==Phrack Inc.== Volume Three, Issue Thirty-five, File 8 of 13 +=========================================================================+ A Beginners Guide to Novell Netware 386 Brought to you by: The Butler +=========================================================================+ As most of you know NOVELL is the most popular PC network software around,with that being the case I decided to put together a little file on just what you can do with a NOVELL network. * The information in this file is primarily for NOVELL NETWARE 386 networks!!! If you have NOVELL NETWARE 286 some of this information may not be correct. When the word "Network" is mentioned in this file I am referring to a PC-based network or LAN (Local Area Network). If you are not familiar with the concept of a "Network" I would suggest you first get acquainted with it by either picking up a good book or if you have access to one, go exploring. This file is for those who have some experience with networks and or the concept of a network. (----------------------------------------------------------------------------) Variations in Setups: Every network is setup differently is some way. Even within the same company two different networks may be setup different. The differences may be slight or major and can consist of everything from menus to naming conventions. Companies that install networks as a business are inconsistent with their setups also because every network technician does things differently and every customer wants things to be a certain way. Keep this idea in mind when exploring different networks because most likely the setup will be different from network to network. (----------------------------------------------------------------------------) Terminology: Bindery-- A database that contains definitions of entities such as users groups, and workgroups. The bindery is comprised of three components: objects, properties, and property data sets. Console-- The monitor and keyboard at which you actually control fileserver activity. File Server-- The Computer that the Network software, applications, and some data reside on. (Usually a very powerful one, i.e. Compaq 486 with 1 gigabyte of storage). Groups-- A means of dealing with users collectively rather than individually. i.e. Word Processing, Accounting. LAN-- Local Area Network Login Script-- Similar to autoexec.bat, contains commands that initialize environmental variables, map network drives, and control the user's program execution. Netware-- Novell's Network Operating System. Netwire-- Novell's on-line information service, accessible via Compuserve. Network-- A group of computers that can communicate with each other. NIC-- Network Interface Card Novell-- Software Manufacturer Objects-- any physical or logical entities, including users, user groups, workgroups, file servers, print servers, or any other entity that has been given a name. Print Server-- A computer dedicated to controlling all jobs for a specified printer. Properties-- the characteristics of each bindery object. Passwords, account restrictions, account balances, internetwork addresses, list of authorized clients, and group members are all properties. Property Data Sets-- the values assigned to an entity's bindery properties. Rights-- Rights control which directories and files a user or group can access and what the user or group is allowed to do with those directories and files. User-- Any person allowed to work on the network. WAN-- Wide Area Network Workstation-- Any usable computer connected to a network. (----------------------------------------------------------------------------) Netware Environment: The SYS:SYSTEM directory is used for system administration and contains operating system files, NetWare utilities, and programs reserved for SUPERVISOR. The SYS:PUBLIC directory is used for general access and contains NetWare utilities and programs for regular network users. The SYS:LOGIN directory contains the programs necessary for logging in. The SYS:MAIL directory is used by NetWare-compatible mail programs. This directory also has and ID number subdirectory for each user that contains the user login script and print job configurations. (----------------------------------------------------------------------------) Breaches in Security: Set Allow Unencrypted Passwords=on/off. Enter this command from the "CONSOLE". By changing this command you will disable the encryption scheme which will then allow you to sniff passwords from the cables between workstations and servers. By default Netware comes with usernames GUEST and SUPERVISOR that have no passwords. Also try names like TAPE, BACKUP, SERVER, REMOTE, CONNECT, NOVELL, etc... If you have access to an existing account use SYSCON to get a list of all the user names, most likely there will be one or two accounts that don't have passwords. Also on some of these accounts that do not have passwords, part of their logon process is the execution of a batch file that executes the individual software i.e. backup. A batch file is a batch file so if its not disabled do the old CTRL-C to break out of the batch file and roam around. Some accounts like the backup account must have supervisor rights so that everything can be backed up. So if you can break out of one of these you can roam the whole Network. There are also a few neat little programs out there in cyberspace that will make your task of getting access a little easier: 1. THIEFNOV.ZIP ===> THIEFNOV is a TSR that will capture usernames and passwords from a workstation on Novell Networks. The Thief works by hiding in a user's autoexec.bat file, and executing every time someone tries to login to the network. The Thief captures their username and password and saves them in a hidden file in the root directory of their C: drive. 2. TEMPSUP.ZIP ====> TEMPSUP is a utility that will create a user for you to play with. TEMPSUP comes with two programs, an executable and a NLM module. The executable can be run by any user with access to DOS but only gives you the rights of that user. But, the NLM module can be loaded at the Console and will give you Supervisor Rights to the whole Network. The syntax is "Tempsup_username to be created" i.e. f:> tempsup hacker . 3. NETCRACK.ZIP ===> NETCRACK is a brute force hacking program designed for Novell. NETCRACK can be run with out login in to the network but by just loading ipx and netx. NETCRACK starts with AAA and goes from there trying to guess the password for any user. The syntax is "netcrack_username . These are the only programs I know of made especially for Novell and I have personally tried them all out with excellent results. If you do get access to a Novell Network and you are not sure what to do, then go to the F:\PUBLIC directory and type HELP. Novell comes with an online help system that uses FOLIO Infobases. The HELP system is very easy to navigate through and is better that the actual Novell Manuals. You can even download the programs NFOLIO.COM & NFOLIO.EXE and the infobases *.NFO to your local PC to examine further. If you are using the brute force hacking method Novell will stop you dead in your tracks if the Intruder Detection/Lockout option has been enabled because after 3 unsuccessful login attempts the account is locked until a supervisor resets it. Intruder Detection/Lockout options are as follows: Detect Intruders: Yes/No Intruder Detection Threshold Incorrect Login Attempts: # Bad Login Count Retention Time: # Days # Hours # Minutes Lock Account After Detection: Yes/No Length of Account Lockout: # Days # Hours # Minutes The following restrictions are optional for every user account: Account Disabled: Yes/No Account Has Expiration Date: Yes/No Date Account Expires: Limit Concurrent Connections: Yes/No Maximum Connections: Allow User To Change Password Yes/No Require Password: Yes/No Minimum Password Length: Force Periodic Password Changes: Yes/No