as
reachable through that interface. On a network with more than one server,
packets might travel an extra hop to reach their destination.
A NetWare 2 server loses network connectivity if its primary network
interface board fails, even if the server has Network-layer connectivity
through another interface. Consider a NetWare 2 server with connections to
two networks. The server advertises its services through the primary interface
attached to one of the networks. If that interface fails, workstations attached
to the server through the second network might not be able to log in to the
server.
Node Number
The node number is the 6-byte hexadecimal address that identifies a device on
an IPX network. This device can be a file server, router, workstation, or
printer. The node number is identical to the physical address assigned to the
interface board that connects the device to the network.
The IPX header contains a Destination Node field and a Source Node field.
These fields contain the same destination and source node addresses found in
the MAC header. A NetWare workstation, for example, uses the destination
node address to locate and forward packets to another workstation on the same
network segment.
IPX requires the node number to be unique only within the same IPX network.
For example, a node on network FEDCBA98 can use the number
1A2B3C5D7E9F, and a node on network 1234567D can also use the number
1A2B3C5D7E9F. Because each node has a different network number, IPX
recognizes each node as having a legitimate, unique address.
Understanding 19

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Socket Number
The socket number is the 2-byte hexadecimal number that identifies the
ultimate destination of an IPX packet within the node. This destination is
actually a process —such as routing (RIP) or advertising (SAP)—that
operates within the node. Because several processes are typically operating at
any given time, socket numbers provide a type of mail slot by which each
process can identify itself to IPX.
A process that must communicate on the network requests that a socket
number be assigned to it. Any packets that IPX receives that are addressed to
that socket are passed to the process. Socket numbers provide a quick method
of routing packets within a node.
Table 2 lists some socket numbers and processes used in the NetWare
environment.
Table 2 NetWare Socket Numbers and Processes
Socket Number Process
0x451 NCP
0x452 SAP
0x453 RIP
0x455 Novell NetBIOS
0x456 Diagnostics
0x9001 NLSP
0x9004 IPXWANTM protocol
(For information about IPXWAN, refer to “IPX

Operation over WAN Links” on page 24.)
Socket numbers between 0x4000 and 0x7FFF are dynamic sockets; these are
used by workstations to communicate with file servers and other network
devices. Socket numbers between 0x8000 and 0xFFFF are well-known
sockets; these are assigned by Novell to specific processes. For example,
0x9001 is the socket number that identifies NLSP. Software developers
writing NetWare applications can contact Novell to reserve well-known
sockets.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
How IPX Routing Works

NetWare routers interconnect different IPX network segments and receive
instructions for addressing and routing packets between these segments from
the IPX protocol. IPX accomplishes these and other Network-layer tasks with
the help of RIP, SAP, and NLSP.
For more information about how IPX routing works, refer to:
When a Workstation Sends an IPX Packet
When a Router Receives an IPX Packet
When a Router Forwards an IPX Packet
When a Workstation Sends an IPX Packet

Consider a NetWare workstation that wants to send data to another
workstation. If both workstations share the same network number (both are on
the same segment), the sending workstation addresses and sends packets
directly to the destination workstation's physical address. If the two
workstations have different network numbers (each is on a different segment),
the sending workstation must first find a router on its own segment that can
forward packets to the segment on which the destination workstation resides.
To find this router, the sending workstation broadcasts a RIP packet requesting
the fastest route to the destination segment. The router on the sending segment
with the shortest path to the destination segment responds to the request. In its
response, the router includes its own network and node address in the IPX
header.
NOTE: If the sending node is a router instead of a workstation, the router does not
need to broadcast a RIP request to obtain this information; the router obtains the
information from its internal routing table.
When the sending workstation knows the router node address, it addresses and
sends packets to the destination workstation as follows:
1. The sending workstation places the destination node IPX network
address—network, node, and socket numbers—in the corresponding
destination fields of the IPX header.
2. The sending workstation places its own IPX network address—network,
node, and socket numbers—in the corresponding source fields of the IPX
header. The sending workstation also fills out all other fields in the
header.
Understanding 21

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
3. The sending workstation places the node address of the router that
responded to the RIP request in the Destination Address field of the MAC
header.
4. The sending workstation places its own node address in the Source
Address field of the MAC header.
5. The sending workstation sends the packet.
When a Router Receives an IPX Packet

When a router receives an IPX packet, it performs the following tasks:
1. The router checks the Transport Control field of the IPX packet header.
A RIP router discards the packet if the value in this field is greater than
16.
An NLSP router discards the packet if the value in this field is greater than
the value of the Hop Count Limit parameter.
2. The router checks the IPX header Packet Type field.
Note that if the packet type is 20 (0x14, NetBIOS), the packet is handled
as follows:
a. The router examines the Transport Control field of the IPX header. If
this value is 8 or greater, the router discards the packet. (Propagation
of a NetBIOS packet is limited to eight networks.)
b. The router compares each network number entry in the packet to the
network number of the segment on which the router received the
packet.
If the router finds a match, it discards the packet to prevent multiple
traversals of the same network segment. If the router finds no match,
it performs the next step.
c. The router places the address of the network segment from which the
packet arrived in the next available Network Number field.
d. The router increments the Transport Control field of the IPX header
and broadcasts the packet to all directly connected network segments
that are not represented in the Network Number fields.
3. The router checks the IPX header Destination Address fields—network,
node, and socket numbers—to determine how to route the packet.

103-000176-001
August 29, 2001
Novell Confidential
If the packet is addressed to the router, the appropriate socket process

handles it internally; otherwise, the router forwards the packet.
NOTE: Packets that must be handled internally are those addressed directly to the
router and those broadcast (destination node = 0xFFFFFFFFFFFF) to any network
segment to which the router is directly connected. Usually, only RIP, SAP, and
diagnostic packets fall into this category.
When a Router Forwards an IPX Packet

When forwarding packets, the router can take one of two possible actions. If
the packet is destined for a network number to which the router is directly
connected, the router performs the following tasks:
1. The router places the destination node address from the IPX header in the
Destination Address field of the MAC header.
2. The router places its own node address in the Source Address field of the
MAC header.
3. The router increments the Transport Control field of the IPX header and
forwards the packet to the destination node segment.
IMPORTANT: If the Transport Control field equals the maximum allowed hop
count before the field is incremented, the router discards the packet. For RIP
routers, the hop count limit is 16; for NLSP routers, this limit can be set to any
number between 8 and 127.
Note also that broadcast packets are never rebroadcast onto the network
segment from which they are received.
If the router is not directly connected to the segment on which the final
destination node resides, it sends the packet to the next router in the path to the
destination node, as follows:
1. The router places the node address of the next router in the Destination
Address field of the MAC header.
The router gets this information from its Routing Information Table.
2. The router places its own node address in the Source Address field of the
MAC header.
3. The router increments the Transport Control field in the IPX header and
forwards the packet to the next router.
Understanding 23

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IPX Operation over WAN Links

For packets to travel between two IPX network segments separated by a
WAN, there must be a connection between the two routers representing each
segment. This connection is represented by the WAN call destination , a
unique name that identifies the router on the other end of the connection.
A WAN connection can be initiated by any of the following methods:
Automatic —Established between the local router and the call
destination when IPX is bound to a WAN port. Automatic connections are
established typically at router startup.
Manual —Established between the local router and the call destination
by a user from the Call Manager utility (CALLMGR).
Data-initiated —Established when the local router needs to send data to
the (remote) router represented by the WAN call destination. This
connection method is characteristic of on-demand calls, which are
described in the following section.
After a WAN connection is established, the routers use the IPXWAN protocol
to negotiate the values or states of various connection characteristics, such as
speed, throughput, routing type, and IPX header compression. These and other
characteristics are negotiated before the routers exchange any routing
information or data.
For more information about IPX operation over WAN links, refer to
“Call Types” on page 25
“Routing Types” on page 27
“Static Routes and Services” on page 28
“Watchdog Packet Spoofing” on page 30
“Header Compression” on page 31

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Call Types
Associated with each WAN call destination is the call type, which
characterizes the behavior of the call after it is established. Calls can be
permanent or on-demand.
For more information about call types, refer to:
“Permanent Calls” on page 25
“On-Demand Calls” on page 25
“Routed On-Demand Calls” on page 26
Permanent Calls
A permanent call is a connection that remains active between the local router
and the remote router identified by the call destination. A permanent call can
be established automatically from configured protocol-to-board bindings, or
manually from CALLMGR. The call remains active until IPX is unbound
from the interface, or until the connection is disconnected manually from
CALLMGR. If a permanent call fails, IPXRTR tries to reestablish the
connection.
IPX routing and service information crosses permanent calls as required by
the operative routing/service protocol, which can be RIP/SAP or NLSP. If you
do not want routing and service traffic to cross a permanent-call link, the
routing software enables you to configure static routes and services on each
router. This is typically how IPX routers are made aware of remote routes and
services over links that use on-demand calls.
For information about static routes and services, refer to “Static Routes and
Services” on page 28.
For more information about permanent calls, refer to “Understanding” in the
routing documentation for NetWare/Link PPP.
On-Demand Calls
An on-demand call is a dedicated, point-to-point connection between two
routers that becomes active only when one router must send user data to the
other. Because the on-demand call relies on configured static routes and
services, no routing or service information crosses the link while the call is
active.
Understanding 25

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
With an on-demand call, the link remains inactive until user data needs to
cross it. Workstations needing to reach remote destinations send packets to
their local IPX router advertising the routes, assuming the packets can reach
their destination. The local router stores the packets and tries to establish a
connection to the remote router. After the local router completes the call and
negotiates on-demand service, it forwards the stored packets to the remote
router, which then forwards them to their destination.
NOTE: To avoid activating potentially expensive connections, IPX routers do not
forward type 20 (NetBIOS) packets over on-demand calls.
For more information about on-demand calls, refer to “Understanding” in the

routing documentation for NetWare/Link PPP.
Routed On-Demand Calls

NetWare routing also enables you to configure a routed on-demand call.
Unlike the standard on-demand call, which relies on statically configured
routes and services, a routed on-demand call runs a routing protocol while the
link is active. When the link goes down, the routes and services made known
by the routing protocol become unavailable.
If no data crosses the link after some period of time, a Data-Link layer timer
triggers the termination of an on-demand call. However, the routing protocol
running over a routed on-demand call resets this timer each time it transmits a
packet. This keeps the link continuously active. To solve this problem, the
routing software uses a similar timer that operates at the Network layer. This
timer is reset only when data packets—not protocol packets—cross the link.
In this way, the routing updates do not keep the link active when no data is
being transmitted.
Routed on-demand calls are well-suited for large corporate networks that have
many branch offices. In this type of internetwork, most of the traffic is
unidirectional: from the branch office to the corporate network. Configuring
each branch office with a single (default) route to the corporate network is
sufficient. When a branch office router establishes a link to the router serving
the corporate network, the routing protocol floods the branch office routes into
the corporate network. This is necessary so that responses to branch office
service requests know how to reach their destination in the branch office
network. As long as the branch office forwards information to the corporate
network, the link remains active. If the link is idle for some predetermined
period of time, it goes down.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
You configure a routed on-demand call the same way you configure a standard
on-demand call with one exception: you must configure a routing protocol to
operate over the link.
Routing Types
IPXWAN negotiates the WAN routing type, which determines which IPX
routing protocol—if any—runs over the connection. NetWare routing
supports the following routing types for IPX exchanges over a WAN
connection:
NOTE: The first four routing types operate only between routers; the fifth, WAN
Workstation , operates between a router and a NetWare workstation.
WAN NLSP —Uses NLSP to exchange routing and service information

over the connection. This is the most efficient—and preferred—routing
type for WAN connections requiring an active routing protocol. A WAN
NLSP connection does not require an IPX network number.
Unnumbered RIP —Uses RIP and SAP to exchange routing and service
information over the connection but requires no IPX network number.
Numbered RIP —Also uses RIP and SAP to exchange routing and
service information over the connection but does require an IPX network
number.
On-Demand —Uses no active routing or service advertising protocol,
but rather a set of static routes and services on each router.
WAN Workstation —Enables a NetWare workstation to connect to an
IPX internetwork through a remote router. No routing protocol runs over
the connection, except when the workstation sends a route or service
request to the router.
To choose the most suitable routing type, IPXWAN considers the following
criteria during its negotiation process:
Which versions of the routing software are running on the routers
Earlier versions of the routing software, such as NetWare Multiprocessor
Router PlusTM 2.1x software and NetWare WAN LinksTM 2.0 software,
support only Numbered RIP connections.
Which routing protocol—RIP or NLSP—is enabled on the WAN
interfaces at each end of the connection
Understanding 27

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
For example, two routers running NLSP at their respective WAN

interfaces automatically use the WAN NLSP routing type over the
connection.
Whether a third-party router is running at the other end of the connection
Some third-party routers might support only Numbered RIP connections
for IPX routing over WANs.
Whether the WAN call destination is configured as a permanent call or an
on-demand call
WAN NLSP, Unnumbered RIP, and Numbered RIP operate only over
permanent calls; the On-Demand routing type operates only over on-
demand calls.
Static Routes and Services

A static route is a RIP route that is added to the Routing Information Table by
a network administrator, rather than by the active routing protocol—in this
case, RIP—operating over a network link. For a WAN connection, a static
route comprises a WAN call destination, the destination IPX network number,
and the route metrics (hops and ticks) to reach the destination. A static service
is a SAP service that is also added manually rather than dynamically by SAP.
A static service comprises a WAN call destination; the service name and type;
the service address network, node, and socket; and the service metrics (hops
and ticks) to reach the destination advertising the service. With the routing
software, you can configure static routes and services for both permanent and
on-demand calls.
When used with permanent calls, static routes and services are useful for
redirecting traffic to a particular network, perhaps for security reasons, and for
conserving bandwidth on slow or low-capacity links. A single static route is
also useful as a default route. In this way, the only routing information
crossing the link is that required by users to access a specified set of services.
When used with on-demand calls, static routes and services are useful for
connections that use expensive telecommunications carriers and for slow links
over which it is undesirable to exchange routing and service information.
Consider an internetwork that connects tens to hundreds of branch offices to a
single main office. Typically, each branch office requires periodic access to
information at the main office. However, it is most likely that the main office
periodically polls the branch offices to get up-to-date information, such as the
day's sales figures. Because a permanent call to each branch office is not

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
necessary, connections to the main office need only be low-speed, dial-up

lines. For this reason, the first several minutes of the call should not be taken
up by a flood of routing and service information into a branch office. Nor
should there be a relatively smaller flood of (mostly irrelevant) routing and
service information from a branch office into the main office.
Figure 3 shows a typical configuration for static routes and services over an
on-demand call.
Figure 3 On-Demand Call Between a Branch Office and the Main Office
Configured Static Routes:

AA012123 (Server Internal Network)
AA000000 (Main Office Router Internal Network)
Configured Static Routes:
Configured Static Services: 10000001 (Workstation Network)
ACCOUNTS 10000000 (Branch Office Router Internal Network)
AA012123:000000000001:0451
File Service (SAP Service Type 4) Configured Static Services:
MAIN_OFFICE_RTR BRANCH_01_RTR
AA000000:000000000001:0451 10000000:000000000001:0451
File Service (SAP Service Type 4) File Service (SAP Service Type 4)
Branch Office: On-Demand Call Main Office:

20 Networks, 1000 Networks,
plus Services plus Services
Branch Office Router Main Office Router
Name = BRANCH_01_RTR Name = MAIN_OFFICE_RTR
Internal Network = 10000000 Internal Network = AA000000
Network:
10000001
NetWare Workstation Main Office Accounting Server

Network = 10000001 Name = ACCOUNTS
Internal Network = AA012123
In this configuration, the branch office router, BRANCH_01_RTR, must

know only the addresses and names of a few servers and services. This small
number of extra routes and services is of minimal burden to the branch office
network. The main office router, MAIN_OFFICE_RTR, must keep track of
only a few networks and services from each branch office. This is significantly
better than being flooded with potentially thousands of extra routes and
services that are of no use to the main office network.
Understanding 29

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
To configure static routes and services for permanent and on-demand calls,
you can use either of the following utilities:
NIASCFG, which you also use for configuring boards and network
interfaces, and for enabling protocols and bindings on the router. If you
use NIASCFG, you must configure all routes and services manually.
STATICON, the static routes and services configuration utility for IPX.
STATICON discovers which routes and services are available through a
remote router and then adds them automatically to the static routing table
on a local router. Because STATICON gathers and exchanges the
information automatically, it is essential for configuring large numbers of
static routes and services.
Watchdog Packet Spoofing

NetWare servers use the Watchdog protocol to validate workstation
connections periodically. When a workstation is logged in to a server but has
not transmitted a packet for some period of time (the default is 5 minutes), the
server sends a watchdog query packet to the workstation. If the workstation
does not reply with a watchdog response packet after 5 minutes, the server
sends additional queries at specified intervals until 15 minutes have elapsed.
If the workstation still has not replied, the server terminates the connection.
With several workstations operating over an on-demand call, the exchange of
watchdog packets can keep the connection active most of the time. Depending
on the telecommunications carrier you use for the connection, this can become
expensive.
You can avoid this problem by configuring your router to perform watchdog
spoofing . This means that the router captures watchdog query packets on their
way to a workstation and responds on behalf of the workstation without
activating the on-demand call. Because of the spoofing, however, the
workstation's server connection remains occupied unless it logs out. A way to
avoid this is for the remote server to execute a forced logout of all
workstations at a predetermined time (midnight, for example), so that all
server connections are freed for the next day.
Figure 4 on page 31 shows how watchdog spoofing works over an on-demand
call.

103-000176-001
August 29, 2001
Novell Confidential
Figure 4 Watchdog Spoofing Enabled over an On-Demand Call
Watchdog Query:
Branch Office Main Office "Are you still there?"
Router Router
On-Demand Call
Query Response:
"Yes, I am still here."
Workstation
Main Office
Accounting Server
When watchdog spoofing is enabled on an on-demand call, watchdog packets,

going from a server to a client, cause the router to reply that the workstation
is active without initiating the call. If watchdog spoofing is disabled, an on-
demand call is initiated for each watchdog packet that crosses the connection.
Header Compression
NOTE: NCP header compression is not used for NCP packets using the Packet
BurstTM protocol. Because IPX headers are the standard, IPX header compression
is used.
Header compression increases the throughput of IPX and NCP packets over
low-speed serial lines (except for NCP packets using the Packet Burst
protocol). An IPX packet header is 30 bytes and is typically followed by an
upper-layer protocol header, such as an SPX header. Header compression
reduces the size of this combined packet header to just a few bytes.
Header compression is negotiated by the IPXWAN protocol when a call is
established over any WAN connection type. Header compression is not used
on the connection if IPXWAN detects that one of the routers does not support
it. The routers at each end of the connection must have header compression
enabled and must allocate the same number of compression slots.
For more information about header compression, refer to
“Compression Slots” on page 32
“Compression Packet Types” on page 33
Understanding 31

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Compression Slots
When you enable header compression, you can also specify the number of
compression slots. A compression slot is a location in router memory that
stores packet header information. The compression algorithm uses this
information to compress outgoing—and decompress incoming—packet
headers.
IMPORTANT: You must allocate the same number of compression slots on each
router. If the values are different, the IPXWAN protocol chooses the lesser of the
two.
If too few compression slots are allocated for the number of different-style
packets crossing the connection, the values in the following IPXCON counters
become large:
Initialization Packets Sent
Initialization Packets Received
Uncompressed Packets Sent
Uncompressed Packets Received
The compression algorithm is running efficiently if the number of compressed
packets sent is significantly higher than the values in these counters.
A router sends an uncompressed packet when it is considered beneficial not to
reuse a compression slot.
Allocating too many compression slots has its own consequences. More
memory is required to store all the headers, and the compression algorithm
must scan through more stored headers to find a match for each transmitted
packet. This results in a higher processing load and slower performance.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Compression Packet Types

Five packet types are used to exchange compression-state information about
packets sent over a connection on which header compression is enabled. Three
of these packet types—slot initialization, reject, and acknowledgment
packets—manage the flow of compressed and uncompressed packets over the
connection; these are the compression protocol packets. The packet type,
along with other information, is indicated in the first byte of a compressed
packet. Compression packet types are defined as follows:
Uncompressed packet —A standard, uncompressed IPX or NCP packet.
A router sends an uncompressed packet when the packet cannot be
compressed or a decision was made not to compress it. When the remote
router receives an uncompressed packet, it simply removes the 1-byte
compression header and passes the packet to IPX.
IPXCON tracks uncompressed packets exchanged on a connection in the
Uncompressed Packets Sent and Uncompressed Packets Received
counters.
Compressed packet —A compressed IPX or NCP packet. Compressed
packets do not contain the standard packet header. Instead, they contain
the number of a compression slot on the receiving router. This slot
contains the information necessary for the compression algorithm to
decompress the packet header before passing the packet to IPX.
IPXCON tracks compressed packets in the Packets Sent and Packets
Received counters.
Slot initialization packet —A compression protocol packet that a router
sends to prepare a compression slot on the receiving router for use.
Initialization packets can prepare new slots or previously used slots for
reuse. The routing software uses two different initialization packets: one
for IPX packets and one for NCP packets.
IPXCON tracks initialization packets in the Initialization Packets Sent
and Initialization Packets Received counters.
Reject packet — A compression protocol packet that a router sends when
it receives another compression protocol packet that it does not
understand.
IPXCON tracks reject packets in the Reject Packets Sent and Reject
Packets Received counters.
Understanding 33

103-000176-001
August 29, 2001
Novell Confidential
Acknowledgment packet — A compression protocol packet that

acknowledges receipt of an IPX slot initialization packet. The
transmitting node continues to send slot initialization packets until it
receives an acknowledgment packet. After receiving the
acknowledgment packet, the transmitting node begins to send
compressed packets.
IPXCON does not track acknowledgment packets.
IPX Route Aggregation

IPX Route Aggregation enables you to introduce routes learned through RIP
into an NLSP backbone in a summarized form. Route aggregation compactly
describes many IPX network numbers simultaneously by using an address and
mask pair. For example, all addresses from C9000000 to C9FFFFFF can be
represented using the address C9000000 and the mask FF000000.
FigureFigure 5 on page 34 shows a typical topology for using route
aggregation, a backbone network with several RIP areas attached. In
FigureFigure 5 on page 34, the information within the backbone is minimized
by having routers R1, R4, R8, and R9 report address summaries for the
attached areas. In this scenario, the default route is the only information about
reachable external addresses that must be transmitted within an attached area.
Therefore, information within the attached areas is minimized.
Figure 5 Aggregated Routes Topology
R10 RIP
R9
R3 R4 R7
RIP
NLSP Backbone R8
R1
R2
RIP

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
For more information about IPX route aggregation, refer to

“Introducing Aggregated Routes into NLSP” on page 35
“Consistent Use of Routers that Support Route Aggregation” on page 36
“Interaction with SAP” on page 36
“Metrics Used with Aggregated Routes” on page 36
Introducing Aggregated Routes into NLSP

Aggregated routes are introduced into NLSP in the same way that external RIP
routes are introduced. There are two methods of introducing aggregated routes
into NLSP:
Aggregated routes are introduced through static configurations. If an
aggregated route is configured for a static routing link, the configured
aggregated route is reported into the NLSP area as soon as IPXRTR binds
to the interface.
Aggregated routes are learned from RIP. An address summary can be
configured for a link, but unless at least one address matches the address
summary, as learned through RIP, the summary is not reported.
For example, if a router is configured with address summaries 572* and 5729*
on a link running RIP and learns from that link that the destination 57285489
is reachable and that no other matching destinations are learned, then the
router reports the aggregated route 572* to the NLSP area. The asterisk
represents a wildcard character. If the router learns that destination 57298381
is reachable, then only 5729* is reported to the NLSP area. If both 57298381
and 57212376 are reachable, then the router reports both 572* and 5729* to
the NLSP area.
Routers always report aggregated routes with the longest match. For example,
if a router is configured with address summaries C9* and C91* and learns that
the destination C9123456 is reachable, then the router reports only the
aggregated route C91*.
Understanding 35

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Consistent Use of Routers that Support Route

Aggregation
Route aggregation into an NLSP area is possible only if all routers in that area
support address summaries. Routers that do not support route aggregation do
not recognize destination addresses for aggregated routes; they forward
packets to the default route or drop packets if no default route is configured.
Because routers that support route aggregation route packets differently from
routers that do not support route aggregation, routing loops can occur.
Therefore, if a router that supports route aggregation detects that the next-hop
router on the path to an aggregated destination is a router that does not support
route aggregation, it will drop the packet.
Interaction with SAP

Without route aggregation, if a service is announced with an address that is not
explicitly reachable, RIP assumes the service is unreachable. When NLSP and
RIP are used with route aggregation, SAP is accepted, provided a packet can
be forwarded to the corresponding network number. A packet can be
forwarded when there is a default route and address summary or when there is
an explicit advertisement of that network number.
This feature is disabled by default. It can be enabled by entering the following
command after IPXRTR.NLM has been loaded:
SET REQUIRED NETWORK FOR SERVICES=ON
Metrics Used with Aggregated Routes

If a router is configured to introduce an address summary into an NLSP area,
it does so, with the number of ticks equal to 1 (as the default), an area count
equal to 6 (as the default), and the ability to configure both parameters with a
different value. The area count is the number of areas through which the route
information is allowed to propagate. As the route information is passed
through each of these areas, the area count is decremented by one. This
enables the initial sending router to control the spread of information through
all NLSP areas that are connected to each other.
Address summaries are not exported from an NLSP area into a RIP cloud
because the capability to express a summarized route within RIP does not
exist. In addition, updating RIP with this capability is not cost-effective
because the default route is sufficient for RIP.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IPX Address Mapping Gateway

Using the IPX Address Mapping Gateway (IAMG) offers the following three
advantages:
Your hosts can connect to a backbone network even when your local
network numbers are not compatible with the backbone addressing
scheme.
If the routing protocol in the backbone does not support route aggregation
(such as earlier implementations of NLSP), the routing protocol probably
cannot manage the number of network addresses from every customer.
Even if the routing protocol could handle route aggregation, network
numbers might be assigned in a way that does not lend itself to
aggregation. IAMG enables the summarization of routes in a manner
transparent to the routing protocol by mapping many network numbers to
a single number outside the local network. This capability greatly reduces
the number of networks that must be advertised throughout the global
internetwork.
The security of the local intranet is enhanced because local networks are
not advertised throughout the global internetwork.
In Figure 6 on page 38, any packets generated from the client on the customer
network for the backbone have their source IPX network number converted to
the 01014000 gateway address. In addition to mapping a client network
address to an address compatible with the backbone, IAMG converts the IPX
node address to a unique value based on characteristics of the original node
number. Services on the customer network, such as file servers with Novell®
Directory Services® (NDS®) that advertise their network addresses through
SAP and that must be visible in the backbone, are not translated. To be visible
in the backbone network, the services must use a registered backbone address.
All registered source addresses are left untranslated.
Understanding 37

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Figure 6 IAMG Implementation
Gateway Address
01014000
Backbone
Service
Customer Backbone Network
Network
IPX Address
Mapping Gateway
Backbone
00001234 Services
NetWare
NetWare
Workstation
File Server
The IAMG allows multiple gateways to be connected between the customer

network and backbone network in parallel. All such gateways on a customer's
network share a single gateway address. If a gateway receives a packet from
the backbone network with an unknown mapping on the gateway network, the
packet is forwarded to all other IAMGs advertising the same gateway address.
If necessary, the packet is split into multiple segments using the IPX
fragmentation module so that the packet can be forwarded with a new header
attached.
If not all gateways support the IPX fragmentation specification, the IAMG is
designed to allow the gateways to run in parallel. In this automatic mode of
operation, some packets might be lost during the learn cycle. When the
gateway that created the mapping receives the forwarded data packets from
the backbone, an update reporting the mapping is returned to the gateway that
initially received the packet. Because more packets probably will follow, the
gateway learns the new mapping.
The IAMG discards any packet destined for the gateway that has the broadcast
node address so that outside clients cannot cause an excessive number of
broadcasts within a network. NetBIOS broadcasts (packet type 20) cannot be
used on a network attached to an interface that has the IAMG enabled.
Broadcasts to networks other than the gateway address are allowed.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
When the IAMG is configured, care must be taken to avoid address conflicts.
We recommend using the following configuration guidelines:
Conflicts might occur when token ring and Ethernet interfaces are used
on the same network. For instance, when the NetWare Mobile IPXTM
software and NetWare remote access software assign node addresses,
they set the IEEE Local bit and clear the IEEE Multicast bit. Because
token ring networks use a different bit order (canonical instead of
noncanonical) within the node address, incorrect interpretations can be
made, and locally assigned addresses might conflict with IEEE token ring
addresses. It is also possible for IEEE Ethernet node addresses to conflict
with IEEE token ring addresses, even though the IEEE assigned
addresses are different. You can avoid conflicts by taking the following
precautions:
Use command line switches to load the LAN drivers on the
conflicting segments with the opposite canonical order for the MAC
addresses.
Use a different LAN card.
Because detected conflicts are echoed to the system console, resolve
conflicts by manually reconfiguring the address of the offending
workstation.
If a router supporting IPX WAN client dial-in connections is configured
to use node addresses that use the upper 34 bits of the node address, node
address conflicts can occur. To avoid conflicts, the IPX WAN client router
must have a registered network address for the WAN clients that is not
translated, or it must use a low node address (less than 14 bits) on that
network.
Understanding 39

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
2 Planning
This section explains what decisions must be made before you can configure
IPXTM beyond its most basic configuration.
IPX Configuration Decisions

How you configure IPX beyond its most basic configuration depends on the
following decisions:
Whether to turn off IPX packet forwarding or to use the system as an
IPX router
The routing software enables you to turn off IPX packet forwarding on a
NetWare® file server. This is useful when you have more than one
NetWare system connecting two or more LANs and you want to free one
of the systems from the task of forwarding—that is, routing —IPX
packets between the LANs.
To turn off IPX packet forwarding, refer to “Turning Off IPX Packet
Forwarding” on page 51.
If you have WAN connections, whether to configure any of the
following:
Static routes and services
Watchdog packet spoofing
Routed or static on-demand calls
IPX and NetWare Core ProtocolTM (NCPTM) header compression
How you configure a WAN connection for IPX depends on how you want
to use the connection and whether you use IPX with PPP, X.25, frame
relay, or asynchronous transfer mode (ATM).
Planning 41

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
NOTE: Before you can configure IPX to run over a WAN connection, you must
configure the WAN board, a network interface, and at least one WAN call
destination.
To configure static routes and services for a permanent or on-demand call,

refer to “Configuring Static Routes and Services” on page 53.
To configure watchdog packet spoofing, refer to “Configuring Watchdog
Spoofing” on page 65.
To configure routed or static on-demand calls, refer to “Configuring
Routed or Static On-Demand Calls” on page 67.
To configure header compression, refer to “Configuring IPX and NCP
Header Compression” on page 69.
Whether to use NLSP, RIP/SAP, or both
NetWare Link Services ProtocolTM (NLSPTM ) software is the Novell link
state routing protocol for IPX internetworks; Routing Information
Protocol (RIP) and Service Advertising Protocol (SAP) are the traditional
NetWare routing and service advertising protocols.
To configure NLSP on your router, refer to “Configuring NLSP” on page
72.
To configure RIP and SAP on your router, refer to “Configuring RIP and
SAP” on page 77.
Whether to configure file server proxying on a dedicated router
File server proxying is useful when you have a dedicated router—a PC
running Novell Internet Access Server 4.1 over a two-user version of
NetWare 4.11—and several NetWare workstations operating on the same
network. Proxying enables the dedicated router to reply to workstations'
Get Nearest Server requests with the name of a NetWare file server
instead of its own. This enables the server, which has multiple connection
slots, to handle simultaneous NCP connection requests from the
workstations.
To configure file server proxying, refer to “Proxying a NetWare File

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Whether to use the IPX Address Mapping Gateway

The IPX Address Mapping Gateway provides the following advantages:
You can connect to a backbone network even when your local
network numbers are not compatible with the backbone addressing
scheme.
If the routing protocol in the backbone does not support route
aggregation, like most implementations of NLSP, the routing
protocol probably cannot manage the number of network addresses
from every user. Even if the routing protocol could handle route
aggregation, network numbers might be assigned in a way that does
not lend itself to aggregation. The IPX Address Mapping Gateway
enables the summarization of routes in a manner transparent to the
routing protocol by mapping many network numbers to a single
number outside the local network.
To use the IPX Address Mapping Gateway, refer to “Configuring the IPX
Address Mapping Gateway” on page 86.
Whether to use IPX Route Aggregation
IPX Route Aggregation allows your router to compactly report many IPX
networks to a connecting backbone network. IPX Route Aggregation is
most useful when several RIP networks are attached to an NLSP
backbone network. Information in the backbone network is minimized by
having the routers that connect to RIP networks report address summaries
for these networks.
To use IPX Route Aggregation, refer to “Configuring IPX Route
Aggregation” on page 88.
Whether to change how your router propagates type 20 packets
Type 20 is an IPX packet type that refers to any propagated packet.
NetBIOS packets, for example, are type 20 packets. If your router
processes a large number of type 20 packets, you can control how it
propagates these packets through its interfaces. This can reduce the
amount of traffic on a LAN.
To change how your router propagates type 20 packets, refer to
“Controlling the Propagation of Type 20 Packets” on page 89.
Planning 43

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Whether to change the hop count limit of outbound IPX packets

This enables you to control the range of outbound IPX packets on your
router.
To control the range of IPX packets, refer to “Changing the Hop Count
Limit for IPX Packets” on page 90.
Whether to balance traffic loads over equal-cost routes
If your router has two or more network interfaces that can reach the same
destination, it can distribute outbound traffic among those interfaces for
an effective increase in throughput. This is called load balancing .
To configure load balancing over equal-cost routes, refer to “Balancing
Traffic Loads over Equal-Cost Routes” on page 92.
Whether to configure SPX connection parameters
Some NetWare applications have specific requirements for Sequenced
Packet ExchangeTM (SPXTM) connection timeouts, retry counts, and so
on. If any of these applications are used on your network, you might need
to configure certain SPX parameters to enable these applications to run
properly.
To configure any of these parameters, refer to “Configuring SPX
Connection Parameters” on page 94.
Whether to change the delay and throughput values on your router
This section explains how to set the delay and throughput values on a
router to avoid connection timeouts over a slow link. This is often
necessary for routers on LANs or bridged network segments that are
separated by slow links.
To change the delay and throughput values, refer to “Setting Delay and
Throughput for a Slow Link” on page 95.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
NetWare Mobile IPX Configuration Decisions

Each of the following is key to the success of NetWare Mobile IPXTM
configuration:
Mobile Client Driver Selection
Planning for Efficient Use of Your Mobile Client
Deciding Where to Locate a Home Router
Mobile Client Driver Selection

When selecting your driver for the mobile client, verify with the vendor that
the driver is written specifically with mobile operations in mind and that it
supports the following:
PCMCIA card in/card out capability
In-range and out-of-range capability
The NetWare Event Service Layer (NESL)
Planning for Efficient Use of Your Mobile Client

Planning ahead and knowing the appropriate ways to use NetWare Mobile
IPX will help you to use your mobile client efficiently. We recommend that
you do the following:
Disable background products such as E-mail that poll the network.
Use only data from the network. Keep your executable files on the mobile
client.
Complete operations such as saving files before removing the PCMCIA
card.
Deciding Where to Locate a Home Router

This section helps you choose the best location on your network to configure
the Home Router software. It also explains why more than one Home Router
can provide more efficient network operation in certain environments.
A Home Router forwards every packet destined for the mobile clients it
serves. If the Home Router is located far from both the file server and the
mobile client, and if the mobile client is close to the file server, a packet
Planning 45

103-000176-001
August 29, 2001
Novell Confidential
destined for the mobile client travels more hops than necessary before arriving
at the destination, as shown in Figure 7.
Figure 7 Inferior Home Router Placement
Home
Router
LAN 3
Server
Router
LAN 2
Access
Point
LAN 1
Router
Request
Mobile Client
Response
Mobile client request to server
Server response to mobile client through Home Router
Redirected server response to mobile client

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The request from the mobile client takes the shortest route to the server. The
response from the server is first forwarded to the Home Router, because the
destination address is the internal network configured for the server on which
the Home Router resides. The router then patches the response with the mobile
client's actual address and forwards the packet to the mobile client. In this
topology, the response takes an inferior path to the mobile client because of
the extra hops taken.
In general, you should install the Home Router in the middle of the network
so that most clients are only a few hops away, as shown in Figure 8. The Home
Router should be located somewhere on the path between the file server and
the mobile clients.
Figure 8 Better Home Router Positioning
LAN 3
Server 2 Router
Server 1
LAN 2
Access
Point
LAN 1
Home
Router
Mobile Client
Planning 47

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The best place to install the NetWare Mobile IPX Home Router software is on
the file server that the mobile clients use most, as shown in Figure 9. In this
way, when mobile clients access the file server, the responses from the file
server are patched with the mobile client's actual location before they ever
leave the server. Therefore, the responses do not travel an extra hop before
reaching the client.
Figure 9 Best Home Router Positioning
LAN 3
Server 2
Server 3 Router
LAN 2
Access
Point
LAN 1
Home
Router
on
Server 1
HINT: We recommend having a Home Router in each operating area. For

example, in a large corporation, you should have a Home Router in marketing,
finance, manufacturing, and so on. This enables mobile client users to connect to
a preferred Home Router.
If the server and mobile clients are located on one side of a WAN link and the
Home Router is on the other side of the link, costly WAN bandwidth is used
unnecessarily. If both networks on each side of a WAN link require NetWare
Mobile IPX, you should have two Home Routers—one on each side of the
WAN link. Mobile clients use the closest Home Router, as shown in Figure 10.

103-000176-001
August 29, 2001
Novell Confidential
Figure 10 Home Router Positioning over WAN Links
Server 1 Server 3
Home Mobile Client 2

Router 1
Router
Access Access
Point WAN Link Point
Router Router
Home
Router 2
Mobile Client 1
Server 2
IMPORTANT: When a mobile client is transferred between the two sites over the
WAN and not restarted, the client still uses the original Home Router for
communications—crossing the WAN if necessary—until the mobile client is
restarted.
Planning 49

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
3 Setting Up
Novell® Internet Access Server 4.1 routing software provides a set of

configurable parameters with which you can modify operational
characteristics of the Internetwork Packet ExchangeTM (IPXTM) network
protocol. You configure all IPX parameters from the Novell Internet Access
Server Configuration utility (NIASCFG).
Turning Off IPX Packet Forwarding

As a typical part of its operation, a NetWare file server forwards (routes) IPX
packets between its network interfaces. By disabling the Packet Forwarding
parameter, you turn off IPX packet forwarding on a NetWare file server. This
is useful when you have more than one NetWare system on a network and you
want to make more computing resources available for file and print services.
A server with IPX packet forwarding disabled still operates as a file server, but
broadcasts only its own services and internal network number—not those
associated with its network interfaces. A server operating in this way is
sometimes called a multihomed server. Although a multihomed server does
not reply to routing requests from NetWare workstations, it still accepts
incoming RIP and SAP broadcasts to maintain its bindery.
Figure 11 on page 52 shows how the tasks of routing and file service can be
divided between a NetWare file server and a dedicated router on the same
network. Typically, the task of routing IPX traffic between the two
internetworks is shared by the router and the file server. When you disable
IPX packet forwarding on the file server, the dedicated router assumes the task
of routing all IPX traffic. The file server, now free from the tasks of routing
IPX packets and answering route requests, can devote its full processing
resources to file service.
Setting Up 51

103-000176-001
August 29, 2001
Novell Confidential
Figure 11 Turning Off IPX Packet Forwarding on a NetWare File Server
NetWare
Router
IPX IPX
Internetwork Internetwork
Routed Traffic
IPX
Internetwork
NetWare
Workstation
NetWare NetWare
Workstation File Services Workstation
NetWare
File Server
Packet Forwarding = Disabled
You should turn off IPX packet forwarding if you do not want the server to
forward IPX packets between its interfaces.
For more information about IPX routing and related topics, refer to Chapter 1,
“Understanding,” on page 11. For more information about NetWare file and
print services, refer to your NetWare documentation.
How to Turn Off IPX Packet Forwarding

Before you begin, you must have at least two NetWare servers, or one
NetWare server and a dedicated router on the same IPX network.
To turn off IPX packet forwarding, complete the following steps:
1 Load NIASCFG, then select the following parameter path:
Select Configure NIAS > Protocols and Routing > Protocols > IPX
2 The Packet Forwarding parameter is already highlighted; select it, then
select Disabled .

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
3 Press Esc and save your change.

5 If you want this change to take effect immediately, select Reinitialize
System .
If you want to configure other parameters, do so now, then reinitialize the
system when you are finished.
Configuring Static Routes and Services

A static route is a RIP route that is added to a router's Routing Information
Table by a network administrator rather than by the active routing protocol—
in this case, RIP—operating over a network link. With Novell Internet Access
Server 4.1, you can configure static routes and services for both permanent
and on-demand calls.
A permanent call is a connection that remains active between the local router
and the remote router identified by the call destination. An on-demand call is
a point-to-point connection between two routers that becomes active only
when one router must send user data to the router at the other end. On-demand
calls are well-suited for connections that use expensive telecommunications
carriers and for slow links over which it is undesirable to send routing and
service traffic. For more information about permanent and on-demand calls,
refer to “Call Types” on page 25.
You can configure static routes and services with the following utilities:
NIASCFG —With NIASCFG, you must configure all routes and
services manually. To activate the configuration on both routers, you
select Reinitialize System from the Internetworking Configuration menu.
Use NIASCFG to set up WAN call destinations at each end of the
connection and configure static routes and services.
STATICON —The static route and service configuration utility for IPX.
STATICON uses the Simple Network Management Protocol (SNMP) to
discover which routes and services are available through a remote router
and adds them to the static routing table on a local router.
Before configuring static routes and services with STATICON, you must
use NIASCFG to set up the WAN call destinations and activate the
configuration by selecting Reinitialize System . You then load
STATICON and configure the static routes and services on the routers.
STATICON configures all routes and services on each router
Setting Up 53

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
automatically and allows you to try the static configuration before saving
it to disk. The STATICON configuration becomes active immediately;
you do not need to reinitialize or restart the router.
For more information about static routes and services and related topics, refer
to “Static Routes and Services” on page 28.
“Configuring Static Routes and Services with NIASCFG” on page 54
“Configuring Static Routes and Services with STATICON” on page 56
Configuring Static Routes and Services with NIASCFG

NOTE: If you plan to configure static routing information, we recommend using
STATICON to avoid potential routing loops.
Before you configure static routes and services with NIASCFG, determine the
addresses of the networks or hosts that you want to access. Then set up a WAN
call destination, on each router, to the router at the other end of the
connection.
WARNING: When setting up a call destination, be sure you set the Remote
System ID parameter to the server name of the system initiating the inbound call.
The local system checks each inbound call against the remote system ID.
Configuring Static Routes
To configure static routes with NIASCFG, complete the following steps:

Select Configure NIAS > Protocols and Routing > Bindings > a WAN
interface > WAN Call Destinations.
2 Select a WAN call destination from the list, or press Ins to choose from
a list of available call destinations.
3 Select Static Routes.
A new screen displays any configured static routes.
4 Press Ins , then enter the following information:
Network Number —Network number that must be accessed for this
on-demand call.
Hops to Network —Number of routers crossed to reach the specified
network number. If the network number is in the internal network of
the remote router, specify 1.

103-000176-001
August 29, 2001
Novell Confidential
Ticks to Network —Number of ticks used to allow a packet to reach

the destination network. Add one tick to this value for each LAN
hop.
5 Press Esc and save your changes.
System .
Configuring Static Services

HINT: If you plan to configure any uncommon services, we recommend using
STATICON to avoid errors.
To configure static services with NIASCFG, complete the following steps:

interface > WAN Call Destinations.
2 Select a WAN call destination from the list, or press Ins to choose from
a list of available call destinations.
3 Select Static Services .
A new screen displays any configured static services.
4 Press Ins, then enter the following information:
Service Name —Name of the service to be accessed through the on-
demand call. This name, which is typically the server name, is added
to the local service and routing tables.
NOTE: If you need to obtain service name information, use the IPXCON
utility at the remote router. If you use STATICON to configure static services,
this information is obtained automatically.
Service Type —SAP service type for this service, expressed as a

hexadecimal number. This is typically the file server type (0004).
Press Ins to display a list of service types.
Service Address Network —IPX network number of the service. If
you are specifying a file service or a service on a server or router,
enter the internal network number of that server or router.
Setting Up 55

103-000176-001
August 29, 2001
Novell Confidential
Service Address Node —Node address where the service resides. If

you are specifying a file service or a service on a server or router,
enter 1 . If you are specifying a NetWare 2 file server, specify the
NIC address of LAN board A.
Service Address Socket —Socket number on which this service
listens for service requests. If you are specifying a file service, enter
0x0451 .
NOTE: If you need to obtain service address socket information, use the
IPXCON utility at the remote router. If you use STATICON to configure static
services, this information is obtained automatically.
Hops to Service —Number of routes crossed to reach the service.

Ticks to Service —Number of ticks needed for a packet to reach the
destination network. Add one tick to this value for each LAN hop.
System .
Configuring Static Routes and Services with STATICON

STATICON provides a fast and error-free way to configure static routes and
services on routers at each end of a point-to-point WAN connection. However,
before loading STATICON, you must use NIASCFG to complete the
following preparatory tasks on each router:
Set up a WAN call destination to the router at the other end of the
connection.
Select Reinitialize System to activate the NIASCFG configuration.
IMPORTANT: For STATICON to operate, the router at the other end of the
connection must either be running Novell Internet Access Server 4.1 or be a third-
party router that supports IPX SNMP and the IPX Management Information Base
(MIB) variables.
When you load STATICON, the Select Configuration Method menu appears.
Table 3 on page 57 describes each menu option.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Table 3 Select Configuration Method Menu Options
Menu Option Description
Dynamically Configure Static Opens an on-demand call to the remote router and allows you to edit
Routing Tables the local and remote configurations using dynamically obtained
selection lists.
Configure Services from Opens an on-demand call to obtain a list of services available from
Gatekeepers a gatekeeper and allows you to select the services you want. The
gatekeeper is normally on the other side of a WAN link.
Configure Local Static Services Lets you configure static services manually on the local router. This
configuration is nearly identical to the one presented in “Configuring
Static Services” on page 55.
Configure Local Static Routes Lets you configure static routes manually on the local router. This
configuration is nearly identical to the one presented in “Configuring
Static Routes” on page 54.
Write Static Routing Tables to Sends IPX SNMP requests to the local router to put the routing table
Permanent Storage information into permanent storage. The router is polled to ensure
that the information is updated.
Restore Static Routing Tables Sends IPX SNMP requests to the local router to restore routing table
from Permanent Storage information from permanent storage. The router is polled to ensure
that the information is updated.
The most efficient way to configure static routes and services is to select the
Dynamically Configure Static Routing Tables option. This enables you to
select from the following options:
Autoconfigure Local and Remote Routing Tables —Exchanges all
routing and service table information automatically with the remote
router. Select this option if you want an on-demand call to obtain full
routing and service information in the static routing tables. A status
screen shows the progress of the exchange. This exchange might take
significant time to complete if you are working over a slow link or on a
large network.
Configure Local Routing Tables —Selectively configures routing and
service tables for the local router from information learned from the
remote router through IPX SNMP requests.
Configure Remote Routing Tables —Selectively configures the routing
and service tables for the remote router from information learned from the
local router through IPX SNMP requests.
Setting Up 57

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Write Connection Routing Tables to Permanent Storage —Sends IPX

SNMP requests to the local and remote routers to save the current local
and remote routing tables for this connection to permanent storage. Each
router is polled to make sure the operation is completed.
Restore Connection Routing Tables from Permanent Storage —Sends
IPX SNMP requests to the local and remote routers to restore the local
and remote static routing tables for this connection from permanent
storage. Each router is polled to make sure the operation is completed.
For more information about configuring static routes and services
dynamically, refer to “Selectively Configuring Static Routes and Services” on
page 59 and “Automatically Configuring Static Routes and Services” on page
62.
Checking Write Access on the Remote Router
For STATICON to configure a remote router's routing and service tables, it

must support IPX SNMP and the IPX MIB variables and have SNMP-write
access to the router. If the remote router is running Novell Internet Access
Server 4.1, specifying a Control Community from NIASCFG enables write
access.
To check write access, complete the following steps:
1 Load NIASCFG on the remote router, then select the following parameter
path:
Select Configure NIAS > Protocols and Routing > Manage
Configuration > Configure SNMP Parameters
The Control State field should read Any Community May Write or
Specified Community May Write . If it reads Specified Community May
Write , note the name in the Control Community field. Use this name
when you must provide the name of the SNMP control community in Step
8 on page 59 of Selectively Configuring Static Routes and Services and
Step 8 on page 63 of Automatically Configuring Static Routes and
Services.
3 Exit NIASCFG.

103-000176-001
August 29, 2001
Novell Confidential
Selectively Configuring Static Routes and Services
Through selective configuration, you can choose specific routes and services
you want to add to a routing table. This feature lets you select from an existing
routing table the routes and services that your router does not have in its table.
You can copy routes to a remote router from a local router, or copy routes to a
local router from a remote router.
To selectively configure static routes and services, complete the following
steps:
1 Load STATICON.
2 Select Dynamically Configure Static Routing Tables .
STATICON displays the on-demand calls of which IPX is currently
aware. It also shows the connection state of each call.
NOTE: The Auto Static Route listed in the display is the nonconfigured static route
to the internal network on the other side of the WAN link. This automatic static route
ensures a route across the link in case normal RIP filtering might prevent such a
route. It must not be deleted.
3 Use the arrow keys on your keyboard to select the WAN call destination
associated with the remote router.
4 If the Status field associated with the call reads Not Connected , press Ins
to connect the call.
5 Wait for the Status field to change to Connected .
This can take several seconds if you are using a dial-up line.
6 Press Enter .
To configure the routing table for the local router, select Configure
Local Routing Tables.
To configure the routing table for the remote router, select Configure
Remote Routing Tables.
8 Enter the SNMP Control Community name associated with the remote
router, or press Enter to accept the default Control Community named
public .
The remote router must have write access enabled. If you need to check
write access, refer to “Checking Write Access on the Remote Router” on
page 58.
Setting Up 59

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
9 If you selected Configure Local Routing Tables , complete the following

steps; otherwise, continue with Step 10 on page 60.
A progress screen appears while the local system reads the currently
configured routes and services.
After the Locally Configured Routes screen appears, you can remove
items from the routing table by highlighting or marking the entries and
pressing Del .
9a Press Ins to add static routes or services to the local routing table.
A progress screen appears while the local system gathers information
from the remote router.
The Selectable Routes and Services screen appears. The routes and
services listed here are from the remote router's table. The list shows
only the routes and services that are not already present in the local
router's table.
9b Mark the routes or services you want to add to the local routing table.
Use the following keys to mark your selections:
F5 —Marks the current entry.
Tab —Marks all entries that have the same network number as
the currently highlighted entry.
F6 —Lets you use wildcard characters (* and ?) to select entries.
If you use F6 , the Select Wild Card Marking Option screen
appears. You can select Match Service Names or Match
Network Numbers . After you make a selection, the Enter
Pattern for Matching screen appears, enabling you to enter the
name or number pattern and wildcard.
9c Press Enter .
The Select Currently Marked Routes and/or Services? screen
appears.
9d Select Yes. Proceed to Step 11 on page 61.
10 If you selected Configure Remote Routing Tables , complete the
following steps:
A progress screen appears while the local system gathers information
from the remote router.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
After the Remote Router's Configured Routes and Services screen

appears, you can remove items from the routing table by highlighting or
marking the entries and pressing Del .
10a Press Ins to add static routes or services to the remote routing table.
A progress screen appears while the local system reads the currently
configured routes and services.
The Selectable Routes and Services screen appears. The routes and
services listed here are from the local router's table. They show only
the routes and services that are not already present on the remote
router's table.
10b Mark the routes or services you want to add to the remote routing
table.
Use the following keys to mark your selections:
F5 —Marks the current entry.
Tab —Marks all entries that have the same network number as
the currently highlighted entry.
F6 —Lets you use wildcard characters (* and ?) to select entries.
If you use F6 , the Select Wild Card Marking Option screen
appears. You can select Match Service Names or Match
Network Numbers . After you make a selection, the Enter
Pattern for Matching screen appears, enabling you to enter the
name or number pattern and wildcard.
10c Press Enter .
The Select Currently Marked Routes and/or Services? screen
appears.
10d Select Yes .
11 Press Esc twice.
STATICON allows you to choose whether to save the static configuration
to disk now or test the configuration first by trying to establish a
connection.
If you want to save the configuration to disk now, continue with Step
12 on page 62.
If you want to test the configuration before saving it to disk, select Do
Not Save the Routing Tables to Permanent Storage.
Setting Up 61

103-000176-001
August 29, 2001
Novell Confidential
In this case, the configuration remains in router memory.

If you decide later to save the configuration to disk, return to the Select
Configuration Option For This Call screen and select Write Connection
Routing Tables to Permanent Storage .
The configuration is saved to disk if you did not do any of the following
while testing the configuration:
Restart the router
Delete the WAN call destination from NIASCFG
Unload IPXRTR
12 Select Save the Routing Tables to Permanent Storage .
NOTE: Changes you make from STATICON take effect immediately; you do not
need to reinitialize or restart either router after completing the configuration.
The following message appears after the configuration is saved to disk:

Writing static routing tables for this call to permanent
storage completed successfully in router <router_name
>.
<Press ENTER to continue>
13 Press Enter , then press Esc until you return to the Select Configuration
Method menu.
14 Exit STATICON.
Automatically Configuring Static Routes and Services
Configuring static routes and services automatically lets you copy all the
missing routes from your local router to a remote router and from the remote
router to your local router at the same time.
To automatically configure static routes and services, complete the following
steps:
1 Load STATICON.
2 Select Dynamically Configure Static Routing Tables .
STATICON displays the on-demand calls of which IPX is currently
aware. It also shows the connection state of each call.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
6 Press Enter .
7 Select Autoconfigure Local and Remote Routing Tables .
8 Enter the SNMP Control Community name associated with the remote
router, or press Enter to accept the default Control Community public .
The remote router must have write access enabled. If you need to check
write access, refer to “Checking Write Access on the Remote Router.”
A progress screen appears as STATICON exchanges routes and services
with the remote router. This might take several minutes if you are working
over a large network or slow link.
The following message appears when the exchange is complete:
Autoconfiguration of Routing Tables between local and
remote Routers completed successfully.
9 Press Enter .
STATICON allows you to choose whether to save the static configuration
to disk now or try the configuration first.
If you want to save the configuration to disk now, continue with Step
10 on page 64 .
If you want to try the configuration before saving it to disk, select Do
Not Save the Routing Tables to Permanent Storage.
In this case, the configuration remains in router memory.
If you decide later to save the configuration to disk, return to the Select
Configuration Option For This Call screen and select Write Connection
Routing Tables to Permanent Storage .
You can do this as long as you do not do any of the following while trying
out the configuration:
Restart the router
Delete the WAN call destination from NIASCFG
Unload IPXRTR
Setting Up 63

103-000176-001
August 29, 2001
Novell Confidential
10 Select Save the Routing Tables to Permanent Storage .

NOTE: Changes you make from STATICON take effect immediately; you do not
need to reinitialize or restart either router after completing the configuration.
The following message appears after the configuration is saved to disk:

Writing static routing tables for this call to permanent
storage completed successfully.
11 Press Esc until you return to the Select Configuration Method menu.
12 Exit STATICON.
Configuring Services for a Gatekeeper
A gatekeeper is a special file server that is located in the hub of an

internetwork and is able to see all public services from all connected sites. A
gatekeeper stores routing and services information in its bindery, Novell's
equivalent of a telephone book. Using STATICON, you can obtain a list of
services available from a gatekeeper and select the required services for
advertisement by your local router. For more information about gatekeepers
and binderies, refer to “Static Routes and Services” on page 28.
To configure services for a gatekeeper, complete the following steps:
1 Load STATICON.
2 Select Configure Services for Gatekeepers .
STATICON displays the IPX Calls screen, a list of on-demand calls of
which IPX is currently aware. It also shows the connection state of each
call.
6 Press Enter .
The Select Configuration Option For This Call screen displays.
7 Select Configure Local Routes and Services .
The Configured Services screen displays.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
8 Press Ins to display a list of gatekeepers.

9 Use the arrow keys to select a gatekeeper, then press Enter .
STATICON displays messages that it is attaching to the selected
gatekeeper and that it is scanning the gatekeeper for services. Service
names are displayed as STATICON discovers them. When the scanning
is completed, a list is displayed of all the services available from the
gatekeeper.
10 Select all the services you want by using the arrow keys to highlight each
desired service, then pressing F5 .
11 Press Enter to confirm your selection of all the marked services.
12 Optionally, press Esc to return to the IPX Calls screen and then repeat
Step 3 on page 64 through Step 11 for another WAN call.
13 Save the information as follows:
If you have collected gatekeeper information for a single WAN call,
press Esc to return to the Select Configuration Option For This Call
screen, then select Write Static Routing Tables to Permanent Storage.
If you have collected gatekeeper information for multiple WAN calls,
press Esc to return to the STATICON main menu, then select Write
Static Routing Tables to Permanent Storage.
14 If necessary, press Esc to return to the Select Configuration Method
menu. Exit STATICON.
Configuring Watchdog Spoofing

When several workstations are operating over an on-demand call, the frequent
exchange of watchdog packets can keep the connection active most of the
time. Depending on the telecommunications carrier you use for the
connection, this can become expensive.
You can avoid this by configuring your router to spoof the watchdog packets.
This means that the router captures watchdog query packets on their way to a
workstation and responds on the workstation's behalf without activating the
on-demand call.
Note, however, that because of spoofing, the workstation's server connection
remains occupied unless the workstation logs out. To avoid this, have the
remote server execute a forced logout of all workstations at a predetermined
time so that all server connections are free for the next day.
Setting Up 65

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
For more information about watchdog spoofing and related topics, refer to
“Watchdog Packet Spoofing” on page 30.
How to Configure Watchdog Spoofing on an Interface
How to Configure Watchdog Spoofing for Call Destinations
How to Configure Watchdog Spoofing on an Interface

By default, watchdog spoofing is enabled for all on-demand WAN
connections. If you want to disable watchdog spoofing on a WAN interface,
interface > Expert Bind Options
2 Select On Demand Spoofing , press Enter , then select Disabled .
3 Press Esc and save your change.
System .
How to Configure Watchdog Spoofing for Call Destinations

By default, watchdog spoofing is enabled for all on-demand WAN
connections. To configure watchdog spoofing for a particular on-demand
WAN call destination, complete the following steps:
interface > WAN Call Destinations
2 Select a call destination.
If you are modifying an on-demand call that has already been
configured, select one from the list.
If you are configuring a new on-demand call, press Ins and choose a
call from the list of available calls.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
3 Select Expert Options .

4 Select On Demand Spoofing .
The default state is Use Default . This means the call uses the spoofing
state to which the interface is currently set.
If spoofing is enabled on the interface but you want to disable it only
for this call, select Disabled.
If spoofing is disabled on the interface but you want to enable it only
for this call, select Enabled.
System .
Configuring Routed or Static On-Demand Calls

Novell Internet Access Server 4.1 enables you to configure a routed on-
demand call or static on-demand call for each WAN call destination.
Unlike the standard on-demand call, which relies on statically configured
routes and services at each end of a point-to-point connection, a routed on-
demand call runs a routing protocol while the link is active. When the link
goes down, the routes and services made known by the routing protocol
become unavailable.
Typically, a Data-Link layer timer triggers the termination of an on-demand
call after no data has crossed the link for some period of time. Because a
routing protocol running over a routed on-demand call would reset this timer
each time a protocol packet is sent or received, it would keep a link active
because of the protocol data flowing through. To solve this problem, Novell
Internet Access Server 4.1 uses a timer that operates at the Network layer. This
timer is reset only when data packets—not protocol packets—cross the link.
In this way, the routing updates do not keep an on-demand link active when
no data is being transmitted.
NOTE: A minimal (seed) set of static routes and services must be associated with
a routed on-demand call for key server access. Unless the call is known to get
Setting Up 67

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
somewhere, the link will not come up. After the link comes up, other services and
routes can be accessed.
For more information about routed and static on-demand calls and related
topics, refer to “Call Types” on page 25.
How to Configure Routed or Static On-Demand Calls

Before you begin, you must complete the following tasks:
Configure at least one on-demand WAN call destination.
Configure a minimal set of routes and services for key server access.
To configure a routed or static on-demand call, complete the following steps:
Select Configure NIAS > Protocols and Routing > Bindings
2 Select an on-demand call.
If you are modifying an on-demand call that has already been
configured, select one from the list.
If you are configuring a new on-demand call, press Ins and choose a
call from the list of available calls.
The WAN Call Destination Entry screen is displayed.
3 Select WAN Call Destinations .
4 Select a WAN call destination from the list of configured calls, then do
one of the following:
To configure a routed on-demand call, select Routed On Demand from
the pop-up menu, then proceed to Step 5.
To configure a static on-demand call, select Static On Demand from
the pop-up menu, then proceed to Step 6.
By default, on-demand calls are static, and routing traffic over an on-
demand call is disabled.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
5 For a routed on-demand call only, do the following:

5a Select RIP Bind Options.
5b Configure the routing protocol you want to run over the call.
If you want to run RIP/SAP:
Select RIP Options .
Set RIP State Override to On .
Configure the other RIP override parameters as necessary.
Press Esc .
Select SAP Options .
Set SAP State Override to On .
Configure the other SAP override parameters as necessary.
If you want to run NLSP:
Select NLSP Options .
Set NLSP State Override to On .
Configure the other NLSP override parameters as necessary.
System .
Configuring IPX and NCP Header Compression

Header compression increases the throughput of IPX and NCP packets over
low-speed serial lines. An IPX packet header is 30 bytes and is typically
followed by an upper-layer protocol header, such as an SPX header. Header
compression reduces the size of this combined packet header to just a few
bytes.
Header compression is negotiated by the IPXWANTM protocol when a call is
established over any WAN connection. Header compression is not used on the
connection if IPXWAN detects that one of the end nodes does not support it.
Setting Up 69

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
When you enable header compression, you can also specify the number of
compression slots . A compression slot is a location in router memory that
stores packet header information. The compression algorithm uses this
information to compress outgoing—and decompress incoming—packet
headers.
By default, the number of allocated compression slots is 16. In general, a
session between two end points uses one slot; routing information uses one or
two. Each slot can contain an IPX or an NCP header. When no more slots are
available, packet headers are sent uncompressed, or old slots are reused.
For more information about IPX and NCP header compression and related
topics, refer to “Header Compression” on page 31.
IMPORTANT: To use header compression, the routers at each end of the
connection must have header compression enabled and must allocate the same
number of header compression slots . If the number of compression slots is
different on each router, IPXWAN selects the lesser of the two.
This topic contains the following sections:

“How to Configure IPX and NCP Header Compression on an Interface”
on page 70
“How to Configure IPX and NCP Header Compression per Call
Destination” on page 71
How to Configure IPX and NCP Header Compression on an Interface

To configure IPX and NCP header compression on a WAN interface, complete
2 Select Header Compression .
This parameter enables or disables header compression for all IPX
packets sent through this interface. By default, header compression is
enabled on all WAN interfaces; if you want to disable it on the interface,
select Disabled .
3 Select Compression Slots , then enter the number of slots you want to
allocate to this interface.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The more concurrent IPX sessions you use over the interface, the more
compression slots you should allocate.
IMPORTANT: Be careful not to allocate too many compression slots. Memory is
required to store the headers, and the compression algorithm must scan through
stored headers to find a match for each transmitted packet. An excessive number
of slots results in a higher processing load and slower performance.

System .
How to Configure IPX and NCP Header Compression per Call

Destination
By default, header compression is enabled for all WAN connections. To
configure header compression for a particular WAN call destination, complete
interface > WAN Call Destinations
2 Select a call destination.
If you are modifying a call that has already been configured, select
one from the list.
If you are configuring a new call, press Ins and choose a call from the
list of available calls.
3 Select Expert Options .
4 Select Header Compression .
The default state is Use Default . This means the call uses the
compression state to which the interface is currently set.
If compression is enabled on the interface but you want to disable it
only for this call, select Disabled.
If compression is disabled on the interface but you want to enable it
only for this call, select Enabled.
Setting Up 71

103-000176-001
August 29, 2001
Novell Confidential
5 Select Compression Slots , then enter the number of slots you want to
allocate to this call.
IMPORTANT: Be careful not to allocate too many compression slots. Memory is
required to store the headers, and the compression algorithm must scan through
stored headers to find a match for each transmitted packet. An excessive number
of slots results in a higher processing load and slower performance.

System .
Configuring NLSP
Novell developed NLSP to meet the demands of large IPX internetworks. As
a link state routing protocol, NLSP offers better performance, reliability, and
scalability than the IPX RIP routing traditionally employed by NetWare
servers.
Unlike RIP and SAP, which periodically broadcast routing and service
information respectively, NLSP transmits routing information only when a
change occurs in a route or service somewhere in the network, or every two
hours —whichever occurs first. Because NLSP generates fewer routing
updates than RIP and SAP, it uses less network bandwidth to maintain its
routing database.
To transmit information about its directly connected routers and the links to
those routers, an NLSP router uses Link State Packets (LSPs). By default,
LSPs are 512 bytes, a nominal value that is sufficient for most IPX networks.
If you have a large network—on the order of 4,000 routes and 2,000 services
or more—you should increase the value of the LSP Size parameter to 1024.
To configure this parameter, refer to “How to Change the LSP Size” on page
76.
By default, NLSP broadcasts its packets because some LAN drivers do not
properly support multicast , a transmission mode that enables only those
devices listening for a specific multicast packet address to accept the packet.
You can, however, change the NLSP packet transmission mode to multicast
with the MAC Channel parameter. An advantage of using multicast

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
transmission is that NLSP packets sent by multicast do not clutter nonrouting

nodes with unnecessary traffic.
NOTE: All NetWare systems on the same LAN must use the same NLSP packet
transmission mode.
NLSP makes large IPX internetworks more manageable by allowing you to

partition them into administrative domains called routing areas . Each routing
area can be identified by up to three area addresses , a unique, 4-byte
hexadecimal number that identifies each NLSP router as being part of a
routing area. Although area addresses are not required, they are available
chiefly for compatibility with future versions of NLSP and do provide some
benefit for large IPX internetworks.
WARNING: Do not configure area addresses unless you must partition a large IPX
internetwork. If you make an error in the address assignments, you can partition
your network inadvertently and lose connectivity between some routers.
Each NLSP router is identified by a unique, 6-byte hexadecimal number called

the system ID . The default system ID comprises a 2-byte constant, 0x0200,
followed by the router's own internal network number. You should not change
the system ID unless you have another numbering scheme in place with which
you can reliably track and manage the NLSP routers on your network. If you
must change a router's system ID, use another unique number, such as the
physical address of one of the router's network interface boards.
Using a default cost value based on media throughput, NLSP chooses the best
route by which to forward IPX packets. Novell Internet Access Server 4.1
enables you to override this value on an interface. By overriding the default
cost, you can establish preferred routes, balance traffic loads among
interfaces, and set up specific traffic flows between routers. For more
information, refer to “Balancing Traffic Loads over Equal-Cost Routes” on
page 92.
All NLSP routers have a configurable parameter called the Priority . The
router with the highest priority becomes the Designated Router , which
assumes the responsibility for exchanges of link state information on behalf of
all other NLSP routers on the LAN. You do not typically need to change a
router's Priority value; the NLSP routers automatically elect one from
themselves. However, if you want to force a router to become the Designated
Router for its LAN, increase its Priority value to at least 85. The router you
choose should be typically up and should have enough memory to process
NLSP routing information and generate the pseudonode LSP for its LAN. If
you want to prevent a particular router from becoming the Designated Router,
decrease its Priority value.
Setting Up 73

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IMPORTANT: Novell Internet Access Server 4.1 provides a set of convergence

parameters that enable you to customize the operation of NLSP on your router.
The default values for these parameters are sufficient for most IPX networks and
should be changed only on the advice of your technical support representative.
When configuring NLSP on an interface, you can set the NLSP State
parameter to one of two states: On or Off . On enables the router to exchange
NLSP packets freely with other NLSP routers on the attached network. Off
disables NLSP routing on the interface.
“How to Configure NLSP” on page 74
“How to Change the LSP Size” on page 76
How to Configure NLSP

If you implement NLSP throughout a large IPX internetwork, or even if you
want to configure NLSP on just a few routers or servers, refer to NLSP
Migration for information about planning your implementation of NLSP.
To configure NLSP on the router, complete the following steps:
2 Select the Routing Protocol parameter, then select NLSP with RIP/SAP
Compatibility .
3 Press Esc to return to the Internetworking Configuration menu, then
select the following path:
Select Bindings > a network interface > Expert Bind Options > NLSP
Bind Options
4 Select NLSP State .
If you want to run NLSP over the interface, select On.
This enables NLSP routing on the interface.
If the interface is on an area boundary, or if you want to filter
incoming RIP or SAP packets at the interface, select Off.

