Linux IPX-HOWTO

Linux IPX-HOWTO
Kevin Thorpe, [email protected]
v2.3, 06 May 1998

This document aims to describe how to obtain, install and configure
various tools available for the the Linux operating system that use
the Linux kernel IPX protocol support.
______________________________________________________________________

Table of Contents

1. Introduction.

1.1 Changes from the previous release.
1.2 Introduction.

2. Disclaimer.

3. Related Documentation.

3.1 New versions of this document.
3.2 Feedback.
3.3 Mailing list support.

4. Some of the terms used in this document.

5. A brief discussion of IPX network topology

6. The IPX related files in the

7. Greg Pages IPX tools.

7.1 The IPX tools in more detail.

8. Configuring your Linux machine as an IPX router.

8.1 Do I need to configure an internal network ?

9. Configuring your Linux machine as an NCP client.

9.1 Obtaining
9.2 Building
9.3 Building
9.4 Configuring and using

10. Configuring your Linux machine as an NCP server.

10.1 The
10.1.1 Capability of
10.1.2 Obtaining
10.1.3 Building the
10.2 The
10.2.1 Capability of
10.2.2 Obtaining
10.2.3 Building
10.2.4 Configuring and using

11. Configuring your Linux machine as a Novell Print Client.

12. Configuring your Linux machine as a Novell Print Server.

12.1 Prerequisites
12.2 Configuration

13. An overview of the

13.1 User commands.
13.2 Administration tools.

14. Configuring PPP for IPX support.

14.1 Configuring an IPX/PPP server.
14.1.1 First steps.
14.1.2 Design.
14.1.3 Configure
14.1.4 Test the server configuration.
14.2 Configuring an IPX/PPP client.
14.2.1 Configuring
14.2.2 Testing the IPX/PPP client.

15. IPX tunnel over IP

15.1 Obtaining
15.2 Building
15.3 Configuring
15.4 Testing and using

16. Commercial IPX support for Linux.

16.1 Caldera'a Network Desktop

17. Some Frequently Asked Questions

18. Copyright Message.

19. Miscellaneous and Acknowledgements.

______________________________________________________________________

11.. IInnttrroodduuccttiioonn..

This is the Linux IPX-HOWTO. You should read the Linux NET-3-HOWTO in
conjunction with this document.

11..11.. CChhaannggeess ffrroomm tthhee pprreevviioouuss rreelleeaassee..

Change of author:
Many thanks to Terry Dawson for passing on this document and
congratulations on becoming a father :-).

Additions:
Addition of a brief explanation of IPX. This is in response to
many baffled queries on the discussion lists.

Corrections/Updates:
New version of ncpfs which now supports NDS logins. This is early
beta test and may be prohibited in your country due to the use of
patented technology.

Addition of support for trustee rights in mars_nwe. This is still
in beta test.

11..22.. IInnttrroodduuccttiioonn..

The Linux Kernel has a completely new network implementation as
compared to other Unix like operating systems. The ability to take a
fresh approach to developing the kernel networking software has led to
the Linux kernel having support for a range of non tcp/ip protocols
being built. The IPX protocol is one of those that have been included.

The Linux kernel supports the IPX protocol only. It does not yet
support protocols such as IPX/RIP, SAP or NCP, these are supported by
other software such as that documented elsewhere in this document.

The IPX support was originally developed by Alan Cox
<[email protected]> and has been significantly enhanced by Greg
Page <[email protected]>.

22.. DDiissccllaaiimmeerr..

I do not and cannot know everything there is to know about the Linux
network software. Please accept and be warned that this document
probably does contain errors. Please read any README files that are
included with any of the various pieces of software described in this
document for more detailed and accurate information. I will attempt to
keep this document as error-free and up-to-date as possible. Versions
of software are current as at time of writing.

In no way do I or the authors of the software in this document offer
protection against your own actions. If you configure this software,
even as described in this document and it causes problems on your
network then you alone must carry the responsibility. I include this
warning because IPX network design and configuration is not always a
simple matter and sometimes undesirable interaction with other routers
and fileservers can result if you do not design or configure your
network carefully. I also include this warning because I was asked to
by someone unfortunate enough to have discovered this lesson the hard
way.

33.. RReellaatteedd DDooccuummeennttaattiioonn..

This document presumes you understand how to build a Linux kernel with
the appropriate networking options selected and that you understand
how to use the basic network tools such as _i_f_c_o_n_f_i_g and _r_o_u_t_e. If you
do not, then you should read the NET-3-HOWTO <NET-3-HOWTO.html> in
conjunction with this document as it describes these.

Other Linux HOWTO documents that might be useful are:

The Ethernet-HOWTO <Ethernet-HOWTO.html>, which describes the details
of configuring an Ethernet device for Linux.

The PPP-HOWTO <PPP-HOWTO.html> as IPX support is available for version
2.2.0d and later of the Linux PPP implementation.

33..11.. NNeeww vveerrssiioonnss ooff tthhiiss ddooccuummeenntt..

If your copy of this document is more than two months old then I
strongly recommend you obtain a newer version. The networking support
for Linux is changing very rapidly with new enhancements and features,
so this document also changes fairly frequently. The latest released
version of this document can always be retrieved by anonymous ftp
from:

ftp:/sunsite.unc.edu/pub/Linux/docs/HOWTO/IPX-HOWTO>/ or:
ftp:/sunsite.unc.edu/pub/Linux/docs/HOWTO/other-formats/IPX-
HOWTO{-html.tar,ps,dvi}.gz>/ via the World Wide Web from the Linux
Documentation Project Web Server
<http://sunsite.unc.edu/LDP/linux.html>, at page: IPX-HOWTO
<http://sunsite.unc.edu/LDP/HOWTO/IPX-HOWTO.html> or directly from me,
<[email protected]>. It may also be posted to the newsgroups:
comp.os.linux.networking, comp.os.linux.answers and news.answers from
time to time.

33..22.. FFeeeeddbbaacckk..

Please send any comments, updates, or suggestions to me,
<[email protected]>. The sooner I get feedback, the sooner I can
update and correct this document. If you find any problems with it,
please mail me directly as I can miss info posted to the newsgroups.

33..33.. MMaaiilliinngg lliisstt ssuuppppoorrtt..

There is a mailing list established for discussion of the various
Linux IPX software packages described in this document. You can
subscribe to it by sending a mail message to `[email protected]'
with `add linware' in the body of the message. To post to the list
your send your mail to `[email protected]'. I regularly watch this
list.

The mailing list is archived at www.kin.vslib.cz
<http://www.kin.vslib.cz/hypermail/linware/>.

44.. SSoommee ooff tthhee tteerrmmss uusseedd iinn tthhiiss ddooccuummeenntt..

You will often see the terms client and server used in this document.
They are normally fairly specific terms but in this document I have
generalized their definitions a little so that they mean the
following:

cclliieenntt
The machine or program that initiates an action or a connection
for the purpose of gaining use of some service or data.

sseerrvveerr
The machine or program that accepts incoming connections from
multiple remote machines and provides a service or data to
those.

These definitions are not very reliable either, but they provide a
means of distinguishing the ends of peer to peer systems such as _S_L_I_P
or _P_P_P which truly do not actually have clients and servers.

Other terms you will see are:

BBiinnddeerryy
The _b_i_n_d_e_r_y is a specialised database storing network
configuration information on a Novell fileserver. Netware
clients may query the _b_i_n_d_e_r_y to obtain information on available
services, routing and user information.

FFrraammee TTyyppee
is a term used to describe that actual protocol used to carry
the IPX (and IP) datagrams across your ethernet style network
segments. There are four common ones. They are:

EEtthheerrnneett__IIII
This is a refined version of the original DIX ethernet
standard. Novell has been allocated a formal protocol id and
this means that both IPX and IP can coexist happily in an
Ethernet_II environment quite happily. This is commonly used
in Novell environments and is a good choice.

880022..33
This is an I.E.E.E. protocol defining a Carrier Sense
Multiple Access with Collision Detection (CSMA/CD) mechanism.
It was based on the original DIX Ethernet standard, with an
important modification, the type (protocol id) field was
converted into a length field instead. It is for this reason
that IPX really shouldn't be run here. IEEE 802.3 was
designed to carry IEEE 802.2 frames oonnllyy but there are
implementations that use it to carry IPX frames directly and
remarkably it does work. Avoid it unless you are trying to
interwork with a network already configured to use it.

880022..22
This is an I.E.E.E. protocol that defines a set of Logical
Link Control procedures. It provides a simplistic way of
allowing different protocols to coexist, but is quite limited
in this respect. Novell uses an unofficial Service Address
Point (like a protocol id) but since everyone else uses it as
well, that hasn't yet presented too much of a problem.

SSNNAAPP
SNAP is the Sub Network Access Protocol. This protocol is
designed ride on top of 802.3 and 802.2. It expands the
multiprotocol capability of 802.2 and provides some measure
of compatability with existing Ethernet and Ethernet_II frame
types.

IIPPXX
Internet Packet eXchange is a protocol used by the Novell
corporation to provide internetworking support for their
NetWare(tm) product. IPX is similar in functionality to the IP
protocol used by the tcp/ip community.

IIPPXX nneettwwoorrkk aaddddrreessss
This is a number which uniquely identifies a particular IPX
network. The usual notation for this address is in hexadecimal.
An example might look like: 0x23a91002.