Days Between Forced Changes: Date Password Expires: Limit Grace Logins: Yes/No Grace Logins Allowed: Remaining Grace Logins: Require Unique Passwords: Yes/No Novell can also be setup so that users can only logon during certain hours, i.e. 8 a.m. - 5 p.m. Monday thru Friday. Trustee Assignments grant rights to specific users (or groups) that allow them to use a file or directory in particular ways (i.e., only for reading) The network supervisor can select the appropriate rights to assign to users or groups in each directory or file. A trustee assignment automatically grants users the right to see to the root of a directory. However, the users can't see any of the subdirectories unless they also have been granted rights in the subdirectories. Inherited Rights Masks are given to each file and directory when they are created. The default Inherited Rights Mask includes all rights. But this does not mean that users have all rights; users can only use rights that they been granted in trustee assignments. If the Inherited Rights Mask is modified for a file or subdirectory below the original trustee assignment, the only rights the user can "inherit" for the file or subdirectory are rights that are allowed by the Inherited Rights Mask. For example, if a user is granted Read right with a directory trustee assignment, the right to read files in a subdirectory could be revoked by having the Read right removed from the subdirectory's Inherited Rights Mask. Both trustee assignments and Inherited Rights Masks use the same eight trustee rights to control access to directories and file. S -- Supervisory Supervisory right grants all rights to the directory or file. At the directory level, this right grants all rights to the directory and to any files, subdirectories, or subdirectory files in that directory. The Supervisory right overrides any restrictions placed on subdirs or files with Inherited Rights Masks. Users who have the Supervisory right in a directory can grant other users Supervisory rights to the directory, its files, and subdirectories. Once the Supervisory right has been granted, it can be revoked only from the directory is was granted to. It cannot be revoked in a file or subdirectory. R -- Read Read right allows users to open and read files. At the directory level this right allows users to open files in a directory and read the contents or run the program. At the file level, this right allows users to open and read the file (even when the right has been revoked at the directory level). W -- Write Write right allows users to write to files. At the directory level, this right allows users to open and write to (modify the contents of) file in the directory. At the file level, this right allows users to open and write to the file (even if the right has been revoked at the directory level). C -- Create Create right allows users to create directories and files. At the directory level, this right allows users to create files and subdirectories in the directory. At the file level, this right allows users to salvage a file after it has been deleted. E -- Erase Erase right allows users to delete directories and files. At the directory level, this right allows users to delete a directory as well as any files, subdirectories, and subdirectory files in that directory. At the file level, this right allows users to delete the file (even when the right has been revoked at the directory level). M -- Modify Modify right allows users to change directory and file attribute sand to rename subdirectories and files. At the directory level, this right allows users to change the attributes of and rename any file, subdir, or subdirectory file in that directory. At the file level, this right allows users to change the file's attributes or to rename the file (even when the right has been revoked at the directory level). F -- File Scan File Scan right allows users to see files. At the directory level, this right allows users to see files and subdirectories in a directory. At the file level, this right allows users to see the file (even when the right has been revoked at the directory level). A -- Access Control Access Control right allows users to modify trustee assignments and Inherited Rights Masks. (----------------------------------------------------------------------------) As a network user, you should be familiar with the operation of the personal computer you are using. If you have an IBM PC-type workstation, you should also be familiar with basic Disk Operating System (DOS) commands. User Basics is divided into the following ten sections. The first section explains basic networking concepts and gives an overview of how a NetWare network operates. The second section introduces the NetWare menu and command line utilities and explains how to use them. The next seven sections explain some basic network tasks: o Booting up o Logging in and out o Creating your login script o Mapping your drives o Sending messages o Managing files and directories o Printing Some basic troubleshooting hints are covered under "What If ..." at the end of each of these modules and are also listed in the index. The last section lists some common error messages and how to respond to them. This booklet does not explain how to perform every network task or how to use every available network command. For complete explanations of all network tasks and commands, see NetWare v3.11 Utilities Reference. INTRODUCTION TO NETWARE If your personal computer is part of a NetWare network, it is connected to other computers and peripherals. You can share files and resources and communicate with others in your workgroup, thus increasing productivity. This introduction answers the following questions about using a NetWare network: o What is a NetWare network? o How does a network operate? o How are files stored on a network? o Who can use the network? o How is information protected on a network? WHAT IS A NETWARE NETWORK? A NetWare network is a group of computers (such as IBM PCs or Macintoshes) that are linked together so they can communicate and share resources. Network users, each working on a different personal computer, can communicate with each other via the network. They can also share network resources (hard disks on the file server, data, applications, and printers) and use any service the network provides (for example, access to a mainframe system). HOW DOES A NETWORK OPERATE? To understand how a network operates, you must know about the principal components of a network: the file server, the workstations, and the software that runs on each----NetWare and operating systems like DOS, OS/2, VMS, UNIX, and the Macintosh operating system. Beyond these basic components, a NetWare network can incorporate mainframe computers, backup devices, modem pools, and different types of servers (such as file servers, print servers, or archive servers). The Network Workstations and DOS Workstations are the personal computers on which network users do their work. Workstations are used much like non-networked personal computers. The only difference is that they can access files from more than just the local drives. Each workstation processes its own files and uses its own copy of DOS. The Network File Server and NetWare The file server is a personal computer that uses the NetWare operating system to control the network. The file server coordinates all of the workstations and regulates the way they share network resources. It regulates who can access which files, who can make changes to data, and who can use the printer first. All network files are stored on a hard disk in or attached to the file server, instead of on diskettes or hard disks in individual workstations. The NetWare Workstation Workstations use two pieces of software to communicate with the file server, the shell and a protocol. The shell must be loaded into each workstation before that workstation can