2
Oracle Files Protocol Support

This chapter discusses the protocol servers supported by Oracle Files, along with the client access paths and software for the supported protocols. Topics include:

• Industry-Standard Protocol Servers
• Client Access Paths and Software
• Using Oracle Files with NFS

Industry-Standard Protocol Servers

Oracle Files supports a wide range of protocols through its various protocol server implementations, including the following:

• AFP, the AppleTalk Filing Protocol, enables Macintosh users to use Oracle Files as if it were an AppleShare server. MacOS 9.x and above supports AFP over TCP, which allows AFP services to be made available over the Internet and networks that use TCP/IP as the underlying transport.
• FTP, the File Transfer Protocol, is used for file transfers across the Internet.
• HTTP, the Hypertext Transfer Protocol, is used for Web browser-based access. HTTP has been extended with WebDAV, a protocol designed for Internet collaboration. Currently, the most widespread WebDAV client is the Web Folders extension to Windows Explorer, also known as Network Places in Windows 2000/XP.
• NFS, the Network File System, is a mechanism for mounting remote file systems on UNIX platforms.
• NTFS, the NT File System (for Windows NT and Windows 2000), allows you to map a local drive to the Oracle Files repository on the server machine.
• SMB, the low-level server message block file-sharing protocol, lets you map Oracle Files as a network drive or browse to it via the Network Neighborhood.

  Note: SMB is only supported when Oracle Files is running on a UNIX or Linux server. When Oracle Files is running on a Windows server, it uses NTFS rather than SMB.

Users can connect to Oracle Files using protocols appropriate to their platform. For example, Mac users can connect from the Chooser to Oracle Files as if it were any other AppleShare server, Windows users can map a network drive or connect using Web Folders, and UNIX clients can connect using NFS.

The NFS, NTFS, and SMB protocols have the following limitation: versioned documents cannot be deleted, moved, or renamed. Some applications, including Microsoft Office applications, save files by first saving the data to a temporary file, deleting the original file, and then renaming the temporary file to the original name. If a document is versioned, this would result in the loss of previous versions.

Oracle Files-Specific Passwords

Some protocols, including AFP and FTP, send unencrypted passwords over the network, which means that if one of these passwords is intercepted, it could provide access to all systems controlled by Oracle Internet Directory for that user. To provide more security, you should create an Oracle Files-specific password (rather than the default Oracle Internet Directory password) to authenticate users of these protocol servers.

Protocols with which to associate the Oracle Files-specific password were selected during Oracle Files configuration. To change the set of protocols that require the Oracle Files-specific password, edit the following service configuration property:

IFS.SERVICE.CREDENTIALMANAGER.Oid.IfsPasswordApplications

Only the AFP, FTP, SMB, and NTFS protocols may use the Oracle Files-specific password. See "Changing a Service Configuration" for information on editing service configuration parameters.

To set Oracle Files-specific passwords, use the Protocol Access page in Oracle Files. See the Oracle Files online help for details.

Client Access Paths and Software

This section describes the client access paths for various protocols, including AFP, HTTP, and NFS. It also describes how to install the Oracle FileSync client software.

Oracle FileSync Client Software

In addition to using the networking protocols or client applications native to the Windows operating system, Windows users can install and use Oracle FileSync to keep local directories on a desktop machine and folders in Oracle Files synchronized.

Installing Oracle FileSync

Oracle FileSync is a Windows client software application that enables users to keep files synchronized between their local machine and Oracle Files. To install Oracle FileSync, users should follow these steps:

1. Save and exit all Windows applications.
2. Log in to Oracle Files and click Help. On the main online help page, click the link in the Oracle FileSync section.
3. Save the install executable to your hard drive.
4. Double-click FileSync.exe to run the installation program.
5. Follow the instructions and accept the defaults. The application will be installed in the Windows client machine in the directory:

   c:\Program Files\Oracle\Oracle FileSync
   
   

6. To start the Oracle FileSync application, select Oracle FileSync from the Windows Start -> Programs menu.

Client Access Paths

With an account name and password, users--administrators or regular end-users--can access Oracle Files using the client tool of their choice. Web users can use a Web browser for HTTP or FTP access; Windows users can map drives or use WebDAV; Macintosh users can use the Chooser to mount AFP (AppleTalk Filing Protocol) protocol server. Table 2-1 lists some of the supported client platforms, access methods, and protocols supported. See the Oracle Collaboration Suite Release Notes for complete client certification information.

