CD Actual 13

home *** CD-ROM | disk | FTP | other *** search

/ CD Actual 13 / CDA13.ISO / DOC / HOWTO / IPX_HOWT.GZ / IPX_HOWT

Wrap

Text File | 1996-06-02 | 64.1 KB | 1,618 lines

Linux IPX-HOWTO Terry Dawson, terry@perf.no.itg.telecom.com.au v2.0, 1 June 1996 This document aims to describe how to obtain, install and configure various tools available for the the Linux operating system that use the Linux kernel IPX protocol support. 1. Introduction. This is the Linux IPX-HOWTO. You should read the Linux NET-2-HOWTO in conjunction with this document. 1.1. Changes from the previous release. Additions: FAQ section - thanks to Gregory Steuck, Volker Lendecke, Alan Cox PPP section - thanks Gilbert, David, and Chad. details of 'linware' list. ipx_internal_net to router section - comments ? Corrections/Updates: Copyright is now GNU GPL version 2.0 Updated location of Greg's IPX tools. Suggest Volkers ipxd in place of old daemons. Updated locations of Volkers ftp site location. Updated versions of ncpfs and mars_nwe. 1.2. Introduction. The Linux Kernel has a completely new network implementation as compared to other Unix like operating systems. The ability to take a fresh approach to developing the kernel networking software has led to the Linux kernel having support for a range of non tcp/ip protocols being built. The IPX protocol is one of those that have been included. The Linux kernel supports the IPX protocol only. It does not yet support protocols such as IPX/RIP, SAP or NCP, these are supported by other software such as that documented elsewhere in this document. The IPX support was originally developed by Alan Cox <ialan@iifeak.swan.ac.uk> and has been significantly enhanced by Greg Page <greg@caldera.com>. 2. Disclaimer. I do not and cannot know everything there is to know about the Linux network software. Please accept and be warned that this document probably does contain errors. Please read any README files that are included with any of the various pieces of software described in this document for more detailed and accurate information. I will attempt to keep this document as error-free and up-to-date as possible. Versions of software are current as at time of writing. In no way do I or the authors of the software in this document offer protection against your own actions. If you configure this software, even as described in this document and it causes problems on your network then you alone must carry the responsibility. I include this warning because IPX network design and configuration is not always a simple matter and sometimes undesirable interaction with other routers and fileservers can result if you do not design or configure your network carefully. I also include this warning because I was asked to by someone unfortunate enough to have discovered this lesson the hard way. 3. Related Documentation. This document presumes you understand how to build a Linux kernel with the appropriate networking options selected and that you understand how to use the basic network tools such as ifconfig and route. If you do not, then you should read the NET-2-HOWTO <http://sunsite.unc.edu/mdw/HOWTO/NET-2-HOWTO.html> in conjunction with this document as it describes these. Other Linux HOWTO documents that might be useful are: The Ethernet-HOWTO <http://sunsite.unc.edu/mdw/HOWTO/Ethernet- HOWTO.html>, which describes the details of configuring an Ethernet device for Linux. The PPP-HOWTO <http://sunsite.unc.edu/mdw/HOWTO/PPP-HOWTO.html> as IPX support is available for version 2.2.0d and later of the Linux PPP implementation. 3.1. New versions of this document. If your copy of this document is more than two months old then I strongly recommend you obtain a newer version. The networking support for Linux is changing very rapidly with new enhancements and features, so this document also changes fairly frequently. The latest released version of this document can always be retrieved by anonymous ftp from: sunsite.unc.edu /pub/Linux/docs/HOWTO/IPX-HOWTO or: /pub/Linux/docs/HOWTO/other-formats/IPX-HOWTO{-html.tar,ps,dvi}.gz via the World Wide Web from the Linux Documentation Project Web Server <http://sunsite.unc.edu/mdw/linux.html>, at page: IPX-HOWTO <http://sunsite.unc.edu/mdw/HOWTO/IPX-HOWTO.html> or directly from me, <terry@perf.no.itg.telecom.com.au>. It may also be posted to the newsgroups: comp.os.linux.networking, comp.os.linux.answers and news.answers from time to time. 3.2. Feedback. Please send any comments, updates, or suggestions to me, <terry@perf.no.itg.telecom.com.au>. The sooner I get feedback, the sooner I can update and correct this document. If you find any problems with it, please mail me directly as I now very rarely read the newsgroups. You might also catch me as terryd on the #linpeople IRC channel on the undernet IRC network. 3.3. Mailing list support. There is a mailing list established for discussion of the various Linux IPX software packages described in this document. You can subscribe to it by sending a mail message to listserv@sh.cvut.cz with add linware in the body of the message. To post to the list your send your mail to linware@sh.cvut.cz. The mailing list is archived at www.kin.vslib.cz <http://www.kin.vslib.cz/hypermail/linware/>. 4. Some of the terms used in this document. You will often see the terms client and server used in this document. They are normally fairly specific terms but in this document I have generalized their definitions a little so that they mean the following: client The machine or program that initiates an action or a connection for the purpose of gaining use of some service or data. server The machine or program that accepts incoming connections from multiple remote machines and provides a service or data to those. These definitions are not very reliable either, but they provide a means of distinguishing the ends of peer to peer systems such as SLIP or PPP which truly do not actually have clients and servers. Other terms you will see are: IPX Internet Packet eXchange is a protocol used by the Novell corporation to provide internetworking support for their NetWare(tm) product. IPX is similar in functionality to the IP protocol used by the tcp/ip community. IPX network address This is a number which uniquely identifies a particular IPX network. The usual notation for this address is in hexadecimal. An example might look like: 0x23a91002 IPX Internal network This is a virtual IPX network. It is virtual because it does not correspond to a physical network. This is used to provide a means of uniquely identifying and addressing a particular IPX host. This is generally only useful to IPX hosts that exist on more than one physical IPX network such as fileservers. The address is coded in the same form as for a physical IPX network. RIP Routing Information Protocol is a protocol used to automatically propagate network routes in an IPX network. It is functionally similar to the RIP used within the tcp/ip community. NCP NetWare Core Protocol is a networked filesystem protocol designed by the Novell Corporation for their NetWare(tm) product. NCP is functionally similar to the NFS used in the tcp/ip community. SAP Service Advertisement Protocol is a protocol designed by the Novell Corporation that is used to advertise network services in a NetWare(tm) environment. Hardware address This is a number that uniquely identifies a host in a physical network at the media access layer. Examples of this are Ethernet Addresses. An Ethernet address is generally coded as six hexadecimal values separated by colon characters eg. 00:60:8C:C3:3C:0F route The route is the path that your packets take through the network to reach their destination. 