IIPPXX IInntteerrnnaall nneettwwoorrkk
This is a virtual IPX network. It is virtual because it does not
correspond to a physical network. This is used to provide a
means of uniquely identifying and addressing a particular IPX
host. This is generally only useful to IPX hosts that exist on
more than one physical IPX network such as fileservers. The
address is coded in the same form as for a physical IPX network.

RRIIPP
Routing Information Protocol is a protocol used to automatically
propagate network routes in an IPX network. It is functionally
similar to the RIP used within the tcp/ip community.

NNCCPP
NetWare Core Protocol is a networked filesystem protocol
designed by the Novell Corporation for their NetWare(tm)
product. NCP is functionally similar to the NFS used in the
tcp/ip community.

SSAAPP
Service Advertisement Protocol is a protocol designed by the
Novell Corporation that is used to advertise network services in
a NetWare(tm) environment.

HHaarrddwwaarree aaddddrreessss
This is a number that uniquely identifies a host in a physical
network at the media access layer. Examples of this are _E_t_h_e_r_n_e_t
_A_d_d_r_e_s_s_e_s. An Ethernet address is generally coded as six
hexadecimal values separated by colon characters eg.
00:60:8C:C3:3C:0F

rroouuttee
The _r_o_u_t_e is the path that your packets take through the network
to reach their destination.

55.. AA bbrriieeff ddiissccuussssiioonn ooff IIPPXX nneettwwoorrkk ttooppoollooggyy

This is a much simplified explanation for people new to IPX. Large
networks will probably break lots of the rules explained here. In
complex IPX networks the administrator should always be consulted.

IPX networking revolves around a scheme of numbered _n_e_t_w_o_r_k_s unlike IP
which places more emphasis on the _i_n_t_e_r_f_a_c_e addresses. A network is a
collection of equipment connected to the same LAN segment and _u_s_i_n_g
_t_h_e _s_a_m_e _f_r_a_m_e _t_y_p_e. Different frame types on the same LAN segment are
treated as seperate networks.

Each network must be allocated a number which is unique across the
entire internetwork. This is usually performed by a NetWare(tm)
server, but can easily be performed by Linux. IPX clients are given
this number by the server when starting, they only require to know the
correct frame type.

Routing between networks is usually performed by putting two network
cards in a server. This server then runs the RIP protocol which holds
a routing table for the internetwork. Periodic broadcasts of this
routing table are exchanged between servers. Within a short time each
server 'discovers' the topology of the internetwork.

If you only wish to use the services of an existing NetWare server,
you can use ipx_configure (section 7.1) to automatically define the
IPX interfaces by using broadcast queries to look for a server. If
this fails, or you wish to provide IPX services, you will need to
define the interfaces manually using ipx_interface or mars_nwe.

66.. TThhee IIPPXX rreellaatteedd ffiilleess iinn tthhee //pprroocc ffiilleessyysstteemm..

There are a number of files related to the Linux IPX support that are
located within the /proc filesystem. They are:

//pprroocc//nneett//iippxx__iinntteerrffaaccee
This file contains information about the IPX interfaces
configured on your machine. These may have been configured
manually by command or automatically detected and configured.

//pprroocc//nneett//iippxx__rroouuttee
This file contains a list of the routes that exist in the IPX
routing table. These routes may have been added manually by
command or automatically by an IPX routing daemon.

//pprroocc//nneett//iippxx
This file is a list of the IPX sockets that are currently open
for use on the machine.

77.. GGrreegg PPaaggeess IIPPXX ttoooollss..

Greg Page <[email protected] of Caldera Incorporated has written a
suite of IPX configuration tools and enhanced the Linux IPX kernel
support.

The kernel enhancements allow linux to be configured as a fully
featured IPX bridge or router. The enhanced IPX support has already
been fed back into the mainstream kernel distribution so you will
probably already have it.

The network configuration tools provide you with the capability to
configure your network devices to support IPX and allow you to
configure IPX routing and other facilities under Linux. The Linux IPX
network tools are available from: sunsite.unc.edu
<ftp://sunsite.unc.edu/pub/Linux/system/filesystems/ncpfs/ipx.tgz>.

77..11.. TThhee IIPPXX ttoooollss iinn mmoorree ddeettaaiill..

iippxx__iinntteerrffaaccee
This command is used to manually add, delete or check ipx
capability to an existing network device. Normally the network
device would be an Ethernet device such at eth0. At least one
IPX interface must be designated the _p_r_i_m_a_r_y interface and the
_-_p flag to this command does this. For example to enable
Ethernet device eth0 for IPX capability as the primary IPX
interface using the IEEE 802.2 frame type and IPX network
address 39ab0222 you would use:

# ipx_interface add -p eth0 802.2 0x39ab0222

If the frame type differs from NetWare(tm) servers on this network,
they will studiously ignore you. If the frame type is correct but
the network number differs, they will still ignore you but complain
frequently on the NetWare server console. The latter is guaranteed
to gain you flames from your NetWare administrator and may disrupt
existing NetWare clients.

If you get an error while running this program and you happen to
not have already configured tcp/ip, then you will find that you
need to manually start the eth0 interface using the command:

# ifconfig eth0 up

iippxx__ccoonnffiigguurree
This command enables or disables the automatic setting of the
interface configuration and primary interface settings.

--auto_interface
allows you to select whether new network devices should be
automatically configured as IPX devices or not.

--auto_primary
allows you to select whether the IPX software should
automatically select a primary interface or not. Problems
have been noted using this with Windows 95 clients on the
network.

A typical example would be to enable both automatic interface
configuration and automatic primary interface setting with the
following command:

# ipx_configure --auto_interface=on --auto_primary=on

iippxx__iinntteerrnnaall__nneett
This command allows you to configure or deconfigure an internal
network address. An internal network address is optional, but
when it is configured it will always be the primary interface.
To configure an IPX network address of ab000000 on IPX node 1
you would use:

# ipx_internal_net add 0xab000000 1

iippxx__rroouuttee
The command allows you to manually modify the IPX routing table.
For example to add a route to IPX network 39ab0222 via a router
with node number 00608CC33C0F on IPX network 39ab0108:

# ipx_route add 0x39ab0222 0x39ab0108 0x00608CC33C0F

88.. CCoonnffiigguurriinngg yyoouurr LLiinnuuxx mmaacchhiinnee aass aann IIPPXX rroouutteerr..

If you have a number of IPX segments that you wish to internetwork you
need the services of a router. In the Novell environment there are two
pieces of information which are necessary to be propagated around the
network. They are the network routing information propagated using
Novell RIP, and the service advertisement information propagated using
Novell SAP. Any router must support both of these protocols to be
useful in most situations.

Linux has support for both of these protocols and can be fairly easily
made to function as a fully Novell compliant router.

The Linux kernel IPX support actually manages the IPX packet
forwarding across interfaces, but it does this according to the rules
coded into the IPX routing table. Linux needs a program to implement
the Novell RIP and SAP to ensure that the IPX routing table is built
correctly and updated periodically to reflect changes in the network
status.

Volker Lendecke <[email protected]> has developed a routing
daemon _i_p_x_r_i_p_d that will do this for you. The _m_a_r_s___n_w_e package
mentioned later includes an alternative routing daemon.

You can find _i_p_x_r_i_p_d at:

sunsite.unc.edu
<ftp://sunsite.unc.edu/pub/Linux/system/filesystems/ncpfs/ipxripd-0.7.tgz>

or at Volkers home site at:

ftp.gwdg.de <ftp://ftp.gwdg.de/pub/linux/misc/ncpfs/ipxripd-0.7.tgz>

Configuring your Linux machine to act as a router is very
straightforward. The steps you must take are:

1. Build your kernel with IPX, Ethernet and /proc support.

2. Obtain, compile and install the _i_p_x_d daemon program.

3. Boot the new kernel and ensure that each of the Ethernet cards has
been properly detected and there are no hardware conflicts.

4. Enable the IPX protocol on each of the interfaces using the
_i_p_x___i_n_t_e_r_f_a_c_e command described above.

5. Start the _i_p_x_d daemon program.

Consider the following simple network:

IPX Addr: 0x01000000 802.2
|--------------------------|
|
\_________________________
\ Linux Router
IPX Addr: 0x02000000 802.2 \
|--------------------------| \ eth0/-----------\
| \--====| |
\_________________________ | IPX route |
\ eth1| Table |
IPX Addr: 0x03000000 etherII \----====| ^ |
|--------------------------| | | |
| eth2| IPXd |
\______________________________/====| |
| SAPd |
IPX Addr: 0x04000000 etherII eth3| |
|--------------------------| /====| |
| | \___________/
\______________________________/

The configuration for the above network would look like:

# ipx_interface add eth0 802.2 0x0100000000
# ipx_interface add eth1 802.2 0x0200000000
# ipx_interface add eth2 etherii 0x0300000000
# ipx_interface add eth3 etherii 0x0400000000
# ipxd

You should then wait a moment or two and check your
/proc/net/ipx_route file and you should see it populated with the IPX
routes relevant to your configuration and any learned from any other
routers in the network.

88..11.. DDoo II nneeeedd ttoo ccoonnffiigguurree aann iinntteerrnnaall nneettwwoorrkk ??

