Netware to Linux Conversion

loyalsockvillemobΔίκτυα και Επικοινωνίες

27 Οκτ 2013 (πριν από 3 χρόνια και 5 μήνες)

59 εμφανίσεις

10/27/13

Netware to Linux Conversion

11:50 PM


Page
1

of
7

The advent of open source systems has created a new frontier of information
technology, with operating systems, utilities, and tools written by and available to anyone.
Like all revolutionary developments in technology, adoption of the new platform is oft
en
restricted and throttled by the burden of converting legacy systems. Failure to upgrade
these old systems can create a “Tower of Babel” of disparate platforms requiring costly
administrative and management headaches. The question isn’t whether legacy
platforms
should be upgraded, but how. To that extent, this document and the accompanying
programs demonstrate one method of migrating a Novell Netware file server to Linux
Samba. The ideas expressed here certainly don’t represent the only way to accompl
ish this
task. Suffice it to say that during the summer of 2002, a 600
-
user version of Novell
Netware 4.1, with 80GB of disk storage and more that one quarter million files was
migrated to Linux Samba. The migration was accomplished by one individual usi
ng the
programs mentioned in this document. The migration was successful on the first attempt.
It is certainly debatable (and should be debated!) whether the strategies suggested here
are the best, but they do work in a real
-
world conversion.


This is no
t a teaching document, but to understand some of the decisions (and
compromises) made, you must understand the idiosyncrasies of each operating system.
These differences are detailed and reviewed whenever they affected conversion decisions.
The Visual Bas
ic programs used to create the migration scripts aren’t all
-
encompassing
utilities, but templates to be tailored to suit your installation standards and requirements.
For those how prefer a different programming language, the migration programs can easily

be rewritten in REXX, PERL, or C++.


The migration strategy was developed using Novell Netware 4.1 Intel
-
based file servers
running Netware Directory Services (NDS) and Suse Linux 7.0 (s390) running under Z/VM.
The Netware 4.1 file servers use the Netw
are Core Protocol (NCP) utilizing IPX/SPX as the
communications protocol. The Linux file servers use Samba (SMB) utilizing the TCP/IP.


A decision needs to be made on how to handle the client PCs. The large user community
involved with our server migrati
on made it impossible to touch every PC, so the migration
had to be transparent to the user. Each user PC had the Novell client for Netware installed,
and each was pointed to a NDS tree context for login authentication. To have simply
“turned off” NDS af
ter the migration would have a detrimental impact on the client PCs, as
their Netware clients searched in vain trying to find the defunct context. It was decided to
provide transparent “parallel” authentication in both NDS and the NT domain until the
Netw
are client could be installed by a PC technician. Once the Netware client was
uninstalled, the PC would utilize NT domain authentication exclusively. Until this could be
done, the parallel approach ensured a user would be authenticated regardless of the
configuration of the PC.


Printer sharing is not addressed in this article. In our environment, the printer shares
had been migrated off Novell to Windows/NT prior to the conversion of the file system.


To facilitate information gathering and file migrati
on, a Windows/NT 4.0
-
SP6 Intel
-
based
PC was used. This PC had both the TCP/IP and IPX/SPX protocols enabled and the Microsoft
and Netware clients loaded, thus enabling it to map drives to both file systems. This is the
PC where the file system migration
actually occurs, so it’s best if this PC has a fast CPU,
optimal memory, a 100MB NIC card, and be located close to the LAN segment hosting the
Netware and Linux servers.


Things that must be done:



Copying Netware NDS tree user accounts to an NT domain cont
roller

10/27/13

Netware to Linux Conversion

11:50 PM


Page
2

of
7



Copying user accounts



Copying groups



Copying directories and files



Migrating file/directory ownership information



Migrating file/directory group access rights information



Migrating file/directory “everyone” access rights information



Mapping Netware

NDS container objects to Linux groups



Emulating Netware file and directory permissions in Linux



Emulating Netware rights inheritance in Linux



Emulating Netware rights filtering in Linux


NDS replica information

The authentication of user logins in Netware

is handled via the NDS replicas. A server with
a replica of the appropriate context of the NDS tree is located and used to authenticate the
login and determine access to file/directory resources. The Samba distribution with Suse
Linux 7.0 integrates wit
h an existing NT domain controller, providing Linux login
authentication. The Microsoft migration tool for Netware (NWConv.exe) was used to extract
the user accounts from the Netware NDS tree and create them in the NT domain.