5. The IPX related files in the /proc filesystem. There are a number of files related to the Linux IPX support that are located within the /proc filesystem. They are: /proc/net/ipx_interface This file contains information about the IPX interfaces configured on your machine. These may have been configured manually by command or automatically detected and configured. /proc/net/ipx_route This file contains a list of the routes that exist in the IPX routing table. These routes may have been added manually by command or automatically by an IPX routing daemon. /proc/net/ipx This file is a list of the IPX sockets that are currently open for use on the machine. 6. Greg Pages IPX tools. Greg Page <greg@caldera.com> of Caldera Incorporated has written a suite of IPX configuration tools and enhanced the Linux IPX kernel support. The kernel enhancements allow linux to be configured as a fully featured IPX bridge or router. The enhanced IPX support has already been fed back into the mainstream kernel distribution so you will probably already have it. The network configuration tools provide you with the capability to configure your network devices to support IPX and allow you to configure IPX routing and other facilities under Linux. The Linux IPX network tools are available from: sunsite.unc.edu <ftp://sunsite.unc.edu/pub/Linux/system/Filesystems/ncpfs/ipx.tgz>. 6.1. The IPX tools in more detail. ipx_interface This command is used to manually add, delete or check ipx capability to an existing network device. Normally the network device would be an Ethernet device such at eth0. At least one IPX interface must be designated the primary interface and the -p flag to this command does this. For example to enable Ethernet device eth0 for IPX capability as the primary IPX interface using the IEEE 802.2 frame type and IPX network address 39ab0222 you would use: # ipx_interface add -p eth0 802.2 0x39ab0222 ipx_configure This command enables or disables the automatic setting of the interface configuration and primary interface settings. The --auto_interface argument allows you to select whether new network devices should be automatically configured as IPX devices or not. The --auto_primary argument allows you to select whether the IPX software should automatically select a primary interface or not. A typical example of this commands use would be to enable both automatic interface configuration and automatic primary interface setting: # ipx_configure --auto_interface=on --auto_primary=on ipx_internal_net This command allows you to configure or deconfigure an internal network address. An internal network address is optional, but when it is configured it will always be the primary interface. To configure an IPX network address of ab000000 on IPX node 1 you would use: # ipx_internal_net add 0xab000000 1 ipx_route The command allows you to manually modify the IPX routing table. For example to add a route to IPX network 39ab0222 via a router with node number 00608CC33C0F on IPX network 39ab0108: # ipx_route add 0x39ab0222 0x39ab0108 0x00608CC33C0F 7. Configuring your Linux machine as an IPX router. If you have a number of IPX segments that you wish to internetwork you need the services of a router. In the Novell environment there are two pieces of information which are necessary to be propagated around the network. They are the network routing information propagated using Novell RIP, and the service advertisement information propagated using Novell SAP. Any router must support both of these protocols to be useful in most situations. Linux has support for both of these protocols and can be fairly easily made to function as a fully Novell compliant router. The Linux kernel IPX support actually manages the IPX packet forwarding across interfaces, but it does this according to the rules coded into the IPX routing table. Linux needs a program to implement the Novell RIP and SAP to ensure that the IPX routing table is built correctly and updated periodically to reflect changes in the network status. Volker Lendecke <lendecke@namu01.gwdg.de> has developed a routing daemon that will do this for you. You can find ipxripd at: sunsite.unc.edu <ftp://sunsite.unc.edu/pub/Linux/system/Filesystems/ipxripd-0.7.tgz> or at Volkers home site at: ftp.gwdg.de <ftp://ftp.gwdg.de/pub/linux/misc/ncpfs/ipxripd-0.7.tgz> Configuring your Linux machine to act as a router is very straightforward. The steps you must take are: 1. Build your kernel with IPX, Ethernet and /proc support. 2. Obtain, compile and install the ipxd daemon program. 3. Boot the new kernel and ensure that each of the Ethernet cards has been properly detected and there are no hardware conflicts. 4. Enable the IPX protocol on each of the interfaces using the ipx_interface command described above. 5. Start the ipxd daemon program. Consider the following simple network: IPX Addr: 0x01000000 802.2 |--------------------------| | \_________________________ \ Linux Router IPX Addr: 0x02000000 802.2 \ |--------------------------| \ eth0/-----------\ | \--====| | \_________________________ | IPX route | \ eth1| Table | IPX Addr: 0x03000000 etherII \----====| ^ | |--------------------------| | | | | eth2| IPXd | \______________________________/====| | | SAPd | IPX Addr: 0x04000000 etherII eth3| | |--------------------------| /====| | | | \___________/ \______________________________/ The configuration for the above network would look like: # ipx_interface add eth0 802.2 0x0100000000 # ipx_interface add eth1 802.2 0x0200000000 # ipx_interface add eth2 etherii 0x0300000000 # ipx_interface add eth3 etherii 0x0400000000 # ipxd You should then wait a moment or two and check your /proc/net/ipx_route file and you should see it populated with the IPX routes relevant to your configuration and any learned from any other routers in the network. 