Table 2-1  Client Platforms and Protocol Support

Client Platform	Protocols Supported	Access Using
Windows	FTP, HTTP, SMB, NTFS, WebDAV, NFS	Browser, Windows Explorer, Oracle FileSync, Hummingbird Maestro
Macintosh	AFP, FTP, HTTP, WebDAV (Mac OS 10)	Macintosh Chooser (MacOS 9.x); Macintosh Go... Menu (Mac OSX)
UNIX	FTP, NFS	mount, link commands
Red Hat Linux Adv. Server 2.1	FTP, NFS	mount

The following sections provide additional information about client access to Oracle Files.

AppleTalk Filing Protocol (AFP) for Mac Clients

Oracle Files includes an AFP 2.2-compliant AppleTalk Filing Protocol (AFP) server. MacOS 9 and MacOS X clients can use the AFP Server just as if it were an AppleShare server. The steps users must take to connect to the AFP server depend on the MacOS on the client. MacOS 9 clients use the Chooser, while MacOS X clients use the Go... menu from the desktop, as detailed in the following sections.

From MacOS 9.x Clients

From MacOS 9.x clients, follow these steps:

1. Select Chooser... from the Apple menu. AppleShare servers, printers, and other resources appear.
2. Click the AppleShare icon. AppleShare servers appear in the right pane.
3. Click Server IP Address... in the lower portion of the dialog. A subsequent dialog appears.
4. Enter the IP address of the Oracle Files machine running AFP Server.

   The AppleShare icon appears on the client desktop.

From MacOS X Clients

In MacOS X, the Chooser doesn't exist. Clients should connect using the new Go... menu, as follows:

1. Select Go... from the menu.
2. Select Connect to Server... A dialog box appears.
3. Enter the address of the Oracle Files machine running AFP Server as a URL, as follows:

   afp://machine-name
   
   

   The AppleShare icon appears on the client desktop.

HTTP (Web Browser) and WebDAV Access

HTTP, WebDAV, and Oracle FileSync access to Oracle Files is as follows:

http://<server name>:<port>/files/content

Note: The default port is 7777.

The URL is required for access from:

• Web browser
• DAV applications, such as Web Folders
• Oracle FileSync utility

NFS (Network File System) Protocol

Oracle Files provides an NFS protocol server that is certified for use with several NFS clients, including:

• Solaris 7 and Solaris 8
• Red Hat Linux Adv. Server 2.1
• Windows NT and 2000 Clients using Hummingbird Maestro NFS

If the Oracle Files NFS server has been configured as the primary NFS server, then UNIX clients (Solaris 7, Solaris 8, and Red Hat Linux Adv. Server 2.1) can access the server using the standard NFS mount command, as shown in Table 2-2.

Table 2-2  Mount NFS Server (Configured as Primary NFS Server)

Syntax	Example
mount <host>:/ <mount_point>	mount ifsserver:/ /data/ifs

If the Oracle Files NFS server is configured as the secondary NFS server, or if the Oracle Files NFS server is not on the standard port number, Solaris clients must specify the 'public' option and Linux clients must specify the mount port, as described in "Solaris 7 and Solaris 8 Clients" and "Red Hat Linux Adv. Server 2.1 Clients".

Other caveats apply to Hummingbird Maestro clients, as detailed in "Linking an NFS Directory Using the NFS Maestro Network Access Tool".

NFS Server Limitations

Permission mode bits used by native UNIX NFS are not used by the Oracle Files NFS protocol server. Instead, as it does with its other protocol servers, Oracle Files NFS uses access control lists (ACLs) to control access. Because of this, displaying the permission mode bits from an NFS client is meaningless.

Note: If Oracle Files is configured to use a schema that is enabled for multiple subscribers, the guest user cannot access any folders using NFS. The guest account is valid only in a dedicated single-subscriber schema.

