Assigning Netware rights via the command line

Here at the office we have a group in charge of assigning and maintain user and group rights and permissions to our various systems.  It’s nice not having to worry about that aspect of server administration. 

But I have an urgent need to have some eDirectoy group rights assigned to a specific directory on every Netware server in our Enterprise.  The group that controls user access is saying that they can’t meet my timeframe for getting these rights assigned, so I had to come up with my own solution.

My solution was to use Wolfgang Schreiber’s  lrights.exe utility to script assigning the rights command line style.  The syntax is:

LRights <path> <rights> /name=<trustee>

For example, to assign read and file scan rights to the .mygroup.OU.O user:

lrights \\server\volume\directory R F /Name=.mygroup.OU.O

This utility was written to support long path/file names, unlike Novell’s rights.exe utility.

Enabling Backup Exec remote agent debug logging on Novell Netware

We’ve been experiencing issues with some of our Backup Exec 9 remote agents losing their connections to media server during backup.  The Backup Exec server job logs report the following generic error:

Final error: 0xa000fe30 – A communications failure has occurred.

To help troubleshoot this problem, I decided to enable debugging on the Backup Exec remote agent. To do this, on the Netware server that is running the Backup Exec remote agent:

1.  Make a backup copy of the sys:\system\bestart.ncf file

 2.  Edit the sys:\system\bestart.ncf file
3.  The default bestart.ncf should look something like:
4.  Add -zl to line that loads BKUPEXEC.NLM, so it looks like
5. At the server console, stop the Backup Exec remote agent by typing
6.  At the server console, start the Backup Exec remote agent by typing
Remote agent log files will be written to SYS:\BKUPEXEC\LOG\NDMPD.LOG
Make sure to disable remote debugging once you are through troubleshooting, or you may fill up your SYS volume.  To do this:
1.  Restore the copy of your original bestart.ncf file to sys:\system.
2.  On the server console, type bestop.ncf to unload the remote agent.
3.  On the server console, type bestart.ncf to load the remote agent with the original settings.

Howto: Authenticate to eDirectory via the Novell Client, command line style

I have a backup script that runs on a Windows 2003 server that requires Novell client authentication.  Here’s how to authenticate to eDirectory via the command line, which means it’s scriptable!  The syntax is:

c:\windows\system32\LOGINW32.EXE  .user.ou.o /PWD password /CONT

Alternatively, you could map a drive to an eDirectory server (Netware, SLES Linux or Windows), which would force background authentication.  Here’s that syntax:

net use x: \\server\vol /user:.user.ou.o password

Novell has released patches for DNS cache poisoning vulnerability

Novell has released patches for novell-bind on OES2 and named.nlm on Netware that address the deficiencies in the DNS protocol and common DNS implementations that facilitate DNS cache poisoning attacks described in CVE-2008-1447.   

Patches for bind running on SuSE Enterprise Linux Server (SLES) 9 and 10, plus openSUSE 10.2, 10.3, and 11.0 were released previously.   

See TID 7000912 for details. Security patches are available from the Novell download site.

These patches should be applied as soon as possible.  Metasploit exploits of this vulnerability are already available.

Ninotech Path Copy – a free Shell extension to copy the path of a file or directory to the Clipboard

Ninotech Path Copy is one of those free utilities I’ve just discovered recently, although it has been around for years. I found it on Novell’s Cool Tools web site, and it isn’t just for use in a Novell Netware environment. You can quickly install it into your Windows 95-Windows XP context menu, where it can copy file or folder paths to the Windows clipboard from any network resource.

You copy the path of a file or directory by right-clicking it in the Windows Explorer and choosing Copy Path from the context menu. The context menu then offers nine standard ways of copying the path, in addition to the user defined copying methods that you create yourself:

– Short Name: File/folder name converted to 8.3 characters
– Long Name: File/folder name
– Short Folder: Parent folder name converted to 8.3 characters
– Long Folder: Parent folder name
– Short Path: Full path name converted to 8.3 characters
– Long Path: Full path name
– Short UNC Path: Full UNC path name converted to 8.3 characters (only enabled in network environment)
– Long UNC Path: Full UNC path name (only enabled in network environment)
– Internet Path: Full UNC path name converted to Internet path (only enabled in network environment)
– Setup… Create your own copy methods for copying the path names.

Why would this be beneficial? As a network administrator, I often find myself browsing for resources in Network Neighborhood. All too often I need to copy the paths to files and folders housed on various network resources, and I need to convert the path to a different format.

Take a Novell Netware for example. When creating a desktop shortcut to a server based ConsoleOne installation, I may need to copy and paste the path to the ConsoleOne executable file found at z:\public\mgmt\consoleone\1.2\bin\consoleone.exe. Since Z:\ may be mapped differently based upon which account I’m logged into the network as, I should specify the UNC path to the .exe.

Rather than manually replacing z:\ with \\servername\volumename\, I can use Ninotech Path Copy to copy the entire UNC path to consoleone.exe, i.e.


This saves me keystrokes, and makes my job easier, especially since I am not the most accurate typist.

Howto: Copy files from the Netware 6.5 Server Console

I had a badly behaving Netware 6.5 SP7 server that absolutely would not allow clients to authenticate or connect. It ended up being a problem with a NIC driver gone wild, but I had to do some troubleshooting to determine that fact.

During the troubleshooting process I wanted to backup several directories before I altered their contents. I figured I’d just copy those folders to a safe location, but couldn’t remember how to do it from the server console. I had used the copy command from toolbox.nlm in the past, but of course toolbox wasn’t loaded on this server. I don’t use the BASH shell often enough to use it coherently, so I decided to look for an alternative shell.

I did a quick search and came across the Novell Script for Netware shell. To start the shell, from the server console type:


and then


which should bring you to a screen with a prompt that looks like


From that point I was able to use the copy command just like I would from a DOS command prompt, i.e.

copy sys:\system\dsr_dib sys:\system\dsr_dib2

To exit from the shell, just type exit

Howto: mount an .iso image on a Netware server

I’m installing Zenworks 7SP1R2 today, and the customer did not provide the installation media.  I’m downloading the .iso’s from Novell as we speak, but don’t have access to any blank CDs to burn the image files.  I decided copying the .iso files to the server and acessing them directly would be the best solution.

TID 10095903 [via koolbeans] says starting with Netware 6.5 SP2, you can mount an .iso using nss:

nss /MountImageVolume=path_imagefilename

The above command will add and mount the specified CD or DVD image file as a read-only NSS volume.

nss /RemoveImageVolume=path_imagefilename

The above command will dismount and remove the specified CD or DVD image file as a read-only NSS volume.

The image file must reside on an NSS volume.

To mount an .iso on a Netware 6 server, see Alex’s cool solution tip:

1)  Copy your .ISO image to a directory on your volume.

2)  Load cdinst.nlm

3)  Type “cd image <volumes:Path to iso file\iso filename>”

4)  As the last step, type “cd mount <volume name>

(When you don’t know the volume name of your image you can type “cd device list”   and check the volume name on the logger screen)