<DRB1239>
23
NetWare (NCP)
Access Control
Security Management within NetWare depends upon
the selected mode:
÷
Bindery mode without user authentication
÷
Bindery mode with user authentication
÷
NDS mode
The DRM-6NX acts as a typical NetWare file server,
which means use standard procedures such as Filer
and NWAdmin for handling security
NOTE:
7
You cannot set up access restrictions for the NetWare environment
via the DRM-6NX web interface.
NetWare Bindery Without Authentication
If user authentication is not required, you do not have to
specify an authentication server. The Supervisor can
log in using the Server password. Other users can log in
without password and will be considered to belong to
the EVERYONE group.
NetWare server licenses are not required since the
DRM-6NX does not log on to the file server.
Use the standard NetWare administration tool,
(e.g. Filer) to limit DRM-6NX system file access to
the Supervisor. Unauthorized users will have
guest
access to the volumes. This is normally sufficient
security for a DRM-6NX.
NetWare Bindery With Authentication
If user access control is required, you must specify an
authentication server in the
Authentication Server
parameter. The DRM-6NX will need to log on to the
authentication server in order to authenticate the user
and read which groups the user belongs to. In this case,
the authentication server must have a standby license
for the DRM-6NX, but several DRM-6NXs can share this
license. If a license is not available, the user will still be
authenticated but group information cannot be read.
Authorized users will have configurable rights to the
volumes of the DRM-6NX.
The authentication procedure reduces the Administrator
overhead as there is no need for maintaining a separate
user database for the DRM-6NX. If the user is defined
in the file server that the DRM-6NX uses for
authentication, the user will automatically have access
to the DRM-6NX.
Authentication to a NetWare 3.x Server
For access to a DRM-6NX connected to a NetWare 3.x
server, authentication is checked against the user list in
the bindery of the NetWare server:
÷
If a user is on the list, the password will be verified
If the password is correct, the user will be granted
access
÷
If the password is incorrect, log in will fail
If a user is not on the list, access to the DRM-6NX is
refused. However, a user may log in as a
guest
and obtain access to volumes that are not protected
Default Access Rights
The default access rights in NetWare bindery mode are
set up by the following trustee assignments:
÷
The root of the SYS volume has [EVERYONE] as
trustee with File Scan, Read, Write, Create, Modify
and Erase rights
÷
The system and wwwroot folders have all rights
except Supervisor filtered. Thus all system files are
effectively protected from unauthorized users
NOTE:
7
Use Filer to change the default access rights
Setting Security Rigths in NetWare Bindery
The security rights can be set using standard procedures,
e.g. Filer.
If you want to make all of the volumes in the DRM-6NX
available to some users only, limit access to all the
volumes:
1. Login as Supervisor on the DRM-6NX. In order for
Filer to access the DRM-6NX, the client must have an
active connection.
2. Login as Supervisor on your NetWare Bindery file
server and start Filer.
3. Change the current directory to
PIONEER<nnnnnn>_NW/SYS:.
4. Remove the [EVERYONE] trustee from the root.
5. Add a new trustee assignment to the root.
If you want to restrict access to one or more volumes
but grant all users access to most volumes, limit access
to individual resources:
1. Login as Supervisor on the DRM-6NX. In order for
Filer to access the DRM-6NX, the client must have an
active connection.
2. Login as Supervisor on your NetWare Bindery file
server and start Filer.
3. Change the current directory to
PIONEER<nnnnnn>_NW/SYS:.
4. On the resource you want to protect, set an inherited
rights filer and filer ALL rights.