------------------------------------------------------------------ NOV-NFS.DOC -- 19980216 -- Email thread on the Network File System ------------------------------------------------------------------ Feel free to add or edit this document and then email it back to faq@jelyon.com Date: Thu, 1 Feb 1996 05:14:57 -0500 From: "Philip R. Reznek" Subject: Re: Reply NFS >>>Does anyone know how I can dedicate a workstation on my novell 3.11 >>>as NFS server. I have Lan Workplace but I think it only has nfs >>>client software. I want to be able to mount drives. >> >>NFS Server? Don't think so, NFS allows remote file systems to be >>treated as tho' they were part of a volume. Client/server deosn't >>apply here, UISM. Can't think of the Novell porduct which allows other >>file systems to mount NetWare volumes, but we use NFS 1.2x to share >>directories w/Solaris 2.34 on Sun Sparc10. > >Were you thinking of Flex/IP? Which is a subset of Novell's full >NFS. But these go in the wrong direction, no? > >Well I've heard of a file called soss31.zip which is supposed to use >a packet driver and create a nfs server out of a PC. Then clients can >mount drives to it. Is flex/IP supposed to give full novell >functionality? Here's a quick review of what I found in my travels. I don't claim any depth or breadth of knowledge or any expertise, just was lucky setting up a few systems. >From Novell for NW file servers: NFS Services (4.x): Exports NW volumes as file system, can mount NFS exported by other systems; these mounts of other systems are seen as NW volumes by NW users, whatever method they happen to be using to access the NW server. NFS 1.2C/Gateway Bundle 1.2 (3.1x): Equivalent services to the 4.1 package. Flex/IP (I was wrong): Provides bidirectional printing services for LPR/LPD environments. PC platforms: There are some shareware NFS servers to be found as you mention. Some of the higher-end PC TCP/IP stack vendors offer NFS servers as part of their packages or as an extra-cost option. Frontier and FTP Software come to mind. Persoft (SmartTerm) now has its own TCP/IP stack and had been prior to that including an FTP client and an FTP server with SmartTerm 4xx. (I know that's not NFS, just threw it in.) And because I made the mistake of mentioning Flex/IP, lets talk about LPR/LPD for a minute. Many stack vendors say they support LPR/LPD, but what they mean is they have LPR and can use LPD on some other machine. FTP Software's OnNet 1.x, 2.x (their previous DOS & Windows packages also had an LPD but not as flexible) actually have an LP Daemon that runs on top of Windows Print Manager (no groans, please) and can accept jobs from LPR over a network and spool and print to all of the printers Windows on a PC can handle. You can manage the queues directly in OnNet's interface or through Print Manager. TCP/IP access from workstations: Novell's varieties of LanWorkplace, requiring a TPC/IP stack on the workstations. Firefox' Novix. LanWorkplace repackaged with a winsock driving IPX. Needs only the NW Client. Uses a NLM on the server to put the IPX packets out as TCP/IP (and into IPX from TCP/IP inbound). Two drawbacks of varying impact: 1) Unless the IPX wire is separate from the TCP/IP wire, traffic can be doubled; 2) Some processing load on the server. One upside is it can be used as a firewall. Central management, can control access to services found on TCP/IP by NW user or user group. Firefox now has lower cost competitor. And this segues right to the original question. If you put up an NFS server on a PC and serve up files from the NW server instead of the PC's disk(s), you're increasing the traffic on the wire. This may not be a problem if not much used or if budget rules. I think the original questioner wanted to provide directories and files from the NW server by running NFS on a PC. Then the answer is to export the directories and files from the PC's drive mappings. ------------------------------ Date: Mon, 4 Mar 1996 15:48:11 -0600 From: Joe Doupnik Subject: Re: NW3.12/NFS1.2c/FDDI problems >Anyone ever wrestle with the below message from