103-000176-001
August 29, 2001
Novell Confidential
If the router supports two or more interfaces and you want to filter
routes and services to a remote site through this interface:
Select Off .
Enable RIP and SAP on the interface.
To enable RIP and SAP, refer to “Configuring RIP and SAP” on page
77.
5 Select MAC Channel , then select the NLSP packet transmission mode.
If you select Multicast , NLSP automatically determines the multicast
address. All systems on a network must be set to Multicast ; otherwise,
the systems default to Broadcast , the default state for this parameter.
IMPORTANT: Make sure the driver you are using supports multicast
transmission; drivers that do not support multicast can cause systems to become
unaware of each other.
6 If you want to customize the interface further, configure one or more of

the following parameters:
most NLSP networks, you should change them only for a specific purpose.
Misconfiguring these parameters can increase routing traffic or cause loss of
MTU Override —Overrides the Maximum Transmission Unit

(MTU) of the network medium to which this interface is connected.
All outbound packets on this interface use the value you enter. The
default value is 0, which means use the MTU of the network
medium. For example, the Ethernet MTU is 1,500 bytes.
Configure this parameter if you have a bridge or other device on your
network, or if you want to transmit smaller packets over a WAN.
Priority —Sets the priority of the NLSP router on the network
segment to which this interface is connected. The default priority is
64; increase this value to at least 85 if you want the router to become
the Designated Router for its LAN; decrease it if you want to prevent
the router from becoming the Designated Router.
Cost Override —Overrides the default cost of the network medium
to which this interface is connected. To configure this parameter,
refer to “Balancing Traffic Loads over Equal-Cost Routes” on page
92.
Pace Override —Specifies the maximum number of NLSP packets
that can be sent each second through this interface. On a LAN, the
Setting Up 75

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
default—and maximum—pace for NLSP packets is 30 pps; on a

WAN, the NLSP pace is derived from the throughput of the link.
The default value for this parameter is 0, which means do not
override the current pace.
System .
How to Change the LSP Size

The larger the packet a network can carry, the fewer LSPs are required to
propagate an NLSP router's link state information on that network. However,
the LSP used by the router must be no larger than the largest frame size
supported by the network, less 30 bytes for the IPX header. For example, an
ARCnet* LAN can transmit no more than 576 bytes at a time. If you leave
LSP Size at the default value of 1024, the LSP cannot be transmitted across
the LAN because it is too large. The result is that the network is prevented
from converging.
Before you begin, you should know the maximum frame size supported by the
network to which the NLSP router is connected.
To change the size of the LSP that a router transmits, complete the following
steps:
Select Configure NIAS > Protocols and Routing > Protocols > IPX >
Expert Configuration Options
2 Select LSP Size , enter a value between 128 and 4096, then press Enter .
System .

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Configuring RIP and SAP

RIP and SAP are the routing and service advertising protocols traditionally
used by NetWare systems to exchange route and service information on an
IPX network. RIP is currently the most common routing protocol used on IPX
networks.
RIP and SAP perform well in small networks that have simple architectures
and few routers. These protocols, however, begin to reveal their limitations in
the large, complex internetworks that are becoming increasingly common
throughout the installed base of NetWare systems.
By default, RIP and SAP packets are broadcast every 60 seconds, even if no
change has occurred anywhere in a route or service. Depending on the size and
speed of the network, these periodic broadcasts can consume a significant
amount of bandwidth and burden NetWare nodes, especially over WAN links.
Novell Internet Access Server 4.1 provides a configurable parameter, Periodic
Update Interval , that enables you to control how often a router broadcasts its
route and service updates. This, along with other configurable parameters,
such as Aging Interval Multiplier, Pace Override, and Packet Size Override,
enables you to fine-tune the operation of RIP and SAP on your router.
However, the default values for these parameters are sufficient for most IPX
networks and should be changed only on the advice of your technical support
representative. A misconfiguration can cause the router to lose routes and
services or even generate more traffic than usual.
When configuring RIP on an interface, you can set the RIP State parameter to
one of three states: Auto, On, or Off. Auto, the default state, enables the router
to accept incoming RIP packets and rebroadcast their routes only if RIP-
broadcasting devices, such as NetWare 2 servers, are operating on the attached
network. If those devices are removed from the attached network, the Auto -
state interface responds by automatically disabling RIP and enabling NLSP.
On enables the router to exchange RIP packets freely with other RIP routers
on the network. Off disables RIP routing on the interface but does not prevent
the router from responding to incoming requests for RIP routes from local
NetWare workstations.
Similarly, you configure SAP on an interface with the SAP State parameter,
which can also assume one of three states: Auto , On , and Off . Auto , the
default state, enables the router to accept incoming SAP packets and
rebroadcast their services only if SAP-broadcasting devices, such as NetWare
2 servers, are operating on the attached network. If those devices are removed
from the attached network, the Auto -state interface responds by automatically
Setting Up 77

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
disabling SAP and enabling NLSP. On enables the router to exchange SAP
packets freely with other routers on the network. Off disables SAP advertising
on the interface but does not prevent the router from responding to incoming
requests for services from local NetWare workstations. Additionally, the Off
state still allows the router to import locally advertised services.
NOTE: If you want to filter routes or services between routers, use RIP and SAP.
NLSP routers cannot filter routes or services.
You should avoid running RIP and SAP over WAN connections because of the
cost they incur from periodic transmissions.
“How to Configure RIP” on page 78
“How to Configure SAP” on page 80
“Accepting and Advertising Services from a Network Not Listed in the
Routing Information Table” on page 82
How to Configure RIP

To configure RIP, complete the following steps:
2 Select Routing Protocol , then select RIP/SAP Only .
Select RIP/SAP Only only if your network has no NLSP routers.
Select Bindings > a network interface > Expert Bind Options > RIP Bind
Options
4 Select RIP State .
If you want to run RIP over the interface, select On.
This state is necessary for some third-party products that require RIP to
operate.
If you do not want to run RIP over the interface, select Off.
This state disables backward compatibility with older routers and servers
that use and depend on RIP.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
If non-NLSP devices, such as NetWare 2 servers, are operating on the

attached network and you want the router to accept and broadcast
RIP packets received from these devices, select Auto.
Auto is the default state.
5 If you want to customize RIP operation further, configure one or more of
most RIP-based IPX networks, you should change them only for a specific
purpose. Misconfiguring these parameters can increase routing traffic or cause
loss of connectivity on your network.
Periodic Update Interval —Measured in 30-second units, determines

the interval at which RIP packets are transmitted through this
interface. The default value is 2 (60 seconds).
Each router on the network segment to which this router is attached
must use the same value for the Periodic Update Interval .
Aging Interval Multiplier —Controls how long the router keeps route
information received through this interface. The product of this
parameter and the RIP Periodic Update Interval specifies how long
the router keeps route information from periodic RIP updates
received through an interface.
Increasing the Aging Interval Multiplier slows the rate at which the
router ages the routes in its Routing Information Table. This is
necessary to keep routes that might otherwise be aged out of the
routing table because of dropped RIP updates.
The default value for the Aging Interval Multiplier is 4. For
example, if RIP packets are sent every 60 seconds (Periodic Update
Interval equals 2), the router keeps the route information for 240 (60
x 4) seconds without refreshing it.
must use the same value for the Aging Interval Multiplier .
Pace Override —Specifies the maximum number of RIP packets that
can be sent each second through this interface. The default—and
maximum—pace for RIP packets is 9 pps.
Setting Up 79

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Packet Size Override —Specifies the size, in bytes, of RIP packets

sent on this interface. The default value is 0, which means do not
override the current value.
Each router on the network segment must use the same RIP packet
size.
System .
How to Configure SAP

To configure SAP, complete the following steps:
2 Select Routing Protocol , then select RIP/SAP Only .
Select Bindings > a network interface > Expert Bind Options > SAP
Bind Options
4 Select SAP State .
If you want to run SAP over the interface, select On.
This state is necessary for some third-party products that rely on SAP to
advertise their services. Setting SAP State to On also enables RIP
routing on the interface.
If you do not want to run SAP over the interface, select Off.
This state disables backward compatibility with older routers and servers
that use and depend on SAP. The router responds to incoming SAP
requests, such as Get Nearest Server, even if SAP is disabled on this
interface.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
If non-NLSP devices, such as NetWare 2 servers, are operating on the

attached network and you want the router to accept and broadcast
SAP packets received from these devices, select Auto.
Auto is the default state.
5 If you want to customize SAP operation further, configure one or more of
most RIP-based IPX networks, you should change them only for a specific
purpose. Misconfiguring these parameters can increase routing traffic or cause
loss of connectivity on your network.
Get Nearest Server Requests Override —Determines whether the

router accepts or ignores SAP Get Nearest Server requests it receives
through this interface. Select one of the following options:
No Override —Do not override the global setting for the router. This
is the default state.
Ignore —Ignore Get Nearest Server requests received through this
interface.
Accept —Accept Get Nearest Server requests received through this
interface.
Periodic Update Interval —Measured in 30-second units, determines
the interval at which SAP packets are transmitted through this
interface. The default value is 2 (60 seconds).
must use the same value for the Periodic Update Interval .
Aging Interval Multiplier —Controls how long the router keeps
service advertisements received through this interface. The product
of this parameter and the SAP Periodic Update Interval specifies
how long the router keeps service information from periodic SAP
updates received through an interface. This parameter is a holding
multiplier for the SAP Periodic Update Interval .
The default value for the Aging Interval Multiplier is 4. For
example, if SAP packets are sent every 60 seconds (Periodic Update
Interval equals 2), the router keeps the service information for 240
(60 x 4) seconds without refreshing it.
must use the same value for the Aging Interval Multiplier .
Setting Up 81

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Pace Override —Specifies the maximum number of SAP packets

that can be sent each second through this interface. The default—and
maximum—pace for SAP packets is 9 pps.
Packet Size Override —Specifies the size, in bytes, of SAP packets
sent on this interface. The default value is 0, which means do not
override.
Each router on the network segment must use the same SAP packet
size.
System .
Accepting and Advertising Services from a Network Not Listed in the

Routing Information Table
Novell Internet Access Server 4.1 routing software includes a SET command
that enables an IPX router to accept and advertise a service from another
network, even if the network number associated with the service is not listed
in the router's Routing Information Table.
The syntax of this command is as follows:
SET REQUIRED NETWORK FOR SERVICES=ON|OFF
To understand how this command works, consider Figure 12 on page 83,

which shows two directly connected IPX routers, one serving a large
backbone network, the other serving a NetWare LAN.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Figure 12 IPX Router Accepting and Advertising Services from a Network Not Listed in the Routing
Information Table
Backbone
Network
LAN Router Backbone SAP

Router
NetWare
LAN
NetWare File Server
on Network 0x01234567
Suppose a NetWare server somewhere within the backbone network

advertises its file services, which the backbone router receives as a SAP
packet (Service Type=0x0004 and Network Number=0x01234567, for
example). When the LAN router receives the SAP packet from the backbone
router, it checks its Routing Information Table for the network number
0x01234567.
If the LAN router finds the network number, it adds the associated service
information to its services table and advertises the service to the LAN during
the next SAP broadcast. If the LAN router does not find the network number,
it discards the packet. This function occurs if the following command has been
entered at the LAN router:
SET REQUIRED NETWORK FOR SERVICES=ON
This function is disabled by default. However, if this function has been

enabled by the preceding command, it can be disabled by entering the
following command:
SET REQUIRED NETWORK FOR SERVICES=OFF
If the previous command has been entered, the LAN router will not discard the
packet if it does not find the network number in its Routing Information Table.
If the router does not find the network number, it first checks for the nearest
NLSP level 2 router and then for the RIP default route (0xFFFFFFFE) or an
aggregated route. If the LAN router finds one of these, it adds the associated
service information to its services table. If the LAN router does not find any
one of these, it then discards the SAP packet.
Setting Up 83

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Proxying a NetWare File Server

If you have a dedicated router—a PC running Novell Internet Access Server
4.1 over a two-user version of NetWare 4.11—and several NetWare
workstations operating on a network, the router can reply with a NetWare file
server's name—instead of its own—when it receives a SAP Get Nearest
Server request. This is called proxying a file server .
Proxying avoids the situation in which several workstations on a network
restart simultaneously, and the only path to a file server is through the
dedicated router. When each workstation restarts, it sends a Get Nearest
Server request to the router. Because the dedicated router cannot support
multiple, simultaneous logins, all but one of the requesting workstations lock
up and fail. Because the proxied file server has multiple connection slots, it
can handle simultaneous NCP connection requests from the workstations.
A dedicated router always replies to Get Nearest Server requests. As a proxy,
the router still replies but gives the proxy name rather than its own. In fact, the
router replies with the server name even if the server is not active.
In addition to having a server proxy on the network, each NetWare
workstation should be configured with a preferred server.
“How to Proxy a NetWare File Server” on page 84
“How to Check the Proxy Configuration” on page 85
How to Proxy a NetWare File Server

Before you begin, you must know the name of the NetWare file server you
want to proxy.
To proxy a NetWare file server, complete the following steps:
By default, the Get Nearest Server Requests parameter is set to Accept .
The setting you select applies to all interfaces. You can, however,
override this setting on a particular interface. For a description of how to
configure a network interface, refer to "Setting Up" in the documentation
for the type of WAN interface you are using.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
2 If you want the router to ignore Get Nearest Server requests, set Get
Nearest Server Requests to Ignore .
3 Select Override Nearest Server , then select Enabled .
This parameter enables the router to respond to a workstation's Get
Nearest Server requests with the proxied server name instead of its own
name.
4 Select Nearest Server , then enter the name of a reliable server (one that
is operating most of the time).
System .
How to Check the Proxy Configuration

To make sure the router is proxying for the correct file server, complete the
following steps:
1 At the router console prompt, enter
TRACK ON
2 Display the SAP Tracking screen.
3 Restart one of the NetWare workstations on the network.
4 Watch the SAP Tracking screen for the workstation's Get Nearest Server
request and for the router's reply with the correct server name.
If you supplied the wrong name or the name of a server that the router
cannot reach, the SAP Tracking screen displays the following message:
No response to GNS sent - no route to configured server
<server_name>
5 Return to the router console, then enter

TRACK OFF
Setting Up 85

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Configuring the IPX Address Mapping Gateway

The IPX Address Mapping Gateway allows you to connect to a backbone
network even when your local network numbers are not compatible with the
backbone addressing scheme.
To configure the IPX Address Mapping Gateway, complete the following
steps:
1 Load NIASCFG and select the following parameter path:
2 Select Address Mapping Gateway and select Enabled .
3 Select Address Mapping Gateway Configuration , select Address
Mapping Network Number , and enter the number to which your local
network will be mapped.
NOTE: You must enter a registered address unique to the backbone.
One number is supported for each router. Additionally, this number is

included as part of the SAP name advertised by the IPX Address Mapping
Gateway. The SAP name is used by other gateways to locate gateways
that use the same address mapping network number when a packet with
an unknown reverse mapping is received.
4 Configure the following parameters as needed.
To configure the maximum number of address mappings that is
allocated during router initialization, select Maximum Address
Mapping Entries and enter the desired number of mapping entries.
The default is 1,000 mapping entries.
To configure the amount of time an address mapping is remembered
after the last mapping entry was used, select Address Mapping Hold
Time and enter the desired amount of time in minutes, hours, and days.
After the holding time expires, the mapping is dropped and new packets
must flow from the customer network to the backbone to renew the
mapping. This process allows mapping slots to be reused. The default
hold time for mapping is one hour.
To use outbound RIP filters to determine nonmappable networks, in
addition to manually configuring nonmappable entries, select Use
RIP Filters for Nonmappable Networks and select Enabled.

103-000176-001
August 29, 2001
Novell Confidential
If the source network number in a packet being forwarded to an IPX

Address Mapping Gateway circuit passes the outbound RIP filter on that
circuit, the packet is not mapped. If the source network number does not
pass a RIP filter, the packet is mapped.
The default is Disabled . When disabled, RIP filters are not used to
determine nonmappable network addresses.
NOTE: If enabled, the RIP filter module must be loaded from the IPX protocol
menu, and the RIP filter must be configured carefully to block the correct network
numbers.
To configure a SAP type list that is used to determine networks that

are nonmappable, select Nonmappable SAP Types and select one of
the predefined SAP types or press Ins to add a new type. To add a new
SAP type, enter the desired SAP type or press Ins and select a SAP type
from the list of known service types.
The SAP tables are scanned for SAP entries with matching SAP types.
After finding all matching SAP types, the IPX Address Mapping
Gateway determines the network numbers on which the services are
found and applies those network numbers to the list of nonmappable
networks.
This option makes configuring nonmappable network numbers easier.
For example, all packets originating from the Novell Directory
ServicesTM (NDSTM ) software or NetWare Mobile IPXTM software
should not be translated. Therefore, SAP types for NDS, NetWare Mobile
IPX, and Timesync are included in the list by default.
NOTE: To avoid mapping NetWare 3.x servers, add SAP type 4 to the list of
nonmappable SAP types.

7 Select the following parameter path:
For LAN interfaces, select Bindings > a LAN interface > Expert Bind
Options .
For WAN interfaces, select Bindings > a WAN interface > WAN Call
Destinations > a call destination > Expert Options .
8 To enable the IPX Address Mapping Gateway on an interface, select Use
For Address Mapping Gateway and select Yes .
When this option is enabled, all packets destined for the interface or WAN
call destination are subject to the address mapping rules.
Setting Up 87

103-000176-001
August 29, 2001
Novell Confidential
Configuring IPX Route Aggregation

IPX Route Aggregation enables you to introduce routes learned through RIP
in a summarized form. Route aggregation compactly describes many IPX
network numbers simultaneously by using an address and mask pair. For
example, all addresses from C9000000 to C9FFFFFF can be represented using
the address C9000000 and the mask FF000000.
To configure IPX Route Aggregation, complete the following steps:
1 Load NIASCFG and select the following parameter path:
For LAN interfaces, select Configure NIAS > Protocols and Routing >
Bindings > a LAN interface > Expert Bind Options > Aggregate Routes .
For WAN interfaces, select Configure NIAS > Protocols and Routing >
Bindings > a WAN interface > WAN Call Destinations > a call
destination > Aggregate Routes .
2 Press Ins and configure the following parameters:
2a Select Address Summary and enter the prefix for the network
addresses to be aggregated.
For example, any network beginning with C9, such as C9123829 or
C9823878, can be aggregated using the address summary C9000000
with a mask of FF000000.
2b Select Mask and enter a number with Fs for the part of the mask that
corresponds to the common prefix of all network addresses to be
aggregated and 0s for the rest of the mask.
For example, to summarize all addresses that begin with the same
three numbers, set the mask to FFF00000.
2c Optionally, to advertise an aggregate route only when at least one of
the routes is received, select Type and set it to Dynamic .
For LANs, Type can be set only to Dynamic . If you select Static for
a WAN interface, the aggregate route is always advertised.
Aggregate routes associated with static on-demand WAN calls
should always be set to Static .
NOTE: If Type is set to Dynamic , only routes learned through RIP will trigger
the dynamic aggregate route to be advertised. Routes learned through NLSP
will not trigger the dynamic aggregate route to be advertised. Routers that
have dynamic aggregate routes configured on some interfaces should have
NSLP disabled and RIP enabled on those interfaces.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

Controlling the Propagation of Type 20 Packets

Novell Internet Access Server 4.1 enables you to control the propagation of
type 20 packets with the Advanced Packet Type 20 Flooding parameter. Type
20 is an IPX packet type that refers to any propagated packet. NetBIOS
packets, for example, are type 20 packets.
The Advanced Packet Type 20 Flooding parameter can be set to one of the
following options:
0 —Router discards, rather than propagates, any type 20 packet it
receives. This option completely disables type 20 packet propagation.
1 —Router receives and propagates type 20 packets through all its
interfaces, regardless of whether some of the interfaces are equal-cost
routes to the same source.
2 —Router propagates type 20 packets only through interfaces that do not
lead back to the source of the packets. For example, if Router A receives
a type 20 packet from Router B, Router A forwards the packet only
through interfaces that do not lead back to Router B. This is a packet
forwarding mechanism known as reverse path forwarding .
The router does not propagate type 20 packets through the same interface
from which it receives them. This is known as split horizon , a technique
used with RIP and other distance vector routing protocols.
3 —Router propagates type 20 packets the same way as option 2, but does
not forward them across WAN connections.
If you use FILTCFG to configure NetBIOS packet filters, be aware of the
following interactions between these filters and the Advanced Packet Type 20
Flooding parameter:
Setting Advanced Packet Type 20 Flooding to 1 (disabled) overrides the
effect of NetBIOS packet filters operating on any network interface.
Conversely, the action of NetBIOS packet filters on any network interface
overrides the effect of setting the Advanced Packet Type 20 Flooding
parameter to 2 (enabled).
Setting Up 89

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
How to Control Propagation of Type 20 Packets

To configure the propagation of type 20 packets from the server console, enter
the following console command:
SET IPX NETBIOS REPLICATION OPTION = [0|1|2|3]
To check the current setting, you can type the command by itself.
To configure the propagation of type 20 packets from NIASCFG, complete the
following steps:
2 Select Advanced Packet Type 20 Flooding and select one of the options
described previously.
System .
Changing the Hop Count Limit for IPX Packets

The Novell Internet Access Server 4.1 routing software enables you to
increase the range of outbound IPX packets with the Hop Count Limit
parameter. The hop count limit is the maximum number of routers (hops) an
IPX packet can traverse before it is discarded. You can set the Hop Count
Limit parameter to any number between 8 and 127; however, the default value
of 64 is sufficient for most IPX networks.
NOTE: The Hop Count Limit parameter applies only to IPX packets. It does not
increase the range of RIP and SAP packets, which are limited to 16 hops, or
NetBIOS packets, which are limited to eight hops.
Before the release of NetWare MultiProtocol Router 3.0 and NetWare 4.1, the
hop count limit for all IPX packets was 16. This limited the size, or diameter,
of IPX networks.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
If the diameter of your IPX network is close to the 16-hop limit, you should
run NLSP on the routers at the network boundary to ensure continued
connectivity across the network as it grows. Figure 13 provides a simple,
conceptual view of how this can work.
Figure 13 Running NLSP at the Boundary of a Large IPX Network
5 hops 10 hops 5 hops
NLSP Routers RIP Routers NLSP Routers
20 hops
For more information about hop count, IPX routing, and related topics, refer
to Chapter 1, “Understanding,” on page 11.
How to Change the Hop Count Limit

To change the hop count limit, complete the following steps:
2 Select the Hop Count Limit parameter, enter a value between 8 and 127,
then press Enter .
System .
Setting Up 91

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Balancing Traffic Loads over Equal-Cost Routes

If a NLSP router has two or more network interfaces with routes to the same
destination, it can distribute outbound traffic among those interfaces for an
effective increase in throughput. This is called load balancing or load sharing
.
NLSP uses an assigned path cost to select the best route by which to forward
outbound IPX packets. The higher the throughput of the network medium, the
lower the cost of the route.
Table 4 shows the throughput range and default cost of some typical network
media.
Table 4 Throughput Range and Default Cost of Typical Network Media
Throughput Range Default Cost Typical Network Media
0-16 Kbps 61 9,600-baud line
48-64 Kbps 45 ISDN (U.S.)
64-128 Kbps 45 ISDN (Europe)
1-2 Mbps 27 Corvus Omninet (1 Mbps), T1 (1.5

Mbps)
2-4 Mbps 26 E1 (2 Mbps), ARCnet (2.5 Mbps)
4-8 Mbps 25 Token ring (4 Mbps), Corvus Omninet

(4 Mbps)
10-16 Mbps 20 Ethernet (10 Mbps)
16-32 Mbps 19 Token ring (16 Mbps)
64-128 Mbps 14 FDDI (100 Mbps), CDDI (100 Mbps)
You can specify up to eight equal-cost routes to a single destination with the
Maximum Number of Path Splits parameter. Two routes are equal in cost if
the cost to the destination is the same for both routes. To equalize the costs of
two interfaces, you set their Cost Override parameter to the same value. By
default, Cost Override is set to 0 for all interfaces, which means that NLSP
uses the default cost associated with the connected medium and throughput
range listed in Table 4 .

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
If you configure equal-cost routes on two or more interfaces, make sure the
associated media throughputs fall within—or near—the same range, as
indicated in Table 4. For example, equal-cost routes between a 10-Mbps
Ethernet link and a 16-Mbps token ring link are viable; equal-cost routes
between a 4-Mbps token ring link and a 16-Mbps token ring link are not.
WARNING: Do not equalize the cost of routes whose throughputs differ greatly;
this can interfere with the operation of IPX applications running over the network.
For more information about load balancing and path cost, refer to Chapter 1,
“Understanding,” on page 11.
How to Balance Traffic Loads over Equal-Cost Routes

Before you begin, make sure of the following:
NLSP is enabled on all interfaces you plan to configure.
To enable NLSP globally or on one or more interfaces, refer to “How to
Configure NLSP” on page 74.
The media over which you plan to configure equal-cost routes have the
same or similar throughput ranges.
For a list of throughput ranges and associated media, refer to Table 4 on
page 92.
To configure load balancing over equal-cost routes, complete the following
steps:
2 Select the Maximum Number of Path Splits parameter, enter a value
between 2 and 8, then press Enter .
Selecting a value of 2 or above automatically enables local load balancing
over the specified number of equal-cost routes.
Setting Up 93

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
5 Enter a cost for each interface over which you want to balance IPX traffic.
5a Select the following path:
Select Bindings > a network interface > Expert Bind Options >
NLSP Bind Options
5b Select the Cost Override parameter, enter a value between 1 and 63,
then press Enter .
System .
Configuring SPX Connection Parameters

Because some Novell and third-party NetWare applications place unique
demands on the SPX transport protocol, NIASCFG enables you to adjust the
values of the following parameters:
Maximum IPX Socket Table Size —Maximum number of concurrent
IPX sockets that can be opened by an application.
SPX Watchdog Abort Timeout —Time, in ticks (about 1/18 of a second),
SPX waits without receiving a packet from the other end of a connection
before concluding that the connection is no longer valid.
SPX Watchdog Verify Timeout —Time, in ticks, SPX waits without
receiving a packet from the other end of a connection before requesting a
watchdog, or keep-alive, packet.
SPX Ack Wait Timeout —Time, in ticks, SPX waits without receiving an
acknowledgment for a data packet it sent, before resending the packet.
SPX Default Retry Count —Number of times SPX resends a data packet
if it does not receive an acknowledgment.
The product of this parameter and the SPX Ack Wait Timeout is about
how long it takes for SPX to conclude that the connection is no longer
valid.
Maximum Concurrent SPX Sessions —Maximum number of concurrent
SPX sessions that can be opened by an application program.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The default values for these parameters are sufficient for most NetWare
applications. Any application that requires a change to one or more of these
parameters typically tells you so.
How to Configure SPX Connection Parameters

To adjust the value of any SPX connection parameter, complete the following
steps:
IPX/SPX Parameters
The IPX/SPXTM Parameters menu displays the SPX connection
parameters.
2 Enter a new value for each parameter you need to change.
System .
Setting Delay and Throughput for a Slow Link

Delay is the time, in microseconds, to send a byte of information from one
system to another. Throughput is the bandwidth of the network medium that
connects the systems. Together, these parameters characterize a link between
two systems or networks.
On WAN links, delay and throughput are estimated by the IPXWAN protocol.
For this reason, you should not need to change these parameters on routers
operating over a WAN link. On LAN links, the throughput is reported by the
network interface driver; the delay is 200 microseconds, a constant used by all
LAN media.
NLSP uses the delay and throughput values to calculate the number of ticks
for a route to a destination network. The number of ticks associated with a
route is directly proportional to the delay and inversely proportional to the
throughput.
Setting Up 95

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Some NetWare protocols, such as SPX, use the ticks value to calculate
retransmit timers. If you are configuring LAN routers that must communicate
over a bridge, a satellite, or both, you probably need to adjust the delay and
throughput values on the routers. Setting the throughput to match the speed of
the link and increasing the link delay prevent SPX retransmissions and
timeouts between systems separated by a slow link.
Figure 14 shows two NetWare LANs joined by two bridges communicating
over a satellite link. To enable the workstations to communicate with the
router and the systems in the IPX internetwork on the other end of the link,
you set the Throughput Override on each router to 56,000—the throughput of
the satellite link—and the Delay Override to 800,000—an arbitrary (but
sufficiently high) value to prevent timeouts over the link.
IMPORTANT: Although this configuration enables systems on each end of the link
to communicate through the routers, it does not enable direct workstation-to-
workstation communication between the two LANs.
Figure 14 Setting Delay and Throughput for Systems Communicating over a 56-KB Satellite Link
56-KB
Satellite Links
NetWare NetWare
Workstation Workstation
IPX IPX
Internetwork Internetwork
Bridge Bridge
NetWare NetWare
LAN LAN
NetWare NetWare
Router Router
Set Throughput Override to 56,000

and
Delay Override to 800,000

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
How to Set Delay and Throughput for a Slow Link

To set delay and throughput on an interface, complete the following steps:
Select Configure NIAS > Protocols and Routing > Bindings > a network
2 Select Delay Override , then enter a value.
By default, this parameter is set to 0, which means the router uses the
default value for LANs or the value estimated by IPXWAN. The valid
range is from 1 to 5,000,000 microseconds. One tick equals 55,000
microseconds, or about 1/18 of a second.
The value you enter overrides the default delay for this interface.
3 Select Throughput Override , then enter a value.
By default, this parameter is set to 0, which means the router uses the
value reported by the LAN driver or estimated by IPXWAN. The valid
range is from 300 to 4,294,967,295 bps.
The value you enter overrides the default throughput for this interface.
System .
Configuring IPX for Wireless Connectivity

In addition to the standard IPX routing software for wired LANs and WANs,
Novell Internet Access Server 4.1 routing software provides wireless
connectivity for portable NetWare workstations through NetWare Mobile
IPXTM software.
NetWare Mobile IPX consists of router and mobile client software that work
in concert to shield network users from the protocol and Network-layer
interruptions that occur when a user changes network interfaces or locations
during a network session.
Setting Up 97

103-000176-001
August 29, 2001
Novell Confidential

“Configuring a Home Router” on page 98
“Configuring a Mobile Client” on page 99
Configuring the NetWare Mobile IPX Home Router and client software is
straightforward and simple. The only decision you need to make before you
get started is where to locate the Home Router on your network. The next
section helps you determine the best location.
Configuring a Home Router

The Home Router serves as the central connection point between mobile
clients and NetWare servers. To enable mobile clients to establish and
maintain network connections, the Home Router allocates an address from the
server's IPX internal network for use by the mobile clients.
How to Configure a Home Router
To configure a Home Router, complete the following steps:

2 Select Mobile IPX Support , then select Enabled .
NOTE: Selecting Enabled automatically causes client validation on remote
access servers to be disabled. Remote access systems check whether packets
received from a WAN client have the same source IPX node address that was
assigned to the client during the IPXWANTM negotiation phase. Because NetWare
Mobile IPX uses a different filtering method, client validation is turned off to prevent
NetWare Mobile IPX packets being discarded by remote access servers.
3 Select Mobile IPX Configuration and configure the Home Router

parameters.
3a Select Time To Live Override and enter a value, in minutes, from 1
to 10080.
Time To Live Override overrides the mobile client's HR Time To
Live parameter, which defines how long the Home Router serves the
mobile client without receiving a response from the client. Each time
the Home Router receives information from the mobile client, the
Time To Live Override counter is reset to the value you enter here.
A value of 0, the default, disables the override.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
A mobile client cannot obtain a Time To Live value longer than the
one you specify here.
3b The Watchdog Spoofing parameter is enabled by default; to disable
watchdog spoofing on the Home Router, select Disabled .
Watchdog Spoofing controls whether the Home Router answers
NetWare Core ProtocolTM (NCPTM ) watchdog packets on behalf of
a mobile client. If Watchdog Spoofing is enabled, users do not lose
their connections to file servers as they roam out of wireless range.
3c Configure the Broadcast to Virtual Network parameter.
Broadcast to Virtual Network directs the Home Router to forward or
discard broadcast packets destined for the virtual network that the
router uses to communicate with its mobile clients.
If a large number of broadcast packets are being directed at mobile
clients, or if a mobile client's application does not require broadcast,
select Discard . By directing the Home Router to discard broadcast
packets, you reduce the amount of bandwidth used on the network.
System .
Configuring a Mobile Client

To configure a mobile client, you modify the client's STARTNET.BAT and
NET.CFG files. The changes you make to STARTNET.BAT are required for
NetWare Mobile IPX connectivity. Changes to NET.CFG are optional; they
are required only if you want to customize the client's NetWare Mobile IPX
configuration.
How to Configure a Mobile Client

Install the standard client software. For instructions, refer to the NetWare
client documentation.
Install the Novell Internet Access Server 4.1 mobile IPX client.
Setting Up 99

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Configure a mobile client board that is mobile aware and supports

PCMCIA card in/card out capability, in-range and out-of-range
capability, and NESL.
To configure a mobile client, complete the following steps:
1 Open the client's STARTNET.BAT file using a text editor.
A typical STARTNET.BAT file looks something like this:
@ECHO OFF
SET NWLANGUAGE=ENGLISH
CD NWCLIENT
LSL
driver
IPXODI
VLM /ps=server_name
CD \
2 Add the following changes, indicated in bold, in the order shown:
@ECHO OFF
CD NWCLIENT
LSL
NESL
driver
IPXODI /M
VLM /ps=server_name
CD \
NESL must be loaded for the mobile client to be activated. NetWare
Mobile IPX reacts to changes in the system, such as location and the
client's adapter board. The MAC driver is the system module that knows
of these events (for example, out of range of access point coverage, card
insertion or removal, and so on) and notifies IPX of such changes through
NESL.
The IPXODI /M switch enables the NetWare Mobile IPX client
software.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
A STARTNET.BAT file configured for NetWare Mobile IPX operation

looks something like this:
@ECHO OFF
CD C:\NWCLIENT
LH C:\NWCLIENT\LSL.COM
LH C:\NWCLIENT\NESL.COM
LH C:\NWCLIENT\NE2000.COM
LH C:\NWCLIENT\IPXODI.COM /M
C:\NWCLIENT\VLM.EXE /ps=MY_SERVER
3 Restart the client.
How to Customize Your Mobile Client
This section describes the optional parameters you can add to the Mobile IPX
section of a mobile client's NET.CFG file. The parameters enable you to
customize your NetWare Mobile IPX configuration.
An example of how these parameters are used is provided in “Example
NET.CFG File” on page 105.
Customizing Home Router Parameters
The following parameters enable you to customize the interaction between a

mobile client and its Home Router:
Preferred HR=Home_Router_Name
This command causes IPXODI to attempt to attach to the specified Home
Router (HR). If the router does not exist or is not specified, the Home
Router closest to the client is used.
This command enables some level of routing optimization to be achieved.
Specifying a Home Router that is the user's preferred server, or specifying
one in an inline routing path between the mobile client and most of its
logged-in servers, causes packets sent back to the client to take a more
direct path because all packets being sent to the client go through the
Home Router first.
HR Time To Live=x (where x = 5 to 10,080 minutes)
Setting Up 101

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
HR Time To Live specifies the time-to-live interval, in minutes, that the

IPXODI module attempts to use with the Home Router. It defines how
long the Home Router serves the mobile client before the router requires
an update from the mobile client. If this is not defined, IPXODI uses a
default value of 30 minutes.
NOTE: HR Time To Live can be overridden by the Home Router's Time To Live
Override parameter.
If the client does not update the Home Router after the HR Time To Live
value runs out, the Home Router stops serving the mobile client. Note that
only NCP watchdog packets, not Sequenced Packet ExchangeTM (SPXTM
) watchdog packets, are handled by the Home Router. If the mobile client
roams out of range and comes back within the amount of time set by HR
Time To Live , the timer is reset automatically; otherwise, if the client is
not back within range when the timer runs out, the mobile client is
dropped.
It is especially important to set HR Time To Live to a large value if the
mobile client is out of network range for a long time. While the time-to-
live value is still active in the Home Router, the router responds to server
NCP watchdogs on behalf of the client so that client sessions do not time
out while network connectivity is lost. If this value is too small, the Home
Router stops serving the mobile client before it returns within network
range, and all server connections are lost.
The only reasons the Home Router might not see a NetWare Mobile IPX
watchdog packet from a mobile client are that the client is off, in sleep
mode, or out of range.
Allow HR Change=[On|Off]
This command determines what IPXODI does when the current Home
Router is no longer reachable.
If you set Allow HR Change to On , IPXODI tries to sign on with the first
available Home Router, even if it is not the same as the current one.
If you set Allow HR Change to Off , IPXODI continues trying to
reestablish a connection to the Home Router to which the client is
currently attached.
If Allow HR Change is not defined, IPXODI assumes Allow HR Change
is set to Off ; if it is set to On , and the current Home Router stops
operating, IPXODI obtains a different virtual address while signing on
with a different router. Most applications available today cannot operate

103-000176-001
August 29, 2001
Novell Confidential
gracefully through the address change; as a result, connections might be

terminated.
Specifying an Alternate Board
The NET.CFG parameters described in this section enable you to specify an

alternate board to be used in the portable computer. Alternate board
parameters enable IPXODI to use a second board for mobile communications
if the primary board loses connectivity. The driver for the alternate board must
be specified in the Mobile IPX section of NET.CFG. Note that the equal sign
(=) is optional; however, it can be used to quickly find the parameter values.
IMPORTANT: The first three parameters (Alt Name , Alt Board Number , and Alt
Frame ) must all be specified; if one is missing, no alternate board setting is used.
Additionally, the frame type specified by the Alt Frame parameter must be set
under the Link Driver Heading for the desired alternate board.
Alt Name=Alternate_Driver_Name
Alt Name specifies the name of the driver supporting the alternate board.
Alt Board Number=Alternate_Board_Number
Alt Board Number specifies the Link Support LayerTM (LSLTM ) board
number of the alternate board displayed when the driver loads.
The board number of a driver changes if there is a change in the order of
MAC driver load commands. Therefore, it is important to always load the
primary driver first, followed by the alternate driver, to ensure that the Alt
Board Number parameter always refers to the alternate board.
After the MAC drivers have been loaded, you can get board numbers and
other information by entering the following command:
MAC_Driver_Name /s
This command displays information about all Open Data-Link
InterfaceTM (ODITM ) drivers currently loaded. The information you see
is similar to the following example:
The following LAN drivers are loaded in memory:
MAC driver name and version information
IRQ 5, Port 300, Mem D0000, Node Address 4096003F53 L
Max Frame 1514 bytes, Line Speed 2 Mbps
Board 1, Frame ETHERNET_II, LSB Mode
Setting Up 103

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Alt Frame=Alternate_Frame_Type
Alt Frame specifies the frame type for the alternate board (for example,
ETHERNET_802.2).
The driver loaded first in STARTNET.BAT becomes the primary driver.
If IPXODI cannot locate the alternate driver during initialization, an error
is issued and only the primary board is used. If there is no primary board
either, IPXODI issues an error and fails to load.
The drivers for both the primary and alternate boards must be loaded
before IPXODI. The driver load order is not important; however, it is
harder to determine the LSL board numbers to enter for the IPX BIND
statement or alternate board configurations if the primary driver is not
loaded first. If PCMCIA adapters are used and the card vendor's drivers
are written to support card in/card out events, or driver initialization
without the PCMCIA card inserted, the PCMCIA cards need not be
inserted into the system until network connectivity is needed.
Here is an example STARTNET.BAT file that shows the load order of the
primary driver, alternate driver, and IPXODI:
@ECHO OFF
CD NWCLIENT
LSL
NESL
primary driver
alternate driver
IPXODI /M
VLM /ps=server_name
CD \
Specifying Watchdog Protocol Operation
The NET.CFG file allows you to specify whether the SPX Watchdog protocol
will be run to validate SPX connections periodically. The one-line entry to
specify the SPX Watchdog protocol behavior follows the Heading
PROTOCOL IPX and has the following format:
SPX WATCHDOGS = ON|OFF
where ON specifies that the Watchdog protocol will be run to validate SPX
connections periodically and OFF specifies that it will not. For more

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
information on the use of the Watchdog protocol, refer to “Watchdog Packet

Spoofing” on page 30.
Example NET.CFG File
This section provides an example NET.CFG file that shows the format of
mobile client customization parameters.
LINK DRIVER Wireless
FRAME = ETHERNET_802.2
LINK DRIVER Wireless2
FRAME = ETHERNET_802.2
NETWARE DOS REQUESTER
NETWARE PROTOCOL = NDS BIND
FIRST NETWORK DRIVE = F
SHOW DOTS = ON
USE DEFAULTS = ON
VLM = AUTO.VLM
MOBILE IPX
PREFERRED HR = Home_Router_Name
ALT NAME = Wireless2
ALT BOARD NUMBER = 2
ALT FRAME = ETHERNET_802.2
PROTOCOL IPX
SPX WATCHDOGS = OFF
Configuring the MacIPX Gateway

The Novell Internet Access Server 4.1 routing software includes
MACIPXGW.LAN, a LAN driver that enables your router to operate as a
gateway between Internetwork Packet Exchange (IPX) networks and
Macintosh* clients running MacIPX® applications on AppleTalk networks.
Macintosh clients use the MacIPX gateway to exchange data with NetWare
clients and to use the resources available on IPX networks.
NOTE: MacIPX provides support for the IPX protocol on Macintosh computers. It
does not enable Macintosh users connected to the IPX network to log in to a
Setting Up 105

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
NetWare server or print documents on NetWare printers. Users and developers

must rely on NetWare for Macintosh software for NetWare file and print services.

“Configuring and Binding the Gateway Driver” on page 107
“Restricting Gateway Service to Selected Networks” on page 109
You can use the MacIPX gateway if your networks have the following
characteristics:
You have IPX and AppleTalk networks that you want to connect and these
networks are part of a LAN running NetWare 3.11 or later, or the NetWare
MultiProtocol RouterTM 2.0 software or later. The MacIPX gateway must
run on one of these networks.
Your AppleTalk networks support MacIPX clients.
One or more of the networks use only the AppleTalk protocol family to
connect Macintosh clients to the network.
From a user perspective, the MacIPX gateway is required only for Macintosh
users who select the AppleTalk icon in the MacIPX Control Panel. If all
Macintosh users select either the Ethernet or Token Ring icon, and if IPX
traffic is permitted on those networks, then you do not need a MacIPX
gateway.
MacIPX applications automatically select an IPX gateway only when the
gateway is in the zone that contains the Macintosh client running MacIPX. If
this is not the case, use the MacIPX Control Panel to configure MacIPX to
look for IPX gateways in specific zones.
You should locate a MacIPX gateway so that the amount of configuration
required by MacIPX is minimized. For example, if you have an AppleTalk
network for dial-in users that provides service for AppleTalk Remote Access
(ARA), you should ensure that a MacIPX gateway serves the AppleTalk zone
that includes the ARA network so that Macintosh clients using ARA do not
require MacIPX configuration.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Configuring and Binding the Gateway Driver

Configuring the MacIPX gateway is similar to configuring a typical LAN
board and binding a network protocol to the board.
Ensure that your router has at least 65 KB of RAM available.
Ensure that APPLETLK.NLM is loaded and configured.
Ensure that IPX packet forwarding is turned on.
Know the network number of the IPX network to which the gateway
interface is attached.
Know the number of MacIPX clients that will be served by the gateway.
To configure the MacIPX gateway, complete the following steps:
Select Configure NIAS > Protocols and Routing > Boards > Press Ins
> MACIPXGW
2 Configure the MACIPXGW driver.
2a Select Board Name and assign a name to the gateway driver.
2b Select Gateway Name and assign a name to the MacIPX gateway.
This name is used to advertise the MacIPX gateway on the
AppleTalk network. Because the name appears in the MacIPX
Control Panel, it should be one that users recognize easily.
If you do not provide a name, the MacIPX gateway uses the name of
the router on which the MacIPX gateway is installed.
2c Select Unicast Threshold and enter a value between 1 (the default
value) and 4294967295.
This parameter controls how the MacIPX gateway propagates IPX
broadcast packets to AppleTalk networks.
If you want to send IPX broadcast packets to all AppleTalk
networks with MacIPX clients, enter a number less than the
number of MacIPX clients served by the gateway.
Macintosh systems not running MacIPX applications do not
understand IPX broadcast packets and discard them. When this
Setting Up 107

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
option is used, unnecessary packets are distributed to non-MacIPX

clients on the network.
If you want to send IPX broadcast packets to each MacIPX
client, enter a number equal to or higher than the number of
MacIPX clients served by the gateway.
If the number of clients exceeds this threshold, the MacIPX gateway
starts sending broadcast packets. Using this option can increase
network traffic because a single IPX broadcast packet could become
many AppleTalk unicast packets, depending on the number of
MacIPX clients.
2d If you want to enter a note or comment about the gateway, select
Comment and enter the information.
2e Press Esc to return to the Internetworking Configuration menu; save
your changes when prompted.
3 Bind IPX to the gateway.
Binding IPX to the gateway causes the MacIPX Gateway icon to appear
in the MacIPX Control Panel.
3a Select the following parameter path:
Select Bindings > Press Ins > IPX > the MacIPX interface
3b Select IPX Network Number and enter the network number of the
IPX network to which the interface is attached.
System .

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Restricting Gateway Service to Selected Networks

The MacIPX gateway, by default, serves all AppleTalk networks that make up
the AppleTalk cloud. If you want the gateway to serve only selected
AppleTalk networks, you must use a configuration file called
MACIPXGW.DAT, which resides in SYS:SYSTEM.
You indicate the AppleTalk networks you want the gateway to serve—or not
serve—by placing commands in MACIPXGW.DAT with the following
syntax:
[exclude | include]
<net_number >[-net_number ]
. . . ]
The first line in the preceding example is a keyword that specifies the
following modes of inclusion:
exclude —Directs the MacIPX gateway to serve all AppleTalk networks
except those whose numbers are listed on the following lines.
include —Directs the MacIPX gateway to serve only networks whose
numbers are listed on the following lines; this is the default mode if no
keyword is specified.
The AppleTalk networks can appear as a number or range. You specify
additional network numbers or ranges by placing each network on its own
line. For example, a MACIPXGW.DAT file can contain the following
command:
exclude
10-20
This directs the gateway to serve all AppleTalk networks except 10-20 and
100. Alternatively, the MACIPXGW.DAT file can contain the following
command:
include
10-20
This directs the gateway to serve only AppleTalk networks 10-20 and 100,
excluding all others.
NOTE: The network numbers in these examples are AppleTalk network numbers,
not IPX network numbers.
If no MACIPXGW.DAT file is found in SYS:SYSTEM, the MacIPX gateway

serves all AppleTalk networks.
Setting Up 109

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
To restrict gateway service to selected AppleTalk networks, complete the

following steps:
1 Use a DOS ACSII text editor to create a file called MACIPXGW.DAT in
the router's SYS:SYSTEM directory.
2 Place commands in the file using the following syntax:
[exclude | include]
<net_number >[-net_number ]
. . . ]
3 Save and close the file.
4 To put your changes into effect, enter
UNLOAD MACIPXGW
REINITIALIZE SYSTEM

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
4 Managing
This chapter describes how to monitor IPXTM LAN and WAN connections
using the available router management consoles and utilities.
Using the IPXCON Utility

IPXCON is an NLM utility that provides access to statistics and information
about the status of various components of the IPX protocol. IPXCON uses
SNMP over IPX or UDP/IP to monitor remote servers, routers or network
segments.
To launch IPXCON, enter LOAD IPXCON at the system console prompt or
load NIASCFG and follow this path:
Select View Status for NIAS > Protocols and Routing > IPX Protocol Stack
You can use IPXCON to perform the following tasks:
Monitor and troubleshoot IPX routes and network segments throughout
your IPX internetwork
Display the status of any IPX router or network segment on your
internetwork
Display all paths through which IPX packets can flow
Locate all active IPX routers on your internetwork
Display operational circuits for IPX
Monitor remote routers running Novell® Internet Access Server router
software
Managing 111

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Using the IPXPING Utility on the Server

The IPXPING.NLM program enables you to check connectivity to an IPX
server on your internetwork.
The IPXPING utility sends a packet request to the target node, an IPX server
or workstation. After the target node receives the packet, it sends an IPXPING
reply packet to the system that sent the request packet.
To use IPXPING, type a command similar to the following at the server
prompt:
load ipxping
The system displays the New Target window. The fields of the New Target
window are described in Table 5.
Table 5 IPXPING New Target Window
Field Description
Network Select a target IPX server by entering its internal IPX address.
Node Select a target IPX server by entering the target node number. You must enter
both the internal IPX address and node number to select the server.
Seconds to pause Specify the number of seconds between each packet transmission.
between pings
After entering the network address, node address, and number of seconds to
pause between pings, press Esc to start sending request packets. The sending
node continues to send request packets and collect response time statistics
until you press Esc again and exit IPXPING.
Request and reply packets use the same format; each packet contains the
standard IPX header.
To select additional IPX servers, press Insert . Enter the IPX address of the
server in the Address field. Press Esc to start sending packets.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Using the IPXPING Utility on the Workstation

The program is a DOS utility that determines the time to transport IPX packets
to a specific server and back. IPXODI (or an equivalent IPX interface) must
be loaded before IPXPING can be used. The time is displayed in milliseconds
(although resolution is 1/18 second). The user can specify the number of pings
to send and the interval between sends. A summary of the high, low, and
average times is displayed when the program terminates. The program
terminates when the acknowledgment to the last ping is processed or when the
user presses Ctrl +C or Break .
Syntax
Parameters
Example
Syntax
IPXPING <netaddr> [/s=<size>] [/r=<repeat>] [/d=<delay>]
[/c=<char>]
All parameters except netaddr are optional. If no parameters or an invalid

parameter is entered, help is displayed. The parameters are case-insensitive. A
minus (-) sign can be used instead of a slash (/).
Parameters
The netaddr parameter is the internal network address of the server to ping. It
is an eight-digit hexadecimal value. The server must support the IPX ping
protocol.
The size parameter is the number of data bytes (excluding the IPX PING
header) in the ping data packet. The default size is 100 bytes. The size is
limited by the maximum packet size supported by the driver. If an invalid size
is specified, a packet overflow error occurs.
The repeat parameter is the number of times to send the ping. The default is 1.
The delay parameter is the number of seconds to delay between successive
pings. The default is 1; you can set the value to 0.
The char parameter is the character to fill the ping buffer with. The default
character is P.
Managing 113

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Example
To use IPXPING.EXE, type the following command at the DOS prompt:
ipxping 2e64afe3
The following information is displayed:

IPXPING: estimated time to send a 0.5K packet to 2E64AFE3 is
166 ms.
IPXPING: sent ping packet number 1.
IPXPING: packet 1 response received in 166 ms.
IPXPING: 1 send, 1 received, low 166 ms high 166 ms, average
166 ms.
NOTE: If you don't receive a response to the final ping, press Ctrl+C to terminate
the program. Otherwise, IPXPING will wait until it receives a response.
Using the SPFCON Utility

The SPFCON utility enables you to monitor Sequenced Packet ExchangeTM
(SPXTM ) spoofing statistics. Spoofing is the process of preserving the
transport end point connection by imitating keep alive packets and responding
to watchdog request packets without passing this traffic across on-demand
WAN links. Using SPX spoofing can help you maintain lower costs over on-
demand WAN links.
NOTE: SPX spoofing is implemented only on PPP interfaces at this time.
To launch SPFCON, enter the command load spfcon at the NetWare

console server.
Four windows make up the SPFCON user interface. The four windows are
Main Window
Interfaces Window
Connections Window
Spoofing Statistics Window

103-000176-001
August 29, 2001
Novell Confidential
Main Window
The Main Window offers two options:
Interfaces enable users to view the spoofing statistics on a per interface
basis
SPX spoofing enables users to view the spoofing statistics of all SPX
connections
Interfaces Window
The Interfaces Window displays a list of WAN interfaces. At this time, only
PPP interfaces will be included on this list. You can select either one or all
listed interfaces. When you select an interface, the Connections Window is
displayed.
Connections Window
The Connections Window displays all connections for the selected interface,
either SPX or NCP. The Connections Window shows each connection's
interface name, source node, destination node, source ID, and destination ID.
Spoofing Statistics Window

The Spoofing Statistics Window displays the SPX and NCP spoofing statistics
for a selected connection. Table 6 describes the fields on this window that
require explanation.
Table 6 Spoofing Statistics Fields
Field Meaning
Spoofing State Initial indicates that spoofing has not yet started; active indicates that spoofing
has started and is active; inactive indicates that spoofing has ended because
Remaining Spoofing Time expired.
Number of Spoofing Indicates the number of times spoofing has been started for this SPX
Started connection.
Remaining Spoofing Indicates the time remaining in this spoofing session; when this time expires,
Time the spoofing state will change to inactive.
Sequence Numbers Shows the sent and received sequence number.
Managing 115

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Field Meaning
Acknowledge Numbers Shows the sent and received acknowledge number.
Allocation Numbers Shows the sent and received allocation number.
Spoofing packets Shows the number of packets spoofed.
Keep Alive Packets Shows the number of keep-alive packets dropped during this active spoof
Dropped session.
NOTE: In the spoofing statistics fields, Sequence Numbers, Acknowledge

Numbers, Allocation Numbers, and Keep Alive Packets Dropped don't apply for
NCPTM.
Viewing NetWare IPX Configuration Information

To see how Internetwork Packet ExchangeTM (IPXTM ) is configured, load
IPXCON and select the following options:
IPX Router Information—To view whether the RIP, SAP, and NetWare
Link Services ProtocolTM (NLSPTM ) protocols are configured for this
router.
NLSP Information—To view NLSP configuration for the system and the
NLSP network.
Circuits—To view the IPX circuits configured for the router.
Determining Whether a Remote IPX Router Is Reachable

To determine whether a remote router is reachable, you can run an IPX Echo
test. To run an Echo test, load IPXPING and perform the following steps:
1 Specify the target router address in the Network field.
2 Specify the target router node number in the Node field.
3 Specify the number of seconds between each transmission in the Seconds
to pause between pings field.
4 Press Esc to begin transmitting.
IMPORTANT: To run the IPX Echo test, both the machine originating the echo
packets and the machine responding to the echo packets must support IPXPING.
To support IPXPING, both machines must have IPXRTR.NLM, which is included in
NetWare 4.1 software and Novell Internet Access Server 4.1 software.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Determining Which IPX Services Are Reachable

If you want to know whether a specific IPX service is available, you need to
find out which IPX services are reachable. To determine the services available
to a router, load IPXCON and follow this path:
Select Services > service you want to reach to get information about
If a service is visible, it is reachable. If you want to see information about a
service, select the service and press Enter. The Service Information window
displays Name, Type, Network Number, Node, Socket, and additional path
information for NLSP systems under the selection Destination Information.
Checking an IPX Network for Inactive Routers

You can use IPXCON to identify routers on your network that are inactive—
that is, not routing—for some reason. This information can often help you
locate a defective network interface. To check your network for inactive
routers, load IPXCON and follow this path:
Select NLSP Information > Routers
IPXCON lists the NLSP routers known to the system you are monitoring.
Any router labeled Unreachable might either be down or have a defective
network interface. This labeling might also indicate that some other router in
the path has one of these problems.
Any router labeled Overloaded has run out of memory and can no longer
process NLSP routing information.
Routers not labeled Unreachable or Overloaded are operating properly.
Checking the IPX Routing Table

To check the IPX routing table and information associated with each route,
load IPXCON and follow this path:
Select Forwarding > Display entire forwarding table
The Forwarding Table window shows you all known IPX destination
networks. The list shows the following information about each item:
Network number of the destination
Routing protocol through which the destination was learned
Managing 117

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
First hop circuit to the destination

Name of the destination
The Destination Information window expands on this by showing information
about the Next Hop (Name, Circuit, NIC Address), and by giving access to the
services on the destination router that are available to the current router.
If the destination is an NLSP destination, you can determine potential paths to
the destination by selecting Potential Paths.
Checking an IPX Network for Duplicate Network

Numbers
Each external network number that identifies a LAN on your IPX network
must be unique. Incorrect configurations and other problems can cause two
LANs to have the same external network number.
One way in which this can occur is when a bridge connecting two LAN
segments fails—a condition known as a split LAN . When the bridge fails,
each segment becomes a separate LAN but retains the same network number.
As a result, routers forwarding packets to that network number see two
destinations and simply choose the nearest one.
To check your network for duplicate network numbers, load IPXCON and
follow this path:
Select NLSP Information > LANs
The LANs are listed in numeric order by network number. To look for
duplicate network numbers, scroll through the list of LANs.
Checking an IPX Network for Duplicate System IDs

To check your network for duplicate system IDs, load IPXCON, select a
system, and select the following path:
Select NLSP Information > System Information > field associated with
Detailed NLSP System Information
Check the numbers associated with Sequence Number Skips; if the number is
increasing, two or more NLSP routers on your network have the same system
ID.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Determining Where NLSP Is Running in Your Network

If you have migrated your network to NLSP, you can identify which LANs on
your IPX network are using NLSP or RIP—or both—as the routing protocol.
If you partitioned your IPX network into routing areas, note the following
points:
The procedure in this section shows only the LANs and NLSP routers that
are within the same routing area as the system you are currently
monitoring.
RIP should be running only on the routers at area boundaries.
To find LANs on which NLSP or RIP is running, load IPXCON, select a
system, and follow this path:
Select NLSP Information > LANs
The Known LANs window displays the following information about each
NetWare LAN of which the local system is aware:
Network Number— External network number of the LAN
Throughput— Number of Mbps reported by the LAN board
Delay— Time, in microseconds, required for packets to reach the LAN
If NLSP is importing RIP routes to a LAN, the entry is labeled RIP Active. If
the entry is labeled Unreachable, the LAN is no longer accessible from the
local system. If there is no label, then NLSP is the only routing protocol
running on the LAN and the LAN is reachable.
You can select one of the LANs to see which NLSP routers are on it.
Finding NLSP Routers with Insufficient Memory

To check your network for routers that have run out of memory, load IPXCON
and follow this path:
Select NLSP Information > Routers
If a router does not have enough memory to process routing information, the
entry is labeled Overloaded.
Managing 119

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
You can also select System Information and check the following information:
Level 1 Overloaded—It should read No. If it reads Yes, the router does
not have enough memory to process routing information.
Detailed NLSP System Information—The Level 1 Database Overloads
field indicates how many times the router has run out of memory.
Finding the Designated Router on a LAN

The Designated Router is an NLSP router elected by its peers to represent and
keep track of the connectivity of its LAN. The Designated Router handles
exchanges of link state information on behalf of all other NLSP routers on the
LAN. Only broadcast (LAN) circuits have Designated Routers.
To find the NLSP Level 1 Designated Router on a LAN, load IPXCON, select
a system, and follow this path:
Select Circuits > a broadcast circuit
The Circuit Information window appears and displays the name, type, and
state of each circuit.
The Circuit Information window displays, among other information, the name
of the Designated Router and the external network number of the LAN it
represents.
To see more information about the Designated Router, complete the following
steps:
1 Record the name of the Designated Router.
2 Press Esc until you return to the Available Options window.
3 Select SNMP Access Configuration.
4 Select IPX as the Transport protocol.
5 Type the name of the Designated Router in the Host Address field, then
press Enter .
6 Press Esc to return to the Available Options window.
In a few moments, IPXCON begins displaying statistics for the Designated

Router.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Monitoring Error Counters

Error counters are monitored to make sure they are not increasing rapidly,
because a rapid increase indicates a problem. For information about
troubleshooting these problems, refer to Chapter 5, “Troubleshooting,” on
page 125. You can monitor error counters for IPX interfaces in the following
ways:
By using MONITOR to view counters such as Checksum Errors, Send
and Receive Packet Errors, and interface-specific errors. To view these
counters, load MONITOR and follow this path:
Select LAN/WAN Information > interface you want to view
By using PPPCON for WAN connections to view the following PPP
counters:
Bad Address Fields
Bad Control Fields
Bad FCS Values
Packets Too Long
To view these counters, load PPPCON and follow this path:
Select PPP Interfaces > interface you want to view > PPP Error Statistics
By using IPXCON to view the following IPX counters:
Too Many Hops
Header Errors
Unknown Sockets
Decompression Errors
Malformed Requests
Compression Errors
Open Socket Failures
Maximum Sockets
To view these counters, load IPXCON and follow this path:
Select IPX Information > Detailed IPX Information
Managing 121

103-000176-001
August 29, 2001
Novell Confidential
Viewing the MacIPX Gateway Configuration

To view information about the configuration and operation of a MacIPX®
gateway, enter the following command at the server prompt:
LOAD MACIPXGW SHOW=YES
This command does not reload the MacIPX gateway, but instead displays
information about the MacIPX gateway and the AppleTalk networks that it
serves, as in the following example:
MACIPXGW:
Unicast threshold set at 1.
AppleTalk nets this gateway is configured to serve:
10-20 111 2222-2223 3333-3335
AppleTalk nodes registered for IPX broadcasts:
IPX node: 0xffffffffffff
Socket: 0x452
10.238 1501.138 1502.168
Socket: 0x453
The information in the preceding example includes the following items:

The unicast threshold
The network numbers of all AppleTalk networks served by this gateway
All AppleTalk nodes currently registered with the MacIPX gateway for
broadcasts and identified by the IPX socket
Viewing MacIPX Gateway Statistics

To view MacIPX gateway statistics, load MONITOR and select the following
parameter path:
Select LAN/WAN Information > MACIPXGW
A screen displays the statistics explained in Table 7 on page 123.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Table 7 MacIPX Gateway Custom Statistics
Statistic Explanation
Received Tickle Packets Number of tickle packets sent by MacIPX clients served by the gateway.
MacIPX clients send tickle packets to the MacIPX gateway; the gateway
sends IPX broadcast packets back to the clients.
IPX Broadcast Requests from Number of IPX broadcast packets sent to the MacIPX gateway by the
IPX Stack IPX stack in the NetWare server +79595or Novell router.
IPX Broadcast Requests from Number of IPX broadcast packets sent to the MacIPX gateway by the
MacIPX Clients MacIPX clients that the MacIPX gateway is servicing.
DDP Packets Broadcasted for Number of AppleTalk packets sent out as broadcast packets carrying
IPX Broadcasts IPX broadcast packets.
DDP Packets Unicasted for IPX Number of AppleTalk packets sent out as unicast packets carrying IPX
Broadcasts broadcast packets.
Received DDP Packets with Number of AppleTalk packets received by the gateway that include
Unknown Options unrecognized encapsulation demultiplexing options. This indicates
corrupted packets or incompatible client software. Ensure that your
network cabling is working correctly and that software on the Macintosh
clients is compatible with this version of the MacIPX gateway.
Received DDP Packets with Number of AppleTalk packets received by the gateway that include an
Wrong Type incorrect AppleTalk packet type. This indicates the presence of
corrupted packets or incompatible client software. Ensure that your
network cabling is working correctly and that software on the Macintosh
clients is compatible with this version of the MacIPX gateway.
Received Service Requests Number of requests received by the gateway to provide service to
MacIPX clients.
Transmitted Service Grants Number of times the gateway granted service to MacIPX clients.
Transmitted Service Refusals Number of times the gateway refused service to MacIPX clients.
Memory Allocation Failure Number of times the gateway could not allocate memory. You might
need to add memory to the NetWare server or Novell router to fix this
problem.
Managing 123

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
5 Troubleshooting
This section dicusses IPX troubleshooting information that is divided into four
categories:
Troubleshooting tools
Configuration tips
Troubleshooting checkpoints
Common problems
If a problem that is general in nature occurs, the procedure described in
“Troubleshooting Checkpoints” on page 127 will help you isolate and resolve
the problem. If a problem with a specific symptom occurs, refer to “Common
Problems” on page 131.
Troubleshooting Tools
The IPX-specific troubleshooting tools are explained in the following
sections:
“IPXCON” on page 125
“System Console Commands” on page 126
IPXCON
IPXCON is a NetWare® Loadable ModuleTM (NLMTM) utility that provides
access to statistics and information about the status of various components of
the IPXTM protocol. It uses SNMP to access this information from any local or
remote system on the network. IPXCON operates over IPX and TCP/IP
networks, and uses the User Datagram Protocol (UDP) to run over the
Troubleshooting 125

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
networks. For more information on IPXCON, refer to Chapter 4, “Managing,”

on page 111.
Enter LOAD IPXCON at the system console prompt. You can use IPXCON
to perform the following tasks:
Monitor and troubleshoot IPX routes and network segments throughout
your IPX internetwork
Display the status of any IPX router or network segment on your
internetwork
Display all paths through which IPX packets can flow
Locate all active IPX routers on your internetwork
Display operational circuits for IPX
Monitor remote routers running the Novell Internet Access Server 4.1
routing software
System Console Commands

Specific commands are available from the system console prompt that prove
useful in troubleshooting IPX connection problems. The following commands
are examples:
DISPLAY SERVERS
This command lists all known NetWare server names and the number of
hops (IPX routers that must be crossed) to reach each server. This
information is similar to the information shown in the IPXCON
forwarding table, but it is less comprehensive than IPXCON.
DISPLAY NETWORKS
This command shows the IPX network number, the number of hops
needed to reach the network, and the estimated time, in ticks (1/18 of a
second), for a packet to reach a network. The number of known networks
is shown at the end of the list. For NetWare servers, both the internal IPX
network numbers and the cabling network numbers are displayed. This
information is similar to the information shown in the IPXCON services
table, but it is less comprehensive than IPXCON.
RESET ROUTERS
This command resets the IPX routing table in the file server if the table
has become inaccurate or corrupted.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
TRACK ON
This command displays three types of RIP and SAP information: Server,
Network, and Connection Requests. This information is formatted
according to whether the router/server is receiving the information (IN),
broadcasting the information (OUT), or receiving a connection request.
Refer to Utilities Reference for more details.
Configuration Tips
We recommend the following guidelines for configuring IPX:
Each server and router in the entire internetwork must have a unique
internal internetwork number.
Each LAN in the entire internetwork must have a unique IPX network
number, even if you have configured a PPP unnumbered WAN link that
connects two LANs.
Each WAN in the entire internetwork must have a unique internal
internetwork number.
Observe the procedures described in the following sections when you are
configuring IPX or NLSP for the Novell Internet Access Server 4.1 routing
software:
“IPX Checkpoints” on page 127
“NLSP Checkpoints” on page 131
IPX Checkpoints
To isolate and resolve problems with IPX, complete the following steps:
1 Verify that workstations can connect to all desired servers.
If a problem with LAN connectivity occurs, refer to “IPX Connectivity
Problems (Duplicate ID or Network Number)” on page 129. If you are
using the NetWare Mobile IPXTM software, refer to “NetWare Mobile
IPX Client Loses Connectivity to the Server” on page 151.
2 Verify that the IPX network number is different for each LAN across a
WAN link.
Troubleshooting 127

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
IMPORTANT: Each LAN segment must have a unique IPX network number. It is
a common error to incorrectly use the same IPX network number on each side of
an unnumbered PPP or WAN link.
3 Verify that all servers and routers in the entire internetwork have unique
internal network numbers.
In addition, each network segment has a unique network number, and all
servers and routers on the same segment must have their interfaces
configured with the same IPX network number.
3a Look at the routing table in IPXCON on any NetWare Link Services
ProtocolTM (NLSPTM ) system in the suspected area (parameter path:
Select NLSP Information > Routers).
Determine whether there are routers that appear and disappear from
the table (these routers might also become unreachable for brief
periods of time). Then establish a remote connection with
RCONSOLE and check for any error messages indicating duplicate
internal network numbers.
Typically, if you can log in to a server, but cannot establish a
connection to the same server using RCONSOLE, then the server is
configured with a duplicate IPX address.
3b Enable SAP on one of the interfaces in a router in the NLSP area.
Between SAP periodic updates, you should see two routers (or more,
if more than one router has the same internal network number) being
listed as unreachable and then reachable. This should occur every 5
to 10 seconds.
4 After you have identified the NLSP systems with the problem, load
IPXCON to determine to which networks the servers or routers are
connected (parameter path: Select NLSP Information > Routers).
5 Select the NLSP router that is the source of the problem. You might need
to select the router several times because its connectivity is intermittent.
If the router is a Novell router, then the internal network number is
probably a duplicate.
6 Change one of the router's internal network numbers and restart the
system.
7 For WAN links, verify that third-party routers use IPXWANTM software
(RFC 1362, 1551, or 1634).

