Copy the Netware Bosvol1 filesystem to Linux (bos1)



The advent of open source systems has created a new frontier of information technology, with operating systems, utilities, and tools written by and available to anyone. Like all revolutionary developments in technology, adoption of the new platform is often restricted and throttled by the burden of converting legacy systems. Failure to upgrade these old systems can create a “Tower of Babel” of disparate platforms requiring costly administrative and management headaches. The question isn’t whether legacy platforms should be upgraded, but how. To that extent, this document and the accompanying programs demonstrate one method of migrating a Novell Netware file server to Linux Samba. The ideas expressed here certainly don’t represent the only way to accomplish this task. Suffice it to say that during the summer of 2002, a 600-user version of Novell Netware 4.1, with 80GB of disk storage and more that one quarter million files was migrated to Linux Samba. The migration was accomplished by one individual using the programs mentioned in this document. The migration was successful on the first attempt. It is certainly debatable (and should be debated!) whether the strategies suggested here are the best, but they do work in a real-world conversion.

This is not a teaching document, but to understand some of the decisions (and compromises) made, you must understand the idiosyncrasies of each operating system. These differences are detailed and reviewed whenever they affected conversion decisions. The Visual Basic programs used to create the migration scripts aren’t all-encompassing utilities, but templates to be tailored to suit your installation standards and requirements. For those how prefer a different programming language, the migration programs can easily be rewritten in REXX, PERL, or C++.

The migration strategy was developed using Novell Netware 4.1 Intel-based file servers running Netware Directory Services (NDS) and Suse Linux 7.0 (s390) running under Z/VM. The Netware 4.1 file servers use the Netware Core Protocol (NCP) utilizing IPX/SPX as the communications protocol. The Linux file servers use Samba (SMB) utilizing the TCP/IP.

A decision needs to be made on how to handle the client PCs. The large user community involved with our server migration made it impossible to touch every PC, so the migration had to be transparent to the user. Each user PC had the Novell client for Netware installed, and each was pointed to a NDS tree context for login authentication. To have simply “turned off” NDS after the migration would have a detrimental impact on the client PCs, as their Netware clients searched in vain trying to find the defunct context. It was decided to provide transparent “parallel” authentication in both NDS and the NT domain until the Netware client could be installed by a PC technician. Once the Netware client was uninstalled, the PC would utilize NT domain authentication exclusively. Until this could be done, the parallel approach ensured a user would be authenticated regardless of the configuration of the PC.

Printer sharing is not addressed in this article. In our environment, the printer shares had been migrated off Novell to Windows/NT prior to the conversion of the file system.

To facilitate information gathering and file migration, a Windows/NT 4.0-SP6 Intel-based PC was used. This PC had both the TCP/IP and IPX/SPX protocols enabled and the Microsoft and Netware clients loaded, thus enabling it to map drives to both file systems. This is the PC where the file system migration actually occurs, so it’s best if this PC has a fast CPU, optimal memory, a 100MB NIC card, and be located close to the LAN segment hosting the Netware and Linux servers.

Things that must be done:

• Copying Netware NDS tree user accounts to an NT domain controller

• Copying user accounts

• Copying groups

• Copying directories and files

• Migrating file/directory ownership information

• Migrating file/directory group access rights information

• Migrating file/directory “everyone” access rights information

• Mapping Netware NDS container objects to Linux groups

• Emulating Netware file and directory permissions in Linux

• Emulating Netware rights inheritance in Linux

• Emulating Netware rights filtering in Linux

NDS replica information

The authentication of user logins in Netware is handled via the NDS replicas. A server with a replica of the appropriate context of the NDS tree is located and used to authenticate the login and determine access to file/directory resources. The Samba distribution with Suse Linux 7.0 integrates with an existing NT domain controller, providing Linux login authentication. The Microsoft migration tool for Netware (NWConv.exe) was used to extract the user accounts from the Netware NDS tree and create them in the NT domain.