function on the network. The NetWare shell, either NET3 or NET4 (depending on whether you are using DOS 3.x or 4.x), directs workstation requests to DOS or NetWare. When a workstation makes a request (asks to do a task), the shell decides if it is a workstation task (to be directed to DOS) or a network task (to be directed to NetWare). If the request is a workstation task (such as using the DOS DIR command to list the files in a local directory), DOS should handle the request. If the request is a network task (such as printing a job on a network printer), NetWare should handle the request. The shell sends the request to the appropriate operating system, somewhat like a railroad track switcher sends trains to the proper destination. The workstation shell uses another file, IPX.COM, to send network messages to the file server and, in some cases, directly to other network stations. This IPX protocol is the language the workstation uses to communicate with the file server. HOW ARE FILES STORED ON A NETWORK? All network information is stored on the file server's hard disk. The system for storing that information is called the "directory structure." The NetWare directory structure, or storage system, is organized into o File servers, which contain one or more o Volumes, which can span several hard disks and are divided into o Directories, which can contain other directories (subdirectories) and o Files. A directory structure can be compared to a filing cabinet system. o The file server corresponds to the filing cabinet. o The volumes correspond to the filing cabinet drawers. Each file server has at least one volume, the SYS volume, which is created when the server is installed. In NetWare v3.11, however, one volume can span several hard disks. o The directories correspond to the hanging folders within the filing cabinet drawers. You can create and delete directories to suit your organizational needs, much as you insert hanging folders into, and remove them from, a filing cabinet. o Directories can contain other directories, which are sometimes referred to as "subdirectories. These directories within a directory then correspond to the manila folders inside the hanging folders. They divide directories into smaller units, just as manila folders divide hanging folders into smaller units. o And finally, directories contain actual files, just as manila folders contain individual documents. A file might be a letter or a list of addresses. When you save information in a file, you give the file a unique name so you can retrieve it later. WHO CAN USE THE NETWORK? Before being able to work on the network, a person must be designated as a network user. Network users can be assigned four levels of responsibility on the network. o Regular network users o Operators (file server console operators, print queue operators, print server operators) o Managers (workgroup managers, user account managers) o Network supervisors Regular network users are the people who work on the network. They can run applications and work with files according to the rights assigned to them. Operators are regular network users who have been assigned additional privileges. For example, a file server console operator is a network user who is given specific rights to use the FCONSOLE utility. Managers are users who have been given responsibility for creating and/or managing other users. Workgroup managers can create and manage users; user account managers can manage, but not create, users. Managers function as supervisors over a particular group, but they do not have supervisor equivalence. Network supervisors are responsible for the smooth operation of the whole network. Network supervisors maintain the system, restructuring and updating it as needed. Supervisors may also teach regular network users how to use the network. HOW IS INFORMATION PROTECTED ON A NETWORK? All information on a NetWare network is stored in a central location---the file server's hard disk. However, all users should not be able to access all information (such as payroll files). In addition, users should not always be able to access the same data file at the same time; otherwise, they may overwrite each other's work. To prevent problems like these, NetWare provides an extensive security system to protect the data on the network. NetWare security consists of a combination of the following: o Login security Login security includes creating usernames and passwords and imposing station, time, and account restrictions on users. o Trustee rights (privileges) assigned to users Trustee rights control which directories and files a user can access and what the user is allowed to do with those directories and files, such as creating, reading, erasing, or writing to them. o Attributes assigned to directories and files Directory and file attributes determine whether that directory or file can be deleted, copied, viewed, or written to. Among other things, they also mark a file as shareable or non-shareable. These three levels of security work together to protect the network from unauthorized access. REVIEW This introduction explained the following: o A NetWare network links personal computers so users can communicate and share resources. o A NetWare network consists of two or more workstations and at least one file server. Workstations are personal computers on which network users do their work. Workstations run their own native operating system (for example, DOS) and process their own files. They can access files, applications, and resources through the file server. File servers are personal computers that use the NetWare operating system to coordinate all network activities. o Workstations and the file server communicate via the NetWare shell, which must be loaded into each workstation (just as DOS must be loaded into each workstation). NET3 or NET4 (the NetWare shells corresponding to DOS 3.x or 4.x) sends workstation requests to the proper operating system (file server or workstation) for processing. o The shell uses a protocol, such as IPX, to send messages to the appropriate network station. o Information is stored on the file server in a directory structure that is made up of volumes, directories, and files. o There are four types of network users: regular network users, network operators, network managers, and network supervisors. The type of user you are is determined by your responsibilities. o NetWare's extensive security system prevents users from corrupting data in network files and prevents unauthorized users from accessing restricted files. WHAT ARE MENU AND COMMAND LINE UTILITIES? You use NetWare utilities to perform network tasks. There are two types of utilities: menu utilities and command line utilities. Menu utilities let you perform network tasks by choosing options from menus. Command line utilities let you perform tasks by typing commands at the DOS command line. This section explains how to execute both types of NetWare utilities. WORK WITH MENU UTILITIES Access a Menu Utility To access a menu utility, such as FILER, type the utility's name at the DOS prompt and press . The utility's main menu is displayed along with a screen header showing the following: o The utility's full name o The current date and time o The directory path leading up to your current directory (some utilities) o Your username on your file server (some utilities) o Your connection number (some utilities) Exit a Menu Utility There are two ways to exit a menu utility: o Press until an exit confirmation box appears. Then highlight "Yes" and press . o Press the Exit key (usually ). Do not press the Exit key to exit a menu utility if you have made changes within the utility; if you do, the changes are not saved. Exiting via the Escape key saves your changes. Additional Information Once you have accessed a menu utility and the main menu is displayed, you are ready to work. Menu utilities use certain keys to perform special functions. The utilities also have certain standard components. The keys, wildcards, and components are described below. F1 (Help) Key. Displays help screens. If you press the help screen once, a help screen that applies to the task you are currently working on appears. The help screen describes all the options on the screen. To get help on a specific option, highlight the option and press . If you press the Help key twice, your computer's function key assignments are listed. There are three screens containing function key assignments. Press the key to see subsequent screens. F5 (Mark) Key. Allows you to mark multiple items in a list so you can add or delete several items at once. Esc (Escape) Key. Has three functions: 1) If you are on a menu screen, pressing allows you to return to a previous menu. 2) If you are at the main menu, pressing causes an exit confirmation box to appear. By highlighting "Yes" and pressing , you exit the menu utility and return to the menu or command line prompt. 