The Linux ncpfs page   

This page will try to document all my contributions to the ncpfs package, a general purpose Netware client for Linux.
You will find here documentation about my code that has been included since February 2001 (ncpfs-2.2.0.19) up to the current release ncpfs-2.2.2 dated February 2003 and some other contributions that need to be polished before inclusion in the official release.
Because I am leaving this project, I decided to expose as much documentation and working code as possible, to help the community to continue improving this excellent package.
I am leaving the project just because it has been too successful here By Fall 2003, we will have completed the migration from NetWare/Windows to Linux and we will shutdown (sob sob) our last Netware server; so I shall not have any "testing ground" to continue contributing. I wish the best to all future contributors and will be always pleased to help them in their work. BkBits ncpfs's site
In 2000, I initiated a project to migrate our student's computer rooms from Windows to Linux and to investigate the replacement of our five Netware servers by Linux servers. This project is now completed and our seven computer rooms (250 machines) will be under Linux in the fall 2003.

To make this migration as smooth as possible, we first needed to have a dual environnement with Windows workstations still authenticating to our Netware NDS and gradually adding Linux workstations. Users must have the same login/password in Windows and Linux and should be able to see their Netware home directories and other common resources from the Linux workstations.

Furthermore, Intranet Web authentication was to be maintained while our Web servers were migrated from NT servers running NDS for NT and Netware 4 servers to LAMP machines (LAMP=Linux Apache MySQL PHP).

So we badly needed a Netware client for Linux and some additional modules to authenticate Web users againt our NDS.

Why ncpfs ?

At the beginning of this project, when asking around about a Linux client for Netware, the general answer was : Caldera Open Linux 2.3. So we started with that distribution in september 2000.

  • Despite its built-in NDS aware client , we decided not to use it anymore and moved to the ncpfs package due to the following reasons:
    1. The mounting of a Netware file system is capricious. Sometimes it works, sometimes not. ;-) Caldera agreed on it but did not provided any solution.
    2. Only root can mount a user's Home Directory using nwmount. So what's the point !
    3. More serious, if root mounts a Netware volume, the full path /Netware/NDS/treeName/ Volume_object/path_to_Home is seen and accessible with the Netware's rights used by root to mount, by anyone connected to the Linux box, either on another TTY, or by a remote access (Telnet, Ftp) !!!
    4. We have signaled this feature to Caldera back in November 2000 , but so far, nothing has been done. 
    5. The PAM module included in the Caldera distribution (with no source code) never worked here , had not automatic creation of local accounts and the utility to synchronize local database with NDS was missing.
    6. Finally the source code for the Caldera Netware client was not available, so it could not be tuned to our needs.

      So in September 2001 we shifted to RedHat 7.1 and started to investigate the ncpfs package. Since that we have moved to RedHat 7.2, 7.3, 8.0, 9 and now Fedora with no trouble.

  • At that time ncpfs was still a set of command lines utilities that required some cryptic Unix commands to be typed in a shell to get access to Netware resources. such as : 
                       ncpmount -S myServer -V myVolume:MYDIR -U me -P myPass ~/nwhome
    Quite terrifying for young students, used to graphical interfaces...

  • The central utility, ncpmount was still server oriented and did not supported NDS trees or contexts as arguments.

  • Ideally, a Netware aware PAM authentification module was needed, so we could have the same login/password under Windows and Linux. ncpfs had one (pam_ncp_auth v 1.6) but for its best features to be available (unique Unix ID on all workstations, automatic local account creation, mounting of Netware home...), a Netware 5.1 server with NDS8 (or eDirectory or NDS Corporate Edition as it was called at that time) was required. In that case, the module was retrieving official NDS8 Unix attributes and used them to create the local account. But we were still under Netware 4.1, and we had no desire to upgrade.

  • Our students were used to our Windows graphical applications to manage their Netware accounts (disk quota, changing passwords...) ; so we needed to port some of them to Linux.

  • Last but not the least, our staff were used to manage Netware accounts (bulk creation, bulk copies or modification in every user's home...) with Perl scripts calling Dos based Netware utilities ( uimport, the famous JRB suite or the Dave Collins's N4* suite...). So we needed to have some of them available under Linux to be able to administrate Netware accounts from a Linux workstation.
    Contributions to ncpfs:

    My contributions to ncpfs can be classified as follows:

    1. NDS aware command lines utilities:
      My first goal was to add to ncpfs API some "high level" client oriented calls, to simplify the writing of the missing command lines utilities.

      1. The client oriented library lib/nwclient.c
      2. The tree/contexts oriented mounting utilities ncplogin ncpmap ncplogout
      3. NDS properties reading command lines utilities ncpwhoami ncpreadprop ncpreadprops ncplist
      4. NDS password changing utility
      5. Various command lines utilities , mostly needed by the graphical client

    2. Graphical clients in TCL/Tk
      Now that I had some command lines utilities with tree and contexts arguments handy, I tried to "hide them" from students by writing some GUI. Beginners in Unix environment are often scared by the profusion of command line options of terminal based utilities. We think that Linux usage widespread would benefit of avoiding as much as possible the use of cryptic commands typed in terminal windows. So we embarked in writing TCL/Tk graphical front ends to the primary command line utilities, where most of the required parameters are filled with default values or extracted from graphical widgets. A that time (2001), there was almost nothing else to quickly create GUI under Linux and I was strongly inspired by the Now-Well graphical login for bindery based servers by Erwin Preuner . I did stole from his work a lot of bitmaps, and chunks of TCL/tk code...
      These applications are under contrib/tcl and in the current distribution of ncpfs and are not installed by default:

      1. Graphical login ndslogin.tcl
      2. Graphical logout ndslogout.tcl
      3. Graphical whoami ndswhoami.tcl
      4. Graphical password changing ndspasswd.tcl
      5. Graphical ressources mounting ndsmount.tcl
      6. Another graphical ressources mounting ncpmount.tcl
      7. Graphical disk space monitor ndsspace.tcl
      8. KDE Automatic mounting/opening of Netware home ndshome.tcl
      9. Common features of these GUI ndsutils.tcl

      Note that a new project by Ken Conrad is using Kylix to create the GUI and has more features such as automatic setup, IP support...and a much nicer look.