7.1. Do I need to configure an internal network ? Novell has a feature called an internal network, which it uses to simplify routing in situations where a host has more than one network device connected. This is useful in the case of a fileserver connected to multiple networks as it means that only one route needs to be advertised to reach the server regardless of which network you are attempting from. In the case of a configuration where you are not running a fileserver and your machine acting only as an IPX router the question is not as simple to answer. It has been reported that configuring for IPX/PPP works `better' if you also configure an internal network. In any case it is easy to do, but may require a rebuild of your kernel. When you are working through the kernel make config you must answer Y when asked Full internal IPX network as illustrated: ... ... Full internal IPX network (CONFIG_IPX_INTERN) [N/y/?] y ... ... To configure the internal network interface, use the ipx_internal_net command described earlier in the IPX tools section. The main precaution to take is to ensure that they IPX network address you assign is unique on your network and that no other machine or network is using it. 8. Configuring your Linux machine as an NCP client. If you are a user of a mixed technology network that comprises both IP and IPX protocols it is likely that at some time or another you have wanted to have your Linux machine access data stored on a Novell fileserver on your network. Novell have long offered an NFS server package for their fileservers that would allow this, but if you are a small site or have only a small number of people interested in doing this it is difficult to justify the cost of the commercial package. Volker Lendecke <lendecke@namu01.gwdg.de> has written a Linux filesystem kernel module that supports a limited subset of the Novell NCP that will allow you to mount Novell volumes into your Linux filesystem without requiring any additional products for your fileserver. The software causes Linux to emulate a normal Novell workstation for file services. It also includes a small print utility that allows you to print to Novell print queues. Because this is a limited subset it does not work very well with any of the Novell fileserver emulators described later in this document. Volker has called the package ncpfs and derived the necessary information mainly from the book "Netzwerkprogrammierung in C" by Manfred Hill and Ralf Zessin (further details of the book are contained within the README file in the ncpfs package). Volker also used the IPX tools written by Greg Page <greg@caldera.com>. 8.1. Obtaining ncpfs. The latest ncpfs package was designed to be built against the version 1.2.13 kernel or kernels later than 1.3.71 so you if you are not using a kernel in either of these categories it then you should obtain one and use it. You can obtain the ncpfs package by anonymous ftp from Volker's home site at: ftp.gwdg.de <ftp://ftp.gwdg.de/pub/linux/misc/ncpfs/> or sunsite.unc.edu <ftp://sunsite.unc.edu/pub/Linux/system/Filesystems/ncpfs> or mirror sites. The current version at the time of writing was: ncpfs-0.24.tgz 8.2. Building ncpfs for kernels 1.2.*. Build a kernel with Ethernet and IPX support The first thing you need to do is ensure that your kernel has been built with IPX support enabled. In the 1.2.13 version kernel you need only ensure that you have answered Y to the question: 'The IPX protocol' as illustrated: ... ... Assume subnets are local (CONFIG_INET_SNARL) [y] Disable NAGLE algorithm (normally enabled) (CONFIG_TCP_NAGLE_OFF) [n] The IPX protocol (CONFIG_IPX) [n] y * * SCSI support ... ... You will also need to ensure that you include an appropriate driver for your Ethernet card. If you do not know how to do this then you should read the Ethernet-HOWTO <http://sunsite.unc.edu/mdw/HOWTO/Ethernet-HOWTO.html>. You can then proceed to build your kernel. Make sure you remember to run lilo to install it when you have finished. Untar the ncpfs software # cd /usr/src # tar xvfz ncpfs-0.24.tgz # cd ncpfs Make the ncpfs software The software should compile cleanly with no configuration necessary: # make Copy the IPX tools somewhere useful if you don't already have them. After the make has completed you should find all of the tools you need in the ncpfs/bin directory. You can use make install to install the tools in Volkers choice of directories, but I prefer to place them in different directories. I use the following commands to copy them to my preferred directories: # cd bin # cp ncp* pserver /usr/local/sbin # cp nwmsg /sbin # cp ../ipxdump/ipxdump ../ipxdump/ipxparse /usr/local/sbin # cp ncopy nprint nsend nwfsinfo pqlist slist /usr/local/bin note: the nwmsg command must be installed in the /sbin because it is invoked by the kerneld daemon if you are running it. If you want to change the location of it then you need to edit the /usr/src/linux/include/linux/ncp_fs.h file and change the NCP_MSG_COMMAND definition. If you do not already have Greg Pages IPX tools installed then you should also do the following: # cp ipx* /usr/local/sbin Copy the ncpfs.o module somewhere useful if necessary. If you are compiling for a 1.2.* kernel then you will find a file called ncpfs.o in the ncpfs/bin directory after the make has completed. This is the ncpfs kernel module. You should copy this somewhere useful. On my debian system I have copied it to the /lib/modules/1.2.13/fs directory and added ncpfs to the /etc/modules file so that it will be automatically started at boot time. If you are using some other distribution you should find where it keeps its modules and copy it there, or just copy it to your /etc directory. To load the modules manually you need to use the command: # insmod ncpfs.o 8.3. Building ncpfs for kernels 1.3.71++. For the latest version of ncpfs you must use kernel 1.3.71 or newer. If you want to use older 1.3.* kernels then you must locate a version of ncpfs like ncpfs-0.12.tgz. If you intend using a kernel that is version 1.3.71 or newer then the ncpfs kernel code has been included in the standard kernel distribution. You need only answer Y to: ... ... The IPX protocol ? ... ... NCP filesystem support (to mount NetWare volumes) ? ... ... You will still need to follow the instructions for building for kernels 1.2.* so that you can build the tools but there will not be a module file for you to install. 8.4. Configuring and using ncpfs. Configure the IPX network software There are two ways of configuring the IPX network software. You can manually configure all of your IPX network information or you can choose to let the software determine for itself some reasonable settings. In most installations the automatic method will work ok. If it doesn't work for you then read the 'IPX tools' section below to configure your software manually: # ipx_configure --auto_interface=on --auto_primary=on Test the configuration After your IPX network is configured you should be able to use the slist command to see a list of all of the Novell fileserver on your network: # slist If the slist command displays a message like: ncp_connect: Invalid argument then your kernel probably does not support IPX. Check that you have actually booted off the appropriate kernel. If the slist command does not list all of your fileservers then you may need to use the manual network configuration method. Mount a Novell(tm) volume. If your IPX network software is working ok you should now be able to mount a Novell fileserver volume into your Linux filesystem. The ncpmount command is used for this purpose and requires that you specify at least the following information: 1. The fileserver name 2. The fileserver login id. If it has a password you will also need that. 3. The mount point ie. where you want the mount to go. An example command to mount fileserver ACCT_FS01, with a login id of guest with no password, under the /mnt/Accounts directory might look like the following: # ncpmount -S ACCT_FS01 /mnt/Accounts -U guest -n Note the use of the -n option to indicate that no password is required for the login. The same login specifying a password of secret would look like: # ncpmount -S ACCT_FS01 /mnt/Accounts -U guest -P secret If you don't specify either the -n or the -P options you will be prompted for a password. Check the mount If the mount is successful you will find the volumes accessible to the userid used for login listed as directories under the mount point. You should then also be able to traverse the directory structure to find other files. Because NCP does not provide uid or gid ownership of files, all of the files will have the permission and ownership assigned to the mount point directory, keep this in mind when sharing mounts between Linux users. Test printing You can test to see if printing works using the nprint command. The nprint command allows you to print to a file to a NetWare print queue. The pqlist command allows you the list the available print queues on a NetWare server. Both commands require that you supply username and password so you might normally consider building some shell scripts to make the task of printing easier. An example might look like: # pqlist -S ACCT_FS01 -U guest -n # nprint -S ACCT_FS01 -q LASER -U guest -n filename.txt The login syntax is similar to the ncpmount command. The examples above assume that fileserver ACCT_FS01 has a guest account with no password, that a print queue called LASER exists and that guest is allowed to print to it. Configure mounts to be automatically performed. If you have some need to permanently have an ncp mount then you will want to configure the commands above into your rc files so that they occur automatically at boot time. I recommend you place them in your /etc/rc.local file if you have one. I have placed them in a file called NetWare in my /etc/init.d directory and created appropriate symbolic links into my /etc/rc2.d directory to cause it to be started. You might use something like: # # Start the ncp filesystem /sbin/insmod /lib/modules/1.2.13/fs/ncpfs.o # configure the IPX network ipx_configure --auto_interface=on --auto_primary=on # guest login to the Accounting fileserver ncpmount -S ACCT_FS01 /mnt/Accounts -U guest -n # There is another means of configuring NCP mounts and that is by building a $HOME/.nwclient file. This file contains details of tem¡ porary or user specific NCP mounts that would be performed regu¡ larly. It allows you to store the details of mounts so that you can recreate them without having to specify all of the detail each time. Its format is quite straightforward: # The first entry is the 'preferred server' entry and is # used whenever you do not specify a server explicitly. # # User TERRY login to DOCS_FS01 fileserver with password 'password' DOCS_FS01/TERRY password # # Guest login to the ACCT_FS01 fileserver with no password. ACCT_FS01/GUEST - To activate these mounts you could use: $ ncpmount /home/terry/docs to mount: DOCS_FS01 with a login of TERRY under the /home/terry/docs directory. Note that this entry was chosen because no fileserver was specified in the mount command. If the following command were used: $ ncpmount -S ACCT_FS01 /home/terry/docs then a GUEST login to ACCT_FS01 would be mounted there instead. Note: for this mechanism to work the permissions of the $HOME/.nwclient file must be 0600 so you would need to use the command: $ chmod 0600 $HOME/.nwclient If non-root users are to be allowed to use this mechanism then the ncpmount command must be Set Userid Root, so you would need to give it permissions: # chmod 4755 ncpmount Try out the nsend utility a utility to send messages to Novell users is also included in the package, it is called nsend and is used as follows: # nsend rod hello there would send the message "hello there" to a logged in user "rod" on your "primary" fileserver (the first one appearing in your .nwclient file. You can specify another fileserver with the same syntax as for the ncpmount command. 9. Configuring your Linux machine as an NCP server. There are two packages available that allow Linux to provide the functions of a Novell Fileserver. They both allow you to share files on your linux machine with users using Novell NetWare client software. Users can attach and map filesystems to appear as local drives on their machines just as they would to a real Novell fileserver. You may want to try both to see which best serves your intended purpose. 9.1. The mars_nwe package. Martin Stover <mstover@freeway.de> developed mars_nwe to enable linux to provide both file and print services for NetWare clients. In case you are wondering about the name: mars_nwe is Martin Stovers Netware Emulator. 9.1.1. Capability of mars_nwe. mars_nwe implements a subset of the full Novell NCP for file services, disk based bindery and also print services. It is likely to contain bugs but there are many people using it now and the number of bugs is steadily decreasing as new versions are released. 9.1.2. Obtaining mars_nwe. You can obtain mars_nwe from ftp.gwdg.de <ftp://ftp.gwdg.de/pub/linux/misc/ncpfs/>. The current version at the time of writing was: mars_nwe-0.97.pl6.tgz. 9.1.3. Building the mars_nwe package. Build a kernel with Ethernet and IPX Support In the 1.2.13 version kernel you need only ensure that you have answered Y to the question: 'The IPX protocol' and N to the question: ... ... The IPX protocol (CONFIG_IPX) [n] y ... ... Full internal IPX network (CONFIG_IPX_INTERN) [N/y/?] n ... ... In newer kernels a similar process is adopted but the actual text of the prompt may have changed slightly. You will also need to ensure that you include an appropriate driver for your Ethernet card. If you do not know how to do this then you should read the Ethernet-HOWTO <http://sunsite.unc.edu/mdw/HOWTO/Ethernet-HOWTO.html>. You can then proceed to build your kernel. Make sure you remember to run lilo to install it when you have finished. Untar the mars_nwe package. # cd /usr/src # tar xvfz mars_nwe-0.97.pl6.tgz Make mars_nwe. To make the package is very simple. First you should look at and edit the config.h file if necessary. It allows you to configure items such as the installation directories that will be used and the maximum number of sessions and volumes that the server will support. The really important entries to look at are: FILENAME_NW_INI the location of the initialisation file PATHNAME_PROGS where the executable support programs will be found. PATHNAME_BINDERY where the 'bindery' files will go. PATHNAME_PIDFILES the directory for the 'pid' files to be written. MAX_CONNECTIONS the maximum number of simultaneous connections allowed. MAX_NW_VOLS the maximum number of volumes mars_nwe will support. MAX_FILE_HANDLES_CONN the maximum number of open files per connection. WITH_NAME_SPACE_CALLS if you want to support ncpfs clients. INTERNAL_RIP_SAP whether you want mars_nwe to provide rip/sap routing. When this is done: # make # make install will build the servers and install them in the appropriate directory. The installation script also installs the configuration file /etc/nwserv.conf. Configure the