Novell has a feature called an internal network, which it uses to
simplify routing in situations where a host has more than one network
device connected. This is useful in the case of a fileserver
connected to multiple networks as it means that only one route needs
to be advertised to reach the server regardless of which network you
are attempting from.
In the case of a configuration where you are not running a fileserver
and your machine acting only as an IPX router the question is not as
simple to answer. It has been reported that configuring for IPX/PPP
works `better' if you also configure an internal network.

In any case it is easy to do, but may require a rebuild of your
kernel. When you are working through the kernel make config you must
answer y when asked Full internal IPX network as illustrated:

...
...
Full internal IPX network (CONFIG_IPX_INTERN) [N/y/?] y
...
...

To configure the internal network interface, use the _i_p_x___i_n_t_e_r_n_a_l___n_e_t
command described earlier in the IPX tools section. The main
precaution to take is to ensure that they IPX network address you
assign is unique on your network and that no other machine or network
is using it.

99.. CCoonnffiigguurriinngg yyoouurr LLiinnuuxx mmaacchhiinnee aass aann NNCCPP cclliieenntt..

If you are a user of a mixed technology network that comprises both IP
and IPX protocols it is likely that at some time or another you have
wanted to have your Linux machine access data stored on a Novell
fileserver on your network. Novell have long offered an NFS server
package for their fileservers that would allow this, but if you are a
small site or have only a small number of people interested in doing
this it is difficult to justify the cost of the commercial package.

Volker Lendecke <[email protected]> has written a Linux
filesystem kernel module that supports a subset of the Novell NCP that
will allow you to mount Novell volumes into your Linux filesystem
without requiring any additional products for your fileserver. Volker
has called the package _n_c_p_f_s and derived the necessary information
mainly from the book "Netzwerkprogrammierung in C" by Manfred Hill and
Ralf Zessin (further details of the book are contained within the
README file in the _n_c_p_f_s package).

The software causes Linux to emulate a normal Novell workstation for
file services. It also includes a small print utility that allows you
to print to Novell print queues (This is documented in the Print
Client section later). The _n_c_p_f_s package will work with Novell
fileservers of version 3.x and later, it will not work the Novell 2.x.
The _n_c_p_f_s client will also work with close Novell compatible products,
but unfortunately some products that claim to be compatible aren't
compatible enough. To use _n_c_p_f_s with Novell 4.x fileservers, it is
preferred to use the Novell server in _b_i_n_d_e_r_y emulation mode. The NDS
support is a very recent early beta addition to _n_c_p_f_s and additionally
its use may be prohibited in your country due to the inclusion of
patented technology.

99..11.. OObbttaaiinniinngg nnccppffss ..

The latest _n_c_p_f_s package was designed to be built against the version
1.2.13 kernel or kernels later than 1.3.71 (this includes 2.x.x). If
you not using a kernel in either of these categories then you will
have to upgrade your kernel. The Kernel-HOWTO <Kernel-HOWTO.html>
describes how to do this in detail.

You can obtain the _n_c_p_f_s package by anonymous ftp from Volker's home
site at: ftp.gwdg.de <ftp://ftp.gwdg.de/pub/linux/misc/ncpfs/> or
sunsite.unc.edu
<ftp://sunsite.unc.edu/pub/Linux/system/filesystems/ncpfs> or mirror
sites. The current version at the time of writing was:

ncpfs-2.0.11.tgz or ncpfs-2.2.0.tgz which adds the NDS support.

99..22.. BBuuiillddiinngg nnccppffss ffoorr kkeerrnneell 11..22..1133..

BBuuiilldd aa kkeerrnneell wwiitthh EEtthheerrnneett aanndd IIPPXX ssuuppppoorrtt
The first thing you need to do is ensure that your kernel has
been built with IPX support enabled. In the 1.2.13 version
kernel you need only ensure that you have answered Y to the
question: 'The IPX protocol' as illustrated:

...
...
Assume subnets are local (CONFIG_INET_SNARL) [y]
Disable NAGLE algorithm (normally enabled) (CONFIG_TCP_NAGLE_OFF) [n]
The IPX protocol (CONFIG_IPX) [n] y
*
* SCSI support
...
...

You will also need to ensure that you include an appropriate driver
for your Ethernet card. If you do not know how to do this then you
should read the Ethernet-HOWTO <Ethernet-HOWTO.html>.

You can then proceed to build your kernel. Make sure you remember
to run _l_i_l_o to install it when you have finished.

UUnnttaarr tthhee _n_c_p_f_s ssooffttwwaarree

# cd /usr/src
# tar xvfz ncpfs-2.0.11.tgz
# cd ncpfs

CChheecckk tthhee MMaakkeeffiillee
If you intend to use _k_e_r_n_e_l_d to autoload the _n_c_p_f_s kernel module
then you must uncomment the line in the Makefile that refers to:
KERNELD. If you are unsure what this means then you should read
the Kernel-HOWTO <Kernel-HOWTO.html> to familiarise yourself
with kernel module configuration.

MMaakkee tthhee _n_c_p_f_s ssooffttwwaarree
The software should compile cleanly with no other configuration
necessary:

# make

CCooppyy tthhee IIPPXX ttoooollss ssoommeewwhheerree uusseeffuull iiff yyoouu ddoonn''tt aallrreeaaddyy hhaavvee tthheemm..
After the _m_a_k_e has completed you should find all of the tools
you need in the ncpfs/bin directory. You can use:

# make install

to install the tools in Volkers choice of directories. If you are
running on an ELF based system then you will need to rerun
`ldconfig -v' to ensure that the shared library is able to be
found.

CCooppyy tthhee _n_c_p_f_s_._o mmoodduullee ssoommeewwhheerree uusseeffuull iiff nneecceessssaarryy..
If you are compiling for a 1.2.* kernel then you will find a
file called ncpfs.o in the ncpfs/bin directory after the _m_a_k_e
has completed. This is the _n_c_p_f_s kernel module. You should copy
this somewhere useful. On my _d_e_b_i_a_n system I have copied it to
the /lib/modules/1.2.13/fs directory and added ncpfs to the
/etc/modules file so that it will be automatically started at
boot time. If you are using some other distribution you should
find where it keeps its modules and copy it there, or just copy
it to your /etc directory. To load the modules manually you need
to use the command:

# insmod ncpfs.o

99..33.. BBuuiillddiinngg nnccppffss ffoorr kkeerrnneellss 11..33..7711++++//22..00..**..

For the latest version of _n_c_p_f_s you must use kernel 1.3.71 or newer,
this includes the 2.0.* kernels.

If you intend using a kernel that is version 1.3.71 or newer then the
_n_c_p_f_s kernel code has been included in the standard kernel
distribution. You need only answer Y to:

Networking options --->
...
...
<*> The IPX protocol
...
Filesystems --->
...
...
<*> NCP filesystem support (to mount NetWare volumes)
...

You will still need to follow the instructions for building for
kernels 1.2.* so that you can build the tools but there will not be a
module file for you to install.

99..44.. CCoonnffiigguurriinngg aanndd uussiinngg nnccppffss ..

CCoonnffiigguurree tthhee IIPPXX nneettwwoorrkk ssooffttwwaarree
There are two ways of configuring the IPX network software. You
can manually configure all of your IPX network information or
you can choose to let the software determine for itself some
reasonable settings using the command:

# ipx_configure --auto_interface=on --auto_primary=on

This should be reasonable in most circumstances, but if it doesn't
work for you then read the 'IPX tools' section above to configure
your software manually. Problems have been noted using this on
networks containing Windows '95 clients.

TTeesstt tthhee ccoonnffiigguurraattiioonn
After your IPX network is configured you should be able to use
the _s_l_i_s_t command to see a list of all of the Novell fileserver
on your network:

# slist

If the slist command displays a message like: ncp_connect: Invalid
argument then your kernel probably does not support IPX. Check that
you have actually booted off the appropriate kernel. When you boot
you should see messages about 'IPX' and 'ncpfs' in the system
startup messages. If the _s_l_i_s_t command does not list all of your
fileservers then you may need to use the manual network configura-
tion method.

MMoouunntt aa NNoovveellll((ttmm)) sseerrvveerr oorr vvoolluummee..
If your IPX network software is working ok you should now be
able to mount a Novell fileserver or volume into your Linux
filesystem. The _n_c_p_m_o_u_n_t command is used for this purpose and
requires that you specify at least the following information:

1. The fileserver name

2. (optionally) The fileserver directory to mount

3. The fileserver login id. If it has a password you will also
need that.

4. The mount point ie. where you want the mount to go. This will
be an existing directory on your machine.

There is an equivalent _n_c_p_u_m_o_u_n_t command to unmount a mounted
NCP filesystem. The NCP filesystems will be unmounted cleanly if
you shutdown your machine normally, so you needn't worry about
_n_c_p_u_m_o_u_n_ting your filesystems manually before a _h_a_l_t or
_s_h_u_t_d_o_w_n.

An example command to mount fileserver ACCT_FS01, with a login
id of guest with no password, under the /mnt/Accounts directory
might look like the following:

# ncpmount -S ACCT_FS01 /mnt/Accounts -U guest -n

Note the use of the -n option to indicate that no password is
required for the login. The same login specifying a password of
secret would look like:

# ncpmount -S ACCT_FS01 /mnt/Accounts -U guest -P secret

If you don't specify either the -n or the -P options you will be
prompted for a password.