3) If you are performing a process, pressing allows you to continue. Wildcard characters (* and ?). DOS and NetWare recognize these as universal replacements for any other character or set of characters. Wildcards can be used to search for groups of volumes, directories, or files, or they can be used to search for a particular file when you are unsure of its complete name. An asterisk (*) in a filename indicates that any character can occupy that position and all remaining positions in the filename. For example, in the FILER utility, to copy all subdirectory's files with the extension .EXE to another directory, type "*.EXE" in the menu's entry box and press . In contrast, a question mark (?) in a filename indicates that any character can occupy that position, and that position only. So, if you were to type "ACCOUNT?.NEW", you would copy files like ACCOUNT1.NEW, ACCOUNT2.NEW, and so on. NetWare's use of wildcard characters differs from DOS's in one respect. For example, to represent all files in a directory, DOS expects you to type "*.*", whereas NetWare only needs one asterisk (*). For more information about wildcard characters (global filename characters), see your DOS manual. Components. When you first access a menu utility, the main menu is displayed. Menus contain options you can choose from. Options can be selected one of two ways: o You can use the arrow keys to highlight the option you want. Then press . o You can type the first letter of an option to highlight that option. If more than one option in the menu starts with the same letter(s), type enough additional letters to distinguish one option from the others. (For example, if both "Search" and "Select" were options, you would have to type "Sel" to highlight "Select.") Once the option you want is highlighted, press . When you select an option from the main menu, additional menus and displays appear on the screen. These displays include lists, entry boxes, insets, forms, and confirmation boxes. Each type of screen display is explained below. Lists Lists are similar to menus, and items in the lists can be selected the same way menu options are. However, you can also add to and delete items from some lists. Lists may have more than one column, and they may extend below the screen display. Press the Down-arrow key to see additional items. Pressing takes you to the bottom of the list. Pressing takes you to the top of the list. Entry boxes Entry boxes are boxes in which you can get information, such as a username or pathname. The Delete, Backspace, and arrow keys work in these boxes. Insets Insets display information that cannot be edited (except by the network supervisor). Regular users cannot add to or delete from the information in this window. Forms Forms are windows that contain fields. You can move around in a form using the arrow keys or the Enter key. (When you press , the cursor moves to the next field in the form.) You can change the information in the field by highlighting the field and pressing . What you do next depends on the type of field. Some fields allow you to type in information; others display menu items to select. Confirmation boxes Confirmation boxes are displayed whenever you exit a menu utility or whenever you create or delete items (such as directories or files). You can either confirm or cancel the action by selecting "Yes" or "No" and pressing . WORK WITH COMMAND LINE UTILITIES Command Format The command format displays the appropriate syntax for command line utilities. Command line utilities are typed in at the DOS prompt. The following are examples of the command formats for the NPRINT and the TLIST utilities: NPRINT path [option...] TLIST [path [USERS | GROUPS]] Conventions The conventions for these example command formats are explained below: NPRINT Words that appear in all capital letters must be spelled exactly as shown. Although they appear in capital letters, they can be typed in either upper or lower case. path Words that appear in lower case are variables. They should be replaced with the information pertinent to your task. In this case, "path" would be replaced with the path leading to and including the file you want to indicate, and you would replace "option" with any NPRINT options you want to specify. [ ] Square brackets indicate that the enclosed item is optional: you can enter a command with or without the enclosed item. In this case, "option" is optional. .... Ellipses indicate that more than one option can be used with the command. In this case, more than one NPRINT option can be entered in the command. The angle brackets indicate that you should press the key whose name appears between them. Always press after typing the command format for command line utilities. [[ ]] Nested square brackets indicate that all enclosed items are optional. However, if you use the item(s) within the innermost brackets, you must also use the item(s) within the outer brackets. | A vertical bar or "pipe" means "either, or." You can use either the item to the left of the vertical bar or the item to the right, but not both. Wildcard Characters DOS and NetWare recognize wildcard characters (* and ?) as universal replacements for any other character or set of characters. Wildcards can be used to search for groups of volumes, directories, or files, or to search for a particular file when you are unsure of its complete name. An asterisk (*) in a filename indicates that any character can occupy that position and all remaining positions in the filename. For example, to search for all filenames with the extension .EXE in your default directory, type "NDIR *.EXE" and press to display the list. In contrast, a question mark (?) in a filename indicates that any character can occupy that position, and that position only. So, if you were to type "NDIR *.?", you would see a list of all files in your default directory with a single-character extension or no extension at all. NetWare's use of wildcard characters differs from DOS's in one respect. For example, to represent all files in a directory, DOS expects you to type "*.*", whereas NetWare only needs one asterisk (*). For more information about wildcard characters (global filename characters), see your DOS manual. GET HELP IN NETWARE Use the NetWare HELP utility to view on-line information about NetWare utilities, NetWare system messages, and NetWare concepts. NetWare HELP allows you to search for and retrieve information from infobases (information databases). To access HELP, type HELP Press again to bring up the main menu. For more information on how to use NetWare HELP, press the Tab key until you get to "How to use this reference." Then press . BOOT UP To "boot up" your workstation means to turn on your computer, load DOS, and then load the workstation shell. You accomplish all of this with a boot diskette, or you can put the necessary boot files on your workstation's hard disk. These boot files start up the workstation operating system, load the NetWare shell, and gain access to the network. Create Boot Diskettes 1. Format a blank diskette as a boot diskette, using the DOS FORMAT command. Insert a diskette into drive A and type Format a: /s Follow the screen prompts. 