NFS1.2c "Product Kernel >Message Screen"? > > PKERNEL-Warning: RPC/UDP receive queues are full, packet dropped > >This seems to have come up once we converted to FDDI (CDDI really). My >first guess is this message is actually a message "returned" from the NFS >client. Why do I believe this? Because increasing packet receive >buffers to maximum has no effect. NW server is all patched up up thru >312pt6 (312pt7 going in tonight) & libup7 & NW NFS patch. > >The FDDI card is ...3COM FDDILink 3C770 UTP EISA... I know there have >been reports of problems posted recently but I couldn't wait 60+ days >for a DEC board! -------- Ah, a classical flow control problem, one most evident in NFS over UDP/IP. The client needs to throttle the server by using smaller receive and send windows, small enough that each response fits into the buffer of your Ethernet adapter, say 4KB or so. On a Unix machine we can do the throttling in the mount command with options rsize and wsize. Be aware that intervening bridges (yes, bridges) and routers may suffer from too many back to back packets also, so keep bursts short for them as well. In the case at hand we do suspect that 3Com Ethernet adapter. I have had no difficulty with NFS over regular 10Mbps Ethernet between my own machines, using NFS for NetWare. Either NE-3200 EISA or even ISA NE-2000 (on a lightly loaded server) work ok. Joe D. ------------------------------ Date: Wed, 27 Mar 1996 10:58:08 -0600 From: Joe Doupnik Subject: Re: Netware NFS/Netware Unix Services 2.1 for Netware 4.1 >>File date/time stamp inconsistencies, zeroes getting appended >>to file names... > >Whoa! I've seen this as well. Usually removing then re-adding NFS name >space to the Netware volume corrects this problem. The strange thing >about the appended zero is; it only appears depending upon which NOS you >happen to access the file under. For example, a file accessed from a >UNIX box that has a zero appended, will look fine on the NW/DOS volume. >AND, if you rename the file under UNIX to the correct name...it will have >an appended zero on the NW/DOS volume. Very odd. (Joe?) > >Anyway, as I said, removing/adding NFS name space usually corrects this. >Just be aware that any extneded file attributes will be lost. We >only use DOS naming conventions so this does not affect us. --------- You called? The answer is simple. DOS filenames are 8.3 case insensitive. Create a Unix file named "index" and DOS sees it as "INDEX". Create another Unix file named "Index" and what's DOS to do? Right, creates DOS name "INDEX0" and then "INDEX1" etc for further name collisions. If you go back and remove "index" the DOS name does not change (nor would changing be a swift idea). I see this all the time because I export a NW volume to a Unix machine using NFS for NetWare v1.2C, and my anonymous ftp archives thus exist under both namespaces. Given lack of thought by file creators these name collisions do occur. You might notice improvments in the Novell archive area to toe the line of 8.3 case insensitivity. In short, "it's a feature." For those looking into the future or who don't reside in the US, at some point filenames will be character set sensitive too and won't look reasonable unless the proper character set is on both creator and viewer ends. MS-DOS Kermit and C Kermit are very much character set sensitive programs and "do the right thing" by international standards on these matters. Unicode is but a stepping stone along that path. Joe D. ------------------------------ Date: Wed, 3 Apr 1996 08:35:00 CST From: Finney Chacko Subject: Re: NFS Services 2.1, HPUX, UPDATE FREQUENCY We have had problems up the wazoo with Nw 4.1, NFS services 2.1, and HPUX. You will also find that the files will zeros appended to them while using the gateway, and that the "shadow files" located in sys:\nfsgw MUST be cleaned out when the server crashes (usually do to the gateway), and the time stamps don't quite correctly get carried over, especially for directories (and daylight savings time). I am interested in your experiences. We have been haggling with Novell