User accounts

Both systems su
pport provide users with login id and a password. The password cannot be
extracted from Netware, but can be set beforehand to a known value, then implemented on
both platforms. It’s a good idea to let the users know when you’re going to do this! After
t
he migration, the attributes of the Netware User_Template can be implemented in Linux
/etc/skel for creation of new users.


Groups

Groups act as containers for users. A user may be a member of more than one group.


Files and Directories

The naming convent
ions for Netware and Linux file/directory names are very similar.


File Ownership

Novell often refers to the originator of a file as the creator, Linux the owner. Symantecs
aside, it is assumed the owner of a directory/file has full rights to the object
.


File Group Access

Netware file/directory access supports the assignment of permissions to an unlimited
number of users and/or groups, with rights varying for each assignment. The Linux
directory/file group assignment provides for a single group, with
everyone in the group
having exactly the same rights. This represents one of the “compromises” during the
migration process. It is impossible to map the Netware file permission structure to Linux.
To provide a best
-
effort effort, it is assumed the membe
r of a group as read/write/execute
rights to the object.


File Everyone Access

The Netware “everyone” group is mapped to the Linux “rest of the world” access, with
comparable rights assigned.


Container Objects

Netware NDS supports containers called organi
zational units. These containers hold many
Netware object types, but we’re concerned with two; users and groups. Netware
organizational unit container objects are migrated as groups. Because containers
10/27/13

Netware to Linux Conversion

11:50 PM


Page
3

of
7

themselves hold groups, the existing groups are exp
anded so only users remain in the final
group.


Permissions

Linux files support read, write, and execute rights

Linux directories support view contents (read), create/delete files in the directory (write),
and ‘cd’ directory access (execute).

Netware files
/directories support supervisor, read, create, write, erase, modify, file scan,
and access control.

The permission mapping is handled as follows:



Supervisor

=

<ignored>



Read


=

Read



Create


=

<ignored>



Write


=

Write



Erase


=

<ignored>



Modify


=

<ignored>



File Scan

=

<ignored>



Access Cntrl

=

<ignored>


Inheritance

Netware file/directory permissions trickle down the NDS tree, much like a drop of water
trickles down from the highest branches of a tree to its base. Rights assigned to groups or
users are “inhe
rited” by directories and files logically positioned underneath the location of
the original rights assignment. This makes it easy to assign rights that are automatically
assumed by subservient directories. The closest Linux equivalent to this is the “re
curse”
option on ‘chown’, ‘chgrp’, and ‘chmod’ commands. Changes made at one level can be
recursed thru the underlying file structure. This recursion is a one
-
time setting of rights,
whereas the Netware rights function for new and old files alike. One w
ay to emulate part of
this automatic function is to use the Linux ‘umask’ command to specify the default
permissions for new files.


Inheritance Filter

Sometimes its undesirable for Netware file/directory permissions to trickle down, so an
inheritance filt
er can be used to block some or all of the permissions from trickling further
down a branch of the tree. There is no equivalent to this concept in Linux. When an
inheritance filter is encountered, the recursion of rights is stopped and a new rights
assig
nment is made from the point just below where the filter resided. This is a close, but
not exact, emulation of the Netware inheritance filter.


The preparation steps:



Migrate Netware NDS users and groups into the NT domain to be used for
authentication in

Linux



Configure Samba to join an NT domain



Gather information about the Netware server



Process the information using VB programs to create migration scripts



Migrate the file system from Netware to Linux



Set the ownership, group affinity, and permissions i
n Linux


Migrate Netware NDS

The Microsoft Netware to Windows NT migration tool can be used to copy the users and
groups into the desired NT domain. Microsoft knowledge base article Q187789 describes
the utility and how to use it.


10/27/13

Netware to Linux Conversion

11:50 PM


Page
4

of
7

Configure Samba to join

an NT domain

The Linux instance Samba Netbios machine name must be added to the NT domain using
Server Manager and the domain joined using the ‘smbpasswd’ command. Configure Samba
to use an NT Primary Domain Controller (PDC) for authentication. The foll
owing link goes
into great detail on how to do this:

http://www.linuxworld.com/linuxworld/lw
-
1998
-
10/lw
-
10
-
samba.ht ml


Gather information about the server

Prepare your conversion PC

Make sure you have a Netware userid with administrative rights to the ser
ver volume to be
converted.

From the conversion PC, connect the Netware volume to be migrated from using the
Netware MAP ROOT command. Map the Netware drive as N:

Connect the Linux Samba volume to be migrated to your PC as the L: drive.