CChheecckk tthhee mmoouunntt
If the mount is successful you will find all the volumes
accessible to the userid used for login listed as directories
under the mount point. You should then also be able to traverse
the directory structure to find other files. You may
alternatively use the -V option to mount a single volume.

NCP does not provide uid or gid ownership of files. All the
files will have the permission and ownership assigned to the
mount point directory restricted by trustee permissions on the
Novell server. Bear this in mind when sharing mounts between
Linux users.

CCoonnffiigguurree mmoouunnttss ttoo bbee aauuttoommaattiiccaallllyy ppeerrffoorrmmeedd..
If you have some need to permanently have an ncp mount then you
will want to configure the commands above into your _r_c files so
that they occur automatically at boot time. If your distribution
doesn't already provide some way of configuring IPX like debian
then I recommend you place them in your /etc/rc.local file if
you have one. You might use something like:

#
# Start the ncp filesystem

/sbin/insmod /lib/modules/1.2.13/fs/ncpfs.o

# configure the IPX network
ipx_configure --auto_interface=on --auto_primary=on

# guest login to the Accounting fileserver
ncpmount -S ACCT_FS01 /mnt/Accounts -U guest -n

#

There is another means of configuring NCP mounts and that is by
building a $HOME/.nwclient file. This file contains details of tem-
porary or user specific NCP mounts that would be performed regu-
larly. It allows you to store the details of mounts so that you can
recreate them without having to specify all of the detail each
time.

Its format is quite straightforward:

# The first entry is the 'preferred server' entry and is
# used whenever you do not specify a server explicitly.
#
# User TERRY login to DOCS_FS01 fileserver with password 'password'
DOCS_FS01/TERRY password
#
# Guest login to the ACCT_FS01 fileserver with no password.
ACCT_FS01/GUEST -

To activate these mounts you could use:

$ ncpmount /home/terry/docs

to mount: DOCS_FS01 with a login of TERRY under the
/home/terry/docs directory. Note that this entry was chosen because
no fileserver was specified in the mount command. If the following
command were used:

$ ncpmount -S ACCT_FS01 /home/terry/docs

then a GUEST login to ACCT_FS01 would be mounted there instead.

NNoottee:: for this mechanism to work the permissions of the
$HOME/.nwclient file must be 0600 so you would need to use the
command:

$ chmod 0600 $HOME/.nwclient

If non-root users are to be allowed to use this mechanism then the
_n_c_p_m_o_u_n_t command must be Set Userid Root, so you would need to give
it permissions:

# chmod 4755 ncpmount

TTrryy oouutt tthhee _n_s_e_n_d uuttiilliittyy
a utility to send messages to Novell users is also included in
the package, it is called _n_s_e_n_d and is used as follows:

# nsend rod hello there

would send the message "hello there" to a logged in user "rod" on
your "primary" fileserver (the first one appearing in your
.nwclient file. You can specify another fileserver with the same
syntax as for the _n_c_p_m_o_u_n_t command.

1100.. CCoonnffiigguurriinngg yyoouurr LLiinnuuxx mmaacchhiinnee aass aann NNCCPP sseerrvveerr..

There are two packages available that allow Linux to provide the
functions of a Novell Fileserver. They both allow you to share files
on your linux machine with users using Novell NetWare client software.
Users can attach and map filesystems to appear as local drives on
their machines just as they would to a real Novell fileserver. You may
want to try both to see which best serves your intended purpose.

1100..11.. TThhee mmaarrss__nnwwee ppaacckkaaggee..

Martin Stover <[email protected]> developed _m_a_r_s___n_w_e to enable linux
to provide both file and print services for NetWare clients.

In case you are wondering about the name: _m_a_r_s___n_w_e is Martin Stovers
Netware Emulator.

1100..11..11.. CCaappaabbiilliittyy ooff mmaarrss__nnwwee ..

_m_a_r_s___n_w_e implements a subset of the full Novell NCP for file services,
disk based bindery and also print services. It is likely to contain
bugs but there are many people using it now and the number of bugs is
steadily decreasing as new versions are released.

1100..11..22.. OObbttaaiinniinngg mmaarrss__nnwwee ..

You can obtain _m_a_r_s___n_w_e from ftp.gwdg.de
<ftp://ftp.gwdg.de/pub/linux/misc/ncpfs/> or from
<ftp://sunsite.unc.edu/pub/Linux/system/filesystems/ncpfs/>.

The version current at the time of writing was:
mars_nwe-0.99.pl10.tgz.

1100..11..33.. BBuuiillddiinngg tthhee mmaarrss__nnwwee ppaacckkaaggee..

BBuuiilldd aa kkeerrnneell wwiitthh EEtthheerrnneett aanndd IIPPXX SSuuppppoorrtt
In the 1.2.13 version kernel you need only ensure that you have
answered Y to the question: 'The IPX protocol' and N to the
question: `Full internal IPX network' as illustrated:

...
...
The IPX protocol (CONFIG_IPX) [n] y
...
...
Full internal IPX network (CONFIG_IPX_INTERN) [N/y/?] n
...
...

In newer kernels a similar process is adopted but the actual text
of the prompt may have changed slightly.

You will also need to ensure that you include an appropriate driver
for your Ethernet card. If you do not know how to do this then you
should read the Ethernet-HOWTO <Ethernet-HOWTO.html>.

You can then proceed to build your kernel. Make sure you remember
to run _l_i_l_o to install it when you have finished.

UUnnttaarr tthhee _m_a_r_s___n_w_e ppaacckkaaggee..

# cd /usr/src
# tar xvfz mars_nwe-0.99.pl10.tgz

MMaakkee _m_a_r_s___n_w_e..
To make the package is very simple. The first step is to simply
run make, this will create a config.h file for you. Next you
should look at and edit the config.h file if necessary. It
allows you to configure items such as the installation
directories that will be used and the maximum number of sessions
and volumes that the server will support. The really important
entries to look at are:

FILENAME_NW_INI the location of the initialisation file
PATHNAME_PROGS where the executable support programs will be found.
PATHNAME_BINDERY where the 'bindery' files will go.
PATHNAME_PIDFILES the directory for the 'pid' files to be written.
MAX_CONNECTIONS the maximum number of simultaneous connections allowed.
MAX_NW_VOLS the maximum number of volumes mars_nwe will support.
MAX_FILE_HANDLES_CONN the maximum number of open files per connection.
WITH_NAME_SPACE_CALLS if you want to support ncpfs clients.
INTERNAL_RIP_SAP whether you want mars_nwe to provide rip/sap routing.
SHADOW_PWD whether you use shadow passwords or not.

The defaults will probably be ok but you should check anyway.

When this is done:

# make
# make install

will build the servers and install them in the appropriate
directory. The installation script also installs the configuration
file /etc/nwserv.conf.

CCoonnffiigguurree tthhee sseerrvveerr..
Configuration is fairly simple. You need to edit the
/etc/nwserv.conf file. The format of this file may at first look
a little cryptic, but it is fairly straightforward. The file
contains a number of single line configuration items. Each line
is whitespace delimited and begins with a number that indicates
the contents of the line. All characters following a '#'
character are considered a comment and ignored. Martin supplies
an example configuration file in the package, but I'll present
what I consider to be a simplified example to offer an
alternative for you.

# VOLUMES (max. 5)
# Only the SYS volume is compulsory. The directory containing the SYS
# volume must contain the directories: LOGIN, PUBLIC, SYSTEM, MAIL.
# The 'i' option ignores case.
# The 'k' option converts all filenames in NCP requests to lowercase.
# The 'm' option marks the volume as removable (useful for cdroms etc.)
# The 'r' option set the volume to read-only.
# The 'o' option indicates the volume is a single mounted filesystem.
# The 'P' option allows commands to be used as files.
# The 'O' option allows use of the OS/2 namespace
# The 'N' option allows use of the NFS namespace
# The default is upper case.
# Syntax:
# 1 <Volumename> <Volumepath> <Options>

1 SYS /home/netware/SYS/ # SYS
1 DATA /home/netware/DATA/ k # DATA
1 CDROM /cdrom kmr # CDROM

# SERVER NAME
# If not set then the linux hostname will be converted to upper case
# and used. This is optional, the hostname will be used if this is not
# configured.
# Syntax:
# 2 <Servername>

2 LINUX_FS01

# INTERNAL NETWORK ADDRESS
# The Internal IPX Network Address is a feature that simplifies IPX routing
# for multihomed hosts (hosts that have ports on more than one IPX network).
# Syntax:
# 3 <Internal Network Address> [<Node Number>]
# or:
# 3 auto
#
# If you use 'auto' then your host IP address will be used. NOTE: this may
# be dangerous, please be sure you pick a number unique to your network.
# Addresses are 4byte hexadecimal (the leading 0x is required).