server. Configuration is fairly simple. You need to edit the /etc/nwserv.conf file. The format of this file may at first look a little cryptic, but it is fairly straightforward. The file contains a number of single line configuration items. Each line is whitespace delimited and begins with a number that indicates the contents of the line. All characters following a '#' character are considered a comment and ignored. Martin supplies an example configuration file in the package, but I'll present what I consider to be a simplified example to offer an alternative for you. # VOLUMES (max. 5) # Only the SYS volume is compulsory. The directory containing the SYS # volume must contain the directories: LOGIN, PUBLIC, SYSTEM, MAIL. # The 'k' option converts all filenames in NCP requests to lowercase. # The 'm' option marks the volume as removable (useful for cdroms etc.) # The 'r' option set the volume to read-only. # The 'o' option indicates the volume is a single mounted filesystem. # The 'P' option allows commands to be used as files. # The default is upper case. # Syntax: # 1 <Volumename> <Volumepath> <Options> 1 SYS /home/netware/SYS/ # SYS 1 DATA /home/netware/DATA/ k # DATA 1 CDROM /cdrom kmr # CDROM # SERVER NAME # If not set then the linux hostname will be converted to upper case # and used. This is optional, the hostname will be used if this is not # configured. # Syntax: # 2 <Servername> 2 LINUX_FS01 # INTERNAL NETWORK ADDRESS # The Internal IPX Network Address is a feature that simplifies IPX routing # for multihomed hosts (hosts that have ports on more than one IPX network). # Syntax: # 3 <Internal Network Address> [<Node Number>] # or: # 3 auto # # If you use 'auto' then your host IP address will be used. NOTE: this may # be dangerous, please be sure you pick a number unique to your network. 3 0x49a01010 1 # NETWORK DEVICE(S) # This entry configures your IPX network. If you already have your # IPX network configured then you do not need this. This is the same as # using ipx_configure/ipx_interface before you start the server. # Syntax: # 4 <IPX Network Number> <device_name> <frametype> [<ticks>] # Frame types: ethernet_ii, 802.2, 802.3, SNAP 4 0x39a01010 eth0 802.3 1 # SAVE IPX ROUTES AFTER SERVER IS DOWNED # Syntax: # 5 <flag> # 0 = don't save routes, 1 = do save routes 5 0 # NETWARE VERSION # Syntax: # 6 <version> # 0 = 2.15, 1 = 3.11 6 1 # PASSWORD HANDLING # Real Novell DOS clients support a feature which encypts your # password when changing it. You can select whether you want your # mars server to support this feature or not. # Syntax # 7 <flag> # <flag> is: # 0 to force password encryption. (Clients can't change password) # 1 force password encryption, allow unencrypted password change. # 7 allow non-encrypted password but no empty passwords. # 8 allow non-encrypted password including empty passwords. # 9 completely unencrypted passwords (doesn't work with OS/2) 7 1 # MINIMAL GID UID rights # permissions used for attachments with no login. These permissions # will be used for the files in your primary server attachment. # Syntax: # 10 <gid> # 11 <uid> # <gid> <uid> are from /etc/passwd, /etc/groups 10 200 11 201 # SUPERVISOR password # May be removed after the server is started once. The server will # encrypt this information into the bindery file after it is run. # You should avoid using the 'root' user and instead use another # account to administer the mars fileserver. # # This entry is read and encrypted into the server bindery files, so # it only needs to exist the first time you start the server to ensure # that the password isn't stolen. # # Syntax: # 12 <Supervisor-Login> <Unix username> [<password>] 12 SUPERVISOR terry secret # USER ACCOUNTS # This associates NetWare logins with unix accounts. Password are # optional. # Syntax: 13 <User Login> <Unix Username> [<password>] 13 TERRY terry 13 MAR mar # LAZY SYSTEM ADMIN CONFIGURATION # If you have a large numbers of users and could not be bothered using # type 13 individual user mappings, you can automatically map mars_nwe # logins to linux user names. BUT, there is currently no means of making # use of the linux login password so all users configured this way are # will use the single password supplied here. My recommendation is not # to do this unless security is absolutely no concern to you. # Syntax: # 15 <flag> <common-password> # <flag> is: 0 - don't automatically map users. # 1 - do automatically map users not configured above. # 99 - automatically map every user in this way. 15 0 duzzenmatta # SANITY CHECKING # mars_nwe will automatically ensure that certain directories exist if # you set this flag. # Syntax: # 16 <flag> # <flag> is 0 for no, don't, or 1 for yes, do. 16 0 # PRINT QUEUES # This associates NetWare printers with unix printers. The queue # directories must be created manually before printing is attempted. # The queue directories are NOT lpd queues. # Syntax: # 21 <queue_name> <queue_directory> <unix_print_cmd> 21 EPSON SYS:/PRINT/EPSON lpr -h 21 LASER SYS:/PRINT/LASER lpr -Plaser # DEBUG FLAGS # Syntax: # <debug_item> <debug_flag> # # 100 = IPX KERNEL # 101 = NWSERV # 102 = NCPSERV # 103 = NWCONN # 104 = start NWCLIENT # 105 = NWBIND # 106 = NWROUTED # 0 = disable debug, 1 = enable debug 100 0 101 0 102 0 103 0 104 0 105 0 106 0 # RUN NWSERV IN BACKGROUND AND USE LOGFILE # Syntax: # 200 <flag> # 0 = run NWSERV in foreground and don't use logfile # 1 = run NWSERV in background and use logfile 200 1 # LOGFILE NAME # Syntax: # 201 <logfile> 201 /tmp/nw.log # APPEND LOG OR OVERWRITE # Syntax: # 202 <flag> # 0 = append to existing logfile # 1 = overwrite existing logfile 202 1 # SERVER DOWN TIME # This item sets the time after a SERVER DOWN is issued that the # server really goes down. # Syntax: # 210 <time> # in seconds. (defaults 10) 210 10 # ROUTING BROADCAST INTERVAL # The time is seconds between server broadcasts # Syntax: # 211 <time> # in seconds. (defaults 60) 211 60 # ROUTING LOGGING INTERVAL # Set how many broadcasts take place before logging of routing # information occurs. # Syntax: # 300 <number> 300 5 # ROUTING LOGFILE # Set the name of the routing logfile # Syntax: # 301 <filename> 301 /tmp/nw.routes # ROUTING APPEND/OVERWRITE # Set whether you want to append to an existing log file or # overwrite it. # Syntax: # 302 <flag> # <flag> is 0 for append, 1 for create/overwrite 302 1 # WATCHDOG TIMING # Set the timing for watchdog messages that ensure the network is # still alive. # Syntax: # 310 <value> # <value> = 0 - always send watchdogs # < 0 - (-ve) for disable watchdogs # > 0 - send watchdogs when network traffic # drops below 'n' ticks 310 7 # STATION FILE # Set the filename for the stations file which determine which # machines this fileserver will act as the primary fileserver for. # The syntax of this file is described in the 'examples' directory # of the source code. # Syntax: # 400 <filename> 400 /etc/nwserv.stations # GET NEAREST FILESERVER HANDLING # Set how SAP Get Nearest Fileserver Requests are handled. # Syntax: # 401 <flag> # <flag> is: 0 - disable 'Get Nearest Fileserver' requests. # 1 - The 'stations' file lists stations to be excluded. # 2 - The 'stations' file lists stations to be included. 