Create a “convert”

directory on the C: drive to the results of the commands.


Build the directory ownership list

To simply the conversion we’re assuming that files within a directory inherit the ownership
and rights assignment of the directory. First we need to determine t
he owner of each
directory, the default rights assigned to it, and the inheritance filters (if any) that reside at
that level. The Netware NDIR provides the necessary information, but has some limitations
with directory recursion. To overcome these restr
ictions, we’re going make a list of the
entire directory structure and use it as input to a VB program that creates a DOS BAT file.
This bat file contains the manually recursed NDIR commands needed to gleam the
necessary information at all levels of the di
rectory structure. To build the directory
ownership list, do the following from the migration PC.



From the conversion PC, go to a DOS prompt



Issue ‘dir N:
\
* /AD /S > C:
\
convert
\
dir1.txt’



Edit the NWNDir VB program, & verify the following constants are cor
rect

o

ConvDir = "c:
\
convert"

o

NWServer = "004AC_SRV001"

o

NWVolume = "VOL1:"



Run NWNdir.exe, which reads dir1.txt & creates nwdir1.bat.



Run nwdir1.bat, which creates directory ownership file nwdir1.txt.


Build the group membership list

This list will tell us w
hat groups and container each user is a member of.



From the conversion PC, go to a DOS prompt



Issue ‘cx /R’ to change to the root of the NDS tree



Issue ‘nlist user show "group membership" /C /S > C:
\
convert
\
nwusers.txt’


Build the long to short directory n
ame list

Many of the old Netware commands returned directory/file names in the old DOS 8.3
format. We are going to build a cross
-
reference to be used by the next conversion
program.



From the conversion PC, go to a DOS prompt



Issue ‘dir N:
\

/AD /X /S > C:
\
convert
\
nwdir2.txt’


Build the trustee assignment list



From the conversion PC, go to a DOS prompt



Issue ‘rights N:
\

/C /T /S > C:
\
convert
\
nwdir3.txt’



10/27/13

Netware to Linux Conversion

11:50 PM


Page
5

of
7

Build the inherited rights filter list




From the conversion PC, go to a DOS prompt



Issue ‘rights N:
\

/C
/F /S > C:
\
convert
\
irights.txt’

Create the migration scripts from the captured information



Edit the nwconvrt.exe VB program, & verify the following constants are correct

o

ConvDir = "c:
\
convert"

o

NWServer = "004AC_SRV001"

o

NWVolume = "VOL1:"

o

NWHome = "home/"

o

L
inuxVol = "vol1/"

o

LinuxHome = "home/"



Run nwconvrt.exe, which creates the following files:

o

Convert.rpt


The conversion report

o

Convert.txt


The Linux migration shell script

o

xxxcopy.bat


The DOS file copy bat file


NWConvert does the following things:



Bui
lds a list of users and their group/container affiliations (from nwusers.txt)



Builds a short to short directory name cross
-
reference (from nwdir2.txt)



Builds a long to short directory name cross
-
reference (from nwdir2.txt)



Builds the directory ownership f
ile (from nwdir1.txt)



Builds the directory trustee assignment file (from nwdir3.txt)



Builds the directory inheritance filter file (from irights.txt)



Creates the xcopy directory copy deck



Defines all Netware users to Linux



Defines all Netware groups to Linu
x



Defines all Netware directory services containers as groups to Linux



Defines directory/file ownership as they existed on Netware



Where necessary, creates groups that represent the composite collection of all users
& groups having rights to a Netware dir
ectory



Associates all Linux users to their membership and generated groups



Simulates the inheritance of trustee assignments using Linux recursion



Simulates trustee rights inheritance filtering


The Migration

Now that the necessary conversion scripts are bu
ilt, we’ll begin the conversion

Prepare the Linux volume



Log into the Linux system as with supervisory rights to the conversion volume



Make sure the conversion volume is empty by issuing ‘rm

r *’


Prepare the Netware volume



Use servman.nlm to edit server
parameters.

o

Turn off file compression (Prevents compression run during copy)



Use edit.nlm to edit autoexec.ncf.

o

Comment out tsa410 (Prevents backups during copy)

o

Comment out unicon.ncf (Stops FTP)

o

Comment out initsys.ncf (Stops TCP/IP)

o

Add ‘disable login’
(Prevents login after restart)



Down & restart the IS Netware file server.



From Netware console issue ‘enable logins’.



Login your conversion PC into the IS Netware file server.