3 0x49a01010 1

# NETWORK DEVICE(S)
# This entry configures your IPX network. If you already have your
# IPX network configured then you do not need this. This is the same as
# using ipx_configure/ipx_interface before you start the server.
# Syntax:
# 4 <IPX Network Number> <device_name> <frametype> [<ticks>]
# Frame types: ethernet_ii, 802.2, 802.3, SNAP

4 0x39a01010 eth0 802.3 1

# SAVE IPX ROUTES AFTER SERVER IS DOWNED
# Syntax:
# 5 <flag>
# 0 = don't save routes, 1 = do save routes

5 0

# NETWARE VERSION
# Syntax:
# 6 <version>
# 0 = 2.15, 1 = 3.11

6 1
# PASSWORD HANDLING
# Real Novell DOS clients support a feature which encypts your
# password when changing it. You can select whether you want your
# mars server to support this feature or not.
# Syntax
# 7 <flag>
# <flag> is:
# 0 to force password encryption. (Clients can't change password)
# 1 force password encryption, allow unencrypted password change.
# 7 allow non-encrypted password but no empty passwords.
# 8 allow non-encrypted password including empty passwords.
# 9 completely unencrypted passwords (doesn't work with OS/2)

7 1

# MINIMAL GID UID rights
# permissions used for attachments with no login. These permissions
# will be used for the files in your primary server attachment.
# Syntax:
# 10 <gid>
# 11 <uid>
# <gid> <uid> are from /etc/passwd, /etc/groups

10 200
11 201

# SUPERVISOR password
# May be removed after the server is started once. The server will
# encrypt this information into the bindery file after it is run.
# You should avoid using the 'root' user and instead use another
# account to administer the mars fileserver.
#
# This entry is read and encrypted into the server bindery files, so
# it only needs to exist the first time you start the server to ensure
# that the password isn't stolen.
#
# Syntax:
# 12 <Supervisor-Login> <Unix username> [<password>]

12 SUPERVISOR terry secret

# USER ACCOUNTS
# This associates NetWare logins with unix accounts. Password are
# optional.
# Syntax:
13 <User Login> <Unix Username> [<password>]

13 MARTIN martin
13 TERRY terry

# LAZY SYSTEM ADMIN CONFIGURATION
# If you have a large numbers of users and could not be bothered using
# type 13 individual user mappings, you can automatically map mars_nwe
# logins to linux user names. BUT, there is currently no means of making
# use of the linux login password so all users configured this way are
# will use the single password supplied here. My recommendation is not
# to do this unless security is absolutely no concern to you.
# Syntax:
# 15 <flag> <common-password>
# <flag> is: 0 - don't automatically map users.
# 1 - do automatically map users not configured above.
# 99 - automatically map every user in this way.

15 0 duzzenmatta

# SANITY CHECKING
# mars_nwe will automatically ensure that certain directories exist if
# you set this flag.
# Syntax:
# 16 <flag>
# <flag> is 0 for no, don't, or 1 for yes, do.

16 0

# PRINT QUEUES
# This associates NetWare printers with unix printers. The queue
# directories must be created manually before printing is attempted.
# The queue directories are NOT lpd queues.
# Syntax:
# 21 <queue_name> <queue_directory> <unix_print_cmd>

21 EPSON SYS:/PRINT/EPSON lpr -h
21 LASER SYS:/PRINT/LASER lpr -Plaser

# DEBUG FLAGS
# These are not normally needed, but may be useful if are you debugging
# a problem.
# Syntax:
# <debug_item> <debug_flag>
#
# 100 = IPX KERNEL
# 101 = NWSERV
# 102 = NCPSERV
# 103 = NWCONN
# 104 = start NWCLIENT
# 105 = NWBIND
# 106 = NWROUTED
# 0 = disable debug, 1 = enable debug

100 0
101 0
102 0
103 0
104 0
105 0
106 0

# RUN NWSERV IN BACKGROUND AND USE LOGFILE
# Syntax:
# 200 <flag>
# 0 = run NWSERV in foreground and don't use logfile
# 1 = run NWSERV in background and use logfile

200 1

# LOGFILE NAME
# Syntax:
# 201 <logfile>

201 /tmp/nw.log

# APPEND LOG OR OVERWRITE
# Syntax:
# 202 <flag>
# 0 = append to existing logfile
# 1 = overwrite existing logfile

202 1

# SERVER DOWN TIME
# This item sets the time after a SERVER DOWN is issued that the
# server really goes down.
# Syntax:
# 210 <time>
# in seconds. (defaults 10)

210 10

# ROUTING BROADCAST INTERVAL
# The time is seconds between server broadcasts
# Syntax:
# 211 <time>
# in seconds. (defaults 60)

211 60

# ROUTING LOGGING INTERVAL
# Set how many broadcasts take place before logging of routing
# information occurs.
# Syntax:
# 300 <number>

300 5

# ROUTING LOGFILE
# Set the name of the routing logfile
# Syntax:
# 301 <filename>

301 /tmp/nw.routes

# ROUTING APPEND/OVERWRITE
# Set whether you want to append to an existing log file or
# overwrite it.
# Syntax:
# 302 <flag>
# <flag> is 0 for append, 1 for create/overwrite

302 1

# WATCHDOG TIMING
# Set the timing for watchdog messages that ensure the network is
# still alive.
# Syntax:
# 310 <value>
# <value> = 0 - always send watchdogs
# < 0 - (-ve) for disable watchdogs
# > 0 - send watchdogs when network traffic
# drops below 'n' ticks

310 7

# STATION FILE
# Set the filename for the stations file which determine which
# machines this fileserver will act as the primary fileserver for.
# The syntax of this file is described in the 'examples' directory
# of the source code.
# Syntax:
# 400 <filename>

400 /etc/nwserv.stations

# GET NEAREST FILESERVER HANDLING
# Set how SAP Get Nearest Fileserver Requests are handled.
# Syntax:
# 401 <flag>
# <flag> is: 0 - disable 'Get Nearest Fileserver' requests.
# 1 - The 'stations' file lists stations to be excluded.
# 2 - The 'stations' file lists stations to be included.

401 2

SSttaarrtt tthhee sseerrvveerr
If you've configured the server to expect external programs to
configure your network and/or provide the routing function then
you should start those before starting the server. Presuming you
have configured the server so that it will configure your
interfaces for you and provide the routing services you need
only issue the command:

# nwserv

TTeesstt tthhee sseerrvveerr
To test the server you should first try to attach and login from
a NetWare client on your network. You then set a CAPTURE from
the client and attempt a print. If both of these are successful
then the server is working.

1100..22.. TThhee llwwaarreedd ppaacckkaaggee..

Ales Dryak <[email protected]> developed _l_w_a_r_e_d to allow Linux to
function as an NCP based fileserver.

Ales has called the package _l_w_a_r_e_d, an abbreviation for _L_i_n_W_a_r_e
_D_a_e_m_o_n.

1100..22..11.. CCaappaabbiilliittyy ooff llwwaarreedd ..

The _l_w_a_r_e_d server is capable of providing a subset of the full
function of the Novell NCP. It incorporates messaging but it does not
provide any printing facilities at all. It does not currently work
very well with either Windows95 or Windows NT clients. The _l_w_a_r_e_d
server relies on external programs to build and update the IPX routing
and SAP tables. Misbehaving clients can cause the server to crash.
Importantly, filename translation facilities have not been included.

The server does work for NETX and VLM NetWare shells.

1100..22..22.. OObbttaaiinniinngg llwwaarreedd

The _l_w_a_r_e_d package can be built for any kernel newer than 1.2.0, I
recommend you use version 1.2.13 as no kernel patches are required if
you do. Some of the IPX functionality has changed with the version
1.3.* kernels and this means that patches are now required to make it
work properly. Appropriate patches are included for the new kernels,
so if you must use an alpha kernel you should still be able to get
_l_w_a_r_e_d to work properly for you.

You can obtain the _l_w_a_r_e_d package by anonymous ftp from:
klokan.sh.cvut.cz <ftp://klokan.sh.cvut.cz/pub/linux/linware/>

or from:

sunsite.unc.edu
<ftp://sunsite.unc.edu/pub/Linux/system/network/daemons> or mirror
sites. The current version at the time of writing was:
lwared-0.95.tar.gz

1100..22..33.. BBuuiillddiinngg llwwaarreedd

UUnnttaarr tthhee _l_w_a_r_e_dppaacckkaaggee
Something like:

# cd /usr/src
# tar xvpfz lwared-0.95.tar.gz

BBuuiilldd aa kkeerrnneell wwiitthh EEtthheerrnneett aanndd IIPPXX ssuuppppoorrtt
If you are using an alpha 1.3.* kernel then you should try and
use kernel version 1.3.17 or newer because the supplied patches
were built against it. 1.3.* kernels older than 1.3.17 will
require hand patching to install. (_s_o_m_e _i_n_f_o_r_m_a_t_i_o_n _o_n _h_o_w _t_o _d_o
_t_h_i_s _i_s _i_n_c_l_u_d_e_d _i_n _t_h_e INSTALL file in the package.). To
install the patches against a 1.3.17 kernel or newer you should
try:

# make patch

After applying the patches if necessary, the next thing you need to
do is ensure that your kernel has been built with IPX support
enabled. In the 1.2.13 version kernel you need only ensure that you
have answered Y to the question: 'The IPX protocol' as illustrated:

...
...
Assume subnets are local (CONFIG_INET_SNARL) [y]
Disable NAGLE algorithm (normally enabled) (CONFIG_TCP_NAGLE_OFF) [n]
The IPX protocol (CONFIG_IPX) [n] y
*
* SCSI support
...
...