San Jose (NFS group) for 1.7 years with very little help, they even cam to our site. Make sure you have NFS197, and there is a LPRGWY patch, and the latest TCPIP.NLM (look at the recommended patch list off of the Web Site for Novell) Anyway the following could help: Our time zone is central standard time. Most of the variables are done through UNICON. The file is sys:etc\nwparams and there is a variable called DIR COMP TIME. setting it to 0 will essentially mean that the gateway always checks with "0"second time intervals. OUR FILE IS SHOWN AS FOLLOWS: [GLOBAL] TIME_ZONE 5:0 US CST + daylight savings STOPFILE sys:system/unistop.ncf STARTFILE sys:system/unistart.ncf SYNC_INTERVAL 60 AUDIT_NETM_LEVEL 0 AUDIT_SCREEN_LEVEL 1 AUDIT_FILE_LEVEL 1 AUDIT_FILE_LIMIT 21000 HIGH_WATER_MARK 80 [NETDB] NDS_LOGIN_MSG 1 WRITELOCALFILES 0 [DISPATCHER] SA 14 dummy.nlm LPRLOAD.NLM /c:LPR_GWY /k:LPR_GWY SA 6 PRADM_SA.NLM PLPD.NLM SA 3 FTPAGT.NLM /i:ftp /la:INETD SA f NFSGWSA.NLM NFSGW.NLM SA e GWAGENT.NLM NFSGW.NLM /k:NFSGWSA,NFSGW SA 13 sa_stat.nlm NFSSERV.NLM /k:SA_STAT,NFSSERV SA 17 sa_admn.nlm NONLM.NLM SA a RARPAGT.NLM RARPSERV.NLM SA 10 dummy.nlm PRLIB,PLPD,STATD,LOCKD,NWPCNFSD /k:NWPCNFSD /ld:NWPCNFSD SA 7 HOSTGAGT.NLM nonlm.nlm SA 18 NAMED.NLM /s SA 12 DUMMY.NLM nonlm.nlm SA d SRVAGT.NLM nonlm.nlm SA 9 USRAGT.NLM nonlm.nlm SA 8 NISDMAG.NLM NISSERV,NISSWDD /la:NISBIND,NISSERV,NISSWDD \ /k:NISSWDD,NISSERV /ld:NISSWDD,NISSERV SA 2 DNSAGENT.NLM NAMED.NLM SA 25 dummy.nlm XCONSOLE.NLM SA 15 sa_lock.nlm STATD,LOCKD /k:SA_LOCK,LOCKD,STATD /ld:STATD,LOCKD [NFSCON] LS "NetWare-to-UNIX Print Gateway" 14 LS "UNIX-to-NetWare Print Server" 6 MF [SERVICES_ROOT][0x6] CA "Print Services" 6 pradm LS "FTP Server" 3 MF [SERVICES_ROOT][0x3] CA "FTP Server" 3 ftpadmin LS "NFS Gateway" e MF [SERVICES_ROOT][0xe] CA "NFS Gateway" e gwadmin LS "NFS Server" 13 LS "RARP Server" a LS "NetWare PCNFS Server" 10 MF [SERVICES_ROOT][0x13] CA "NFS Server" 13 nfsca MF [Configure Server Profile][!1] MF [Manage Hosts][0x7] MF [Manage Hosts][0x12] MF [SERVICES_ROOT][0x20] MF [SERVICES_ROOT][DNS] MF [SERVICES_ROOT][NIS] MF [NIS][0x8] MF [DNS][0x2] MF [Save Master NIS Maps to Text Files][!4] MF [Save DNS Master to Text Files][!5] MF [NIS][Save Master NIS Maps to Text Files] MF [DNS][Save DNS Master to Text Files] MF [Initialize Master NIS Maps][!2] MF [Initialize DNS Master Database][!3] MF [NIS][Initialize Master NIS Maps] MF [DNS][Initialize DNS Master Database] MF [OBJECTS_ROOT][Manage Hosts] MF [OBJECTS_ROOT][0x9] MF [OBJECTS_ROOT][Configure Server Profile] CA "Administer NIS" 8 nisadmm CA "Administer DNS" 2 dnsadmin CA "Hostgroups" 7 hostgadm CA "Manage Groups" 9 nfsuser "group" CA "Manage Users" 9 nfsuser CA "Hosts" 12 confaddr CA "Groups" 9 nfsuser "group" CA "Users" 9 nfsuser LS "XConsole Server" 25 /u \ "XConsole Server failed to load. REMOTE.NLM is required to run this service. You can launch REMOTE by typing 'load remote'." LS "Lock Manager" 15 LS "NIS Server" 8 LS "DNS Server" 2 [NW_NIS] DefaultDomain im sv_im 189.25.51.51 BinderEnable TRUE sv_imed.com 189.25.51.51 sv_db 189.25.51.51 MapRefreshDefault 24:00:00 InterDomainResolution TRUE DBPath SYS:ETC\NIS [LOCK_MANAGER] LM_GRACE 45 [NFSGW] WORK_THREAD_CNT 20 DATA_CACHE_TIME 10 ;Directory Comparison Time changed to 4 FTC CAE 08/09/95 ;DIR_CMP_TIME 0 DIR_CMP_TIME 4 MIN_MEMORY 1024 MAX_MEMORY 8192 NFS_XFER_SIZE 1024 MAX_DIRNOBUF_CNT 0 MAX_SFS_BUF_CNT 0 MIN_SFS_BUF_CNT 0 ATTR_BUF_CNT 0 DIR_BUF_CNT 0 DATA_BUF_CNT 0 BACKGROUND_SYNC 2 ;Background sync variable added 053195 6:04 PM FTC CAE ;NFS_XFER_SIZE 1024 [INSTALL] NFS NWNFS [PRODUCTS] NFS NFS [NFS_SERVER] SNMP_UDP_RCV_Q 90 SNMP_REQ_CACHE 90 SNMP_OPEN_FILE_CACHE 90 CACHE_WRITE_THROUGH 0 AGING_INTERVAL 1 REQUEST_CACHE 256 OPEN_FILE_CACHE 512 NFS_THREADS 3 HIGH_WATER_MARK 80 [FTP_SERVER] GUESTDEF SYS: USERDEF SYS: NAMESPACE DOS LOG_LEVEL 2 LOGIN_RESET 3000 LOGIN_LIMIT 6 INTRUDER_CHECK 1 ANONYMOUS_ACCESS 0 MAX_TIME 400 IDLE_TIME 5 SESSION 10 [PRINT_ADMIN] LPR_GWY_POLLING_TIME 5 LPR_GWY_DIRECT_MODE on LPR_GWY_WRT_CHK_TIME 15 LPR_GWY_CHK_PRT_TIME 30 LPR_GWY_IR_TIME 40 