User accounts

Both systems support provide users with login id and a password. The password cannot be extracted from Netware, but can be set beforehand to a known value, then implemented on both platforms. It’s a good idea to let the users know when you’re going to do this! After the migration, the attributes of the Netware User_Template can be implemented in Linux /etc/skel for creation of new users.

Groups

Groups act as containers for users. A user may be a member of more than one group.

Files and Directories

The naming conventions for Netware and Linux file/directory names are very similar.

File Ownership

Novell often refers to the originator of a file as the creator, Linux the owner. Symantecs aside, it is assumed the owner of a directory/file has full rights to the object.

File Group Access

Netware file/directory access supports the assignment of permissions to an unlimited number of users and/or groups, with rights varying for each assignment. The Linux directory/file group assignment provides for a single group, with everyone in the group having exactly the same rights. This represents one of the “compromises” during the migration process. It is impossible to map the Netware file permission structure to Linux. To provide a best-effort effort, it is assumed the member of a group as read/write/execute rights to the object.

File Everyone Access

The Netware “everyone” group is mapped to the Linux “rest of the world” access, with comparable rights assigned.

Container Objects

Netware NDS supports containers called organizational units. These containers hold many Netware object types, but we’re concerned with two; users and groups. Netware organizational unit container objects are migrated as groups. Because containers themselves hold groups, the existing groups are expanded so only users remain in the final group.

Permissions

Linux files support read, write, and execute rights

Linux directories support view contents (read), create/delete files in the directory (write), and ‘cd’ directory access (execute).

Netware files/directories support supervisor, read, create, write, erase, modify, file scan, and access control.

The permission mapping is handled as follows:

• Supervisor =

• Read = Read

• Create =

• Write = Write

• Erase =

• Modify =

• File Scan =

• Access Cntrl =

Inheritance

Netware file/directory permissions trickle down the NDS tree, much like a drop of water trickles down from the highest branches of a tree to its base. Rights assigned to groups or users are “inherited” by directories and files logically positioned underneath the location of the original rights assignment. This makes it easy to assign rights that are automatically assumed by subservient directories. The closest Linux equivalent to this is the “recurse” option on ‘chown’, ‘chgrp’, and ‘chmod’ commands. Changes made at one level can be recursed thru the underlying file structure. This recursion is a one-time setting of rights, whereas the Netware rights function for new and old files alike. One way to emulate part of this automatic function is to use the Linux ‘umask’ command to specify the default permissions for new files.

Inheritance Filter

Sometimes its undesirable for Netware file/directory permissions to trickle down, so an inheritance filter can be used to block some or all of the permissions from trickling further down a branch of the tree. There is no equivalent to this concept in Linux. When an inheritance filter is encountered, the recursion of rights is stopped and a new rights assignment is made from the point just below where the filter resided. This is a close, but not exact, emulation of the Netware inheritance filter.

The preparation steps:

• Migrate Netware NDS users and groups into the NT domain to be used for authentication in Linux

• Configure Samba to join an NT domain

• Gather information about the Netware server

• Process the information using VB programs to create migration scripts

• Migrate the file system from Netware to Linux

• Set the ownership, group affinity, and permissions in Linux

Migrate Netware NDS

The Microsoft Netware to Windows NT migration tool can be used to copy the users and groups into the desired NT domain. Microsoft knowledge base article Q187789 describes the utility and how to use it.

Configure Samba to join an NT domain

The Linux instance Samba Netbios machine name must be added to the NT domain using Server Manager and the domain joined using the ‘smbpasswd’ command. Configure Samba to use an NT Primary Domain Controller (PDC) for authentication. The following link goes into great detail on how to do this:



Gather information about the server

Prepare your conversion PC

Make sure you have a Netware userid with administrative rights to the server volume to be converted.

From the conversion PC, connect the Netware volume to be migrated from using the Netware MAP ROOT command. Map the Netware drive as N:

Connect the Linux Samba volume to be migrated to your PC as the L: drive.

Create a “convert” directory on the C: drive to the results of the commands.