From Netware console issue ‘disable logins’.



From Netware console monitor discon
nect all unneeded users & print servers.

10/27/13

Netware to Linux Conversion

11:50 PM


Page
6

of
7


Copy the file system using the xxxcopy.bat file



Make sure the Netware volume is mapped as N:. For example, issue ‘map root
n:==(yournetwareserver)/(yournetwarevolume):



Make sure the Linux volume is mapped as L:.
For example, issue ‘net use l:
\
\
(yourlinuxserver)
\
(yourlinuxvolume)



Issue command ‘xxxcopy.bat > c:
\
convert
\
xxxcopy.rpt 2>&1’ from the conversion
PC. This may take some time depending on the size of the Netware volume. The
‘2>&1’ at the end of the comma
nd is needed to ensure any errors are placed in the
same file as the standard output copy results.



The script copies one directory at a time, which allows for restart should the process
be interrupted. Use the xxxcopy.rpt file to determine the last succes
sful copy, then
edit the xxxcopy.bat script to restart from that point.



Verify the copy was successful by reviewing the xxxcopy.rpt file create during the
copy operation.


Run convert.txt to synchronize the file system of Linux

The Netware file system has
been copied to the Linux volume, but all the Netware
ownership, trustee assignments, and rights were lost during the copy. The convert.txt
script created by the nwconvrt.exe program will reinstate these assignments.



Copy the convert.txt script created fr
om the nwconvert.exe program to the Linux
system where you copied the file system.



Log directly into the Linux instance (no Samba share) with a userid who has
administrative privileges to the volume containing the file system you just copied



Make sure the
convert.txt file is marked executable. You can do this by issuing the
command ‘chmod 755 convert.txt’.



Issue the command ‘convert.txt > convert.rpt’.



Once this command completes, verify the file system has been adjusted. Compare
the Netware and Linux fil
e systems for completeness. You will see new group
assignments in Linux where multiple directory group assignments existed in Linux.


Dismount converted volume from the Netware file server

Before continuing further it’s a good idea to dismount the Netware

volume you’ve just
converted. This will prevent someone accidentally connecting to the Netware file system
instead of Sambas.



From the Netware console issue ‘dismount (yournetwarevolume)’.



Change autoexec.ncf to only mount ‘sys’ on startup.


Remove Net
ware drive mappings from the Netware login scripts.

If the Netware volume is mapped in a Netware login script, it is necessary to remove all
references to it, otherwise errors will be reported when the users log on. To locate where
login scripts are defin
ed:



Open Netware Administrator (nwadmin)



From the menu bar, select object, then search



In ‘Start from:’, enter the highest context that would reference the converted
Netware server. If you’re not sure, enter ‘root’.



Click the ‘Search entire subtree’ check
box.



In ‘Search for’, select ‘Top’.



In ‘Property’, select ‘Login script’



In the property box, select ‘Present’, and click OK.



The list display is every container and group with a login script. Each of these needs
to be checked for references to the conver
ted Netware volume.

10/27/13

Netware to Linux Conversion

11:50 PM


Page
7

of
7



Note all drive mappings to the Netware volume. These mappings must be replicated
to the Windows/NT domain logon scripts for the conversion to be transparent to the
user.



Remove any references to the Netware volume from the login script
s.



Don’t forget to check the ‘default’ login script if you use one.


Add Linux Samba drive mappings to the NT logon scripts.

The section assumes you are using NT domains that employ logon scripts. Earlier you
joined your Linux Samba instance to a Windows/
NT PDC. We will now make the
corresponding net use drive mappings in the NT logon scripts that existed in the Netware
container/user login scripts.



If necessary, user server manager to determine the primary domain controller (PDC)
for the domain.



Make a b
ackup copy of all logon scripts in the
\
winnt
\
system32
\
repl
\
import
\
scripts

directory of the PDC.



For each drive mapping removed from the Netware login script, add a corresponding
entry in the NT logon script.

Drive mappings are often dependent on installa
tion
-
specific standards that are beyond the scope of this document. Suffice it to say you
will need to determine what groups of users need access to the converted volume.


Make Netware server available for login processing

It is likely you’ll be using the

Netware NDS for login authentication until the Netware client
can be removed from all PCs. To allow the Netware server to service logins you need to re
-
enable it.



From the Netware console issue ‘enable logins’.


System Test

The conversion effort is compl
ete. Test Linux Samba access by logging onto the PDC and
verifying the drives map correctly and the users have access to the directories and files they
had on Netware.