401 2 Start the server If you've configured the server to expect external programs to configure your network and/or provide the routing function then you should start those before starting the server. Presuming you have configured the server so that itwill configure your interfaces for you and provide the routing services you need only issue the command: # nwserv Test the server To test the server you should first try to attach and login from a NetWare client on your network. You then set a CAPTURE from the client and attempt a print. If both of these are successful then the server is working. 9.2. The lwared package. Ales Dryak <A.Dryak@sh.cvut.cz> developed lwared to allow Linux to function as an NCP based fileserver. Ales has called the package lwared, an abbreviation for LinWare Daemon. 9.2.1. Capability of lwared. The lwared server is capable of providing a subset of the full function of the Novell NCP. It incorporates messaging but it does not provide any printing facilities at all. It does not currently work very well with either Windows95 or Windows NT clients. The lwared server relies on external programs to build and update the IPX routing and SAP tables. Misbehaving clients can cause the server to crash. Importantly, filename translation facilities have not been included. The server does work for NETX and VLM NetWare shells. 9.2.2. Obtaining lwared The lwared package can be built for any kernel newer than 1.2.0, I recommend you use version 1.2.13 as no kernel patches are required if you do. Some of the IPX functionality has changed with the version 1.3.* kernels and this means that patches are now required to make it work properly. Appropriate patches are included for the new kernels, so if you must use an alpha kernel you should still be able to get lwared to work properly for you. You can obtain the lwared package by anonymous ftp from: klokan.sh.cvut.cz <ftp://klokan.sh.cvut.cz/pub/linux/linware/> or from: sunsite.unc.edu <ftp://sunsite.unc.edu/pub/Linux/system/Network/daemons> or mirror sites. The current version at the time of writing was: lwared-0.95.tar.gz 9.2.3. Building lwared Untar the lwaredpackage Something like: # cd /usr/src # tar xvpfz lwared-0.95.tar.gz Build a kernel with Ethernet and IPX support If you are using an alpha 1.3.* kernel then you should try and use kernel version 1.3.17 or newer because the supplied patches were built against it. 1.3.* kernels older than 1.3.17 will require hand patching to install. (some information on how to do this is included in the INSTALL file in the package.). To install the patches against a 1.3.17 kernel or newer you should try: # make patch After applying the patches if necessary, the next thing you need to do is ensure that your kernel has been built with IPX support enabled. In the 1.2.13 version kernel you need only ensure that you have answered Y to the question: 'The IPX protocol' as illustrated: ... ... Assume subnets are local (CONFIG_INET_SNARL) [y] Disable NAGLE algorithm (normally enabled) (CONFIG_TCP_NAGLE_OFF) [n] The IPX protocol (CONFIG_IPX) [n] y * * SCSI support ... ... In newer kernels a similar process is adopted by the actual text of the prompt may have changed slightly. You will also need to ensure that you include an appropriate driver for your Ethernet card. If you do not know how to do this then you should read the Ethernet-HOWTO <http://sunsite.unc.edu/mdw/HOWTO/Ethernet-HOWTO.html>. You can then proceed to build your kernel. Make sure you remember to run lilo to install it when you have finished. Compile and install lwared. To compile lwared you should first check, edit if necessary, the server/config.h file. This file contains various settings that will govern the way your server will behave when it is running. The defaults are reasonable, though you might want to check that the directories specified for the log files and configuration files suit your system. # make depend # make # make install I found that the 'make depend' complained about not finding the float.h file on my system but appeared to work anyway. I also found that when I tried compiling with gcc 2.6.3 I found I had to change the line: #include <net/route.h> to #include <net/if_route.h> in lib/ipxkern.c as this file changed name sometime. The 'make install' will attempt to install the server and routing daemon programs into your /usr/sbin directory, the lwpasswd program into your /usr/bin directory, the IPX utility programs will be installed into your /sbin directory and last but not least the manual pages will go into the /usr/man directory structure. If any of these locations are not suitable for your system then you should edit the relevant Makefile and change the target directories to suit. 9.2.4. Configuring and using lwared Now the fun bit! Configuring the IPX network The first thing you must do is configure your Ethernet interfaces to support the IPX networks your server will support. To do this you will need to know the IPX network addresses for each of your LAN segments, which Ethernet device (eth0, eth1 etc.) is on which segment, what frame type (802.3, EtherII etc.) each LAN segment uses and what Internal Network address your server should use (this is really needed if your server will service more than one LAN segment). A configuration for a server that is on two dis-similar segments with IPX network addresses 23a91300 and 23a91301 and internal network address bdefaced might look like: # ipx_internal_net add BDEFACED 1 # ipx_interface add eth0 802.3 23a91300 # ipx_interface add eth1 etherii 23a91301 Start the routing daemons The kernel software itself actually does the IPX packet forwarding as it does for IP, but the kernel requires additional programs to manage the routing table updates. In the case of IPX two daemons are needed and both are supplied with lwared: ipxripd manages the IPX routing information and ipxsapd manages the SAP information. To start the daemons you need only specify the location of where they should write their log messages: # ipxripd /var/adm/ipxrip # ipxsapd /var/adm/ipxsap Configure the lwared server There are two files that you must manually configure to allow user login to your lwared server. They are: /etc/lwpasswd This is where LinWare user account information is kept. The lwpasswd program is to keep it up to date. In its simplest form the /etc/lwpasswd file looks like: ales: terryd: guest: Its format is a simple list of login id followed by a ':' char¡ acter and then the encrypted version of the login passwd. A cou¡ ple of important caveats here: No encrypted password means no password, LinWare users must have Linux accounts, that is any user you place in /etc/lwpasswd must also appear in /etc/passwd and root is the only account that can change the password of another LinWare user. If you are logged in as root you can change the password of a LinWare user as this transcript demon¡ strates: # lwpasswd rodg Changing password for RODG Enter new password: Re-type new password: Password changed. /etc/lwvtab This is the LinWare volume tables and it stores information about what directories should