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
To establish an IPX connection to third-party routers over a WAN, the

third-party routers must support IPXWAN; otherwise, problems with
initiating, maintaining, or terminating the IPX connection occur.
8 Verify that the IPX network number is different for each WAN link unless
an unnumbered RIP is used (in which case, the IPX network number is
zero).
IPX Connectivity Problems (Duplicate ID or Network Number)

To isolate and resolve IPX connectivity problems, complete the following
steps:
1 Find the server or router that is connected to the same segment as the
workstation.
If more than one server or router connects the workstation to the network,
look at each system to determine if it has proper connectivity. If the
system with which you are communicating is a server, then use that
system.
2 Check the forwarding table on both systems.
2a If you are on the server or router representing network A, then find
network B in the forwarding table. Load IPXCON (parameter path:
Select Forwarding > Display entire forwarding table).
2b If network B is not displayed in the table, then exit and enter the
forwarding table until it appears.
2c If network B still does not appear in the table, probably a router in the
path either is malfunctioning or has a duplicate system ID.
2d If the route shows up intermittently, then probably a router in the path
has a duplicate system ID.
2e If the route shows up consistently, then look at the route and select
Potential Paths by selecting the network on the Forwarding Table
menu.
3 Make sure that the potential path leads to the correct network by looking
at the intermediate routers.
If a duplicate network number exists, you can determine the location of
the duplicate number from this window.
3a If all the routers in the path seem to be correctly configured, then
write down the addresses of all the LANs and routers in the path.
Troubleshooting 129

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
3b Use IPXPING to check all routers or servers in the end-to-end path

(do this from one side only). Also, check the end points.
If connectivity is occurring from a workstation, make sure that the
workstation can log in to the first server or router in the path or that
it has access through the router in question.
If the connectivity loss is only temporary (for example, you
occasionally get abort retries on the workstation), then let IPXPING
run for several minutes. Check for packet loss during this time, then
examine the router at which packet loss occurred.
It is also possible that a router is malfunctioning in the end-to-end
path. Usually, IPXPING can help you determine where the fault is
occurring.
3c Once you have found the router that has the problem, check its
potential paths.
All downstream routes from the first router to the router that has the
problem should also be potential paths on this router. If this is not the
case and the router does not quickly acquire the downstream routes,
then the system probably has a software error in it. Contact the router
manufacturer's technical support for further assistance. To help
minimize problems like this, you should purchase only NLSP-
certified routers.
4 If connectivity loss occurs outside an NLSP area, check each router in the
end-to-end path for an external RIP route.
RIP can be used between NLSP areas. Therefore, it is necessary to check
the end-to-end path in a more tedious way, as follows:
4a Find the next-hop router from each of the servers.
4b Look at that system's forwarding database.
4c Find the next-hop router from that system, and so on, until you have
found where the route leads. Do the same from the other side of the
path as well.
This process is difficult with the current implementation of RIP and
SNMP for Novell, because RIP shows only the next-hop LAN and
Network Interface Card (NIC) address (over LANs) instead of the
internal network number of the system. SNMP cannot receive
packets that are addressed to a NIC; the packets must be addressed to
the internal network number. You must work backward, first finding
all routers attached to the LAN, and then finding the receiving LAN

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
card on each router. One of the routers you should start with is the
next-hop router. Repeat these steps until you find the destination
network number. If you do not find a duplicate network number in
either direction, check each link in the path for errors.
NLSP Checkpoints
To isolate and resolve problems with NLSP, complete the following steps:
1 Determine connectivity.
Verify that all neighbors are displayed under the NLSP Neighbors
option in IPXCON. This will determine whether there is local
connectivity.
Verify that there are sufficient potential paths within each area.
Verify that all LANs are listed in the NLSP LANs table in IPXCON.
Verify that all NLSP routers are listed in the NLSP Routers table in
IPXCON.
2 Determine whether RIP is active.
Verify that the NLSP LANs window indicates that RIP packets are
being absorbed.
Verify that the Circuits table indicates the state of any system.
Common Problems
This topic discusses the following common problems and their potential
solutions:
Login Times Out (page 132)
Load Balancing over IPX Is Not Working (page 133)
Only One IPX Packet Is Sent and Received (page 133)
IPXCON Counters Are Increasing (Duplicate ID or Network Number)
(page 133)
Error Messages Are Displayed (Duplicate ID or Network Number) (page
134)
NLSP Decision Process Is Running Frequently (Duplicate System ID)
(page 135)
Troubleshooting 131

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Other Router Names Are Not Displayed (page 135)

System Frequently Appears and Disappears on the LAN (page 135)
Multiple Systems on a LAN Become Unreachable Intermittently (page
138)
Connectivity Across a Point-to-Point Link Has Been Lost (page 139)
An NLSP Server on a LAN Cannot Be Accessed (page 140)
LAN Is Partitioned (page 141)
No Communication Occurs between Two Networks (page 142)
Services Are Inaccessible in the Area (page 143)
Number of Routes and Services on a System Shows Local Connectivity
Only (page 144)
Services or Routes are Fluctuating Excessively (page 145)
Heavy Network-Layer Traffic Occurs on a Point-to-Point Link (page
146)
Applications Perform Poorly (page 147)
CALLMGR Shows an IPX Circuit but IPXCON Does Not (page 149)
Single System Is Entering an Overloaded State (page 149)
Many Systems Are Entering an Overloaded State (page 149)
Connectivity Is Lost on Only One LAN (page 150)
NetWare Mobile IPX Client Loses Connectivity to the Server (page 151)
Re-establishing the Connection (page 151)
Login Times Out

The remote IPX LAN number might have a static route on the dial-in side.
Load STATICON and select Dynamically Configure Static Routing Tables to
dynamically configure local and remote routing tables. To initiate dynamic
configuration with a remote router, the call to that router must be Connected.
Press Ins to use the Make Call option to attempt to make a call to a currently
Not Connected WAN destination.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Load Balancing over IPX Is Not Working

Add the following line to the workstation's AUTOEXEC.BAT file:
Set loadbalance local lan = on
Verify that the router is configured to use NLSP compatible with RIP/SAP. Set
maximum path splits to 8.
Only One IPX Packet Is Sent and Received

If only one IPX packet is sent and received each time the routing software
attempts to establish a connection, decrease the user data size value so that it
is equal to or less than the size used by the frame relay switch. Also, ensure
that the user data size is equal to or less than the physical receive packet size.
IPXCON Counters Are Increasing (Duplicate ID or Network Number)

The Link State Packets (LSPs) Received counter in IPXCON is
increasing (parameter path: Select NLSP Information > System
Information > Detailed NLSP System Information).
Two NetWare servers or routers have conflicting internal network
numbers and both systems are in the same NLSP area, resulting in a
duplicate NLSP system ID. A number of activities occur when this
situation exists. If router A and router B have the same system ID, both
routers attempt to assert that they own the system ID. First, router A
issues LSPs that supersede router B's LSPs and purges any LSPs of router
B that it does not have. Then, router B does the same to router A. It is
possible that this increases the amount of LSP traffic in the network
considerably, particularly if either router A or router B has many LSPs
(for example, if either router is importing many routes and services).
Change the internal network number of one of the conflicting systems, or
remove one of the systems from the network immediately. For
information about how to find the node that is causing the problem, refer
to “IPX Connectivity Problems (Duplicate ID or Network Number)” on
page 129.
The Sequence Number Skips counter in IPXCON is increasing on both
routers (parameter path: Select NLSP Information > System Information
> Detailed NLSP System Information).
It is normal for a system to have some sequence number skips, but the
Sequence Number Skips value should not increase after the first five
Troubleshooting 133

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
minutes of a router's operation, unless there is a duplicate NLSP system

ID.
information about how to find the node that is causing the problem, refer
to “IPX Connectivity Problems (Duplicate ID or Network Number)” on
page 129.
The Own LSP Purges counter in IPXCON (parameter path: Select NLSP
Information > System Information > Detailed NLSP System Information)
is increasing on both routers.
There is a duplicate NLSP system ID, and many systems have fluctuating
counts of routes and services because the services available through one
or the other router become unreachable. If one of the systems in question
can route, then all systems in the network are running the NLSP decision
process frequently.
information about how to find the malfunctioning node, refer to “IPX
Connectivity Problems (Duplicate ID or Network Number)” on page 129.
Error Messages Are Displayed (Duplicate ID or Network Number)

The console displays the following message:
Router name has the same internal network number of number
but a system ID of system_ID .
A duplicate internal network number has resulted in a duplicate system
ID.
The console displays the following message:
LSP graph inconsistency detected in stored LSP from system
name length number . There has been a memory corruption
or software error.
Cause 1 —Errant application is corrupting the NLSP graph or LSP
database.
Contact technical support.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Cause 2 —NLSP has a software error that is either corrupting the graph
or causing the graph to be represented incorrectly.
NLSP Decision Process Is Running Frequently (Duplicate System ID)

The NLSP decision process is running frequently.
To observe this symptom, obtain access to a NetWare server or router running
NLSP in the network and enter SET ISUL DEBUG=256 at the system
console prompt. Every time the decision process runs, an entry is displayed at
the system console. If the decision process runs at least every 30 seconds,
there might be a duplicate system ID.
remove one of the systems from the network immediately. For information
about how to find the malfunctioning node, refer to “IPX Connectivity
Problems (Duplicate ID or Network Number)” on page 129.
Other Router Names Are Not Displayed

If other router names do not display when the DISPLAY SERVERS command
is used, the NLSP Local Area Addresses might be different. Load NIASCFG
and select Configure NIAS > Protocols and Routing > Network Interfaces >
IPX > IPX Expert Configuration option to set the IPX network number and
area mask to zeros.
System Frequently Appears and Disappears on the LAN

A system frequently appears and disappears on the LAN.
Cause 1 .—System is not transmitting its packets to the Designated Router
properly.
At the Designated Router, check the Neighbor State Changes option in
IPXCON (parameter path: Select Circuits > a specific circuit > Detailed
Circuit Information) and monitor it for the circuit (LAN).
If the number is increasing but there are no new systems on the network
and systems are not being bound and unbound or restarted, then a local
connectivity problem probably exists.
Troubleshooting 135

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
After you have determined that there is a local connectivity problem,

check whether there are any systems in the Initializing state in IPXCON
(parameter path: Select NLSP Information > Neighbors). You might need
to exit and enter the Neighbors window several times over several
minutes. Also check for any systems that do not have names associated
with them. Any system without a name has not transmitted its LSP to the
Designated Router.
If you find any system that enters the Initializing state, then you have
identified a connectivity problem between that system and the Designated
Router. If you have not identified any such system, then it is still possible
for a router to lose connectivity occasionally. Select the entry in the NLSP
Neighbor table of the router that does not have connectivity (parameter
path: Select NLSP Information > Neighbors). There is an initial holding
time for the system. By default, every system sends a Hello packet on a
LAN every 15 to 20 seconds. You can see whether the Designated Router
is receiving all the Hello packets from the system by comparing the
packets sent to the packets received.
If you still cannot determine the problem with the system, and if you have
the routing software located on the LAN, then load IPXPING at the
console prompt. Set the PING send rate to zero and check to determine
whether packets are being dropped. A packet dropped every once in a
while should not cause concern; however, if more than 1 percent of the
packets are dropped, there is a problem with the router or server. The
problem could be caused by the software or hardware. To determine
whether there is a problem with the software, restart the PC. If the
problem continues, install a new interface board.
Check connectivity between the Designated Router and another system.
The Designated Router might be dropping packets or be the source of the
problem.
Cause 2 —Problem with the underlying media.
Look at LAN/WAN information in MONITOR and check for errors. Errors
are specific to the media; therefore, press F1 (for online help) to see what
different errors mean. Most errors indicate that there is a problem with the
server's or router's network interface board. These errors could be caused by
the software or hardware. To determine whether there is a problem with the
software, restart the PC. If the problem continues, install a new interface
board.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Cause 3 —System misconfiguration.

By default, NLSP timers are set so that a system becomes unreachable when
three packets are dropped. Look at the system's configuration to ensure that
this setting has been used.
Cause 4 —One or both of the systems are dropping packets.
Check the interface boards to determine whether packets are being dropped
because of insufficient Event Control Blocks (ECBs). Increasing the
maximum number of physical receive packets might help stop the system
from dropping packets. To reach this option load install, select NCF file
options > edit startup.ncf. Increase the maximum number of physical receive
packets to at least 1524. However, the system might be incapable of handling
the system load. In this case, increase the processor power of the system that
is dropping packets, or reduce the load on the server by either removing NLM
files or decreasing the number of users on the system. You can determine
whether the system is using too much CPU processing power by using
MONITOR and viewing utilization.
Cause 5 —NLM on the server is not relinquishing control of the CPU
frequently enough.
This is a rare occurrence. To determine whether this is occurring, select
Performance in MONITOR. Look for processes that exceed many millions of
cycles per iteration. You can also determine that an NLM is malfunctioning by
removing the NLM from the server and observing whether the problem is
resolved.
Cause 6 —Internal error in NLSP.
If you have exhausted all other possibilities, you should document your
system configuration, number of users, and error frequency and send a copy
of the system configuration (SYS: SYSTEM\CONFIG.TXT), including the
NLSP configuration file (usually located in \ETC\NLSP.CFG), to technical
support.
Troubleshooting 137

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Multiple Systems on a LAN Become Unreachable Intermittently

If multiple systems on a LAN become unreachable intermittently, the
Designated Router might be the source of the problem.
Cause 1 —Designated Router does not have enough system memory to
represent the LAN.
To determine whether this is the case, you can check whether the Designated
Router is overloaded when the problem occurs or whether it has been
overloaded in the past. Check the Level 1 Data Base Overloads statistic in
IPXCON (parameter path: Select NLSP Information > System Information >
Detailed NLSP System Information). If the Designated Router does not have
sufficient memory to represent the LAN, then the LAN loses connectivity as
new systems are added. You must then select another system on the network
to become the Designated Router by increasing its priority in NIASCFG and
issuing the REINITIALIZE SYSTEM command. In addition, you must add
memory to the system that was overloaded. You might also want to check
whether other systems in the network are overloaded. Refer to “Many Systems
Are Entering an Overloaded State.”
Cause 2 —Designated Router or some other system on the LAN is causing the
network outage. Another system can cause this problem by electing itself as
the Designated Router on the LAN.
A single malfunctioning system on a LAN might be causing all systems on the
LAN to become unreachable intermittently. Using IPXCON, check the
Designated Router Changes counter for all systems on the LAN (parameter
path: Select Circuits > a specific circuit > Detailed Circuit Information). If a
single system has a large value displayed in the Designated Router Changes
counter, the system probably has connectivity problems with other systems on
the LAN. Check whether the counter increases over time. If the Designated
Router is not being restarted or unbound from a LAN, the counter should not
increase. If the Designated Router Changes counters of all systems on the
LAN are increasing, the system that should be the Designated Router probably
has a connectivity problem. To determine whether the problem is particular to
the system or to the network itself, remove the system from the LAN or
decrease its Designated Router priority.
Cause 3 —Two systems are contending to be the Designated Router for the
LAN.
In this case, the Own LSP Purges counter increases (parameter path: Select
NLSP Information > System Information > Detailed NLSP System

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Information). However, unless you are using ARCnet* or some other media
that does not have IEEE addresses, only one system has the highest priority on
the LAN (the MAC address is used as a tie breaker and IEEE addresses are
unique). If necessary, change the priority on one of the contending routers.
Connectivity Across a Point-to-Point Link Has Been Lost

You cannot bring up an IPX point-to-point link, but IP is working.
Cause 1 —System on the other end of the link does not support IPXWAN, or
IPXWAN is not supported over the media that you use.
Contact the router manufacturer to verify that its product supports IPXWAN.
Cause 2 —Link has excessive errors.
Cause 3 —One of the IPXWAN implementations has an error.
Load MONITOR and view LAN/WAN Information under a specific NIC or
LAN adapter. Determine whether the link has excessive errors by viewing
discrepancies in packet error counts.
Issue the SET ISLL DEBUG=ON command and capture the IPXWAN
exchanges. Contact the manufacturer of the router that appears to be in
violation of the IPXWAN specification.
Cause 4 —Link has excessive errors.
Load MONITOR and view LAN/WAN Information under a specific NIC or
LAN adapter. Determine whether the link has excessive errors by viewing
discrepancies in packet error counts.
Cause 5 —Timers are misconfigured, causing the link to drop packets.
(Typically, the defaults are used for PPP.)
Check in MONITOR under Driver Statistics to determine whether this is the
cause. Set the timers so that the values match those set on the remote node.
Cause 6 —System is limited by the amount of memory or by the capacity of
the CPU or bus.
Load MONITOR and view memory utilization to determine if the capacity of
the CPU or memory is limiting the function.
Cause 7 —Link itself is corrupting data.
Troubleshooting 139

103-000176-001
August 29, 2001
Novell Confidential
If the link is corrupting data, the corrupt LSPs statistic increases. To check
this, load IPXCON (parameter path: Select NLSP Information > System
Information > Detailed NLSP System Information). Even a single corrupt LSP
indicates a serious problem because LSPs are transmitted infrequently. Note
that this counter is a global counter and it is possible that some other media is
corrupting the data link.
An NLSP Server on a LAN Cannot Be Accessed

You cannot access a server on the LAN.
Cause 1 —Area address is set to the wrong value.
In this case, the number of destinations (known networks and services)
implies local connectivity only. Also, the Initialization Failures statistic in
IPXCON increases (parameter path: Select Circuits > Detailed Circuit
Information). If you have configured area addresses, make sure that all
systems that should be in communication have the same area addresses.
It is acceptable for systems to have different addresses, if that is the
desired configuration.
Cause 2 —RIP is not enabled.
If you are running multiple areas on a LAN and are using RIP to
interconnect the systems, verify that RIP is enabled on those servers that
are interconnecting areas. Load NIASCFG and select Configure NIAS >
Protocol and Routing > Bindings > IPX Binding > Expert Bind Options
> RIP Bind Options > RIP State. If the RIP State is set to Auto in
NIASCFG, there is a small chance that RIP will fail. To avoid having RIP
fail, set RIP State to On.
Cause 3 —Hub or bridge has failed.
Use IPXPING to check whether there is data-link connectivity.
Cause 4 —LAN board driver does not support multicast, even though the
driver's documentation claims that it does.
Use a driver that supports multicast or set the MAC Channel option to
Broadcast (parameter path: Select Bindings > a specific binding > Expert
Bind Options > NLSP Bind Options).
Cause 5 —LAN board has failed. This system does not see other systems
on a LAN, or it does not have any adjacencies in the Up state. However,
it declares itself as being attached to the LAN.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
In IPXCON, look for a system that is in the Initializing state. If a system

on the LAN appears in the Initializing state on all other systems but has
no neighbors itself, then the system can send but not receive. Check that
system, particularly if it is the Designated Router. Use IPXPING to help
determine the actual source of the problem. An interface board with a
conflicting interrupt is a common source of this problem.
Cause 6 —System is declaring itself the owner of the LAN, even though
it is not the owner.
Reinitialize the system.
Cause 7 —LAN has become partitioned temporarily during normal
NLSP operation. This should occur only during an NLSP system's
startup, and the error should be corrected within a few minutes.
Verify that the condition does not persist. If it does, check for a hardware
problem or an NLSP software incompatibility with other systems.
Clients running UnixWare software, OS/2 Named Pipes, and NetWare/
IPTM software have problems with connectivity.
The systems are not properly configured. Refer to Chapter 1,
“Understanding,” on page 11 and Chapter 3, “Setting Up,” on page 51 for
information about the solution.
LAN Is Partitioned
A LAN is partitioned when there are duplicate LANs or one of the LANs is
declared unreachable in IPXCON (parameter path: Select NLSP Information
> LANs).
Cause 1 —A hub or bridge has failed.
Use IPXPING to check whether there is data-link connectivity.
Cause 2 —LAN board has failed. This system does not see other systems on
a LAN, or it does not have any adjacencies in the Up state. However, it
declares itself as being attached to the LAN.
In IPXCON, look for a system that is in the Initializing state (parameter path:
Select NLSP Information > Neighbors). If a system on the LAN appears in the
Initializing state on all other systems but has no neighbors itself, then the
system can send but not receive. Check that system, particularly if it is the
Designated Router. Use IPXPING to help determine the actual source of the
problem.
Troubleshooting 141

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Cause 3 —System is declaring itself the owner of the LAN, even though it is
not the owner.
Reinitialize the system.
Cause 4 —LAN has become partitioned temporarily during normal NLSP
operation. This should occur only during an NLSP system's startup, and the
error should be corrected within a few minutes.
Verify that the condition does not persist. If it does, check for a hardware
problem or for NLSP software incompatibility with other systems.
No Communication Occurs between Two Networks

Connectivity is lost because a router is missing required routes. This
router's table is not consistent with the routing tables of other routers.
The router has not converged because it is configured for multicast and
the driver does not support multicast, even though the driver's
documentation claims that it does. Set the MAC Channel option to
Broadcast (parameter path: Select Bindings > a specific binding > Expert
Bind Options > NLSP Bind Options).
A workstation cannot communicate with a server on a different
connecting LAN, but other systems on the LAN can communicate.
Cause 1 —Physical problem on the workstation (for example, a broken
LAN card).
Replace the malfunctioning hardware.
Cause 2 —Packet filter that is discarding the system's packets has been
implemented somewhere in the network.
Check each intervening router and correct the filter configurations.
A server cannot communicate with another server on a different
connecting LAN, but other systems on the LAN can communicate.
Cause 1 —Server is misconfigured.
Correct the server's configuration and make sure that it has connectivity
by verifying that it has the routes and services typical for your network.
Cause 2 —Connectivity exists, but it is so poor that the transports above
IPX cannot maintain connectivity.
Set up an IPXPING test between the two systems. If the rate of dropped
packets is high, the connectivity problem is probably caused by a

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
malfunctioning link between the two networks. To determine which link

has the problem, refer to “Applications Perform Poorly” on page 147.
Cause 3 —There is a duplicate network number. This can cause a
duplicate system ID, provided that both systems are in the same area and
the duplicate network numbers are two internal network numbers on two
NetWare implementations of NLSP. The console probably displays the
following message:
System server_name with internal network number number
has my system ID in it.
Cause 4 —Packet filtering has been implemented on a router. This can
cause symptoms similar to those caused by duplicate network numbers
(for example, network A might be visible from network B, but network B
is not visible from network A).
If communication does not occur within an NLSP area, it is usually easy
to determine whether the network fault is caused by packet filtering or a
duplicate network number. Use IPXCON to view duplicate LAN network
numbers (parameter path: Select NLSP Information > LANs). If your
system does not have a matching network number, use FILTCFG to
remove the packet filtering.
Services Are Inaccessible in the Area

Services are inaccessible in the area.
Cause 1 —Services are being blocked by filters.
Examine the IPXCON Services option of each router in the path to isolate the
router that is filtering the services.
Cause 2 —Network connectivity problems.
Check that the network to which the service is attached exists. If the network
does not exit, look for link connectivity in the path between the area in the
network that is missing the network number and the area that is generating the
service.
Troubleshooting 143

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Cause 3 —Service name conflict. This occurs when you have the same
service name and the same type (for example, file server). If the service is a
file service, then the user logging in might not have appropriate rights and,
consequently, the login is rejected.
Use the Services option in IPXCON to verify that the service has the
appropriate network number.
If the service and network numbers are both visible, refer to “No
Communication Occurs between Two Networks” on page 142.
Cause 4 —Under rare circumstances, the server from which you are logging
in has insufficient space to store the service in the bindery.
Increase the disk space on the file server.
Cause 5 —If there are many services, a third-party router might be unable to
transmit the entire SAP table before the next periodic update. A third-party
router can start transmitting the services again from the beginning of the table,
instead of completing the current update.
Number of Routes and Services on a System Shows Local

Connectivity Only
The number of routes and services on a system shows that there is local
connectivity only.
Cause 1 —If the network to which the system is attached is an NLSP- only
network, and if the system is not configured for RIP mode only, then the
system might not receive RIP updates. If the following message is displayed
at the system console, there is a RIP mode misconfiguration and the two
routers cannot communicate:
Router server_name claims network number is really number
Turn on the tracking screens and check to determine whether there are any
RIP and SAP updates being sent to the server. If there are, it is possible
that you need RIP on the network but that you have set the RIP State
option to Off. You can check this by loading IPXCON (parameter path:
Select Circuits > select a circuit name). Check the RIP information to see
whether you have accidentally set RIP State to Off.
If you should be receiving RIP on the network but are not, it is possible
that the other routers on the network have been configured with RIP State

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
set to Off. If this is the case, and if you want to run RIP between the
servers, then set RIP State to On.
Cause 2 —Two NLSP systems are configured with different area addresses.
In this case, the Initialization Failures counter in IPXCON should be
increasing (parameter path: Select Circuits > Detailed Circuit Information).
If you are on an area boundary and you are using RIP as the interarea protocol,
configure RIP on both systems on the interface through which they are
communicating.
Cause 3 —One of the routers has the RIP State option set to Auto. If you
intended to use RIP for interarea routing on the network, this condition is
potentially serious. If the two NLSP routers are in communication with each
other, they continue to run RIP. However, if they are connected together with
a bridge or hub and that hardware fails and is brought up again sometime later,
NLSP does not detect the condition and RIP does not turn on again.
If you are running RIP and SAP on the network and the routes and services
fluctuate, refer to “Services or Routes are Fluctuating Excessively.”
Services or Routes are Fluctuating Excessively

The number of routes and services are fluctuating excessively. Some
fluctuation is normal in a large network. Change is occurring constantly as
systems are brought down for maintenance and other reasons. However,
hundreds of routes and services appearing and disappearing indicates a
network error. All the following problems are solved with the same procedure:
Cause 1 —Misconfiguration with RIP and SAP.
Cause 2 —Problem with a link.
Cause 3 —Error in NLSP.
Cause 4 —Two systems are competing for a system ID.
Cause 5 —LAN is generating errors.
First try to determine which systems are affected. It might be helpful to
determine which services are appearing and disappearing and to trace the
paths backward to their location. If many services are appearing and
disappearing, it might work better to find the set of affected systems. In
either case, you should be able to determine the boundary routers.
Troubleshooting 145

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
In NLSP, this determination is easy to make. Simply look at an affected

system's neighbors to see whether they have the problem, too. Examine
each system as you move outward. If just a single NLSP system is
experiencing the problem, then the cause is probably a local connectivity
problem. Check the system for neighbor state changes and disappearing
services.
Try to determine whether the problem has a boundary. If you see a system
in which one set of routers or services is disappearing and see an adjacent
system in which a different set of routers or services is disappearing, you
probably have found the boundary. Check to determine whether any of
these systems has problems with its neighbors, has fluctuating links, or
has a duplicate system ID.
If you find that the problem is isolated to a LAN, then follow the
procedures described under “Multiple Systems on a LAN Become
Unreachable Intermittently” on page 138. You might find that one system
that is supplying routing information to the network is losing its
neighbors, particularly the Designated Router. This system is probably
the source of the problem.
If you find that the problem is caused by some interaction with RIP and
SAP, check all systems for consistency on the LAN regarding the
following configurable RIP and SAP parameters in NIASCFG: Packet
Size Override, Periodic Update Interval, and Aging Interval Multiplier
(parameter path: Select Bindings > a specific interface > Expert Bind
Options > RIP (or SAP) Bind Options).
You should never let a periodic multiplier be less than 4. Because of timer
skew, this means that after three packets containing the same route are
dropped, the system loses this route. If any of the previously listed RIP
and SAP parameters are different, you must reconfigure the values. Better
still, use the default values, especially on LANs. Using different values
for the timers is too risky to justify the savings on a LAN.
Heavy Network-Layer Traffic Occurs on a Point-to-Point Link

There is heavy Network-layer traffic on a point-to-point link and you are
using RIP and SAP.
Migrate to NLSP.
There is heavy Network-layer traffic on a point-to-point link and you are
using NLSP.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Cause 1 —Network-layer packets are being retransmitted because there

is a software error or because two important timers are misconfigured in
NIASCFG. The important timers are the Minimum Non-Broadcast LSP
Transmission Interval timer (which indicates the amount of time before
an LSP is retransmitted when there is no acknowledging Partial Sequence
Number Packet [PSNP]) and the Partial SNP Interval timer (parameter
path: Select Configure NIAS > Protocols and Routing > Protocols >
Expert Configuration Options > NLSP Convergence Rate Configuration).
The latter timer should be set to a value much smaller than the value set
for the former timer because it acknowledges LSPs; if it is set too high,
the LSP transmitter responds as if the LSP is lost and retransmits the LSP.
If the problem persists after you reconfigure the timers, call technical
support.
Cause 2 —Many changes are occurring in your network because there is
too much RIP activity in your network.
Migrate more of your network to NLSP.
Cause 3 —Some systems are sending too many updates.
If possible, migrate more of your network to NLSP.
If you cannot migrate more of your network to NLSP, find the
boundary routers (those that are importing RIP) by looking at the
NLSP LANs window. Increase the Maximum LSP Generation
Interval option on these systems.
Applications Perform Poorly

You are experiencing poor application performance on systems in your
network.
Cause 1 —Suboptimal path has been selected by NLSP.
Check the end-to-end path of the connection and make sure that the links
that you thought would be chosen are being used to forward data. In an
NLSP area, look at the Potential Paths window by loading IPXCON
(parameter path: Select Forwarding > a specific destination). Outside an
NLSP area, perform the procedure described in “IPX Connectivity
Problems (Duplicate ID or Network Number)” on page 129.
If you find an incorrect path caused by RIP, then you can increase the RIP
cost by manually changing the cost of the RIP link. Refer to "Configuring
RIP and SAP" for information about how to do this.
Troubleshooting 147

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Cause 2 —Application relies on ticks to retransmit its packets. This should

not happen with the routing software, but it is possible that some other
manufacturer's router does not comply with the ticks value.
If this is the case, increase the cost of the routing software to match the value
of the router in question. This procedure should not affect other paths much,
but it should help to stop the application from retransmitting packets.
Cause 3 —Router is in an NLSP area and you have routers with load sharing
enabled. This causes the application to retransmit packets needlessly.
If this is the case, turn off load sharing to see whether the situation improves.
Cause 4 —Link speed is too slow. You might be choosing the optimal path,
but throughput is still not adequate.
If you have a Novell router and the protocol is windowed, you might want
to enable the IPX Header Compression option or experiment with PPP
data compression, if it is being used. However, the application might
require more bandwidth than you have available.
Make sure that the problem is not caused by latency. Compression adds
latency, which can slow down protocols that do not have windowing, such
as the Sequenced Packet ExchangeTM (SPXTM ) protocol. Also, older
versions of the NetWare shells do not have windowing. If you experiment
with the Packet BurstTM protocol, you might be able to reduce latency and
increase throughput.
If this is an X.25 problem, you might be able to remove some of the
latency by increasing the X.25 window size, the physical frame size, or
both.
If the previous suggestions do not work, change the type of line that you
have. Some kinds of frame relay lines have relatively low latency, as do
leased lines. X.25 and other WAN technologies sometimes have high
latency. If an X.25 problem exists, you can remove some of the latency
by increasing the X.25 window size, the physical frame size, or both.
Over slow PPP lines, increasing the frame size continually can hurt
performance. Because this can cause packets to be retransmitted, it can
take a long time to transmit a single frame across the link.
Cause 5 —Malfunctioning routers in the end-to-end path or a link that is
causing problems in the end-to-end path.
Determine the routers in the end-to-end path and check each router and link
for abnormal behavior.

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Cause 6 —Load sharing is enabled between dissimilar paths.

Verify that the two paths have comparable media and data rates.
CALLMGR Shows an IPX Circuit but IPXCON Does Not

CALLMGR shows an IPX circuit but IPXCON does not.
IPXCON does not show a circuit until after IPXWAN has completed
negotiation.
Check the link for errors, and make sure that both sides of the IPX link are
implementing IPXWAN properly.
Single System Is Entering an Overloaded State
A single system is in an overloaded state.

Cause 1 —System is running out of memory.
Cause 2 —Another system is experiencing database overload. It is possible
that another system in an overloaded state is causing your system to go into an
overloaded state.
On each suspect system, use MONITOR to check whether the Alloc Memory
Pool is set too low. If the value is too low, increase the value set for the Alloc
Memory Pool or remove some applications.
Cause 3 —Transient condition on that router.
If the problem persists, the system is running out of memory. If the value is
too low, increase the value set for the Alloc Memory Pool or remove some
applications.
Many Systems Are Entering an Overloaded State

Many systems are entering an overloaded state.
Cause 1 —Systems are being overrun with routing information. Possibly the
number of systems in the NLSP area has exceeded the number you originally
intended.
Using IPXCON, look at the number of routers in the area (parameter path:
Select NLSP Information > Routers). Add this number to the number of LANs
in the area. This sum is a good indicator of the amount of memory that is
Troubleshooting 149

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
required by an NLSP area. We recommend that you do not exceed 400 LANs
and routers (total) in any single NLSP area. It is also possible that two areas
have merged when they should not have. Determine whether routers are in the
area that should not be there. Prevent the areas from merging or use area
addresses.
Cause 2 —Backbone has been imported multiple times into the NLSP area.
NLSP is careful about the way that it imports external routes and services into
the NLSP network. For example, only the Designated Router on a LAN
imports information. Usually, if two NLSP systems are connected to the same
RIP backbone but they are on different LANs, a conflict does not occur. If RIP
reports two different routes to the same location, only the RIP route with the
shortest hop count is imported into the NLSP network. However, it might be
that most of the backbone is imported more than once. This can occur if there
is more than one equal cost path from the NLSP network to the RIP network.
To determine whether most of the backbone has been imported more than
once, look carefully at all routers that are importing RIP.
Using IPXCON, find the systems that are importing RIP into the NLSP area,
then determine whether RIP Active is displayed for the LAN (parameter path:
Select NLSP Information > LANs). Find the Designated Router in each LAN.
Look at the Forwarding table of each Designated Router. If more than one
Designated Router is on the LAN, this is probably because you have turned
off NLSP on the routers. In this case, you must run NLSP between the routers
to reduce the amount of imported information on each LAN.
Connectivity Is Lost on Only One LAN

Connectivity is not possible on a single LAN, but it is possible on other LANs.
This almost certainly indicates a duplicate network number. Refer to “No
Communication Occurs between Two Networks” on page 142 for the solution.
Usually, the network number that is the duplicate does not have the
connectivity.
NetWare Mobile IPX Client Loses Connectivity to the Server

The NetWare Mobile IPX client loses connectivity to the server.
If you lose connectivity before you start an operation, you will see messages
such as Access Denied , or it might look as if access is not available on
your network drives. If you lose connectivity after you start an operation, you
will receive a DOS critical error message that asks you whether you want the

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
operation to abort, retry, or fail. The method of reestablishing the connection

depends on whether you lose connectivity before or after you start an
operation. This method is the same for each of the following causes.
Cause 1 —The NetWare Mobile IPX client was out of range of wireless
coverage for too long.
Return the client to the range of wireless coverage and reestablish the
connection as explained in “Re-establishing the Connection” on page 151.
Cause 2 —The driver used with NetWare Mobile IPX is not Network Event
Service Layer (NESL) aware, so IPX is not sent the receive notification of
data-link events.
Use only NESL-aware drivers. Reestablish the connection as explained in
“Re-establishing the Connection” on page 151.
Cause 3 —The wireless board was removed when a process was running in
the background or the board was not correctly plugged in. This can happen
when you swap boards.
Simply reinsert the wireless or Personal Computer Memory Card International
Association (PCMCIA) board. Reestablish the connection as explained in
“Re-establishing the Connection” on page 151.
Cause 4 —The PCMCIA board was swapped when the portable was in a low-
power state. This tends to confuse the card and socket services, and events are
not sent to the drivers. This invariably causes computer lockup.
Do not swap the PCMCIA board when the portable is in a low-power state.
Reestablish the connection as explained in “Re-establishing the Connection”
on page 151.
Re-establishing the Connection
If you lose connectivity before you start an operation, you can usually
reestablish a connection by selecting Open/Save. If the HR Time To Live
timer has expired, selecting Open/Save will not reestablish the connection and
you must log in again.
If you lose connectivity after you start an operation, reestablish your
connection as follows:
In the Windows environment, you are asked to either retry or cancel the
current operation. Selecting Cancel terminates the connection to the
server you were accessing, and you must log in again to reestablish a
Troubleshooting 151

103-000176-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
connection. If you want the operation to be completed, you must select

the Retry option when you return to the network. In the meantime, the
system is unusable. If the HR Time To Live timer has expired, selecting
Retry will not reestablish the connection and you must log in again.
In the DOS environment, you have three options: Abort, Retry, or Fail.
Abort and Fail both terminate the connection to the server you were
accessing, and you must log in again to reestablish a connection. If you
want the operation to be completed, you must select the Retry option
when you return to the network. In the meantime, the system is unusable.
If the HR Time To Live timer has expired, selecting Retry will not
reestablish the connection, and you must log in again.

103-000176-001
August 29, 2001
Novell Confidential
Filter Configuration
Novell
NetWare 6 ®
www.novell.com
F I LT E R C O N F I G U R AT I O N
August 29, 2001

Novell Confidential
Contents
About This Guide 7

1 Understanding 9
The Use of Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Packet Forwarding Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Service Information Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Routing Information Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Outgoing Routing Information Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Incoming Routing Information Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
IPX Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
IPX SAP Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
IPX RIP Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
IPX NetBIOS and Packet Forwarding Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
TCP/IP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
IP Routing Information Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
IP Incoming Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
IP Outgoing Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
IP Packet Forwarding Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
AppleTalk Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
AppleTalk Device Hiding Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
AppleTalk Routing Information Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
AppleTalk Outgoing Route Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
AppleTalk Incoming Route Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
AppleTalk Routing Information Filters over AURP . . . . . . . . . . . . . . . . . . . . . . . . . 23
Source Route Bridge Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Protocol ID Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Ring Number Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2 Planning 25
Configuration Decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3 Setting Up 27
How to Run FILTCFG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
How to Save Filters to a Text File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Configuring IPX Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
How to Configure IPX SAP Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
IPX SAP Filter Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Contents 5
103-000178-001
August 29, 2001
Novell Confidential
How to Configure IPX RIP Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

IPX RIP Filter Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
IPX NetBIOS and Packet Forwarding Filters . . . . . . . . . . . . . . . . . . . . . . . . . 39
Configuring IPX Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
IPX Packet Forwarding Filter Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Configuring TCP/IP Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
How to Configure IP Routing Information Filters. . . . . . . . . . . . . . . . . . . . . . . . 47
How to Configure EGP Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
How to Configure OSPF External Route Filters . . . . . . . . . . . . . . . . . . . . . . . . 52
IP Routing Information Filter Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
IP Packet Forwarding Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Configuring AppleTalk Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
How to Configure AppleTalk Device Hiding Filtering . . . . . . . . . . . . . . . . . . . . . 61
Example AppleTalk Device Hiding Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
How to Configure AppleTalk Route Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . 66
AppleTalk Outgoing Routing Information Filter Example . . . . . . . . . . . . . . . . . . . 68
Configuring Source Route Bridge Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Configuring Protocol ID Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Configuring Ring Number Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
6 Filter Configuration
103-000178-001
August 29, 2001
Novell Confidential
About This Guide
This guide provides the information you need to configure and manage
Novell® Internet Access Server 4.1 filters.
About This Guide 7
103-000178-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
103-000178-001
August 29, 2001
Novell Confidential
1 Understanding
This chapter describes the Filter Configuration utility (FILTCFG) that you use
to configure filters that selectively discard packets to be sent or received by a
router. Filters let you control the service and route information that is accepted
or advertised by a router.
Filters can be useful when you want to limit specific kinds of traffic to certain
parts of your network topology, or when you want to provide a certain level
of security.
The Use of Filters

The Novell® Internet Access Server 4.1 routing software supports filtering to
control the service and route information that is accepted or advertised by a
router. Filters are useful when you want to limit specific types of traffic to
certain parts of your network and when you want to provide a certain level of
security. You use FILTCFG to configure the filters for the Internetwork
Packet ExchangeTM (IPXTM) protocol, IP, AppleTalk*, and the source route
bridge to selectively discard packets sent or received by a router. The
following types of filters are supported:
Packet forwarding —Prevents selected data packets from being
forwarded by the router. Packet forwarding filtering is available for IPX
and TCP/IP.
Service information —Limits the services added to the service
information (SAP) tables of specified routers. Service information
filtering is available for IPX and AppleTalk.
Routing information —Limits the routes added to the routing tables of
specified routers. Routing information (RIP) filtering is available for IPX,
AppleTalk, and TCP/IP.
Understanding 9
103-000178-001
August 29, 2001
Novell Confidential
OSPF —Controls the propagation of routing information from non-OSPF

domains (RIP, EGP, and so on) to the OSPF domain.
EGP —Defines the routes that a router can share with other EGP peers.
Protocol ID and ring number —Filters packets of certain protocol types
received by the bridge (Protocol ID filter), and filters packets received
from specific rings on a token ring network (ring number filter). Both
types of filters are only available for source route bridge.
Table 1 lists the protocol suites and the filter types that you can configure for
each with FILTCFG.
Table 1 Filter Types and Protocol Suites
Protocol Suite Packet Forwarding Service Filters Route Filters Bridge Filters
Filters
IPX X X X
AppleTalk X X
TCP/IP X X
Bridging X
Packet Forwarding Filters

Packet forwarding filters limit access to specific services by preventing
selected data packets from being forwarded by the router. These filters provide
the highest level of security because they examine each data packet forwarded
by the router. The filtering is based on the following packet characteristics:
Source interface
Destination interface
Source address
Destination address
Content
Packet forwarding filters do not restrict service advertisement packets sent by
servers. Therefore, restricted users might see advertisements of services even
when they cannot access the service.
103-000178-001
August 29, 2001
Novell Confidential
Although packet forwarding filters provide the highest level of security, they
might affect the performance of the router because the filters are applied to
each data packet received by the router.
Packet forwarding filters are available for IPX and TCP/IP protocols.
Service Information Filters

Service information filters restrict the advertisement or acceptance of
specified services by filtering out information in the data packets that
advertise the services destined for particular parts of the network. These filters
increase security by limiting the visibility of selected services. However,
service information filters provide a lower level of network security than
packet forwarding filters because they only monitor service information
packets. They also reduce the network traffic caused by periodic service
information messages sent by routers.
Service information filters are available for IPX (as outgoing and incoming
SAP filters) and AppleTalk (as device hiding filters).
Routing Information Filters

Routing information filters restrict the exchange of routing information
between routers by limiting the routes added to the routing tables of specified
routers. These filters increase network security by limiting the visibility of
specified networks. However, like service information filters, routing
information filters provide a low level of network security because they only
monitor routing information packets. They also reduce the network traffic
caused by the periodic exchange of routing information messages between
routers.
Routing information filters are available for IPX, AppleTalk, and TCP/IP.
There are two types of routing information filters:
Outgoing routing information filters, which limit the route
advertisements sent out by a router to a specified set of routers
Incoming routing information filters, which limit the acceptance of route
advertisements received by the router from its neighboring routers
For more information about routing information filters, refer to
“Outgoing Routing Information Filters” on page 12
“Incoming Routing Information Filters” on page 13
Understanding 11
103-000178-001
August 29, 2001
Novell Confidential
Outgoing Routing Information Filters

Outgoing routing information filters limit routing information advertised by a
router to its neighboring routers. When these filters are enabled on a router,
only the allowed routes are advertised to each neighboring router. This hides
specified routes from some routers and from certain parts of the network.
A typical outgoing routing information filter consists of the route to the
destination network and the interface through which filtered advertisements of
the route are sent. The filters affect all routers on the network to which this
interface connects.
Outgoing routing information filters might not affect whether the end stations
that are on the same LAN segment as the filtering router can access the filtered
routes. Because these filters only keep from advertising filtered routes to other
routers but do not affect the filtering router's routing table, the filtering router
delivers all packets that it receives as destined for filtered routes.
End stations at least one router away usually cannot access networks with
routes that are filtered out.
In addition to being able to filter by interface, you can also filter on a WAN
circuit. You can assign filters with specific circuit information, including
remote system ID, remote DTE address, and DLCI number. If the specific
router is connected by the specified circuit information in the filter, then the
filter is applied. Filtering on circuits is supported for X.25, ATM, frame relay,
and PPP.
Figure 1 on page 13 shows two networks; the route for one network has been
filtered.
103-000178-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Figure 1 Outgoing RIP Filters
End Station End Station

E1 E2
Filtering Filtering
Router R1 Router R2
(filtered)
Network 1
Network 3 Network 4
Network 2
The route to Network 1 is filtered out in Router R1's advertisement to Network

3. If End Station E2 sends a packet to Network 1, Router R2 drops that packet
because it does not have a route. If End Station E1 sends a packet to Network
1, Router R1 forwards it because it does have a route. End Station E1 can send
a packet to Network 1 only if it has a route to that network. End station E2 can
see only Networks 2, 3, and 4. End station E1 can see both Networks 1 and 2.
When IPX is used, route information filters affect both clients and routers. A
client will make a route request that passes through the same filters as for the
routinely transmitted route information. However, if a client is attached
locally to a router that is performing outbound route information filtering and
the client is using software that can use static routing, the client can send
packets to Network 1 through Router R1 because R1 knows about Network 1
in its routing tables. If only standard IPX route lookups are done (true for a
majority of sites), a path to the filtered networks is not possible.
Incoming Routing Information Filters

Incoming routing information filters limit the routing information accepted by
a router from its neighboring routers.
When incoming routing information filters are enabled on a router, the router
accepts only the allowed routes from each neighboring router, thereby hiding
specified routes from some routers and from certain parts of the network.
However, incoming routing information filters cannot be used to filter out
directly connected networks.
Understanding 13
103-000178-001
August 29, 2001
Novell Confidential
A typical incoming routing information filter consists of the destination

network of the route and the interface through which advertisements of the
route are expected to be received.
Incoming routing information filters keep the filtering router from adding
certain routes to its routing table when it receives the information from its
neighbors. The filtering router cannot forward a packet to a filtered route even
if it receives a packet destined for it. In this way, incoming routing information
filters provide a higher level of security than that provided by outgoing routing
information filters.
IPX Filtering
IPX supports the following types of filters:
Outgoing SAP filters
Incoming SAP filters
Outgoing RIP filters
Incoming RIP filters
NetBIOS filters
For more information about IPX filtering, refer to
“IPX SAP Filters” on page 14
“IPX RIP Filters” on page 15
“IPX NetBIOS and Packet Forwarding Filters” on page 16
IPX SAP Filters

Servers and routers on an IPX network exchange information about the name,
type, and location of the various service providers on the internetwork by way
of SAP packets. This information is distributed to users through SAP packets.
By limiting the propagation of this information, SAP filters provide limited
security at the servers and reduce the bandwidth required by the SAP
exchanges.
103-000178-001
August 29, 2001
Novell Confidential
There are two types of service information filters:

Outgoing SAP filters (service advertisement filters)
Outgoing SAP filters restrict the propagation of the SAP information that
is known to the router. An outgoing SAP filter specifies the service
provider and the potential recipient of the information. The service
provider is defined by a service name and service type. The recipient is
defined as an outbound interface or interface group. The filter is applied
to all servers, users, and routers that would receive the SAP information
through the interface. In large NetWare® internetworks, outbound SAP
filtering can save valuable WAN bandwidth, although the NetWare Link
Services ProtocolTM (NLSPTM) protocol might offer greater bandwidth
savings.
Incoming SAP filters (service acceptance filters)
Incoming SAP filters let the router discard information about a particular
service provider. The filtered SAP information is not recorded in the local
SAP information table or propagated to other routers or servers. The SAP
filter includes the service name and service type. An incoming SAP filter
can also specify the source of the SAP information to be filtered. The
source identifies the interface from which the SAP information was
received.
NOTE: SAP filters work only on routers running the RIP and SAP protocols. They
do not work on routers running the NLSP protocol. For filtering to work, either
IPXRTR must be configured for RIP/SAP only, or the bind options on selected
interfaces must be set up to read RIP=Yes , SAP=Yes , and NLSP=No .
IPX RIP Filters

Routers on an IPX network exchange routing information through RIP
packets. By limiting the propagation of this information, RIP filters provide
limited security to IPX networks, reduce the bandwidth required for RIP
updates, and reduce the memory requirements for routing tables.
There are two types of IPX RIP filters:
Outgoing RIP filters
Outgoing RIP filters restrict the propagation of routing information by the
router. An outgoing RIP filter specifies the network to be filtered and the
interface or interface group to which the filter should be applied. The
filter is applied to all servers, users, and routers that receive the RIP
information through that interface or interface group.
Understanding 15
103-000178-001
August 29, 2001
Novell Confidential
Incoming RIP filters

Incoming RIP filters let the router discard information about a particular
network. The filtered network is not recorded in the local forwarding
table and cannot be propagated to other routers, servers, or users. The
filter includes the network and the source of the route. The source
identifies the interface or interface group from which the routing
information was received. This is the most effective route filter for
improving security.
WARNING: RIP filters work only on routers running the RIP protocol. They do not
work for routers running the NLSP protocol. Use RIP filters with care because they
can partition a physical network into two or more segments.
IPX NetBIOS and Packet Forwarding Filters

NetBIOS filters allow the router to forward NetBIOS broadcast packets only
on selected interfaces.
IPX packet forwarding filters allow the router to filter a packet based on the
source and destination interface fields, the packet type, and the source and
destination address type. The interface can be specified as an interface or
interface type, and address types can be specified as any address, network, or
node. Some services can be identified by the presence of expected values in
the Packet Type and/or Destination Socket fields.
NOTE: IPX NetBIOS and packet forwarding filters work while using either NLSP or
RIP/SAP routing modes.
TCP/IP Filtering
The TCP/IP protocol supports the following types of filters:
IP outgoing route filters
IP incoming route filters
Outgoing EGP filters
Incoming EGP filters
OSPF external route filters
Packet forwarding filters
For more information about TCP/IP filtering, refer to
“IP Routing Information Filters” on page 17
“IP Packet Forwarding Filters” on page 18
103-000178-001
August 29, 2001
Novell Confidential
IP Routing Information Filters

IP routing information filters let the router restrict the routes that it accepts
from neighbors (incoming filters) and limit the advertised routes (outgoing
filters). The router can use RIP, Open Shortest Path First (OSPF), or Exterior
Gateway Protocol (EGP) to exchange routing information with other
neighboring routers, as follows:
RIP filters control the propagation of routing information and hide the
existence of specific IP networks from other routers.
OSPF filters control the propagation of routing information from non-
OSPF domains (RIP, EGP, and so on) to the OSPF domain.
EGP filters define the routes a router can share with other EGP peers.
IP Incoming Filters
IP incoming filters let the router restrict information about the routes it accepts
from its neighbors. Filtered routes are not recorded in the local forwarding
table and cannot be propagated to other routers or hosts. The filter includes the
destination network and the source of the route. The source identifies the
interface, interface group, or WAN connection from which the route
information was received or the address of the router that provided the
information.
You can apply IP incoming filters only to RIP and EGP routes. You cannot
filter routes to directly connected networks. Incoming filters do the following:
RIP incoming filters restrict the acceptance of routing information from
other RIP routers.
EGP incoming filters restrict the routes accepted from the EGP peers.
IP Outgoing Filters
IP outgoing filters restrict the propagation of route information from the
router. You can also use them to control the flow of routes between the routing
protocols. An outgoing filter specifies a route and a potential recipient of the
information. The recipient is an outbound interface, an interface group, a
WAN connection, or the IP address of another router.
Understanding 17
103-000178-001
August 29, 2001
Novell Confidential
You can apply IP outgoing filters to RIP, EGP, and OSPF routes. You cannot
filter directly connected networks. The following outgoing IP filters are
available:
RIP outgoing filters restrict the advertising of routing information and
hide the existence of specific IP networks from other routers.
OSPF external route filters define the routes learned from RIP, EGP, or
static routes that are propagated into the OSPF domain.
EGP outgoing filters restrict the routes that are propagated to the EGP
peers.
IP Packet Forwarding Filters

IP packet forwarding filters let the router filter packets selectively, based on
their source and destination interface fields, the packet type, and the source
and destination address type. The interface can be specified as an interface or
interface type, and the address types can be specified as any address, network,
or host. The packet type is identified by the presence of expected values in the
protocol type field of the IP header and in a protocol-specific operator. Packet
forwarding filters recognize the following protocol types:
Internet Control Message Protocol (ICMP)
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
NetWare Core Protocol (NCP)
The packet type can be further identified by the TCP/UDP port. You can filter
only TCP packets that initiate a connection; therefore, you can restrict access
to TCP services in a specific location while allowing clients in that location to
access outside TCP services.
103-000178-001
August 29, 2001
Novell Confidential
AppleTalk Filtering
The AppleTalk protocol supports the following types of filters:
Device hiding filters
Routing information filters
For more information about AppleTalk filtering, refer to
“AppleTalk Device Hiding Filters” on page 19
“AppleTalk Routing Information Filters” on page 20
“AppleTalk Routing Information Filters over AURP” on page 23
AppleTalk Device Hiding Filters

AppleTalk device hiding filters restrict the advertisement of services on a
router's internetwork by filtering out packets that advertise those services.
These filters both prevent users from finding the network addresses of services
and provide a level of network security.
In AppleTalk, the Name Binding Protocol (NBP) lets users access services
such as file servers and printers. Specifically, it allows a user or application to
specify search parameters such as the network entity name and service type,
and a zone in which the search should be done. The search is represented in an
NBP lookup request sent to the appropriate zone where the service might be.
Services matching the search parameters reply directly to the requesting user
or application with the AppleTalk address of the service. Once the user or
application has received the NBP reply, the user or application can use the
AppleTalk address to communicate with the service.
When AppleTalk device hiding filters are enabled on a router, the router drops
the NBP replies for specified services. (That is, it does not deliver the replies
to the client machine or application that requested them.) Thus, the services
are hidden from that part of the network.
A common use of NBP is the Macintosh* Chooser application. The user or
application issues an NBP lookup, specifying a zone and service type of
interest. The lookup is sent to the appropriate zone. All devices or services of
the specified type in the zone respond with an NBP reply. The Chooser
displays the list of available devices, based on the NBP replies it receives.
Using the AppleTalk address supplied in each NBP reply, the user or
application can then communicate with the device or service.
Understanding 19
103-000178-001
August 29, 2001
Novell Confidential
If filtering for that device or service location is enabled, the router drops the
NBP reply so that a user or application cannot get the network address of these
services. Without the NBP reply, the application cannot know about the
existence of the device.
NOTE: Device hiding filters provide a low level of security, but they do have
limitations. Because filtering is enabled on a router, if the client machine requesting
the address is on the same network as the service, the NBP reply goes directly to
the client and the router has no opportunity to filter it out. Additionally, if a client
machine knows the address of a specific service, it does not need the NBP reply
to access the service.
You can configure AURP routers to filter service information traveling

through an IP tunnel. If a filter is enabled on the tunnel, all networks accessible
through the tunnel are affected by service information filters configured for
the AURP router.
AppleTalk Routing Information Filters

AppleTalk routing information filters restrict the exchange of routing
information between routers by limiting the routes added to the routing tables
of specified routers. These filters increase security by limiting the visibility of
selected networks or zones and reduce the network bandwidth consumed by
the periodic exchange of routing information between routers. There are two
types of AppleTalk routing information filters:
Outgoing route filters
Incoming route filters
AppleTalk uses Routing Table Maintenance Protocol (RTMP) as its primary
routing protocol. This protocol is similar to the RIP used by TCP/IP and IPX.
The routing tables maintained by RTMP contain an entry for every known
route. These routing tables acquire routing information in two ways:
For directly connected networks, through AppleTalk configuration
For networks not directly connected, through the routing updates from
each of a router's neighboring routers
When all routing information filters are not enabled, an AppleTalk router
learns all the routes known by its neighboring routers through periodic routing
table updates (sent by RTMP). In this way, every router on the internetwork
acquires the routing information from all other routers on the internetwork.
103-000178-001
August 29, 2001
Novell Confidential
Routing information filters are also available over AppleTalk Update-based

Routing Protocol (AURP). In this case, a neighboring router can be either a
network interface (all neighbors directly connected to the cable) or all peers
on the AURP tunnel.
AppleTalk outgoing route filters can be used for networks and zones.
Incoming route filters can be used only for networks.
NOTE: If AppleTalk networks have more than one router between them (such as
for redundant or loop routing), these routers are required to have the same filters
configured (device hiding, outgoing router, or incoming route filters). Configuring
filters in only one router does not filter out the required information.
For more information on AppleTalk routing information filters, refer to

“AppleTalk Outgoing Route Filters” on page 21
“AppleTalk Incoming Route Filters” on page 22
AppleTalk Outgoing Route Filters

AppleTalk outgoing route filters limit the routing information advertised by a
router to its neighbors. A typical outgoing route filter consists of a network or
zone (the route) and the interface through which filtered advertisements are
sent. The filters affect all routers on the network to which the interface
connects.
An AppleTalk router learns only about networks that are not directly
connected through its neighbors. Because of this, neighboring routers with
enabled outgoing route filtering can limit the routing information that the
AppleTalk router receives. This effectively cuts off access from one part of the
network to another.
NOTE: If you hide a route from a neighbor, none of the routers on the neighbor's
side of the network has any information about this route.
If the specified action is to deny routes in the filter list, the router ignores all
the route information in the filters going to the designated neighbors, but sends
all other routing information. If the specified action is to permit routes in the
filter list, the router uses only routes designated in the filter list to the specific
neighbors and ignores everything else.
Novell Internet Access Server 4.1 supports zone-based and network number-
based outgoing route filters, as discussed in the following sections.
Understanding 21
103-000178-001
August 29, 2001
Novell Confidential
Zone-Based Outgoing Route Filters
Zone-based outgoing route filters limit the advertisement of all routes

associated with a particular zone. A zone is an abstraction of networks into
which many physical networks, including noncontiguous networks, can be
grouped. The main advantage of using zone names in filters is that the filter
does not need to be modified when new networks are added to the zone.
For example, when filters are configured for the Marketing zone, the zone is
made up of only one physical network. As the department grows, more
physical networks are added, but they are still grouped under the Marketing
zone. All filters configured for the Marketing zone are enforced automatically
for all new physical networks added to the zone. This capability greatly
simplifies network management.
NOTE: When you specify a zone from a network that has multiple zones, all set
filters affect the entire network, not just the selected zone.
Network Number-Based Outgoing Route Filters
Network number-based outgoing route filters limit the advertisement of the

routes to specific networks. This kind of filtering gives very explicit control to
the user about which physical network should or should not be advertised to
different neighbors.
You must reconfigure network number-based outgoing route filters when
changes occur in the network topology.
AppleTalk Incoming Route Filters

AppleTalk incoming route filters limit the routing information that a router
accepts and adds to its routing tables.
When these filters are enabled on a router, the router accepts only the allowed
routes from each of its neighboring routers so that specified routes are hidden
from particular routers and from particular parts of the network. Novell
Internet Access Server 4.1 supports only network number-based incoming
route filters.
An incoming route filter consists of a route and the interface through which
the route advertisements are expected to be transmitted. The specified route
can be to a nonextended network or to an extended network.
Directly connected networks cannot be filtered by incoming route filters. If the
specified action is to deny routes in the filter list, the router ignores all the
103-000178-001
August 29, 2001
Novell Confidential
route information designated in the filters received from the specified

neighbors, but accepts and records all other routing information. If the
specified action is to permit routes in the filter list, the router accepts only
routes designated in the filter list from the named neighbors and ignores
everything else.
AppleTalk Routing Information Filters over AURP

Routing information filters configured for AURP routers affect all AURP
routers on the tunnel in the same way. AppleTalk routers running AURP
cannot filter routes on a per-router basis.
WARNING: You should not change AURP route filters dynamically unless it is
absolutely required. Because AURP routers exchange complete route information
only during connection setup and only send updates to the information thereafter,
changing route filters can cause large volumes of AURP routing information to be
exchanged as the routers adapt to the new filter configuration. During this
information exchange, connectivity over the tunnel can be affected.
Source Route Bridge Filtering

Source route bridge supports the following two types of filters:
Protocol ID filters
Ring number filters
Protocol ID Filters
Protocol ID filters filter out packets of certain protocol types received by the
source route bridge. Protocol ID filtering can help control traffic, balance
bridge loads, and increase security.
Ring Number Filters

Ring number filters filter out packets received from specific rings in a token
ring network. This lets you limit the traffic that crosses a bridge from a source.
Use ring number filters to balance the load among your network bridges and
to increase network security.
Understanding 23
103-000178-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
103-000178-001
August 29, 2001
Novell Confidential
2 Planning
This chapter explains the decisions you must make before you can configure
filters.
Configuration Decisions
How you configure filters depends on the following decisions:
Whether you want to control access to services on your network
You should enable filtering support if you want to control access to
services on your network. Filters increase security by limiting the
visibility of selected services. Packet forwarding filters provide the
highest level of security.
Whether you want to reduce the bandwidth consumed by unnecessary
routing traffic
Enabling filtering reduces network traffic caused by periodic service
information messages sent by routers.
Planning 25
103-000178-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
103-000178-001
August 29, 2001
Novell Confidential
3 Setting Up
You use the Filter Configuration utility (FILTCFG) to configure filters that
selectively control which packets will be sent or received by a router. Filters
let you control the service and route information that is accepted or advertised
by a router.
Filters can be useful when you want to limit specific kinds of traffic to certain
parts of your network topology, or when you want to provide a certain level
of security.
How to Run FILTCFG

Before you begin, make sure that the Filter Support option is enabled in the
Novell® Internet Access Server Configuration utility (NIASCFG) for each
protocol that needs filtering.
NOTE: When Filter Support is disabled, the protocol operates as if the filter
module is not loaded, and no filtering occurs. However, the changes you make will
have no effect until you enable Filter Support. When Filter Support is enabled, any
changes you make to the filter configurations take effect immediately. It is not
necessary to use the REINITIALIZE SYSTEM command.
To set up and modify filters, complete the following steps:

1 Load FILTCFG.
The Filter Configuration Available Options menu is displayed.
2 Select the protocol for which you want to configure filters.
The main filter menu for the protocol you selected is displayed.
3 Optionally, for IPX and IP filtering, select Global Logging and select
Enabled to log packets that match the Filters or Exceptions definitions.
Setting Up 27
103-000178-001
August 29, 2001
Novell Confidential
The header of packets that match the Filters or Exceptions definitions

are logged as long as the global logging status and the filters or exceptions
logging status are both enabled. The logs are viewed using the NetWare
Administrator utility.
4 Select the type of filter you want.
The corresponding option menu is displayed.
5 For each option you select, you can configure the following general
parameters:
Status —Specifies the status of the selected filters. Any configured
filters immediately become active (enabled) or inactive (disabled),
depending on your choice.
Action —Permits or denies the packet, route, or service listed in the
filter list.
When the action is permitted, the specified filters are accepted; any
filters that are not explicitly permitted are denied. One of the
following occurs:
Packets matching the entries in the Packet Forwarding List are
allowed through.
Services or routes matching the entries in the Outgoing Service/
Routing Information Filter Lists are advertised.
Services or routes matching the entries in the Incoming Service/
Routing Information Filter Lists are accepted.
If the action is denied, the specified filters are denied (the packets are
discarded); any filters that are not explicitly denied are permitted.
Filters —Displays a list of filters that are accepted (permitted) or
filtered (denied) on an interface.
You can select a filter from the list and press Enter to modify the
filter or Del to remove it. Press Ins to add a new filter.
Refer to the corresponding section later in this section for the steps
you use to define a filter if you are modifying or adding a filter.
Exceptions —Displays a list of exceptions to the Filters list, to which
the Action parameter setting—permit or deny—does not apply.
The Exceptions list is examined before the Filters list. If there is a
conflict between the two lists, the Exceptions list is used. The action
103-000178-001
August 29, 2001
Novell Confidential
taken on the Exceptions list is always the opposite of the action taken
on the Filters list.
You select a filter from the list and press Enter to modify the filter
or Del to remove it. Press Ins to add a new filter. For example, you
could use a filter to hide all Marketing file servers from Engineering,
except the server named MKTG-DEMO.
6 Press Esc to exit.
NOTE: All filters affecting a primary call are automatically mapped to a configured
backup call. Optionally, the automatic mapping of filtering can be disabled with the
LOAD FILTSRV NOBACKUP command. With automatic mapping of filtering
disabled, you can configure a selective filtering scheme that is specific to the
needs of a backup link. The primary call and its associated backup call should use
the same remote system ID. For information on configuring backup calls, refer to
"Configuring Backup Calls."
How to Save Filters to a Text File

To save your filter information to a text file, complete the following steps:
1 Load FILTCFG.
The Filter Configuration Available Options menu is displayed.
2 Select Save Filters to a Text File, then press Enter.
3 Enter the pathname for the filter file.
For example, enter SYS:\ETC\TEMP . You can also save the filter file
to a floppy disk (for example, A:\filename).
Configuring IPX Filters

The Internetwork Packet ExchangeTM (IPXTM) protocol supports the
following types of filters:
SAP (service information) filters
Outgoing SAP filters (services advertised)
Incoming SAP filters (services accepted)
RIP (routing information) filters
Outgoing RIP filters (routes advertised)
Incoming RIP filters (routes accepted)
NetBIOS and packet forwarding filters
Setting Up 29
103-000178-001
August 29, 2001
Novell Confidential
Refer to Understanding for more information.

NOTE: When you configure a filter for a primary WAN call, an equivalent filter is
automatically generated for the backup call. If the primary call should fail, the
backup call is automatically connected.

“How to Configure IPX SAP Filters” on page 30
“IPX SAP Filter Example” on page 33
“How to Configure IPX RIP Filtering” on page 34
“IPX RIP Filter Example” on page 37
“IPX NetBIOS and Packet Forwarding Filters” on page 39
“Configuring IPX Packet Forwarding” on page 39
“IPX Packet Forwarding Filter Example” on page 43
How to Configure IPX SAP Filters

Before you begin, make sure that filtering support is enabled for IPX in
NIASCFG.
To configure IPX incoming (or outgoing) SAP filtering, complete the
following steps:
1 Load FILTCFG, then select the following parameter path:
Select Configure IPX Filters > Incoming SAP Filters (or Outgoing SAP
Filters )
2 Select Status and toggle the choice to read Enabled or Disabled .
Any configured filters immediately become active (enabled) or inactive
(disabled).
NOTE: It might be easier to configure filters while they are disabled. Otherwise,
you might experience temporary service loss while you are adding and setting up
wildcard filters.
3 Select Action and toggle the choice to permit or deny the services on the
filter list.
This specifies the action taken when an incoming (or outgoing) service
(SAP packet) matches a filter in the filter list. If you select to permit the
services, the SAP information is received from (or broadcast to) the local
103-000178-001
August 29, 2001
Novell Confidential
networks. If you select to deny the services, the SAP information is not
received from (or broadcast to) the local networks.
NOTE: Changing a filter to permit the services on the filter list when the filter list is
empty denies all services and might produce undesirable results.
4 Select Filters .
This lists the incoming (or outgoing) SAP services that are currently
permitted or denied, according to the Action parameter setting.
5 Modify the service list.
You can select a service from the list and press Enter to modify the
service or Del to remove it. Press Ins to add a new service.
If you are modifying an existing filter, or adding a new filter, modify the
following parameters from the Define Filter menu:
Logging —Optionally select Enabled to log packets that match the
Filters or Exceptions definitions.
The header of packets that match the Filters or Exceptions
definitions are logged as long as the global logging status and this
logging status are both enabled. The logs are viewed using the
NetWare Administrator utility.
Service Name —Press Ins, then select from a list of unfiltered
NetWare® services known to the router, or enter a service name.
NOTE: You can use the asterisk (*) and question mark (?) wildcards. The *
wildcard is equal to zero or more character matches. The ? wildcard is equal
to precisely one character match. For example, SERVER-A* matches Server-
A, SERVER-A2, and SERVER-A-MKTG, whereas SERVER-A? matches
only SERVER-A2. You can enter several wildcard characters in a string. We
recommend that you enter exceptions to wildcards first when working with an
enabled filter list.
Service Type —Enter a hexadecimal SAP number, or press Ins, then

select from a list of defined IPX service types.
You can use FFFF as a wildcard for any or all types.
Source (or Destination ) Type —Press Enter , then select Interface
or Interface Group .
Source (or Destination )—Press Enter and specify the source (or
destination) for the filter.
If you specified Interface as the Source (or Destination ) Type ,
select a specific interface on which you want to filter the service. You
Setting Up 31
103-000178-001
August 29, 2001
Novell Confidential
can select a LAN interface, a WAN interface, the internal network,

or all interfaces. The default is All Interfaces .
Source (or Destination ) Circuit —If you selected a WAN source (or
destination), press Enter to define optional circuit information:
Local Frame Relay DLCI # (for frame relay)—The DLCI circuit
number used for calls.
Remote System ID (for PPP, X.25, or ATM)—The name of the
remote system server or remote peer associated with this circuit.
Circuit Parameter Type (for X.25 or ATM)—The type of virtual
circuit used to establish a connection.
Remote DTE Address (for X.25)—The X.121 DTE address assigned
to the specific remote DTE.
Remote ATM Address (for ATM)—The address assigned to the
specific remote ATM.
NOTE: If the optional fields are left blank, the filter will match all WAN calls
on the interface. If authentication is not enabled and the optional fields are
specified, the filter will not work.
Comment —Enter an optional short description.

6 Press Esc and save the information.
7 Select Exceptions .
This displays a list of exceptions to the incoming (or outgoing) SAP
filters. Depending on the Action parameter setting, services that match a
filter on this list are always or are never accepted (or advertised) by the
router, even if another filter is configured to do the opposite.
8 Modify the exceptions list.
Select a service from the list and press Enter to modify the service or Del
to remove it. Press Ins to add a new service. Refer to Step 5 and Step 6
to modify or add an exception.
9 Press Esc to save the information and return to the Configure IPX Filters
menu.
103-000178-001
August 29, 2001
Novell Confidential
IPX SAP Filter Example

In this example, two departmental networks are connected to a corporate
network through a WAN link between Router 1 and Router 2. The two routers
use the RIP/SAP routing protocol to communicate with each other. RIP
enables routers to send out periodic updates of service and routing
information. The internetwork topology is shown in Figure 2 below.
NOTE: Either Router 1 or Router 2 can be set up to do the following: RIP/SAP can
be run over the WAN link with an outbound SAP filter and with the NetWare Link
Services ProtocolTM (NLSPTM ) software on the LAN. RIP/SAP can be run on the
LAN with an inbound filter and with NLSP on the WAN. RIP/SAP can be run on the
LAN and WAN links, and both inbound and outbound filtering is enabled. On the
WAN, both ends need to be consistently configured.
Figure 2 IPX SAP Filter Example
Server
SRV-DEPT1
Advertise only
SRV-DEPT1 and SRV-DEPT2
NetWare NetWare
Router 1 Router 2
WAN Link
Department 1 Corporate
Network Network
WAN-1 WAN-1
Advertise only
CORP-MAIL
Department 2
Network
Server
Server CORP-MAIL
SRV-DEPT2
To minimize the load on the WAN link, an IPX SAP filter is configured on
Router 1 and Router 2. This filter cuts down the periodic service information
updates across the WAN link by advertising only a few selected servers. The
clients across the WAN link can access the servers on the other network by
first attaching to these selected servers.
Setting Up 33
103-000178-001
August 29, 2001
Novell Confidential
When configuring this example, set the parameters as shown in Table 2.
Table 2 Parameters for IPX SAP Filter Example
Parameter Value
Router 1 Action Permit Services
Router 1 Filters: .
Filter 1: .
Service Name SRV-DEPT1
Service Type FFFF (All Types)
Destination Type Interface
Destination WAN-1
Destination Circuit All Circuits
Filter 2:
Service Name SRV-DEPT2
Destination WAN-1
Router 2 Action Permit Services
Router 2 Filters: .
Service Name CORP-MAIL

Destination WAN-1
How to Configure IPX RIP Filtering

NIASCFG.
To configure IPX incoming (or outgoing) RIP filtering, complete the
following steps:
Select Configure IPX Filters > Incoming RIP Filters (or Outgoing RIP
Filters )
103-000178-001
August 29, 2001
Novell Confidential
2 Select Status and toggle the choice to read Enabled or Disabled.

(disabled).
wildcard filters.
3 Select Action and toggle the choice to permit or deny the networks on the
filter list.
This specifies the action taken on an incoming (or outgoing) network
(RIP packet) in the filter list. If you select to permit networks, the RIP
information is received from (or advertised to) local networks. If you
select to deny networks, the RIP information is not received from (or
advertised to) local networks.
NOTE: Changing a filter to permit the routes on the filter list when the filter list is
empty denies all routes.
4 Select Filters .
This lists the incoming (or outgoing) RIP routes that are permitted or
denied, according to the Action parameter setting.
5 Modify the network list.
Select a filter from the list and press Enter to modify the filter or Del to
remove it. Press Ins to add a new network filter.
If you are modifying an existing filter or adding a new filter, modify the
NOTE: Whenever the internal network number of a server is filtered, the SAPs
from the server are also filtered automatically.

