Pioneer DRM-6NX manual Access Control, NetWare NCP, Use Filer to change the default access rights

Access Control

Security Management within NetWare depends upon the selected mode:

ÖBindery mode without user authentication

ÖBindery mode with user authentication

ÖNDS mode

The DRM-6NX acts as a typical NetWare file server, which means use standard procedures such as Filer and NWAdmin for handling security

NOTE:

7You cannot set up access restrictions for the NetWare environment via the DRM-6NX web interface.

NetWare Bindery Without Authentication

If user authentication is not required, you do not have to specify an authentication server. The Supervisor can log in using the Server password. Other users can log in without password and will be considered to belong to the EVERYONE group.

NetWare server licenses are not required since the DRM-6NX does not log on to the file server.

Use the standard NetWare administration tool, (e.g. Filer) to limit DRM-6NX system file access to the Supervisor. Unauthorized users will have guest access to the volumes. This is normally sufficient security for a DRM-6NX.

NetWare Bindery With Authentication

If user access control is required, you must specify an authentication server in the Authentication Server parameter. The DRM-6NX will need to log on to the authentication server in order to authenticate the user and read which groups the user belongs to. In this case, the authentication server must have a standby license for the DRM-6NX, but several DRM-6NXs can share this license. If a license is not available, the user will still be authenticated but group information cannot be read.

Authorized users will have configurable rights to the volumes of the DRM-6NX.

The authentication procedure reduces the Administrator overhead as there is no need for maintaining a separate user database for the DRM-6NX. If the user is defined in the file server that the DRM-6NX uses for authentication, the user will automatically have access to the DRM-6NX.

Authentication to a NetWare 3.x Server

For access to a DRM-6NX connected to a NetWare 3.x server, authentication is checked against the user list in the bindery of the NetWare server:

ÖIf a user is on the list, the password will be verified If the password is correct, the user will be granted access

ÖIf the password is incorrect, log in will fail

If a user is not on the list, access to the DRM-6NX is refused. However, a user may log in as a guest and obtain access to volumes that are not protected

Default Access Rights

The default access rights in NetWare bindery mode are set up by the following trustee assignments:

ÖThe root of the SYS volume has [EVERYONE] as trustee with File Scan, Read, Write, Create, Modify and Erase rights

ÖThe system and wwwroot folders have all rights except Supervisor filtered. Thus all system files are effectively protected from unauthorized users

NOTE:

7Use Filer to change the default access rights

Setting Security Rigths in NetWare Bindery

The security rights can be set using standard procedures, e.g. Filer.

If you want to make all of the volumes in the DRM-6NX available to some users only, limit access to all the volumes:

1.Login as Supervisor on the DRM-6NX. In order for Filer to access the DRM-6NX, the client must have an active connection.

2.Login as Supervisor on your NetWare Bindery file server and start Filer.

3.Change the current directory to PIONEER<nnnnnn>_NW/SYS:.

4.Remove the [EVERYONE] trustee from the root.

5.Add a new trustee assignment to the root.

If you want to restrict access to one or more volumes but grant all users access to most volumes, limit access to individual resources:

1.Login as Supervisor on the DRM-6NX. In order for Filer to access the DRM-6NX, the client must have an active connection.

2.Login as Supervisor on your NetWare Bindery file server and start Filer.

3.Change the current directory to PIONEER<nnnnnn>_NW/SYS:.

4.On the resource you want to protect, set an inherited rights filer and filer ALL rights.

23