ALWAYS_MAP_TO_DEFAULT_NW_ACCOUNT TRUE DEFAULT_NW_PRINT_ACCOUNT SPOOL_DIRECTORY ADMIN:ETC/LPDSPOOL [NLM_PARAMS] DEFAULT_PRINT_SERVER earth-nw4-unix ------------------------------ Date: Tue, 16 Apr 1996 12:45:08 -0600 From: Joe Doupnik Subject: Re: NetWare NFS 2.0 FTP server >>Whenever anyone ftp's to our ftp server with a GUI ftp client, they get >>dumped into some wierd mode where the unix permissions are displayed >>instead of filenames. I've seen this on other ftp servers I've set up as >>well. If you change to the root directory, then come back to sys:pub, >>the problem fixes itself. > >I am having the same problem, thats why I want to dump it! ------------- Trying to make sense of the above comments... Are you guys saying that you see an equivalent to a Unix "ls -l" command, where file privs, ownership, size, datestamp, filename are shown on one line? Is that your problem? If so please realize it is the CLIENT asking for things that way, and it is the CLIENT deciding what to show on the screen. The ftp protocol provides two listing results: a bare list of filenames without embellishment (used when you say mget to give the client a list of names to choose) and a server-dependent list of filenames and other bookkeeping info (for people). There is no standard on what that fatter listing looks like, and not even all Unix systems look alike. GUI clients are famous for stumbling and falling over these from inadequate attention to detail on reading the results. Novell's ftpserv.nlm provides decent listings but not identical to many Unix systems. Yell at client vendors to get on the stick and fix their products. Joe D. ------------------------------ Date: Thu, 25 Apr 1996 22:21:27 -0700 From: Michael Gaskin To: netw4-l@bgu.edu Subject: NFS for Netware 4.1 Wanted to pass this information on about NFS 2.1 for Netware 4.1: When I went to export print queues for (Unix -> Netware) everything appeared normal in the context where the server with NFS. BUT, when I moved to a differnet context, well, no print queues. Hmmm... I applied the NFS197 patches, still, no print queues. Then, I called Novell. They were a little baffled. The tech also experience the problem. After sitting on hold, we found out that the reasons why the print queues we not showing up was that I only had one replica of NDS on the Netware server which contained NFS. We tested it out by putting a copy of the [root] on the server, and guess what... All the print queues that were in the [root] partition showed up in the list! Novell has logged the problem, and I am sure they will have a fix... Also, you can't export aliased print queues either. Well, that's not true, because Novell provides a knarley utility which you could do it manaually. ------------------------------ Date: Wed, 25 Sep 1996 12:24:46 +0000 From: Eric White Subject: Re: NFS Namespace >There definitely is such a thing as NFS name space. In fact, when I >tried to EXPORT a directory through NFSADMIN, it gave me an error >saying that it could not be exported because the volume did not have >NFS name space. We added it to one of our smaller volumes by typing >ADD NAME SPACE NFS TO volume_name >on the console. However it returned a message saying that xxx amount >of disc space was used for NFS NAME SPACE. I am curious if anyone >knows the calculation for how much space will be used. My apologies, I think I was still asleep when I wrote that - It's been a while since I've worked with NetWare NFS...Oooops, sorry. I don't know of a calculation per se, however you can expect to double the size of your Directory Entry Table for each namespace that is loaded. Presumably, then, if you knew the size of your DET, you could calculate the requirements, but it's a bit like hitting a moving target. For a bit more info, I found this link to a Novell Research Paper: http://www.novell.com/corp/intl/uk/tech/namesp.html >>>2. If we have to add NFS, is there an algorithm to >>>determine how much disc space will be used for the >>>namespace option. We have limited free space on our >>>volumes. ------------------------------ Date: Sat, 19 Oct 1996 17:02:40 +0200 From: Bennie Venter Subject: Novell Print Queues to Linux/Unix Print Queues There are a Linux-based printserver that will service NetWare based print queue's and it is part of ncpfs, the Linux NCP file-system & utilities. It will take a NetWare print job & spool it to a printer attached local on the linux machine using the standard lpd printing system. These are located at ftp://ftp.gwdg.de/pub/linux/misc/ncpfs Amongs others there are: ipxripd - IPX RIP Deamon mars_nwe - Netware file server emulator for Linux (bindery, etc) linware - Another NetWare emulator for Linux docs - some miscellaneous documentation ------------------------------ Date: Sun, 3 Nov 96 23:37:55 CDT From: shippee@tecnet1.jcte.jcs.mil Subject: FAQ submission Floyd, it appears there is some confusion as to whether or not one can run a MESSAGE OF THE DAY or the equivalent with NFS, e.g., Joe D. sayeth: > NFS for NW 3.1x has no motd or equivalent. NFSGateway does. > Joe D. however, If you are using NFS version 2.1 (not the gateway version) and you apply the patch NFS199.EXE, then you can simulate the MOTD by placing a file in sys\etc named banner.ftp ------------------------------ Date: Wed, 11 Dec 1996 10:39:37 +1000 From: Rob Zietzke Subject: Re: Volume sharing between servers >>So the question is there a program available that will allow me to do >>this? We also have a couple NT servers and I have used the NT Gateway >>to Novell to allow multiple people through to one server on one managed >>connection but then this requires a license for NT for everyone that >>goes through the gateway. >>Is there a way I could use NFS to mount a volume from NT on the Novell >>fileservers? Any ideas people have would be greatly appreciated. > >Sure, that's NFS for NetWare ($$$), see the FAQ, too. Another We are now using the NT gateway method, mainly because we have the NT licenses anyway for our applications server. Netware "NFS" only allows netware volumes to be exported _to_ other hosts running NFS, it doesn't allow external NFS mounts. We bought the 5 "user" nfs starter kit, because we only wanted a limited number of Unix logins simultaneously. Unfortunately, the 5 "user" "licence" means 5 _specific_ user names specified in the \etc\nfsusers file. It isn't for any 5 concurrent logins, such as for regular Novell licenses. Frankly, I think we were ripped off. It just didn't occur to me to ask a 'dumb question' because the answer _seemed_ obvious. We live and learn (well, some of us). ------------------------------ Date: Sun, 4 Jan 1998 09:55:19 +0200 From: Mike Glassman - Admin Subject: NFS patch There is a new NFS patch out for all those using NFS under IW4.11. The file is called NFS203.exe and comes with a readme file which explains all the problems fixed in this patch. The file can be found at http://support.novell.com. ------------------------------ Date: Thu, 8 Jan 1998 10:39:59 -0800 From: Chris Stevens Subject: Security Problem in NetWare NFS (fwd) Not sure if this has been discussed before but this is from the BUGTRAQ ListServ: ---------- Forwarded message ---------- Date: Thu, 8 Jan 1998 10:16:44 -0500 From: "Andrew J. Anderson" To: BUGTRAQ@NETSPACE.ORG Subject: NetWare NFS Summary: By using a "feature" of NetWare NFS, root can be compromised on any UNIX host that mounts a user-writable volume exported via NetWare NFS. Details: NetWare NFS is a product made by Novell for NetWare<->UNIX connectivity. There are 4 basic modes of operation on NetWare NFS: 1) NetWare Mode In this mode, traditional NetWare access modes determine files access rights in the NFS name space. 2) NetWare-NFS mode 1 In this mode trustee rights are used to emulate NFS permissions and access modes. 3) NetWare-NFS mode 2 In this mode, both trustee rights and NetWare attributes are used to emulate NFS permissions and access modes. 