Network Number —Enter a 4-byte hexadecimal number that
identifies the IPX network.
Network Mask —Enter a 4-byte hexadecimal number that defines
the range of network numbers you want to filter.
Setting Up 35
103-000178-001
August 29, 2001
Novell Confidential
A network number/mask pair of 0/0 matches all IPX networks. A 1

bit in the network mask means that bit must be matched. For
example, C9000000/FFFFFF00 matches C90000XX network
numbers.
NOTE: Bit masks do not need to be contiguous for filters.
Source (or Destination ) Type —Press Enter , then select Interface

or Interface Group .
Source (or Destination )—Press Ins and specify the source (or
destination) of the route information.
If you specified Interface as the Source (or Destination ) Type ,
select a specific interface on which you want to filter the service. You
can select a LAN interface, a WAN interface, the internal network,
or all interfaces. The default is All Interfaces .
If you specified Interface Group as the Source (or Destination )
Type , select the specific interface group on which you want to filter
the service.

6 Press Esc and save the information.
103-000178-001
August 29, 2001
Novell Confidential
7 Select Exceptions.
Displays a list of exceptions to the incoming (or outgoing) RIP filters.
Depending on the Actions parameter setting, routes that match a filter on
this list are always or are never accepted (or advertised) by the router,
even if another filter is configured to do the opposite.
remove it. Press Ins to add a new network filter. Refer to Step 5 and Step
6 to add or modify a filter.
9 Press Esc to save the information and return to the Configure IPX Filters
menu.
IPX RIP Filter Example

In this example, network clouds are connected to each other through a T1
WAN link and a 256-Kbps WAN link. Packets from specific network ranges
in each cloud take longer to be transmitted through the T1 link than the 256-
Kbps link because their proximity to the links are different.
To restrict access to the 256-Kbps link to those network ranges that benefit
from it most, and to prevent other networks from accessing this slower link,
outbound filters are configured in the routers attached to the 256-Kbps link. In
this case, Router 1 permits only packets sent to network range 010159xx to be
transmitted through the 256-Kbps link. Router 2 permits only packets sent to
network range 020267xx to be transmitted through the 256-Kbps link.
The internetwork topology is shown in Figure 3 on page 38.
Setting Up 37
103-000178-001
August 29, 2001
Novell Confidential
Figure 3 IPX Routing Information Filter Example
T1 WAN
Link Network
Network Ranges
Ranges
01013xxx
02029xxx 01014xxx
Router 1 256-Kbps Router 2
WAN Link
020267xx 010159xx
WAN-1 WAN-1
Permit only Permit only

020267xx 010159xx
Table 3 Parameters for IPX Outgoing Filter Example
Parameter Value
Router 1 Actions Permit Networks
Filters: .
Network Number 02026700
Network Mask FFFFFF00
Destination Interface WAN-1
Router 2 Actions Permit Networks
Filters: .
Network Number 01015900
Network Mask FFFFFF00
Destination Interface WAN-1
103-000178-001
August 29, 2001
Novell Confidential
IPX NetBIOS and Packet Forwarding Filters

IPX packet forwarding filters allow the router to filter a packet according to
the source and destination address fields and the packet type. NetBIOS filters
allow the router to forward NetBIOS broadcast packets only on selected
interfaces.
NOTE: IPX NetBIOS and packet forwarding filters work while using either NLSP or
RIP/SAP routing modes.
Configuring IPX Packet Forwarding

NIASCFG. Otherwise, filtering will not work.
To configure IPX packet forwarding filters, complete the following steps:
Select Configure IPX Filters > NetBIOS and Packet Forwarding Filters
wildcard filters.
3 Select NetBIOS Broadcast Filters Action and toggle the choice to permit
or deny the IPX NetBIOS packets on the listed interfaces.
4 Select NetBIOS Broadcast Filters Interfaces, then press Enter .
This displays a list of interfaces that are permitted or denied for NetBIOS
broadcast. Press Ins to add an interface to the list, or select an interface
and press Del to remove it from the list. You can select a LAN interface,
a WAN interface, the internal network, or all interfaces.
5 Select Interface Groups , then press Enter .
This displays a list of interface groups that are permitted or denied for
NetBIOS broadcast. Press Ins to add an interface to the list, or select an
interface and press Del to remove it from the list.
6 Select Packet Forwarding Filters Action and toggle the choice to permit
or deny the packet forwarding filters on the filter list.
7 Select Filters .
This lists the NetBIOS filters that are permitted or denied, according to
the Action parameter setting.
Setting Up 39
103-000178-001
August 29, 2001
Novell Confidential
8 Modify the filter list.

remove it. Press Ins to add a new filter.
Source Interface Type —Press Enter and select Interface or
Interface Group as the incoming IPX packet source.
Source Interface —Press Enter and select the source from the list of
network interfaces or interface groups.
If you specified Interface as the Source Interface Type , select a
specific interface on which you want to filter the service. You can
select a LAN interface, a WAN interface, the internal network, or all
interfaces. The default is All Interfaces .
If you specified Interface Group as the Source Interface Type ,
select the specific interface group on which you want to filter the
service.
Source Circuit —If the source is a WAN interface, press Enter to
modify the following optional circuit information:
Destination Interface Type —Press Enter and select Interface or

Interface Group as the IPX packet destination.
103-000178-001
August 29, 2001
Novell Confidential
Destination Interface —Press Enter and select a destination from the

list of network interfaces or interface groups.
If you specified Interface as the Source (or Destination ) Interface
Type , select a specific interface on which you want to filter the
service. You can select a LAN interface, a WAN interface, the
internal network, or all interfaces. The default is All Interfaces .
If you specified Interface Group as the Destination (or Source )
Interface Type , select the specific interface group on which you
want to filter the service.
Destination Circuit—If the destination is a WAN interface, press
Enter to modify the following optional circuit information:
Packet Description —Press Enter and select from a list of defined
IPX packet types, or press Ins to define a packet type.
Enter the following information to define the type of IPX packet you
can filter:
Name —Enter a name for the packet.
Packet Type —Enter a 1-byte packet type number in hexadecimal.
The FF wildcard matches all packet numbers.
Destination Socket —Enter a 2-byte socket number in hexadecimal.
The wildcard FFFF matches all socket numbers.
Source Address Type —Press Enter and select Any Address ,
Network , or Node as the source address type.
Setting Up 41
103-000178-001
August 29, 2001
Novell Confidential
Source IPX Address —Enter the address if you selected Network or

Node.
Destination Address —Press Enter and select Any Address ,
Network , or Node as the destination address.
Destination IPX Address —Enter the address if you selected
Network or Node .
A network numbers/mask pair of 0/0 matches all IPX networks. A 1
bit in the network mask means that bit must be matched. For
example, C9000000/FFFFFF00 matches C90000XX network
numbers.
9 Press Esc and save the filter information.
10 Select Exceptions.
This lists the exceptions to the IPX forwarding filters. According to the
Action parameter specified, the packets that match a filter on this list are
always or are never forwarded by the router, even if another filter is
configured to do the opposite.
Press Ins to add a new filter, or select a filter from the list and press Enter
to modify the filter or Del to remove it. Refer to Step 8 on page 40 and
Step 9 on page 42 to modify or add a filter.
12 Press Esc to save the information and exit to the Configure IPX Filters
menu.
103-000178-001
August 29, 2001
Novell Confidential
IPX Packet Forwarding Filter Example

In this example, an FDDI backbone connects several departments in an
organization. Routers A, B, and C connect the departmental networks to the
backbone. Within the organization, users can access all servers. However, the
Human Resources (HR) servers can be accessed only by HR employees. To
make the HR servers secure, packet forwarding filters are used in addition to
the usual NetWare password security. Note that some of the HR employees
are connected to different networks than the one HR servers are connected to
Figure 4 shows the internetwork topology.
Figure 4 IPX Packet Forwarding Filter Example
HR Employee 1
IPX Node = 59:00001B2700F3
LAN 2
IPX Network 59
LAN 3
IPX Network 55
Router C
Corporate FDDI Backbone

IPX Network 50
Router B
HR Employee 2
Router A IPX Node = 55:00001B2700F0
LAN 1
IPX Network 53
HR File Server 1 HR File Server 2

Internal Net = 10 Internal Net = 12
Routers B and C do not require filters because users can access all corporate
servers (except for the HR server). Packet forwarding filters are installed on
Router A to block packets from the FDDI interface to the HR servers, except
when the packets are from the nodes 59:00001B2700F3 and
55:00001B2700F0.
Setting Up 43
103-000178-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Table 4 Parameters for IPX Packet Forwarding Filter Example
Parameter Value
Action Deny Packets
Filter List: .
Source Interface Type Interface
Source Interface FDDI
Source Circuit All Circuits
Destination Interface Type Network
Destination Interface 10/FFFFFFFF
Packet <Any>
Source Address Type Network
Source IPX Address FDDI
Destination Address Network
Destination IPX Address 10/FFFFFFFF

Source Interface FDDI
Packet <Any>
Source Address Type Network
Source IPX Address FDDI
103-000178-001
August 29, 2001
Novell Confidential
Parameter Value
Exceptions: .
Source Interface Type Node
Source Interface 59:00001B2700F3
Packet <Any>
Source Address Type Node
Source IPX Address 59:00001B2700F3

Packet <Any>

Packet <Any>
Setting Up 45
103-000178-001
August 29, 2001
Novell Confidential
Parameter Value

Packet <Any>
Configuring TCP/IP Filters

TCP/IP supports the following filters:
Incoming RIP filters (routing information)
Outgoing RIP filters (routing advertisement)
Packet forwarding filters
Incoming Exterior Gateway Protocol (EGP) filters (routing information)
Outgoing EGP filters (routing advertisement)
Open Shortest Path First (OSPF) external route filters
Refer to Understanding for more information.

“How to Configure IP Routing Information Filters” on page 47
“How to Configure EGP Filters” on page 49
“How to Configure OSPF External Route Filters” on page 52
“IP Routing Information Filter Example” on page 53
“IP Packet Forwarding Filters” on page 55
103-000178-001
August 29, 2001
Novell Confidential
How to Configure IP Routing Information Filters

Before you begin, make sure that filtering support is enabled for IP in
NIASCFG under the TCP/IP Protocol menu. Otherwise, filtering will not
work.
To configure IP incoming (or outgoing) RIP filters, complete the following
steps:
Select Configure TCP/IP Filters > Incoming RIP Filters (or Outgoing
RIP Filters )
(disabled).
3 Select Action and toggle the choice to permit or deny the routes in the
filter list.
This specifies the action taken when an incoming (or outgoing) RIP
packet matches a filter on the filter list.
If you select to permit the routes, the matching RIP routes are accepted
(or advertised) by the router. If you select to deny the routes, the matching
RIP routes are not accepted (or advertised) by the router.
4 Select Filters .
This lists the incoming (or outgoing) RIP filters that are permitted or
5 Modify the route list.
You can select a filter from the list and press Enter to modify the filter or
Del to remove it. Press Ins to add a new filter.
Route to Network or Host —Specify All Routes , Host , or Network
as the type of route to be filtered.
IP Address of Network/Host —Enter a 4-byte IP address in dotted
decimal notation. You do not need to enter this if you selected All
Routes for the Route to Network/Hosts parameter.
Setting Up 47
103-000178-001
August 29, 2001
Novell Confidential
Subnetwork Mask —Enter a 4-byte mask address in dotted decimal

or hexadecimal notation. Do this only if you selected Network for
the Route to Network/Hosts parameter.
Source (or Destination ) Type —Select Interface , Interface Group ,
or Network as the source (or destination) type.
Source (or Destination )—Press Enter , then select the source (or
destination) that the route is advertised to or blocked from.
If you specified Interface for the Source (or Destination ) Type
parameter, select a specific interface on which you want to filter the
service. You can select a LAN interface, a WAN interface, or all
If you specified Interface Group for the Source (or Destination )
Type parameter, select the specific interface group on which you
want to filter the service.
If you selected Network for the Source (or Destination ) Type
parameter, type the TCP/IP address and the subnet mask.
Advertised Hop Count —Enter a number from 1 to 16.
This option is enabled if the filter is configured to permit or advertise
the route. If you leave this option blank, the TCP/IP routing table is
consulted automatically for the required information. A value of 16
disables the route.
103-000178-001
August 29, 2001
Novell Confidential

This displays a list of exceptions to the configured filters. Depending on
the Action parameter setting, packets that match a filter on this list are
always or are never accepted (or advertised), even if another filter is
NOTE: The Exceptions list filters always takes a higher priority than other filters.

remove it. Press Ins to add a new filter. Refer to Step 5 and Step 6 if you
are adding or modifying a filter.
9 Press Esc to save the information and return to the Configure TCP/IP
Filters menu.
How to Configure EGP Filters

IMPORTANT: No routes are accepted by EGP unless EGP filters are configured.
To configure IP incoming (or outgoing) EGP filters, perform the following
steps:
Select Configure TCP/IP Filters > Incoming EGP Filters (or Outgoing
EGP Filters )
(disabled).
filter list.
Setting Up 49
103-000178-001
August 29, 2001
Novell Confidential
This specifies the action taken when an incoming (or outgoing) EGP
packet matches a filter on the filter list. If you select to permit the routes,
the matching EGP routes are accepted (or advertised) by the router. If you
select to deny the routes, the matching EGP routes are not accepted (or
advertised) by the router.
4 Select Filters .
This lists the incoming (or outgoing) EGP routes that are permitted or
You can select a filter from the list and press Enter to modify the filter or
Del to remove it. Press Ins to add a new filter.
Route to Network or Host —Press Enter and specify All Routes or
Network as the type of route to be filtered.
IP Address of Network/Host —Enter an IP address in dotted decimal
notation if you selected Network .
Subnetwork Mask —Enter a 4-byte subnet mask address in dotted
decimal or hexadecimal notation.
Source (or Destination ) Type —Select Autonomous System , Host
, Interface , Interface Group , or Network .
Source (or Destination )—Fill in the following information, based
on what you selected for the Source (or Destination ) Type :
Autonomous System —Press Enter , then type the autonomous
system number (from 0 to 65535) from which the route is learned
(source) or advertised (destination).
Host —Press Enter , then type the TCP/IP address in dotted decimal
notation.
Interface —Press Enter , then select a specific interface on which you
want to filter the service. You can select a LAN interface, a WAN
interface, or all interfaces. The default is All Interfaces .
Interface Group —Press Enter , then select an interface group from
the list.
Network —Press Enter , then type the TCP/IP address and subnet
mask numbers in dotted decimal notation.
103-000178-001
August 29, 2001
Novell Confidential
Metric Value —Enter a number to be associated with the route.
This option is enabled only if the filter is configured to permit or
advertise the route. If you leave this option blank, the TCP/IP routing
table is consulted automatically for the required information.
Lists the exceptions to the configured filters. Depending on the Action
parameter setting, packets that match a filter on this list are always or are
never advertised (or hidden), even if another filter is configured to do the
opposite.
Filters menu.
Setting Up 51
103-000178-001
August 29, 2001
Novell Confidential
How to Configure OSPF External Route Filters

NOTE: OSPF external route filters apply only to routes learned from RIP, EGP, or
static routes.
To configure OSPF external route filters, complete the following steps:
Select Configure TCP/IP Filters > OSPF External Route Filters
(disabled).
filter list.
If permitted, all matching routes are forwarded by the router. If denied,
all matching routes are not forwarded by the router.
4 Select Filters.
This lists the routes that are permitted or denied, according to the Action
parameter setting.
Route to Network or Host —Press Enter to specify All Routes , Host,
or Network as the type of route to be filtered.
IP Address of Network Host —Enter a 4-byte IP address in dotted
decimal notation if you specified Network or Host for the Route to
Network or Host parameter.
Subnetwork Mask —Enter a 4-byte mask address in dotted decimal
or hexadecimal notation if you specified Network for the Route to
Network or Host parameter.
103-000178-001
August 29, 2001
Novell Confidential
Metric Value —Enter a metric or cost associated with the route.

This option is enabled only if the filter is configured to permit or
advertise the route. If you leave this option blank, the TCP/IP routing
table is consulted automatically for the required information.
This lists the exceptions to the configured route filter list. Depending on
always or are never permitted or denied, even if another filter is
Filters menu.
IP Routing Information Filter Example

In this example, the Accounting department is connected to the FDDI
backbone by Router C. One of the networks within Accounting is 151.1.0.0
(subnet mask of 255.255.255.0). Because access to this network from outside
the Accounting department is not required, the administrator has selected not
to propagate a route to this network outside the Accounting department.
To hide network 151.1.0.0 from the rest of the organization, an outgoing RIP
filter is configured on Router C.
Because IP supports RIP, OSPF, and EGP, routing filters must always specify
the routing protocol for which the filter applies. In this case, RIP is used by all
routers in the organization, and a RIP routing information filter is configured.
Setting Up 53
103-000178-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
The route being hidden from the rest of the network is defined by the
Accounting department network with IP network address 151.1.0.0. Router
C's connection to the departments outside Accounting is through the FDDI
backbone. The destination from which network 151.1.0.0 is hidden is most
easily defined as the FDDI interface to the backbone. Figure 5 shows the
internetwork topology.
Note that Router C has the route to network 151.1.0.0 in its routing table. If
Router C receives a packet from the FDDI backbone that is destined for
network 151.1.0.0, it forwards the packet.
Figure 5 IP Routing Information Filter Example
IP Network 151.1.0.0
Router C
(FDDI Backbone)
Router A Router B
External Internetwork
NE2000
Mail Server
103-000178-001
August 29, 2001
Novell Confidential
When configuring this example, set the parameters as shown in Table 5 .
Table 5 Parameters for IP Outgoing Routing Information Filter Example
Parameter Value
Action Deny Routes
Filters: .
Route to Network or Host Network
IP Address of Network Host 151.1.0.0
Subnet Mask 255.255.255.0
Destination FDDI Interface
IP Packet Forwarding Filters

IP packet forwarding filters let the router filter packets selectively, according
to their type, source, and destination.
Configuring IP Packet Forwarding Filtering
To configure IP packet forwarding filtering, complete the following steps:
Select Configure TCP/IP Filters > Packet Forwarding Filters
(disabled).
3 Select Action and toggle the choice to permit or deny the packets in the
filter list.
If denied, matching packets are not forwarded by the router. If permitted,
matching packets are forwarded by the router.
4 Select Filters .
This lists the packets that are permitted or denied, according to the Action
parameter setting.
Setting Up 55
103-000178-001
August 29, 2001
Novell Confidential
5 Modify the packet list.

remove it. Press Ins to add a new packet filter.
If you are modifying an existing filter or adding a new filter, specify the
NOTE: You cannot modify a predefined packet type.
Source Interface Type —Press Enter and select Interface or

Interface Group as the source type.
Source Interface —Press Enter and select an interface or interface
group from the list.
If you specified Interface as the Source Interface Type , select a
select a LAN interface, a WAN interface, or all interfaces. The
default is All Interfaces .
If you specified Interface Group as the Source Interface Type , select
the specific interface group on which you want to filter the service.
Source Circuit —If you selected a WAN interface source, press Enter
to define optional circuit information:
Destination Interface Type —Select Interface or Interface Group as
the interface type.
Destination Interface —Press Enter and select an interface or
interface group from the list.
If you specified Interface as the Destination Interface Type , select a
103-000178-001
August 29, 2001
Novell Confidential
select a LAN interface, a WAN interface, or all interfaces. The

default is All Interfaces .
If you specified Interface Group as the Destination Interface Type ,
select the specific interface group on which you want to filter the
service.
Destination Circuit —If you selected a WAN interface destination,
press Enter to define optional circuit information:
Packet Type —Press Enter and select a packet type from the list.
The Protocol and Port(s) fields are automatically filled in, according
to your packet type selection.
Source Address Type —Press Enter and select Any Address , Host
, or Network .
Source TCP/IP Address —Enter the address and subnet mask of the
network or host.
Destination Address Type —Press Enter and select Any Address ,
Host , or Network .
Destination TCP/IP Address —Enter the address and subnet mask of
the network or host.
Setting Up 57
103-000178-001
August 29, 2001
Novell Confidential
7 Select Exceptions to display a list of exceptions to the permitted or
denied packets.
This lists the exceptions to the configured packet filter list. Depending on
always or are never permitted or denied, even if another filter is
Filters menu.
IP Packet Forwarding Filter Example
In this example, an organization has an FDDI backbone connecting several

departments within the organization and a link to external networks. Routers
A and C connect the departmental networks to the backbone. Router B
connects the external networks to the backbone. Within the organization,
users can communicate freely across the internetwork. External access is
limited to electronic mail. The internetwork topology is shown in Figure 6 on
page 59.
103-000178-001
August 29, 2001
Novell Confidential
Figure 6 IP Packet Forwarding Filter Example
Router C
(FDDI Backbone)
FDDI_B
Router A Router B
NE2000_B
Mail Server
153.5.3.1
Because internal communication is not restricted, packet forwarding filters are

not required on Routers A or C.
Two packet forwarding filters are required on Router B. The first filter ensures
that any packet originating within the organization's internal networks are
forwarded by Router B. The second filter provides access to the corporate mail
server and allows external users to send and receive electronic mail to and
from internal users.
To configure the first filter, the source identifies the packets that originate in
the internal networks. The simplest way to do this on Router B is to identify
all packets received from the FDDI backbone interface. Because internal users
can use any service at any location, the remaining fields in the filter can be
specified as ANY.
The source of the second filter is all packets originating from external
networks. Because the interface NE2000_B is the only connection that Router
B has to the external networks, this can be used to specify the source field for
this filter. SMTP (Simple Mail Transfer Protocol) is selected from the
Setting Up 59
103-000178-001
August 29, 2001
Novell Confidential
predefined services list. The allowable destinations are limited to the

corporate mail servers. Host 153.5.3.1 is the only mail server defined.
When configuring this example, set the parameters as shown in Table 6 .
Table 6 Parameters for IP Packet Forwarding Filter Example
Parameter Value
Action Permit Packets
Filters List .
Filter 1: .
Source Interface FDDI backbone
Destination Interface Type Interface
Destination Interface All Interfaces
Packet Type Any
Source Address Type Any Address
Destination Address Type Any Address
Filters List .
Filter 2: .
Source Interface NE2000_B
Destination Interface Type Interface
Destination Interface All Interfaces
Packet Type SMTP
Source Address Type Any Address
Destination Address Type Host
Destination TCP/IP Address 153.5.3.1
Configuring AppleTalk Filters

AppleTalk supports the following types of filters:
Device hiding filters
Outgoing route filters (routes advertised)
Incoming route filters (routes accepted)
backup call is automatically connected. You can only view primary filters using
FILTCFG. Backup filters do not appear in FILTCFG.
103-000178-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Refer to Chapter 1, “Understanding,” on page 9 for more information.

“How to Configure AppleTalk Device Hiding Filtering” on page 61
“Example AppleTalk Device Hiding Filter” on page 65
“How to Configure AppleTalk Route Filtering” on page 66
“AppleTalk Outgoing Routing Information Filter Example” on page 68
How to Configure AppleTalk Device Hiding Filtering

Before you begin, make sure that filtering support is enabled for AppleTalk in
To configure AppleTalk device hiding filtering, complete the following steps:
Select Configure AppleTalk Filters > Device Hiding Filters
2 Select Action and toggle the choice to show or hide the devices listed in
the filter list.
This specifies the action taken when an NBP reply packet matches a filter
in the filter list. If you specify to show the devices, the AppleTalk router
forwards only the NBP replies that match a filter in the filter list. If you
specify to hide the devices, the AppleTalk router discards all NBP replies
that match a filter in the filter list.
3 Select Filters .
This displays a list of filters that hide or show devices, depending on the
setting of the Action parameter. The name, type, device location, and
user location are listed for each device filter.
If you are modifying an existing filter or adding a filter, specify the
following parameters in the Define Filter menu:
Device Name —Enter an NBP name of up to 32 characters.
Keep the default (=) to select all NBP names. An AppleTalk device
advertises itself on the network according to the Device Name and
Device Type values.
Setting Up 61
103-000178-001
August 29, 2001
Novell Confidential
Device Type —Press Enter and select from a list of defined

AppleTalk NBP device types, or press Ins to add a new NBP type
with the following information:
Device Type —Enter a text string of up to 32 characters.
Device Location Type —Specify where the filtered device is located
from the following choices: <Any> (the default), Interface ,
Interface Group , Non-extended Network , Multiple/Extended
Network, Zone , or AURP Tunnel .
Select <Any> to select all device locations to show or hide all
devices to the user location.
Device Location —Specify the following parameters, based on what
you selected for Device Location Type :
<Any > or AURP Tunnel —This field cannot be edited.
interface, the internal network, or all interfaces. The default is All
Interfaces .
Interface Group —Press Enter , then select a network interface group
from the list.
Non-extended Network —Press Enter , then type a network number
to identify the nonextended network in which the filtered device is
located.
Multiple/Extended Networks —Press Enter , then type the start and
end network numbers for the extended network in which the filtered
device is located. The start number must be greater than zero, and the
end number must be greater than or equal to the start value.
You can enter a specific extended network, or a range of extended
and nonextended networks. For example, for networks 1-9, 10, 11-
20, 21-30, specifying an extended range of 1-30 will filter all devices
in the 1-9, 10, 11-20, and 21-30 extended networks.
Zone —Press Enter , then type the name of the AppleTalk zone in
which the filtered device is located.
103-000178-001
August 29, 2001
Novell Confidential
Device Circuit —If you selected a WAN circuit, press Enter to

Remote System ID (for PPP, X.25, ISDN, or ATM)—The name of
the remote system server or remote peer associated with this circuit.
User Location Type —Select a location type from one of the
following choices: <Any> (the default), Interface , Interface Group
, Non-extended Network , Multiple/Extended Network , Zone , or
AURP Tunnel . Select <Any> if you do not know the location of the
device or if the network location does not matter.
User Location —Specify the locations of the users whose access to
the devices must be controlled. Specify one of the following, based
on what you selected for User Location Type :
<Any > or AURP Tunnel —This field cannot be edited.
interface, the internal network, or all interfaces. The default is All
Interfaces .
Interface Group —Press Enter , then select a network interface group
from the list.
Non-extended Network —Press Enter , then type a network number
to identify the nonextended network in which the filtered device is
located.
Multiple/Extended Networks —Press Enter , then type the start and
end network numbers for the extended network in which the filtered
device is located. The start number must be greater than zero, and the
end number must be greater than or equal to the start value.
You can enter a specific extended network, or a range of extended
and nonextended networks. For example, for networks 1-9, 10,
Setting Up 63
103-000178-001
August 29, 2001
Novell Confidential
11-20, 21-30, specifying an extended range of 1-30 will filter all

devices in the 1-9, 10, 11-20, and 21-30 extended networks.
Zone —Press Enter , then type the name of the AppleTalk zone in
which the filtered device is located.
User Circuit —If you selected a WAN interface, press Enter to
This lists the exceptions to the device filter list. Depending on the Action
parameter setting, devices that match a filter on this list are always or are
never permitted or denied, even if another filter is configured to do the
opposite.
remove it. Press Ins to add a new filter. Refer to Step 4 and Step 5 to
modify or add a filter to the exceptions list.
All configured filters immediately become active (enabled) or inactive
(disabled).
9 Press Esc to save the information and return to the Configure AppleTalk
Filters menu.
103-000178-001
August 29, 2001
Novell Confidential
Example AppleTalk Device Hiding Filter

FigureFigure 7 on page 65 shows the internetwork topology for an
organization with an FDDI backbone connecting several departments within
the organization and a link to external networks. Routers A and C connect the
departmental networks to the backbone. In general, users can communicate
freely across the internetwork. However, access to printers within the
Accounting department is restricted.
Figure 7 AppleTalk Device Hiding Filter Example
AppleTalk Extended Zone = Accounting

Network 165–170
AppleTalk Extended Network 41–45
Router C
Zone FDDI Backbone

Router A

Zone Corporate Servers
All networks within the Accounting department are in Zone Accounting. A

device hiding filter on Router C stops access from specific areas to the
LaserWriter* printers within the Accounting zone.
When configuring this example, set the parameters as shown in Table 7 on
page 66.
Setting Up 65
103-000178-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Table 7 Parameters for AppleTalk Device Hiding Filter Example
Parameter Value
Action Deny
Device Name = (for all NBP names)
Device Type LaserWriter
Device Location Type Zone
Device Location Accounting
User Location Type Interface
User Location FDDI Backbone-Interface connecting to FDDI
User Circuit All Circuits
How to Configure AppleTalk Route Filtering

Before you begin, make sure that filtering support is enabled for AppleTalk in
To configure AppleTalk routing information filtering for incoming (or
outgoing) route filters, complete the following steps:
Select Configure AppleTalk Filters > Incoming Route Filters (or
Outgoing Route Filters )
2 Select Action and toggle the choice to permit or deny the routes listed in
the filter list.
This specifies the action taken with a route that appears in the filter list.
If you select to permit routes, the AppleTalk router accepts (or advertises)
only the routes from (or to) the networks in the filter list. If you select to
deny routes, the AppleTalk router does not accept (or advertise) specific
routes from (or to) specific networks in the filter list, but does accept (or
advertise) all other entries in the routing table.
3 Select Filters .
This lists the filters that are permitted or denied, according to the Action
parameter setting.
103-000178-001
August 29, 2001
Novell Confidential

If you are modifying an existing filter or adding a filter, specify the
following parameters in the Define Filter menu:
Route to Network (or Route to Network or Zone )—Select All
Routes , Non-extended Network , Multiple/Extended Network , or
Zone as the type of route or network to be filtered.
Network Number/Range —Enter a network number or a network
range, depending on whether you selected a nonextended or an
extended network. If you select an extended network, you can enter
a single extended network or a range of extended and nonextended
networks.
Zone Name (Outgoing only)—Enter the zone name of the
AppleTalk zone to be filtered.
Source (or Destination ) Type —Press Enter and select Interface ,
Interface Group , or AURP Tunnel .
Source (or Destination )—Press Enter and select the interface or
interface group from the list. This option does not apply for an AURP
tunnel.
If you specified Interface as the Source Type , select a specific
interface on which you want to filter the service. You can select a
LAN interface, a WAN interface, the internal network, or all
Source (or Destination ) Circuit —If you selected a WAN circuit,
press Enter to modify the following optional circuit information:
Setting Up 67
103-000178-001
August 29, 2001
Novell Confidential

This lists the exceptions to the filter list. Depending on the Action
parameter setting, routes that match a filter on this list are always or are
never permitted or denied, even if another filter is configured to do the
opposite.
remove it. Press Ins to add a new filter. Refer to Step 4 and Step 5 to
modify or add a filter.
(disabled).
9 Press Esc to save the information and return to the Configure AppleTalk
Filters menu.
AppleTalk Outgoing Routing Information Filter Example

In the following example, the Accounting department is connected to the
FDDI backbone by Router C. One of the AppleTalk networks within
Accounting is 165-170. Because access to this network from outside the
Accounting department is not required, the administrator has chosen not to
propagate a route to this network outside the Accounting department. Figure
8 on page 69 shows the internetwork topology.
103-000178-001
August 29, 2001
Novell Confidential
Figure 8 AppleTalk Routing Information Filter Example
AppleTalk Extended
Network 165–170 Router C
Zone =
Accounting
Department
FDDI
AppleTalk Extended
Network 1–10
Router A
Router B
Extended network 165-170 can be hidden from the rest of the organization if
an outgoing route filter is configured on Router C.
The route being hidden from the rest of the network is extended network 165-
170. Router C's connection to the departments outside Accounting is through
the FDDI backbone. The destination from which to hide the Accounting
network is most easily defined as the interface to the backbone. Note that no
node or server in the internetwork can see the Accounting network 165-170.
However, nodes in Accounting can see the internetwork routes, but cannot see
any devices on the internetwork.
Table 8 Parameters for AppleTalk Routing Information Filter Example
Parameter Value
Action Deny
Filtered Route: .
Route to Network or Zone Multiple/Extended Network
Network Number/Range 165-170
Destination FDDI
Setting Up 69
103-000178-001
August 29, 2001
Novell Confidential
Configuring Source Route Bridge Filters

Source route bridge supports the following two types of filters:
Protocol ID filters
Ring number filters
Refer to Chapter 1, “Understanding,” on page 9 for more information.
automatically generated for the backup call. If the primary call fails, the backup call
is automatically connected.

“Configuring Protocol ID Filters” on page 70
“Configuring Ring Number Filters” on page 71
Configuring Protocol ID Filters

To configure protocol ID filters, complete the following steps:
Select Configure Source Route Bridge Filters > Protocol ID Filters
2 Select Action and toggle the choice to permit or deny the packets in the
filter list.
This specifies the action taken with a packet that appears in the filter list.
If you select to permit packets, the bridge accepts only the packets in the
filter list. If you select to deny packets, the bridge does not accept the
packets in the filter list.
3 Select Filters .
parameter setting.
4 Modify the packet list.
remove it. Press Ins to add a new packet.
103-000178-001
August 29, 2001
Novell Confidential
Source Interface —Press Enter and select an interface from the list
of configured network interfaces. This specifies the network
interface at which incoming data packets are filtered.
Protocol ID —Press Enter and select a protocol ID from the list.
Press F3 to modify a protocol ID. Press Ins to define a new protocol
ID and supply the following information:
NOTE: You cannot modify predefined protocol ID entries.
Select Protocol ID Type —Select either LLC SAP or 802.2 SNAP,

where LLC SAP is the original IEEE 802.2 1-byte protocol ID, and
802.2 SNAP is an expanded 5-byte protocol ID used with SNAP
SAP.
Name —Specify a unique name for the protocol ID.
Value —For LLC SAP, enter a 1-byte (up to two hexadecimal digits)
ID. For SNAP SAP, enter up to a 5-byte (10 hexadecimal digits) ID
with a minimum value of 600 (hexadecimal).
Comment —Enter an optional short description for the protocol ID.
NOTE: All changes to the filter list take place immediately.

6 Select Status and toggle the choice to read Enabled or Disabled to
specify the status of the protocol ID filters.
(disabled).
7 Press Esc to return to the Configure Source Route Bridge Filters menu.
Configuring Ring Number Filters

To configure ring number filters, complete the following steps:
Select Configure Source Route Bridge Filters > Ring Numbers Filters
2 Select Status and toggle the choice to read Enabled or Disabled to
specify the status of the ring number filters.
Setting Up 71
103-000178-001
August 29, 2001
Novell Confidential
This displays the action taken when a packet matches a filter in the filter
list. The only action possible is to select Deny Packets .
3 Select Filters .
parameter setting.
Source Ring Number —Enter a number in the range of 1 to FFF
(hexadecimal).
NOTE: All changes to the filter list take place immediately.
6 Press Esc to return to the Configure Source Route Bridge Filters menu.
103-000178-001
August 29, 2001
Novell Confidential
Getting Results with Novell Web Services
Novell
NetWare 6 ®
www.novell.com
G E T T I N G R E S U LT S W I T H N O V E L L W E B S E RV I C E S
August 29, 2001

Novell Confidential
Contents
Contents 5
Getting Results with Novell Web Services 13
What’s in This Documentation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Path References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Part I Web Services: The Road to One Net

1 Introducing Novell Web Services 17
Introducing the Web Services Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
NetWare 6 Net Services that Depend on Novell Web Services . . . . . . . . . . . . . . . . 18
NetWare Enterprise Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Apache Web Server for NetWare. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Tomcat Servlet Engine for NetWare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
NetWare Web Search Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
WebDAV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
NetWare Web Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Requirements for Managing Novell Web Services . . . . . . . . . . . . . . . . . . . . . . . . . 23
Web Browser Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2 Introducing NetWare Web Manager 25

Requirements for Using Web Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
When to Use Web Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Using Web Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Accessing the Web Manager Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3 Modifying Web Manager Preferences 33

Securing Web Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Using Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Working with Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Viewing an Access Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Viewing the Error Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Part II Working with the NetWare Enterprise Web Server

4 Putting the Web Server to Work 41
Contents 5

103-000133-001
August 29, 2001
Novell Confidential
Creating Your Own Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Hosting Multiple Web Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Accessing Your Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Adding Content to Your Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
How to Publish Content to Your Web Server . . . . . . . . . . . . . . . . . . . . . . . . . 44
Creating Personal Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Securing Your Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Controlling Access Using eDirectory Mode . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Additional Web-Based Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Using the NetWare FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Using the NetWare Web Search Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
5 Managing the Web Server 49

Starting and Stopping the Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Setting the Termination Time-out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Viewing Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Restoring Backup Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Tuning Web Server Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configuring Maximum Simultaneous Requests . . . . . . . . . . . . . . . . . . . . . . . . 52
Enabling Domain Name System Lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Configuring Listen Queue Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Configuring the HTTP Persistent Connection Time-out . . . . . . . . . . . . . . . . . . . . 54
Configuring MIME Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Configuring Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Changing the Server Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Changing the Server Port Number. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Changing the Server Binding Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Changing the Server’s MTA Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Modifying Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Customizing Error Responses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
What Are the Errors? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Setting Up the Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Restricting Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Establishing Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6 Managing Server Content 61

Setting the Primary Document Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Setting Additional Document Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Setting Virtual Document Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Establishing the Path to the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Providing Public Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Setting Server Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring User Document Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Creating a Home Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6 Getting Results with Novell Web Services

103-000133-001
August 29, 2001
Novell Confidential
Creating a PUBLIC_HTML Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Adding Users’ Contexts to the Search Contexts List . . . . . . . . . . . . . . . . . . . . . . 65
Restarting the Enterprise Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Activating User Document Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Providing Public Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Web Publishing through WebDAV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Configuring Document Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Specifying a Default Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Directory Indexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Server Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
About the Temporary Web Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Default MIME Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Parsing the Accept Language Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Setting Document Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Forwarding URLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Setting Up Multiple Web Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Setting Up Hardware Virtual Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
About Securing a Hardware Virtual Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Setting Up Software Virtual Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
About the Drop-Down Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Wildcards Used in the Drop-Down List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Assigning a Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Specifying a Document Footer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Customizing Parsed HTML. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Using Cache-Control Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Working with Configuration Styles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Creating a Configuration Style . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Editing a Configuration Style . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Applying a Configuration Style . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Removing a Configuration Style . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Listing Configuration Style Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
7 Using a Directory Service to Control User Access to Network Resources 83

The Directory Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
eDirectory Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Local Database Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
LDAP Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Using eDirectory Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Using Local Database Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Using LDAP Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
8 Understanding ACL Files 89

ACL File Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Contents 7

103-000133-001
August 29, 2001
Novell Confidential
Authentication Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Authorization Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Default ACL File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Referencing ACL Files in OBJ.CONF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
9 Extending Your Server with Programs 97

Installing Server-Side Programs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Installing CGI Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Using the Query Handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Installing Server-Side JavaScript Programs . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Installing Client-Side Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
About Tomcat for NetWare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Migrating from WebSphere to Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
10 Monitoring the Web Server 113

Working with Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Viewing an Access Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Viewing an Error Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Setting Log Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Archiving Log Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Monitoring Current Web Server Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Working with the Log Analyzer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Running the Log Analyzer from the Server Status Form . . . . . . . . . . . . . . . . . . . 120
Running the Log Analyzer from the Command Line . . . . . . . . . . . . . . . . . . . . . . 122
Monitoring the Server Using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
How SNMP Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
The Enterprise Web Server MIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
For Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Part III Introducing NetWare Web Search Server

11 Introducing NetWare Web Search Server 131
How NetWare Web Search Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Components of a Search Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
General Architecture of Web Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Building a Search Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Accessing NetWare Web Search Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Taking a Test Run . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Customizing Your Web Search Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
12 What’s New with the NetWare Web Search Server 137

13 Planning Your Search Service 139
Search Site Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Deciding If You Need More Than One Search Site . . . . . . . . . . . . . . . . . . . . . . . . 140

103-000133-001
August 29, 2001
Novell Confidential
Becoming a Search Service Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Using Web Search in a Clustered Environment . . . . . . . . . . . . . . . . . . . . . . . . . 142
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
14 Creating and Managing Search Sites 145

About Search Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Creating a Search Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Naming a Search Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Using the Site Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Storing Site Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Creating Site Indexes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Searching across Multiple Indexes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Defining a New Crawled Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Defining a New File System Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Generating Indexes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Managing Existing Index Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Editing an Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Deleting an Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Working with the Log File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
About Indexing Dynamic Web Content. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Automating Site Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Modifying Default Search Site Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Default Search Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Default Print Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Default Index Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Default Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Modifying Default Search Service Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
General Services Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Search Services Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Print Services Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Backing Up Your Search Site Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
15 Optimizing Search Results 169

Improving Search Results through Intelligent Indexing . . . . . . . . . . . . . . . . . . . . . 169
Excluding Documents from Being Indexed . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Modifying Document Descriptions Returned in a Search Results List . . . . . . . . . . . . . . 171
Improving the Relevance of Search Results . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Weighted Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Ensuring Optimal Search Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Making Good Use of Document Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Using the &filter Query Parameter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Searching XML Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
16 Understanding Templates 177

How Templates Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Contents 9

103-000133-001
August 29, 2001
Novell Confidential
Exploring the Default Search and Print Templates . . . . . . . . . . . . . . . . . . . . . . . . 180

Search Page Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Search Result Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Print Result Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Error and Response Message Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
How Templates Use System Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Working with Additional Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
17 Customizing Your Search Solutions 185

Customizing Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Customizing the Search Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Customizing Search Result Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Customizing Print Result Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Customizing Error and Response Message Templates . . . . . . . . . . . . . . . . . . . . 189
Testing Your Search and Print Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
18 Working with Template Variables and Search Parameters 191

Guidelines for Using Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Search Page Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Search Result Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Print Result Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Error Message Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Response Message Variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Search Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
19 Internationalizing Your Search Solution 213

Working with Multiple Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Specifying Locales within Template Filenames . . . . . . . . . . . . . . . . . . . . . . . . 214
Understanding Character Set Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Unicode and UTF8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Search Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Response Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
HTML Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Template Encodings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Encoding Issues When Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Languages Included in the Default Templates . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Where to Go From Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Part IV Appendixes
A Troubleshooting NetWare Web Search 225
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Additional Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
B Combined Character Sets for Use with NetWare Web Search 227

103-000133-001
August 29, 2001
Novell Confidential
ASCII Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Arabic Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Chinese (Simplified) Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Chinese (Traditional) Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Cyrillic Character Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
European Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Greek Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Hebrew Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Japanese Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Korean Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Thai Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Turkish Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Vietnamese Character Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
C HTTP Methods and eDirectory Trustee Requirements 245

D Managing Users and Groups Using Local Database or LDAP Modes 247
Creating Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Additional Information about User Entries . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Managing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Finding User Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Editing User Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Managing User Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Managing User Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Renaming Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Removing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Creating Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Managing Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Finding Group Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Editing Group Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Adding Group Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Adding Groups to the Group Members List. . . . . . . . . . . . . . . . . . . . . . . . . . 257
Removing Entries from the Group Members List . . . . . . . . . . . . . . . . . . . . . . . 257
Managing Owners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Managing See Alsos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Removing Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Renaming Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Creating Organizational Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Additional Information about Organizational Units . . . . . . . . . . . . . . . . . . . . . . 260
Managing Organizational Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Finding Organizational Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Editing Organizational Unit Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Renaming Organizational Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Deleting Organizational Units. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
E Controlling Access to Your Server Using Local Database or LDAP Modes 265
Contents 11

103-000133-001
August 29, 2001
Novell Confidential
Controlling Access Using Native eDirectory Mode . . . . . . . . . . . . . . . . . . . . . . . . 265

Controlling Access with NetWare Web Access Controls . . . . . . . . . . . . . . . . . . . . . 265
What Is Access Control?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
User-Group Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Host-IP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Access Control Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
How Does Access Control Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Restricting Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Setting Access Control Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Specifying Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Specifying Hostnames and IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Setting Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Writing Customized Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
When Access Control Is On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Responding When Access Is Denied . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Examples of Restricting Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Restricting Access to the Entire Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Restricting Access to a Directory (Path) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Restricting Access to a URI (Path) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Restricting Access to a File Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Restricting Access Based on Time of Day . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
F Port Number Assignments 285

103-000133-001
August 29, 2001
Novell Confidential
As an integral part of NetWare® 6, Novell® Web Services makes Novell’s One

Net (http://www.novell.com/news/onenet/index.html) vision a reality by
providing the enabling Web technologies for many of Novell’s Net services.
Novell Web Services offers an open-standards development environment built
around
Apache Web Server for NetWare
Tomcat Servlet Engine for NetWare
NetWare Web Search Server
FTP Server
WebDAV
What’s in This Documentation?

This documentation describes each of the Novell Web Services components
and includes some additional information about NetWare 6 and Novell Web
Services architecture. This book includes documentation for
NetWare Web Manager
Related concepts and procedures for using Novell Web Services with
NetWare 6
Getting Results with Novell Web Services 13

103-000133-001
August 29, 2001
Novell Confidential
Path References
By default, the NetWare Web Search Server is installed to the /NSEARCH
directory located at the root of your server’s volume. However, during
installation, you can customize the location where you want Web Search
installed.
Because of this, when referring to the root directory where the NetWare Web
Search Server is installed, the variable name /searchroot will be used.

103-000133-001
August 29, 2001
Novell Confidential
I Web Services: The Road to One Net
This section introduces you to Novell® Web Services and how they fit in to
the One Net architecture of NetWare® 6. It also introduces you to each of the
Web services components so that you can understand the individual pieces of
Web services.
Upon completing this section, you should be familiar with each of the primary
components of Web services, understand how they fit into the NetWare 6
architecture, and be familiar with how to use and configure each of the Web
Services components.
Web Services: The Road to One Net 15

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
1 Introducing Novell Web Services
Novell® Web Services is a collection of technologies that enable Novell’s Net

Services products to work.
For example, the Enterprise Web Server is one of the key Novell Web services
components. But it is also the enabling technology for iLoginTM and might also
be used to serve up your department or company Web site.
The marriage of Novell’s industry leading net services software with Novell
Web Services offer unparalleled opportunities for business exchanges, both
within and between companies.
There is no better medium or infrastructure in place to enable, enhance, and
encourage open communications than the Web. What e-mail has done for
person-to-person communication, the Web does for person-to-department,
department-to-department, company-to-person, and company-to-company
communications.
While your expertise might be in networking technologies, Novell Web
Services are simple to use and ready to run, right out of your NetWare 6 box.
Introducing the Web Services Components

The following diagram is a simplified depiction of the role that Novell Web
Services play as the Web-enabling technologies for Net Services Software,
making the One Net vision a reality.
Introducing Novell Web Services 17

103-000133-001
August 29, 2001
Novell Confidential
Figure 1 The Role of Web Services in Supporting Net Services Software
Internet
Laptop PC
Firewall
iFolder iLogin eFrame etc.

Net Web
Services iPrint Portal
Search Services
Tomcat Enterprise Apache

Servlet Web Web HTTP
Engine Server Server Stack
Web
Sevices
NetWare
NetWare 6 Net Services that Depend on Novell Web Services

Novell is the leading provider of Net Services Software. Net Services
Software is the glue that holds together disparate networks and technologies
for the purpose of simplifying business processes and communications.
As illustrated in Figure 1 on page 18, Novell Web Services provides the
supporting technology for the following net services software included in
NetWare 6:
iFolderTM
iLogin
iPrint
NetWare Web Manager

103-000133-001
August 29, 2001
Novell Confidential

NetWare Web Access
GroupWise Web Access
iManage
For details about each of these services, refer to their documentation on the
Novell Documentation Web site (http://www.novell.com/documentation).

The NetWare Enterprise Web Server is an HTTP server used to serve up Web
pages to the Internet, an intranet or extranet. It is optimized to run in the
NetWare environment and is a critical component to building One Net
solutions where all kinds of networks work together to achieve business
results.
You can create a Web to enhance departmental communication, or you can
create a Web that spans your location or company. You can also provide spaces
for your customers, suppliers, vendors, consultants, or any other entities
outside your company who would benefit by having access to specified areas
on your Web. In addition, you can publish information on the Internet so that
the world can see it and contribute to it.
There are traditional categories of Webs, each fulfilling a unique role. While
each Web type is unique in some way, each of them facilitates a single network
and the sharing of information.
The most popular of all Webs is the World Wide Web, available through
the Internet. Hosting a Web server with Internet access requires a
persistent Internet connection. In this environment, information
published to the Web server will be accessible by anyone with a browser.
Most companies host Internet Web sites to publish information about
their products or services and to provide a point of contact with
customers.
A firewall is required to provide security for Web servers with Internet
connections. A firewall prevents users on the Internet from accessing a
company’s network-based resources.

103-000133-001
August 29, 2001
Novell Confidential
Many companies also host their own private intranets. The target
audience of an intranet is the employees. An intranet is the ideal
environment for employees and departments to publish information that
can benefit others in the company.
A company can host both Internet and intranet Web sites. Employees
inside the company can access both, while people outside the company
can’t get through the firewall to access the intranet.
An extranet is a combination of public and private Web sites. Extranets
are usually created among companies to expedite communication and
cooperation. For example, a company that relies on a vendor to fill its
orders could create an extranet to allow the vendor to access customer
orders. This way, the vendor could automatically fill orders without
having to wait for user intervention.
For more information about using the Enterprise Server, see Chapter 4,
“Putting the Web Server to Work,” on page 41.
Apache Web Server for NetWare

Apache Web server is an open-source Web server originally developed by the
not-for-profit Apache Group. The Apache Web server is in use by more than
60% of all Web hosting companies. It is extremely stable and it’s free!
As an integral part of Novell Web Services, Apache is installed by default
during your NetWare 6 installation and you should not have to manage any
part of it. Apache is a critical component of NetWare Web Services and is used
by the following NetWare 6 Web-based services:
NetWare Web Manager
NetWare Web Search Manager
NetWare Web Search Print and Search Services
NetWare Web Access
iFolder
iManage
To host Web sites and Web applications, see “NetWare Enterprise Web
Server” on page 19. For additional information about the Apache Web server,
visit http://www.apache.org (http://www.apache.org), or refer to the Apache
documentation available on your server after NetWare 6 installation and
located at volume:\Apache\htdocs\manual.

103-000133-001
August 29, 2001
Novell Confidential
Tomcat Servlet Engine for NetWare

Also developed by the Apache Group, Tomcat is a servlet engine used to serve
up Web applications. It is also used by several NetWare 6 components,
including the NetWare Web Search Server. If you are a developer working to
create solutions, you will likely work a great deal with Tomcat. If you are not
a developer, you may never have to do anything with Tomcat.
For additional information about Tomcat, including how to migrate IBM
WebSphere applications to Tomcat, see “About Tomcat for NetWare” on page
109.

Make your data searchable in minutes! From simple search solutions to
complex, revenue-generating search services, NetWare Web Search bridges
all types of networks, from file servers, to intranets, extranets, and the Internet,
by bringing critical information to busy people. It is one of the industry’s
fastest and most accurate search engines available today.
Most users care less about where information is stored and more about finding
it, and finding it fast! With staggering terabytes of information on the Internet
and on huge information stores found in most corporations today, Web Search
offers an easy way for users to find highly relevant information at record
speeds.
Installed by default when you install NetWare 6, Web Search is ready to run,
right out of the box. Just point Web Search at the Web or file servers to be
searched, and Web Search generates keyword indexes used to perform time-
saving searches.
Through the implementation of a powerfully simple template-based
architecture, you can customize the search forms and search results pages to
get the results you need. By using included parameters, variables, and basic
HTML, Web Search lets you build your own templates from scratch. From
simple search solutions to complex, revenue-generating search services,
NetWare Web Search offers the power to change the way you do your business
by making one net out of file servers, intranets, extranets, and the Internet.

103-000133-001
August 29, 2001
Novell Confidential
FTP Server
The NetWare FTP Server provides FTP service for transferring files to and
from NetWare volumes. FTP Server can be used to post new Web content to
your Enterprise Web Server, or to post or retrieve documents from your
NetWare file server.
WebDAV
Web-distributed Authoring and Versioning (WebDAV) is an industry standard
protocol. It is an enhancement to the HTTP protocol, turning the Web into a
document database that enables collaborative creation, editing and searching
from remote locations. Whereas HTTP only supports the reading of files,
WebDAV enables documents to be written using HTTP.
Because of WebDAV’s versioning control, Web users can use a Web browser
to write, edit and save shared documents without overwriting each others'
work.
HINT: You must be using eDirectory as your directory service and Internet
Explorer as your browser if you want to use WebDAV. For more information about
publishing content to your Web server, see Chapter 6, “Managing Server Content,”
on page 61.
NetWare Web Manager

NetWare® Web Manager is the tool you use to manage all of your Novell Web
Services and to access other Web-based management tools. Using any 4.x or
newer Web browser such as Netscape* Navigator* or Communicator*, you
can manage your Novell® Web Services from any place on the Internet.
With Novell® eDirectoryTM, you can create and manage user and group
authentication to sensitive information on your server.

103-000133-001
August 29, 2001
Novell Confidential
Requirements for Managing Novell Web Services

To manage any NetWare Web Service, you need a Web browser, such as
Netscape Navigator or Navigator Gold 3.0 or later, Netscape Communicator,
Internet Explorer or any other browser that supports Java* and JavaScript*.
Web Browser Requirements

You must enable Java or JavaScript in your Web browser because all of the
configuration forms in Web Manager and other management tools require one
or both of these forms of Java to function.
To enable Java in Internet Explorer 4 or later:
1 From the Internet Explorer browser window, click Tools > Internet
Options.
2 Select the Advanced tab.
3 Under Microsoft VM, check JIT Compiler for Virtual Machine Enabled
(Requires Restart).
4 Click OK.
To enable Java in Netscape Navigator:

1 From the browser window, click Options > Network Preferences.
2 Select the Language tab and make sure Java and JavaScript are checked.
3 Click OK.
To enable Java in Netscape Communicator:

1 From the Communicator browser window, click Edit > Preferences.
2 Select the Advanced category in the left column.
3 Check the Enable Java and Enable JavaScript check boxes.
4 Click OK.

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
2 Introducing NetWare Web Manager
NetWare® Web Manager is a browser-based management tool used to

configure and manage the NetWare Enterprise Web server. But it also serves
as a front door to other NetWare browser-based management tools, such as
NetWare Remote Manager. It can be likened to a Web site’s home page with
links to other resources and tools.
HINT: Web Manager and many other Web-based management tools used for
managing NetWare 6 rely on the industry leading Apache Web server. Therefore,
when viewing Web Manager access or error log files, or when shutting down or
restarting Web Manager, you are actually affecting the Apache Server, not the
Using a workstation and Web browser, you can access Web Manager either
locally (from within your WAN or LAN), or from remote locations where you
have Internet access. Web Manager lets you
Manage the Enterprise Web Server
Monitor Web server activity
Set up and manage user authentication and access to information on your
server using Novell® eDirectoryTM or local database modes
Access other browser-based management tools such as NetWare Remote
Manager or NetWare Web Search Server (see Table 1, “NetWare 6 Web-
based Management Tools,” on page 26)
Requirements for Using Web Manager

To use Web Manager, you must be using a 4.x or newer Web browser such as
Internet Explorer or Netscape Communicator.
If you have a firewall, you need to configure it to allow the Web Manager port
number to be made available. By default, the port number assigned is 2200.
However, this is configurable during and after NetWare 6 installation. When
changing port numbers, refer to Appendix F, “Port Number Assignments,” on
page 285.
Introducing NetWare Web Manager 25

103-000133-001
August 29, 2001
Novell Confidential
When to Use Web Manager

There are several management tools included with NetWare 6. Some are Web
or browser-based, and others require a Windows client, as with NetWare
Administrator. And while you can perform basic object management tasks in
eDirectory, Web Manager’s primary purpose is to provide you with a tool for
configuring and managing Web services.
In addition, Web Manager is a home page to other NetWare management tools,
providing you with one-click access to them.
To help you decide when to use NetWare Web Manager or one of the other
management tools, the following table offers a description of each tool and its
intended use.
Table 1 NetWare 6 Web-based Management Tools
Management Tool When to Use This Tool How to Access This Tool
NetWare Web Manager When you need to manage the Enter your Web server’s domain
Enterprise Web Server or modify name or IP address, followed by
Web Manager settings. a colon and the port number,
which by default is 2200.
Example:
https://mycompany.com:2200
Or
https://123.456.789.456:2200
To manage the Web server, click

your servername located under
To manage NetWare Web

Manager settings, click the Admin
Preferences icon in the top frame
of the Web Manager home page.

103-000133-001
August 29, 2001
Novell Confidential
NetWare Web Manager When you need to manage Enter your Web server’s domain
eDirectory trees or objects from a name or IP address, followed by
remote location. a colon and the Web Manager
port number, which by default is
2200. You can change the port
number during and after NetWare
6 Installation. Refer to Appendix
F, “Port Number Assignments,”
on page 285 for more
information.
Example:
Or
https://123.456.789.456:2200
From the Web Manager home

page, click your servername
located under Novell Directory
Services.
To manage users an groups

specific to the Enterprise Server,
click the servername under
NetWare Enterprise Web Server,
and then click the Users and
Groups icon in the top frame of
Web Manager.
NetWare Remote Manager When you need to perform basic Enter your Web server’s domain
functions on your NetWare name or IP address, followed by
server, such as performance a colon and the port number,
monitoring, restarting your server, which by default is 8008.
and so forth.
Example:
Or
https://123.456.789.456:8008

103-000133-001
August 29, 2001
Novell Confidential
eDirectoryTM iManage When you need to configure or Enter your Web server’s domain
manage NDPS or DHCP. name or IP address, followed by
a colon and the port number.
Example:
https://
mycompany.com:port_number
Or
https://
123.456.789.456:port_number
One of the primary advantages of using NetWare Web Manager is that you can
easily configure various services from a remote workstation in your network
or even from a client computer outside of your firewall, provided that you
have dialup access to your network.
Figure 2 Remotely Configuring Novell Web Services
You can use any computer in the

network to access NetWare Web
Manager.
Network
One computer runs both NetWare

Web Manager and other Web
Services.
NetWare Web Manager also allows you to manage user authentication to your
Enterprise Server using eDirectory, local database, or LDAP modes.
NOTE: eDirectory mode handles both authentication and access rights. While you
can use LDAP, we recommend that you use eDirectory. If your Web server will
contain mostly public information and you have little need for authentication, you

103-000133-001
August 29, 2001
Novell Confidential
can also use local database mode. For more information, see Chapter 7, “Using a
Directory Service to Control User Access to Network Resources,” on page 83.
When you install additional Novell Web Services, they can be configured and
managed from within NetWare Web Manager. NetWare Web Manager is
installed when you install NetWare.
After installing NetWare, use a Web browser from a client computer in your
network to access NetWare Web Manager. As you make changes to your
services using Web Manager, modifications are made to various configuration
files on your NetWare server.
HINT: To access Web Manager from outside of your firewall, you would first need
to open the TCP port 443 (HTTPS) to the IP address of your Web server (typically
port 80). You might already have done this to allow regular HTTP traffic to your
company’s Web server. Then you would need to open the TCP port you have
assigned to Web Manager. For example, of Web Manager’s port number was
5500, you would then open TCP port 5500 to the same IP address. In short, you
would have set a TCP Port to 80 for HTTP traffic, another TCP port to 443 for
HTTPS access, and then another port to 5500 for Web Manager access. Refer to
your firewall documentation for more details.
Using Web Manager

The URL you use to navigate to Web Manager depends on the server
hostname and its port number. For example, if the domain name you specified
during NetWare 6 installation was MYSERVER, the URL you would use in
your Web browser would be similar to
https://myserver.mycompany.com:2200
or
https://137.95.65.150:2002
HINT: The default port number for Web Manager is 2200. You can change the port
number from within Web Manager by clicking Admin Preferences from the Web
Manager home page and then entering a new port number. For more information
about available ports, see Appendix F, “Port Number Assignments,” on page 285.
After entering the URL in your browser and sending the HTTP request to your
server, Web Manager prompts you for your username and password. The
administrator username and password are the same ones used when you
installed NetWare 6.

103-000133-001
August 29, 2001
Novell Confidential
IMPORTANT: After accessing Web Manager for the first time, we recommend that
you create a new user for managing Web Services. This will help to ensure the
security of your servers from unwanted intruders.
The first page you see when you access Web Manager is called the NetWare
Web Manager home page. It is similar to a home page you might see on the
World Wide Web in that it is a type of front door, or portal, to information and
services. The Web Manager home page links to other Web pages for the Web
services you have installed and are broken down into several service
categories (see “The NetWare Web Manager Home Page” on page 30).
Depending on the Web services and other Web-based management tools you
have installed, the Web Manager home page includes the following default
Web Service categories:
Novell eDirectory
NetWare Remote Manager
Figure 3 The NetWare Web Manager Home Page

103-000133-001
August 29, 2001
Novell Confidential
Admin Preferences: This appears as a button in the top frame of the Web
Manager home page. It lets you configure settings that apply to Web Manager,
such as changing it’s default port number or working with error and access
logs.
NetWare Enterprise Web Server: Appearing as the first category on the
NetWare Web Manager home page, this category offers a link to the
configuration pages for your Web server where you can manage everything
from eDirectory user authentication to programs and content management.
Novell eDirectory: This link lets you perform basic eDirectory functions such
as creating, changing or deleting user and group objects, and setting access
rights to volumes and directories on your NetWare server. The purpose for this
link is to provide a convenient Web-based access method for eDirectory in
addition to using the client-based ConsoleOneTM.
NetWare Remote Manager: NetWare Remote Manager lets you perform
operations and monitor your NetWare server from a Web browser, anywhere
where you have Internet access.
Your Web Manager might also include NetWare FTP Server, NetWare Web
Search Server, and eDirectory iManage, if you chose to install them.
For more information about configuring Web Manager preferences, see
Chapter 3, “Modifying Web Manager Preferences,” on page 33.
Accessing the Web Manager Home Page

1 At the server console, type nsweb. The nsweb command executes an
NCF file that runs the server.
Once the NetWare Enterprise Web Server is running, you can use any
browser that supports frames and JavaScript* and has access to the
NetWare Web Server Manager to configure your servers.
2 Open a browser and highlight the URL
http://servername:port number/
3 Substitute servername with the name you gave your server during
installation. Substitute port number with the number assigned during
installation.
4 When prompted, enter the username and password you chose during
installation.
5 Click OK.

103-000133-001
August 29, 2001
Novell Confidential
NOTE: The default installation modifies the AUTOEXEC.NCF to load the Web
server whenever NetWare is restarted.
To disable autoloading, remove NSWEB from AUTOEXEC.NCF. To load and

unload the Web server, type NSWEB and NSWEBDN respectively, at the system
console.

103-000133-001
August 29, 2001
Novell Confidential
3 Modifying Web Manager Preferences
NetWare® Web Manager has a few preference settings that you can customize,
which include encryption for securing Web Manager, the Web Manager port
number, and working with Web Manager access and error log files.
Securing Web Manager

Keeping intruders out of Web Manager is best accomplished through the use
of encryption and server certificates. By default, encryption is enabled on your
server and a server certificate is created when you install NetWare 6.
But you can take additional steps to help ensure the safety and security of your
servers and data. For example, keep your administrator username and
password well hidden. You might also occasionally change your Web
Manager port number. Using a port number of 49152 or higher is a safe choice.
IMPORTANT: Some ports below 49152 may be in use by other services and
should not be used. Using a four-digit port number between 49152 and 65000 is
the safest choice. However, for a complete list of registered port numbers, visit the
Internet Assigned Numbers Authority (http://www.iana.org/assignments/port-
numbers).
To change NetWare Web Manager’s port number, do the following:

1 From the NetWare Web Manager home page, click Admin Preferences.
2 In the Web Manager Port field, type the port number you want NetWare
Web Manager to use.
3 Click OK.
4 Restart the server for the settings to take effect.
Using Encryption
Secure Sockets Layer (SSL), enabled by default when NetWare Web Manager
is installed, is used to secure NetWare Web Manager by applying encryption
to information going out or coming in to Web Manager. When enabled, you
must use HTTPS to access Web Manager.
Once encryption is enabled, you can then use ConsoleOne to install Public
Key Infrastructure Services (PKIS). When you install the Novell Certificate
Modifying Web Manager Preferences 33

103-000133-001
August 29, 2001
Novell Confidential
Server (during the NetWare installation), a Key Material Object (KMO) was
created by default. A KMO, also called a Server Certificate Object, includes a
server certificate and key pair files.
To enable or disable encryption in Web Manager, do the following:
1 From the NetWare Web Manager home page, click Admin Preferences.
2 Under Encryption, click On to enable, or Off to disable SSL.
3 From the Server Certificates drop-down list, select the Server Certificate
object you want to use for SSL encryption.
4 Click OK.
For more information on installing and configuring the Novell Certificate

Server, refer to the NetWare 6 NetWare 6 Overview and Installation Guide or
Setting Up Novell Certificate Server in the Novell Certificate Server
Working with Log Files

The Apache Web Server logs Web Manager activity, as well as activity by
other Web Services that depend on the Apache Server, such as NetWare
Remote Manager.
Access and error log files indicate who and what has been accessed, and what
errors have occurred on your Apache Web server.
HINT: The Enterprise Web Server maintains its own log files. To view Enterprise
Web Server log files, click your Web server link under NetWare Enterprise Web
Server on the Web Manager home page, and then click the Server Status icon.
The access log files created by Apache are in the default Common Log Format
(CLF) that provides a fixed amount of information about Apache Web Server
activity.
The ERROR log file, located in ADMIN/LOGS in the server root directory,
lists all the errors the server has encountered.
The ACCESS log file, located in ADMIN/LOGS in the server root directory,
records information about requests to the server and the responses from the
server.

103-000133-001
August 29, 2001
Novell Confidential
To configure logging options for NetWare Web Manager, do the following:

1 From the NetWare Web Manager home page, click the Admin
Preferences icon > Log Settings.
2 In the Access Log field, type a path to the directory where you want
NetWare Web Manager to store the ACCESS log file.
You can type either an absolute path or a path relative to your server root
directory. Leaving this field blank deactivates access logging.
3 Click OK.
Viewing an Access Log File

You can view Web Manager’s active and archived access log files under
Global Enterprise Server Settings.
1 From the NetWare Web Manager home page, click the Admin
Preferences icon > View Access Log.
2 In the Number of Entries field, type the number of lines you want the
access log to display.
3 In the Only Show Entries With field, type the particular word you want to
filter the access log entries for.
HINT: Case is important. If you use this search feature, the Only Show Entries
With field determines how many entries to search, not how many will display.
4 Click OK.
The following is a sample of an access log in the common log file format:
a.nov.com - [16/May/1999:21:18:26 -0800] “GET /WebAdmin/
icons/dot.gif HTTP/1.0” 200 2575
a.nov.com - [17/May/1999:11:04:38 -0800] “GET /WebAdmin/bin/
frames?index+pref HTTP/1.0” 204 342
a.nov.com - [20/May/1999:14:36:53 -0800] “GET /WebAdmin/
manual/ag/config.htm HTTP/1.0” 200 890
arrow.a.com -[20/May/1997:14:36:53 -0800] “GET /WebAdmin/
manual/ag/so.gif HTTP/1.0” 401 571

103-000133-001
August 29, 2001
Novell Confidential
Table 2 Descriptions of Each Field in an Access Log File
ACCESS Log Field Example
Hostname or IP user.novell.com
address of client
In this case, the hostname is shown because the server is
using DNS lookups; if DNS cannot resolve the name or if
DNS lookups are disabled, the client’s IP address would
appear.
Username john (username entered by the client for authentication)
Date/time of 29/Mar/1998:4:36:53 -0800

request
Request GET /WebAdmin/https/ReadAccessLog.jsp
Protocol HTTP/1.0
Status code 401
Bytes transferred 571
Viewing the Error Log File

The ERROR log file contains errors the server has encountered after the log
file was created. It also contains informational messages about the server, such
as when the server was started and who tried unsuccessfully to login to the
server.
1 From the NetWare Web Manager home page, click Global Enterprise
Server Settings > View Error Log.
2 In the Number of Entries field, type the number of lines you want to see.
3 In the Only Show Entries With field, type the particular word that you
want to filter the error messages for.
HINT: As with the Access Log file, case is important. If you use this search
feature, the Only Show Entries With field determines how many entries to search,
not how many will display.
This field is case sensitive.

4 Click OK.

103-000133-001
August 29, 2001
Novell Confidential
The following is an example of an error log:

[13/May/1999:16:56:51] info: successful server startup
[13/May/1999:16:56:51] info: NetWare Web-Administrator
97.117.0455
[13/Mar/1999:19:08:52] security: for host user.mozilla.com
trying to GET /admin-serv/bin/index, acl-state reports:
access of /usr/suitespot/bin/admin/admin/bin/index denied
by ACL admin-serv directive 3
[13/May/1999 20:05:43] failure: for host ceo.mozilla.com
trying to POST /admin-serv/bin/distadm, cgi-parse-output
reports: the CGI program /usr/suitespot/bin/admin/admin/
bin/distadm did not produce a valid header (program
terminated without a valid CGI header. Check for core dump
or other abnormal termination)

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
II Working with the NetWare Enterprise

Web Server
A Web server is a fundamental building block for bridging disparate networks

together into one net. With the NetWare® Enterprise Web Server, you can host
Internet, intranet, or password-protected extranets that serve as secure portals
to your company’s business processes and information.
The Enterprise Web Server is a key component in building true, one net,
eBusiness solutions. It is a powerful NetWare-ready HTTP server that is ready
to run right out of the box.
You can use the Enterprise Web Server to host all types of Web content, from
simple Web sites containing static HTML files to complex, dynamically
generated Web pages and Web applications that can automate your business
processes and improve communications.
Among other things, the NetWare Enterprise Web Server lets you
Deploy a departmental intranet server using the existing NetWare
network backbone
Publish existing data stored on a NetWare network for consumption by
clients with a browser over the WAN
Use the NetWare server with Microsoft* Office 2000 productivity
applications without the use of client software (other than your Web
browser)
Establish file access control using eDirectoryTM and SSL-based security
Allow users to quickly and easily create and manage their own home
pages
Manage security of sensitive folders and files
Working with the NetWare Enterprise Web Server 39

103-000133-001
August 29, 2001
Novell Confidential
Run server-side applications using Java servlets, CGI, scripting, Java

Server Page and Active Server Page technologies
The information in this section will help you become familiar with how to
manage Web server settings, how to publish content to it, and how to add your
own Web applications.