be made available to LinWare users (this file is similar in nature to the NFS /etc/exports file). A simple example of its format is as follows: SYS /lwfs/sys DATA /lwfs/data HOME /home The format is simple: Volume name followed by whitespace fol¡ lowed by Linux directory to export. You must have at least an entry for the SYS volume for the server to start. If you intend your DOS based users to be able use your LinWare server as their primary server then you must install a standard SYS volume directory structure underneath the directory you export as your SYS volume. Since these files are proprietary and copyright to the Novell corporation you should have a license for these. If you users will be using a Novell fileserver as their primary server then this will not be necessary. Start the lwared server. tada! # lwared It is almost an anticlimax isn't it ? Ok so you've got a question, right? What is the fileserver name that is being advertised ? If you started the server as shown then the LinWare server name being advertised will be based on what is returned by the Linux hostname. If you'd like it to be something else then you can give the server the name when you start it, for example: # lwared -nlinux00 would start the server with the name linux00. Test the lwared server. The very first thing to test is that your LinWare server appears in an slist from a DOS client on your network. The slist program is stored on the SYS volume of a Novell fileserver so you must do this from a machine that is already logged in somewhere. If this is not successful then check that ipxsapd and lwared are both running. If the slist is successful then you should try attaching to the server and mapping a volume: C:> attach linux00/ales ... ... C:> map l:=linux00/data: C:> l: You should then be able to treat the new map just like any other map. The file permissions you will have will be based on those allowed to the linux account that parallels your LinWare login. 10. Configuring PPP for IPX support. New versions of the pppd PPP daemon for Linux have support that allows you to carry IPX packets across a PPP serial link. You need at least version ppp-2.2.0d of the daemon. See the PPP-HOWTO <http://sunsite.unc.edu/mdw/HOWTO/PPP-HOWTO.html> for details on where to find it. When you compile pppd you must ensure you enable the IPX support by adding the following two lines: IPX_CHANGE = 1 USE_MS_DNS = 1 to: /usr/src/linux/pppd-2.2.0f/pppd/Makefile.linux. The IPX_CHANGE is what configures the IPX support into PPP. The USE_MS_DNS define allows Microsoft Windows95 machines to do Name Lookups. The real trick to getting it to work in knowing how to configure it. There are many ways of doing this, but I'm only going to describe the two that I've received any information on. I've tried neither yet, so consider this section experimental, and if you get something to work, please let me know. 10.1. Configuring an IPX/PPP server. The first thing you need to do is configure your Linux machine as an IP/PPP server. When you have this done there are a couple of simple modifications you need to make to get IPX working over the same configuration. 10.1.1. First steps. Unless all you want to do is connect to your linux machine supporting the ppp dialin, and even then perhaps, you must configure your linux machine as an IPX router as described earlier. You won't need to use the ipx_route command because pppd will configure these for you as it does for IP. When you have the ipxd daemon running it will automatically detect any new IPX interfaces and propogates routes for them. This is what you will need so that other machines will know about the client machines that connect. 10.1.2. Design. When you are running as a server it will normally be your responsibility to assign network address to each of the PPP links when they are established. This is an important point, each PPP link will be an IPX network and will have a unique IPX network address. This means that you must decide how you will allocate addresses and what what they will be. A simple convention is to allocate one IPX network address to each serial device that will support IPX/PPP. You could allocate IPX network addresses based on the login id of the connecting user, but I don't see any particularly good reason to do so. I will assume that this is what you have done, and that there are two serial devices (modems) that we will use. The addresses I've assigned in this contrived example are: device IPX Network Address ------ ------------------- ttyS0 0xabcdef00 ttyS1 0xabcdef01 10.1.3. Configure pppd. Configure your /etc/ppp/options.ttyS0 file as follows: ipx-network abcdef00 ipx-node 2:0 ipxcp-accept-remote and your /etc/ppp/options.ttyS1 file as: ipx-network abcdef01 ipx-node 3:0 ipxcp-accept-remote These will ask pppd to allocate the appropriate IPX network addresses to the link when the link is established, set the local node number to 2 or 3 and will let the remote node overwrite what the remote node number with what it thinks it is. Note that each of the addresses are hexadecimal numbers but that no 0x is required. There are other places this information could be configured. If you have only one dialin modem then an entry could go into the /etc/ppp/options file. Alternatively this information can be passed on the command line to pppd. 10.1.4. Test the server configuration. To test the configuration you will need to have a client configuration that is known to work. When the caller dials in, logs in and pppd starts it will assign the network address, advise the client of the servers node number and negotiate the clients node number. When this has completed, and after ipxd has detected the new interface the client should be able to establish IPX connections to remote hosts. 10.2. Configuring an IPX/PPP client. In a client configuration, whether or not you configure your Linux machine as an IPX router depends on whether you have a local LAN that you wish to act as an IPX router for. If you are a standalone machine connecting to an IPX/PPP dialin server then you won't need to run ipxd, but if you have a LAN and wish all of the machines on the LAN to make use of the IPX/PPP route then you must configure and run ipxd as described. This configuration is much simpler because you do not have multiple serial devices to configure. 10.2.1. Configuring pppd The simplest configuration is one that allows the server to supply all of the IPX network configuration information. This configuration would be compatible with the server configuration described above. Again you need to add options to your /etc/ppp/options file, they are: ipxcp-accept-network ipxcp-accept-remote ipxcp-accept-local These options tell pppd to act completely passively and accept all of the configuration details from the server. You could supply default values here for servers that don't supply details by adding ipx- network and ipx-node entries similar to the server configuration. 