4) NFS Mode In this mode, no attribute or permissions mapping is done. The problem is with NetWare-NFS mode 1 and 2. Novell decided on some interesting ways to 'emulate' UNIX's permission scheme. The problem is that they do not perform the same sanity checks that UNIX does when making these emulations work. OK, enough setup...here's the problem: One of the challenges Novell faced is how to map the "Read Only" flag from NetWare's permission bits to the UNIX permissions. Some versions of UNIX will allow a user to overwrite a file even if it is chmod'ed to 444. NetWare will not allow a file to be written to at all if it is flagged "Read Only", thus they decided that the best way to make this happen under UNIX was to change the ownership of the file to root. Bad, bad, bad idea. Very bad idea. Thus all one needs to do is to copy a binary from the UNIX system into the NetWare NFS area, make the binary SUID, and then go to a NetWare client and flag it "Read Only". Boom SUID root binary. Novell has been aware of this for several months. They have been working on a fix for this, but according to the NetWare people that I work with it "doesn't work". I haven't been able to get more than this out of them...they don't seem to like me too much lately. :) Incidentally, this was discovered while copying files from a CD into a user's home directory. Since the CD is a read-only media, windows 95 decided to set the "Read-Only" flag on those files in the NetWare home directory. This caused the user to not only not own the files he had just copied but also lose ownership of the directory those files were in. Andrew Anderson ------------------------------ Date: Fri, 9 Jan 1998 13:05:34 +0800 From: Leonard Holling Subject: Re: NFS Gateway and Long File Names >I have setup the NFS gateway 2.12 on a 4.11 server and have mounted a >UNIX directory as a Netware volume all successfully,,, > >My problem is that the mounted volume appears only to support long >file names, only a DOS format. > >Does anyone know of a way to have long file name support using the >gateway ? Under NFS Services v2.12 it only supports 8.3 format. To gain long filename support for the NFS NetWare mounted volumes you need to upgrade / purchase the new NFS Services v2.3 which as a major new improvement supports long filenames. ------------------------------ Date: Tue, 13 Jan 1998 11:22:55 +1300 From: "Baird, John" Subject: Re: FYI: Limitation of copying 4.11 partitions with ARCserv >I think I'm missing a concept here. How are files "owned by" a name >space? Every file and directory is "owned" by a name space and this is the name space in which the file was created. You can identify the owning name space using NDIR. It will display 'o' after the file or dir name for long (os/2) entries, 'm' for Mac files and 'u' for NFS files. The primary function that comes to mind for the owning name space is to determine how the file should be copied e.g. if the owning name space is "Mac" then the file may have a resource fork, and there may be finder information in its Mac directory entry to be transferred. ------------------------------ Date: Mon, 16 Feb 1998 15:04:00 -0700 From: Joe Doupnik Subject: Re: Creating Unix users in NWS 3.1 >I have been on this for some time with no success. The problem I am >facing is that all my docs refer to NWS 2.x and I am running 3.1 >Here is as far as I can get. > >Load Unicon >Select Manage Global Objects >Select Manage Users > >Use filtering objects >By Netware Name > >I get a screen with Netware user on the left and nothing on the right >under unix users. makes sense I have created no unix users at this >time. > >The docs say here press insert >select unix and press enter > >When I press insert I get a list of nds users, there is no unix to >select. > >I have played from here, but have never been able to create a >matching unix/nds user? > >Does anyone know how to proceed from here? ------- Just go create some Unix usernames and ids. In principle they should be the values found on a Unix machine. I say "a" because that's the way this thing is designed. If you find this all to be maddenly confusing rest assured folks have been there before, over a year ago, and the approach was declared unsuitable. Nevertheless, NFS expects this kind of nonsense. Joe D. ------------------------------