103-000133-001
August 29, 2001
Novell Confidential
4 Putting the Web Server to Work
NetWare® Enterprise Web Server provides an important ingredient in bridging

disparate networks. The Web Server is installed by default; but if you chose
not to install it and you want to build One Net solutions, you will need to
install it using NWCONFIG or the NetWare server GUI. For NetWare 6
installation information, see the NetWare 6 Overview and Installation Guide.
The Enterprise Web Server provides all the functionality necessary for
companies, both small and large, to build Web solutions. It offers security and
authentication using directory services.
The Enterprise Web Server also serves as a host for the Tomcat servlet engine,
which is a portable environment for deploying Java applications on NetWare.
IMPORTANT: Tomcat replaces IBM’s WebSphere Application Server that was
included with NetWare 5.1. If you have applications deployed using WebSphere on
NetWare, you can use the migration utility included with NetWare 6 to move your
applications to Tomcat. For more information, see “About Tomcat for NetWare” on
page 109.
The Enterprise Web Server allows Web developers to select development

tools with which to create Web-based applications on the NetWare platform.
Creating Your Own Web Site

You can use any HTML editor to create a Web site, although most functional
corporate Web sites are created by professional designers. But depending on
your needs and resources, your implementation tool can range from any of the
readily available Web site creation programs (some of which are free) to a
team of programmers. Another avenue is to out-source the creation of your
Web site.
Creating personal and departmental Web sites can be simple, requiring only
minutes to assemble. You can use any HTML editor to create the pages of your
Web site.
When you create your home page, save the file as INDEX.HTM or .HTML
and that file will automatically appear when your Web site is accessed. You
can then create links to other pages and graphics with any filenames.
HINT: You can configure the Enterprise Server to recognize a specific filename
and extension so that when a user enters your Web server’s URL, it will
automatically display your home page. See “Setting the Primary Document
Directory” on page 61.
Putting the Web Server to Work 41

103-000133-001
August 29, 2001
Novell Confidential
Hosting Multiple Web Servers

You can configure your NetWare 6 server to host multiple Web servers. This
way, a single NetWare 6 server running NetWare Enterprise Web Server can
host all the Web server needs of your company; or, if you are an Internet
Service Provider (ISP), you can host Web sites for your customers. This makes
it easy to allow two or more departments to create their own Web sites without
requiring that they each have a server.
You can host two types of Web servers on your NetWare server:
Hardware virtual servers
Software virtual servers
Each type has its strengths and weaknesses; you should choose the one that’s
right for your situation.
For information about setting up hardware virtual servers, see “Setting Up
Hardware Virtual Servers” on page 71. For information about setting up
software virtual servers, see “Setting Up Software Virtual Servers” on page
72.
Accessing Your Web Site

If you have already successfully installed NetWare 6 and the Enterprise Web
Server was included in the list of products to install, you can access it right
now. A sample Web page and some sub-pages have been included. You can
remove these pages and replace them with your own content.
HINT: Before replacing the sample Web site, you might want to look through it first.
It is a good place to start for an introduction to all of the Web-based management
tools included with NetWare 6 and includes links to the actual management tools.
To view the sample Web site, open a client Web browser on a workstation in
your network and enter your NetWare server’s IP address or DNS name. For
example:
http://server_IP_address
or
http://domain_name

103-000133-001
August 29, 2001
Novell Confidential
Adding Content to Your Web Site

NetWare Enterprise Web Server has a document root or primary document
directory. By default, the path to the primary document root directory is
SYS:\\NOVONYX\SUITESPOT\DOCS. This is where all of the content for
the sample Web site is stored.
All content placed in this folder is visible to your Web site audience. If
necessary, you can easily specify another directory as the primary document
root directory. (See “Setting the Primary Document Directory” on page 61.)
Once your Web server is running, you can start posting content for the world
(or your department or company) to see by placing files in the Web server’s
primary or additional document directories.
For example, suppose you created a new HTML file called WELCOME.HTM
that included some information about your department that you wanted to
share with other departments in your company. You would then copy the file
to SYS:\\NOVONYX\SUITESPOT\DOCS, which is the Web server’s default
primary document directory.
If your server’s domain name were SALES.MYCOMPANY.COM, people in
your company would enter the following URL to view the new document.
HTTP://SALES.MYCOMPANY.COM/WELCOME.HTM
You could also then edit the document from the document root directory and
the moment you save your changes, users would see the changes when they
refresh their Web browser or when they view the page for the first time.
As mentioned above, a number of files are stored in the \DOCS root directory.
You should replace these files with your own files. The page you choose as
your home page should be named INDEX.HTML. By default, the Enterprise
Server recognizes this name and will serve it up automatically when a user
points at your server’s domain name. However, you can specify an alternate
filename as the default index page. (See “Specifying a Default Home Page”
on page 66.)
You can also create additional document directories, which is a good idea if
departments want to publish their own content to the company Web site but
when you don’t want to give users control of the primary document root. (See
“Setting Additional Document Directories” on page 62.)
You can follow the same procedures when creating a company Internet site,
intranet site, departmental site, or even a personal site. What differentiates
each of Web site is whether the Web site is placed on the Internet outside the

103-000133-001
August 29, 2001
Novell Confidential
firewall or on the intranet inside the firewall. Departmental Web sites are
typically a software virtual server where personal Web sites are easily created
by each user.
How to Publish Content to Your Web Server

A Web site on the Internet is typically the place for you to publish information
you want visitors to read. However, a Web site on an intranet is most effective
if employees can participate and share information with others. This makes it
possible for users to communicate within a department, for departments to
share information with other departments, and for company leaders to
communicate with the entire company.
Web content contributors have three options for publishing content to your
Web server:
Mapping a network drive and creating or copying the content to the
desired directory
Using Internet Explorer 5.0 or higher
Using Novell® NetDrive to map a drive using FTP or WebDAV
In each case, the administrator must first do something to allow the user to
access directories on your server.
Publish Content Using a Mapped Drive

1 Use ConsoleOneTM to set up access rights to your NetWare server for each
person who will be contributing content to your Web server.
2 Provide users with the correct network path to your server and to the
folders with which they will be working.
HINT: If users want to map a drive without having to install or use the NetWare
client, they can use NetDrive, which is included on the root of your NetWare 6
Client CD. (See Installing Novell NetDrive in the Novell NetDrive Administration
Guide.) Once NetDrive is installed, you can map a drive across the Internet to
folders on your NetWare server. You must have WebDAV enabled. See “Web
Publishing through WebDAV” on page 66.

103-000133-001
August 29, 2001
Novell Confidential
Publishing Content Using Internet Explorer

1 Make sure WebDAV is enabled on your Web server. (See “Web
Publishing through WebDAV” on page 66.)
2 On a client computer, open Internet Explorer.
3 In the Address field, enter your server’s domain name, followed by "My
Network". For example:
https://digital.airlines.com/My Network
You can also use your server’s IP address. For example:
https://157.168.179.200/My Network
4 Press Enter and, when prompted, enter your directory service username
and password.
To publish content using NetDrive, refer to the Novell NetDrive
Creating Personal Web Sites

Users on your network can also create their own personal Web sites. This
requires no administrative interaction other than making sure you specified a
home directory for users who want to publish their own Web content. If you
have not created home directories, you can easily go into each user directory
and add one using ConsoleOne.
1 Create a PUBLIC_HTML directory in your personal directory.
2 Copy or create a Web page and place the INDEX.HTML file in this
directory.
3 Access the Web site by entering the following URL in your browser’s
Address field:
http://servername/~username
or
http://IPaddress/~username

103-000133-001
August 29, 2001
Novell Confidential
Securing Your Web Site

Because information published on a Web site can be viewed by anyone,
sensitive information should be guarded. Most Web sites on the Internet are
designed for general access, but a company intranet is an ideal environment
for Web site security. Likewise, extranets also demand tight security controls.
Using a directory service, such as eDirectoryTM, you can control access to the
entire server or to parts of the server, such as directories, files, or file types.
NetWare Enterprise Web Server is configured, by default, to run in eDirectory
mode, but you can modify it to run in either local database or LDAP modes.
With eDirectory, you manage access control through the NetWare file system
trustees. When running in local database mode, usernames and passwords are
stored in a simple configuration file and, therefore, are not as secure as using
eDirectory. Running in LDAP mode requires that you have an LDAP server
running and configured in your network.
Controlling Access Using eDirectory Mode

Running in Novell eDirectory mode allows you to restrict access to folders on
your server.
eDirectory mode allows you to restrict access to files, but it does not allow you
to restrict access based on IP address or other criteria. If access must be
restricted based on IP address or other parameters, you must either change
modes and use LDAP or find an alternative method to restrict access, such as
a firewall.
Managing users and groups while running in eDirectory mode is best
accomplished using ConsoleOne. However, you can perform basic eDirectory
tasks from the Users and Groups section of the Enterprise Server pages of Web
Manager, or from the eDirectory link on the Web Manager home page.
Access control is accomplished by restricting access to files in the same way
that you control access to files stored on the file server. For more information,
see Chapter 7, “Using a Directory Service to Control User Access to Network
Resources,” on page 83.

103-000133-001
August 29, 2001
Novell Confidential
Additional Web-Based Services

NetWare 6 goes beyond simply providing a Web server and includes all the
functionality for hosting a complete Web environment, including NetWare
FTP server and NetWare Web Search Server.
Using the NetWare FTP Server

The NetWare FTP Server provides File Transfer Protocol (FTP) service for
transferring files to and from NetWare volumes. You can use the FTP
command from a workstation with FTP access to log in to an eDirectory tree.
You can also perform file transfers from any FTP client by using the FTP
Server to log in to the eDirectory tree. After logging in to an eDirectory tree,
you can navigate to other NetWare servers (in the same eDirectory tree) that
might not be running FTP service.
FTP servers provide fast Internet download capabilities and are known most
for their ability to download files that are linked to a Web-based URL.
Another common use for FTP is using its Internet access to provide
collaboration between organizations or companies. For example, Company A
could use FTP to provide a shared rights area with Company B, while
maintaining rights via IP addresses. A set of addresses would be assigned to a
given area and only those addresses would have access to that area. This goes
one step further than user authentication, since you can restrict access on a
user's location as well.
The most common use for FTP today is the automated archival ability. Its
strengths are that it is fast and lightweight, and that archives can be scripted
by many FTP clients. The main purpose is to move data from the live
environment to an archive environment where it is less expensive to store.
Types of information being archived range from Human Resources
information to product code backups. With the emergence and growth of the
Web environment, FTP has been the main medium for backing up large Web
contents or moving content from a staging server to a production environment.
Information on using FTP to transfer files can be found in the Overview
section of the NetWare FTP Server Administration Guide.
HINT: The FTP server can be loaded from the NetWare console using the
command nwftpd. Users can start the FTP session from a workstation running
FTP client software using the command ftp server_name.

103-000133-001
August 29, 2001
Novell Confidential
Using the NetWare Web Search Server

With the NetWare Web Search Server you can create an enterprise-wide index
of all the information on your intranet or NetWare file servers. You can
organize information spanning multiple servers and file types into a
knowledge base. Using a single interface accessible from any Web browser,
users can access online information whether it exists in HTML, Word*,
Excel*, WordPerfect*, or several other file formats.
For more information, see Chapter 11, “Introducing NetWare Web Search
Server,” on page 131.

103-000133-001
August 29, 2001
Novell Confidential
5 Managing the Web Server
This chapter describes how to configure NetWare® Enterprise Web Server

preferences.
Starting and Stopping the Web Server

Once installed, the Web server runs constantly, listening for and accepting
requests. You can start and stop the server using Web Manager, NetWare
Remote Manager, or the NetWare system console.
1 From the Web Manager home page, click Enterprise Web Server
servername.
2 Click Server On or Server Off.
After you shut down the server, it might take a few seconds for the server to
complete its shutdown process and for the status to change to Off.
If your NetWare is taken offline for any reason, the Web server stops and any
requests it was servicing will be lost.
Setting the Termination Time-out

When you stop the Web server, it stops accepting new connections. Then it
waits for all outstanding connections to complete. The time the server waits
before timing out is configured in the MAGNUS.CONF file. By default it is
set to 3 seconds. You probably do not need to change this value. If you do need
to change the value, add TerminateTimeout seconds to
MAGNUS.CONF, where seconds represents the number of seconds you want
the server to wait before timing out.
The advantage to configuring this value is that you can wait longer for
connections to complete. However, because most servers have connections
open from nonresponsive clients, if you increase the time the server waits, you
will almost always have to wait the full time before your server shuts down.
Managing the Web Server 49

103-000133-001
August 29, 2001
Novell Confidential
Viewing Server Settings

From View Server Preferences, you can view your server’s technical and
content settings and see if your server is running. The technical settings come
from MAGNUS.CONF and the content settings come from OBJ.CONF.
These files are located in the server root, in the directory HTTP-servername
CONFIG. For more information about the MAGNUS.CONF and OBJ.CONF
files, see the Novell Developer Kit Web site (http://
www.developer.novell.com/ndk/nscomp.htm).
The following explains the server’s technical settings:
Server Root: The directory where the server binaries are kept. You first
specified this directory during installation.
Hostname: The URL that clients use as a hostname to access your server.
Port: The port on your system that the server monitors for HTTP requests.
Error Log: The name and path of the server’s error log file.
MTA Host: The name of the mail server (used by agents).
NNTP Host: The name of the news server (used by agents).
DNS: Indicates whether DNS is enabled or disabled.
Security: Indicates whether SSL is enabled or disabled.
Asynch DNS: Indicates whether asynchronous DNS is enabled or
disabled.
The server’s content settings depend on its configuration. Common server
content settings include the server’s document directory, its index filenames,
name and location of its access log, and default MIME type.
Restoring Backup Configuration Files

You can view or restore a backup copy of your configuration files, which
HTTPS-SERVER_ID.ACL
MAGNUS.CONF
OBJ.CONF
WEBPUB.CONF

103-000133-001
August 29, 2001
Novell Confidential
AGENT.CONF
MIME.TYPES
ACL files
RDM.CONF
CSID.CONF
PROCESS.CONF
ROBOT.CONF
FILTER.CONF
To Restore (and View) a Backup Copy of Configuration Files

servername > Server Preferences > Restore Configuration.
2 In the Set Number of Sets of Backups field, enter the number of backups
displayed on the form and click Change.
3 To restore a backup version, click Restore.
To restore all files to their states at a particular time, click Restore to Date,
which lists the specific time to which you want to restore.
4 Click OK > Save and Apply.
5 To view a backup version, click View next to that version.
Tuning Web Server Performance

You can configure the server’s technical options, including the number of
maximum simultaneous requests, listen queue size, and DNS usage.
To get the number of simultaneous requests, the server counts the number of
active requests, adding 1 to the number when a new request arrives and
subtracting 1 when a request is finished. When a new request arrives, the
server checks to see if it is already processing the maximum number of
requests. If it has reached the limit, it defers processing new requests until the
number of active requests drops below the maximum amount.

103-000133-001
August 29, 2001
Novell Confidential
Configuring Maximum Simultaneous Requests

You can set the number of maximum simultaneous requests, which is the
number of active requests allowed for the server at one time. If your site is
processing many requests that take many seconds, you might need to increase
the number of maximum simultaneous requests. However, for general Internet
or intranet use, you probably will not need to change the default value (128
requests).
If you need to change the number of maximum simultaneous requests, set the
number before starting the server.
servername > Server Preferences > Performance Tuning.
2 In the Maximum Simultaneous Requests field, enter the number of
requests.
Enabling Domain Name System Lookups

You can configure the server to use Domain Name System (DNS) lookups
during normal operation. By default, DNS is not enabled; if you enable DNS,
the server looks up the hostname for a system’s IP address. Although DNS
lookups can be useful for server administrators when looking at logs, they can
affect performance. When the server receives a request from a client, the
clients’s IP address is included in the request. If DNS is enabled, the server
must look up the hostname for the IP address of each client that makes a
request.
IMPORTANT: If you turn off DNS lookups on your server, hostname restrictions
won’t work and hostnames won’t appear in your log files. Instead, you’ll see the IP
addresses.
You can also specify whether to cache the DNS entries. If you enable the DNS
cache, the server can store hostname information after receiving it. In the
future, if the server needs information about the client, the information is
cached and available without further queries. You can specify the size of the
DNS cache and an expiration time for DNS cache entries. The DNS cache can
contain from 32 to 32768 entries; the default value is 1024 entries. Values for
the time it takes for a cache entry to expire can range from 1 second to 1 year
(specified in seconds); the default value is 1200 seconds (20 minutes).

103-000133-001
August 29, 2001
Novell Confidential
To modify DNS settings, do the following:

2 Select No or Yes to enable DNS.
3 Select No or Yes to enable Async DNS.
4 Select No or Yes to cache DNS entries.
5 (Conditional) If you cache DNS entries, enter the number of entries that
you want cached in the Size of DNS Cache field. In the Expire Entries
field, enter the number of seconds at which a cache entry will be deleted.
Configuring Listen Queue Size

The listen queue size is a socket-level parameter that specifies the number of
incoming connections the system will accept for that socket. The default
setting is Incoming Connections.
Normally, you should not change the listen queue size. The default setting is
sufficient in most cases.
If you manage a heavily used Web site, you should make sure your system’s
listen queue size is large enough to accommodate the listen queue size setting
from the Server Preferences form. If you do change the listen queue size, make
sure that your system supports the new size. The listen queue size set from the
Server Preferences form changes the listen queue size requested by the server.
If the server requests a listen queue size larger than the system’s maximum
listen queue size, the size defaults to the system’s maximum.
IMPORTANT: Setting the listen queue size too high can degrade server
performance. The listen queue size was designed to prevent the server from
becoming overloaded with connections it cannot handle. If your server is
overloaded and you increase the listen queue size, the server will only fall further
behind.
To modify the listen queue size, do the following:

2 In the Listen Queue Size field, enter the listen queue size you want.

103-000133-001
August 29, 2001
Novell Confidential
Configuring the HTTP Persistent Connection Time-out

With HTTP 1.1, a connection can be set to be persistent (similar to Keep Alive
in HTTP 1.0). However, even if a connection is persistent, it still needs to have
a time-out setting or it might consume system resources.
Normally, you should not change the persistent connection time-out. The
default setting is sufficient in most cases.
2 In the HTTP Persistent Connection Time-out field, enter a number
(representing seconds).
Configuring MIME Types

Multipurpose Internet Mail Extension (MIME) types control what types of
multimedia files your e-mail system supports. You can also use MIME types
to specify what file extensions belong to certain server file types (for example,
to designate what files are CGI programs).
Adding a New Mime Type

servername > Server Preferences > MIME Types.
2 From the Category drop-down list, select a category.
Type is the file or application type, Enc is the encoding used for
compression, and Lang is the language encoding.
3 In the Content-Type field, enter the context type that will appear in the
HTTP header.
The receiving client uses the header string to determine how to handle the
file. The standard strings are listed in RFC 1521.
4 In the File Suffix field, enter the file suffix.
This is the file extension that maps to the MIME type. To specify more
than one extension, separate the entries with a comma and do not include
any spaces. Do not map one file extension to two MIME types.
5 Click New Type.

103-000133-001
August 29, 2001
Novell Confidential
Editing a Mime Type

2 Click Edit next to the category you want to edit.
3 In the Content-Type field, enter the context type.
4 In the File Suffix field, enter the file suffix.
5 Click Change MIME Type > Save and Apply.
IMPORTANT: Do not enter spaces between the file suffixes when you add or edit
a MIME type. If you put a space between them, you might receive an error or your
server might not restart. If this happens, edit your MIME.TYPES file to delete the
space. The MIME.TYPES file is in your server root in the HTTPS-servername/
CONFIG directory. After you have edited the file, from Server Preferences, click
Apply.
Removing a Mime Type

2 Click Remove next to the category you want to remove.
3 Click Save and Apply.
Configuring Network Settings

You can change your server’s network settings by using the Server
Preferences page. Following is a brief introduction to each setting and
instructions to modify your network settings.
Changing the Server Name

The server name is the full hostname for your server. When clients access your
server, they use this name. The format for the server name is
servername.yourdomain.domain.
For example, if your full domain name is novell.com, you could install a
server with the name www.novell.com.
If you have set up a DNS alias for your server, use that alias.

103-000133-001
August 29, 2001
Novell Confidential
Changing the Server Port Number

The server port number specifies the TCP port that the server listens to. The
port number you choose can affect your users. If you use a nonstandard port,
then anyone accessing your server must specify a server name and port
number in the URL. For example, if you use port 8090, users wanting to
access your server from their Web browsers would specify the following:
http://www.novell.com:8090
The standard unsecure Web server port number is 80; the standard secure Web
server port number is 443. Technically, the port number can be any port from
80 to 65535, but because many other services are using other ports, you should
carefully choose your ports.
IMPORTANT: Before changing the Web server’s port number, refer to Appendix
F, “Port Number Assignments,” on page 285.
Changing the Server Binding Address

At times you’ll want the server to answer to two URLs. Your system must
already be set up to listen to multiple IP addresses. For information on
configuring multiple IP addresses, refer to “Setting Up Hardware Virtual
Servers” on page 71.
Changing the Server’s MTA Host

The server’s Message Transfer Agent (MTA) host is the name of the Simple
Mail Transfer Protocol (SMTP) mail server. See the following section,
“Modifying Network Settings,” for instructions on where to modify your
server’s MTA host.
Modifying Network Settings

servername > Server Preferences > Network Settings.
2 In the Server Name field, enter the full hostname or DNS alias of your
server.
3 In the Server Port field, enter the port number of your server.
4 In the Bind to Address field, enter the IP address that is associated with
the specified hostname.

103-000133-001
August 29, 2001
Novell Confidential
5 In the MTA Host field, enter the name of your SMTP mail server.
You must enter a valid MTA if you want to use the agent e-mail function.
Customizing Error Responses

You can specify a custom error response that sends a detailed message to
clients when they encounter errors from your server. You can specify a file to
send or a CGI program to run.
Instead of sending back the default file, you might want to send a custom error
response. For example, if a client repeatedly tries to connect to a part of your
server protected by access control, you might return an error file with
information on obtaining an account.
What Are the Errors?

You can customize the response to the following kinds of errors:
Unauthorized: Occurs when users without access permission try to access
a document on the server that is protected by access control.
Forbidden: Occurs when the server doesn’t have file system permissions
to read something, or if the server is not permitted to follow symbolic
links.
Not Found: Occurs when the server can’t find a document or when it has
been instructed to deny the existence of a document.
Server Error: Occurs when the server is not configured properly or when
a catastrophic error occurs, such as the system running out of memory or
producing a core dump.
Setting Up the Response

Before you can set up the response, you need to write the HTML file to send
or create the CGI program to run.
servername > Server Preferences > Error Responses.
2 From the Editing drop-down list, select the server resource you want to
configure.

103-000133-001
August 29, 2001
Novell Confidential
3 To choose a specific part of your server, click Browse.

4 To browse files and directories on your server, click Options.
5 To return to the Custom Error Responses form, click Back.
6 To enter the wildcard pattern to edit, click Wildcard.
7 Select the error response you want to customize.
8 In the appropriate field, enter the absolute pathname to the file or CGI
script that you want to return for that error code.
9 Check the CGI box if the file is a CGI program that you want to run.
10 Repeat this process for each error response you want to customize.
11 Click OK.
To remove a customization, return to the form and delete the filename from
the field next to the error code.
Restricting Access
Use the Restrict Access form to configure several features.
When you use Public Directory Designation, you’re actually specifying what
files and directories you want to allow public access to. The Public Directory
Designation box lists directories and files that are currently public with
associated prefixes.
For more information on working with additional or virtual document
directories, refer to “Setting Additional Document Directories” on page 62
and “Setting Virtual Document Directories” on page 62. For information on
User Document Directories, refer to “Configuring User Document
Directories” on page 64.
The Password Redirection File allows you to create and display a file that
alerts users their passwords have expired and that they are using grace logins.
When users access this URL, the specified file appears rather than
INDEX.HTML.
When you are in eDirectoryTM mode, file access is determined by eDirectory
rights granted to users. Rights Checking Mode allows you to check rights at a
more granular level. If you have the system check rights at the file level,
system performance will be affected.

103-000133-001
August 29, 2001
Novell Confidential
Making a File or Directory Public

servername > Server Preferences > Restrict Access.
2 Click Insert File to insert a file or directory.
3 Click Save to save your changes.
Displaying a File Indicating Expired Passwords

1 In the Password Expiration Redirection File field, enter the path to the
location where you have saved (or will) your password expiration
notification file.
The default is \NOVONYX\SUITESPOT\DOCS\NDSDIRECT.HTML.
2 Click Save to save your changes.
If you are using eDirectory, you can use Rights Checking Mode to determine
at what level you want rights checked. Checking File will affect performance.
Establishing Security
When you install the Novell® Certificate Server (during the NetWare
installation), a Key Material Object (KMO) is created by default. A KMO,
also called a Server Certificate object, includes a server certificate and key
pair files.
For related information on securing the NetWare Web Manager, refer to
Chapter 3, “Modifying Web Manager Preferences,” on page 33.
For more information on installing and configuring the Novell Certificate
Server, refer to the Novell Certificate Server Administration Guide (http://
www.novell.com/documentation/lg/crtsrvad/docui/index.html).
If you created a KMO, you can use the following procedure to enable security:
servername > Server Preferences > Encryption On/Off.
This option is available only if you have created a KMO.
2 Under Encryption, click On.
The Port Number field displays 443.
3 Select the KMO you want to use for encryption from the KMO drop-
down list.

103-000133-001
August 29, 2001
Novell Confidential
4 Click OK.
To affect the changes, restart the Web server by going to the Server
Preferences page and clicking Server Off and then Server On.
HINT: Once you have enabled security on the NetWare Web Manager or
Enterprise Web Server, you must use https:// in the URL to access them.

103-000133-001
August 29, 2001
Novell Confidential
6 Managing Server Content
You can use the NetWare® Web Manager to help manage Web server content.
You can create HTML pages and other files such as graphics or text and then
store those files on your server. When users connect to your server, they can
view your files provided they have access to them.
This chapter describes how your users can contribute content to your Web
server and how you can configure and manage content files and folders.
Setting the Primary Document Directory

You probably don’t want to make all the files on your file system available to
remote clients. An easy way to restrict access is to keep all of your server’s
documents in a central location, known as the document root or primary
document directory.
Another benefit of the document directory is that you can move your
documents to a new directory (perhaps on a different disk) without changing
any of your URLs, because the paths specified in the URLs are relative to the
primary document directory.
For example, if your document directory is
SYS:NOVONYX\SUITESPOT\DOCS, a request such as http://
www.novell.com/products/info.html tells the server to look for the file
INFO.HTML in SYS:NOVONYX\SUITESPOT\DOCS\PRODUCTS\.
If you change the document root (by moving all the files and subdirectories),
you only have to change the document root that the server uses, instead of
mapping all URLs to the new directory or telling clients to look in the new
directory.
To set your server’s primary document directory, do the following:
servername > Content Management > Primary Document Directory.
2 In the Primary directory field, enter the full pathname of the directory that
you want to make the primary document directory.
Managing Server Content 61

103-000133-001
August 29, 2001
Novell Confidential
Setting Additional Document Directories

Most of the time you keep all of your documents in the primary document
directory. But sometimes you might want to serve documents from a directory
outside of your document root. You can do this by setting additional document
directories. By serving from a directory outside of your document root, you
can let someone manage a group of documents without giving them access to
your primary document root.
servername > Content Management > Additional Document Directories.
2 In the URL Prefix field, enter the URL prefix or keyword you want to use
to represent the path.
For example, the URL prefix could be docs.
3 In the Map to Directory field, enter the absolute path of the directory you
want the URL prefix to map to.
The command syntax is volume:\directory\subdirectory.
For example, the path could be
\NOVONYX\MARKETING\PUBDOCS\INDEX.HTML
4 (Optional) Select a configuration style to apply to this directory’s
configuration.
5 Click OK.
HINT: When you update information but don’t save and apply changes, your
information is retained so that you can view and edit it, even though the changes
have not taken effect.
Setting Virtual Document Directories

A virtual document directory allows you to serve documents from directories
that do not reside on the file server where your Enterprise Web Server is
running but that do exist in the same tree as the server where your Web Server
is running.
IMPORTANT: If your eDirectoryTM User objects for users who need access to their
Virtual Document Directories are in a different container than the eDirectory Server
object (for the NetWare server running the Enterprise Web Server), the containers
that include the User objects with Virtual Document Directories must be in a
partition that is replicated (master or read/write) on the server that the Enterprise
Web Server is running on.

103-000133-001
August 29, 2001
Novell Confidential
Establishing the Path to the Directory

servername > Content Management > Additional Document Directories.
2 In the URL Prefix field, enter a key word (for example text) to represent
the path to the virtual directory.
3 In the Map to Directory field, specify the path to your documents in the
following format:
servername\volume:\directory\subdirectory
Providing Public Access

To provide public access to the virtual directory in eDirectory mode and restart
the server:
2 Click Insert File and enter the path (or any portion of the path you want
to be public) using the following syntax:
3 Click OK > Save Changes.
4 To effect the changes, click On/Off under Server Preferences to restart the
server.
Setting Server Access

To give the file server that is running the Enterprise Web Server access to the
directory structure of the server where the index file resides, the Enterprise
Web Server file server must be configured as a trustee of that directory. Use
ConsoleOneTM to set the rights.

103-000133-001
August 29, 2001
Novell Confidential
Configuring User Document Directories

User Document Directories allows you to set up document directories or home
directories for each user in your directory. A great advantage to setting up
home directories is that users can then access their own files using a Web
browser.
For every user that you want to provide a home page for, complete the
following tasks:
Create a home directory for each User object.
Create a PUBLIC_HTML directory in the user’s home directory and copy
an INDEX.HTML file to it.
Add the user’s context to the Search Contexts List.
Restart the NetWare Web Manager.
Activate User Document Directories in the Enterprise Web Server.
Make the PUBLIC_HTML directory public.
See the following sections for details on completing the above tasks.
HINT: If you are running the Enterprise Server in eDirectory mode and you have
user objects for users who need access to their document directories, the user
objects should be kept in the same container as the eDirectory server object.
If they are not, then the containers that include these user objects must be in a
partition that is replicated (Master or Read/Write) on the server where the
Enterprise Server is running.
Creating a Home Directory

Using ConsoleOne, create new users in their appropriate contexts. Click
Create Home Directory in the lower portion of the form to create their user
document directories.
Creating a PUBLIC_HTML Directory

Create PUBLIC_HTML directories in the users’ home directories and copy
INDEX.HTML files to them.
NOTE: You can change the name of the PUBLIC_HTML directory. Should you
choose to change it, make sure all references to this directory name are consistent.

103-000133-001
August 29, 2001
Novell Confidential
Adding Users’ Contexts to the Search Contexts List

servername > Users and Groups.
2 Click Insert Context and enter the information for each new context in the
New NDS® Context box. Use the following format:
ou=yourdepartment.o=yourcompany
This information is added to the Search Contexts List.
If this context is already set in your AUTOEXEC.NCF file (set Bindery
Context=) you don't need to add it here.
3 Click Save Changes.
Restarting the Enterprise Web Server

Restart the server at the system console. Use the command NSWEBDN to
bring down the Web server and NSWEB to restart it.
Activating User Document Directories

This step activates your users’ home directories so that when the URL is
entered all that is required is a slash (/) followed by ~usersname in order to
reach a particular user’s home page.
1 From the Web Manager home page click Enterprise Web Server
servername > Content Management > User Document Directories.
2 To activate the service, click OK.
Providing Public Access

2 Click Insert File and enter the path (or any portion of the path you want
to be public) in the following format:
3 Click OK > Save Changes.
4 To effect the changes, click On/Off under Server Preferences to restart the
server.

103-000133-001
August 29, 2001
Novell Confidential
Web Publishing through WebDAV

There are various ways of publishing content to your Web server. (See “How
to Publish Content to Your Web Server” on page 44.) Web-distributed
Authoring and Versioning (WebDAV) is an industry standard protocol and is
an enhancement to the HTTP protocol, turning the Web into a document
database that enables collaborative creation, editing, and searching from
remote locations.
For your users to benefit from WebDAV, it must first be enabled. WebDAV is
enabled by default once you install NetWare 6. But if you need to enable or
disable it, you can do so from NetWare Web Manager.
To enable WebDAV on your Enterprise Server, do the following:
1 From the NetWare Web Manager home page, click NetWare Enterprise
Web Server servername > WebDAV.
2 Under WebDAV State, click On.
3 Click OK.
Configuring Document Preferences

You can configure the following document preferences from the Web
Manager home page by clicking Enterprise Web Server servername > Content
Management > Document Preferences.
Specifying a Default Home Page

If a document name is not specified in a URL, the Web server will look for a
specific filename (or home page) such as INDEX.HTML, and return it to the
Web browser. The filename that the Web Server looks for is configurable
using the Document Preferences page of Web Manager. If the specified
filename cannot be found, the Web browser will display a listing of files and
folders located at the URL.
By default, the Enterprise Web Server defines INDEX.HTML and
HOME.HTML as the default home page filenames, but you can set these to
whatever filename you choose.

103-000133-001
August 29, 2001
Novell Confidential
If more than one name is specified, the server searches in the order in which
the names appear in this field until one is found. For example, if your index
filenames are INDEX.HTML and HOME.HTML, the server first searches for
INDEX.HTML and, if it doesn’t find it, the server then searches for
HOME.HTML.
Directory Indexing
In your document directory, you’ll probably have several subdirectories. For
example, you might create a directory called PRODUCTS, another called
SERVICES, etc. It’s common to provide an overview (or index) of these
directories.
The server indexes directories using the following process:
1. The server first searches the directory for an index file called
INDEX.HTML or HOME.HTML, which is a file you create and maintain
as an overview of the directory’s contents. (These defaults can be
configured for the whole server, so your server’s files might vary. For
more information, see “Specifying a Default Home Page” on page 66.)
You can specify any file as an index file for a directory by naming it one
of these default names, which means you can also use a CGI program as
an index if CGI is activated.
2. If an index file isn’t found, the server generates an index file that lists all
the files in the document root. The generated index has one of the
following formats:
Fancy directory indexing is fairly detailed. It includes a graphic that
represents the type of file, the date the file was last modified, and the
file size.
Simple directory indexing is less detailed, but also takes less time to
generate.
You can also specify that no dynamic directory listing be generated
if the server looks for index files and cannot find any. If the server
does not find any index files, it will not create a directory listing to
show the user and will return an error message.

103-000133-001
August 29, 2001
Novell Confidential
Server Home Page

When users first access your server, they usually use a URL such as http://
www.novell.com/. When the server receives a request for this document, it
returns a document called a home page. Usually this file has general
information about your company and links to other documents.
By default the server finds the index file specified in the Index Filenames field
and uses that for the home page. However, you can also specify a file to use as
the home page by selecting the Home Page icon (by the Location field) and
entering the filename for the home page in the field.
About the Temporary Web Site

By default, the Enterprise Web Server includes a temporary Web site. The
purpose of the site is to verify when your Web server is running. But it also
includes information about, and links to, all of the Web-based NetWare 6
management tools.
You can replace the default INDEX.HTM and with your own home page and
remove all of the supporting pages as well. You might want to explore the site
before replacing it with your own content.
To view the temporary Web site, point your Web browser at your Web server
by entering your NetWare server’s domain name or IP address. For example:
http://www.digitalairlines.com
or
http://120.140.160.180
Default MIME Type

When a document is sent to a client, the server includes a section that
identifies the document’s type, so the client can present the document in the
correct way. However, sometimes the server can’t determine the proper type
for the document because the document’s extension is not defined for the
server. In those cases, a default value is sent. For information about
maintaining your server’s Multipurpose Internet Mail Extension (MIME)
types, see “Configuring MIME Types” on page 54.

103-000133-001
August 29, 2001
Novell Confidential
The default is usually Text/Plain, but you should set it to the type of file most
commonly stored on your server. Some common MIME types include the
following:
text/plain text/html
text/richtext image/tiff
image/jpeg image/gif
application/x-tar application/postscript
application/x-gzip audio/basic
Parsing the Accept Language Header

When clients contact a server using HTTP, they can send header information
describing the languages they accept. You can configure your server to parse
this language information.
For example, if you store documents in Japanese and English, you could
choose to parse the Accept Language header. When clients that have Japanese
as the Accept Language header contact the server, they receive the Japanese
version of the page. When clients that have English as the Accept Language
header contact the server, they receive the English version.
If you do not support multiple languages, you should not parse the Accept
Language header.
Setting Document Preferences

1 Click Enterprise Web Server servername > Content Management >
Document Preferences.
2 In the Index Filenames field, enter a new index filename.
3 Select the kind of directory indexing you want.
4 Select whether you want users to see a specified home page or an index
file when they access your server. If you select the home page option,
enter the filename of the home page you want in the Index File field.
5 In the Default MIME Type field, enter the default MIME type you want
the server to return if a client accesses a file with an extension that has not
been set up as a MIME type on your server.
6 Select whether or not to parse the accept language header.

103-000133-001
August 29, 2001
Novell Confidential
Forwarding URLs
Redirection is a method for the server to tell a user that a URL has changed—
for example, if you have moved files to another directory or server. You can
also use redirection to send a person who requests a document on one server
to a document on another server.
To map a URL to another server, you must first specify the prefix of the URL
you want the server to redirect. Then, you need to choose which URL to
redirect to. You can redirect to a URL prefix if the directory on the new server
is the same as in the mapped URL; you can also redirect to a fixed URL
(hostname, directory, and filename).
To forward URLs, do the following:
1 Click Enterprise Web Server servername > Content Management > URL
Forwarding.
2 In the URL Prefix field, enter the URL prefix you want to redirect.
For example, if the URL you want to map is http://www.netscape.com/
info/movies, you would type /info/movies in the field.
3 Select whether you want to forward requests to a URL prefix or to a fixed
URL.
If you forward to a URL prefix, the forwarding keeps the full pathname and
substitutes one prefix for another. For example, if you forward http://
www.novell.com/info/docs to a prefix cambridge.com, the URL http://
www.novell.com/info/docs redirects to http://cambridge.com/info/docs.
However, if the directory structure on the new server is not the same as in the
mapped URL, you could forward the URL to a fixed URL. For example, you
could forward http://www.novell.com/info/docs to http://cambridge.com/
new-files/info/docs.
Sometimes you might want to redirect requests for all the documents in one
subdirectory to a specific URL. For example, if you had to remove a directory
because it was causing too much traffic or because the documents were no
longer to be served for any reason, you could direct a request for any one of
the documents to a page explaining why the documents were no longer
available. For example, a prefix on /info/docs could be redirected to http://
www.novell.com/explain.html.

103-000133-001
August 29, 2001
Novell Confidential
Setting Up Multiple Web Servers

There are two approaches you can take to set up multiple Web servers on your
NetWare server:
Hardware virtual servers
Software virtual servers
Each approach has its strengths and weaknesses; you should choose the one
that’s right for your situation.
Hardware virtual servers allow you to map multiple IP addresses to multiple
document roots. For example, if you have two IP addresses, you could map
the first IP address to one document root and the second IP address to a second
document root. Although hardware virtual servers take fewer system
resources than multiple instances of the server, they must also share the same
configuration information. For example, if one hardware virtual server has
enabled security features or Web Publishing, they all must have it enabled.
Software virtual servers give you the ability to map a single IP address to
multiple server names. Each software virtual server can have its own home
page, which allows you to host multiple Web sites from one IP address.
However, in order for software virtual servers to work correctly, the users
accessing the server must use client software that supports the HTTP host
header. Like hardware virtual servers, software virtual servers all must have
the same configuration.
For more information, see “Setting Up Hardware Virtual Servers” on page 71
and “Setting Up Software Virtual Servers” on page 72.
Setting Up Hardware Virtual Servers

A hardware virtual server lets your server respond to multiple IP addresses
without your having to install multiple servers. With hardware virtual servers,
you map multiple IP addresses to multiple document roots. For example, if
you have two IP addresses, you could map the first IP address to one document
root and the second IP address to another document root.
Although hardware virtual servers take fewer system resources than multiple
instances of the server, they must also share the same configuration
information. For example, if one hardware virtual server has enabled security
features, they all must have security features enabled.

103-000133-001
August 29, 2001
Novell Confidential
To set up hardware virtual servers, dothe following:

1 Load and bundle all IP addresses.
2 Enter the following command at the NetWare server console:
add secondary IPaddress IP_address
3 Add the above command to the AUTOEXEC.NCF file after the LOAD
and BIND statements or after INITSYS.NCF if INETCFG is being used
to configure the server.
Hardware Virtual Servers.
5 In the IP Address field, enter the secondary IP address.
6 In the Document Root field, enter the document root. For example,
SYS:NOVONYX\SUITESPOT\DOCS.
7 To secure your hardware virtual server, check the Encryption check box.
See “About Securing a Hardware Virtual Server” on page 72 for
additional information.
9 Repeat the previous steps for each hardware virtual server.
About Securing a Hardware Virtual Server

For more information on security, refer to Novell Certificate Server
While the Enterprise Web Server doesn’t have to be secured for a hardware
virtual server to be secured, you do have to specify a Key Material Object
(KMO) during installation to use encryption. Once the KMO is created, use
Server Preferences > Encryption On/Off to select a KMO.
IMPORTANT: Once you have turned Encryption on, you must use HTTPS to
contact this server rather than HTTP.
Setting Up Software Virtual Servers

A software virtual server is a way to host several Web sites on one computer
without needing to have more than one IP address on the computer. For
example, you can set up your system so that both www.novell.com and
www.cambridge.com resolve to 192.3.4.5, and then set up software virtual

103-000133-001
August 29, 2001
Novell Confidential
servers to handle both server names (for example, http://www.novell.com/ and

http://www.cambridge.com). The server can respond differently to requests
depending upon the URL, even though the server only has one IP address.
For example, an Internet service provider (ISP) installs a Web server and then
wants to set up a software virtual server for each of its customers (for example,
customers aaa, bbb, and ccc) so that each customer can have an individual
domain name.
The ISP first configures the Domain Name System (DNS) to recognize that a
customer’s URL, www.aaa.com, resolves to the ISP’s IP address. The ISP then
creates a subdirectory for each company (aaa, bbb, and ccc) in the document
root. These subdirectories contain the files for that company, including the
home page, aaa/HOME.HTML. Next, the ISP sets up software virtual servers.
The URL host would be www.aaa.com and the home page would be aaa/
HOME.HTML. The ISP would do this for each company it services.
Because software virtual servers use the HTTP host header to direct the user
to the correct page, not all client software works with software virtual servers.
Only client software that supports the HTTP host header will work. In the
previous example, the ISP would set up the INDEX.HTML file in the
document root to be an index page that links to all the virtual servers hosted
by the system, so all users could access the home pages.
To set up a software virtual server, do the following:
Software Virtual Servers.
2 Create a directory under the DOCS directory. For example,
SYS:\NOVONYX\SUITESPOT\DOCS\TEST.
3 In the URL Host field, enter the URL host whose custom home page you
want to set up. For example, test/.
4 In the Home Page field, enter the path to the home page you want to use
for this virtual server. For example INDEX.HTML.
If you enter a full path, the server uses that specific document. If you enter
a partial path, the server interprets it as relative to your primary document
directory.
6 If you want to modify preferences on the default home page, click Edit
the Default Home Page at the top of the form.

103-000133-001
August 29, 2001
Novell Confidential
About the Drop-Down Lists

When working on the International Characters, Document Footer, Parse
HTML, and Cache Control Directives pages of Web Manager and your Web
server, you will find a drop-down box at the top of each page. It works the
same for each of these features.
The drop-down list and associated Browse button let you select specific
resources to be configured.
From the drop-down list, you select a resource to be configured. You can click
Browse to browse your primary document directory, Options to choose other
directories, and Wildcard to configure files with a specific extension.
Wildcards Used in the Drop-Down List

In many parts of the server configuration, you specify wildcard patterns to
represent one or more items to configure. Note that the wildcards for access
control and text search might be different from those discussed in this section.
Wildcard patterns use special characters. If you want to use one of these
characters without the special meaning, precede it with a backslash (\)
character.
Table 3 Drop-Down Wildcard Patterns
Pattern Use
* Match zero or more characters.
? Match exactly one occurrence of any character.
| An or expression. The substrings used with this operator

can contain other special characters such as an asterisk (*)
or a dollar sign ($). The substrings must be enclosed in
parentheses—for example—(a|b|c), but the parentheses
cannot be nested.
$ Match the end of the string. This is useful in or expressions.
[abc] Match one occurrence of the characters a, b, or c. Within

these expressions, the only character that needs to be
treated as a special character is the right bracket ( ] ); all
others are not special.

103-000133-001
August 29, 2001
Novell Confidential
Pattern Use
[a-z] Match one occurrence of a character between A and Z.
[^az] Match any character except A or Z.
*~ This expression, followed by another expression, removes

any pattern matching the second expression.
Table 4 Drop-Down List Wildcard Examples
Pattern Result
*.netscape.com Matches any string ending with the

characters .netscape.com.
(quark|energy).netscape.com Matches either quark.netscape.com or

energy.netscape.com.
198.93.9[23].??? Matches a numeric string starting with

either 198.93.92 or 198.93.93 and ending
with any three characters.
*.* Matches any string with a period in it
*~netscape-* Matches any string except those starting

with netscape-
*.netscape.com~quark.netscape. Matches any host from domain

com netscape.com except for the single host
quark.netscape.com.
*.netscape.com~(quark|energy| Matches any host from domain

neutrino).netscape.com netscape.com except for hosts
quark.netscape.com,
energy.netscape.com, and
neutrino.netscape.com.
*.com~*.netscape.com Matches any host from domain.com

except for hosts from the subdomain
netscape.com.

103-000133-001
August 29, 2001
Novell Confidential
Assigning a Character Set

The character set of a document is determined in part by the language it is
written in. For most Web browsers, you can override the default character set
setting for a document, a set of documents, or a directory by selecting a
resource and entering a character set for that resource.
Most Web browsers can use the MIME type charset parameter in HTTP to
change its character set. If the server includes this parameter in its response,
the Web browser changes its character set accordingly. The following are
some character set examples:
Content-Type: text/html;charset=iso-8859-1
Content-Type: text/html;charset=iso-2022-jp
The charset names recognized by Netscape Communicator are specified in

RFC 1700 (except for the names that begin with x-). These charset names
us-ascii iso-8859-1
iso-2022-jp x-sjis
x-euc-jp x-mac-roman
Additionally, the following aliases are recognized for us-ascii:
ansi_x3.4-1968 iso-ir-6
ansi_x3.4-1986 iso_646.irv:1991
ascii iso646-us
us ibm367
cp367
The following aliases are recognized for iso_8859-1:
latin1 iso_8859-1
iso_8859-1:1987 iso-ir-100
ibm819 cp819

103-000133-001
August 29, 2001
Novell Confidential
To change the character set, do the following:

International Characters.
2 Select the server resource you want to change the character set for from
the Editing drop-down list.
3 To view the different server resources, click Browse .
4 To type the pattern you want to edit, click Wildcard .
5 In the Character Set field, enter one of the character sets previsously
mentioned in this section.
Specifying a Document Footer

You can specify a document footer, which can include the last-modified time,
for all the documents in a certain section of your server without using server-
parsed HTML. This footer works for all files except the output of CGI scripts
or parsed HTML (.SHTML) files.
HINT: If you need your document footer to appear on CGI-script output or parsed
HTML files, enter your footer text into a separate file and add a line of code or
include another server-side to append that file to the page's output.
Document Footer.
2 Select the resource that you want to apply the document footer to from the
Editing drop-down list.
3 Click Browse to view the different server resources.
4 To enter the pattern you want to edit, click Wildcard .
5 In the For Files of Type field, enter the kind of files that you want to
include in the footer. The default is text/html.
6 Select the time format from the drop-down list or enter a date in the
Custom Date Format field.
7 In the Footer Text field, enter the footer text.
The maximum number of characters for a document footer is 765. Type
the string :LASTMOD: if you want to include the date the document was
last modified.

103-000133-001
August 29, 2001
Novell Confidential

9 To change the footer text, click Deactivate Custom Trailer.
When you change the document footer for an HTML page, the last-
modified date doesn’t change.
Customizing Parsed HTML

HTML is normally sent to the client exactly as it exists on disk without any
server intervention. However, the server can search HTML files for special
commands (that is, parse the HTML) before sending documents. If you want
the server to parse these files and insert request-specific information or files
into documents, you must first enable HTML parsing.
1 Click Enterprise Web Server servername > Content Management > Parse
HTML.
2 Select the server resource to edit from the Editing drop-down list.
4 Click Wildcard to enter the pattern you want to edit.
5 Select whether or not you want to activate parsed HTML.
If you activate it, you need to choose whether to activate it with or without
the Exec tag. The Exec tag allows an HTML file to execute an arbitrary
program on the server. You might not want to allow the Exec tag for
security or performance reasons.
6 Select which files to parse.
The default choice is to parse only files with the extension .SHTML. In
this case, all files you want to parse must have the .SHTML extension.
You can have the server parse all of its HTML files. Choosing this option
can slow your server’s performance.

103-000133-001
August 29, 2001
Novell Confidential
Using Cache-Control Directives

Cache-control directives are a way for the Enterprise Web Server to control
what information is cached by a proxy server. By using cache-control
directives, you override the default caching of the proxy to protect sensitive
information from being cached and perhaps retrieved later. For these
directives to work, the proxy server must comply with HTTP 1.1.
For specific directories in your server, you can set the cache-control directives
to one of the following levels:
Public: The response is cacheable by any cache.
Private: The response is cacheable only by a private (non-shared) cache.
No Cache: The response must not be cached anywhere.
No Store: The cache must not store the request or response anywhere in
nonvolatile storage.
Must Revalidate: The cache entry must be revalidated from the
originating server.
Maximum Age (in seconds): The client does not accept a response that
has a greater age than the maximum age.
To set the cache-control directives, do the following:
Cache Control Directives.
2 Select the directory or directories that you want to set cache-control
directives for from the Editing drop-down list.
4 Click Wildcard to enter the pattern you want to edit.
5 Select the level of control you want to set.
The default is public.
6 Click OK.
For more information on HTTP 1.1, see the Hypertext Transfer Protocol
(http://www.ietf.org/html.charters/http-charter.html)(HTTP/1.1
specification [RFC 2068]).

103-000133-001
August 29, 2001
Novell Confidential
Working with Configuration Styles

Configuration styles are an easy way to apply a set of options to specific files
or directories that your server maintains. For example, you can create a
configuration style that sets up access logging. When you apply that
configuration style to the files and directories that you want to log, you don’t
have to individually configure access logging for all the files and directories.
Creating a Configuration Style

1 Click Enterprise Web Server servername > Styles > New Style.
2 In the Style Name field, enter the name you want to give the configuration
style.
3 Click OK.
4 Select a configuration style to edit from the Style drop-down list and then
click Edit This Style.
5 From the list of links available, click the category you want to configure
for your style. You can configure the following information:
LCGI File Type: Lets you activate LCGI as a file type. For more
information about working with Web applications, see Chapter 9,
“Extending Your Server with Programs,” on page 97.
Character Set: Lets you change the character set for a resource. For
more information, see “Assigning a Character Set” on page 76.
Default Query Handler: Lets you set a default query handler for a
server resource.
Document Footer: Lets you add a document footer to a server
resource. For more information, see “Specifying a Document
Footer” on page 77.
Error Responses: Lets you customize the error responses that clients
see when they encounter an error from your server. For more
information, see “Customizing Error Responses” on page 57.
Log preferences: Lets you set preferences for access logs. For more
information, see “Working with Log Files” on page 113.
Restrict Access: Lets you restrict access to the entire server or parts
of it. For more information, see “Restricting Access” on page 58.
Server Parsed HTML: Lets you specify whether the server parses
files before they are sent to the client. For more information, see
“Customizing Parsed HTML” on page 78.

103-000133-001
August 29, 2001
Novell Confidential
6 Fill out the form that appears and then click OK.
7 Repeat Step 4 and Step 5 to make any other changes to the configuration
style.
8 Click OK on the form you modified.
9 Click OK on the Edit a Style form.
Editing a Configuration Style

1 Click Enterprise Web Server servername > Configuration Styles > Edit
Style.
2 Select a configuration style to edit from the Style drop-down list.
3 Click Edit This Style.
4 From the list of links available, click the category you want to configure
for your style.
For more information on these categories, see “Creating a Configuration
Style” on page 80.
5 Fill out the form that appears > click OK.
6 Repeat Steps 4 and 5 to make any other changes to the configuration style.
7 Click OK on the form you modified.
8 Click OK on the Edit a Style form.
Applying a Configuration Style

Once you’ve created a configuration style, you can apply it to files or
directories in your server. You can specify either individual files and
directories or wildcard patterns, such as *.GIF.
1 Click Enterprise Web Server servername > Configuration Styles > Assign
Style.
2 In the URL Prefix Wildcard field, enter the prefix of the URL that you are
applying this configuration style to.
If you select a directory inside the document root, only enter the path after
the document root. If you enter /* after the directory, you apply the
configuration style to all of the directory’s contents.

103-000133-001
August 29, 2001
Novell Confidential
3 Select the configuration style you want to apply from the Style drop-down
list.
Removing a Configuration Style

Before removing a configuration style, apply the None configuration style to
any files or directories that had the configuration style applied to them. If you
do not apply None before removing the configuration style, you must
manually edit your OBJ.CONF file, search for the configuration style in the
file, and replace it with None. If you don’t do this search and replace, anyone
who accesses the files or directories that the deleted configuration style was
applied to will get a server configuration error message.
1 Click Enterprise Web Server servername > Configuration Styles >
Remove Style.
2 Select the configuration style you want to remove from the Remove drop-
down list.
Listing Configuration Style Assignments

After you have created configuration styles and applied them to files or
directories, you can get a list of the configuration styles and where you applied
them.
1 Click Enterprise Web Server servername > Configuration Styles > List
Assignments.
2 To edit a configuration style assignment, click Edit Style Assignment next
to the configuration style name.

103-000133-001
August 29, 2001
Novell Confidential
7 Using a Directory Service to Control

User Access to Network Resources
Using a directory service with NetWare® Web Services lets you easily control
which of your users can access sensitive data on your NetWare 6 server.
The NetWare Enterprise Web Server lets you choose which directory service
mode you want the Enterprise Server to use. This chapter describes each of the
available directory service modes and how to set them up.
The Directory Service

Directory services are a type of software that allow you to maintain
information, such as contact information or identification information for the
people in your organization. This information is also used when controlling
access to a server and its resources by requiring a user to provide the necessary
username and password when trying to access protected (or nonpublic)
folders.
You can use three directory service modes with the Enterprise Web Server:
eDirectoryTM mode
Local database mode
LDAP mode
NOTE: If you choose local database or LDAP modes, users will be required to
enter fully distinguished names (.username.context.domain) whenever accessing
protected folders.
eDirectory Mode
Novell® eDirectory is installed during the NetWare 6 installation. The
Enterprise Web Server provides a native eDirectory integration mode. While
in this mode, users attempting to access any folder that is not designated as a
public folder are required to enter a username and password. This is
accomplished through eDirectory’s use of native NetWare file system trustee
assignments.
This means that anywhere that users have Internet access, they can log in from
an HTTP client using their eDirectory usernames and passwords. There is no
Using a Directory Service to Control User Access to Network Resources 83

103-000133-001
August 29, 2001
Novell Confidential
need for them to set up a dialup account into your company network. As long
as they can get to the Internet, they can get to their data.
eDirectory is the default directory mode and is ready to go after installation of
NetWare 6. After eDirectory mode is selected,
Use ConsoleOneTM to maintain user and group information.
HINT: You can also use the Users and Groups feature from within the Enterprise
Server manager pages to perform basic eDirectory functions, such as adding,
configuring, or removing User and Group objects. To access users and groups
from the NetWare Web Manager home page, click your Enterprise servername >
then Users and Groups.
Users are required to log in from the Web browser to gain access to
resources contained in nonpublic directories.
Make sure SSL is enabled if you do not want eDirectory passwords
visible to hackers.
NetWare file system trustees assignments are available exclusively to
control access to Web resources.
NetWare Enterprise Web Server access control lists (ACLs) are disabled.
Local Database Mode

The local database is intended for sites running a public access Web site, or a
site in which protected resources are limited and where you don’t have a need
to secure any or most of your information. Usernames and passwords are
stored in a simple text file.
Local database mode has the following limitations when compared to
eDirectory:
Rights set up in local database mode don’t carry over to your existing
directory service; therefore, you have to maintain and synchronize two
access control lists.
The local database supports no more than 1,000 entries.
The local database cannot be replicated.

103-000133-001
August 29, 2001
Novell Confidential
LDAP Mode
If your company is built around LDAP, this mode might make sense for you.
However, we recommend eDirectory as your directory service. eDirectory is
the leading directory service available today and is included with NetWare 6.
For information about implementing LDAP with eDirectory, see LDAP
Services for Novell eDirectory (http://www.novell.com/documentation/lg/
nw6p/ndsedir86/index.html). Before using eDirectory as your LDAP server,
you must first enable unencrypted passwords by opening the properties of
your LDAP Server object using ConsoleOne.
Configuring Directory Services

This section describes how to configure a directory service (or the local
database) for use with the Enterprise Web Server.
IMPORTANT: If you switch to or from local database mode, you need to restart all
Web Services servers, including NetWare Web Manager. Keep in mind that Web
Manager runs on the Apache Web server, which hosts other services, including
iFolderTM. You might want to do this when you know user traffic is low.
Using eDirectory Mode

eDirectory is already configured by default. However, if you for any reason
you need to reconfigure eDirectory mode, follow these steps.
1 From the NetWare Web Manager home page, click Enterprise Web Server
servername > Users and Groups > Configure Directory Service.
2 Select eDirectory.
A dialog box appears to confirm that you want to use eDirectory.
3 Click OK.
4 To add a new search context, click Insert Context .
HINT: This field is optional. However, by specifying the context of your admin user
object, you will not be required to enter your fully distinguished name when
prompted to authenticate to Web Manager or other protected resources.
5 Click Remove Context to remove one or more search contexts.

6 Click Float Context to move the selected context to a higher priority
context.

103-000133-001
August 29, 2001
Novell Confidential
8 (Conditional) If you change directory service from a local or remote

LDAP directory to eDirectory, you need to restart the Web server.
NetWare Web Manager does not need to be restarted.
HINT: eDirectory does not allow public access to nonpublic folders or files. All
users must be authenticated before receiving any content. Content that is placed
in public directories do not require authentication. For more information on setting
up public directories, see “Setting Additional Document Directories” on page 62.
Using Local Database Mode

2 Click Local Database.
A dialog box appears to warn you that you will lose your directory service
configuration information.
3 Click OK.
4 In the Base DN field, enter the distinguished name to be used as a suffix
for your local directory and also as the point which directory lookups will
occur from by default.
An example of a suffix that you could enter here is
o= your_company_name, c=US
If you do not enter a value in this field, then your suffix will be a null
string and all searches will begin from the top or root point of the
directory.
Using LDAP Mode

2 Click LDAP Directory Server.
A dialog box appears to confirm that you want to use a directory server.
3 Click OK.
4 In the Host Name field, enter the hostname where the directory server is
running.
You must enter a hostname even if the directory server is running on the
local machine.

103-000133-001
August 29, 2001
Novell Confidential
5 In the Port field, enter the default number if your directory server is using
a different port number than the default port number 389.
6 In the Base DN field, enter the distinguished name that will be the point
which directory lookups will occur from by default and will be the
location where all NetWare Web Manager’s entries will be placed in your
directory tree.
An example of a base DN that you could enter here is
o= you_company_name, c=US
7 In the Bind DN field, enter the bind DN that NetWare Web Manager will
use to initially bind (or log in) to the directory server.
This bind DN requires only Read and Search access to the directory.
Because this DN and the associated password (if any) are easily
compromised, it is best to simply leave this field blank and then set up
your directory server to allow anonymous search access. If you do not
want to allow anonymous search access to your directory, then specify a
bind DN entry here that has only Read and Search access to your
directory.
IMPORTANT: Do not specify your directory server’s admin username in this field.
This bind DN is used only to initially search for the username you entered in
NetWare Web Manager authentication dialog box. Once the entry corresponding
to this username is located, NetWare Web Manager rebinds to the directory server
using the retrieved entry. Therefore, if the username you supplied when you first
logged in to NetWare Web Manager does not have access to the directory server,
you will not have any access to the directory server, regardless of the bind DN
information provided in this field.
8 (Optional) In the Bind Password field, enter the password for the bind DN
entry if you have entered a bind DN in the previous field.

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
8 Understanding ACL Files
This chapter describes the access control list (ACL) files and their syntax.
ACL files are text files that contain lists that define who can access resources
stored on your Web server. By default, the Web server uses one ACL file that
contains all of the lists for access to your server. However, you can create
multiple ACL files and reference them in the OBJ.CONF file.
You need to know the syntax and function of ACL files if you plan to
customize access control using the access control API. For more information
on the API, see the Novell Developer Kit Web site (http://
www.developer.novell.com/ndk/nscomp.htm).
Using either local database or LDAP directory modes, you manage access
control through the access control lists (ACL). With Novell® eDirectoryTM,
you manage access control through NetWare® file system trustees. For more
information, see Chapter 7, “Using a Directory Service to Control User
Access to Network Resources,” on page 83 and “Controlling Access with
NetWare Web Access Controls” on page 265.
ACL File Syntax

An ACL file is a text file containing one ACL or more. All ACL files must
follow a specific format and syntax. All ACL files must begin with the version
number they use. There can be only one version line and it can appear after
any comment lines. For example:
version 3.0;
You can include comments in the file by beginning the comment line with the
pound (#) sign.
Each ACL in the file begins with a statement that defines its type. ACLs can
follow one of three types:
Path ACLs specify an absolute path to the resource they affect.
URI (Uniform Resource Indicator) ACLs specify a directory or file.
Named ACLs specify a name that is referenced in resources in the
OBJ.CONF file. The server comes with a default named resource that
allows read access to anyone and write access to users in the local
database or LDAP directory. Even though you can create a named ACL
Understanding ACL Files 89

103-000133-001
August 29, 2001
Novell Confidential
from the Server Preference forms, you must manually reference the
named ACLs with resources in the OBJ.CONF file.
The type line begins with the letters acl and then includes the type information
in double quotation marks followed by a semicolon. Each type information for
all ACLs must be a unique name, even among different ACL files. The
following lines are examples of several different types of ACLs:
acl "path=C:\Netscape\SuiteSpot\docs\mydocs\";
acl "*.html";
acl "default";
acl "uri=/mydocs/";
After you define the type of ACL, you can have one or more statements that
define the method used with the ACL (authentication statements) and the
people and computers who are allowed or denied access (authorization
statements). The following sections describe the syntax for these statements.
Authentication Statements
ACLs can optionally specify the authentication method the server must use
when processing the ACL. There are two general methods:
Basic requires users to enter a username and password before accessing a
resource.
SSL requires the user to have a client certificate. For this method to work,
the Web server must have encryption turned on.
By default, the server uses the basic method for any ACL that doesn’t specify
a method. You can change the default setting by editing the following line in
the MAGNUS.CONF file:
Init fn=acl-set-default-method method=SSL
Each authenticate line must specify what list (users, groups, or both) the server
should use when authenticating users. The following authentication statement,
which would appear after the ACL type line, specifies basic authentication
with users matched to individual users in the database or directory:
authenticate (user) {
method = basic;
};

103-000133-001
August 29, 2001
Novell Confidential
The following example uses SSL as the authentication method for users and
groups:
authenticate (user, group) {
method = ssl;
};
Any allow or deny statements must match the lists you specify in the
authenticate line. If the line says authenticate (user), the allow or deny line
must also specify users. The following example allows any user whose
username begins with the letters sales:
authenticate (user)
allow (all)
user = sales*
If the last line was changed to group = sales, then the ACL would fail because
there are no groups in the user lists.
Authorization Statements
Each ACL entry can include one or more authorization statements, which
specify who is allowed or denied access to a server resource. Use the
following syntax when writing authorization statements:
allow|deny [absolute] (right[,right...]) attribute qualifier
expression;
Start each line with either allow or deny. It’s usually a good idea to deny access
to everyone in the first rule or command you enter and then specifically allow
access for users, groups, or computers in subsequent rules. This is because of
the hierarchy of rules.
For example, if you allow anyone access to a directory called MY_STUFF,
then you have a subdirectory MY_STUFF/PERSONAL that allows access to
a few users. The access control on the subdirectory won’t work because
anyone allowed access to the MY_STUFF directory will also be allowed
access to the MY_STUFF/PERSONAL directory. To prevent this, create a
rule for the subdirectory that first denies access to anyone and then allows it
for the few users who need access.
However, in some cases, if you set the default ACL to deny access to
everyone, then your other ACL rules don’t need a Deny All rule.
The following line denies access to everyone:
deny (all)
user = "anyone";

103-000133-001
August 29, 2001
Novell Confidential
Hierarchy of Authorization Statements
ACLs have a hierarchy that depends on the resource. For example, if the
server receives a request for the document (URI) /MY_STUFF/WEB/
PRESENTATION.HTML, the server first looks for an ACL that matches the
file type or any other wildcard pattern that matches the request, then it looks
for one on the directory, and finally it looks for an ACL on the URI. If there is
more than one ACL that matches, the server uses the last statement that
matches.
However, if you use an absolute statement, then the server stops looking for
other matches and uses the ACL containing the absolute statement. If you
have two absolute statements for the same resource, the server uses the first
one in the file and stops looking for other resources that match.
For example, using the ACL hierarchy with the request for the document
/MY_STUFF/WEB/PRESENTATION.HTML, you could have an absolute
ACL that restricts access to the file type *.HTML then the server would use
that ACL instead of looking for one that matches the URI or the path.
version 3.0;
acl "default";
authenticate (user,group) {
prompt="Enterprise Server";
};
allow (write,delete)
user="all";
acl "*.html";
deny absolute (all)
user="anyone";
acl "uri=/my_stuff/web presentation.html";
deny (all)
user="anyone";
allow (all)
user="anyone";

103-000133-001
August 29, 2001
Novell Confidential
Attribute Qualifier Expressions
Attribute qualifier expressions define who is allowed or denied access based

on their username, group name, hostname, or IP address. The following lines
are examples of allowing access to different people or computers:
user = “anyone”
user = “smith*”
group = “sales”
dns = “*.organization.com”
dns = “*.organization.com” or “*.accounting_mail.com”
ip = “198.*”
You can also restrict access to your server by time of day (based on the local
time on the server) by using the timeofday attribute qualifier. For example, you
can use the timeofday attribute qualifier to restrict access to certain users
during specific hours.
Use a 24-hour clock to specify times (for example, use 0400 to specify 4 a.m.
or 2230 for 10:30 p.m.).
The following example restricts access to a group of users called Guests
between 8:00 a.m. and 4:59 p.m.
allow (read)
(group="guests") and
(timeofday<800 or timeofday>=1700);
You can also restrict access by day of the week. Use the following three-letter
abbreviations to specify days of the week: Sun, Mon, Tue, Wed Thu, Fri, and
Sat.
The following statement allows access for users in the Premium group any day
and any time. Users in the Discount group get access all day on weekends and
on weekdays anytime except 8:00 a.m. to 4:59 p.m.
allow (read) (group="discount" and dayofweek="Sat,Sun") or
(group="discount" and (dayofweek="mon,tue,wed,thu,fri" and
(timeofday<0800 or timeofday>=1700)))
or
(group="premium");

103-000133-001
August 29, 2001
Novell Confidential
Operators for Expressions
You can use various operators in attribute qualifier expressions. You can use
parentheses to delineate the order of precedence of the operators. With user,
group, dns, and ip qualifiers, you can use the following operators:
and
or
not
= (equals)
!= (not equal to)
With timeofday and dayofweek qualifiers, you can use the following additional
operators:
> (greater than)
< (less than)
>= (greater than or equal to)
<= (less than or equal to)
Default ACL File

After installing the server, it uses the default settings in the file
SERVER_ROOT/HTTPACL/GENERATED.HTTPS-SERVERID.ACL.
There is also a file called GENWORK.HTTPS-SERVERID.ACL that is a
working copy that the server uses until you save and apply your changes when
working with the user interface. When editing the ACL file, you might want
to work in the GENWORK file and then use Server Preferences to save and
apply the changes.
The following text is from the default file:
# File automatically written
#
# You may edit this file by hand
#
version 3.0;
acl "agents";
prompt = "Enterprise Server";
};
deny (all)
user = "anyone"

103-000133-001
August 29, 2001
Novell Confidential
allow absolute (all)

user = "all";
acl "default";
allow (read,execute,list,info)
user = "anyone";
allow (write,delete)
user = "all";
The default ACL file is referenced in MAGNUS.CONF as follows:

ACLFile absolutepath/generated.https-serverid.acl
You can reference multiple ACL files in MAGNUS.CONF and then use their
ACLs for resources in OBJ.CONF. However, the server uses only the first
ACL file with the Web Publisher and with evaluation of access control for
objects that don’t have specific ACLs listed in OBJ.CONF. If you’re using the
Server Preference form to do some access control, the first ACL file in
MAGNUS.CONF should point to the file GENERATED.HTTPS-
SERVERID.ACL. See “Referencing ACL Files in OBJ.CONF” on page 96
for more information.
General Syntax Rules
Input strings can contain the following characters:

Letters A through Z
Numbers 0 through 9
Period (.) and underscore (_)
If you use any other characters, use double quotation marks (" ") around the
characters.
A single statement can be placed on its own line and be terminated with a
semicolon. Multiple statements are placed within braces. A list of items must
be separated by commas and enclosed in double quotation marks.

103-000133-001
August 29, 2001
Novell Confidential
Referencing ACL Files in OBJ.CONF

If you have named ACLs or separate ACL files, you can reference them in the
OBJ.CONF file. You do this in the PathCheck directive using the check-acl
function. The line has the following syntax:
PathCheck fn="check-acl" acl="acl_name"
The acl_name is a unique name of an ACL as it appears in any ACL file.

For example, you might add the following lines to your OBJ.CONF file if you
want to restrict access to a directory using the ACL named testacl:
<Object ppath="/usr/ns-home/docs/test/*">
PathCheck fn="check-acl" acl="testacl"
</Object>
In this example, the first line is the object that states which server resource you
want to restrict access to. The second line is the PathCheck directive that uses
the check-acl function to bind the named ACL (testacl) to the object that the
directive appears in. The testacl ACL can appear in any ACL file referenced
in MAGNUS.CONF.