2. Copy IPX.COM and the shell file (NETx.COM) onto the boot diskette or to the root directory of your workstation's hard disk. If your workstation uses DOS 3.x, use NET3.COM. If your workstation uses DOS 4.x, use NET4.COM. 3. Copy these following additional boot files to the boot diskette or your hard disk, if needed. Your network supervisor can provide you with these files: AUTOEXEC.BAT CONFIG.SYS SHELL.CFG See also "Boot files" in NetWare v3.11 Concepts and Appendix A in NetWare v3.11 Installation. 4. Label the boot diskette. Create an AUTOEXEC.BAT File You can create an AUTOEXEC.BAT file that automatically loads the shell file each time you boot the workstation. This AUTOEXEC.BAT file can also set your workstation to the first network drive (F), connect you (user MARIA) to a file server (WONDER), and set your DOS prompt to show your current directory (PROMPT $P$G). Follow these steps to create your AUTOEXEC.BAT file: 1. Insert your boot diskette into drive A and change to drive A. If you plan to boot from your hard disk, change to your hard disk drive (C or D). 2. If you are using DOS 4.x, type COPY CON AUTOEXEC.BAT IPX NET4 F: LOGIN WONDER/MARIA PROMPT $P$G Z If you are using DOS 3.x, replace NET4 with NET3. LOGIN/LOGOUT When you log in to a network, you establish a connection between your workstation and the file server. When you log out, you terminate that connection. To log in to the network, you must type in a unique password. If there were no password, other unauthorized users could easily get to your files and use them for their purposes. Log In to Your Network To log in to your default server, type LOGIN servername/username Replace servername with the name of the file server you want to log in to. Replace username with your login name and (if applicable) type your password when you are prompted for it. Log Out of Your Network To log out of your default server, type LOGOUT To log out of a file server you are attached to, type LOGOUT servername Attach to Another File Server Attach to another file server if you want to do the following: o Send messages to users on that file server o Map a drive to that file server o Copy a directory to that file server To access another file server while remaining logged in to your default file server, type ATTACH servername/username Replace servername with the name of the server you want to attach to. Replace username with the username you have been assigned to use on that file server. Create or Change a Password 1. To create or change a password on your default server, type SETPASS The following prompt appears on the screen: Enter your old password: 2. If you are changing a password, enter the old password. If you are creating a new password, press . The following prompt appears on your screen: Enter your new password: 3. Enter the password you want. The following prompt appears: Retype your new password: 4. Enter the new password again. The following message appears on your screen: Your password has been changed. View Who You Are on Your Network Type WHOAMI Information similar to the following is displayed: You are user FRANK attached to server MKTG, connection 1 Server MKTG is running NetWare v3.11. Login time: Wednesday October 2, 1991 8:05 am You are user GUEST attached to server ACCT, connection 7 Server ACCT is running NetWare v3.11. Login time: Wednesday, October 2, 1991 8:05 am This screen display indicates that you are attached to both file servers MKTG and ACCT. Your username on MKTG is FRANK, and your username on ACCT is GUEST. View File Servers on Your Network Type SLIST Information similar to the following appears: Known NetWare File Servers Network Node Address -------------------------- ------- ------------ RECORDS [CED88] [2608C234732] SALES [CED87] [2608C217651] MFG [CED86] [2608C293185] View Current Users on Your File Server You must be attached to a file server before you can view the list of users for that file server. Type USERLIST Information similar to the following appears: User Information for Server BLOOM Connection User Name Login Time ---------- --------- ------------------ 1 JOE 4-17-1991 8:05 am 2 *CORRINE 4-17-1991 11:20 am 3 PAULO 4-17-1991 7:58 am 4 GUS 4-17-1991 6:01 pm An asterisk (*) appears next to your username. What If ... .... I can't log in? o Your password may have expired or you may have run out of grace logins. Your supervisor or manager has to unlock your account. o You haven't changed to the network login drive (F). o The LOGIN.EXE file is missing. o Your shell may be outdated. Type NVER Report the version number to your supervisor. o Your network board may not be seated correctly. o Your file server may be down. Type SLIST If your file server is listed, log in by typing LOGIN servername/username o You may be restricted from logging in during certain times. Ask the network supervisor. .... My screen is frozen? o Your supervisor should run the MONITOR utility and clear your connection. This saves the work you were doing. Then complete one of the two following tasks: o To warm boot, press simultaneously. o To cold boot, turn the computer OFF, wait 15 seconds, and then turn it ON again. o Your network cable may not be connected or terminated properly. Notify your supervisor. o Your node (or station) address may be in conflict with another workstation. See if new workstations have been added to your network. o You may have the wrong IPX configuration. Ask your supervisor. o You may have received a message while in graphics mode. Disable messages before entering graphics mode by typing CASTOFF CREATE YOUR LOGIN SCRIPT Your login script is a program that automatically sets up your workstation's environment each time you log in. It performs tasks such as mapping network drives for you, automatically executing programs and starting applications, and attaching you to different file servers. This section introduces some basic login script commands. To access your login script, follow these steps: 1. Type SYSCON 2. Select "User Information" from the main menu. 3. Select your user name from the list of users that appears. 4. Select "Login Script." 5. Enter the commands you need in your login script. Some common commands are listed under "Common Login Script Commands" below. 6. Exit and save the login script by pressing and answering "Yes" in the confirmation box. 7. To execute your new login script, you must first log out of the network, and then log in again. Common Login Script Commands The commands below can be used in your login script. Each command is followed by its purpose and an example of how to use it. MAP INS16:= Inserts the drive as the next available search drive. MAP INS16:=pd3\sys:jan MAP drive:= Maps the specified drive to the given directory. MAP G:=pd3\sys:home\jan MAP *n:= Maps the next available drive to the given directory. MAP *1:=pd3\sys:home\jan # Runs an executable file (a file with an .EXE or .COM extension). #SYSCON REMARK These three commands allow you to insert explanatory text in * the login script. They will not appear on your screen. ; REMARK Be sure to update the PROJECTS file. * Check for new mail. ; Assign OS-dependent Search mappings. ATTACH Allows you to attach to other file servers while remaining logged in to your current file server. ATTACH pd3\jan SET Allows you to set DOS variables. SET wp="/u-jlw/" SET usr="jwilson" IF...THEN Executes certain commands, if a specified condition exists. IF DAY_OF_WEEK="Monday" THEN WRITE "AARGH..." What If ... .... My login script doesn't execute all the way? o You may have inserted an EXIT command to a batch file in the middle