In newer kernels a similar process is adopted by the actual text of
the prompt may have changed slightly.

You will also need to ensure that you include an appropriate driver
for your Ethernet card. If you do not know how to do this then you
should read the Ethernet-HOWTO <Ethernet-HOWTO.html>.

You can then proceed to build your kernel. Make sure you remember
to run _l_i_l_o to install it when you have finished.

CCoommppiillee aanndd iinnssttaallll _l_w_a_r_e_d..
To compile _l_w_a_r_e_d you should first check, edit if necessary, the
server/config.h file. This file contains various settings that
will govern the way your server will behave when it is running.
The defaults are reasonable, though you might want to check that
the directories specified for the log files and configuration
files suit your system.

# make depend
# make
# make install

I found that the 'make depend' complained about not finding the
float.h file on my system but appeared to work anyway. I also
found that when I tried compiling with gcc 2.6.3 I found I had to
change the line:

#include <net/route.h>

to

#include <net/if_route.h>

in lib/ipxkern.c as this file changed name sometime.

The 'make install' will attempt to install the server and routing
daemon programs into your /usr/sbin directory, the _l_w_p_a_s_s_w_d program
into your /usr/bin directory, the IPX utility programs will be
installed into your /sbin directory and last but not least the
manual pages will go into the /usr/man directory structure. If any
of these locations are not suitable for your system then you should
edit the relevant Makefile and change the target directories to
suit.

1100..22..44.. CCoonnffiigguurriinngg aanndd uussiinngg llwwaarreedd

Now the fun bit!

CCoonnffiigguurriinngg tthhee IIPPXX nneettwwoorrkk
The first thing you must do is configure your Ethernet
interfaces to support the IPX networks your server will support.
To do this you will need to know the IPX network addresses for
each of your LAN segments, which Ethernet device (eth0, eth1
etc.) is on which segment, what frame type (802.3, EtherII etc.)
each LAN segment uses and what Internal Network address your
server should use (this is really needed if your server will
service more than one LAN segment). A configuration for a
server that is on two dis-similar segments with IPX network
addresses 23a91300 and 23a91301 and internal network address
bdefaced might look like:

# ipx_internal_net add BDEFACED 1
# ipx_interface add eth0 802.3 23a91300
# ipx_interface add eth1 etherii 23a91301

SSttaarrtt tthhee rroouuttiinngg ddaaeemmoonnss
The kernel software itself actually does the IPX packet
forwarding as it does for IP, but the kernel requires additional
programs to manage the routing table updates. In the case of IPX
two daemons are needed and both are supplied with _l_w_a_r_e_d:
_i_p_x_r_i_p_d manages the IPX routing information and _i_p_x_s_a_p_d manages
the SAP information. To start the daemons you need only specify
the location of where they should write their log messages:
# ipxripd /var/adm/ipxrip
# ipxsapd /var/adm/ipxsap

CCoonnffiigguurree tthhee _l_w_a_r_e_d sseerrvveerr
There are two files that you must manually configure to allow
user login to your _l_w_a_r_e_d server. They are:

/etc/lwpasswd
This is where LinWare user account information is kept. The
_l_w_p_a_s_s_w_d program is to keep it up to date. In its simplest
form the /etc/lwpasswd file looks like:

ales:
terryd:
guest:

Its format is a simple list of login id followed by a ':' char-
acter and then the encrypted version of the login passwd. A cou-
ple of important caveats here: No encrypted password means no
password, LinWare users must have Linux accounts, that is any
user you place in /etc/lwpasswd must also appear in /etc/passwd
and root is the only account that can change the password of
another LinWare user. If you are logged in as root you can
change the password of a LinWare user as this transcript demon-
strates:

# lwpasswd rodg
Changing password for RODG
Enter new password:
Re-type new password:
Password changed.

/etc/lwvtab
This is the LinWare volume tables and it stores information
about what directories should be made available to LinWare
users (this file is similar in nature to the NFS /etc/exports
file). A simple example of its format is as follows:

SYS /lwfs/sys
DATA /lwfs/data
HOME /home

The format is simple: Volume name followed by whitespace fol-
lowed by Linux directory to export. You must have at lleeaasstt an
entry for the SYS volume for the server to start. If you intend
your DOS based users to be able use your LinWare server as their
primary server then you must install a standard SYS volume
directory structure underneath the directory you export as your
SYS volume. Since these files are proprietary and copyright to
the Novell corporation you should have a license for these. If
you users will be using a Novell fileserver as their primary
server then this will not be necessary.

SSttaarrtt tthhee _l_w_a_r_e_d sseerrvveerr..
tada!

# lwared

It is almost an anticlimax isn't it ? Ok so you've got a question,
right? What is the fileserver name that is being advertised ? If
you started the server as shown then the LinWare server name being
advertised will be based on what is returned by the Linux _h_o_s_t_n_a_m_e.
If you'd like it to be something else then you can give the server
the name when you start it, for example:

# lwared -nlinux00

would start the server with the name linux00.

TTeesstt tthhee _l_w_a_r_e_d sseerrvveerr..
The very first thing to test is that your LinWare server appears
in an _s_l_i_s_t from a DOS client on your network. The _s_l_i_s_t program
is stored on the SYS volume of a Novell fileserver so you must
do this from a machine that is already logged in somewhere. If
this is not successful then check that _i_p_x_s_a_p_d and _l_w_a_r_e_d are
both running. If the _s_l_i_s_t is successful then you should try
attaching to the server and mapping a volume:

C:> attach linux00/ales
...
...
C:> map l:=linux00/data:
C:> l:

You should then be able to treat the new map just like any other
map. The file permissions you will have will be based on those
allowed to the _l_i_n_u_x account that parallels your LinWare login.

1111.. CCoonnffiigguurriinngg yyoouurr LLiinnuuxx mmaacchhiinnee aass aa NNoovveellll PPrriinntt CClliieenntt..

The _n_c_p_f_s package includes two small programs that allow you to handle
printing from you Linux machine to a printer attached to a Novell
print server. The _n_p_r_i_n_t command allows you to print to a file to a
NetWare print queue. The _p_q_l_i_s_t command allows you the list the
available print queues on a NetWare server.

To obtain and install these commands just follow the instructions
relating to the NCP client described earlier.

Both commands require that you supply username and password so you
might normally consider building some shell scripts to make the task
of printing easier.

An example might look like:

# pqlist -S ACCT_FS01 -U guest -n
# nprint -S ACCT_FS01 -q LASER -U guest -n filename.txt

The login syntax is similar to the _n_c_p_m_o_u_n_t command. The examples
above assume that fileserver ACCT_FS01 has a guest account with no
password, that a print queue called LASER exists and that guest is
allowed to print to it.
On my Linux boxen I have a short shell script for each Novell printer.
This can then be used as a print filter to allow printing using the
standard Linux spooler.

1122.. CCoonnffiigguurriinngg yyoouurr LLiinnuuxx mmaacchhiinnee aass aa NNoovveellll PPrriinntt SSeerrvveerr..

A program to allow your Linux machine to act as a print server on a
Netware network is included in the _n_c_p_f_s package. For instructions on
how to obtain and build, it follow the directions in the `Netware
client' section above. Alternatively, support is included in the
_m_a_r_s___n_w_e package.

1122..11.. PPrreerreeqquuiissiitteess

Configuration is quite straightforward but relies on you already
having your printer configuration completed and working under Linux.
This is covered in the Printing-HOWTO <Printing-HOWTO.html> in some
depth.

1122..22.. CCoonnffiigguurraattiioonn

When you have a working printer configuration, and you have built and
installed the _p_s_e_r_v_e_r utility then you need to add commands to start
it into your rc files.

Exactly what command will use will depend on depend on exactly how you
want it to operate, but in its simplest form something like the
following will work:

# pserver -S ACCT_01 -U LASER -P secret -q LASERJET

This example asks the _p_s_e_r_v_e_r utility to login in to the ACCT_01
fileserver with username LASER and password secret and to take jobs
from the LASERJET print queue. When an incoming print job is received
it will use the default print command of _l_p_r to feed the print job to
the Linux print daemon. The print queue must already be defined on the
fileserver and the username must have server priveliges for the queue.

You could if you wished use any Linux command to accept and print the
print job. The -c argument allows you to specify the exact print
command. For example:

# pserver -S ACCT_01 -U LASER -P secret -q LASERJET -c "lpr -Plaserjet"

would do exactly the same as the previous example except it would send
the job to the laserjet _p_r_i_n_t_c_a_p configuration instead of the default
one.

1133.. AAnn oovveerrvviieeww ooff tthhee nnccppffss uusseerr aanndd aaddmmiinnssttrraattiioonn ccoommmmaannddss

Recent versions of Volker's _n_c_p_f_s package include a range of user and
administration commands that you might want to use. The tools are
built and installed as part of the _n_c_p_f_s installation process, so if
you haven't already, follow the instructions supplied in the Novell
Client section above to build and install them.