103-000133-001
August 29, 2001
Novell Confidential
9 Extending Your Server with Programs
In addition to serving HTML documents, your server can run programs that
interact with clients. These applications that run on the server are called
server-side applications. Client-side applications are downloaded to the client
and run on the client machine.
Your server can run these types of server-side applications:
Local Common Gateway Interface (LCGI) programs
JavaScript applications
Plug-in programs that use the server plug-in APIs, such as the Netscape
Server Plug-In (NSAPI)
This chapter describes how to install Java applets, CGI programs, and
JavaScript applications onto your server. Plug-ins extend or replace your
server’s features. For example, you can use plug-ins to provide a different way
to control access or to log in.
For information on writing and installing plug-ins, see the Novell Developer
Kit Web site (http://www.developer.novell.com/ndk/doc.htm).
Additionally, your server can send server-side JavaScript programs to
clients.This chapter deals mainly with the installation and configuration of
server-side programs.
This chapter also describes the steps for specifying a default query handler
CGI program. A query handler processes text sent to it via the ISINDEX tag
in an HTML file.
Installing Server-Side Programs

JavaScript applications and CGI programs have different strengths and uses.
CGI programs can be written in C, PERL, or other programming languages.
All CGI programs have a standard way to pass information between clients
and servers. JavaScript applications are written in JavaScript, an object-based
scripting language that is easier to learn than an object-oriented programming
language and lends itself to rapid application development.
Extending Your Server with Programs 97

103-000133-001
August 29, 2001
Novell Confidential
Each type of program is installed onto the server differently. The following list
summarizes the procedures:
For CGI programs, configure your server to recognize certain files as
CGI-all files with certain filename extensions or all files in specified
directories.
For JavaScript applications, check in each application individually
through the Application Manager, which you can access from the
Programs form or separately.
These installation instructions are described in the following sections.
Installing CGI Programs

Common Gateway Interface (CGI) programs can be created with any number
of programming languages. On a UNIX* machine, you’re likely to find CGI
programs written as Bourne shell or PERL scripts. On a Windows computer,
you might find CGI programs written in C++ or batch files. On NetWare®,
you might find CGI programs written in NetBasic*, PERL, Novell Script for
NetWare (NSN), or LCGI NLMTM applications.
Regardless of the programming language, all CGI programs accept and return
data in the same manner.
There are two ways to store CGI programs on your server:
1. Specify a directory that contains only CGI programs. All files are run as
programs regardless of the file extensions.
2. Specify that CGI programs are all a certain file type. They will all use the
file extensions .CGI, .EXE, .NLM, or .BAT. The programs can be located
in any directory that the server can serve from.
There are benefits to either implementation. If you want only a specific set of
users to be able to add CGI programs, keep the CGI programs in specified
directories and restrict access to those directories. If you want to allow anyone
who can add HTML files to be able to add CGI programs, use the file type
alternative. Users can keep their CGI files in the same directories as their
HTML files.
If you choose the directory option, your server will attempt to interpret any file
you place in that directory as a CGI program. Similarly, if you choose the file
type option, your server will attempt to process any files with the file
extensions .CGI, .EXE, .NLM, or .BAT as CGI programs. If a file has one of
these extensions but is not a CGI program, an error occurs when a user
attempts to access it.

103-000133-001
August 29, 2001
Novell Confidential
Specifying a CGI Directory

servername > Programs > CGI Directory.
2 In the URL Prefix field, enter the URL prefix you want to use for this
directory.
The text you enter appears as the directory for the CGI programs in URLs.
For example, if you enter cgi-bin as the URL prefix, then all URLs to
these CGI programs have the following structure:
http://yourserver.domain.com/cgi-bin/program-name
The URL prefix you specify can be different from the real CGI directory
you specify in the next step.
3 In the CGI Directory field, enter the location of the directory as an
absolute path.
This directory doesn’t have to be under your document root. This is the
reason that you need to specify a URL prefix in the previous step.
Editing an Existing CGI Directory

2 Under Current CGI Directories, click Edit next to the directory you want
to edit.
3 In the URL prefix field, enter the new prefix.
4 In the CGI directory field, enter the new directory.
Removing an Existing CGI Directory

2 Under Current CGI directories, click Remove next to the directory you
want to remove.

103-000133-001
August 29, 2001
Novell Confidential
Copy your CGI programs into the directories you’ve specified.

Remember that any files in those directories will be processed as a CGI
file, so you don’t want to put HTML files in your CGI directory.
Specifying CGI as a File Type

servername > Programs > CGI File Type.
2 Select the resource you want to apply this change to from the Editing
drop-down list.
3 Click Browse to choose a part of your server.
4 Click Options to browse files and directories on your server.
5 Click Back to return to the CGI as a File Type form.
6 Click Wildcard to enter the wildcard pattern to edit.
7 Click Yes to activate CGI as a file type.
The CGI files must have the file extension .BAT, .EXE, .NLM, or .CGI. Any
non-CGI files with those extensions will be processed by your server as CGI
files and will cause errors.
Downloading Executable Files
If you’re using .EXE as a CGI file type, users will not be able to download
.EXE files as executables.
One solution to this problem is to compress the executable files that you want
users to be able to download, so that the extension is not .EXE. This solution
has the added benefit of shortening the download time.
Another possible solution is to remove .EXE as a file extension from the
MAGNUS-INTERNAL/CGI type and add it to the APPLICATION/OCTET-
STREAM type (the MIME type for normal downloadable files). You can do
this by clicking Enterprise Web Server servername > Server Preferences >
MIME Types. However, the disadvantage to this method is that after making
this change, you cannot use .EXE files as CGI programs.
Another solution is to edit your server’s OBJ.CONF file to set up a download
directory, where any file in the directory is downloaded automatically. The
rest of the server won’t be affected. For directions on setting up this directory,
visit the Netscape Technical Support Knowledge Base (http://
help.netscape.com/kb/server/960513-130.html).

103-000133-001
August 29, 2001
Novell Confidential
Scripting CGI
Refer to the Novell Developer Kit Web site (http://

www.developer.novell.com/ndk/doc.htm) for information on PERL,
NetBasic, NSN, and LCGIs.
Using the Query Handler

You can specify a default query handler CGI program. A query handler
processes text sent to it via the ISINDEX tag in an HTML file.
ISINDEX is similar to a form text field in that it creates a text field in the
HTML page that can accept typed input. Unlike the information in a form text
field, however, the information in the ISINDEX box is immediately submitted
when the user presses Enter. When you specify your default query handler,
you tell your server the program to direct the input to. For an in-depth
discussion of the ISINDEX tag, see an HTML reference manual.
To set a query handler, do the following:
servername > Programs > Query Handler.
2 Select the resource you want to set a default query handler for from the
If you choose a directory, the query handler you specify runs only when
the server receives a URL for that directory or any file in that directory.
3 Click Browse to choose a part of your server.
4 Click Options to browse files and directories on your server.
5 Click Back to return to Query Handler form.
6 Click Wildcard to enter the wildcard pattern to edit.
7 In the Default Query Handler field, enter the full path for the CGI
program you want to use as the default for the resource you selected.

103-000133-001
August 29, 2001
Novell Confidential
Installing Server-Side JavaScript Programs

To install server-side JavaScript programs, you need to activate server-side
JavaScript for your server and use the Application Manager. This section
includes information on accessing and using the Application Manager to
install server-side JavaScript applications as well as to perform other
functions.
For more information about writing JavaScript applications, see the Novell
Developer Kit Web site (http://www.developer.novell.com/ndk/doc.htm).
You must activate server-side JavaScript before you can use the Application
Manager. Also, put JSAC.EXE and LIBESNSPR20.DLL in your system
directory so that they are in the search path. These files are found in the
NOVONYX/SUITESPOT/BIN/HTTPS directory.
Activating Server-Side JavaScript
If you are using server-side JavaScript applications, you must first activate
server-side JavaScript for your server.
servername > Programs > Server Side JavaScript.
2 Select Yes to activate the server-side JavaScript application environment.
4 When the Activate Server Side JavaScript form appears, click the link to
use the Application Manager.
5 Enter the NetWare Web Manager username and password to use the
Application Manager.
For more information, see “Securing the Application Manager” on page
104.
For applications written in server-side JavaScript, you can perform the
following administrative tasks with the server-side JavaScript Application
Manager:
Install a new JavaScript application. (You must add an application before
users can run it.)
Modify any of the attributes of an installed application. For example, its
default home page, path to the .WEB file, and type of client-object
maintenance.

103-000133-001
August 29, 2001
Novell Confidential
Stop, start, and restart an installed application.

Run and debug an active application.
Remove an installed application.
Running the Application Manager
To run the Application Manager, click Enterprise Web Server servername >
Programs > Server Side JavaScript > Application Manager. You can also run
the Application Manager by loading the following URL in your Web browser:
https://server.domain/appmgr
The Application Manager displays all applications currently installed on the
server in a scrolling list in the left frame. Click an application in the scrolling
list.
For the selected application, the right frame displays the following:
Application name (at the top of the frame)
Path of the application .WEB file on the server
Default and initial pages for the application
Number of built-in maximum database connections allowed
External libraries used by the application (if any)
Client object maintenance technique
Status of the application: Active or Stopped (Users can run only active
applications.)
To modify applications, do the following:
1 In the Applications list, select the application you want to modify.
2 Click the task button below the Applications list to perform the specified
action:
Start activates the application.
See “Starting, Stopping, and Restarting a Server-Side JavaScript
Application” on page 107.
Stop stops the application.

103-000133-001
August 29, 2001
Novell Confidential
Restart restarts the application that was previously started and then
stopped.
Run: Retrieves application-Home form.
See “Running a Server-Side JavaScript Application” on page 107.
Debug: Retrieves application-Home form.
Modify: Retrieves the specified application form.
See “Modifying Installation Parameters” on page 106.
Remove: Removes the application.
See “Removing a Server-Side JavaScript Application” on page 107.
The following explains the buttons and links on the green banner that runs
across the top of the screen:
Configure configures the default settings for Application Manager
Add Application installs a new JavaScript application
Documentation provides further documentation on server-side JavaScript
Help provides instructions for using Application Manager
Securing the Application Manager
If you have disabled Web Manager’s encryption, intruders can easily intercept
your administrator username and password. Because Application Manager
uses the same administrator username and password, intruders could also
access Application Manager and add, remove, modify, start, stop, or delete
your applications.
You should either enable Web Manager’s encryption or avoid accessing it
from outside of your company’s firewall.
Installing Server-Side JavaScript Applications
You must install (add) an application with the Application Manager before
you can run it. You can install up to 120 JavaScript applications on one server.
servername > Programs > Server Side JavaScript.
2 Click Application Manager.

103-000133-001
August 29, 2001
Novell Confidential
3 Click Add Application at the top of the page.

4 In the Name field, enter the name of the JavaScript application.
For specific information on application URLs, see “Application URLs”
on page 106.
IMPORTANT: Do not give any JavaScript applications the same names as any
subdirectories of your primary document directory. If you do, the server will no
longer correctly process requests from the directory. For example, if you have a
directory server_root/DOCS/BUG and a JavaScript application named Bug, all
requests for any files in the BUG directory (or any of its subdirectories) will attempt
to launch the JavaScript application Bug. The JavaScript application URI takes
precedence.
5 In the Web File Path field, enter the absolute path to the .WEB file for the
application.
6 In the Default Page field, enter the absolute path of the file to send to
clients who do not indicate a specific page for the application.
This page is analogous to INDEX.HTML for a standard URL. This is a
required field.
7 (Optional) In the Initial Page field, enter the absolute path of the page to
run when the application is first started.
This page runs only once during the life of the application and is used to
initialize values and establish database connections.
8 (Optional) In the Built-in Maximum Database Connections field, enter
the maximum number of database connections that this application can
have at one time if you are using the built-in Database object.
9 (Optional) In the External Libraries field, enter the absolute paths of any
libraries to be used with the application.
Libraries installed for one application can be used by all applications on
the server.
10 In the Client Object Maintenance field, select the mode for maintaining
the Client object.
This can be Client-Cookie, Client-URL, Server-IP, Server-Cookie, or
Server-URL.

103-000133-001
August 29, 2001
Novell Confidential
Application URLs
When you install a server-side JavaScript application, you must enter a name
for it. This name determines the application URL, which clients use to access
a JavaScript application. Application URLs are of the form http://
server.domain/appName/page.html. Server is the name of the HTTP server,
domain is the Internet domain (including the subdomains), appName is the
application name you enter when you install it, and page is the name of the
page in the application.
For example, if your server is named MYSERVER, your domain name is
NOVELL.COM, and the application is called Hello World, the application
URL is HTTP://MYSERVER.NOVELL.COM/WORLD/HELLO.HTML
This is a required field, and the name you enter must be different from all other
application names on the server. The name must include only alphanumeric
characters and cannot include spaces.
IMPORTANT: Before you install an application, make sure the application name
you choose does not usurp an existing URL on your server. All client requests for
URLs that match the application URL are routed to the directory specified for the
.WEB file, circumventing the server’s normal document root.
Controlling Access to a Server-Side JavaScript Application
When you install an application, you might want to restrict its use to only
certain users. You can do this by applying a configuration style to the
application. For more information, see “Working with Configuration Styles”
on page 80.
Modifying Installation Parameters
You can change any of the parameters defined when you installed the
application, except the application name. To change the name of an
application, you must remove the application and then reinstall it.
If you modify the parameters of a stopped application, the Application
Manager automatically starts it. When you modify parameters of an active
application, Application Manager automatically stops and restarts it.

103-000133-001
August 29, 2001
Novell Confidential
Removing a Server-Side JavaScript Application
Clicking Remove removes the application from the Application Manager, but
does not delete files from the server. At this point, clients can no longer access
the application.
If you delete an application and subsequently want to run it, you must install
it again.
Starting, Stopping, and Restarting a Server-Side JavaScript Application

Start starts an installed application that is stopped. If the application starts
successfully, clients can run the application.
Stop stops an active application. The application’s status changes to
stopped, and clients can no longer run the application. You must stop an
application if you want to move the .WEB file or update an application
from a development server to a deployment server.
Restart restarts a running application. For any changes you have made to
take effect, you must restart an application after you compile it.
You can also start, stop, and restart an application by entering a special URL
in the format
http://server.domain/appmgr/
control.html?name=appName&cmd=action
where appName is the application name and action is either stop, start, or
restart.
Running a Server-Side JavaScript Application
There are two ways to run an installed application:

Select the application name in the Application Manager and click Run. A
new Web browser window accesses the application.
Enter the application URL in your Web browser.
If you attempt to run a stopped application (one that is not active), then the
Application Manager tries to start it first.
WARNING: The server should not be unloaded while a server-side JavaScript
application is running because the server can leave the application in an
unpredictable state.

103-000133-001
August 29, 2001
Novell Confidential
Configuring Default Settings
When you install a new application, the default installation parameters are
used for the initial settings.
You can specify the following default settings:
Installation parameters of .WEB file path, default page, initial page,
maximum number of built-in database connections, external libraries, and
client object maintenance technique. You can specify a default directory
path for your development area and native executables libraries.
Prompts to confirm your action when you remove, start, stop, or restart an
application.
The application trace to appear, when debugging an application, in the
same window as the application, but in another frame or in a window
separate from the application.
Installing Client-Side Programs

Installing client-side programs in your server is relatively easy. There are two
types of client-side programs: Java applets and JavaScript programs.
Client-side Java applets are executable files identified in an HTML document,
retrieved from the server, and executed on the client. The applets can reside
anywhere under your server’s primary document root.
Client-side JavaScript programs are created by lines of JavaScript code
embedded in HTML files. The HTML files travel from the server to the client.
Once the files reach the client, the Web browser interprets the JavaScript code
and performs the specified actions.
With LiveConnect you can connect server-side Java and JavaScript
applications or client-side Java and JavaScript applications. For more
information on LiveConnect, on embedding JavaScript in HTML, and on
using client-side JavaScript with other programs, see the Novell Developer
Kit Web site (http://www.developer.novell.com/ndk/doc.htm).

103-000133-001
August 29, 2001
Novell Confidential
About Tomcat for NetWare

Tomcat enables the NetWare Enterprise Web Server to execute Java servlets.
A servlet can be thought of as a server-side applet without a user interface.
Tomcat provides Web application developers with additional functionality.
For example, a servlet could be written and deployed to process data obtained
from a client via an HTML form and the server-side data processing could
manipulate the data and store results in a database. Servlets provide an
alternative to CGI.
For Tomcat documentation, refer to the HTML files found on your NetWare 6
server under SYS:\TOMCAT\33\DOC\INDEX.HTML.
You can also visit http://jakarta.apache.org (http://jakarta.apache.org) for the
latest Tomcat news.
Migrating from WebSphere to Tomcat

If you have been using IBM* WebSphere Application Server for NetWare,
you can migrate your existing Web applications to Tomcat using the migration
utility included with NetWare 6. The Migration Utility creates Tomcat 3.3
Web applications from WebSphere Web applications.
The WebSphere-to-Tomcat Migration Utility is intended for use when
upgrading from a NetWare 5.1 server to a NetWare 6.0 server where
WebSphere 3.02 or WebSphere 3.5.1 has been already installed on the
NetWare 5.1 server.
Step 1: Before Installing NetWare 6

1 At the NetWare console prompt, enter
xmlconfig -export volume:\websphere\migrate.xml -
adminNodeName NodeName
If WebSphere was installed to another volume or directory other than
volume:\WEBSPHERE, then specify that location instead.
IMPORTANT: You must use the node’s correct name.
This step can be skipped if you are migrating from WebSphere Servlet Engine Only
mode for WebSphere version 3.5.1.
2 Open the MIGRATE.XML file found in the volume:\WEBSPHERE

directory to verify that the export was successful.
Your Web applications should be listed in the MIGRATE.XML file.

103-000133-001
August 29, 2001
Novell Confidential
Step 2: Upgrading to NetWare 6
Once you have completed the first step, you can proceed with your NetWare
6 server upgrade. (See the NetWare 6 Overview and Installation Guide).
IMPORTANT: All of the WebSphere directories must be preserved on the disk or
made available after the upgrade is performed. Failure to save the directories could
result in deleting your Web applications if you remove NetWare partitions during
Step 3: Running the Migration Tool
Once the upgrade is successfully completed and your server is running, start
the migration utility.
1 Because the migration utility edits the Enterprise Web Server’s
OBJ.CONF file, we recommend that you make a backup copy of the file
before running the utility.
2 If WebSphere was not installed to the default directory
(SYS:\WEBSPHERE), edit the MIGRATE_TO_TOMCAT.NCF file with
the correct path.
3 At the NetWare console prompt, enter
migrate_to_tomcat
The migration utility creates a WEB-INF directory in the document root
directory for each WebSphere Web application. In each of the WEB_INF
directories is a WEB.XML file and two additional subdirectories named
CLASSES and LIB.
The JAR files for the Web applications are copied into the LIB directory and
the files that are referenced by the application’s class-paths and the
WebSphere system class-path are copied into the classes directory.
Classes and Jar files for your Web applications are then stored in these
directories and the original locations are no longer used.
Additionally, the migration tool adds URL path references to the Enterprise
Web Server OBJ.CONF file. The DBSWITCH.CONF, file found at
volume:\NOVONYX\SUITSPOT\USERDB\DBSWITCH.CONF, is also
edited.
For additional details, refer to the Migration Utility release notes found at the
root of the NetWare 6 Operating System CD in the TOMCAT\33\BIN
directory.

103-000133-001
August 29, 2001
Novell Confidential
Undoing the Migration
If you change your mind, you can undo the migration by following a few
simple steps.
1 Delete the file volume:\TOMCAT\33\CONF\APPS-
WEBSPHERE.XML.
2 Remove the URL paths from the Enterprise Web Server’s OBJ.CONF
file.
3 Delete the WEB-INF directory in the document root of each WebSphere
Web application that was migrated.
4 Remove the entries in DBSWITCH.CONF that point to the added
document root directories.

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
10 Monitoring the Web Server
You can monitor your Web server’s activity using one of several methods. You
can view the server’s status in real time—what is happening while you view
it, compared to past performance—by using the Hypertext Transfer Protocol
(HTTP) or the Simple Network Management Protocol (SNMP). You can also
monitor your server by recording and viewing log files.
Working with Log Files

Server log files record your server’s activity. You can use these logs to monitor
your server and to help you when troubleshooting. Both the error log file and
the access log file are located in /NOVONYX/SUITESPOT/HTTPS-
SERVERNAME/LOGS. The error log file lists all the errors the server has
encountered, and the access log file records information about requests to the
server and the responses from the server. You can use the Server Status form
to specify what to include in the access log file. Use the log analyzer to
generate server statistics. You can back up server error and access log files by
archiving them.
Viewing an Access Log File

You can view the server’s active and archived access log files from the Server
Status form.
servername > Server Status > View Access Log.
2 Select the access log file you want to see from the View This Log File
drop-down list.
Active log files for resources and archived log files appear in the list.
3 To limit how much of the access log you see, enter the number of lines
you want to see in the Number of Entries field.
The order of the log entries on the screen is the order in which they were
recorded in the log.
4 If want to filter the access log entries for a particular word, enter the word
in the Only Show Entries With field.
Monitoring the Web Server 113

103-000133-001
August 29, 2001
Novell Confidential
Case is important; make sure the case for your entry matches the case of
the word you’re searching for.
5 Click OK.
Here is an example of an access log in the common logfile format:

wiley.a.com - - [16/Feb/1996:21:18:26 -0800] “GET / HTTP/1.0” 200 751
wiley.a.com - - [17/Feb/1996:1:04:38 -0800] “GET /docs/grafx/icon.gif HTTP/1.0”
204 342
wiley.a.com - - [20/Feb/1996:4:36:53 -0800] “GET /help HTTP/1.0” 401 571
arrow.a.com - john [29/Mar/1996:4:36:53 -0800] “GET /help HTTP/1.0” 401 571
The following table describes the last line of the sample access log.
Table 5 Fields in the Last Line of the Sample Access Log File
Access Log Field Example
Hostname or IP address of client arrow.a.com (In this case, the hostname is

shown because the Web server’s setting for
DNS lookups is enabled; if DNS lookups
were disabled, the client’s IP address would
appear.)
RFC 931 information - (RFC 931 identity not implemented.)
Username john (Username entered by the client for

authentication.)
Date/time of request 29/Mar/1996:4:36:53 -0800
Request GET/help
Protocol HTTP/1.0
Status code 401
Bytes transferred 571

103-000133-001
August 29, 2001
Novell Confidential
Here is an example of an access log using the flexible logging format:

wiley.a.com - - [25/Mar/1996:12:55:26 -0800] "GET /index.htm HTTP/1.0" "GET" "/
?-" "HTTP/ 1.0" 304 0 - Mozilla/2.0 (WinNT; I)
wiley.a.com - - [25/Mar/1996:12:55:26 -0800] "GET / HTTP/1.0" "GET" "/?-" "HTTP/
1.0" 304 0 - Mozilla/2.0 (WinNT; I)
wiley.a.com - - [25/Mar/1996:12:55:26 -0800] "GET / HTTP/1.0" "GET" "/?-" "HTTP/
1.0" 304 0 - Mozilla/2.0 (X11; I; IRIX 5.3 IP22)
The access log in the flexible logging format looks similar to the access log
using the common logfile format.
Viewing an Error Log File

The error log file contains errors the server has encountered after the log file
was created; it also contains information about the server, such as when the
server was started. Incorrect user authentication is also recorded in the error
log. Use the error log to find broken URL paths or missing files.
servername > Server Status > View Error Log.
2 Enter the number of lines you’d like to see in the Number of Errors to
View field if you want to see more or less than 25 lines of the error log at
one time.
The order of the log entries on the screen is the order in which they were
recorded in the log.
3 If you’d like to filter the error messages for a particular word, enter the
word in the Only Show Entries With field.
Case is important; make sure the case for your entry matches the case of
the word you’re searching for.
4 Click OK.
Here is an example of an error log:

[13/Feb/1996:16:56:51] info: successful server startup
[20/Mar/1996 19:08:52] warning: for host wiley.a.com trying to GET /report.html,
append-trailer reports: error opening
[30/Mar/1996 15:05:43] security: for host arrow.a.com trying to GET /, basic-
ncsa reports: user jane password did not match database
In this example, the first line is an informational message—the server started

successfully. The second log entry shows that the client wiley.a.com requested
the file REPORT.HTML, but the file wasn’t in the primary document directory
on the server. The third log entry shows that the password entered for the user
jane was incorrect.

103-000133-001
August 29, 2001
Novell Confidential
Setting Log Preferences

You can customize access logging for any resource by specifying whether to
log accesses, which format to use for logging, and whether the server should
spend time looking up the domain names of clients when they access a
resource.
Server access logs can be in common logfile format, flexible log format, or
your own customized format. The Common Logfile Format is a commonly
supported format that provides a fixed amount of information about the server.
The flexible log format allows you to choose (from the Server Status form)
what to log. A customized format uses parameter blocks that you specify to
control what gets logged. Once an access log for a resource has been created,
you can’t change its format unless you archive it or create a new access log
file for the resource.
To set access logging preferences, do the following:
servername > Server Status > Log Preferences.
2 Select the resource that you would like to apply custom logging to from
the Editing drop-down list.
3 Select whether to log client accesses.
4 Enter the full path in the Log File field.
By default, the log files are kept in the logs directory in the server root
directory. If you specify a partial pathname, the server assumes the path
is the logs directory in the server root.
5 Under Record, click Domain Names or IP Addresses.
6 In the Format list, select Common Logfile Format, flexible log format
(Only Log option), or Custom Format.
7 (Conditional) If you selected Only Log, you can select any or all of the
following flexible log format items in the checklist:
Client Host Name: The hostname (or IP address if DNS is disabled)
of the client requesting access.
Authenticate Username: The authenticated username is listed in the
access log if authentication is necessary.
System Date: The date and time of the client request.
Full Request: The exact request the client made.

103-000133-001
August 29, 2001
Novell Confidential
Status: The status code the server returned to the client.

Content Length: The content length, in bytes, of the document sent
to the client.
HTTP Header, “Referer”: The referer specifies the page from which
the client accessed the current page. For example, if a user was
looking at the results from a text search query, the referer would be
the page that the user accessed the text search engine from. Referers
allow the server to create a list of backtracked links.
HTTP Header, “User-Agent”: The user-agent information—which
includes the type of browser the client is using, its version, and the
operating system it’s running on—comes from the User-Agent field
in the HTTP header information the client sends to the server.
Method: The request method used.
URI: Universal Resource Identifier. The location of a resource on the
server. For example, for http://www.a.com:8080/special/docs, the
URI is special/docs.
Query String of the URI: Anything after the question mark in a URI.
For example, for http://www.a.com:8080/special/docs?find_this, the
query string of the URI is find_this.
Protocol: The transport protocol and version used.
8 (Conditional) If you selected a custom format, enter your custom format
in the Custom format field.
9 If you don’t want to log client access from certain hostnames or IP
addresses, enter the hostname or IP address in the Hostnames and IP
Addresses fields.
Enter a wildcard pattern of hosts that the server should ignore when
recording accesses. For example, use *.netscape.com if you don’t want to
log accesses from people whose domain is netscape.com; you can enter
wildcard patterns for hostnames, IP addresses, or both.
10 Click OK.

103-000133-001
August 29, 2001
Novell Confidential
Archiving Log Files

You can archive the access and error log files and have the server create new
ones.
When you archive log files, the server renames the current log files and then
creates new log files with the original names. You can back up or archive, or
delete, the old log files, which are saved as the original filename followed by
the date and time the file was rotated. For example, ACCESS might become
ACCESS.24APR-04AM
You can archive log files immediately or have the server archive log files at a
specific time on specific days. This information is stored in /NOVONYX/
SUITESPOT/https-servername/LOGS.
Before running the log analyzer, you should archive the server logs.
servername > Server Status > Archive Log.
The Archive Log Files form appears.
To rotate the log files immediately, click Archive.
To archive at specific times on specific days, click Rotate Log At,
select a time from the drop-down menu, and check the days for
archiving to occur.
3 Click OK.
Monitoring Current Web Server Activity

You can monitor your server’s usage with the Monitor Current Activity page.
You can see how many requests your server is handling and how it is handling
these requests. If the interactive server monitor reports that the server is
handling a large number of requests, you might need to adjust the server
configuration or the system’s network kernel to accommodate the requests.
servername > Server Status > Monitor Current Activity.
2 Click Monitor Server Activity on Port port_number.

103-000133-001
August 29, 2001
Novell Confidential
The interactive server monitor reports the totals for the following server
values on a new screen:
Bytes Transferred: Number of bytes the server is transferring
Total Requests: Number of requests the server is handling
Bad Requests: Number of bad requests the server is handling
2xx: Number of status codes ranging from 200 to 299 that the server is
handling
handling
handling
5xx: Number of status codes of 500 and higher that the server is handling
xxx: Total number of 2xx, 3xx, 4xx, and 5xx status codes the server is
handling minus time-outs and other errors that returned an HTTP status
code
200: Number of successful transactions the server is processing
302: Number of relocated URL status codes the server is processing
304: Number of requests for which the server tells the client to use a local
copy of a URL instead of retrieving a newer version from the server
401: Number of unauthorized requests the server is handling
403: Number of forbidden URL status codes the server is handling
Working with the Log Analyzer

Use the log analyzer to generate statistics about your server, such as a
summary of activity, most commonly accessed URLs, times during the day
when the server is accessed most frequently, etc. You can run the log analyzer
from the Server Status form or the command line.
Before running the log analyzer, you should archive the server logs. For more
information about archiving server logs, see “Monitoring the Server Using
SNMP” on page 123.

103-000133-001
August 29, 2001
Novell Confidential
Running the Log Analyzer from the Server Status Form

servername > Server Status > Generate Report.
2 Enter the name of your server in the Server Name field.
This name appears in the generated report.
3 Select the output type—whether the report will appear in HTML or plain
text format.
4 Select the log file you want to analyze.
5 If you want to save the results in a file, enter an output filename in the
Output File field.
If you leave the field blank, the analyzer prints results on the screen. For
large log files, you should save the results to a file because printing the
output to the screen might take a long time.
6 Select whether to generate the following server statistics:
Total Hits: Total number of hits the server received after access
logging was enabled
304 (Not Modified) Status Codes: Number of times the requesting
client used a local copy of the requested document rather than
retrieving it from the server
302 (Redirects) Status Codes: Number of times the server redirected
to a new URL because the original URL moved
404 (Not Found) Status Codes: Number of times the server couldn’t
find the requested document or the server didn’t serve the document
because the client was not an authorized user
500 (Server Error) Status Codes: Number of times a server-related
error occurred
Total Unique URLs: Number of unique URLs accessed after access
logging was enabled
Total Unique Hosts: Number of unique client hosts who have
accessed the server after access logging was enabled
Total Kilobytes Transferred: Number of kilobytes the server
transferred after access logging was enabled

103-000133-001
August 29, 2001
Novell Confidential
7 Select whether to generate the following statistics:

Top Number of One-Second Periods: Number of one-second periods
during which requests were highest
Top Number of One-Minute Periods: Number of one-minute periods
Top Number of One-Hour Periods: Number of one-hour periods
Top Number of Users: Number of users that accessed your server,
provided that you included this as an item to log when you enabled
access logging
Top Number of Referers: Number of referers that appear in your log
analysis, provided that you included this as an item to log when you
enabled access logging
Top Number of User Agents: Number of user agents that appear in
your log analysis, provided that you included this as an item to log
when you enabled access logging
Top Number of Miscellaneous Logged Items: Number of
miscellaneous logged items (request method, the URI, and the URI
query) that appear in your log analysis (provided that you included
this as an item to log when you enabled access logging)
To enable access logging, see “Setting Log Preferences” on page 116.
8 Select whether to generate a list of the following server access statistics:
Most Commonly Accessed URLs: The most commonly accessed
URLs or URLs that were accessed more than a specified number of
times
Hosts Most Often Accessing Your Server: The hosts most often
accessing your server or hosts that have accessed your server more
than a specified number of times
9 Enter the order in which you want to see the results in the Output order
field.
10 Click OK.

103-000133-001
August 29, 2001
Novell Confidential
Running the Log Analyzer from the Command Line

To analyze access log files from the command line, run the FLEXANLG tool,
which is in EXTRAS/FLEXANLG in your server root directory.
To run FLEXANLG, enter the following command and options at the
command prompt:
flexanlg [ -P ] [-n name] [-x] [-r] [-p order] [-i file]* [ -
m metafile ]* [ o file][ c opts] [-t opts] [-l opts]
The following describes the syntax. (You can get this information online by
entering flexanlg -h at the command prompt.)
-P: proxy log format Default: no
-n servername: The name of the server
-x : Output in HTML Default: no
-r : Resolve IP addresses to hostnames Default: no
-p [c,t,l]: Output order (counts, time stats, lists) Default: ctl
-i filename: Input log file(s) Default: none
-o filename: Output log file Default: stdout
-m filename: Meta file(s) Default: none
-c [h,n,r,f,e,u,o,k,c,z]: Count these item(s) - Default: hnreuokc
h: total hits
n: 304 Not Modified status codes (Use Local Copy)
r: 302 Found status codes (Redirects)
f: 404 Not Found status codes (Document Not Found)
e: 500 Server Error status codes (Misconfiguration)
u: total unique URL's
o: total unique hosts
k: total kilobytes transferred
c: total kilobytes saved by caches
z: Do not count any items.
-t [sx,mx,hx, xx,z]: Find general stats - Default:s5m5h24x10
s(number): Find top (number) seconds of log
m(number): Find top (number) minutes of log
h(number): Find top (number) hours of log
u(number): Find top (number) users of log
a(number): Find top (number) user agents of log
r(number): Find top (number) referers of log
x(number): Find top (number) for miscellaneous keywords
z: Do not find any general stats.
-l [cx,hx]: Make a list of - Default: c+3h5
c(x,+x): Most commonly accessed URLs
(x: Only list x entries)
(+x: Only list if accessed more than x times)
h(x,+x): Hosts (or IP addresses) most often accessing your server
(x: Only list x entries)
(+x: Only list if accessed more than x times)
z: Do not make any lists

103-000133-001
August 29, 2001
Novell Confidential
Monitoring the Server Using SNMP

You can monitor your server in real time by using the Simple Network
Management Protocol (SNMP). SNMP is a protocol used to exchange data
about network activity. With SNMP, data travels between a managed device
and a network management station (NMS) where users remotely manage the
network.
A managed device is anything that runs SNMP (for example, hosts or routers).
Your Novell® Enterprise Web Server is a managed device. An NMS is usually
a powerful workstation with one or more network management applications
installed. A network management application graphically shows information
about managed devices (which device is up or down, which and how many
error messages were received, etc.).
Every managed device contains an SNMP agent that gathers information
regarding the network activity of the device. This agent is known as the
subagent. Each Web server has a subagent.
Another SNMP agent exchanges information between the subagent and NMS.
This agent is called the master agent. A master agent runs on the same host
computer as the subagents to which it talks. You can have multiple subagents
installed on a host machine. All of these subagents can communicate with the
master agent.
Values for various variables that can be queried are kept on the managed
device and reported to the NMS as necessary. Each variable is known as a
managed object, which is anything the agent can access and send to the NMS.
All managed objects are defined in a management information base (MIB),
which is a database with a tree-like hierarchy.
How SNMP Works

SNMP exchanges network information in the form of protocol data units
(PDUs). PDUs contain information about various variables stored on the
managed device. These variables, also known as managed objects, have
values and titles that are reported to the NMS as necessary. Communication
between an NMS and managed device can take place in one of two forms:
NMS-initiated and managed-device-initiated.

103-000133-001
August 29, 2001
Novell Confidential
NMS-Initiated Communication
NMS-initiated communication is the most common type of communication

between an NMS and a managed device. In this type of communication, the
NMS either requests information from the managed device or changes the
value of a variable stored on the managed device.
The following steps make up an NMS-initiated SNMP session:
1. The NMS searches the server’s MIB to determine which managed
devices and objects need to be monitored.
2. The NMS sends a PDU to the managed device’s subagent through the
master agent. This PDU either requests information from the managed
device or tells the subagent to change the values for variables stored on
the managed device.
3. The subagent for the managed device receives the PDU from the master
agent.
4. If the PDU from the NMS is a request for information about variables, the
subagent gives information to the master agent and the master agent sends
it back to the NMS in the form of another PDU. The NMS then displays
the information textually or graphically.
If the PDU from the NMS requests that the subagent set variable values,
the subagent sets these values.
Managed-Device-Initiated Communication
This type of communication occurs when the managed device needs to inform
the NMS of an event that has occurred. A managed device such as a terminal
would initiate communication with an NMS to inform the NMS of a shutdown
or startup. Communication initiated by a managed device is also known as a
trap.
The following steps make up a managed-device-initiated SNMP session:
1. An event occurs on the managed device.
2. The subagent informs the master agent of the event.
3. The master agent sends a PDU to the NMS to inform the NMS of the
event.
4. The NMS displays the information textually or graphically.

103-000133-001
August 29, 2001
Novell Confidential
The Enterprise Web Server MIB

Each Enterprise Web Server has its own management information base (MIB).
The Enterprise Web Server’s MIB is a file called HTTP.MIB, which contains
the definitions for various variables pertaining to network management for the
Enterprise Web Server. These variables are known as managed objects. Using
the Enterprise Web Server MIB and network management software, such as
HP* OpenView*, you can monitor your Web server like all other devices on
your network.
The Enterprise Web Server MIB has an object identifier of netscape 1 (http
OBJECT IDENTIFIER : := { netscape 1 }) and is located in the
server_root\PLUGINS\SNMP\MIBFILES\NETWARE directory.
You can view administrative information about your Web server and monitor
the server in real time using the Enterprise Web Server MIB. The following
table lists and describes the managed objects stored in the HTTP.MIB.
Table 6 HTTP.MIB Managed Objects and Description
Managed Object Description
httpEntityDescr Description of the server (includes operating system information)
httpEntityId Enterprise subtree for vendors (for example, the MIB has an object identifier
of 1.3.6.1.4.1.1450)
httpEntityProtocol HTTP version number
httpEntityVersion Server software version number
httpEntityOrganization Organization responsible for the server
httpEntityLocation Full path for the server
httpEntityContact People responsible for the server and contact information
httpEntityAddress IP address of the machine the server is running on
httpEntityPort Port number that the server is listening on
httpEntityName Server’s identifier name (for example, server2.a.com)
httpEntityType Type of server
httpEntityMethods Methods supported by the server (for example, GET, POST, PUT)

103-000133-001
August 29, 2001
Novell Confidential
httpEntityMaxProcess Maximum number of active processes on the server
httpEntityMinProcess Minimum number of active processes on the server
httpEntityMaxThread Maximum number of active threads on the server
httpEntityMinThread Minimum number of active threads on the server
httpStatisticsPort Port number that this server is listening on
httpStatisticsAddress IP address that this server is bound to
httpStatisticsStatus Server status (up or down)
httpStatisticsNum Number of idle threads

ProcessIdle
httpStatisticsNum Number of threads that are processing requests

ProcessProc
httpStatisticsNum Number of threads resolving hostnames

ProcessDns
httpStatisticsRequests Number of requests received and generated
httpStatisticsRequest Number of request errors detected

Error
httpStatisticsIn Number of unknown messages received/generated

Unknowns
httpStatisticsInBytes Number of bytes received
httpStatisticsOutBytes Number of bytes sent by the server
httpStatisticsTimeOut Number of times the server timed out
httpStatisticsProcess Number of running processes

Num
httpStatisticsThreadNum Number of threads running
httpStatisticsNumBytes Number of bytes sent by the server
httpStatisticsNum2xx Number of 200-level status requests handled by the server

103-000133-001
August 29, 2001
Novell Confidential
httpStatisticsNum200 Number of 200 (Transfer OK) requests
httpStatisticsNum302 Number of 302 (Moved Temporarily) requests
httpStatisticsNum304 Number of 304 (Not Modified) requests
httpStatisticsNum401 Number of 401 (Unauthorized) requests
httpStatisticsNum403 Number of 403 (Forbidden) requests
For Additional Information

For additional information about the Enterprise Web Server, visit Netscape
DevEdge* (http://developer.netscape.com/docs/manuals/doclist.html).

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
III Introducing NetWare Web Search

Server
Make your data searchable in minutes! From simple search solutions to

complex, revenue-generating search services, NetWare® Web Search bridges
all types of networks—from file servers, to intranets, extranets, and the
Internet—by bringing critical information to busy people. It is one of the
industry’s fastest and most accurate search engines available today.
Upon completing this section, you should know what Web Search can do for
you and how to customize all of the search templates and plan and deploy
enterprise-wide search solutions and services.
Introducing NetWare Web Search Server 129

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
11 Introducing NetWare Web Search

Server
NetWare® Web Search Server offers a powerful full-text search engine you
can use to add search capabilities to your Internet or intranet Web sites.
Compatible with the NetWare Enterprise Web Server, you can create custom
search forms and search result pages either from scratch or by using the
templates provided with NetWare Web Search Server.
With NetWare Web Search Server, you can
Search across multilanguage search sites from a single interface.
Host search services for one or more companies or organizations.
Print large collections of dispersed but related files as a single, coherently
organized document.
Customize the look and feel of search and print results and error and
response messages for each language (or collectively).
Create themes that allow customized templates for each search scenario,
such as a departmental intranet site or a corporate Internet site, each
requiring a custom look and feel.
To conduct searches in multiple languages, NetWare Web Search Server
requires a browser capable of sending search criteria as UTF-8 or Unicode
strings.
How NetWare Web Search Works

Understanding how Web Search handles searches can help explain the role of
templates, variables, and parameters in Web Search. One of the great benefits
of Web Search is the simplicity of customizing it to meet your needs or the
needs of your clients.
The following figure shows what happens when users submit words through
the search template and how Web Search then handles the words to generate
and display search results.

103-000133-001
August 29, 2001
Novell Confidential
Figure 4 How NetWare Web Search Handles a Search String
1 Search Form 2 Search_Site/Index/

Index_File.idx
URL 1
URL 2
URL 3
...
4 Search Result List 3 . . . /Templates/

SearchResultListTemplate.html
<HTML>
<Head>
<I>Time to Search:</I>
$$SearchTime
In this diagram, the user (1) enters a search string such as NetWare 6. The
search string is then searched for in the index file on the Web Search Server
(2). If the search string is located, the Uniform Resource Locators (URLs) and
document titles and descriptions are passed on to the search results template
(3) and displayed to the user (4). The information that is displayed is
determined by the variables included in the search results template, which
means that you can modify what information is actually returned to the user
by adding or removing Web Search variables from the template.

103-000133-001
August 29, 2001
Novell Confidential
Components of a Search Site

Typically, a search site consists of the following components:
Indexes
Log files
Search and print templates
Scheduled events
A search site name and (optionally) alias
Each of these components are managed through the NetWare Web Search
Manager, which is accessed using a Web browser.
Unlike other search services software, Web Search lets you create search
services that span multiple search sites.
HINT: With Web Search, you can create a duplicate index in each search site that
points to the same index directory. In this manner, all Search Sites can search the
same index in addition to their own indexes.
General Architecture of Web Services

The general architecture of a Web search service is depicted in the following
diagram.
Figure 5 Search Service Architecture
1 2
User enters ISP hosting
search query on www.digitalairlines.com sends query
www.digitalairlines.com. to Web Search Server.
User clicks a search

result to retrieve document from 3
www.digitalairlines.com.
Web Search Server
sends search results list
to user.

103-000133-001
August 29, 2001
Novell Confidential
In Figure 5, the user enters a search query in a search form found on

www.digitalairlines.com (1 and 2). When the user clicks the Search button, the
query is sent behind the scenes to the NetWare Web Search Server (3), which
processes the query using index files that were created using the Web Search
Manager.
Web Search then compiles the results of the search into an HTML template,
which could be modified to match the look and feel of
www.digitalairlines.com, and returns them to the user’s Web browser (4).
When users click a search result link to view the content, they are taken to that
content, whether it is hosted on www.digitalairlines.com or some other Web
site.
Building a Search Site

Using NetWare Web Search Manager, you define a new search site and then
index data found on your NetWare server or content found on any intranet or
Internet Web site that can then be searched using the NetWare Web Search
Server.
Building a search site involves four fundamental tasks:
1. Planning your search site, which includes identifying what will be
searched and how to optimize your search solution based on the content
to be searched.
2. Defining a new search site using Web Search Manager.
3. Building one or more indexes for your search site.
4. Testing your new search site using the default search form and the search
and print result templates.
After completing the first task of planning your site (see Chapter 13,
“Planning Your Search Service,” on page 139), use the NetWare Web Search
Manager to complete the remaining tasks. The following figure illustrates
these tasks.

103-000133-001
August 29, 2001
Novell Confidential
Figure 6 Steps to Creating a Search Site
2
Define your search 4
site. Use NetWare Web
1 Search form to
Plan your search 3 perform test
site. Build your indexes. searches.
Repeat this process for each new search site you want to add. A search site can
include files located in one or more directories on a file server, or files located
in one or more directories on a Web server.
Indexing a Web server (or Web site) involves a process known as crawling.
The Web Search Server begins indexing files on a Web server at the directory
level you specify and continues to index along hypertext links until reaching
a dead-end, which occurs when either a linked file cannot be found or when
there are no more links defined.
Accessing NetWare Web Search Manager

NetWare Web Search Manager is the tool you use to create and manage search
sites and their associated indexes.
To run NetWare Web Search Manager, do the following:
1 Type https://domainname:portnumber in your Web browser’s
address field, where portnumber is the port number of NetWare Web
Manager and press Enter.
HINT: You must use the HTTPS protocol because NetWare Web Search Manager
uses Secure Sockets Layer (SSL). You can disable encryption from the Admin
Preferences page of NetWare Web Manager (see “Securing Web Manager” on
page 33).
2 Under NetWare Web Search Server, click the servername link, where
servername is the name of your NetWare Web Search Server.

103-000133-001
August 29, 2001
Novell Confidential
Taking a Test Run

When you install NetWare Web Manager, the contents of the /searchroot/
DOCS directory located at the root of your server’s SYS: volume is indexed
automatically. After restarting your server upon completion of the install, Web
Search Server then automatically performs a crawl of your NetWare Web
Server’s /DOCS root directory.
Once you start the Enterprise Web Server, you can open the search page using
your Web browser and perform a search on the contents of the /searchroot/
DOCS directory.
To test NetWare Web Search, do the following:
1. Type http://domainname/novellsearch in your Web
browser’s address field and press Enter.
IMPORTANT: The URL is case sensitive. Use the exact case shown above.
2. Type NetWare in the Search field > press Enter.

TOOL TIP The Search form template, SearchTemplate.html, is stored on
your SYS: volume at /searchroot/TEMPLATES. See “Customizing Your Web
Search Solution” on page 136 for information about how to customize
templates.
Customizing Your Web Search Solution

Once you’ve defined one or more search sites and created indexes for them,
you can customize your Web Search solution by modifying the default search
form and result and print templates, or by creating a new search solution from
scratch using the variables and parameters described in Chapter 18, “Working
with Template Variables and Search Parameters,” on page 191.
For more information about modifying the default search form and the search
and print templates to create your own custom search solution, see Chapter 17,
“Customizing Your Search Solutions,” on page 185.
For more information about building a professional search service, see
Chapter 13, “Planning Your Search Service,” on page 139.

103-000133-001
August 29, 2001
Novell Confidential
12 What’s New with the NetWare Web

Search Server
Since it’s release in NetWare® 5.1, NetWare Web Search Server has been
significantly enhanced with new features and improved usability.
Most significant is the ability to host multiple search sites on your server,
allowing you to create revenue-generating search services or enterprise search
solutions for multiple, independent organizations, departments, or companies
(see Chapter 13, “Planning Your Search Service,” on page 139).
Search speed, added search parameters and variables for fine-tuning searches,
and embedded documentation in the administrator’s interface are just a few of
the enhancements and new features included in NetWare Web Search Server.
The following list highlights key new features and enhancements to NetWare
Web Search Server included with NetWare 6:
Takes advantage of NetWare 6 multi-processor (MP) capabilities
Faster indexing and searching, including faster multiword searches and
the ability to crawl several indexes simultaneously
Support for hosting professional search services by letting you create and
manage multiple search sites simultaneously
Support for user-specified languages by displaying search and print
template pages in whatever language users specify in their Web browser’s
language preferences
Support for the NetWare Cluster environment, including cluster-save and
active-passive failover
Support for user accessibility
More powerful and easier-to-use Web Search Manager
Increased control over the indexing process by letting you control what is
indexed, including the ability to index only portions of documents by
skipping repetitive sections such as headers, footers, and navigation bars
Improved support for the following file formats: QuattroPro*,
PowerPoint*, RTF, XML, HTML, TXT, and Word*
Support for XML, which significantly improves search results by
enabling Web Search to search only titles of documents, meta tags, etc.
What’s New with the NetWare Web Search Server 137

103-000133-001
August 29, 2001
Novell Confidential
Search and print templates redesigned for an enhanced look and feel
New template debugging feature that displays all errors related to
information that is sent or received by a template
Date-based sorting that searches for results according to user-specified
dates
Enhanced search functions, including the ability to search for a specific
filename, path, URL, or file extension, which can be used when you know
the name or path to a specific file—or used to restrict or filter your
searches
Improved operators and parameters for use in generating more accurate
search results

103-000133-001
August 29, 2001
Novell Confidential
13 Planning Your Search Service
Whether you are an Internet Service Provider (ISP), an Application Service

Provider (ASP), a Web Presence Provider (WPP), or needing to add search
functionality to your department, company or organization, NetWare® Web
Search's new search site hosting features make it easy to host search services,
big or small.
However, Web Search is a search service designed for individual Web sites. It
is not intended to index the entire Internet. But because many Web sites are
comprised of multiple Web servers located across an enterprise, Web Search
was designed to be able to index hundreds, even thousands, of Web sites as
part of a single search solution.
In addition to enterprise search solutions, Web Search can also be set up to
host multiple, independent search sites in an ASP/ISP environment, all from a
single NetWare 6 server. (See “Becoming a Search Service Host” on page
141.)
This chapter provides suggestions for creating a search service that fits your
particular needs and circumstances. If you are interested in hosting
professional search services, you might want to read the section “Becoming a
Search Service Host” on page 141.
Search Site Components

A search site typically contains its own indexes, log files, administration
interface, search and print templates, scheduled events, site name, and an
optional alias.
Providing search services involves creating one or more search sites.
A search site is a fully functioning, self-contained search service created for a
particular audience, such as a department, organization, or a specific group of
customers.
Users cannot search more than one search site at a time. A search site typically
contains its own indexes, log files, administration interface, search and print
results pages, and scheduled events. Each search site is given a unique name
and an optional alias name.
Planning Your Search Service 139

103-000133-001
August 29, 2001
Novell Confidential
Taking the time to plan your search service strategy can save you time and
money and improve the quality of your service.
When you create a new search site, you create an independent search service,
meaning that it is self-contained and doesn’t depend on , or interact with, other
search sites.
Each search site that you create typically contains one or more of the
following components:
Indexes: Files that hold key words and associated URLs of Web sites or
file server content that have been indexed, or crawled.
Themes: When applied, a theme instantly adds a common look and feel to
your search page, search and print results pages, and response and error
message pages.
Search and Print Results Templates: Templates that become populated
with the results of a search and then are displayed to the user. Depending
on which templates are used, the level of detail displayed in search and
print results varies.
Scheduled Events: Index management, such as updating or regenerating,
can be automated to occur at specific intervals using the Scheduling
feature.
Deciding If You Need More Than One Search Site

To determine if you need more than one search site, answer the following
questions:
Do you want to host search services for multiple, independent
organizations?
Do you want to consolidate multiple NetWare 5.1 Web Search servers
onto a single machine?
Do you need to prevent users from being able to search across multiple
indexes at the same time?
If you answered yes to any of these, you will likely need to create more than
one search site. For information about creating search sites, see Chapter 14,
“Creating and Managing Search Sites,” on page 145.

103-000133-001
August 29, 2001
Novell Confidential
Becoming a Search Service Host

Companies who want customers to find information about their products
outsource this functionality to search service companies to make their
information searchable.
With NetWare Web Search Server, you can offer professional search services
to other companies. Using a single installation of Web Search, you can host
several search sites simultaneously, which means that you could use the same
server to offer search services to several customer Web sites.
HINT: The version of Web Search included with NetWare 6 allows only three
search sites. If you are interested in hosting more than 3 search sites, contact your
Novell sales representative.
For example, suppose you built a corporate Intranet for a company called
Digital Airlines (www.digitalairlines.com), and an extranet for a company
called StudioBrand (www.studiobrand.com). Each of these sites are hosted by
different Web Presence Providers (WPP) in different locations. In both cases,
the sites are created and maintained by Web design companies who work
closely with the WPP.
You offer to handle the search features of both sites. First, you send each Web
design company a few lines of HTML code that displays a basic search form
that includes a search field and related search buttons and instruct them to
place the code wherever they want the search form to appear on the Web sites.
They might use include technology (e.g. server-side includes) to integrate the
search form throughout the Web site’s hundreds of HTML pages.
While the Web design companies implement the search forms, you use Web
Search Manager to define the search sites and then to index each Web site.
Both Web sites contain links out to other Web sites that host related content.
Web Search follows those links, too.
Digital Airlines is a very large Web site and is graphic intensive, so you
configure Web Search to ignore certain file types, such as GIF or JPG files. In
addition, you know that the Digital Airlines Web site contains a very thorough
site index, sometimes called a site map, that would serve as an ideal starting
point for Web Search to begin crawling while it generates a site index. So you
enter a starting URL into NetWare Web Manager that points at the site index,
which you know will also improve the quality of search results.
StudioBrand hosts a lot of PDF documents. In fact, PDF files are critical to
StudioBrand customers and so you want to be sure to include PDF as a file
type to be indexed. In addition, there is a significant amount of important text-

103-000133-001
August 29, 2001
Novell Confidential
based information that is separate from the purpose and intent of the PDF files
and they belong to the company’s sales department. So you decide to create a
separate index for the sales department.
After working in Web Search Manager, you have created two search sites and
compiled several indexes. You also take a few minutes to set up an update
schedule by which Web Search will automatically generate the indexes in
order to keep them up to date with new information added by both companies
to their Web sites.
After the search sites have been defined, the indexes have been generated, and
the ISPs have added the search forms, customers begin to search each site.
After entering a few keywords, customers click the search button. Behind the
scenes, the keywords are passed across the Internet to your server where
NetWare Web Search Server is installed.
Web Search matches the keywords to keywords found in the indexes you
created. Web Search returns a newly populated template, designed to match
the look of each of the client Web sites, with an ordered list of hits that are
dynamically linked back to the actual data and files that were indexed and that
are hosted on the ISPs’ servers.
The ISPs are happy about the relief to their server’s system resources because
the search processes were handled by Web Search on your server. Digital
Airlines and StudioBrand are pleased because more customers are finding
what they need faster and are happier customers. And you are happy because
you have created residual income by providing a valuable service to your
customers.
Using Web Search in a Clustered Environment

NetWare Web Search Server can be installed in a cluster-safe, active-passive
failover environment.
To install Web Search into a clustered environment, you must do the
following:
Install Web Search to your SAN storage device (or any other mountable,
shared devices) through each server in your cluster. This is so that the
Enteprise Web Server running on each server in your cluster will get
configured to work properly with Web Search. Regardless of how you do
it, all servers in the cluster must have Web Search installed on them.

103-000133-001
August 29, 2001
Novell Confidential
Ensure that the installation is identical, meaning that installation

directories and install options are identically matched.
Create a search site using the DNS name and IP address of your SAN
device.
Because Web Search can be installed on any mounted volume, you should
install all of Web Search (software and indexes) onto the shared storage
device. In this way, Web Search on both server A and server B will read its
properties, configuration, template, and index files from the same shared
volume.
For more information about clustering, see Novell Cluster Services Overview
and Installation.
Getting Started
Once you have thought out your search service strategy, you can begin
creating and defining your search sites by referring to Chapter 14, “Creating
and Managing Search Sites,” on page 145.
To learn more about customizing your search service, start by reading Chapter
16, “Understanding Templates,” on page 177. If you are already familiar with
Web Search and its search and print templates, you might want to skip to
Chapter 18, “Working with Template Variables and Search Parameters,” on
page 191.

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
14 Creating and Managing Search Sites
This chapter provides detailed information about how to create and manage
your search sites using NetWare® Web Search Manager.
About Search Sites

By definition, a search site is a collection of one or more indexes and their
related configuration files. Indexes are at the heart of a search site. An index
is an optimized binary file that contains keywords found in documents hosted
on a Web or file server. Indexes are used by Web Search to return search
results to users’ Web browsers.
HINT: Web Search allows you to create up to three search sites. However, using
the enterprise version of Web Search (not included with NetWare 6), you can
create as many search sites as your server resources will allow.
For more information, contact your Novell resaler and ask how you can get the
enterprise version of the NetWare Web Search Server.
Before creating search sites, particularly large or mission-critical ones, you

should carefully plan how to configure your search services. A search site that
will be used by a small to medium department in a company requires different
planning than a search site that will serve thousands of customers on an
Internet site.
For information about how to plan an effective search service, see Chapter 13,
“Planning Your Search Service,” on page 139.
Creating a Search Site

Once you have carefully planned your search service, you can start creating
and configure search sites, and then begin adding indexes to them.
1 From the Web Search Manager Global Settings page, click Add New Site.
2 In the Site Name field, enter a new site name, which is typically the DNS
or domain name of your server.
For more information about site names, see “Naming a Search Site” on
page 146.
Creating and Managing Search Sites 145

103-000133-001
August 29, 2001
Novell Confidential
3 In the Site Alias field, enter a site alias name, which is typically the IP
address of your server.
See “Using the Site Alias” on page 147 for more information about
aliases.
4 In the Store Site Files At field, enter the path to where you want the index
and configuration files to be stored.
HINT: You can store the files on any volume on the server where Web Search is
installed, but not on other servers.
5 Click Create.
Naming a Search Site

When a user sends a search query to the Web Search Server, Web Search must
determine which of all of your search sites it should use to handle the
incoming search request.
Web Search uses two methods for determining this:
1. Matching the domain name of the search query with the search site names
available in Web Search
2. Using the SITE=searchsitename query parameter to find matching search
site names
For example, in the following search request, Web Search uses the domain
name search.domainname1.com as the name of the search site:
http://search.domainname1.com/NSearch/SearchServlet?query=find+something
This approach requires that your server be set up to recognize the domain
name search.domainname1.com. Most servers can be set up to recognize and
service multiple domain names in both software and hardware virtual server
configurations (see “Setting Up Multiple Web Servers” on page 71).
You could also use an IP address to designate the search site. For multiple
search sites, this approach would work only in a hardware virtual server
configuration where each search site has its own unique IP address.

103-000133-001
August 29, 2001
Novell Confidential
Hosting Multiple Search Sites Using One DNS Name
If you are hosting a search service for two or more customers, you can name
each search site according to the organization or company name of each
customer and then use the &site query parameter when handling search
queries. One of the advantages of using the &site query parameter is that it
allows you to use a single DNS name.
For example, suppose your server's URL was searchit.novell.com. If you were
setting up search services for a company called Digital Airlines and another
company called DemoCity, you could host both services on your single server
and then simply include the &site=digitalairlines and &site=democity query
parameters within the search forms found on www.digitalairlines.com and
www.democity.com.
Queries would be sent from the search forms on each site to the following
URLs:
http://searchit.novell.com/NSearch/SearchServlet?site=digitalairlines
and
http://searchit.novell.com/NSearch/SearchServlet?site=democity
Using the Site Alias

When defining a search site, you are required to give it a site name. But Web
Search administrators can also define an alias that can be used when
identifying a specific search site during a search request.
An alias name typically follows one of two conventions:
1. An IP address: This could be used either in the domain name portion of
a URL or be included in a search query using the &site query parameter.
Using an IP address in place of a domain name to select a search site only
works in a hardware virtual server configuration where each search site
has its own unique IP address.
2. Any other numeric or textual value that can be passed as the value of the
&site query parameter.
For most search sites, the best choice for a site name and site alias is the Web
server’s domain name and IP address.
For more information about creating software and hardware virtual servers on
the NetWare Enterprise Web Server, see “Setting Up Multiple Web Servers”
on page 71.

103-000133-001
August 29, 2001
Novell Confidential
Storing Site Files

Site files include a set of index and configuration files for each search site.
When you create a new search site, you can specify where you want site files
to be stored, or you can accept the default path which is determined by where
you installed the NetWare Web Search Server.
Site files can be stored on any volume visible to the NetWare server that Web
Search is installed on, regardless of which volume your Web Search Server is
installed on. This includes SAN storage device volumes.
Creating Site Indexes

Web Search creates two types of indexes:
Crawled: Created as Web Search follows (or crawls) hypertext links until
it reaches a dead end. Web Search can crawl one or more Web sites,
specific areas of a Web site, or specific URLs, even down to a specific
filename.
File System: Created as Web Search indexes content on a file server. Web
Search can index one or more paths on multiple volumes, including
Storag Area Network (SAN) storage devices.
Similarly, there are two forms you can use to create an index: Define Crawled
Index, and Define Crawled Index (Advanced).
Define Crawled Index is the standard form for creating either a crawled or file
system index. But the Define Crawled Index (Advanced) form offers more
options than the standard form, including options that override default search
site settings. Both methods are described below.
Searching across Multiple Indexes

Web Search can search across multiple indexes within a single search site.
However, searching a single index is generally faster than searching across
multiple indexes.
HINT: While you can search across multiple indexes within a single search site,
you cannot search across multiple search sites.

103-000133-001
August 29, 2001
Novell Confidential
Restricting Search Results to Specific Areas
You can restrict search results to specific areas of your file or Web server in
the following ways:
Using multiple indexes and using the &collection=index_name query
parameter.
Using a single index, restrict results to certain URL paths using the
&filefilter=path query parameter.
Using a single index, restrict results to certain values in document fields
by including /fieldname=value with either the query=value or
filter=value search parameters.
HINT: Using the last option requires that indexed documents contain summary
fields such as META tags. This option works for almost any file format that contains
document summary fields, including HTML, XML, PDF, Word*, and WordPerfect*.
For information about preventing Web Search from indexing specific content,
see “Excluding Documents from Being Indexed” on page 169.
Defining a New Crawled Index

Using the Define Crawled Index Page
1 From the Web Search Manager Global Settings page, click Manage in the
row of the site that you want to work with.
2 Under Define a New Index, click New Crawled Index > Define Index.
3 In the Index Name field, enter a name for your index.
A name can be a word, phrase, or a numeric value. If the site you are
working on contains, or will contain, a large number of indexes, you
might want to utilize a numbering scheme to help you manage multiple
indexes more effectively.
4 Under Web Sites to Crawl, type the URL of the Web site that you want
indexed.
You can enter just the URL, such as www.mycompany.com, or you can
also append a complete path, down to the file level, such as
www.mycompany.com/path/index.html.
5 If desired, add another URL.
6 To add additional URLs, click Add More URLs.
7 Click Apply Settings.

103-000133-001
August 29, 2001
Novell Confidential
Using the Define Crawled Index (Advanced) Page
The Define Crawled Index (Advanced) page offers some additional options
beyond those available in the standard Define Crawled Index page. Changes
made using this page will override default search site settings.
3 On the Define Crawled Index page, click Advanced Index Definition.
4 In the Index Name field, enter a name for your new index.
5 In the Index Description field, enter an optional description of the index
to be created.
6 Under Web Sites to Crawl, enter the URL of the Web site to be indexed.
HINT: If you enter a filename at the end of the URL, then just that file will be
indexed.
7 In the Subdirectories to Exclude text box, type the directories that you
want Web Search not to index.
For example, /marketing or /sales/doc.
8 To direct Web Search to include or exclude specific file types, click
Extensions to Include or Extensions to Exclude and then enter the
extensions, separating each one with a single space, such as HTM PDF
TXT.
9 To add additional URLs, click Define More Web Sites.
10 To delete a URL, click Remove Web Site.
11 In the Additional URLs text box, enter any other URLs that you want
indexed.
For example, www.mycompany.com/marketing.
This allows you to specify additional pockets of information found on
other Web sites, but not include all of the content of those sites to your
searches.
HINT: When Web Search encounters links found in the pages of Additional URLs
that point to pages specified in Web Sites to Crawl, Web Search follows those
links. All other links that go outside of Web Sites to Crawl are not followed.
12 Under Additional Settings, enter the absolute path to where you want the
index files stored in the Location of Index Files field.

103-000133-001
August 29, 2001
Novell Confidential
For example, volume:\searchroot\sites\mysites.

By default, index files are stored at
volume:\searchroot\sites\default\indexes\.
HINT: Changes made to Additional Settings override Default Site Settings.
13 From the Encoding (If Not in META Tags) drop-down list, select the
encoding to be used by files being indexed that do not contain an
encoding specification.
14 In the Maximum File Size to Index field, enter the maximum file size
(in bytes) that Web Search should index.
Files exceeding this size will not be indexed and therefore, will not be
included in search results.
15 In the Maximum Time to Download a URL field, enter a number (in
seconds) before Web Search automatically cancels the indexing of a site.
16 To direct Web Search to pay attention to case of filenames and directory
names, click Yes next to URLs are Case Sensitive.
17 To direct Web Search to crawl dynamic content (URLs containing the
question mark [?]), click Yes next to Crawl Dynamic URLs.
Once you define an index, you must generate it to make it searchable. See
“Generating Indexes” on page 153.
Defining a New File System Index

Using the Define File System Index Page
2 Under Define a New Index, click New File System Index > Define Index.
3 In the Index Name field, enter a name for your index.
4 In the Server Path to be Indexed field, enter the absolute path to the folder
containing the information that you want indexed.
For example, SYS:\SALES\REPORTS.
5 In the Corresponding URL Prefix field, enter the URL that should be used
by the search results page to access the individual files.
For example, /SALES.

103-000133-001
August 29, 2001
Novell Confidential
HINT: For information about defining a URL prefix in the NetWare Enterprise Web
Server, see “Setting Additional Document Directories” on page 62.
6 To add additional paths, click Add More Paths.

Using the Define File System Index (Advanced) Page

3 On the Define File System Index page, click Advanced Index Definition.
4 In the Index Name field, enter a name for your new index.
5 In the Index Description field, enter an optional description of the index
to be created.
6 In the Location of Index Files field, enter the absolute path to where you
want the index files stored.
For example, SYS:\NSearch\sites\mysites.
By default, index files are stored at volume:\searchroot\sites\site_name\
indexes\.
encoding to be used when indexeing files that do not contain an encoding
specification.
For example, HTML files can specify their encoding with a Content-Type
META tag.
8 In the Maximum File Size to Index field, enter the maximum file size
(in bytes) that Web Search should index.
Files exceeding this size will not be indexed and therefore, will not be
included in search results.
9 Under Path Information, type the absolute path to the folder containing
the information that you want indexed in the Server Path field. For
example, SYS:\SALES\REPORTS.
10 In the Corresponding URL Prefix field, enter the URL that should be used
by the search results page to access the individual files.

103-000133-001
August 29, 2001
Novell Confidential
For example, /SALES.

HINT: For information about defining a URL prefix in the NetWare Enterprise Web
Server, see “Setting Additional Document Directories” on page 62.
11 To exclude specific subdirectories from being indexed, enter their relative

paths in the Subdirectories to Exclude field.
12 To direct Web Search to include or exclude specific file types, click
Extensions to Include or Extensions to Exclude and then type the
extensions, separating each one with a single space, such as HTM PDF
TXT.
13 To add additional paths, click Define More Paths.
14 To delete a path, click Remove Path.
Generating Indexes
Once you define an index, you must generate it before it can be used for
searching. Generating an index is the actual process where Web Search Server
examines file server or Web server content, gathers keywords, titles, and
descriptions and then includes them in the index.
2 Click Generate in the Action column of the index that you want to work
with.
The Active Jobs screen indicates the status of the current indexing job.
When there is no current index job, the status page will read No
indexing jobs are currently running or defined.
3 To cancel the current indexing jobs, click Cancel in the Status column.
You can direct Web Search to automatically update your indexes on specific
dates and at specific times by scheduling events. For more information, see
“Automating Site Management” on page 155.

103-000133-001
August 29, 2001
Novell Confidential
Managing Existing Index Files

Once created, an index can then be edited or deleted. You can also view an
index’s log file. (See “Working with the Log File” on page 154)
Editing an Index
1 From the indexing Management page, click Edit in the Action column of
the index you want to work with.
2 Make any of the changes you need to and then click Apply Settings.
HINT: If you used the Advanced page to create the index, it will appear
automatically. However, you can also click Advanced Index Definition to make
advanced changes to an index you created using the standard Index Definition
page.
3 If you added new paths or URLs, you should regenerate the index to
include the new content.
Deleting an Index
1 From the indexing Management page, click Delete in the Action column
of the index you want to delete.
2 n the Confirm Deletion of indexname page, click Delete Index to proceed,
or click Cancel Deletion.
Working with the Log File

The log file reports what happened during an indexing job. In addition to
reporting when the indexing job started and stopped, it also lists all files that
were indexed, files that could not be found but were linked to, and even errors
that might have occurred during the indexing process.
The purpose of the log file is to help you identify any errors (and their possible
causes) in performance during an indexing job. Log files reveal what was or
was not indexed, the total number of files that were indexed, and the time that
it took to index. Log files also help you determine what might have caused an
index failure.

103-000133-001
August 29, 2001
Novell Confidential
To view an index’s log file, do the following:

1 Click View Log in the Action column of the index that you want to work
with.
2 Review the contents of the log file and then either click your browser’s
Back button to return to the indexing Management page, or click
Management in the left frame of the Web Search Manager.
About Indexing Dynamic Web Content

Much of the content on the World Wide Web is static HTML, which means
that after a static Web page is created, it remains the same until someone
updates it. By contrast, many newer Web pages are created by Web
applications, including servlets, Java Server Pages (JSP), Common Gateway
Interfaces (CGI), and Pearl Scripts, and are usually created in response to user
input.
An example of dynamic Web content is an eCommerce Web page where items
to be purchased are stored in a virtual shopping cart, the total cost is updated
as users add or remove items from their shopping cart.
Because the content changes regularly, many search engines don’t index
dynamic content.
NetWare Web Search includes the ability to index dynamic content. The URL
of dynamic Web content typically includes a question mark (?). You can direct
Web Search to index these URLs by setting the Crawl Dynamic URLs option
to Yes. You could then create a scheduled event that regenerates the specified
indexes every few minutes.
Automating Site Management

You can eliminate a lot of manual work in keeping indexes up to date by using
Web Search’s index scheduling feature. Because the Web and file content you
have indexed will eventually change, you can direct Web Search to update
your indexes on specific dates and at specific times or intervals.
Adding a Scheduled Event

1 After selecting a search site from the Site List, click Scheduling in the left
frame of Web Search Manager.
2 Click Add Event.