of your login script. Anything after the EXIT command is ignored. Move the EXIT command to the end of your login script. o An IF...THEN clause in your login script may be incomplete or incorrect. Check the proper command format in Appendix A of NetWare v3.11 Installation. .... I am unable to map a drive to another file server? The file server you want to map a drive to may be down. To check whether the file server is up, type SLIST .... I add some mapped drives to my login script and some I wanted are gone? The system login script executes before the user login script. You can overwrite the mapped drives in the system login script with those in your user login script. Instead of using the command "map drive:=", use the command "map ins 16:=" or "map *1:=". (Remember: You can have only 26 drive mappings.) VIEW OR CREATE YOUR MAPPED DRIVES Mapped drives point to particular locations in the directory structure. In NetWare, there are three type of drives: local drives, network drives, and search drives. Local drives are physically attached to a workstation. Network drives allow users to access particular locations in the directory structure. Search drives allow users to execute program files (such as applications or utilities) that are in a directory other than the user's current directory. For more information, see "Drive mappings" in NetWare v3.11 Concepts. This section tells you how to do the following: o View all mappings o Map network drives o Map search drives View All Mapped Drives Type MAP You see information similar to the following: DRIVE A: maps to a local drive DRIVE B: maps to a local drive DRIVE F:= COUNT/SYS: /HOME/KAREN DRIVE G:= COUNT/SYS: / DRIVE H:= COUNT/ACCT: /ACCDATA ------- SEARCH1:=Z: [COUNT/SYS: /PUBLIC] SEARCH2:=Y: [COUNT/SYS: /PUBLIC/WP] SEARCH3:=X: [COUNT/ACCT: /ACCREC] Map Network Drives Suppose you want to map a network drive to a directory in which you have files. To see what network drive letters are available, type MAP Choose a drive letter that is not being used, such as J. Type MAP J:= path Replace path with the directory path (including the file server name and the volume name) leading to the directory to which you want to map network drive J. For example, suppose your username is MARIA and you want to map drive J to your home directory, which is on file server COUNT in volume SYS. Type MAP J:= COUNT/SYS:HOME/MARIA MAP SEARCH DRIVES Suppose your search drives appear as follows: SEARCH1:=Z: [COUNT/SYS: /PUBLIC] SEARCH2:=Y: [COUNT/SYS: /PUBLIC/WP] The next available search drive is SEARCH3 (S3). To map a search drive to directory ACCREC on volume ACCT, type MAP S3:=COUNT/ACCT:ACCREC When you type MAP again, the new search drive appears: SEARCH1:=Z: [COUNT/SYS: /PUBLIC] SEARCH2:=Y: [COUNT/SYS: /PUBLIC/WP] SEARCH3:=X: [COUNT/ACCT: /ACCREC] What if ... .... I just mapped a drive and then rebooted, and now the mapped drive is gone? Did you map the drive in your login script? Drives mapped at the command line are temporary----they are deleted when you log out of your file server or turn off your workstation. If you want the mapping to be permanent, you must enter it in your login script. .... The system won't accept my mapped drives? o You may not have rights to the directory you want to map to. Change to that directory and type RIGHTS If your rights aren't sufficient, see your supervisor. o You may have used the wrong command format. .... I just viewed my mapped drives and some of them seem to be incorrect? Did you use the DOS CD command to change your default directory? Changing directories changes your mapping. .... My search drives are in reverse order? Search drives are numbered, but their associated drive letters begin in reverse alphabetical order. For example, the first search drive (Search 1 or S1) appears as network drive Z, the second one appears as network drive Y, and so on. However, in your login script, they should appear in normal alphabetical order. SEND MESSAGES TO OTHER USERS You can communicate with other users on your network by sending messages from your workstation command line. This section explains how to do the following: o Send a message to one or more users o Send a message to all workstations o Block/allow messages from other workstations Send a Message to One or More Users Suppose you want to send the following message to users CINDY and ERIC: "Meeting at 1:30 today." Also suppose that CINDY and ERIC are logged in to your default server. Type SEND "MEETING AT 1:30 TODAY" CINDY, ERIC A confirmation message appears, telling you that the message was sent. If CINDY is logged in to another file server called SALES, attach to that file server and type SEND "MEETING AT 1:30 TODAY" SALES/CINDY Send a Message to All Workstations Suppose you want to send the following message to all workstations: "Paychecks are here." Type SEND "PAYCHECKS ARE HERE." EVERYONE A confirmation message appears listing all the users to whom the message was sent. If you want to send a message to everyone on another file server, you must be attached to that file server and specify the name of the file server in the command. Block/Allow Messages from Other Workstations If you do not want to receive messages sent to you from any network stations, type CASTOFF The following message appears on your screen: Broadcasts from other stations will now be rejected. To allow your workstation to again receive messages from other network users, type CASTON The following message appears on your screen: Broadcast messages from the console and other stations will now be accepted. What If ... .... I am unable to send a message to a user? o Is the user logged in? Type USERLIST o Is your message buffer full? You can only receive up to two messages. You must clear these messages from your screen (by pressing ) before you can receive others. o Did you type the SEND command properly? .... I am unable to send messages to users on another file server? o Did you attach to that file server? o Is the user logged in? Type USERLIST o Did you type the SEND command properly? MANAGE FILES AND DIRECTORIES You can manage your files and directories in a variety of ways. You can copy, delete, rename, view, write to, share, and print them. NetWare uses a system of file and directory rights and attributes to make sure that only authorized network users can access and handle network data. Attributes are assigned to files and directories. They override rights, which are assigned to users. For example, suppose you have the right to rename files (the Modify right). However, the file you want to copy is flagged with the Rename Inhibit attribute. This prevents you from renaming it, even though you have the right to do so. For more information, see "Attributes" and "Rights" in NetWare v3.11 Concepts. Know Your Rights To view your rights in your default directory, type RIGHTS If your effective rights include all rights, the following information appears: SERVER1\SYS:PUBLIC\UTIL Your effective rights for this directory are [SRWCEMFA] You have Supervisor Rights to Directory. (S) *May Read from File. (R) *May Write to File. (W) May Create Subdirectories and Files. (C) May Erase Directory. (E) May Modify Directory. (M) May Scan for Files. (F) May Change Access Control. (A) *Has no effect in directory. Entries in Directory May Inherit [SRWCEMFA] rights. You have ALL RIGHTS to Directory Entry. Copy a File to Another Network Directory Suppose you want to copy a file called ACC.DAT from your default directory (for example, F) to the SALEPROG directory in volume SYS on the file server SALES. First, make sure you have a drive (for example, G) mapped to SALEPROG as follows: G:=SALES/SYS:SALEPROG To copy ACC.DAT from your default directory to the SALEPROG directory, type NCOPY F:ACC.DAT TO G: Suppose you want to copy a file called ACC.DAT from the SALEPROG directory in volume SYS on the file server SALES to your default directory. Also suppose drive G is mapped to SALEPROG as G:=SALES/SYS:SALEPROG. Type NCOPY G:ACC.DAT F: Copy All of a Directory's Files to Another Directory 1. Type FILER and select "Directory Contents" from the "Available Topics" menu. 2. Select the directory you want to copy from the "Directory Contents" window. The "Subdirectory Options" window appears. 