Detailed information is available in the supplied _m_a_n pages but a
brief summary of the commands is as follows;

1133..11.. UUsseerr ccoommmmaannddss..

nnccooppyy
Network Copy - allows efficient file copies to be performed by
using a Netware function rather than a copy across the network.

nnpprriinntt
Network Print - allows you to print a file to a Netware print
queue on a Netware server.

nnsseenndd
Network Send - allows you to send messages to other users on a
Netware server.

nnwwbboollss
List Bindery Objects - allows you to list the bindery contents
of a Netware server.

nnwwbboopprrooppss
List Properties of a Bindery Object - allows you to the
properties of a Netware bindery object.

nnwwbbppsseett
Set Bindery Property - allows you to set the properties of a
Netware bindery object.

nnwwbbppvvaalluueess
Print Netware Bindery Objects Property Contents - allows you to
print the contents of a Netware bindery property.

nnwwffssiinnffoo
Fileserver Information - prints some summary information about a
Netware server.

nnwwppaasssswwdd
Netware Password - allows you to change a Netware users
password.

nnwwrriigghhttss
Netware Rights - displays the rights associated with a
particular file or directory.

nnwwuusseerrlliisstt
Userlist - lists the users currently logged into a Netware
fileserver.

ppqqlliisstt
Print Queue List - displays the contents of a Netware print
queue.

sslliisstt
Server List - displays a list of know Netware fileserver.

1133..22.. AAddmmiinniissttrraattiioonn ttoooollss..

nnwwbbooccrreeaattee
Create a Bindery Object - allows you to create a Netware bindery
object.

nnwwbboorrmm
Remove Bindery Object - allows you to delete a Netware bindery
object.

nnwwbbppaadddd
Add Bindery Property - allows you to set the value of an
existing property of a Netware bindery object.

nnwwbbppccrreeaattee
Create Bindery Property - allows you to create a new property
for an existing Netware bindery object.

nnwwbbpprrmm
Remove Bindery Property - allows you to remove a property from a
Netware bindery object.

nnwwggrraanntt
Grant Trustee Rights - allows you to assign trustee rights to a
directory on a Netware fileserver.

nnwwrreevvookkee
Revoke Trustee Rights - allows you to remove trustee rights from
a directory on a Netware fileserver.

1144.. CCoonnffiigguurriinngg PPPPPP ffoorr IIPPXX ssuuppppoorrtt..

New versions of the _p_p_p_d PPP daemon for Linux have support that allows
you to carry IPX packets across a PPP serial link. You need at least
version ppp-2.2.0d of the daemon. See the PPP-HOWTO <PPP-HOWTO.html>
for details on where to find it. When you compile _p_p_p_d you must ensure
you enable the IPX support by adding the following two lines:

IPX_CHANGE = 1
USE_MS_DNS = 1

to: /usr/src/linux/pppd-2.2.0f/pppd/Makefile.linux.

The IPX_CHANGE is what configures the IPX support into PPP. The
USE_MS_DNS define allows Microsoft Windows95 machines to do Name
Lookups.

The real trick to getting it to work in knowing how to configure it.

There are many ways of doing this, but I'm only going to describe the
two that I've received any information on. I've tried neither yet, so
consider this section experimental, and if you get something to work,
please let me know.

1144..11.. CCoonnffiigguurriinngg aann IIPPXX//PPPPPP sseerrvveerr..

The first thing you need to do is configure your Linux machine as an
IP/PPP server. Don't panic! This isn't difficult. Again, follow the
instructions in the PPP-HOWTO <PPP-HOWTO.html> and you should be
pretty much ok. When you have this done there are a couple of simple
modifications you need to make to get IPX working over the same
configuration.

1144..11..11.. FFiirrsstt sstteeppss..

One of the first steps you must take is to configure your linux
machine as an IPX router as described in the appropriate section
earlier in this document. You won't need to use the _i_p_x___r_o_u_t_e command
for the ppp interface because _p_p_p_d will configure these for you as it
does for IP. When you have the _i_p_x_d daemon running it will
automatically detect any new IPX interfaces and propogates routes for
them. In this way your dialup hosts will be seen by other machines
automatically when they connect.

1144..11..22.. DDeessiiggnn..

When you are running as a server it will normally be your
responsibility to assign network address to each of the PPP links when
they are established. This is an important point, each PPP link will
be an IPX network and will have a unique IPX network address. This
means that you must decide how you will allocate addresses and what
what they will be. A simple convention is to allocate one IPX network
address to each serial device that will support IPX/PPP. You could
allocate IPX network addresses based on the login id of the connecting
user, but I don't see any particularly good reason to do so.

I will assume that this is what you have done, and that there are two
serial devices (modems) that we will use. The addresses I've assigned
in this contrived example are:

device IPX Network Address
------ -------------------
ttyS0 0xABCDEF00
ttyS1 0xABCDEF01

1144..11..33.. CCoonnffiigguurree ppppppdd ..

Configure your /etc/ppp/options.ttyS0 file as follows:

ipx-network 0xABCDEF00
ipx-node 2:0
ipxcp-accept-remote

and your /etc/ppp/options.ttyS1 file as:

ipx-network 0xABCDEF01
ipx-node 3:0
ipxcp-accept-remote

These will ask _p_p_p_d to allocate the appropriate IPX network addresses
to the link when the link is established, set the local node number to
2 or 3 and will let the remote node overwrite what the remote node
number with what it thinks it is. Note that each of the addresses are
hexadecimal numbers and that 0x is required at the start of the
network address, but not required at the start of the node address.

There are other places this information could be configured. If you
have only one dialin modem then an entry could go into the
/etc/ppp/options file. Alternatively this information can be passed on
the command line to _p_p_p_d.

1144..11..44.. TTeesstt tthhee sseerrvveerr ccoonnffiigguurraattiioonn..

To test the configuration you will need to have a client configuration
that is known to work. When the caller dials in, logs in and _p_p_p_d
starts it will assign the network address, advise the client of the
servers node number and negotiate the clients node number. When this
has completed, and after _i_p_x_d has detected the new interface the
client should be able to establish IPX connections to remote hosts.

1144..22.. CCoonnffiigguurriinngg aann IIPPXX//PPPPPP cclliieenntt..

In a client configuration, whether or not you configure your Linux
machine as an IPX router depends on whether you have a local LAN that
you wish to act as an IPX router for. If you are a standalone machine
connecting to an IPX/PPP dialin server then you won't need to run
_i_p_x_d, but if you have a LAN and wish all of the machines on the LAN to
make use of the IPX/PPP route then you must configure and run _i_p_x_d as
described. This configuration is much simpler because you do not have
multiple serial devices to configure.

1144..22..11.. CCoonnffiigguurriinngg ppppppdd

The simplest configuration is one that allows the server to supply all
of the IPX network configuration information. This configuration would
be compatible with the server configuration described above.

Again you need to add some options to your /etc/ppp/options file, they
are:

ipxcp-accept-network
ipxcp-accept-remote
ipxcp-accept-local

These options tell _p_p_p_d to act completely passively and accept all of
the configuration details from the server. You could supply default
values here for servers that don't supply details by adding ipx-
network and ipx-node entries similar to the server configuration.

1144..22..22.. TTeessttiinngg tthhee IIPPXX//PPPPPP cclliieenntt..

To test the client you will need a known working server to dial into.
After you have dialled in and pppd has run you should see the IPX
details configured on your ppp0 device when you run the _i_f_c_o_n_f_i_g
command and you should be able to use _n_c_p_m_o_u_n_t.

I'm not sure whether you will have to manually add IPX routes so that
you can reach distant fileserver or not. This seems likely. If anyone
running this configuration could tell me I'd be grateful.

1155.. IIPPXX ttuunnnneell oovveerr IIPP

Many of you will be in a situation where you have two Novell Local
Area Netorks with only an IP connection between them. How do you play
multiplayer deathmatch DOOM for DOS via this arrangement you might ask
? Andreas Godzina <[email protected]> has an answer for you in the form
of _i_p_x_t_u_n_n_e_l.

_i_p_x_t_u_n_n_e_l provides a bridge-like facility for IPX by allowing IPX
packets to be encapsulated with tcp/ip datagrams so that they can be
carried by a tcp/ip connection. It listens for IPX packets and when it
hears one it wraps it within a tcp/ip datagram and routes it to a
remote IP address that you specify. For this to work of course the
machine that you route the encapsulated IPX must also be running a
copy of the same version of _i_p_x_t_u_n_n_e_l as you.

1155..11.. OObbttaaiinniinngg iippxxttuunnnneell

You can obtain _i_p_x_t_u_n_n_e_l from sunsite.unc.edu
<ftp://sunsite.unc.edu/pub/Linux/system/network/daemons> or mirror
sites.

1155..22.. BBuuiillddiinngg iippxxttuunnnneell

_i_p_x_t_u_n_n_e_l built cleanly for me using the following commands:

# cd /usr/src
# tar xvfz .../ipxtunnel.tgz
# cd ipxtunnel
# make

1155..33.. CCoonnffiigguurriinngg iippxxttuunnnneell

Configuration for _i_p_x_t_u_n_n_e_l is easy. Lets say that your friends
machine is gau.somewhere.com and your machine is called gim.sw.edu.
_i_p_x_t_u_n_n_e_l uses a configuration file called /etc/ipxtunnel.conf. This
file allows you to specify the default UDP port to use for the tcp/ip
connection, where to send the encapsulated data and which of your
local interfaces _i_p_x_t_u_n_n_e_l should listen on and deliver IPX packets
to.