103-000133-001
August 29, 2001
Novell Confidential
3 Specify the month, days, days of the week, or time (in hours and minutes)
when you want Web Search to run the event.
HINT: To select multiple dates and times, hold down the Ctrl key and click all of
the items you want added. To select consecutive items, click the first item and then
hold down the Shift key and click the last item.
4 Select the type of operation you want performed on your indexes.

Update: Web Search identifies new content on Web or file servers
and updates the index.
Optimize: Web Search improves searching performance by
removing unnecessary content and making the index file more
compact.
Regenerate: Web Search replaces the existing index with a newly
generated one.
5 In the Perform Operations On column, determine whether you want the
chosen operation performed on all indexes or only on specified ones.
HINT: If you have large indexes, you might consider creating multiple events that
update your indexes at varied times. Doing so will minimize CPU utilization.
Editng or Deleting an Event

1 After selecting a search site from the Site List, click Scheduling in the left
frame of Web Search Manager.
HINT: If no events have been scheduled, refer to the procedure above for adding
a scheduled event.
2 To edit a scheduled event, click Edit in the row of the event you want to
modify.
3 Make the desired changes and click Apply Settings.
4 To delete a scheduled event, click Delete in the row of the event you want
to delete.
5 Click Delete Event to confirm the deletion, or click Cancel Deletion.

103-000133-001
August 29, 2001
Novell Confidential
Modifying Default Search Site Settings

NetWare Web Search Manager’s home page displays a list of all search sites
that exist on your Web Search server. This home page is called Global Settings
because the changes you make from this page affect all new sites that you
create, and they also affect the functionality of the search and print servlets
that provide the Web Search services.
For example, if you changed the Default Query Encoding under General Site
Settings > General, any new search sites you create would default to the new
setting.
However, you can override default site settings by using the Advanced index
definition pages when defining indexes for your sites.
General Settings
Changes you make to the query, response, and error log settings affect all
newly created search sites.
To modify general default search site settings, do the following:
1 From the Web Search Manager home page, click General under Default
Site Settings.
2 From the Default Query Encoding drop-down list, select an encoding that
represents the character set encoding that most of your user queries will
use.
3 In the Maximum Query Duration field, enter the maximum number of
seconds before Web Search should end a query, regardless of whether a
search has been completed.
This option is one of several methods for letting you protect your server’s
resources from processing potential rogue searches, which are sometimes
intended to harm your service by consuming server resources.
4 Under Response Settings, select an output encoding from the Default
Encoding for Response Pages drop-down list.
This setting specifies the encoding Web Search should use when
responding to user queries using the search and print results templates,
and the error and response messages templates.
5 Enter the maximum number of queries in the Refuse Queries if Potential
Hits Exceed field to cancel the processing of search results that might take
a long time to complete.

103-000133-001
August 29, 2001
Novell Confidential
6 In the Maximum Log Size field, enter the maximum size (in bytes) that
Web Search will allow the log file to grow to.
Depending on the number of visitors that you search site hosts, log files
can become large. This setting will protect your system’s hard drive
resources.
Default Search Settings

To modify default search site settings for search features, do the following:
1 From the Web Search Manager home page, click Search under Default
Site Settings.
2 Under Query Results Settings, enter the number of search results in the
Default Number of Results to Display field that you want displayed on
each search results page.
For example, if you set this to 25 (which is the default setting) and the
number of hits in a return was 200, Web Search would only return 25 hits
per search results page at a time.
3 Set a limit on the number of results allowed at one time on the results page
by entering a number in the Maximum Number of Results to Display
field.
4 Enter the highest number of search results that can be returned to a user
query in the Highest Allowed Result Number field.
5 Under Template Settings, enter a path to where your Web Search
templates are stored in the Templates Directory field.
HINT: The default path is volume:\searchroot\Templates, but if you have created
custom templates or for some reason want to keep your templates elsewhere,
specify the path here so that Web Search knows where the templates are.
6 From the Default Encoding for Templates drop-down list, select the
character set that your templates are written in.
This value will be used even with templates that do not specify an
encoding. Encodings found in templates that do not match the encoding
you specify here will override this encoding.
7 In the Default Search Page Template field, enter the filename of the
search page template you want to use.
If you have created a custom template and want Web Search to use it as
your search page, enter its name in this field.

103-000133-001
August 29, 2001
Novell Confidential
8 In the Default Search Results Template field, enter the filename of the
search results template you want to use.
If you have created a custom search results template and want Web Search
to use it as your default search results page, enter its name in this field.
9 In the Template to Use If No Results Returned field, enter the filename of
the template that Web Search should return if no results are found.
10 In the Template to Use If Error Occurs field, enter the filename of the
template that Web Search should return if there are errors while
processing a user’s query.
Default Print Settings

To modify default search site print settings, do the following:
1 From the Web Search Manager home page, click Print under Default Site
Settings.
2 Under Print Results Settings, enter the number of print results in the
Default Number of Results to Print field that you want displayed on each
print results page.
For example, if you set this to 25 (which is the default setting) and the
number of hits in a return was 200, Web Search would only return 25 hits
per print results page at a time.
3 Set a limit on the number of results allowed at one time on the results page
by entering a number in the Maximum Number of Results to Print field.
4 Enter the highest number of search results that can be returned to a user
query in the Highest Allowed Result Number field.
5 To limit the size of a print job, specify the largest print job size that Web
Search will allow in the Maximum Print Job Size field.
Any users requesting a print job larger than this value will receive a
message informing them that their request was too large.
HINT: This is a useful feature to administrators who want to keep down the size
of print jobs in their own companies, departments, or organizations.
6 To be notified when a print job exceeds a certain size, enter the print job
size in the Print Job Size field.

103-000133-001
August 29, 2001
Novell Confidential
By default, this message is sent using the

ResponseMessageTemplate.html file and is intended as a warning to
users that they are exceeding the allowed print job size. It then asks
prompts the user to confirm the print job before continuing.
7 Under Template Settings, enter a path in the Templates Directory field to
where your Web Search templates are stored.
HINT: The default path is volume:\searchroot\Templates, but if you have created
custom templates or for some reason want to keep your templates elsewhere,
specify the path here so that Web Search knows where the templates are.
8 From the Default Encoding for Templates drop-down list, select the
character set that your templates are written in.
This value will be used even with templates that do not specify an
encoding. Encodings found in templates that do not match the encoding
you specify here will override this encoding.
9 In the Default Print Results Template field, enter the filename of the print
results template you want to use.
If you have created a custom print results template and want Web Search
to use it when returning print results, enter its name in this field.
10 In the Template to Use If No Results Returned field, enter the filename of
the template that Web Search should return if no print results match a
user’s query.
11 In the Template to Use If More Information Is Needed field, enter the
filename of the template to be sent back to users whose print jobs exceed
the size you specify in the Print Job Size field. (See Step 6.)
12 In the Template to Use If Error Occurs field, enter the filename of the
template that Web Search should return if there are errors while
processing a user’s print query.

103-000133-001
August 29, 2001
Novell Confidential
Default Index Settings

These settings are intended to make the process of creating indexes
even easier by letting you configure common settings as default
settings. This saves you time by not making you make the same
selections each time you create a new index.
To modify default index settings, do the following:
1 From the Web Search Manager home page, click Index under Default Site
Settings.
2 Select the type of index that you want as the default index type on the
Indexing Management page.
3 Check the URLs Are Case Sensitive check box if you want Web Search
to recognize URLs that are different only in character case, but are
otherwise identical. For example, www.digitalairlines.com verses
www.DigitalAirlines.com.
IMPORTANT: By setting this option to No can help Web Search to avoid indexing
duplicate information, which can come from indexing URLs that are presented
using different cases but actually point to the same information. However, if a Web
server being indexed is configured to differntiate between cases, Web Search
might leave out content that you want indexed.
4 Check the Crawl Dynamic URLs (URLs Containing ’?’) check box if you
want dynamic content indexed, in addition to static content.
See “About Indexing Dynamic Web Content” on page 155.
5 Enter a number (in bytes) in the Maximum File Size to Index field to keep
Web Search from indexing files larger than the number you specify.
6 In the Maximum Time to Download a URL field, enter a number (in
seconds) before Web Search automatically cancels the indexing of a site.
encoding to be used when indexeing files that do not contain an encoding
specification.
For example, HTML files can specify their encoding with a Content-Type
META tag.

103-000133-001
August 29, 2001
Novell Confidential
Default Security Settings

Security settings let you manage access to indexed content by requiring users
to authenticate to a server before seeing search result content.
To modify default search site security settings, do the following:
1 From the Web Search Manager home page, click Security under Default
Site Settings.
2 In the Basis for Authorization drop-down list, choose from the following
options:
Allow All means that although the Login button appears on the
default search page, no authentication will be required to view
information. All results, whether contained in public or private
directories, are returned. Web Search will not ask who the user is.
This doesn't mean that if information is contained in an eDirectory
protected folder that the user will be able to click the link in the
results page and be given access.
Allow Public means that private content will not be returned in the
search results.
User Login means that depending on what you select under
Unauthorized Hits Filtered By, unauthorized search results will be
filtered out either by a results template or by the NetWare Web
Search engine.
IMPORTANT: These settings apply only to file system indexes and to the server
where you have Web Search Server installed.
3 Under Connection Settings, click Yes next to Require HTTPS if you want
to protect usernames and passwords as they are sent across the network
or Internet.
4 Enter a number (in minutes) in the Auto-logout
Time field to direct
Web Search to log users out who have been idle for the specified
period of time.
5 If you need to change the authentication realm string, enter it in the
Authentication Realm String field.
HINT: Specifying the Enterprise Server's authentication realm string in this field
makes it so that once users authenticate to the Enterprise Server, they won't have
to authenticate again when using Web Search to search and access protected
information.

103-000133-001
August 29, 2001
Novell Confidential
Modifying Default Search Service Settings

Search Service Settings are meant for the administrator of the Web Search
server and are intended to give him global control over all search sites,
including the ability to completely disable searching by turning it off.
They also allow the administrator to control the overall performance of the
Web Search Server.
General Services Settings

General Services Settings affect error log and site list settings for all search
sites.
To modify general services settings, do the following:
1 From the Web Search Manager home page, click General under Services
Settings.
2 Select where you want log results displayed by choosing one of the
following options from the Log Errors To drop-down list:
File: When this option is selected, you can click View next to the Log
Errors To drop-down list and the log results are displayed in your
browser.
Console: You can also view log results at the NetWare system
console by selecting Console, pressing Ctrl+Esc on your server's
keyboard, and then pressing the number corresponding to the Tomcat
servlet engine.
Both: Displays results in both your browser and at the system
console.
HINT: You can access the log file directly by going to
volume:\searchroot\errors.log.
3 To start a new log file each time you restart the Web Search server, click
Yes next to New Log When Services Load.
HINT: You can also delete the log file at the path specified above. The log file will
be recreated on the first instance of a new error, statistics, etc.
4 To limit the size of the log file, enter a file size (in bytes) in the
Maximum Log Size field.
5 To limit the number of indexing jobs that can run at the same time, specify
a number in the Maximum Number of Active Index Jobs field.

103-000133-001
August 29, 2001
Novell Confidential
6 In the Default Location of Search Sites field, specify the path to where
you want all search site files to be stored, including index and
configuration files.
Changing this setting won't move existing sites to the new default
location. But all new search sites will be placed here.
7 To direct Web Search to reload configuration files modified manually,
outside of Web Search Manager, click Yes next to the Enable Dynamic
Site Updates field.
If you make changes outside of Web Search Manager, such as modifying
a configuration or properties file, Web Search will re-read those files as
often as you indicate in the Seconds Between Site Updates field.
8 In the Seconds Between Site Updates field, specify how often Web
Search should check for manual changes (changes made outside of Web
Search Manager) to the configuration files.
9 To direct Web Search to reload Web Search templates that have been
modified, click Yes next to the Enable Dynamic Template Updates field.
After making a change to a template from within your HTML editing tool
and saving it on your server, Web Search will re-read the template as often
as you specify in the Seconds Between Template Updates field. That way
you can test your changes almost immediately.
10 In the Seconds between Template Updates field, specify how often Web
Search should reload search, print, results, and error templates.
Search Services Settings

Search Services Settings let you turn print capabilities on or off and manage
debugging and statistics settings.
To modify search services settings, do the following:
1 From the Web Search Manager home page, click Search under Services
Settings.
2 To enable search services for all search sites on your Web Search server,
click Yes next to Enable Search Service.
3 Under Debug Settings, click Yes next to Enable Search Debugging if you
want search debugging turned on.

103-000133-001
August 29, 2001
Novell Confidential
following options from the Log Debug Messages To drop-down list:
Debug Messages To drop-down list and the log results are displayed
in your browser.
servlet engine.
console.
6 To limit the size of the log file, enter a file size (in bytes) in the Maximum
Log Size field.
7 Under Statistics Settings, click Yes next to Enable Search Statistics
Logging if you want to an updated log file containing statistics about
searches performed on your Web Search server.
8 In the Seconds Between Statistics Updates field, enter a number
(in seconds) that should elapse between updates of the statistics
log file.
9 For the next three fields, follow Step 4, Step 5, and Step 6 above.
10 In the Log Error If Search Time Exceeds field, enter a number (in
seconds) before Web Search should record the current search as
exceeding the specified time limit on the statistics display. This appears
as the number seven (7) limit portion of the statistics display.

103-000133-001
August 29, 2001
Novell Confidential
Print Services Settings

To modify print services settings, do the following:
1 From the Web Search Manager home page, click Print under Services
Settings.
2 To enable print services for all search sites on your Web Search server,
click Yes next to Enable Print Service.
3 Under Debug Settings, click Yes next to Enable Print Debugging if you
want print debugging turned on.
following options from the Log Debug Messages To drop-down list:
Debug Messages To drop-down list and the log results are displayed
in your browser.
servlet engine.
console.
6 To limit the size of the log file, enter a file size (in bytes) in the Maximum
Log Size field.
7 Under Statistics Settings, click Yes next to Enable Print Statistics Logging
if you want to an updated log file containing statistics about print requests
performed on your Web Search server.
8 In the Seconds between Statistics Updates field, enter a number (in
seconds) that should elapse between updates of the statistics log file.
9 For the next three fields, follow Step 4, Step 5, and Step 6 above.
10 In the Log Error If Print Time Exceeds field, enter a number (in seconds)
before Web Search should record the current search as exceeding the
specified time limit on the statistics display. This appears as the number
seven (7) limit portion of the statistics display.

103-000133-001
August 29, 2001
Novell Confidential
Backing Up Your Search Site Files

As with any valuable data, you should make sure that your search site files are
backed up. At minimum, you should back up your index files, which by
default are stored at volume:\searchroot\sites.
However, if you have customized templates, you might also want to back them
up. By default, they are stored at volume:\searchroot\templates.

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
15 Optimizing Search Results
There are a number of ways administrators can optimize the performance of

their search sites and services.
Improving Search Results through Intelligent Indexing

You can improve the accuracy of your search results by following these
indexing guidelines:
When defining and creating your indexes, start with the highest-level
Web Site URLs and File System Paths possible.
If content is showing up in your search results that you don’t want
included, try removing some paths or URLs from your defined indexes.
Also, try excluding specific subdirectories that you know or suspect
might contain content that you don’t want searched.
If you've indexed too many file types and cluttered your search results, try
removing file types that you don’t want indexed by using the Extensions
to Exclude option on the Define Index page or implementing and using
the Robots META tag in your Web sites content and by configuring Web
Search to work with them. See the following section for more
information.
Excluding Documents from Being Indexed

One way to improve search results is to guard what content is actually
indexed, thus clearing a path for relevant information.
Using the Extentions to Include Option
As mentioned above, you can use the Extensions to Exclude option to direct
Web Search to ignore specific filetypes. However, if you can't specify all of
the extensions to exclude, use the Extensions to Include option and specify all
acceptable file extensions. A typical list would specify HTM, HTML, PDF,
TXT, and DOC.
HINT: When entering extensions in the Extensions to Exclude box, separate each
extension by a space or a hard return. Avoid using commas. For example:
htm html pdf txt doc
Optimizing Search Results 169

103-000133-001
August 29, 2001
Novell Confidential
Using the Robots META Tag
Another effective way of controlling what Web Search indexes is using the
Robots META tag, a tag inserted into the content that is being indexed by Web
Search.
When a Web-based search engine encounters a document containing the
Robots META tag, the search engine will do as the META tag instructs.
There are four values you can specify in the Robots META tag:
NOINDEX: Indicates that the document is not to be indexed.
NOFOLLOW: Indicates that hypertext links in the document are not to be
crawled.
ALL: Indicates that the document can be indexed and all links can be
crawled.
NONE: Indicates that the document is not to be indexed and that
hypertext links are not to be crawled.
To include the Robots META tag, use this syntax:
<META name="Robots" content="INDEX, value">
You can also use the Robots META tag to exclude specific sections of HTML
documents from your search results. For example, you might not want such
sections as repetitive headers, footers, navigation bars, and server-side
includes to be indexed.
HINT: You could also place these tags in Include files so they never get indexed
at all.
To direct Web Search where to begin skipping content while indexing, do the
following:
1 At the point in your HTML document where you want Web Search to
begin skipping content while indexing, enter the following tag:

2 Just after the content you want skipped, enter the following tag:

3 Save your changes and index (or reindex) the content.

103-000133-001
August 29, 2001
Novell Confidential
Modifying Document Descriptions Returned in a Search

Results List
Web Search returns descriptions of each hit that is listed on the search results
page. By default, the following information is displayed:
Description field
Summary field
Abstract field
The first 255 characters of the document (beginning with first heading
and skipping links)
The first three fields are created from the content of META tags in HTML
documents. If these tags are not defined, Web Search will try to find the first
heading and begin selecting words. If it can’t find a heading, then it begins at
the top of the document and selects the first 255 relevant display bytes as the
description.
Improving the Relevance of Search Results

Web Search utilizes a sophisticated relevance-ranking algorithm. During a
search, Web Search considers
The number of times words appear in a document
The proximity of words in a multiple word search (the closer the words
appear, the more relevant the document will be)
The order of words in a multiple word search (the exact order of words is
more relevant)
The location of words in a document (specifically words that appear in a
META tag, title, body, header, footer, etc.)
The formatting of words in a document (such as bold, font type and size,
etc.)
Query weighting in a multiple query scenario
The number of times words occur within an entire index (for example, the
word the has low relevance)

103-000133-001
August 29, 2001
Novell Confidential
To illustrate how these criteria work, consider the following examples:

Words in bold face are more relevant than regular words.
Words contained in the <Title> tag are more relevant than words
contained within the <body> tag.
Words contained in the Keywords and Description META tags are more
relevant than content words.
Words contained within the <A HREF=> tag used for creating links are
less relevant than words outside of this tag.
A document containing a specified search term multiple times is more
relevant than a document that contains the search term only once.
A word within a 36-point body text is more relevant than within 4-point
footer text.
Documents returned from a query that is weighted at 100% is more
relevant than a 50% weighted query. This is normally used in multiquery
searches where each query has a specified weight, as in query=0;
weight0=; query1=; weight1=.
Weighted Queries
A weighted query is used anytime you want to modify the order or relevance
of certain hits in a user’s normal search results list or when you want to add
additional search results users might not have identified in their queries.
The following query parameters can be combined to identify a single search
query item:
&filter#=
&filteroperator#=
&operator#=
&query#=
&weight#=
Multiple query items can also be sent as part of a single search request.
You can use this feature to provide profile-enhanced search requests. For
example, the following query returns French product downloads higher up in
the search results list but does not eliminate results of any other language
downloads:
&query0=product+downloads&weight0=100&query1=/
product=french&weight1=90

103-000133-001
August 29, 2001
Novell Confidential
This example directs Web Search to perform two completely separate

searches. The search results from the two queries are then merged based on the
relevance of the individual search results and the weighting of the respective
query that produced them.
Another example might be to give the search results from one index more or
less relevance than the search results of another index when performing a
multiple-index search. For example, the search results from Novell might be
more relevant than the search results from Novonyx.
To send multiple query items, these parameters must be grouped using a
number (#) at the end of the parameter name so they will be interpreted
properly. The numbering should begin at 0 or 1 and increment sequentially for
each additional query item.
Ensuring Optimal Search Speed

Once a search site has been accessed, all of its configuration files are read into
memory. For speed reasons, the search site remains cached in memory until a
period of inactivity has elapsed. The search site is then dynamically removed
from memory until its next use. Because of this, the first time a search site is
accessed is usually the slowest.
However, there are other factors that can affect the performance of your Web
Search services. As with any software, the amout of system resources (CPU,
RAM, and hard drive) available affects Web Search Server performance. Web
Search speed depends on the following factors:
System processor speed
Number of processors
Amount of system memory (RAM)
Number of hosted search sites
Number of indexes within each search site
Number of files included within each index
Number of indexes included within each query
Number of queries performed at one time
Complexity of users’ queries
Number of search results returned with each results page

103-000133-001
August 29, 2001
Novell Confidential
Number of concurrent active indexing jobs

Other functions being performed by your server
Adjusting any of these values can have a significant impact on the
performance of your search services.
As a general guideline, use the fastest CPU possible and include as much
RAM as possible. Although the duration of each user query is very short,
while it is active it consumes an average of 500 KB of memory. Memory
consumption varies widely while the indexer is calculating the final search
results list, depending on the number of possible search results.
Also, try to schedule the regeneration of your indexes during off-peak hours.
That way, they won't interfere with normal user searches. (See “Automating
Site Management” on page 155.)
If you find that your users frequently enter search words such as to, of, a, the,
in, etc., you might want to consider removing these words before they are
submitted to the Web Search engine.
HINT: A stop-words processor is available in the Enterprise version of Web
Search. Contact your local Novell resale representive for more information.
Making Good Use of Document Fields

A document field is any tag or field in any document that helps to identify the
document’s contents. A document field might be a title, heading, or paragraph
contained in an H1, TITLE, or META tag within an HTML document.
Web Search is designed to take advantage of document fields in order to
improve the accuracy and speed of search results.
By design, Web Search always indexes all document fields in many document
types, including HTML, PDF, Word, WordPerfect, XML, etc. Users can then
constrain searches to the contents of any document field.
As a Web Search administrator, you can use document fields to restrict search
results to certain products, categories, authors, titles, keywords, or any other
content belonging to a document field.
This is done using the /fieldname=search_criteria query parameter.
HINT: You might consider sending this information as hidden data using the
&filter= query parameter.

103-000133-001
August 29, 2001
Novell Confidential
Using the &filter Query Parameter

The &filter query parameter allows Web Search administrators to enhance
searches by adding hidden, additional query details when users submit a
search query. This is an enhancement over previous versions of Web Search,
which required that you use JavaScript to add additional details to search
queries.
The &filter query parameter works just like the &query= parameter and can
be used together using the optional number (#) value. For example, if the
query parameter was &query0=search_criteria, the matching filter parameter
would be &filter0=additional_hidden_search_criteria. This allows the
multiple weighted queries feature to work as designed while allowing
administrators to add additional query details to each query.
Unlike the &query parameter, the &filter parameter can be sent multiple
times. For example, if users search for software patches, you could include the
various products to be searched, which could then improve search time and
accuracy:
query=software patches
filter=/Products=Product257
The resultant URL might appear as follows, but with the HTTP and domain
name prefix:
&query=software+patches&filter=%2FProducts%3DProduct257&filter=%2FProducts%3D
Product16&filter=%2FProducts%3DProduct302
NOTE: All &filter operators are combined using default the &operator=value, AND.
Also, the default Boolean conjunction joining the various filter operators is an OR
search. You can change the default Boolean conjunction by using the
&filteroperator=# query parameter. The pound sign (#) here acts just like the one
used in the #operator=# query parameter.

103-000133-001
August 29, 2001
Novell Confidential
Searching XML Documents

Web Search provides complete hierarchical searching using the &filter=value
parameter. For example, you can find information in any of the TITLE tags of
an XML document. Or you can restrict Web Search to only the TITLE tag
within the DOCUMENT/SUMMARY hierarchy of an XML document.
The following table shows example uses of the &query=value parameter.
Example Values Result
search_criteria Finds search_criteria anywhere in the document.
/<Document*=search_criteria Finds search_criteria anywhere within any tag that is part of the
DOCUMENT hierarchy.
/<Document<Summary*=search_ Finds search_criteria within any tag that is part of the

criteria DOCUMENT or SUMMARY hierarchy.
/<Document<Summary<Title=search_ Finds search_criteria only within the DOCUMENT, SUMMARY,

criteria or TITLE tags.
/<Document*<Title=search_criteria Finds search_criteria within any TITLE tag, found at any level
within the DOCUMENT hierarchy.
/<*<Title=search_criteria Finds the search_criteria within any TITLE tag in the document.

103-000133-001
August 29, 2001
Novell Confidential
16 Understanding Templates
NetWare® Web Search Server utilizes templates to generate search forms and
search and print results as well as user feedback such as error or response
messages.
A template is an HTML document containing one or more Web Search Server
variables. Variables are used to produce dynamic results when a user performs
a search on the search site you have defined.
Templates can be shared across search sites or each search site can point to its
own set of templates.
This chapter describes how templates work and discusses the default NetWare
Web Search Server templates that are included. To learn how to customize the
default templates, see Chapter 17, “Customizing Your Search Solutions,” on
page 185, and Chapter 18, “Working with Template Variables and Search
How Templates Work

As defined above, a template is an HTML document containing one or more
Web Search Server variables. When users search your search site, they use a
Web browser to access the search form template. NetWare Web Search Server
includes a search form template. See Figure 7, “The NetWare Web Search
Form As It Appears in a Web Browser,” on page 178.
The Search form template, SearchTemplate.html, is stored (by default) on
volume:\searchroot\TEMPLATES. This path might be different if you chose
to install Web Search in another directory.
For more information about customizing templates, see “Customizing Your
Web Search Solution” on page 136.
Understanding Templates 177

103-000133-001
August 29, 2001
Novell Confidential
Figure 7 The NetWare Web Search Form As It Appears in a Web Browser
The Web Search form is used to capture user input, search available search
sites, and then return the results in either a search or print template, which
appears to the user in a dynamically updated HTML document.
Search result templates display hits according to user selections on the search
form. For more information about these search result templates, see Table 8 on
page 181.
There are also templates for each of eleven different languages. For a
discussion about creating templates for international languages, see Chapter
11, “Introducing NetWare Web Search Server,” on page 131.
After a query is submitted and results are found, Web Search populates a
results template with all relavant results. (See Figure 8 on page 179.)

103-000133-001
August 29, 2001
Novell Confidential
Figure 8 A Search Results Page Produced by the Search Results Template, ResultListTemplate.html.
You can also customize the search form to include additional parameters that
allow you to offer more options to your users for more accurate searching.

103-000133-001
August 29, 2001
Novell Confidential
Exploring the Default Search and Print Templates

NetWare Web Search Server includes several default templates used to create
search forms and to format, display, and print search results for users.
You can use the templates as they are or you can modify them to look and feel
how you want them to. You can also create as many additional templates as
you need or replace the default templates with your own templates.
NetWare Web Search includes the five template categories:
Search Page Templates
Search Result Templates
Print Result Templates
Error Message Template
Response Message Template
The templates are stored at volume:\searchroot\TEMPLATES.
Search Page Templates

NetWare Web Search includes two search page templates that are used to
generate a search page, as described in the following table.
Table 7 Default Search Page Templates
Template Name Purpose
SearchTemplate.html Detects the language and country of the

client browser and returns a dynamic
search page in the matching country and
language.
This template also lets users select and

search specific indexes and is the default
search template used by NetWare Web
Search Server.
SearchTemplate.Simple Same as SearchTemplate.html, except

that this template contains no dynamic
search site variables and can be used
when you don’t want to provide users with
a list of all search sites.

103-000133-001
August 29, 2001
Novell Confidential
Search Result Templates

NetWare Web Search includes several ready-made result templates, as
described in the following table.
Table 8 Default Search Result Templates
ResultListTemplate.html Formats and organizes search results

and offers additional sorting functions
to the user.
ResultListNoHitsTemplate.html Indicates when no hits are found during

a search and offers users a chance to
refine their search.
ResultListTerseTemplate.html Similar to ResultListTemplate but

returns less information, such as
headings only.
ResultListVerboseTemplate.html Similar to ResultListTemplate, but

returns more information, such as file
date, time, and language. Additional
sort options are also provided.
Print Result Templates

From the search results page, users have the option of printing all files
matching their search or only those files displayed on the current search results
page. When one of these options is selected, the print result templates
described in the following is displayed.
Table 9 Default Print Result Templates
PrintResultTemplate.html Formats and organizes search results

and offers additional sorting functions
to users in a way that is optimized for
printing.
PrintResultNoHitsTemplate.html Indicates when no hits are found during

a search and offers users a chance to
refine their search.

103-000133-001
August 29, 2001
Novell Confidential
The print result template formats and organizes search results, optimized for
printing, including a complete table of contents. The table of contents includes
hypertext links for use online.
Error and Response Message Templates

In addition to the print, search, and search result templates, the error and
response message templates are returned when an error occurs or when
information is needed from the user.
The default response message template is returned to convey a specific
message to the user such as "Print job exceeds recommended size limits,"
typically returned when a user attempts to print more content than the Web
administrator has allowed.
The error and response message templates can be found at
volume:\searchroot\TEMPLATES\ErrorMessageTemplate.html and
ResponseMessageTemplate.html.
How Templates Use System Memory

Templates are cached in memory for quick rendering speed. Each template
consumes approximately 10 KB.
Similar to the search site cache, templates remain cached in memory until a
period of inactivity has elapsed. The template is then dynamically removed
from memory until its next use. The first time a template is accessed,
therefore, is normally the slowest.
HINT: Too many templates in the template cache can consume a great deal of
memory. Try to share templates across sites to minimize the impact on system
cache.

103-000133-001
August 29, 2001
Novell Confidential
Working with Additional Languages

NetWare Web Search includes each of the templates described above in each
of several languages. Using standard encoding practices, you can
internationalize your templates.
Any changes made to the default templates should also be made to the
language templates you will use. For a more complete discussion about
creating a multilingual search solution, see Chapter 19, “Internationalizing
Your Search Solution,” on page 213.

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
17 Customizing Your Search Solutions
You can quickly create a custom search solution by modifying the default
NetWare® Web Search templates. Templates include some fundamental
options for users, but you can add or remove options and modify the form
layout and design to give the search form the look, feel, and function you need.
If you are creating a search service for another company’s Web site, you can
modify the templates to match the look and feel of their Web site.
If you are confident in coding with HTML, you can start with the default
search page template to get a feel for the available parameters and then begin
coding completely new search and print templates from scratch.
For more information about the necessary components for building a solution
from scratch, see Chapter 16, “Understanding Templates,” on page 177 and
Chapter 18, “Working with Template Variables and Search Parameters,” on
page 191.
Customizing Templates
You can extend the capabilities of NetWare Web Search Server by
customizing the templates.
The first step is to determine which components of Web Search you want to
customize. For example, if you only want to add a few additional search
features to the search page template and modify its background color and table
size, you would modify the SearchTemplate.html or SearchTemplate.Simple
files.
This section discusses how to customize the search, print, and result templates
and how to use available parameters and variables to create a customized
search solution.
Customizing the Search Templates

You can customize the design and functionality of the static or dynamic search
templates by
Modifying HTML code
Adding or removing search parameters
Customizing Your Search Solutions 185

103-000133-001
August 29, 2001
Novell Confidential
If you are familiar with HTML, you can quickly modify the design of the
default (dynamic) Web Search template or the static search template. For
example, you can change the colors of the search page or add new custom
graphics.
To modify the functionality of the default Web Search template, you can add
or remove search parameters. Search parameters are used to communicate
with NetWare Web Search. By embedding them in the correct places in your
HTML source, you can extend or limit the functionality of the default Web
Search templates.
For example, if you wanted your users to use a specific set of templates found
in a themes directory, you would add the following HTML code, including the
theme parameter, to the SearchTemplate.html file:
<INPUT TYPE="Hidden" NAME="theme_name" VALUE="$$QueryTemplateTheme">
This sample HTML code tells Web Search to look for templates only in the
specified template directory. All themes are located within the templates
directory specified in Web Search Manager.
For a complete list of available search parameters, see Table 15, “Search
Customizing Search Result Templates

NetWare Web Search Server includes several default search result templates
that are used to display hits, provide feedback to a user, or request information
from a user after a search is performed. For more information about the default
search result templates, see Chapter 16, “Understanding Templates,” on page
177.
You can customize the design and functionality of the default search result
template, the template used when a user selects Normal from the Result List
Format drop-down list in the NetWare Web Search form. For information
about how to access the NetWare Web Search form, see “Taking a Test Run”
on page 136.
Customizing the default search result template involves
Modifying the HTML code
Adding or removing search result variables

103-000133-001
August 29, 2001
Novell Confidential
default search result template. For example, you can change the colors of the
search page or add new graphics.
To modify the functionality of the default search result template, you can add
or remove search result variables. Search result variables are placed in the
template where you want search results to be displayed.
For example, if you wanted to display the total number of hits returned when
a user performs a search and you wanted the information to appear in the
upper-left corner of the search results page, you would add the following
HTML code to the search result template file:
<tr>
<td>Total Search Results: </td> <td> $$TotalHits</td>
</tr>
After a user performs a search, the $$TotalHits variable would be replaced by

the actual total number of hits found during the search.
The $$TotalHits variable is used to retrieve the total number of hits found
during a search. You can place this variable anywhere in the results list
template to organize the display of information in the way you want.
Default search result templates are located in
volume:\searchroot\TEMPLATES\. For a complete list of search result
variables that you can use to customize default search result templates or to
create new ones, see Table 11, “Search Result Variables,” on page 193.
Customizing Print Result Templates

NetWare Web Search Server includes two default print result templates: the
default print result template and a "no hits" template. Print result templates are
used to organize and format search results for printing and to provide feedback
to a user when no hits are found. For more information about the default print
result templates, see Chapter 16, “Understanding Templates,” on page 177.
You can customize the design and functionality of the default print result
template in the same way you customize the search result template by
Modifying the HTML code
Adding or removing print result variables

103-000133-001
August 29, 2001
Novell Confidential
default print result template. For example, you can change the colors of the
print results page or add new graphics to it.
To modify the functionality of the default print results template, you can add
or remove print result variables. Variables are placed in the template where
you want search results to be displayed.
For example, if you wanted to remove the table of contents from the default
print results template, you would remove, or comment out, the following
HTML code in the PRINTRESULTLIST.HTML template, which would
include the $$BeginTOCList variable:
<CENTER><H2>Table of Contents</H2></CENTER>
<p>

$$BeginTOCList[<BIG><B>$$Product</B></BIG>
<DL>]
<DT><A HREF="#$$Bookmark"><BIG>$$Title</BIG></A>
<SPACER TYPE=HORIZONTAL SIZE=20>
<I><SMALL>[$$URL]</SMALL></I>
$$EndTOCList[</DL>]
You could either save your changes in the default print result list template or
you could save it using a new name, thereby creating an alternative template
for users who don’t want a table of contents in the print results. To be effective,
you would then have to add a hypertext link in the search result template that
would link to your new template.
Default print result templates can be found at
volume:\searchroot\TEMPLATES. For a complete list of print result variables
that you can use to customize default search result templates or to create new
ones, see Table 12, “Print Result Variables,” on page 199.

103-000133-001
August 29, 2001
Novell Confidential
Customizing Error and Response Message Templates

Error and response messages are used to either provide feedback to the user or
to request information from the user.
Error and response message templates are used to display the content of error
and response messages sent by the Web Search Server in response to search or
print errors. Similar to search and print templates, error and response
templates can be customized. However, because the contents of error and
response messages are built into NetWare Web Search Server, you cannot
modify the contents of the messages or the button objects that might appear,
depending on the type of response being generated.
Customizing Error Messages
There are several error messages that can be returned to a user. For example,
when users incorrectly use a search operator in a search form, they might get
the message, "Search Error: Incorrect use of Boolean operator." An error
number might also appear.
While you can utilize HTML tags to format an error message, add or remove
variables to determine what information is shown to the user, or even
reorganize where the messages will appear in the template, you cannot modify
the message itself.
Customizing Response Messages
The same concepts apply to response messages, but response messages return
buttons that a user can click. Which buttons appear are determined by the
NetWare Web Search Server. While you can modify the labels of these
buttons, you cannot determine which buttons will appear, or when.
Testing Your Search and Print Solution

Once you’ve completed customizing the templates and the search form, you
can test them in your Web browser by pointing to the search form URL and
entering a search string. See “Taking a Test Run” on page 136 for information
about how to access the NetWare Web Search form.
HINT: Remember that a search cannot be performed until you have defined at
least one index and generated it using NetWare Web Search Manager. Refer to
Web Search Manger’s online Help for the steps required in defining and generating
an index. Also, see Chapter 11, “Introducing NetWare Web Search Server,” on
page 131 for an overview of indexes.

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
18 Working with Template Variables and

Search Parameters
If you are a developer or are comfortable programming in HTML and working

with variables and parameters, you can create an advanced search solution that
your users can use to perform complex searches.
Building an advanced search solution involves the use of search and print
template variables and search parameters to create or customize search and
print templates, and to create or customize one or more search forms.
You must also have used NetWare® Web Search Manager to define and
generate one or more indexes.
The Web Search Manager is accessed from NetWare Web Manager. For more
information about using NetWare Web Manager, see Chapter 2, “Introducing
NetWare Web Manager,” on page 25.
Guidelines for Using Variables

Please note the following guidelines when using variables to either customize
the default templates, or to create new templates from scratch:
Case Sensitivity: All variables are case sensitive. Changing case in a
variable will cause Web Search to ignore the variable.
Variable Formatting: All variables must be used exactly as they appear in
the tables below. Variables always begin with two dollar signs ($$) next
to each other.
Success of a Variable: The inclusion of a variable does not guarantee that
information will be returned after a search is performed. For example,
using the $$Author variable might not return the name of a document’s
author if that information is not included in the META tag of the
document.
Internationalizing Templates: If you want to internationalize your
templates, you must create a template for each language you want to
support in your search solution. For more information about languages,
see Chapter 19, “Internationalizing Your Search Solution,” on page 213.
Working with Template Variables and Search Parameters 191

103-000133-001
August 29, 2001
Novell Confidential
For more information about how to implement variables in a search or print

template, or how to implement search parameters in an HTML document to
create a search form, see Chapter 17, “Customizing Your Search Solutions,”
on page 185.
Search Page Variables

The following table lists all available search page variables that can be used to
extend the functionality of the default search templates (SearchTemplate.html
or SearchTemplate.Simple) or to create new templates from scratch.
Table 10 Search Page Variables
Variable Name Description
$$BeginCollectionsLoop Begins the repeating section in the search template where index
information will be written.
$$Collection The name of the collection.
$$Countervariable_number, Inserts the value of the specified var# counter into the search result
increment_number page. All counters initialize to zero. The optional second parameter
specifies the amount to increment or decrement the current value. A
maximum of 10 counters is supported. For example:
$$Counter[1] = insert value of counter #1
$$Counter[1,1] = increment counter #1 by 1 and display the new value
$$Counter[5,-3] = decrement counter #5 by 3 and display the new value
$$EndCollectionsLoop Ends the repeating section in the search template where index
information will be written.
$$IncludeFile Automatically pulls in the designated template at the location of this

variable. The included template can contain other template variables,
which will be processed as though they were a part of the original
template. The template name parameter can either be a full FILE:// URL
based on the file system of the server or a relative path based on the
location of the parent template. The template name parameter can be
located within quotation marks. See the SearchResultTemplate.html file
for an example use of this variable.
$$QueryTemplateTheme Identifies the theme requested by the search client.
$$ResultEncoding Identifies the encoding used to return the current search results page.

103-000133-001
August 29, 2001
Novell Confidential
$$ServerCollectionDescription Inserts the description of a search site as found in the Web Search
Manager.
$$ServerCollectionName Inserts the name of the search site defined in the Web Search Manager.
$$TemplateName Identifies the filename of the template.
$$TemplateLocale Identifies the locale of the template, such as zh_TW.
$$TemplateTheme Identifies the theme (or theme directory) that you want to place the
template in.
Search Result Variables

The following table lists all available search result variables that can be used
to extend the functionality of the default search result templates or to create
new templates from scratch.
Table 11 Search Result Variables
$$Author The name of the original author of a document returned in a hit.
$$BeginLoop End of the header section. Beginning of the repeating body section.
This section is repeatedly parsed until there are no further result
items to process.
$$BeginCollectionsLoop The beginning of a repetitive section that will be reprocessed for

each search site the user specified in the search query. See also
“$$QueryCollection” on page 196.
$$BeginFiltersLoop Loops through filters assigned to the current query item.
$$BeginReturnFieldsLoop The beginning of a repetitive section that will be reprocessed for

each return field the user specified in the search query. See also
“$$QueryReturnField” on page 197.

103-000133-001
August 29, 2001
Novell Confidential
$$Countervariable_number, Inserts the value of the specified var# counter into the search result
increment_number page. All counters initialize to zero. The optional second parameter
specifies the amount to increment or decrement the current value.
A maximum of 10 counters is supported. For example:
$$Counter[1,1] = increment counter #1 by 1 and display the new

value
$$Counter[5,-3] = decrement counter #5 by 3 and display the new

value
$$DateTime[date_format] The date and time of a hit. This is automatically written in Java’s
medium format using the client’s locale (all calendars, translations,
date and time formats are observed).
$$DateTime[ ] can use an optional date and time format provided

within the brackets [ ]. The text should conform to the Java
DateFormat syntax.
$$DefaultQueryEncoding Default encoding of query if not otherwise specified.
$$Description The abstract, description, or first 255 display bytes of the result
item.
$$EndCollectionsLoop The end of a repetitive section that will be re-processed for each
search site the user specified in the search query. See also
“$$QueryCollection” on page 196.
$$EndFiltersLoop The end of a repetitive section that will be re-processed for each
filter the specified in the search query.
$$EndLoop End of the repeating body section. Beginning of the footer section.
$$EndReturnFieldsLoop The end of a repetitive section that will be reprocessed for each
return field the user specified in the search query. See also
“$$QueryReturnField” on page 197.
$$FileType Indicates a specific document type. For example, .DOC or .PDF.
$$Filter Pulls the filter values from the original query.
$$FilterOperator Pulls the filter operator from the original query.
$$FirstHit The hit number of the first item in the current result page. Is
displayed using the client’s locale.

103-000133-001
August 29, 2001
Novell Confidential
$$IncludeFiletemplate_name Automatically pulls in the designated template at the location of this

variable. The included template can contain other template
variables, which will be processed as though they were a part of the
original template. The template name parameter can either be a full
FILE:// URL based on the file system of the server or a relative path
based on the location of the parent template. The template name
parameter can be located within quotation marks. See the
SearchResultTemplate.html file for an example use of this variable.
$$Language The language of the result item. $$Language is displayed in the

language of the client’s locale.
$$LastHit The hit number of the last item in the current result page. Is
displayed using the client’s locale.
$$MoreHits[page#, text] A conditional text section to be included only if there are additional
hits in the search results that can be retrieved.
If the first section of the conditional text contains a number followed

by a comma (for example, $$MoreHits[3, text to be included]), then
the server will first determine if the designated search results page
exists. If the page# is missing, 1 (the next page) is assumed. If the
designated page is available, the remaining text after the comma
and up to the closing bracket is written to the result page.
Note that the initial number is relative to the current page. That is,
-1 references the page immediately before the current page and 1
references the page immediately after. Zero refers to either the
previous page or the next page.
$$MoreHitsURLpage_number The URL needed to display another page of search results. The
optional parameter identifies the desired search result page
number. If not provided, 1 is assumed. Note that the page number
is relative to the current page. That is, -1 refers to the page
immediately before the current page and 1 references the page
immediately after. Zero (0) refers to the current page.
The URL is inserted only if the designated page exists.
$$Number The hit number of the current result item. Possible numbers begin
with 1 and end with $$TotalHits. Is displayed using the client’s
locale.

103-000133-001
August 29, 2001
Novell Confidential
$$NumQueryItems The number of query items contained within the current query.
While most queries use only 1 query item, it is possible to construct
a query with multiple search criteria, each weighted with a value
between 1 and 100. While the resultant search contains hits from
each of the queries, the search results are organized with the most
relevant hits first (from any of the individual queries).
$$PageNum[page#] Inserts a user-specified search result page number. The optional

page# parameter identifies the relative page from the current result
page. That is, minus one (-1) refers to the page immediately before
the current page and one (1) references the page immediately after.
Zero (0) refers to the current page.
The page number is inserted only if the designated page exists.
$$PrintURLfirst_hit_number, The URL used to print the hits listed on the current search result
number_of_hits] page.
The optional parameters can be specified to define the beginning

search result number and the number of search results to include in
the print job.
The number_of_hits parameter can use the $$TotalHits template

variable.
$$QueryCollection The names of the indexes the user specified in the search query.
See also “$$BeginCollectionsLoop” on page 192.
$$QueryCountry The country requested by the client. Note that this must be an
uppercase, two-character value as specified in ISO 3166-1.
$$QueryDate The begin date requested by the client.
$$QueryEncoding Actual query encoding, or the encoding specified during a search

that overrides the default encoding.
$$QueryLanguage The language requested by the client. Note that this must be a
lowercase, two-character value as specified in ISO 639.
$$QueryNumHits The number of search results requested by the client.
$$QueryOperator The type of the current search:

0 = Boolean AND search
1 = Boolean OR search
2 = phrase search

103-000133-001
August 29, 2001
Novell Confidential
$$QueryReturnField The names of the return fields the user specified in the search
query. See also “$$BeginReturnFieldsLoop” on page 193 and
“$$EndReturnFieldsLoop” on page 194.
$$QueryTemplate The template name requested by the client.
$$QueryVersion The version number of the current query format.
$$Relevance How closley the result matches the user’s query, indicated by
percentages (1% to 100%).
$$ResultEncoding Identifies the encoding used to return the current search results
page.
$$SearchFor Query entered by the client into the search field.
$$SearchTime Inserts the amount of time used to process the current search
request. $$SearchTime is displayed using the client’s locale.
$$SortByURL[sortfield.sortorder ...] The URL used to show the current result page sorted by one or
more search result fields.
Sort field names include title, author, changedate, filelength,

language, summary, relevance, url, and document_number.
Optional sort orders include ascending and descending.
Sort field and sort order names are separated by a period.
Multiple sort fields are separated by a space.
$$Size The size of the data pointed to by the result item’s URL. Is displayed
using the client’s locale.
template in.
$$Title If a title is not available in documents being searched, $$URL is

used instead; if the URL is unavailable, < title unavailable >
continues to be used.

103-000133-001
August 29, 2001
Novell Confidential
$$TotalHits The total number of hits that match the search query. This is not the
same as the number of hits displayed in any particular result page.
Is displayed using the client’s locale.
$$URL URL of the result item.

103-000133-001
August 29, 2001
Novell Confidential
Print Result Variables

The following table lists all available print result variables that can be used to
extend the functionality of the default print result templates or to create new
templates from scratch. For more information about how to implement
variables in a template (HTML) page, see Chapter 17, “Customizing Your
Search Solutions,” on page 185.
Table 12 Print Result Variables
$$BeginLoop End of the header section. Beginning of the repeating body section. This
section is repeatedly parsed until there are no further result items to
process.
$$BeginTOCList[text] Beginning of the table of contents repeating section. This section is

repeatedly parsed until there are no further TOC result items to process.
This is a conditional text section. The items within the brackets ( [ ] ) are
processed only if the current item represents a change in the depth of the
hierarchy. If $$Product appears within the conditional text, it will be
replaced only if the current item also represents a new product.
$$Bookmark The HTML anchor name of the current result item. This can be used to
jump from a TOC entry to the corresponding section within the print job.
All bookmark entries begin with “novell_print_toc_” and are followed by
the number of the current result item, as in novell_print_toc_1.
$$Countervariable_number, Inserts the value of the specified var# counter into the search result page.
increment_number All counters initialize to zero. The optional second parameter specifies the
amount to increment or decrement the current value. A maximum of 10
counters is supported. For example:
$$Description The abstract, description, or first 255 display bytes of the result item.

103-000133-001
August 29, 2001
Novell Confidential
$$EndTOCList[text] End of the table of contents section.
This is a conditional text section. The items within the brackets ( [ ] ) are
written out each time a result item occurs that decreases the depth of the
hierarchy. If the depth of the current item is several levels less than the
previous item, the text within the conditional text block is written out that
many times.

$$Number The hit number of the current result item. Possible numbers begin with 1
and end with $$TotalHits. Is displayed using the client’s locale.
$$Product The name of the product associated with the current item in the table of
contents.
This displays only if this is the first result item within that product.
See also “$$BeginTOCList[text]” on page 199.
$$Title Title of the result item. For empty titles, <title unavailable> is displayed. Is
localized using the client’s locale.
$$TotalHits The total number of hits that match the search query. This is not the same
as the number of hits displayed in any particular result page. Is displayed
using the client’s locale.
template in.

103-000133-001
August 29, 2001
Novell Confidential
$$URL URL of the result item.
$$URLContent The entire contents of the URL are placed into the template at this
location. The URL contents are not parsed to validate their data type,
formatting, or functionality. Only text/plain and text/html files are printed.
All other files are inserted into the print job as an error message.
Error Message Variables

The following table lists all available error message variables that can be used
to enhance the organization of the default error message template, or to create
new templates from scratch. For more information about how to implement
variables in a template (HTML), see Chapter 17, “Customizing Your Search
Solutions,” on page 185.
Table 13 Error Message Variables
$$BeginLoop End of the header section. Beginning of the repeating body section. This
section is repeatedly parsed until there are no further result items to
process.
$$ErrorNumber A numeric version of the error.
$$ErrorMessage A text version of the error. Generally quite terse.
$$ErrorDescription A longer version of the message. This might include additional error
details or problem resolution information.

103-000133-001
August 29, 2001
Novell Confidential

$$NumQueryItems The number of query items contained within the current query. While most
queries use only 1 query item, it is possible to construct a query with
multiple search criteria, each weighted with a value between 1 and 100.
While the resultant search contains hits from each of the queries, the
search results are organized with the most relevant hits first (from any of
the individual queries).
$$QueryCollection The names of the search sites the user specified in the search query. See
also “$$BeginCollectionsLoop” on page 192 and “$$EndCollectionsLoop”
on page 192.
$$QueryCountry The country requested by the client. Note that this must be an uppercase,
two-character value as specified in ISO 3166-1.
$$QueryDate The begin date requested by the client.
$$QueryDirFilter For a description of this item, refer to the equivalent search result variable
in Table 11 on page 193.
$$QueryFileFilter For a description of this item, refer to the equivalent search result variable
$$QueryKeywordFlag For a description of this item, refer to the equivalent search result variable
$$QueryLanguage The language requested by the client. Note that this must be a lowercase,
two-character value as specified in ISO 639.
$$QueryOperator The type of the current search:

0 = Boolean AND search
1 = Boolean OR search
2 = phrase search
$$QueryReturnField The names of the return fields the user specified in the search query. See
also “$$BeginReturnFieldsLoop” on page 193 and
“$$EndReturnFieldsLoop” on page 194.

103-000133-001
August 29, 2001
Novell Confidential
$$QuerySubDirFlag For a description of this item, refer to the equivalent search result variable
$$QuerySynonymFlag For a description of this item, refer to the equivalent search result variable
$$QueryTemplate The template name requested by the client.
$$QueryVersion The version number of the current query format.
template in.
Response Message Variables

The following table lists all available response message variables that can be
used to enhance the organization of the default response message templates or
to create new templates from scratch. For more information about how to
implement variables in a template (HTML), see Chapter 17, “Customizing
Your Search Solutions,” on page 185.
HINT: The repeating variables $$BeginLoop and $$EndLoop should not be used
in a response message and will be ignored if used.
Table 14 Response Message Variables
$$Cancel[text] If the Cancel button is specified by Server logic, parses and inserts the
conditional text into the response page.
Currently used by PrintServlet when a print job exceeds the print job size
warning limit.
$$Continue[text] If the Continue button is specified by Server logic, parses and inserts the
Currently used by PrintServlet when a print job exceeds the print job size
warning limit.

103-000133-001
August 29, 2001
Novell Confidential
$$Help[text] If the Next button is specified by Server logic, parses and inserts the
$$Ignore[text] If the Ignore button is specified by Server logic, parses and inserts the

$$No[text] If the No button is specified by Server logic, parses and inserts the
If the OK button is specified by Server logic, parses and inserts the

$$OK[text]
Currently used by PrintServlet when a print job exceeds the maximum
print job size.
$$Prev[text] If the Previous button is specified by Server logic, parses and inserts the
$$ResponseNumber A numeric version of the response required of the user.
$$ResponseMessage A text version of the response required of the user. Generally quite terse.
Can often be used as a title.
$$ResponseDescription A longer version of the message. This might include additional details or
see also type information.

103-000133-001
August 29, 2001
Novell Confidential
$$Retry[text] If the Retry button is specified by Server logic, parses and inserts the
template in.
$$URL Inserts the URL to use when the parent button is clicked. This must appear
within the brackets of a button’s conditional text section.
The URL logic is generated by the server.
$$Yes[text] If the Yes button is specified by Server logic, parses and inserts the
Search Parameters
The following table lists all available search parameters, including required
syntax, a description of their default values, and examples. Each of these
parameters can be used to extend or enhance the functionality of the search
page templates or to create new search page templates from scratch. For more
information about how to implement parameters in an HTML document, see
Chapter 17, “Customizing Your Search Solutions,” on page 185.
HINT: If you use a parameter but leave its value blank, the default value for that
parameter will be used.

103-000133-001
August 29, 2001
Novell Confidential
Table 15 Search Parameters
Parameter Name Value Description
querynumber String The actual search criteria that is passed to the Web
Search Server.
The next four parameters below are combined with

this parameter and are identified by adding the
unique number to them.
Syntax: querynumber=searchcriteria
Example: query0=novell+AND+groupwise
idnumber String A document ID that is used to narrow a search. You

can specify more than one ID by using the same
field name more than once.
Syntax: idnumber=documentID
Example: &id0=z1.0010.&id0=z1.0020
Default: None
operatornumber Integer Indicates which operator to use between two or

more words in a search.
0 = AND
1 = OR
2 = PHRASE
Syntax: operatornumber=number
Example: operator0=1
weightnumber Integer Lets you assign a level of importance to one or more

search criteria. Web Search Server uses this
number along with the relevance number to
determine a search criteria's final relevance and
then orders the results accordingly.
Range: 0 to 100
Syntax: weightnumber=number
Example: weight0=75

103-000133-001
August 29, 2001
Novell Confidential
typenumber Integer Indicates the type of search. Options include:

0 = Normal search; 0 is the default.
1 = Searches only the given document numbers.
2 = Root search used by the search tree control
to get the top tree nodes.
3 = Used to get the children of the given
document number.
4 = Searches the descendants of the given
document numbers and is used to narrow a
search or a print request, including all of its
children.
Syntax: typenumber=number
Example: type0=2
Default: 0 (zero)
collections String Lets you restrict a search to one or more specified

search sites. The search site name you specify
using this parameter must exactly match the name
of the search site.
You can specify more than one search site by using

the same key word, as in the following:
collection=DocRoot&collection=myCollection.
Syntax: collections=index
Example: collections=Statistics

103-000133-001
August 29, 2001
Novell Confidential
date Integer Lets you specify a date range to be searched in

milliseconds. The example shows the number of
milliseconds spanning a three-month time frame.
The minus sign (-) before the number indicates
three months back in time.
If you pass a positive number such as

940457147873, then Web Search creates a date
and time based on the number of milliseconds
elapsed since January 1, 1970; 12:00 a.m. The
example number 940457147873 produces the
search start date of October 20, 1999, at 4:05:47
p.m.
Syntax: date=number
Example: date=-7905600000
numhits Integer Indicates the number of hits you want returned at

one time in the search results page.
Syntax: numhits=number
Example: numhits=25
Default: 25
starthit Integer Indicates the hit number you want Web Search to
begin searching from. If you entered 35 as the
STARTHIT parameter value, Web Search would
return hits beginning with hit number 35.
Syntax: starthit=number
Example: starthit=35
Default: 1
lang String Lets you specify a language using the two-

character, lowercase language value derived from
ISO6391.
Syntax: lang=language_code
Example: lang=ja
Default: en (English)

103-000133-001
August 29, 2001
Novell Confidential
country String Lets you specify your country using the two-
character, uppercase country value derived from
ISO3166.
Syntax: country=country code
Example: country=TW
Default: None
template String Lets you specify the specific results template you
want your search results returned in. The following
list of templates are the default templates included
with the Web Search Server. However, your Web
Search Server administrator might have created
custom templates using different names. Check with
your administrator if these templates do not work for
you. You must type the names of these templates
exactly as they appear in this list:
ResultListTemplate.html
ResultListTerseTemplate.html
ResultListVerbose.html
PrintResultTemplate.html
Localized versions for multiple languages can also

be used. See “Working with Multiple Languages” on
page 213.
Syntax: template=filename
Example: template=ResultList.html
theme String The name of the theme, or directory, where a

theme’s search and print templates are stored.
Syntax: theme=theme_name
Example: theme=Intranet
showfirsthit Boolean If true, rather than displaying the search results

page, this parameter automatically goes to the URL
of the first hit on the current page.
Syntax: showfirsthit=value
Example: showfirsthit=True

103-000133-001
August 29, 2001
Novell Confidential
retfield String Lets you determine the level of detail given about
each result item. The fewer the details, the faster a
search is returned to a user.
Field names include title, author, URL, changedate,

language, summary, relevance, and filelength.
NOTE: Type these fields exactly as they appear.
To specify more than one field, use the RETFIELD

parameter and value, separated by an ampersand
(&) as in the following:
retfield=title&retfield=author
Syntax: retfield=field_name
Example: retfield=title
buttonpressed String A button pressed by the user. If this value is part of

the query, then a response message should not be
sent to the client.
Options include Yes, No, OK, Cancel, Continue,

Ignore, Retry, Prev, Next, and Help.
Syntax: buttonpressed=button_name
Example: buttonpressed=Cancel
gettotalhits Boolean Lets you enable or disable the total number of hits
parameter. For example, if you set the
GETTOTALHITS parameter to FALSE, the Total
Number of Hits label on the results page will display
0 (zero). Setting this parameter to TRUE will show
the total number of hits found during the search.
Syntax: gettotalhits=value
Example: gettotalhits=false
Default: True

103-000133-001
August 29, 2001
Novell Confidential
retencoding String Lets you specify a character set encoding to be

used by all results pages returned to users.
Syntax: retencoding=content type
Example: retencoding=iso-8859-1
Default: UTF8
sortkeys Integer Lets you specify the number of sort fields that
should be used to sort the search results.
Syntax: sortkeys=number
Example: sortkeys=1
sortfield String Syntax: sortfieldnumber=number
Example: sortfield1=title
Allows you to specify the sort order of results

returned in a results page.
Field names include title, author, URL, changedate,

language, summary, relevance, and filelength.
IMPORTANT: Type these fields exactly as they

appear above.
To specify more than one field, use the SORTFIELD

parameter and value, separated by an ampersand
(&) as in the following:
retfield=title&retfield=author
sortorder Integer Lets you specify the alphanumeric ordering of

search result items (hits). Options include the
following:
0= Ascending
1= Descending
2= Default for each field.
Syntax: sortordernumber=number
Example: sortorder1=0

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
19 Internationalizing Your Search

Solution
NetWare® Web Search Server is capable of handling search queries, search

results, templates, and Web content in many languages and character sets.
Web Search can auto-detect languages and character sets, but to ensure a
complete international search solution, you must identify language, country,
and character information throughout your Web Search implementation.
This chapter discusses all of the issues related to supporting multiple
languages from a single search solution.
Working with Multiple Languages

Customizing your search solution is important only if you want to let your
users conduct language-specific searches. You specify the language of a
template by inserting a language identifier in the META tag of your templates
or HTML files. The language identifier can also be used in Search Results
pages to let users quickly recognize the search results that interest them.
NetWare Web Search Server also lets Web clients specify their locale at the
time the search query is entered. The default Search page illustrates this
feature by auto-detecting a user's locale and selecting the appropriate language
from the Display Language drop-down list. This selection sends two
parameters to the Web Search Server: language and country. The country
parameter is almost always blank. The search engine uses this information to
find locale-specific versions of the templates used to return search results.
To specify the language of a template or of any HTML content that gets
indexed as part of your search site, you must enter a language identifier within
an HTML file’s header section. For example, if you wanted to identify a
Russian template, you would add the following META tag:
<meta http-equiv="Content-Language" content="ru">
In some cases, such as Traditional and Simplified Chinese, you will need to
use the two-character, uppercase country codes. For example:
<meta http-equiv="Content-Language" content="zh-TW">
<meta http-equiv="Content-Language" content="zh-CN">
Internationalizing Your Search Solution 213

103-000133-001
August 29, 2001
Novell Confidential
The first line of the example indicates the Chinese language (ZH) and the
geographic location as Taiwan. The second line of the example indicates the
Chinese language (ZH) but China as the geographic location.
This combination of language and country codes is called a locale. For more
information about locales, refer to Table 16 on page 222.
Specifying Locales within Template Filenames

NetWare Web Search Server consists of three primary servlets: SearchServlet,
PrintServlet, and AdminServlet. Each servlet returns information to the Web
client using server-side templates. Templates are stored on at
volume:\searchroot\TEMPLATES. For more information about templates, see
Chapter 16, “Understanding Templates,” on page 177.
After determining a Web client’s locale, Web Search attempts to locate a
matching search result template. That is, each of the Web Search services
automatically attempts to locate a version of the requested template that most
closely matches the Web client’s locale.
IMPORTANT: NetWare Web Search cannot find locale-specific templates without
the two-character language code and the optional two-character country code. See
Table 16 on page 222 for more information about language code syntax.
For example, if a Web client requests to see search results using the
ResultListTemplate.html file and the client is a Chinese language user from
Taiwan and the server is Russian, then Web Search will try to find a Chinese-
Taiwan version of the template first (ResultListTemplate_zh_TW.html)
because that exactly matches the client's language and country. The following
table lists the template names the system would look up in this example in
order of priority.
Template Name What Web Search Concludes
1. ResultListTemplate_zh_TW.html Specific client locale
2, ResultListTemplate_zh.html Simplified client locale
3. ResultListTemplate.html Client requested name
4. ResultListTemplate_ru.html Specific server locale (no simplified

versions)
5. ResultListTemplate_en.html English language version
6. ResultListTemplate.html Up to the first underscore ( _ )

103-000133-001
August 29, 2001
Novell Confidential
If this scenario were reversed so that the search client was Russian and the
server was Chinese (Taiwan), and the client requested the
ResultListTemplate_ja.html template, then the lookup order would follow the
order shown in the following table.
Template Name What Web Search Concludes
1. ResultListTemplate_ja_ru.html Specific client locale (no simplified

versions)
2. ResultListTemplate_ja.html Client requested name
3. ResultListTemplate_ja_zh_TW.html Specific server locale
4. ResultListTemplate_ja_zh.html Simplified server locale
5. ResultListTemplate_ja_en.html English language version
6. ResultListTemplate.html Up to the first underscore ( _ )
All templates undergo this rigorous lookup system. Once a template is located,
its name is stored and associated with the original client locale so that all
subsequent requests for that template from the same locale automatically find
the template without performing the same rigorous lookup.
No further lookups are attempted for that combination of client locale and
template name until the NetWare Web Search Server is restarted. If all
template lookups fail, then an error message is returned to the client
performing the search.
Understanding Character Set Encodings

A character set is a grouping of alphabetic, numeric, and other characters that
have some relationship in common. For example, the standard ASCII
character set includes letters, numbers, symbols, and control codes that make
up the ASCII coding scheme.
A character set encoding is the mapping of a character set to a value that can
be understood and processed by a computer.
NetWare Web Search relies on character set encodings to identify the
characters used when performing a search, reading a template, posting results
to a Web browser, or indexing Web-based content. If the encoding information
is missing in any of these areas, NetWare Web Search uses the default

103-000133-001
August 29, 2001
Novell Confidential
encodings identified in the SearchServlet and PrintServlet properties files.

You can modify these settings using NetWare Web Search Manager.
Because most languages have several encodings that their character sets are
identified by, NetWare Web Search Server supports a wide variety of character
set encodings and encoding aliases.
Some examples of character set encodings include iso-8859-1, shift_jis, big5,
and latin2. The official list of registered encodings is available from the
Internet Assigned Numbers Authority (see Table 16 on page 222). These are
the official names for character sets that can be used in the Internet and can be
referred to in Internet documentation. However, not all IANA-registered
character set encodings are supported by NetWare Web Search Server. Refer
to Table 16 on page 222 for a list of encodings and encoding aliases that are
supported by NetWare Web Search Server.
Unicode and UTF8

Unicode is a 16-bit character encoding standard developed by the Unicode
Consortium. By using two bytes to represent each character, Unicode enables
almost all of the written languages of the world to be represented using a
single character set. Unicode does not require any special processing to access
any character in any language.
This makes Unicode very easy to use when processing text from multiple
languages and scripts. This is the reason NetWare Web Search converts all
external files into Unicode for processing.
As already mentioned, Unicode is two bytes wide for all characters. Although
this is ideal for computer processing, it doubles the size of all single-byte
languages. This has a significant impact on Internet performance. For this
reason, NetWare Web Search also supports an alternate representation of
Unicode known as UTF-8. UTF-8 is a Unicode Transformation Format that
uses sequences of 1 to 6 bytes to represent all the characters in the Unicode
standard. Most notably, ASCII characters are transmitted without any
conversion at all. This means that most Internet content is already in the UTF-
8 representation. Many Asian languages, however, require three bytes per
character in the UTF-8 format. Other languages can require up to six bytes to
represent each of their characters.
You will have to decide if Unicode or UTF-8 best meets your needs when
creating HTML content, Web Search templates, or search pages.

103-000133-001
August 29, 2001
Novell Confidential
Search Encodings
The only encodings NetWare Web Search currently supports when performing
a search are Unicode and UTF-8. Therefore, any page that allows Web users
to enter a search must ensure that the results are passed to the server in one of
these two formats. See “Template Encodings” on page 219 for more
information.
To pass Unicode characters to NetWare Web Search, use the syntax
%uHHHH, where
Percent sign (%) is used as the CGI escape character
Lowercase letter U (u) indicate that the subsequent 4 characters represent
a Unicode value.
Four uppercase H letters (HHHH) indicate four hexadecimal characters
(0-9, A-F)
To pass UTF-8 characters to NetWare Web Search, just use normal ASCII
characters or the syntax %HH... for all other characters, where
% is the CGI escape character
HH indicates two hexidecimal characters (0-9, A-F)
. . . indicates additional %HH groupings that might be required to
properly transmit a character
HINT: If the encoding of the page containing a search form is already set to UTF-
8 or Unicode, most browsers automatically transmit the entered search text
correctly using the designated encoding.
By default, NetWare Web Search uses UTF-8 in its sample search pages.
Response Encodings
One of the many parameters that can be sent when conducting a search is the
encoding that should be used when returning the results back to the browser.
All NetWare Web Search encodings listed in Appendix B, “Combined
Character Sets for Use with NetWare Web Search,” on page 227 can be used.
If the search result page contains the ability to refine or redo the search, then
the response encoding can significantly impact the possible characters that can
be entered when conducting the next search from this page. For example, if
the user requests results in the iso-8859-1 encoding (HTML's default), then
only iso-8859-1 characters can be entered in the subsequent search from that

103-000133-001
August 29, 2001
Novell Confidential
page. Other characters can still be sent to the Web Search services using the
%uHHHH and %HH formats, but the browser will not allow users to enter
normal text characters other than that supported by iso-8859-1.
Although Web Search can return search results from many languages, some
characters found in titles and descriptions might be returned as question marks
(?) indicating that these characters are not available in the current response
encoding. If a character can be represented in the current encoding but a font
is not available, many browsers will substitute an alternate character such as
an empty box character. Once the appropriate fonts have been installed, these
characters will then display properly.
By default, NetWare Web Search returns all search, print, and administration
pages in UTF-8.
HTML Encodings
Since HTML content can contain text written in many character sets, all
HTML files need to include a tag that identifies the character set encoding. To
identify the encoding of an HTML file (or search template), use the following
META tag at the top of the file's header section:
<meta http-equiv="Content-Type" content="text/html;
charset=Shift_JIS">
In this example, you would replace Shift_JIS with the appropriate Internet
Assigned Numbers Authority (IANA)-assigned encoding value.
It is very important that the CHARSET value accurately represent the
character set encoding that was actually used when the HTML Web content or
Web Search template was created. A correct entry allows Web Search to
accurately interpret and convert the characters in the document. An incorrect
entry prevents Web Search from being able to read the characters as valid data
in the authored language.
IMPORTANT: Improperly identified characters result in garbled text. In some
cases, the Web-based content cannot be properly indexed or printed. In the most
severe cases, the document being read might produce a server-side exception,
which will ultimately discontinue processing the document and perhaps the entire
current operation.
Because Web Search is Unicode-based, when reading templates or when

indexing or printing HTML content, all character encodings are converted
from their source encoding to Unicode for internal processing.