3. Select "Copy Subdirectory's Files." The "Copy Subdirectory To:" window appears. 4. To copy subdirectory files, complete one of the following: o Copy to a subdirectory in your current directory. Type the name of the directory; then press . You can also use to bring up the "File Servers/Local Drives" window, from which you can select your directory path by selecting file server, volume, and directory options. After you select your directory path, press to bring your cursor back to the "Copy subdirectory To:" window. Then press to copy your subdirectory's files. o Copy to a directory on another volume on your file server. Type in the name of the volume and directory; then press . You can also use to bring up the "File Servers/Local Drives" window, from which you can select your directory path by selecting file server, volume, and directory options. o Copy to a directory to another file server. You must be attached to the file server you want to copy files to. Type in the name of the file server, volume, and directory; then press . Delete a File 1. Type FILER 2. Select "Directory Contents" from the "Available Topics" menu. 3. Highlight the file you want to delete from the "Directory Contents" window and^S press . Answer "Yes" in the confirmation box. To delete more than one file, use the Mark key () to highlight multiple files; then press . Answer "Yes" in the confirmation box. Salvage a File You Just Deleted 1. Type SALVAGE 2. Select "View/Recover Deleted Files" from the "Main Menu Options"window. To change to another volume, you must select the directory path from the "Select Current Directory" option in the main menu. Note: If you have too many salvageable files to fit on the screen, you will see the heading "Inc^Qomplete." Scroll through the list to see the entire list, or use the Mark Pattern key to mark the file pattern. Then exit the list and reenter it. 3. To salvage files using wildcards or to salvage a specific file, type the information in the "Erased File Name Pattern To Match" window. To view all salvageable files, press . 4. To salvage a file, complete one of the following: o Salvage a single file. Select the file you want to salvage. Select "Yes" from the "Recover This File" box. o Salvage multiple files. Use the Mark key () to select multiple files. Select "Yes" from the confirmation box. o Salvage multiple files using wildcards. To match a filename pattern or extension, press the Mark Pattern key () and type the pattern you want to match. Once you match the pattern of the files you want to salvage, press and select "Yes" from the "Recover ALL marked files?" confirmation box. 5. Press to exit SALVAGE. Find a Lost File Suppose you don't remember the location of a file. The file is called FUTURE.DAT. You think it may be in the PROGRAMS directory, and drive G is mapped to that directory. To find the location of the lost file, type NDIR G: FUTURE.DAT If you don't know which directory the file is in, change directories back to the volume level. Then type NDIR filename sub The NDIR utility searches all those directories you have rights to on the volume for the file. Rename a Directory Suppose you want to change the name of the ACCT directory to PROGRAMS. Also suppose drive G is mapped to ACCT in volume SYS on file server RECORDS as follows: Drive G: = RECORDS/SYS:ACCT To rename the directory, type RENDIR G: PROGRAMS Note: You must be attached to a file server before you can change the name of a directory on that file server. You must also have the Modify right in the directory to rename subdirectories in that directory. Drive mappings in login scripts (if they exist) must be changed to reflect the new name of the directory. What If ... .... I can't copy? o You may not have sufficient rights. Type RIGHTS You must have the Create right to copy files into a directory. o The file may be flagged "non-shareable" and may be in use. Type FLAG filename If it is flagged "non-shareable," try again at a later time, when the file is not in use. .... I can't see a directory? o You may not have enough rights to that directory. Type RIGHTS o The directory attribute may be set to "Hidden" or "System." Type FLAG filename o The directory may have set disk space limitations. To view the directory restrictions, type DSPACE o The directory may have been deleted. Ask your supervisor. PRINTING Printing from a network workstation is similar to printing from a stand alone workstation. When you send a print job to a network printer, however, the job is routed first through the file server and then delivered to the printer by the print server. When a print job leaves the workstation, it is stored temporarily in a print queue on the file server. This queue, which is a subdirectory on the file server, stores the print job until the print server can deliver it to the printer. When the printer is ready to service the job, the print server moves it from the queue to the printer. Permanently Set Up Workstation Printing If you want to print from a non-NetWare-compatible application or from the screen, you need to route print files from your local printer port (LPT1) to a file server queue. 1. Enter the SYSCON utility. 2. Select "User Information" from SYSCON's main menu. 3. Select your username. 4. Select "Login Script." 5. Insert the following command into the login script: #CAPTURE Q=queuename TI=5 6. Exit SYSCON, saving changes when prompted. 7. Log back in to or reboot your workstation to allow the CAPTURE command to take effect. Print Screens Using CAPTURE Before you start printing screens using CAPTURE, you need to set the CAPTURE parameters in your login script. See "Permanently Set Up Workstation Printing" on the previous page. Also, your supervisor needs to set up a default queue. 1. At the command line, type CAPTURE You can include any of the CAPTURE options except Show. Some of the most common CAPTURE options are the following: L=n Indicates which of your workstation's LPT ports (local parallel printing ports) to capture. Replace "n" with 1, 2, or 3. Default: ^S^Q L=LPT1 Q=queuename Indicates the queue the print job should be sent to. If multiple queues are mapped to a printer, you must include this option. Replace "queuename" with the name of the queue. TI=n Indicates the number of seconds between the last time the application writes to the file and the time it releases the file to the queue. Include this option if you want to print from an application without exiting the application. Replace "n" with a number of seconds (1-1000). Default: TI=O (Timeout disabled) 2. Access the application containing the screen you want to print. 3. Press . 4. If you want to print more screens, repeat steps 2 and 3. 5. When you have selected the screens you want printed, return to the DOS prompt and type ENDCAP ENDCAP sends your print job to the default print queue of your default file server, and then the job is printed. ENDCAP also ends the capture of your LPT port. Note: Your workstation might hang if you press the keys when none of your LPT ports are captured and no local printers are attached to your workstation. To prevent this, ask your supervisor to include the following line in the SHELL.DFG file on your workstation boot disk. LOCAL PRINTERS = 0 List the Jobs in a Queue A queue is a special directory where print files are stored while waiting for printer services. To see which jobs are waiting in a queue to be printed, complete the following steps: 1. Type PCONSOLE 2. Select your file server (if other than your current file server). 