Build the directory ownership list

To simply the conversion we’re assuming that files within a directory inherit the ownership and rights assignment of the directory. First we need to determine the owner of each directory, the default rights assigned to it, and the inheritance filters (if any) that reside at that level. The Netware NDIR provides the necessary information, but has some limitations with directory recursion. To overcome these restrictions, we’re going make a list of the entire directory structure and use it as input to a VB program that creates a DOS BAT file. This bat file contains the manually recursed NDIR commands needed to gleam the necessary information at all levels of the directory structure. To build the directory ownership list, do the following from the migration PC.

• From the conversion PC, go to a DOS prompt

• Issue ‘dir N:\* /AD /S > C:\convert\dir1.txt’

• Edit the NWNDir VB program, & verify the following constants are correct

o ConvDir = "c:\convert"

o NWServer = "004AC_SRV001"

o NWVolume = "VOL1:"

• Run NWNdir.exe, which reads dir1.txt & creates nwdir1.bat.

• Run nwdir1.bat, which creates directory ownership file nwdir1.txt.

Build the group membership list

This list will tell us what groups and container each user is a member of.

• From the conversion PC, go to a DOS prompt

• Issue ‘cx /R’ to change to the root of the NDS tree

• Issue ‘nlist user show "group membership" /C /S > C:\convert\nwusers.txt’

Build the long to short directory name list

Many of the old Netware commands returned directory/file names in the old DOS 8.3 format. We are going to build a cross-reference to be used by the next conversion program.

• From the conversion PC, go to a DOS prompt

• Issue ‘dir N:\ /AD /X /S > C:\convert\nwdir2.txt’

Build the trustee assignment list

• From the conversion PC, go to a DOS prompt

• Issue ‘rights N:\ /C /T /S > C:\convert\nwdir3.txt’

Build the inherited rights filter list

• From the conversion PC, go to a DOS prompt

• Issue ‘rights N:\ /C /F /S > C:\convert\irights.txt’

Create the migration scripts from the captured information

• Edit the nwconvrt.exe VB program, & verify the following constants are correct

o ConvDir = "c:\convert"

o NWServer = "004AC_SRV001"

o NWVolume = "VOL1:"

o NWHome = "home/"

o LinuxVol = "vol1/"

o LinuxHome = "home/"

• Run nwconvrt.exe, which creates the following files:

o Convert.rpt – The conversion report

o Convert.txt – The Linux migration shell script

o xxxcopy.bat – The DOS file copy bat file

NWConvert does the following things:

• Builds a list of users and their group/container affiliations (from nwusers.txt)

• Builds a short to short directory name cross-reference (from nwdir2.txt)

• Builds a long to short directory name cross-reference (from nwdir2.txt)

• Builds the directory ownership file (from nwdir1.txt)

• Builds the directory trustee assignment file (from nwdir3.txt)

• Builds the directory inheritance filter file (from irights.txt)

• Creates the xcopy directory copy deck

• Defines all Netware users to Linux

• Defines all Netware groups to Linux

• Defines all Netware directory services containers as groups to Linux

• Defines directory/file ownership as they existed on Netware

• Where necessary, creates groups that represent the composite collection of all users & groups having rights to a Netware directory

• Associates all Linux users to their membership and generated groups

• Simulates the inheritance of trustee assignments using Linux recursion

• Simulates trustee rights inheritance filtering

The Migration

Now that the necessary conversion scripts are built, we’ll begin the conversion

Prepare the Linux volume

• Log into the Linux system as with supervisory rights to the conversion volume

• Make sure the conversion volume is empty by issuing ‘rm –r *’

Prepare the Netware volume

• Use servman.nlm to edit server parameters.

o Turn off file compression (Prevents compression run during copy)

• Use edit.nlm to edit autoexec.ncf.

o Comment out tsa410 (Prevents backups during copy)

o Comment out unicon.ncf (Stops FTP)

o Comment out initsys.ncf (Stops TCP/IP)

o Add ‘disable login’ (Prevents login after restart)

• Down & restart the IS Netware file server.

• From Netware console issue ‘enable logins’.

• Login your conversion PC into the IS Netware file server.

• From Netware console issue ‘disable logins’.

• From Netware console monitor disconnect all unneeded users & print servers.