103-000133-001
August 29, 2001
Novell Confidential
During indexing, if a document contains characters not supported by the

designated encoding, if the document doesn't have an encoding designation,
or if the designation is inaccurate, the indexer will do its best to recover. But
if it cannot, it might index the information incorrectly or quit indexing that
page entirely.
When reading a template file, Web Search might automatically cease
processing the file if it contains any characters not supported by the current
encoding. It will try to ignore the invalid text and continue, but this might not
be possible.
When displaying search results or when printing HTML content, any
character that does not match the specified response encoding will receive a
question mark (?) in its place when rendered at the browser. Although some
characters are properly supported by the current encoding, the browser might
not have the required fonts to display the characters. In this case, users might
see square boxes representing these characters. This is an indication that the
valid character reached the browser, but the operating system could not
provide a font to properly render the character. The user would than have to
either change fonts or install the correct fonts in order to properly display the
characters.
HINT: If a document does not contain a CHARSET encoding value, the default
encoding for HTML documents is ISO-8859-1, also known as Latin1. The default
encoding for plain text documents is US-ASCII.
Web Search also allows administrators to define the default encodings for
templates, HTML content when printing, and search and print responses.
Refer to the NetWare Web Manager Help for information about changing the
default encodings.
Template Encodings
All HTML documents should include a Content-Type META tag identifying
their character set encodings. The character set encoding allows HTML Web
clients (or browsers) to understand the contents of the file. This tag is also used
by browsers to automatically switch their display system and fonts to correctly
show the Web page's contents. This lets users surf the World Wide Web
without having to constantly change their display system as they encounter
content from various languages and characters sets.
However, because NetWare Web Search lets administrator specify both
template encodings and response encodings, browsers might get confused
when presented with the valid response encoding in the HTTP header and one

103-000133-001
August 29, 2001
Novell Confidential
or more alternate encodings from the Content-Type META tags within the file
that was part of the original Web Search template.
NOTE: $$IncludeFile[ ] templates can also contain their own Content-Type meta
tags.
To solve this problem, NetWare Web Search allows placing the Content-Type
META tag specifying the template's encoding within an HTML comment.
This effectively obscures the original template encoding from the browser, but
still allows Web Search to read the encoding when the template file is
processed.
A sample Web Search template is illustrated below. The Content-Type META
tag has been hidden inside of an HTML comment. This template can be
embedded within other templates using the $$IncludeFile[ ] template variable
without affecting Web Search's ability to distinguish between the various
encodings. This file can also be processed and then sent to a user's Web
browser without conflicting with the response encoding provided by Web
Search in the HTTP response headers.
<html>
<head>



</head>
<body>
Template data here.
</body>
</html>

103-000133-001
August 29, 2001
Novell Confidential
Encoding Issues When Printing

When NetWare Web Search processes a print request, it gathers the entire
contents of each file and builds an appended print job page, one file after
another. Each file can contain its own Content-Type META tag identifying its
encoding. Each file's encoding will be used by Web Search to convert that file
into Unicode before being sent out using the response encoding.
Unfortunately, all of these encoding META tags might confuse the browser's
display system. While Web Search has already properly converted the files
into a single response encoding, the browser sees the Content-Type META
tags which direct it to do something else, and gets confused.
The way to solve this problem is to create a print results template that contains
a Content-Type META tag encoding at both the top and bottom of the file,
before and after the various documents get printed. All current browsers take
either the first Content-Type META tag that they encounter or the last.
Constructing a print template with both satisfies all browsers.
Languages Included in the Default Templates

There are additional search and print templates for each of the following
languages:
Chinese (Traditional and Simplified)
English
French
German
Italian
Japanese
Korean
Portuguese
Russian
Spanish
Templates are stored at volume:\searchroot\TEMPLATES.

103-000133-001
August 29, 2001
Novell Confidential
Where to Go From Here

The following table lists additional resources for learning more about locales,
country and language codes, and encodings.
Table 16 Additional Information Resources
Component Resource Location
Language and country RFC1766 (http://www.ietf.org/rfc/rfc1766.txt)

codes (locale)
NOTE: While RFC1766 uses the hyphen character ( - ) to separate language
and country information, Web Search uses the underscore character ( _ ) in
order to conform to the Java convention.
ISO639 (http://www.ics.edu/pub/ietf/http/related/iso639.txt)
ISO3166 (http://www.chemie.fu-berlin.de/diverse/doc/ISO_3166.html)
Character sets Internet Assigned Numbers Authority (IANA) Character Set registry (http://
www.isi.edu/in-notes/iana/assignments/character-sets)
Unicode Unicode Consortium home page (http://www.unicode.org/)
UTF-8 "UTF-8: A Transformation Format of ISO10646" (ftp://nis.nsf.net/internet/

documents/rfc/rfc2279.txt)

103-000133-001
August 29, 2001
Novell Confidential
IV Appendixes
This section contains additional information and reference materials related to

several Web service components:
Appendix B, “Combined Character Sets for Use with NetWare Web
Search,” on page 227
Appendix C, “HTTP Methods and eDirectory Trustee Requirements,” on
page 245
Appendix D, “Managing Users and Groups Using Local Database or
LDAP Modes,” on page 247
Appendix E, “Controlling Access to Your Server Using Local Database
or LDAP Modes,” on page 265
Appendix F, “Port Number Assignments,” on page 285
Appendixes 223

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
A Troubleshooting NetWare Web Search
This appendix provides some troubleshooting topics that can help you
overcome search and print performance issues.
Troubleshooting
Characters of descriptions or titles appear as intelligible characters
Possible Cause: You've probably indexed documents written in multiple languages and
encodings. Web Search can index most of the world’s languages and
encodings. However, Web Search needs to know the encoding of each
document.
Possible Cause: Some of your documents were probably not tagged with an encoding or were
incorrectly tagged.
Action: Make sure all of your documents contain the correct Content-Type META tag.
If your international documents do not contain a Content-Type META tag,
either add it or use the Encoding (If Not in META Tags) index definition
option to specify the default encoding.
Several titles or descriptions contain the same text

Possible Cause: If search results include duplicate titles or descriptions, your description fields
(description, summary, or abstract) might include boilerplate information.
Action: The more accurate your META tag description fields are, the better your
search results will be. Where possible, consider adding descriptions to your
document’s META tags.
Possible Cause: It could also be that you have indexed the same document more than once, or
several links throughout your Web site might point to the same document but
do so using different character cases each time.
Action: To solve the latter problem, try using the URLs Are Case Sensitive option to
direct Web Search to turn off case-sensitive crawling. Also, remove any
duplicate backup files you might have and exclude any backup directories
from your index definition.
Troubleshooting NetWare Web Search 225

103-000133-001
August 29, 2001
Novell Confidential
Some titles are returned as the URL of the document instead

Possible Cause: Web Search pulls document titles from within each document that it indexes.
If your document doesn't have a title, Web Search uses the URL or path of the
document instead. If the URL is unavailable, a Title Unavailable message is
returned.
Action: Make sure all of the documents you index have specifically defined titles.
Additional Assistance
If the problem you are working with doesn’t appear in this appendix, visit the
Novell® Support Connection Web site (http://support.novell.com).

103-000133-001
August 29, 2001
Novell Confidential
B Combined Character Sets for Use with

NetWare Web Search
The following tables list the character set encoding names and aliases that
Web Search recognizes when indexing, searching, displaying, or printing
files. This information is a subset of the character names registered by the
Internet Assigned Numbers Authority (IANA).
Whenever possible, the items listed in the first column of each table are the
preferred MIME names listed in the Internet Assigned Numbers Authority
(IANA) Character Sets registry. If a preferred MIME name is not available,
items in the first column represent the primary registered names.
Items in the second column of each table are aliases which are also at times
used to identify that encoding.
Note that not all aliases exactly represent the parent encoding under which
they are listed. In these cases, they overlap significantly enough that they will
be handled identically by the various NetWare® Web Search engines.
HINT: Character encodings appear in the exact case specified in the Internet
Assigned Numbers Authority (IANA) Character Sets registry. Some uses of these
encodings are case sensitive. However, NetWare Web Search ignores the case of
these encodings.
Combined Character Sets for Use with NetWare Web Search 227

103-000133-001
August 29, 2001
Novell Confidential
ASCII Character Set
Preferred MIME Name or Primary Encoding Names

Registered Name
US-ASCII (MIBenum: 3)* ANSI_X3.4-1968
ANSI_X3.4-1986
ASCII
ascii7
iso_646-us
ISO646-US
ISO_646.irv:1991
iso-ir-6
646
us
IBM367
cp367
csASCII
IBM437 (MIBenum: 2011) ibm-437
cp437
437
csPC8CodePage437
* A MIBenum is a record number corresponding to an entry in IANA’s

Management Information Base.

103-000133-001
August 29, 2001
Novell Confidential
Arabic Character Set
Preferred MIME Name or Primary Encoding Aliases

Registered Name
ISO-8859-6 (MIBenum: 9) ISO_8859-6:1987
ISO_8859-6
iso8859-6
iso8859_6
8859_6
IBM1089
ibm-1089
cp1089
1089
iso-ir-127
ECMA-114
ASMO-708
arabic
csISOLatinArabic
Windows-1256 (MIBenum: 2256) cp1256
win1256
ms1256

103-000133-001
August 29, 2001
Novell Confidential
Chinese (Simplified) Character Set

Registered Name
gb2312 (MIBenum: 2025) csGB2312
gb_2312-80 (MIBenum: 57) iso-ir-58
chinese
csISO58GB231280
gb2312-80
gb2312-1980
gb-2312-80
gbk GBK
windows-936
ms936
cp936
cp-936
euc-cn EUC_CN
euccn
euc-gb

103-000133-001
August 29, 2001
Novell Confidential
Chinese (Traditional) Character Set

Registered Name
big5 (MIBenum: 2026) Big5
windows-950
win950
ms950
csBig5
IBM950 (MIBenum: ????) ibm-950
cp950
cp-950
950

103-000133-001
August 29, 2001
Novell Confidential
Cyrillic Character Set

Registered Name
ISO-8859-5 (MIBenum: 8) ISO_8859-5:1988
ISO_8859-5
iso8859-5
iso8859_5
8859-5
iso-ir-144
IBM915
ibm-915
cp915
915
cyrillic
csISOLatinCyrillic
KOI8-R (MIBenum: 2084) koi8_r
koi8
cp878
cp-878
csKOI8R
Windows-1251 (MIBenum: 2251) win1251
cp1251
ms1251

103-000133-001
August 29, 2001
Novell Confidential
European Character Set

Registered Name
ms1252
win1252
ansi
ansi-1252
ISO-8859-1 (MIBenum: 4) ISO_8859-1:1987
ISO_8859-1
iso8859-1
iso8859_1
8859_1
iso-ir-100
IBM819
ibm-819
CP819
819
l1
latin1
csISOLatin1

103-000133-001
August 29, 2001
Novell Confidential

Registered Name
ISO-8859-2 (MIBenum: 5) ISO_8859-2:1987
ISO_8859-2
iso8859-2
iso8859_2
8859_2
iso-ir-101
IBM912
ibm-912
cp912
912
l2
latin2
csISOLatin2
ISO-8859-3 (MIBenum: 6) ISO_8859-3:1988
ISO_8859-3
iso8859-3
iso8859_3
8859-3
iso-ir-109
IBM913
ibm-913
cp913
913
l3
latin3
csISOLatin3

103-000133-001
August 29, 2001
Novell Confidential

Registered Name
ISO-8859-4 (MIBenum: 7) ISO_8859-4:1988
ISO_8859-4
iso8859-4
iso8859_4
8859-4
iso-ir-110
IBM914
ibm-914
cp914
914
l4
latin4
csISOLatin4
ms1250
win1250
IBM850 (MIBenum: 2009) (UNICODE) ibm-850
cp850
850
csPC850Multilingual
cp852
852
csPCp852

103-000133-001
August 29, 2001
Novell Confidential

Registered Name
cp860
860
csIBM860
cp863
863
csIBM863
cp865
865
csIBM865

103-000133-001
August 29, 2001
Novell Confidential
Greek Character Set

Registered Name
ISO-8859-7 (MIBenum: 10) ISO_8859-7:1987
ISO_8859-7
iso8859-7
8859_7
IBM813
ibm-813
cp813
813
iso-ir-126
ELOT_928
ECMA-118
greek
greek8
csISOLatinGreek
ms1253
win1253

103-000133-001
August 29, 2001
Novell Confidential
Hebrew Character Set

Registered Name
ISO-8859-8 (MIBenum: 11) ISO_8859-8:1988
ISO_8859-8
iso8859-8
8859_8
ibm916
ibm-916
cp916
916
iso-ir-138
hebrew
csISOLatinHebrew
cp1255
ms1255

103-000133-001
August 29, 2001
Novell Confidential
Japanese Character Set

Registered Name
ISO-2022-JP (MIBenum: 39) iso2022-jp
iso-2022-jis
junet
jis
jis_encoding
csJISEncoding
csISO2022JP
ISO-2022-JP-2 (MIBenum: 40) iso-2022-jp2
csISO2022JP2
Shift_JIS (MIBenum: 17/2024) sjis
shift-jis
ShiftJis
x-sjis
x-shift-jis
windows-31j
csWindows31J
ms932
cp932
win932
windows-932
MS_Kanji
csShiftJIS
pck
\u30b7\u30d5\u30c8\u7b26\u53f7\u53
16\u8868\u73fe

103-000133-001
August 29, 2001
Novell Confidential

Registered Name
EUC-JP (MIBenum: 18) Extended_UNIX_Code_Packed_Form

at_for_Japanese
eucjp
x-euc-jp
euc_jpnew 10/18/99
x-eucjp
eucjis
csEUCPkdFmtJapanese

103-000133-001
August 29, 2001
Novell Confidential
Korean Character Set

Registered Name
euc-kr (MIBenum: 38) euc_kr
euckr
csEUCKR
ks_c_5601-1987 (MIBenum: 36) ks_c_5601-1989
ksc5601-1987
ksc5601_1987
ksc_5601
ksc5601
5601
korean
csKSC56011987
IBM949 (MIBenum: ????) ibm-949
cp949
cp-949
949
Windows-949 (MIDenum: ????) win949
ms949

103-000133-001
August 29, 2001
Novell Confidential
Thai Character Set
Preferred MIME Name or Primary Ecoding Aliases

Registered Name
IBM874 (MIBEnum: ????) ibm-874
cp874
874
Windows-874 win874
ms874
Turkish Character Set

Registered Name
ISO-8859-9 (MIBenum: 12) ISO_8859-9:1989
ISO_8859-9
iso8859-9
8859_9
ibm920
ibm-920
cp920
920
iso-ir-148
l5
latin5
csISOLatin5
cp1254
ms1254

103-000133-001
August 29, 2001
Novell Confidential
Vietnamese Character Set
Preferred MIME Name or Primary Ecoding Aliases

Registered Name
ms1258
cp1258
cp-1258

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
C HTTP Methods and eDirectory Trustee

Requirements
HTTP access to a file or resource in Novell® eDirectoryTM mode is evaluated

using NetWare® file system trustee assignments, depending on the HTTP
method used. The table below defines the NetWare file system trustee
assignments required to grant access to Web resources using specified HTTP
methods.
This table applies only while running the Enterprise Web Server in eDirectory
mode.
HTTP Method NetWare Trustee Assignment Required for Access
COPY Read on source, Create on destination
DELETE Erase
EDIT Write
GET Read
HEAD File Scan
INDEX File Scan
MKDIR Create
MOVE Erase and Read on source, Create on destination
POST Read on the CGI executable file
PUT Create on parent directory if file is being created, or WRITE

if file is being replaced
HTTP Methods and eDirectory Trustee Requirements 245

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
D Managing Users and Groups Using

Local Database or LDAP Modes
This appendix covers creating and managing User and Group objects while
running in local database or LDAP modes. If you are running the Enterprise
Server in Novell® eDirectoryTM mode, refer to Chapter 7, “Using a Directory
Service to Control User Access to Network Resources,” on page 83.
HINT: If you are using eDirectory mode, you can use ConsoleOneTM to manage
users and groups. If you need to access eDirectory User and Group objects from
a remote location, use NetWare® Web Manager. Web Manager lets you add and
remove users and groups and manage access rights.
The procedures outlined in this section refer exclusively to Web Manager as the
directory managment tool for managing User and Group objects while in local
database or LDAP modes. For more information about using eDirectory, refer to the
Novell eDirectory 8.6 Administration Guide.
Creating Users
1 From the NetWare Web Manager home page, click Users and Groups >
organization > New User.
2 In the appropriate fields, enter the requested information. At a minimum,
you must specify the user’s
Surname
User ID
After entering a user’s first and surnames, the ID is automatically
generated in the User ID field. You can replace this user ID with an ID of
your own choice if you want.
IMPORTANT: The user ID must be unique. NetWare Web Manager ensures that
it is unique by searching the entire directory begining at the search base (base DN)
to see if the user ID is in use. However, if you use the ldapmodify command line
utility to create a user, be aware that the utility does not ensure unique user IDs. If
duplicate user IDs exist in your directory, the effected users will not be able to
authenticate to the directory.
3 Click Create User to add a user.
For information on editing users, see “Managing Users” on page 249.
Managing Users and Groups Using Local Database or LDAP Modes 247

103-000133-001
August 29, 2001
Novell Confidential
Manual 99a
38 July 17, 2001
Additional Information about User Entries

The following information might be of interest to the network administrator
concerning creating user entries:
User entries use the inetOrgPerson, organizationalPerson, and person
object classes. For more information on how these are used, search the
Novell Support Connection Web site (http://support.novell.com).
By default, the distinguished name for users is as follows:
cn=full name, ou=organization, ...,o=base organization,
c=country
For example, if a user entry for Sam Warden is created within the
Organizational Unit Engineering, and the directory's suffix is O=Ace
Industry, C=US, then the person's DN is
CN=Sam Warden, OU=Engineering, O=Ace Industry, C=US
However, you can change this format to a UID-based distinguised name.

Suffixes are optional if you are using the local directory. If you did not
configure a suffix for your local directory, then you literally use the string
“ “ (quote quote) to represent the search base on calls to ldapsearch.
The values on the user form fields are stored as the following LDAP
attributes:
User Field Corresponding LDAP Attribute
Given Name givenName
Surname sn
Full Name cn
User ID uid
Password userPassword
E-Mail Address mail
The following fields are also available when editing the user entry:
User Field Corresponding LDAP Attribute
Title title
Telephone telephoneNumber

103-000133-001
August 29, 2001
Novell Confidential
Managing Users
From the Manage Users form you can
Find user entries
Change user attribute values
Change the user's password
Manage the user's licenses
Rename the user's entry
Delete the user's entry
Change some, but not all, product-specific information. Web Services
servers add additional forms to this area that allow you to manage
product-specific information. For example, when a Web server is
installed under NetWare Web Manager, then an additional form is added
that allows you to edit settings specific to that server.
The following sections describe these activities in detail.
For more information regarding user entries when using a directory server, see
“Additional Information about User Entries” on page 248.
Finding User Objects

If you are running in LDAP or local directory modes and you need to edit a
User object, you can quickly search for and retrieve a User object.
1 From the Web Manager home page, click NetWare Enterprise Web Server
servername > Users and Groups.
2 In the Find User field, type some descriptive value for the entry that you
want to edit. You can enter any of the following in the search field:
A name: Type a full name or a partial name
A user ID
A telephone number
An e-mail address: Any search string containing an at (@) symbol is
assumed to be an e-mail address

103-000133-001
August 29, 2001
Novell Confidential
An asterisk (*): Type an asterisk to see all of the entries currently in

your directory (or achieve the same effect by simply leaving the field
blank)
Any LDAP search filter: Type a search filter to see any string that
contains an equal sign (=) that is considered a search filter
3 In the Format field, select either On-Screen or Printer.
4 Click Find.
The Find All Users Whose Field

This field allows you to build a custom search filter. Use this field to narrow
down the search results returned by Find User.
Find All Users Whose provides the following search criteria:
1. The left drop-down list lets you specify the attribute that the search will
be based on.
The options include the following:
Full Name
Last Name
User ID
Phone Number
E-Mail Address
2. The center drop-down list lets you select the type of search you want to
perform.
Contains: Entries with attribute values containing the specified
search string are returned.
Is: Use this option when you know the exact value of an user's
attribute.
Isn't: Returns all the entries whose attribute value does not exactly
match the search string. For example, if you want to find all the users
in the directory whose names are not Sam Warren, use this option.
NOTE: Using this option can cause an extremely large number of entries to
be returned to you.

103-000133-001
August 29, 2001
Novell Confidential
Sounds Like: Causes an approximate, or phonetic, search to be

performed. Use this option if you know an attribute's value, but you
are unsure of the spelling. For example, if you are not sure if a user's
name is spelled Sarret, Sarette, or Sarett, use this option.
Starts With: Returns all the entries whose attribute value starts with
the specified search string.
Ends With: Returns all the entries whose attribute value ends with the
specified search string.
3. In the right-most text field, type your search string.
Editing User Information

servername > Users and Groups > Manage Users.
2 Find the user entry you want.
See “Finding User Objects” on page 249 for more information.
3 Edit the field corresponding to the attribute that you want to change.
HINT: You might want to change an attribute value that is not displayed by the edit
user form. In this situation, use the ldapmodify command line utility.
You can change the user’s first, last, and full name field from this form; but to
fully rename the entry (including the entry’s distinguished name), you need to
use the Rename User form. For more information on how to rename an entry,
see “Renaming Users” on page 252.
Managing User Passwords

The password you set for user entries is used by the various Web Services for
user authentication. You can create, change, or disable a password.
3 At the top of the User Edit form, click Password.

103-000133-001
August 29, 2001
Novell Confidential
4 To create or change a password, type the new password and the

confirmation password, and then click Set Password.
5 To disable the password, click Disable Password.
This prevents the user from logging in to a Web Services server without
deleting the user's directory entry. You can reinstate the password by
using the Password Management form to enter a new password.
6 Click General to return to general user information.
Managing User Licenses

To track which Web Services your users are licensed to use, do the following:
2 At the top of the User Edit form, click Licenses.
3 Select the Web Services that you want the user to be able to use.
5 Click General to return to general user information.
HINT: Web Services does not enforce these licenses.
Renaming Users
2 Select the user entry you want.
3 Click Rename User.
4 Type the new name.
If you are using common name-based DNs, specify the user’s full name.
If you are using UID-based distinguished names, enter the new UID value
that you want to use for the entry.
5 Type the modified given name, surname, full name, or UID in the
applicable fields as is appropriate to match the new distinguished name
for the entry.

103-000133-001
August 29, 2001
Novell Confidential
If you are using common name-based distinguished names, and you

change the distinguished name to use a new common name, then you
should make sure that this new common name is listed as the first choice
in the list of full names. This ensures that the appropriate name is
displayed when a list showing this entry is generated.
HINT: The rename feature changes only the user’s name; all other fields are left
intact. In addition, the user’s old name is still preserved so searches against the
old name will still find the new entry.
When you rename a user entry, you only change the user’s name; you
cannot use the rename feature to move the entry from one Organizational
Unit to another. For example, suppose you have
Organizational Units for Marketing and Accounting
An entry named Sam Warren under the Marketing Organizational
Unit
You can rename the entry from Samuel Warren to Sam Warren, but you
cannot rename the entry such that Samuel Warren under the Marketing
Organizational Unit becomes Samuel Warren under the Accounting
Organizational Unit.
6 To return to the general information form, click General.
Removing Users
3 Click Delete User > OK.
Creating Groups
servername > Users and Groups > New Group.
2 In the Group Name field, type the group's name.
You can optionally add a description for the group in the Description
field.

103-000133-001
August 29, 2001
Novell Confidential
3 Click Create Group to add the group and immediately return to the New
Group form.
4 Click Create and Edit Group to add the group and then proceed to the Edit
Group form for the group you have just added.
For information on editing groups, see “Editing Group Attributes” on
page 256.
Managing Groups
From the Group Edit form you can
Find groups
Change group attributes
Add and delete owners of the group
Add and delete See Also information
Add and delete members of the group
Rename the group
Delete the group
Change the group's description
The following sections describe these activities in detail.
Finding Group Entries

servername > Users and Groups > Manage Groups.
2 In the Find Group field, type the name of the group that you want to find.
You can enter any of the following in the search field:
An asterisk (*): Type to see all of the groups currently residing in
your directory
Any LDAP search filter: Type to see any string that contains an equal
sign (=) that is considered to be a search filter

103-000133-001
August 29, 2001
Novell Confidential
4 Click Find.
5 In the resulting table, click the name of the entry you want to edit.
The Find All Groups Whose Field

This field lets you build a custom search filter. Use this field to narrow down
the search results.
Find All Groups Whose provides the following search criteria:
1. The left drop-down list lets you specify the attribute that the search is
based on.
The options are
Full Name
Description
2. In the middle drop-down list, select the type of search you want to
perform.
Is: Use this option when you know the exact value of a group’s
attribute.
Isn’t: Returns all the entries whose attribute value does not exactly
match the search string. If you want to find all the groups in the
directory whose names do not contain administrator, use this option.
performed. Use this option if you know an attribute’s value, but you
are unsure of the spelling. For example, if you are not sure if a
group’s name is spelled Sarret’s list, Sarette’s list, or Sarett’s list, use
this option.
Starts With: Returns all the entries whose attribute values start with
Ends With: Returns all the entries whose attribute values end with the
3. In the right-most text field, type your search string.

103-000133-001
August 29, 2001
Novell Confidential
Editing Group Attributes

2 Find the group you want to edit.
See “Finding Group Entries” on page 254 for more information.
3 In the Group Edit form, change the displayed fields as desired.
HINT: To change an attribute value that is not displayed by the group edit form,
use the ldapmodify command line utility.
Adding Group Members

2 Find the group you want to add members to.
3 Click Edit under Group Members.
A new form is displayed that allows you to search for entries. If you want
to add user entries to the list, make sure Users is shown in the Find drop-
down list. If you want to add group entries to the group, make sure Group
is shown.
4 In the right-most text field, type a search string.
Type any of the following:
A user ID: Use if you are searching for user entries
A telephone number
An e-mail address: Any search string containing an at (@) symbol is
assumed to be an e-mail address
An asterisk (*): Type an asterisk to see all of the entries or groups
currently residing in your directory
Any LDAP search filter: Type a search filter to see any string that
contains an equal sign (=) is considered to be a search filter

103-000133-001
August 29, 2001
Novell Confidential
5 Click Find and Add to find all the matching entries and add them to the
group.
If the search returns any entries that you do not want add to the group,
check the box in the Remove from List column. You can also construct a
search filter to match the entries you want removed and then click Find
and Remove.
6 When the list of group members is complete, click Save Changes.
Adding Groups to the Group Members List

You can add groups (instead of individual members) to the group’s members
list. Doing so causes any users belonging to the included group to become a
member of the receiving group. For example, if Sam Warren is a member of
the Marketing Managers group, and you make the Marketing Managers group
a member of the Marketing Personnel group, then Sam Warren is also a
member of the Marketing Personnel group.
To add a group to the members list of another group, add the group as if it were
a user entry. See “Adding Group Members” on page 256 for more information.
Removing Entries from the Group Members List

To delete an entry from the group members list:
3 Click Edit under Group Members.
4 For each member that you want to remove from the list, check the
corresponding box under the Remove from List column.

103-000133-001
August 29, 2001
Novell Confidential
Managing Owners
You manage a group’s owners list the same way as you manage the group
members list. The following table shows you which section to read for more
information.
If you want to Use the steps in
Add owners to the “Adding Group Members” on page 256

group
Add groups to the “Adding Groups to the Group Members List” on page 257
owners list
Remove entries “Removing Entries from the Group Members List” on page
from the owners 257
list
Managing See Alsos

See alsos are references to other directory entries that might be relevant to the
current group. They allow users to easily find entries for people and other
groups that are related to the current group.
You manage see alsos the same way as you manage the group members list.
The following table shows you which section to read for more information.
If you want to Use the steps in
Add users to See “Adding Group Members” on page 256

alsos
Add groups to See “Adding Groups to the Group Members List” on page 257
alsos
Remove entries “Removing Entries from the Group Members List” on page
from See alsos 257

103-000133-001
August 29, 2001
Novell Confidential
Removing Groups
2 Find the group you want to delete.
3 Click Delete Group > OK.
Renaming Groups
3 Click Rename Group.
4 Type the new group name.
When you rename a group entry, you only change the group’s name; you
cannot use the Rename feature to move the entry from one Organizational
Unit to another. For example, suppose you have
Organizational units for Marketing and Engineering
A group named Research and Development under the Engineering
You can rename the group from Research and Development to Development
and Research, but you cannot rename the entry such that Research and
Development under the Engineering Organizational Unit becomes Research
and Development under the Marketing Organizational Unit.
Creating Organizational Units

servername > Users and Groups > New Organizational Unit.
2 In the Unit Name field, type the name of the Organizational Unit.
3 In the optional Description field, you can type a description of the unit.
4 Click Create Organizational Unit.

103-000133-001
August 29, 2001
Novell Confidential
Additional Information about Organizational Units

The following information might be of interest to the directory administrator:
New Organizational Units are created using the OrganizationalUnit
object class.
The distinguished name for new Organizational Units is of the form:
ou=new organization, ou=parent organization, ...,o=base
organization, c=country
For example, if you create a new Organization called Accounting within
the Organizational Unit West Coast, and your Base DN is o=Ace Industry,
c=US, then the new Organization Unit's DN is
ou=Accounting, ou=West Coast, o=Ace Industry, c=US
Managing Organizational Units

Find Organizational Units
Remove Organizational Units
Edit Organizational Unit attributes
Rename Organizational Units
Delete Organizational Units
Finding Organizational Units

servername > Users and Groups > Manage Organizational Unit.
2 In the Find Organizational Unit field, type the name of the unit you want
to find. You can enter any of the following in the search field:
A name: Type a full name or a partial name.
An asterisk (*): Type to see all of the groups currently residing in
your directory.
Any LDAP search filter: Type to see any string that contains an equal
sign (=) is considered to be a search filter.
4 Click Find.
5 Click the name of the Organizational Unit that you want to find.

103-000133-001
August 29, 2001
Novell Confidential
The Find All Units Whose Field

This field allows you to build a custom search filter. Use this field to narrow
down the search results that are otherwise returned by Find Organizational
Unit.
Find All Units Whose provides the following search criteria:
1. The left drop-down list allows you to specify the attribute on which the
search will be based.
Unit name
Description
2. In the center drop-down list, select the type of search you want to
perform.
Is: Returns the exact value of an Organizational Unit's attribute.
Isn't: Returns all the entries whose attribute value does not exactly
match the search string. If you want to find all the Organizational
Units in the directory whose name does not contain "Marketing," use
this option.
performed. Use this option if you know an attribute's value, but you
are unsure of the spelling.
Starts With: Returns all the entries whose attribute value starts with
Ends With: Returns all the entries whose attribute value ends with the
3. In the right text field, type your search string.
For more information on how to find an Organizational Unit entry, see
“Finding Organizational Units” on page 260.

103-000133-001
August 29, 2001
Novell Confidential
Editing Organizational Unit Attributes

2 Find the Organizational Unit you want to edit.
See “Finding Organizational Units” on page 260 for more information.
3 In the Organizational Unit edit form, change the displayed fields as
desired.
HINT: It is possible that you will want to change an attribute value that is not
displayed by the Organizational Unit edit form. In this situation, use the ldapmodify
command-line utility.
Renaming Organizational Units

1 Make sure no other entries exist in the directory under the Organizational
Unit that you want to rename.
3 Find the Organizational Unit you want to edit.
4 Click Rename.
5 Type the new Organizational Unit name.
When you rename an Organizational Unit entry, you can only change the
Organizational Unit’s name; you cannot use the Rename feature to move the
entry from one Organizational Unit to another. For example, suppose you have
Organizational units for Marketing and Engineering
An Organizational Unit called User Research under the Marketing
Organizational Unit
You can rename the entry from User Research to User Validation, but you
cannot rename the entry such that User Research under the Marketing
Organizational Unit becomes User Research under the Engineering

103-000133-001
August 29, 2001
Novell Confidential
Deleting Organizational Units

1 Make sure no other entries exist in the directory under the Organizational
Unit that you want to rename.
3 Find the Organizational Unit you want to delete.
4 Click Delete > OK.

103-000133-001
August 29, 2001
Novell Confidential

103-000133-001
August 29, 2001
Novell Confidential
E Controlling Access to Your Server

Using Local Database or LDAP Modes
You can control who accesses the files on your Web site. This appendix
discusses the various methods you can use to determine who has access to
specific files or directories on your Web site. If you want to control who can
configure the Web server itself, see “Securing Web Manager” on page 33.
The NetWare® Enterprise Web server can be secured using either Novell®
eDirectoryTM or local database modes. While in eDirectory mode, you manage
access control through NetWare file system trustees.
Controlling Access Using Native eDirectory Mode

Novell eDirectory offers unparalleled directory services and is the best choice
for use with NetWare Web Services. eDirectory is one of the easiest and most
powerful directory services available today and is included with NetWare 6.
eDirectory is the default directory service mode for use by the NetWare
Enterprise Web Server. We recommend that you use eDirectory mode.
For a comparison of eDirectory, local database, and LDAP modes for use with
the Enterprise Web Server, see Chapter 7, “Using a Directory Service to
Control User Access to Network Resources,” on page 83.
Controlling Access with NetWare Web Access Controls
What Is Access Control?

Access control lets you determine who can access the server. There are two
options for controlling access:
User-Group: Requires users to enter a username and password before
accessing the server. Or the server can use client authentication by
checking an LDAP directory for a security certificate before giving
access to a file or set of files on your Web site.
Host-IP: Requires the user to view your Web site from a specific
computer, where the server recognizes the computer by either its
hostname or its IP address.
Controlling Access to Your Server Using Local Database or LDAP Modes 265

103-000133-001
August 29, 2001
Novell Confidential
User-Group Authentication
You can require users to authenticate themselves before getting access to your
Web site. Authentication means that users verify their identity either by
entering a username and password or by using a client certificate installed in
their Web browser. The first method of requiring the username and password
is the traditional method, which can be done with or without encryption. The
second method of using client certificates is the SSL method, which must be
done with encryption on. Refer to the Novell Documentation Web site (http:/
/www.novell.com/documentation) for more information on encryption.
Username and Password Authentication
If you require users to enter a username and password to get access to your
Web site, you store the list of users and groups in an LDAP database, which
can be either a file stored on the Web server computer or an LDAP server on
a remote computer, for example, Novell Directory Services (NDS) using
LDAP or by using NDS directly.
When users attempt to access a file or directory that has User-Group
authentication, the Web browser displays a dialog box asking the user to enter
a username and password. The server can get this information encrypted or
not, depending on whether encryption is turned on for your server.
After entering the username and password, users either see the requested file
or directory listing, or a message denying them access. This following figure
shows the authentication window.
Figure 9 Authentication Window

103-000133-001
August 29, 2001
Novell Confidential
IMPORTANT: If your server doesn't use SSL encryption, the username and
password that the end user types are sent unencrypted across the network.
Someone could intercept the network packets and read the username and
password being sent to the Web server. For this reason, User-Group authentication
is most effective when combined with SSL encryption, or Host-IP authentication, or
both.
Client Certificate Authentication

You can confirm users’ identities with security certificates before giving the
users access to your Web site. You can do this in the following two ways:
The server can use the information in the certificate as proof of identity.
The server can verify the certificate itself, provided the certificates are
published in an LDAP directory.
When a request comes in and you have client authentication on, the server
performs these actions in the following order:
When the browser sends the certificate, the server checks if the certificate
is from a trusted certificate authority (CA). If not, the server ends the
transaction.
If the certificate is from a trusted CA, the server maps the certificate to a
user’s entry using the CERTMAP.CONF file.
If the certificate maps correctly, then the Web server follows the ACL
rule, or command, specified for that user. The rule can deny or allow the
request.
Host-IP Authentication
You can limit access to files and directories on your Web site by making them
available only to people using specific computers. You specify hostnames or
IP addresses for the computers that you want to allow or deny. You can use
wildcard patterns to specify multiple computers or entire networks. If you
want to use Host-IP authentication, you must have DNS running in your
network and your computer must be configured to use it.
Users can access the files and directories immediately without entering a
username or password. If the computer doesn’t have access, the user will get
a message denying access. You can also customize this message.
HINT: It is possible for more than one person to have access to a computer. For
this reason, Host-IP authentication is most effective when combined with User-
Group authentication. If both methods of authentication are used, the end user will
have to enter a username and password before getting access.

103-000133-001
August 29, 2001
Novell Confidential
Access Control Files

When you use access control on your Web server, the settings are stored in a
file with the extension .ACL. Access control files are stored in the directory
server_root/server_typeACL, where server-type is the name of the server.
The main ACL filename is GENERATED-HTTPS-server-id.ACL. The
temporary working file is called GENWORK-HTTPS-server-id.ACL. If you
use the Server Manager forms to restrict access, you’ll have these two files.
However, if you want more complex restrictions, you can create multiple files
and reference them from the MAGNUS.CONF file. There are also a few
features available only by editing the files. For example, you can restrict
access to the server depending on the time of day or day of the week.
You also manually create and edit .ACL files if you want to customize access
control. For example, you might want to use an Oracle* or Informix* database
of users instead of an LDAP database. To do this type of customizing, you
need to use the access control API to program a hook into the server’s access
control structure. This API is written in C. For more information on the API,
see the Netscape DevEdge Online site (http://developer.netscape.com).
How Does Access Control Work?

You can control access to the entire server or to parts of the server (directories,
files, file types). When the server evaluates an incoming request, it determines
access based on a hierarchy of rules called access control entries (ACEs), and
then it uses the matching entries to determine if the request is allowed or
denied. Each ACE specifies whether or not the server should continue to the
next ACE in the hierarchy. The collection of ACEs is called an access control
list (ACL).
When a request comes in to the server, the server looks in OBJ.CONF for a
reference to an ACL, which is then used to determine access. By default, the
server has one ACL file that contains multiple ACLs.
For example, suppose someone requests the following URL:
http://www.novell.com/my_stuff/web/presentation.html
The server would first check access control for the entire server. If the ACL
for the entire server was set to continue, the server checks to see if there is an
ACL for the file type .HTML. Then it checks for an ACL for the directory
MY_STUFF. If one exists, it checks the ACE and then moves on to the next
directory. The server continues traversing the path either until it reaches an

103-000133-001
August 29, 2001
Novell Confidential
ACL that says not to continue or until it reaches the final ACL for the
requested URL (in this case, the file PRESENTATION.HTML).
To set up access control for this example using the Server Manager forms, you
could create an ACL for the file only or for each resource leading to the file,
for example, one for the entire server, one for the MY_STUFF directory, one
for the MY_STUFF/WEB directory, and one for the file.
The following sample ACL file illustrates one way to control access to this
resource.
# File automatically written
## You may edit this file by hand#
version 3.0;
# This ACL allows everyone in the local database or LDAP
directory
acl "agents";
prompt = "<Enterprise or News> Server";
};
deny (all)
user = "anyone";
user = "all";# This ACL denies all access to the
my_stuff directory
acl "path=C:\Novonyx\SuiteSpot\docs\my_stuff";
deny (all)
user = "anyone";# This ACL allows access to anyone in
the user database
acl "path=C:\Novonyx\SuiteSpot\docs\my_stuff\web";
allow (all)
user = "anyone";# This ACL allows access to the file to
anyone in the "my_group" group
acl
"path=C:\Novonyx\SuiteSpot\docs\my_stuff\web\presentation
.html";
allow (all)
user = "anyone";
group = "my_group"# This is the default ACL and denies
access to anyone
acl "default";
deny (all)

103-000133-001
August 29, 2001
Novell Confidential
Restricting Access
This section takes you through the process of restricting user access to
documents on your Web site. The sections following this one describe in detail
each option available when using access control. Keep in mind that most
access control rules use only a subset of the available options.
There is also a section of examples on restricting different resources. You can
review these examples in “Restricting Access to the Entire Server” on page
278.
To create an access-control rule:
A form appears on which you select and edit an existing access control
rule or specify a new rule by either choosing the resource you want to
apply to the rule (the file, directory, or wildcard pattern you want to
control) or typing a name to assign to the ACL. There are three sections
to this main form:
Pick a Resource: Allows you to specify a wildcard pattern for files or
directories to restrict access to (such as *.HTML) or to specify a
directory or a filename to restrict.
Pick an Existing ACL: Allows you to select an ACL that you've
created.
Type in the ACL Name: Allows you to create named ACLs. Use this
option only if you’re familiar with ACL files and the OBJ.CONF
configuration file. You’ll need to manually edit OBJ.CONF if you
want to apply named ACLs to resources.
2 In the section you want to modify, from the Editing field select the part of
your Web site (the resource) that you want to control.
For example, you can select Entire Server to set up access control for your
entire server.
HINT: Refer to Table 17 on page 272 at the end of this procedure for an example
list of resources that are typically given limited access control.
3 Click Edit Access Control.

4 Click New Line.
5 Click Deny to select the action you want to apply to the rule.

103-000133-001
August 29, 2001
Novell Confidential
The bottom frame displays a form where you can select whether you want
to allow or deny access to the users, groups, or hosts you’ll specify in the
following steps. Select the option you want > click Update.
6 Click Anyone to specify User-Group authentication listed under the
Users/Groups column.
7 Select the options you want > click Update.
See “Specifying Users and Groups” on page 273 for more detailed
information about each option.
8 Click Anyplace to specify the computers you want to include in the rule.
9 Select the options you want > click Update.
See “Specifying Hostnames and IP Addresses” on page 275 for more
information about each option.
10 Click All to specify the access rights you want to include in the rule.
Check the access rights in the bottom frame > click Update.
11 Click X under the Extra column to enter a customized ACL entry if you
are familiar with ACL files.
This area is useful if you use the access control API to customize ACLs.
12 Click Update.
13 Check the appropriate box in the Continue column if you want the access
control rule to continue in a chain.
This means the next line is evaluated before the server determines if the
user is allowed access.
14 Check Access Control Is On.
See “When Access Control Is On” on page 277 for more information.
15 Check Response When Denied if you want the user to be redirected to
another URL if their request is denied.
16 Select Respond with the Following URL > type the URL in the field.
17 Click Update.
See “Responding When Access Is Denied” on page 277 for more
information.
18 Repeat steps 8 through 17 for each rule you need.
19 Click Submit to store the new access control rules in the ACL file.

103-000133-001
August 29, 2001
Novell Confidential
If you click Revert, the server removes any changes you made to the rules
from the time you first opened the two-frame window
WARNING: Be cautious when using Revert because you cannot restore your
edits. In most cases, it is probably better to delete the rule lines individually.
Table 17 Example List of Resources That Are Typically Given Limited Access Control
Resource Wildcard What It Means
default A named ACL created during

installation that restricts write access,
so only users in the local database or
LDAP directory can publish
documents, for example, by using the
Web Publisher.
Entire Server One set of rules determines the

access to your entire Web site,
including any virtual servers you have
running. To restrict access to a virtual
server, specify the path of its
document root.
*.html Controls access to all files with an

.HTML extension.
*.cgi Controls access to all files with a

.CGI extension.
usr/ns-home/cgi-bin/* Controls access to all files and

directories in the CGI-BIN directory.
Note that the path is absolute. On NT,
the path must include the drive letter.
agents A named ACL that restricts access to

all agents. The Web server contains
this ACL by default.
uri=“/sales” Controls access to the SALES

directory in the document root. To
specify URIs, create a named ACL.
The following sections describe the options that appear in the bottom frame of
the access control window.

103-000133-001
August 29, 2001
Novell Confidential
Setting Access Control Actions

You can specify the action the server takes when a request matches the access
control rule.
Allow: The users or computers can access the requested resource.
Deny: The users or computers cannot access the requested resource.
The server goes through the list of ACEs to determine the access. For
example, the first ACE is usually to deny everyone. If the first ACE is set to
continue, the server checks the second ACE in the list. (If Continue is not
checked, everyone would be denied access to the resource.) If the second entry
matches, then the next ACE is used. The server continues down the list until
it reaches either an ACE that doesn’t match or that matches, but is set to not
continue. The last ACE that matches is used to determine if access is allowed
or denied. For example, any user in the database can view a file (read access),
but they must be in the Pubs group if they want to publish a file to the server.
Specifying Users and Groups

You can restrict access to your Web site based on the user who requests a
resource. With user and group authentication, users are prompted to enter a
username and password before they can access the resource specified in the
access control rule.
The Web server uses a list of users, who might be sorted into groups, to
determine access rights for the user requesting a resource. The list of users
(and the groups they are included in) are stored either in a database on the Web
server computer or in an LDAP server, such as the Netscape Directory Server.
You should make sure the database has users and groups in it before you set
access control.
You can allow or deny access to everyone in the database, or you can allow or
deny specific people by using wildcard patterns or lists of users or groups.
To configure access control with users and groups, follow the general
directions for restricting access. When you click the Users/Groups column, a
form appears in the bottom frame. The following list describes the options in
the form:
Anyone (No Authentication): Anyone can access the resource without
having to enter a username or password. However, the user might be
denied access based on other settings, such as hostname or IP address.

103-000133-001
August 29, 2001
Novell Confidential
Authenticated People Only: All users requesting the resource will have to
type a username and password before getting access.
If the username they enter isn’t in the database, the access control rule
won’t apply to them. However, if the rule says Deny and then a group is
listed, that group is denied, but everyone else in the database could be
allowed depending on if there is another ACL that matches their request.
All in the Authentication Database: Matches any user who has an entry in
the database. To use this option, you must also select Authenticated
People Only.
Only the Following People: Allows you to specify certain users and
groups to match.
User: Matches the individual users you specify.
Group: Matches all users in the groups you specify.
You can list the users and groups of users individually by separating the
entries with commas. Or you can enter a wildcard pattern. To use this
option, you must also select Authenticated People Only.
Prompt for Authentication: Allows you to specify message text that
appears in the authentication window. You can use this text to describe
what the user needs to enter. Depending on the operating system, the user
will see about the first 40 characters of the prompt. Netscape Navigator
and Netscape Communicator cache the username and password and
associate them with the prompt text. This means that if the user accesses
areas (files and directories) of the server that have the same prompt, the
user won't have to retype usernames and passwords. Conversely, if you
want to force users to reauthenticate for various areas, you simply need to
change the prompt for the ACL on that resource.
Authentication Methods: Specifies the method the server uses when
getting authentication information from the client.
Default: Uses the default method you specify in the OBJ.CONF file,
or Basic if there is no setting in OBJ.CONF. If you select Default in
this form, the ACL rule doesn't specify a method in the ACL file.
Default is the best choice because you can easily change the methods
for all ACLs by editing one line in the OBJ.CONF file.
Basic: Uses the HTTP method to get authentication information from
the client. The username and password are only encrypted if
encryption is turned on for the server.

103-000133-001
August 29, 2001
Novell Confidential
SSL: Uses the client certificate to authenticate the user. If you use
this method, SSL must be turned on for the server. If you have
encryption on, you can combine basic and SSL methods.
Other: Uses a custom method you create using the access control
API.
Authentication Database: Allows you to select a database that the server
uses to authenticate users. The default setting means the server looks for
users and groups in either the local database or an LDAP directory,
depending on the setting specified in the Administration Server.
However, you can configure individual ACLs to use different databases.
You can specify different databases and LDAP directories in the file
server_root/USERDB/DBSWITCH.CONF and then choose the database
you want to use in the ACL by selecting it in the drop-down list. If you
use the access control API to use a custom database (for example, to use
an Oracle or Informix database), you can type the name of the database in
the Other field in the Users & Groups form.
Specifying Hostnames and IP Addresses

You can restrict access to your Web site based on which computer the request
comes from. You specify this restriction by using wildcard patterns that match
the computers’ hostnames or IP addresses.
To specify users from hostnames or IP addresses, follow the general directions
for restricting access. Restricting by hostname is more flexible than by IP
address; if a user’s IP address changes, you won’t have to update this list.
Restricting by IP address, however, is more reliable; if a DNS lookup fails for
a connected client, hostname restriction cannot be used.
The hostname and IP addresses should be specified with a wildcard pattern or
a comma-separated list. The wildcard notations you can use are specialized;
you can only use an asterisk (*). Also for the IP address, the asterisk must
replace an entire byte in the address. For example, 198.95.251.* is
acceptable, but 198.95.251.3* is not. When the asterisk appears within an
IP address, it must be the right-most character. For example, 198.* is
acceptable, but 198.*.251.30 is not.
For hostnames, the asterisk must also replace an entire component of the
name. For example, *.novell.com is acceptable, but
*sers.novell.com is not. When the asterisk appears in a hostname, it
must be the left-most character. For example, *.novell.com is acceptable,
but users.*.com is not.

103-000133-001
August 29, 2001
Novell Confidential
Setting Access Rights

You can set access rights to files and directories on your Web site. In addition
to allowing or denying all access rights, you can specify a rule that allows or
denies partial access rights. For example, you can give people read-only
access rights to your files, so they can view the information, but not change
the files. This is particularly useful when you use the Web publishing feature
to publish documents.
When you create an access control rule, the default access rights are set to all
access rights. To change access rights, click the appropriate link in the Rights
column in the top frame, then check or uncheck the access rights you want to
set for a particular rule. The following list describes each access right you can
check.
Read Access: Lets a user view a file. This access right includes the HTTP
methods GET, HEAD, POST, and INDEX.
Write Access: Lets a user change or delete a file. This access right
includes the HTTP methods PUT, DELETE, MKDIR, RMDIR, and
MOVE.
Execute Access: Applies to server-side applications, such as CGI
programs, Java applets, and agents.
Delete Access: Lets users delete a file or directory.
List Access: Lets a user get directory information. That is, they can get a
list of the files in that directory. This applies to Web Publisher and to
directories that don't contain an INDEX.HTML file.
Info Access: Lets a user get headers (HTTP_HEAD method). This is
mainly used by the Web Publisher.
Writing Customized Expressions

You can enter custom expressions for an ACL. You can use this feature if you
are familiar with the syntax and structure of ACL files. There are a few
features available only by editing the ACL file or creating custom expressions.
For example, you can restrict access to your server depending on the time of
day, day of the week, or both.
The following customized expression shows how you could restrict access by
time of day and day of the week. This example assumes you have two groups
in your LDAP directory: the Regular group gets access Monday through
Friday, 8:00 a.m. to 5:00 p.m. The Critical group gets access all the time.

103-000133-001
August 29, 2001
Novell Confidential
allow (read)
{
(group=regular and dayofweek=”mon,tue,wed,thu,fri”);
(group=regular and (timeofday>=0800 and timeofday<=1700));
(group=critical)
}
For more information on valid syntax and ACL files, see the Help.
When Access Control Is On

You can turn off access control for any part of the server that a user accesses.
For example, you could create an ACL that restricts access to the resource
.HTML. You could then have an ACL for the entire server that is turned off.
In this case, the only time access-control is used is when a user requests any
file or directory in the *.HTML extension.
When you uncheck the option, you’ll get a prompt asking if you want to erase
records in the ACL. When you click OK, the server deletes the ACL entry for
that resource from the ACL file.
If you want to deactivate an ACL, you can comment out the ACL lines in the
file GENERATED-HTTPS-SERVER-ID.ACL by putting pound signs (#) at
the beginning of each line.
Responding When Access Is Denied

You can choose the response a user sees when denied access. You can vary the
message for each access control object. By default, the user is sent a message
that says the file wasn’t found. The HTTP error code "404 Not Found" is also
sent.
To change what message is sent for a particular ACL:
1 In the ACL form, click Response When Denied.
2 In the lower frame, select Respond with the Following URL.
3 In the text field, type a URL or URI to a text or HTML file in your server’s
document root that you want to send to users when they are denied access.
Make sure the file doesn’t contain references to other files, such as style
sheets or images, because they won’t be sent.
4 Click Update.

103-000133-001
August 29, 2001
Novell Confidential
IMPORTANT: Make sure any users who get the response file have access to that
file. If you have access control on the response file and the user is denied access
to both the original resource and the response file, the server will send the default
denied response.
5 Click Submit in the top frame.
Examples of Restricting Access

This section describes some common examples for restricting access to a Web
server and its contents. Some of these examples assume you set up the default
ACL to deny anyone access to the server. You can also add a deny all line
as the first rule to each of these examples, as done in the example for the entire
server.
Restricting Access to the Entire Server

This example allows access to users in a group called Employees, who access
the server from computers in a sub-domain. There are no access control rules
for other resources on the server. You might use this example if you have a
server for a department and you only want users to access the server from
computers in a specific subdomain of your network.
2 In the section called Pick a Resource, select the entire server from the
The resource must be selected.
4 Click New Line.
5 Click New Line again to create a second rule.
6 Click Deny in the second rule.
7 In the bottom form that appears, select Allow > click Update.
8 Click Anyone in the second rule.
9 In the bottom form, type the group that you want to have access to the
server.
For this example, type Employees in the Group field.
HINT: Note that the two options, Authenticated People Only and Only the
Following People, are checked automatically.

103-000133-001
August 29, 2001
Novell Confidential
10 Click Update.
11 Click Anyplace in the second rule.
12 In the bottom form, type a wildcard pattern for the hostnames of the
computers you want to allow.
For example, type *.emp.mozilla.com in the Host Names field.
13 Click Update.
14 Uncheck the Continue box in the second rule of the top frame > click
Submit.
Be sure to restart the server for the changes to take effect. The following text
is the ACL file for this example:
# File automatically written## You may edit this file by
hand#version 3.0;acl "default";deny (all) user =
"anyone";allow absolute (all) user = "employees" and
dns = "*.emp.mozilla.com";
Restricting Access to a Directory (Path)

This example lets users in a group called Executives have read access to a
directory and its subdirectories and files on the server. The user called CEO
has full permissions to the directory.
You might use this example if you have a directory on your server that one
person owns (he or she publishes to this directory) and you want one group of
users to read the files. For example, you might have a project owner who
publishes status information for the project team to review.
2 In the section called Pick a Resource, click Browse.
3 In the form that appears, click the link for the directory you want to
restrict.
HINT: If you want to view all files in your server root, click Options on the Choose
a Part of Your Server form > check the List Files As Well As Directories checkbox
> click OK.

5 Click New Line twice to create two rules.

103-000133-001
August 29, 2001
Novell Confidential
IMPORTANT: Don’t edit the default values for the first rule. These values deny all
access to the directory. You’ll edit the second rule to allow read access to the
Executives group.
6 Click Deny in the second rule.

8 Click Anyone in the second rule.
9 In the bottom form, type the group you want to have access to the server.
For this example, type Executives in the Group field.
10 Click Update.
11 Click All in the top frame.
12 Uncheck the Write and Delete access rights.
13 Click Update.
14 Click New Line to create a rule for the CEO user.
15 Select Allow.
16 Click Anyone in the third rule.
17 In the bottom form, type CEO in the User field > click Update.
18 Uncheck Continue for both the second and the third rules.
This means that the server ignores any ACLs for directories or files under
the directory you specified above.
19 Click Submit > Save and Apply.
The entry in the GENERATED.HTTPS-serverid.ACL file for this example

looks like this:
acl "path=d:/novonyx/suitespot/docs/senior-staff/";
deny (all)
user = "anyone";
allow absolute (read,execute,list,info)
group = "executives";
user = "ceo";

103-000133-001
August 29, 2001
Novell Confidential
Restricting Access to a URI (Path)

This example uses a URI to control access to a single user’s content on the
Web server. URIs are paths and files relative to the server’s document root
directory. Using URIs is an easy way to manage your server’s content if you
frequently rename or move all or part of it, for example, for disk space. It’s
also a good way to handle access control if you have additional document
roots.
This example gives anyone read access to files and directories in the path
specified by the URI /MY_DIRECTORY. Only one user (yourself in this
example) has full access to the directories and files.
You might use this example if you have several users who publish their
content on your server. The users want to have write access to their content,
and they want anyone to have read/execute access.
2 In the section called Type In the ACL Name, type the URI you want to
control.
For example, type URI=/my_directory. Click Edit Access Control.
The two-frame forms appear.
3 Click New Line to create the first rule that allows all users read access.
4 Click Deny.
6 Click All.
7 Uncheck the Write and Delete access rights.
This means users can’t add or remove files, but they can view them and
run any applications in the directories.
8 Click Update.
9 Click New Line to create a rule for the owner of the directory > select
Allow for the second rule.
10 Click Anyone.
11 In the bottom form, type ME in the User field > click Update.
12 Uncheck Continue for both the first and second rules.

103-000133-001
August 29, 2001
Novell Confidential
This means that the server ignores any ACLs for other URIs, directories,
or files under the URI you specified above.
13 Click Submit > Save and Apply.

looks like this:
acl "uri=/my_directory";
allow absolute (read,execute,list,info)
user = "anyone";
user = "me";
Restricting Access to a File Type

This example controls write and delete access to all files with the extension
.CGI. You might use this example if you only want specific users to create
programs that run on your server. In this example, anyone can run the
programs, but only users in the Programmers group can create or delete them.
2 In the section called Pick a Resource, click Wildcard.
3 In the prompt that appears, type *.CGI > click OK.
This wildcard pattern matches any request that contains a file or directory
with the .CGI extension.
5 Click New Line to create the first rule that will allow all users read access.
6 Click Deny.
8 Click All > uncheck the Write and Delete access rights.
This means users can’t add or remove files or directories with the .CGI
extension.
9 Click Update.
10 Click New Line to create a rule that allows write and delete access to the
Programmers group.
11 Select Allow for the second rule.

103-000133-001
August 29, 2001
Novell Confidential
12 Click Anyone.
13 In the bottom form, type Programmers in the Group field.
14 Click Update > Submit > Save and Apply.
In this example, both Continue boxes are checked. This means that if a file is
requested, the server will first look at the ACL for the file type, and then it will
continue to look for another ACL that matches, for example, an ACL on the
URI or the path. The server checks ACLs in the following order:
1. Pathcheck Functions in OBJ.CONF: For example, these could be
wildcard patterns for files or directories. The entry in the ACL file would
appear as follows: acl "*.cgi";
2. URIs: For example, a path relative to the document root. The entry in the
ACL file would appear as follows: acl ""uri=/my_directory";
3. Pathnames: For example, an absolute path to a file or directory. The entry
in the ACL file would appear as follows: acl
"path=d:\novonyx\suitespot\docroot1\sales/";
looks like this:
acl "*.cgi";
allow (read,execute,list,info)
user = "anyone";
allow (all)
group = "programmers";
Restricting Access Based on Time of Day

This example restricts write and delete access to the server during working
hours. You might use this example if you don’t want people publishing
documents at times when people might be accessing the files. This example
allows users to publish during the evening hours of the week (between 6:00
p.m. and 6:00a.m., Monday through Friday) and all times during the weekend.
2 In the section called Pick a Resource, select the entire server from the
Editing drop-down list > click Edit Access Control.
3 Click New Line.
4 Click Deny.

103-000133-001
August 29, 2001
Novell Confidential
6 Click All > uncheck the Write and Delete access rights.
This means that if a user wants to add, update, or delete a file or directory,
this rule won’t apply and the server will search for another rule that
matches.
7 Click Update.
8 Click New Line to create a rule that restricts the write and delete methods.
9 Select Allow for the second rule.
10 Click the X link to create a customized expression.
11 In the bottom field, edit the existing lines to include the following:
user = "anyone" anddayofweek = "sat,sun" or(timeofday >=
1800 andtimeofday <= 600)
12 You might want to select the entire text element and copy it to memory;
if there are errors, you’ll have to re-enter the text.
13 Click Update.
The top form will display unrecognized expressions in the Users/Groups
and From Host columns, because you created a custom expression.
14 Click Submit.
If you made any errors in the custom expression, you’ll get a JavaScript
alert. Correct any changes > click Submit again.
16 Restart your server for the changes to take effect.

103-000133-001
August 29, 2001
Novell Confidential
F Port Number Assignments
Port numbers enable IP packets to be sent to a particular process on a computer

that is connected to the Internet. Some port numbers are permanently
assigned; for example, e-mail data under SMTP goes to port number 25. A
process such as a Telnet session receives a temporary port number when it
starts. The data for that Telnet session goes to newly assigned port number,
and the port number goes out of use when the telnet session ends.
A total of 65,535 port numbers are available for use.
Some port numbers in NetWare® 6 can be reasssigned from one net service to
another. Others cannot be reassigned. When adding or removing products or
services from your NetWare 6 installation, or when making new port number
assignments, refer to the following table, which indicates default port
assignments and notes which ports can be reassigned and which cannot.
The symbols used in the table indicate the following:
= The port is configurable
= The port is not configurable
= Dependent on a subsystem
= Availability and dependency cannot be determined
Table 18 Port Assignments and Availability Status, Listed by Product
Product or Service Assigned Ports and Availability Status
Apache 80
443
Apple* Filing Protocol (AFP) 548
Port Number Assignments 285

103-000133-001
August 29, 2001
Novell Confidential
BorderManagerTM 21
119
443
1040
1045
1959
7070
8080
9090
Common Internet File System (CIFS) 139
CsAudit 2000
DirXMLTM NDS-to-NDS® 8090
DirXML Remote Loader 8000
Domain Name Service (DNS) 53
eGuide 389
636
File Transfer Protocol (FTP) 20
21
GroupWise® Monitor 1099

103-000133-001
August 29, 2001
Novell Confidential
GroupWise Internet Agent (GWIA) 25
110
143
389
636
9850
GroupWise Web Access 80
443
7205
iFolderTM 80
389
443
636
iMonitor 80
iPrint 443
631
Lightweight Directory Access Protocol 389

(LDAP)
636
Line Printer Requester (LPR) 515
Media Server 554
Message Transfer Agent (MTA) 3800
7100
7180

103-000133-001
August 29, 2001
Novell Confidential
NetWare Core ProtocolTM (NCPTM) 524
NetWare Enterprise Web Server 80
443
NetWare File System 20
111
2049
NetWare Graphical User Interface 9000
9001
NetWare/IP (NWIP) 396
NetWare Remote Manager (NRM) 80
81
8008
8009
NetWare Web Access 80
Network Time Protocol (NTP) 123
NLSLRUP.NLM 21571
21572

103-000133-001
August 29, 2001
Novell Confidential
Novell Internet Messaging System 80

(NIMSTM)
81
110
143
389
443
444
636
Novell Modular Authentication 1242

Services (NMASTM)
Portal Services 80
443
8080
Post Office Agent (POA) 1677
2800
7101
7181
Radius 1812
Remote ConsoleTM DOS 2034
Remote Console Java 2034
2036
2037
Server Compatibility Mode Driver 2302

(SCMD)

103-000133-001
August 29, 2001
Novell Confidential
Service Locator Protocol (SLP) 427
Simple Network Management Protocol 161

(SNMP)
Telnet 23
Tomcat 8080
Virtual Private Network (VPN) 213
353
2010
Web Manager 2200
ZenworksTM for Desktops 3 2544
2638
8039
Zenworks for Servers 2 80
443
1229
2037
2544
8008
8009

103-000133-001
August 29, 2001
Novell Confidential
NetWare WebAccess Overview and Installation
Novell
NetWare 6 ®
www.novell.com
N E T WA R E W E B A C C E S S
O V E RV I E W A N D I N S TA L L AT I O N
August 30, 2001

Novell Confidential
Contents
Contents 5
1 Overview 7
2 Installation and Configuration 9
Installing NetWare WebAccess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Installing NetWare WebAccess during the NetWare 6 Installation . . . . . . . . . . . . . . . 10
Installing NetWare WebAccess After the NetWare 6 Installation. . . . . . . . . . . . . . . . 11
NetWare WebAccess Gadgets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
NetWare Web Access Gadget Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Configuring Gadgets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Additional Gadget Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Starting and Using NetWare WebAccess . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Contents 5

103-000142-001
August 30, 2001
Novell Confidential
6 NetWare WebAccess Overview and Installation

103-000142-001
August 30, 2001
Novell Confidential
1 Overview
NetWare® WebAccess is a feature of NetWare 6 that allows network

administrators to easily and quickly set up Web access to network resources
for their users with the skills they already have. Most network administrators
do not need additional training to set up and configure NetWare WebAccess
NetWare WebAccess is a Java* servlet or Java application that is based on
Novell® Portal Services technology. NetWare WebAccess allows network
users to access their most important resources from any computer without the
need for a NetWare or VPN client when used with Novell iChain.
NetWare WebAccess includes the following:
Gives users access to commonly used network resources from a single
Web site
Allows administrators to support mobile work forces that need network
access from a multitude of devices
Works right out of the box without any complicated Web development
required
Eliminates the need for NetWare or VPN client software
Provides several gadgets for accessing critical network resources,
including:
NetStorage (File Access)
Novell iPrint
E-mail and calendaring (GroupWise®, Exchange, Lotus* Notes*,
NIMS, POP3, and IMAP)
Address book that allows users to easily get phone numbers and other
information that is stored in Novell eDirectoryTM.
Gadget for changing passwords
Overview 7

103-000142-001
August 30, 2001
Novell Confidential
Provides a customizable WebAccess page so companies can add their

own logo to the NetWare WebAccess site
Is fully cluster enabled, which means that NetWare WebAccess is built to
work with Novell Cluster ServicesTM and can be running and available 24
hours per day 7 days per week.
Gadgets are easily and centrally managed using the Java-based
ConsoleOneTM utility.

103-000142-001
August 30, 2001
Novell Confidential
2 Installation and Configuration
This chapter describes how to install NetWare® WebAccess during or after the
NetWare 6 installation, how to configure NetWare WebAccess gadgets, and
how to start and use NetWare WebAccess.
Installing NetWare WebAccess

NetWare WebAccess can be installed as an optional component during the
NetWare 6 installation or it can be installed after the NetWare 6 installation. It
is not generally necessary to install NetWareWebAccess on every NetWare 6
server on your network. For most networks, you need NetWare WebAccess
installed on only one server in each eDirectoryTM tree. This might vary
depending on the size of your organization and your organization’s needs.
The NetWare WebAccess installation process automatically does the
following:
Creates a NetWare WebAccess container object in eDirectory in the
context you specify
Installs the software necessary to configure and run NetWare WebAccess
Installs preconfigured gadgets and creates eDirectory objects for those
gadgets in the NetWare WebAccess container
You are given the option during the installation to select which gadgets
you want to enable, and to specify the URL to each gadget.
Installation and Configuration 9

103-000142-001
August 30, 2001
Novell Confidential
System Requirements
If you have met the requirements for NetWare 6 and have NetWare 6 installed,
you have met almost all of the system requirements for NetWare WebAccess.
The following list specifies the system requirements for installing and running
NetWare WebAccess:
At least one NetWare 6 Server in the NDS® tree where NetWare
WebAccess will be installed
A Netscape* Navigator* 4.7 or later or Internet Explorer 5.0 or later
browser
Installing NetWare WebAccess during the NetWare 6 Installation

Complete the following steps to install NetWare WebAccess during the
NetWare 6 installation:
1 Start the NetWare 6 installation and continue through the install until you
get to the screen requiring you to choose either the Express or the Custom
installation.
2 Select the Custom installation option.
You are given the option of installing a new server or upgrading an
existing server. NetWare WebAccess can be installed using either of these
options.
You must select the Custom installation option to install NetWare
WebAccess during the NetWare 6 installation. You cannot install
NetWare WebAccess during an Express installation.
Continue through the installation until you get to the screen that lists the
components that can be installed with NetWare 6.
3 Check the NetWare WebAccess component check box along with the
other components you want installed with NetWare 6, and then click
Next.
Continue to the NetWare WebAccess Setup screen.
4 Specify the eDirectory context where you want the NetWare WebAccess
object created, and then click Next.
You can also browse and select the context.

103-000142-001
August 30, 2001
Novell Confidential
5 Choose which gadgets you want to configure now and which gadgets you
want to configure later by checking or unchecking the check boxes next
to each gadget type. Then click Next and continue through the rest of the
All NetWare WebAccess gadgets are installed automatically when you
install NetWare WebAccess. This screen lets you choose whether to
enable and configure those gadgets now or later. The default is to enable
and configure gadgets later, because during a new server installation the
applications accessed by the gadgets might not have been installed yet. If
you choose to set

Novell Netware 6 Documentation

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Novell Netware 6 Documentation

Hochgeladen von

Copyright:

Verfügbare Formate

NetWare 6 Readme

October 25, 2001

18 Novell Compatibility Mode Driver 63

32 Third-Party Adapters, Drivers, and Applications 101

This document provides information on known issues and limitations for

In this documentation, a greater-than symbol (>) is used to separate actions

This chapter contains general information about the NetWare® 6 release.

The NetWare 6 package consists of the following:

The following core NetWare 6 components are MP-enabled:

Compatibility with Other Novell Products

The following Novell products are compatible with NetWare 6:

 Novell Portal Services 1.0

NetWare 5.1 Products Not Included in NetWare 6

Client DOS Utilities

2 Installation and Upgrade

This chapter contains the following subsections:

Before the Installation or Upgrade

Installation and Upgrade 13

Upgrading NetWare 5 Servers with NDS 7 and NSS Volumes

A NetWare 5 server with NDS® 7 and NSS volumes is inaccessible after

Update NetWare 5 Servers Running NMAS before Installing Novell

NetWare 4.11 Upgrades

NetWare 4.11 requires that Support Pack 8 or later be installed before

Mixed NDS Environments and Synchronization -628 Errors

If your network includes servers running NetWare 5 with NDS eDirectoryTM

Prepare the Schema before Upgrading or Installing

Before you install or upgrade to NetWare 6 on an existing network, make sure

Deployment Manager and specifically complete Step 3: Prepare for NDS

Video Driver for NetWare Deployment Manager on Windows 2000

NetWare Deployment Manager might not run on Windows 2000 computers

Using a Compaq ML530 Computer

Accelerated Upgrade: Removing Unsupported LAN Drivers

Installation and Upgrade 15

During the Installation or Upgrade

Installing from a Bootable CD

Installing Only IPX

Installing IPX after Installing IP Only

Installing a NetWare 5.1 Server into a Tree with a NetWare 6 SDI

If the Security Domain Infrastructure server in the NDSPKI:SD Key Server

Accelerated Upgrade: Installing Apache Web Server

Because NetWare Accelerated Upgrade does not install or update any

Installation and Upgrade 17

After the Installation or Upgrade

The server installation program copies to a startup directory

Status of Old LAN and WAN Files

To Speed Up the Post-Installation Utility

If performance of the post-installation utility and other Java* applications is

Update SMS Components

A new release of Storage Management Services (SMS) is available at the

Agent Installation for GroupWise 6 Replaces LDAP Files Needed by

Installation and Upgrade 19

Installing the NICI Client

NICI 1.5.7 is implemented as a kernel driver, while NICI 2.0.2 is implemented as a

A Client CD containing the NICI client for Microsoft* Windows operating

Running ConsoleOne on the NetWare Server Console

For best performance, we recommend that you install ConsoleOne on a

Losing Connection to ConsoleOne after Cluster

ConsoleOne Is Not Refreshing Properly

With 3D mouse pointer software installed on a machine running ConsoleOne,

ConsoleOne Does Not See the Tree

In a pure IP environment, ConsoleOne does not see the eDirectoryTM tree of

Cache Writes Change from On to Off.

Delay Writes Change from On to Off.

File Cache Level Change from 3 to 0.

Novell Portal Services 1.0

While importing the DHCP configuration, if the subnet address range