    3. PAM NDS authentification module :
      This is the part of ncpfs to which I gave the greatest attention. With this module all ncpfs validated authentication are centrally treated by adding few lines to files in /etc/pam.d directory. Login can be granted for almost any service ( KDE, Gnome, TTY, ssh, ftp, telnet,samba, X server...). Furthermore, with the nice feature of 'permanent ncp connections', once logged in by ncpfs, user can access other Netware ressources belonging to the same tree whithout providing again a password, using ncpmap, exactly as it is done with Novell clients for Windows.
      What I also wanted is that module retrieves as much information as possible for NDS to help automatic customization of user's configuration files at first login. We believe that the success of Linux as a student desktop requires some efforts to hide the internals of configuration files. The beginner user should find immediatly operational software, with his personal data stuffed in the rc files of Kmail, OpenOffice, Netscape... Fiddling with vi will come later ;-)

      1. The current Pam module
      2. The NWAdmin snapin for ncpfs revision 1.10a march 19 2003.
      3. Some examples of zenscripts

    4. Kylix libraries for ncpfs:
      Being a Borland software afficionado since the old Turbo Pascal (20 years already !), I was pleased to discover that Kylix 3, aka Delphi 6 for Linux, was making possible to port to Linux most of the Netware oriented applications I wrote for my students in the past 10 years. The only 'missing part' was some importation units of ncpfs C oriented API to Borland Object Pascal. Luckily, the usage of external functions in shared libraries is well supported and well documented with Delphi/Kylix... so it was an easy task.
      I know that it could have been even easier if I was using the C++ version of Kylix3, also freely available , but... I do not know C++ at all and I am getting too old to learn it. Somebody please stand up ;-).

      1. Documentation about the Kylix libraries and sample code
      2. Kylix libraries are here
      3. sample codes
        1. Demo of NDS reading attributes Getprops for Kylix
        2. Password changing utility
        3. Demo context scanning utility
        4. NDSExporter for Kylix 3 (conversion to GPL distributable code in progress)

    5. Web authentification modules
      To suit our needs to authenticate Web users against NDS we investigated three directions:

      1. a revised mod_auth_nds module for Apache
      2. a revised php_auth_nds module for PHP
      3. Making Java servlets NDS aware with the Java2ncp wrapper class

    6. Administrative tools:
      Finally, with our nearly 2000 Netware accounts being allowed to login to Linux, we needed some utilities for 'bulk processing':

      1. Script to synchronize local database (passwd, shadow) with NDS accounts nds2pwd.pl
      2. Script to run a script on every user's Netware or Linux home directory ndsdoformmb.pl
      3. Script to run a command on every user's Netware or Linux home directory ndscmdformmb.pl
      4. Script to export any list of NDS properties to a text file ndsexporter.pl
      5. Script to backup a Linux box to a Netware volume backup2nw

    7. System tools:
      My first trial to plunge into the internals of Linux, but not finished...

      1. nss switch library for ncpfs beta version

    8. Some FAQ will be here real soon ;-)
      Contributions, corrections and ideas are welcome.

      1. ncpfs glossary
      2. Sample configurations
      3. FAQ
      4. Tips and Tricks

    Final word:

  • I would like here to sincerly thanks the ncpfs code maintainer Petr Vandrovec , for his unbeliveable patience and forgiveness. When I started, I had nearly no experience in C programming under Linux, and he was always kindly answering to my lengthy and naive mails. I also would like to acknowledge the time he spent reformatting my code with proper tabulations ;-). I wish him the very best and hope that ncpfs will still improve and become the Netware client for Linux.
  • I shall not forget all contributions from all around the world and would like to mention: 
    Jean-Francois.Burdet@adm.unige.ch	PAM module in IP mode and contextless login
Oswald Buddenhagen <ossi@kde.org>.	KDE 2 login bug with Pam module
"Steve Flynn" <sflynn@tpg.com.au>	many suggestions,testings and  valuable zenscripts
"Paul Berger" <bergerp@breedtech.com>
"Uwe Pilz" <U.Pilz@hs-zigr.de>
<erik.starback@telge.kth.se>
Dave Bailey <davebailey@usa.net>
yribemont@free.fr
servinfo <DelislMa@CollegeSherbrooke.qc.ca>
Alessandro Furlanetto <alessandro.furlanetto@digiwaregroup.it>
alain.hutie@edf.fr			PAM module in IP mode
    These applications are distributed under the GPL license, but I shall still appreciate my own cardware licence agreement


    • If you enjoy using these applications, just send me a postcard from your country
    at the following snail address 
    Dr Patrick L.Pollet
    Institut National des Sciences Appliquées
    B 107 20 avenue A.Einstein
    69625 Villeurbanne Cedex France 

    My kids will appreciate it ;-)

    Vous êtes notre Counter (Security) eme visiteur .