3. Select "Print Queue Information" from the "Available Options" menu. 4. Select the print queue whose print job you want to view. If you don't know the name of the print queue, ask your supervisor. 5. Select "Current Print Job Entries" from the "Print Queue Information" list. The print job entries are displayed. Delete Your Print Job from a Queue You can cancel your print job by deleting it from the print queue (even after the job has started printing). You can delete a print job only if you are the owner of the job or if you are the print queue operator. To delete your print job, complete the following steps: 1. Type PCONSOLE 2. Select "Print Queue Information" from the "Available Options" menu. 3. Select the print queue whose entries you want to view. The "Print Queue Information" list is displayed. 4. Select "Current Print Job Entries." 5. Highlight the print job entry and press . 6. Select "Yes" at the confirmation box. What If... .... I send commands to print a screen, but it doesn't print? Did you include the CAPTURE command in your login script? See a previous section called "Permanently Set Up Workstation Printing." .... The application I'm using says that the print job was sent, but it doesn't print out? o Did you use CAPTURE to redirect output to a print queue first? o Are the LPT ports captured? Type CAPTURE SH o Check PCONSOLE and find the appropriate queue. If the queue has a long list of jobs and none are marked "active," see your print server operator. If your job isn't in the queue, the application is not set up properly; check with the applications expert. COMMON ERROR MESSAGES Error messages point to a software or hardware error that doesn't allow further processing. An explanation of the nature of the message and a recommended course of action follow each message listed below. "Access denied" Explanation 1 This message indicates one of the following: o You entered your username, your password, or both incorrectly. o You tried to log in to a file server on which you are not defined as a user. Action 1 Try to log in again and make sure you type the username and password correctly. Make sure you are logging in to a file server on which you are defined as a user or as a member of a group. You can log in to most file servers as GUEST because user GUEST seldom requires a password. Explanation 2 You tried to copy, delete, rename, or modify the file attributes of a file for which you lack rights. Action 2 Find out about your rights to this file by typing RIGHTS filename or by asking your supervisor. "A File Server could not be found" Explanation The shell tried to build a connection with the network, but no file server responded to the request in the given time limit. Action Check the cable connection and make sure at least one active file server exists on the network. Also ask your supervisor to make sure the IPX file and the network board have the same configuration. "Message NOT sent to / (station number)" Explanation If a number of messages have been sent to the user or group and have not been cleared, either of the following may be true: o The workstation's buffer for incoming messages may be full. o The message was not sent to the user or group because the user or group used the CASTOFF utility. Action Send the message later, or try another method of communication. "Network Error during . File = : Abort, Retry or Fail?" (or "Abort, Retry?") Explanation 1 The shell called a function call or a DOS interrupt, but the specified operation could not be performed. The : specify the drive and filename on which the error condition occurred. Action 1 Press the R key to retry the operation and, if necessary, repeat this several times. If the problem persists, ask your supervisor or look up the specific message in NetWare v3.11 System Messages. Explanation 2 Your file server may be down. Action 2 Press the A key to abort the operation, and then try to connect to the file server again. If this attempt fails, contact your supervisor. "Password has expired" Explanation This message indicates your password has expired. The network supervisor can require users to periodically change their passwords on the file server to protect the file server from access by unauthorized persons. The network supervisor can also assign a number of grace logins during which users can still use their old passwords (after they have expired) before having to create new passwords. Action Use the SETPASS command to change your password. If you use the old password during your remaining grace logins, be sure to change it before you run out of grace logins, or else your network supervisor has to change it for you. "Password has expired and grace period has also expired." Explanation This message indicates that your user account is locked because your password has expired and you have used all your grace logins. After your password expires, you may have a number of grace logins during which you can still use your old password. If you do not change your password before your grace logins are used, you are denied access. Action Since you have run out of grace logins, you cannot access your account until your network supervisor or manager assigns you a new password. "Server not found" Explanation This message indicates that you tried to attach to the file server , but the file server did not respond for one of the following reasons: o You mistyped the name of the file server. o You specified a file server not cabled to your network. o You specified a file server that is down for system maintenance. Action o Type the file server name correctly. o Use the SLIST command to list all the available file servers. o If the file server is down for maintenance, try the command later when the file server has been brought back up. If you still have problems, ask your network supervisor for help. "Unable to attach to server " Explanation This message indicates one of the following: o You mistyped the name of the file server. o You specified a file server not cabled to your network. o You specified a file server that is down for system maintenance. Action o Type the file server name correctly. o Use the SLIST command to list all available file servers. o If the file server is down for maintenance, try the command later when the file server has been brought back up. If you still have problems, ask your network supervisor for help. "User / not found" Explanation This message indicates that you either specified a user who does not exist on or mistyped the user's name. Action o Make sure you have typed the user's name correctly. o If you are not certain which users are established on the file server, use the SYSCON utility to view the list of network users. o You can also use the USERLIST command to view a list of currently attached users. (----------------------------------------------------------------------------) One of the most useful tools that any Novell Network user can have is access to Netwire on Compuserve. Netwire is a forum that contains messages, files, and access to Novell product information firsthand. You can submit questions to Novell technicians and hundreds of other Novell users. A must for any Netware user. Another handy tool for those that do have access is the SALVAGE program. SALVAGE will let you undelete files throughout the system unless the directory is marked to be purged. PURGE is nice too because it will allow you to completely erase any files you created or copied. To use purge and or salvage make sure you are mapped to the public directory and execute them from any DOS prompt. (----------------------------------------------------------------------------) As far as dialing up a Novell Network the means are unlimited. Some have very tight security systems that only let users with certain hardware dial-in and others limit the usernames that are allowed dial-in access. ______________________________________________________________________________