10.2.2. Testing the IPX/PPP client. To test the client you will need a known working server to dial into. After you have dialled in and pppd has run you should see the IPX details configured on your ppp0 device when you run the ifconfig command and you should be able to use ncpmount. I'm not sure whether you will have to manually add IPX routes so that you can reach distant fileserver or not. This seems likely. If anyone running this configuration could tell me I'd be grateful. 11. IPX tunnel over IP Many of you will be in a situation where you have two Novell Local Area Netorks with only an IP connection between them. How do you play multiplayer deathmatch DOOM for DOS via this arrangement you might ask ? Andreas Godzina <ag@agsc.han.de> has an answer for you in the form of ipxtunnel. ipxtunnel provides a bridge-like facility for IPX by allowing IPX packets to be encapsulated with tcp/ip datagrams so that they can be carried by a tcp/ip connection. It listens for IPX packets and when it hears one it wraps it within a tcp/ip datagram and routes it to a remote IP address that you specify. For this to work of course the machine that you route the encapsulated IPX must also be running a copy of the same version of ipxtunnel as you. 11.1. Obtaining ipxtunnel You can obtain ipxtunnel from sunsite.unc.edu <ftp://sunsite.unc.edu/pub/Linux/system/Network/daemons> or mirror sites. 11.2. Building ipxtunnel ipxtunnel built cleanly for me using the following commands: # cd /usr/src # tar xvfz .../ipxtunnel.tgz # cd ipxtunnel # make 11.3. Configuring ipxtunnel Configuration for ipxtunnel is easy. Lets say that your friends machine is gau.somewhere.com and your machine is called gim.sw.edu. ipxtunnel uses a configuration file called /etc/ipxtunnel.conf. This file allows you to specify the default UDP port to use for the tcp/ip connection, where to send the encapsulated data and which of your local interfaces ipxtunnel should listen on and deliver IPX packets to. A simple configuration file would look like the following: # # /etc/ipxtunnel.conf for gim.sw.edu # # The UDP port to use: (default 7666) port 7777 # # The remote machine to send IPX packets to: (no default) remote gau.somewhere.com # # The local interfaces to listen for IPX on: (default eth0) interface eth0 interface eth1 Obviously the other machine would have a similar configuration file specifying this machine as a remote host. 11.4. Testing and using ipxtunnel ipxtunnel acts like an IPX bridge, so the IPX networks at either end of the link should probably be the same. Andreas has never tested the ipxtunnel in an environment that actually supports Novell file servers so if you do try this in a real environment let Andreas know if it works or not. If the ipxtunnel is working you should be able to start your DOOM machines up at each end of the link running IPX mode and they should see each other. Andreas has only used this code over good high speed lines and he makes no claim as to its performance when your link is low speed. Again, let him know what works for you and what doesn't. 12. Commercial IPX support for Linux. Caldera Inc., produce a Linux distribution that features a range of commercially supported enhancements including fully functional Novell NetWare client support. The base distribution is the well respected Red Hat Linux Distribution and Caldera have added their "Network Desktop" products to this. The NetWare support provides a fully featured Novell NetWare client built on technology licensed from Novell Corporation. The client provides full client access to Novell 3.x and 4.x fileservers and includes features such as NetWare Directory Service (NDS) and RSA encryption. You can obtain much more information and ordering details from the: Caldera Inc Web Server <http://www.caldera.com/>. If you work within a Netware 4.x and/or NDS environment then the Caldera Netware Client is the only solution available. If you have a business critical application for Novell support for Linux then the Caldera product should be something you take a close look at. 13. Some Frequently Asked Questions Where can I find commercially supported IPX software for Linux ? The Caldera Corporation offers a fully licensed and fully supported Netware 3.x and 4.x client. You can obtain information about it from the Caldera Inc Web Server <http://www.caldera.com/>. Does the IPX software work with Arcnet/Token Ring/etc. ? The Linux IPX software does work with ArcNet and Token Ring interfaces. I haven't heard of anyone trying it with AX.25 yet. Configuration is the same as for configuring for ethernet except you will have to substitute appropriate device names in place of 'eth0' and appopriate hardware addresses where necessary. How do I configure more than one IPX interface ? If you have more than one interface in your machine you should use the ipx_interface command to manually configure each one, you should not use the `plug n play' configuration. Why do I get the message `invalid argument' when I configure IPX ? You are probably not running a kernel that supports IPX, either recompile your kernel so it does, or double check that you have actually used lilo to install and run the new kernel. Why do I get the message `package not installed' when I configure IPX ? You are probably not running a kernel that supports IPX, either recompile your kernel so it does, or double check that you have actually used lilo to install and run the new kernel. How do I NFS export a mounted NCP filesystem ? To use NFS to export an NCP filesystem you must mount it using the ncpmount -V option. This option allows you to mount only one volume of a fileserver instead of the usual mounting of all of them. When you do this your NFS daemon will allow you to export that filesystem in the usual way. Does ncpfs package work with mars_nwe ? Martin and Volker's code is slowly beginning to converge. Recent versions of mars_nwe have an option to enable it to work with ncpfs. You must enable the WITH_NAME_SPACE_CALLS in the mars_nwe config.h file. Is there any free DOS software to work with mars_nwe ? A contrived question deserves a contrived answer. I'm glad you asked, Martin has a package that he distributes alongside his mars_nwe package that offers free DOS client support for the mars_nwe server. You can find it at the same sites as the server, and it will be called mars_dosutils-0.01.tgz. It includes C source code for programs such as slist.exe, login.exe, map.exe etc. The source is compilable with Borland(tm) C. 14. Copyright Message. The IPX-HOWTO, a guide to software supporting the IPX protocol for Linux. Copyright (c) 1995 Terry Dawson. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the: Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 15. Miscellaneous and Acknowledgements. David E. Storey <dave@tamos.gmu.edu> and Volker Lendecke <lendecke@namu01.gwdg.de> both assisted greatly by supplying me with information for this document. Gilbert Callaghan <gilbert@pokey.inviso.com>, David Higgins <dave@infra.com> and Chad Robinson <chadr@brtgate.brttech.com> each contributed information on configuring IPX/PPP. "NetWare" is a registered trademark of the Novell Corporation <http://www.novell.com/>. "Caldera" is a registered trademark of the Caldera Corporation <http://www.caldera.com/>. regards Terry Dawson, vk2ktj. <terry@perf.no.itg.telecom.com.au>