Copy the file system using the xxxcopy.bat file

• Make sure the Netware volume is mapped as N:. For example, issue ‘map root n:==(yournetwareserver)/(yournetwarevolume):

• Make sure the Linux volume is mapped as L:. For example, issue ‘net use l: \\(yourlinuxserver)\(yourlinuxvolume)

• Issue command ‘xxxcopy.bat > c:\convert\xxxcopy.rpt 2>&1’ from the conversion PC. This may take some time depending on the size of the Netware volume. The ‘2>&1’ at the end of the command is needed to ensure any errors are placed in the same file as the standard output copy results.

• The script copies one directory at a time, which allows for restart should the process be interrupted. Use the xxxcopy.rpt file to determine the last successful copy, then edit the xxxcopy.bat script to restart from that point.

• Verify the copy was successful by reviewing the xxxcopy.rpt file create during the copy operation.

Run convert.txt to synchronize the file system of Linux

The Netware file system has been copied to the Linux volume, but all the Netware ownership, trustee assignments, and rights were lost during the copy. The convert.txt script created by the nwconvrt.exe program will reinstate these assignments.

• Copy the convert.txt script created from the nwconvert.exe program to the Linux system where you copied the file system.

• Log directly into the Linux instance (no Samba share) with a userid who has administrative privileges to the volume containing the file system you just copied

• Make sure the convert.txt file is marked executable. You can do this by issuing the command ‘chmod 755 convert.txt’.

• Issue the command ‘convert.txt > convert.rpt’.

• Once this command completes, verify the file system has been adjusted. Compare the Netware and Linux file systems for completeness. You will see new group assignments in Linux where multiple directory group assignments existed in Linux.

Dismount converted volume from the Netware file server

Before continuing further it’s a good idea to dismount the Netware volume you’ve just converted. This will prevent someone accidentally connecting to the Netware file system instead of Sambas.

• From the Netware console issue ‘dismount (yournetwarevolume)’.

• Change autoexec.ncf to only mount ‘sys’ on startup.

Remove Netware drive mappings from the Netware login scripts.

If the Netware volume is mapped in a Netware login script, it is necessary to remove all references to it, otherwise errors will be reported when the users log on. To locate where login scripts are defined:

• Open Netware Administrator (nwadmin)

• From the menu bar, select object, then search

• In ‘Start from:’, enter the highest context that would reference the converted Netware server. If you’re not sure, enter ‘root’.

• Click the ‘Search entire subtree’ checkbox.

• In ‘Search for’, select ‘Top’.

• In ‘Property’, select ‘Login script’

• In the property box, select ‘Present’, and click OK.

• The list display is every container and group with a login script. Each of these needs to be checked for references to the converted Netware volume.

• Note all drive mappings to the Netware volume. These mappings must be replicated to the Windows/NT domain logon scripts for the conversion to be transparent to the user.

• Remove any references to the Netware volume from the login scripts.

• Don’t forget to check the ‘default’ login script if you use one.

Add Linux Samba drive mappings to the NT logon scripts.

The section assumes you are using NT domains that employ logon scripts. Earlier you joined your Linux Samba instance to a Windows/NT PDC. We will now make the corresponding net use drive mappings in the NT logon scripts that existed in the Netware container/user login scripts.

• If necessary, user server manager to determine the primary domain controller (PDC) for the domain.

• Make a backup copy of all logon scripts in the \winnt\system32\repl\import\scripts directory of the PDC.

• For each drive mapping removed from the Netware login script, add a corresponding entry in the NT logon script. Drive mappings are often dependent on installation-specific standards that are beyond the scope of this document. Suffice it to say you will need to determine what groups of users need access to the converted volume.

Make Netware server available for login processing

It is likely you’ll be using the Netware NDS for login authentication until the Netware client can be removed from all PCs. To allow the Netware server to service logins you need to re-enable it.

• From the Netware console issue ‘enable logins’.

System Test

The conversion effort is complete. Test Linux Samba access by logging onto the PDC and verifying the drives map correctly and the users have access to the directories and files they had on Netware.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download