A simple configuration file would look like the following:

#
# /etc/ipxtunnel.conf for gim.sw.edu
#
# The UDP port to use: (default 7666)
port 7777
#
# The remote machine to send IPX packets to: (no default)
remote gau.somewhere.com
#
# The local interfaces to listen for IPX on: (default eth0)
interface eth0
interface eth1

Obviously the other machine would have a similar configuration file
specifying this machine as a remote host.

1155..44.. TTeessttiinngg aanndd uussiinngg iippxxttuunnnneell

_i_p_x_t_u_n_n_e_l acts lliikkee an IPX bridge, so the IPX networks at either end
of the link should probably be the same. Andreas has never tested the
_i_p_x_t_u_n_n_e_l in an environment that actually supports Novell file servers
so if you do try this in a real environment let Andreas know if it
works or not.

If the _i_p_x_t_u_n_n_e_l is working you should be able to start your DOOM
machines up at each end of the link running IPX mode and they should
see each other.

Andreas has only used this code over good high speed lines and he
makes no claim as to its performance when your link is low speed.
Again, let him know what works for you and what doesn't.

1166.. CCoommmmeerrcciiaall IIPPXX ssuuppppoorrtt ffoorr LLiinnuuxx..

1166..11.. CCaallddeerraa''aa NNeettwwoorrkk DDeesskkttoopp

Caldera Inc., produce a Linux distribution that features a range of
commercially supported enhancements including fully functional Novell
NetWare client support. The base distribution is the well respected
Red Hat Linux Distribution and Caldera have added their "Network
Desktop" products to this. The NetWare support provides a fully
featured Novell NetWare client built on technology licensed from
Novell Corporation. The client provides full client access to Novell
3.x and 4.x fileservers and includes features such as NetWare
Directory Service (NDS) and RSA encryption.

You can obtain much more information and ordering details from the:
Caldera Inc Web Server <http://www.caldera.com/>.

If you work within a Netware 4.x and/or NDS environment then the
Caldera Netware Client is the only solution available.

If you have a business critical application for Novell support for
Linux then the Caldera product should be something you take a close
look at.

1177.. SSoommee FFrreeqquueennttllyy AAsskkeedd QQuueessttiioonnss

WWhheerree ccaann II ffiinndd ccoommmmeerrcciiaallllyy ssuuppppoorrtteedd IIPPXX ssooffttwwaarree ffoorr LLiinnuuxx ??
The Caldera Corporation offers a fully licensed and fully
supported Netware 3.x and 4.x client. You can obtain information
about it from the Caldera Inc Web Server
<http://www.caldera.com/>.

DDooeess tthhee IIPPXX ssooffttwwaarree wwoorrkk wwiitthh AArrccnneett//TTookkeenn RRiinngg//eettcc.. ??
The Linux IPX software does work with ArcNet and Token Ring
interfaces. I haven't heard of anyone trying it with AX.25 yet.
Configuration is the same as for configuring for ethernet except
you will have to substitute appropriate device names in place of
'eth0' and appopriate hardware addresses where necessary.

HHooww ddoo II ccoonnffiigguurree mmoorree tthhaann oonnee IIPPXX iinntteerrffaaccee ??
If you have more than one interface in your machine you should
use the _i_p_x___i_n_t_e_r_f_a_c_e command to manually configure each one,
you should not use the `plug n play' configuration.

HHooww ddoo II cchhoooossee IIPPXX aaddddrreesssseess ??
IPX networking is similar, but not identical to, IP networking.
A major difference is the way that addresses are used. IPX does
not use the concept of subnetworking and so the sort of
associations that you have between network addresses and
networks is different. The rules are fairly simple:

+o Every IPX network address must be unique on a wide area network.
This includes Internal Network Addresses. Many organisations
using IPX over a wide area network will have some sort of
addressing standard that you should follow.

+o Every Host address on an individual network must be unique. This
means that every host on each IPX network must have a uniquely
assigned address. In the case of ethernet network this isn't
difficult as the cards each have a unique address. In the case
of IPX/PPP this means you must ensure that you allocate unique
addresses to all hosts on the network, irrespective of which end
of the link(s) they are connected. Host address do not need to
be unique across a wide area network as the network address is
used in combination with the host address to uniquely identify a
host.

WWhhaatt aarree ffrraammee ttyyppeess,, wwhhiicchh sshhoouulldd II uussee ??
There are a variety of frame types in use over which you can run
IPX. The most common of these are described in the 'common
terms' section of this document (under the `Frame Type entry').

If you are installing your machine on an existing network then
you must use whatever is already in use to allow you to
interwork with the other hosts on the network, but if the
installation is a brand new network you can use any of a range
of protocols to carry your IPX traffic. My recommendation if
you are configuring a brand new network and you need to carry
both IPX and IP traffic is to use the Ethernet_II frame type.

MMyy WWiinnddoowwss9955 mmaacchhiinneess mmeessss uupp mmyy ffrraammee ttyyppee aauuttooddeetteeccttiioonn ??
Apparently they can, yeah. I could make nasty comments, but
instead I'll just suggest that you use the manual frame type
configuration instead of the automatic one. It is probably the
better way anyway.

WWhhyy ddoo II ggeett tthhee mmeessssaaggee ``iinnvvaalliidd aarrgguummeenntt'' wwhheenn II ccoonnffiigguurree IIPPXX ??
You are probably not running a kernel that supports IPX, either
recompile your kernel so it does, or double check that you have
actually used lilo to install and run the new kernel.

WWhhyy ddoo II ggeett tthhee mmeessssaaggee ``ppaacckkaaggee nnoott iinnssttaalllleedd'' wwhheenn II ccoonnffiigguurree
IIPPXX ??
You are probably not running a kernel that supports IPX, either
recompile your kernel so it does, or double check that you have
actually used lilo to install and run the new kernel.

WWhhyy ddoo II ggeett tthhee mmeessssaaggee ``IIPPXX ssuuppppoorrtt nnoott iinn kkeerrnneell'' ffrroomm _p_p_p_d ??
You've probably compiled IPX as a module and not ensured that it
was loaded before started _p_p_p_d.

HHooww ddoo II NNFFSS eexxppoorrtt aa mmoouunntteedd NNCCPP ffiilleessyysstteemm ??
To use NFS to export an NCP filesystem you must mount it using
the _n_c_p_m_o_u_n_t -V option. This option allows you to mount only one
volume of a fileserver instead of the usual mounting of all of
them. When you do this your NFS daemon will allow you to export
that filesystem in the usual way.

WWhhyy ddooeessnn''tt sslliisstt wwoorrkk wwhheenn II hhaavvee aann iinntteerrnneell nneettwwoorrkk wwiitthh
mmaarrss__nnwwee ??
You must have the get nearest server enabled. That is, entry
401 in /etc/nwserv.conf should be 0 unless you have a reason for
not responding to get nearest servers. If you just want slist
to work and not respond to every get nearest server request,
include your internal network and node number in
/etc/nwserv.stations and set entry 401 in /etc/nwserv.conf to 2.

DDooeess nnccppffss ppaacckkaaggee wwoorrkk wwiitthh mmaarrss__nnwwee ??
Martin and Volker's code is slowly beginning to converge. Recent
versions of _m_a_r_s___n_w_e have an option to enable it to work with
_n_c_p_f_s. You must enable the WITH_NAME_SPACE_CALLS in the
_m_a_r_s___n_w_e config.h file.

IIss tthheerree aannyy ffrreeee DDOOSS ssooffttwwaarree ttoo wwoorrkk wwiitthh mmaarrss__nnwwee ??
A contrived question deserves a contrived answer. I'm glad you
asked, Martin has a package that he distributes alongside his
_m_a_r_s___n_w_e package that offers free DOS client support for the
_m_a_r_s___n_w_e server. You can find it at the same sites as the
server, and it will be called mars_dosutils-0.01.tgz. It
includes C source code for programs such as _s_l_i_s_t_._e_x_e,
_l_o_g_i_n_._e_x_e, _m_a_p_._e_x_e etc. The source is compilable with
Borland(tm) C.

1188.. CCooppyyrriigghhtt MMeessssaaggee..

The IPX-HOWTO, a guide to software supporting the IPX protocol for
Linux. Copyright (c) 1995 Terry Dawson.

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the:

Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
USA.

1199.. MMiisscceellllaanneeoouuss aanndd AAcckknnoowwlleeddggeemmeennttss..

Terry Dawson <[email protected]> for the original
document

David E. Storey <[email protected]> and Volker Lendecke
<[email protected]> both assisted greatly by supplying me with
information for this document. Gilbert Callaghan
<[email protected]>, David Higgins <[email protected]> and Chad
Robinson <[email protected]> each contributed information on
configuring IPX/PPP. Bennie Venter <[email protected]>
contributed some useful information relating to frame types.
Christopher Wall <[email protected] contributed some useful suggestions
to improve the readability and layout of the document. Axel Boldt
<[email protected]> contributed some useful suggestions and
feedback. Erik D. Olson <[email protected]> provided some useful feedback
and information on configuring PPP for IPX. Brian King
<[email protected]> contributed a question for the FAQ
section.

"NetWare" is a registered trademark of the Novell Corporation
<http://www.novell.com/>. "Caldera" is a registered trademark of the
Caldera Corporation <http://www.caldera.com/>.

regards Kevin Thorpe.

<[email protected]>