The Oracle Files NFS server also does not support:

• UNIX symbolic and hard links.
• UNIX chown, chgrp, and chmod commands.
• UNIX lock manager. Handles returned by the Oracle Files NFS server are not compatible with the UNIX lock manager. Applications requiring UNIX lock manager services will not work with the Oracle Files NFS server.

Solaris 7 and Solaris 8 Clients

If the Oracle Files NFS server is running as the primary NFS server on the host, users can enter the standard mount command as shown in Table 2-2. If the Oracle Files NFS server is the secondary NFS server on the host, you must explicitly include the port number in the mount command:

mount -o port=<portno>,public <host>:/ <mount point>

For example:

mount -o port=4049,public ifsserver:/ /data/ifs

Alternatively, you can enter:

mount nfs://<host>:<portno>/ <mount point>

For example:

mount nfs://ifsserver:4049/ /data/ifs

Red Hat Linux Adv. Server 2.1 Clients

If the Oracle Files NFS server is running as the primary NFS server on the host, users can enter the standard mount command as shown in Table 2-2. If the Oracle Files NFS server is the secondary NFS server on the host, you must explicitly include the port number in the mount command:

mount -o port=<portno>,mountport=<portno1> <host>:/ <mount point>

For example:

mount -o port=4049,mountport=4048 ifsserver:/ /data/ifs

Windows Clients

While client access to NFS is available on all UNIX operating systems, Windows systems require additional client software. Hummingbird Maestro NFS is one such client certified for use with Oracle Files NFS Server.

• Windows 2000 users who want to connect to Oracle Files NFS Server must use Hummingbird Maestro NFS 7.0.
• Windows NT users who want to connect to Oracle Files NFS Server can use Hummingbird Maestro NFS 6.0.

See the Oracle Collaboration Suite Release Notes for other supported NFS client applications and version numbers.

Note: Enter the fully-qualified hostname (hostname.yourcompany.com) in the Windows client network configuration for the NFS client. Move the NFS client to the top of the list (network access in Network control panel, if you have more than one NFS client installed) to ensure that its driver is used for the connection.

Linking an NFS Directory Using the NFS Maestro Network Access Tool

Before using the Hummingbird NFS Maestro client to access the Oracle Files NFS server, you should check that the NFS Maestro client is properly configured.

1. From the NFS Maestro folder, start the NFS Network Access tool. The NFS Network Access dialog appears.
2. Enter the host name of the Oracle Files NFS server in the Network Path field, using this format:

   \\<hostname>\
   
   

3. In the Authentication Details area, enter the UNIX username and password for accessing the Oracle Files NFS server. Select System/UNIX Authentication as the Authentication Protocol.
4. Set the Miscellaneous values:
   • DOS-style sharing: De-select DOS-style file sharing unless you have the HCLNFSD daemon running on the NFS server machine. HCLNFSD is required for DOS-style file sharing; if the HCLNFSD daemon is not running on the NFS server, response times in accessing files will be unacceptable.
   • UNIX lock manager: De-select UNIX lock manager if it is checked. The Oracle Files NFS server is not compatible with the UNIX lock manager.
   • CD-ROM: De-select this box if it is selected. (Used for CD-ROM or other read-only file system.)
5. Click Advanced to display the Advanced Connection Properties dialog.
6. Select Preserve Case for Filename Case.
7. If the Oracle Files NFS server is running as a secondary NFS server, change the NFS Port number from the standard port (2049) to the alternate port number that the Oracle Files NFS server is using.
8. To use TCP instead of UDP for connection to the NFS server, select Use TCP. (TCP uses the standard NFS port 2049. Do not select this box if the Oracle Files NFS server is running on an alternate port.)

Linking an NFS Directory Using the Command Line

If the Oracle Files NFS server is the primary NFS server on the host, you can mount Oracle Files using the Maestro command-line syntax, as follows:

nfs link <drive>: \\<host>\ <username>

For example:

nfs link n: \\ifsserver\ scott

If the Oracle Files NFS server is the secondary NFS server on the host, you must specify the Oracle Files NFS server port number in the command line, as follows:

nfs link <drive>: \\<host>\ <username> /n:4049

For example:

nfs link n: \\ifsserver\ scott /n:4049

The nfs link command uses the default values configured for the NFS Maestro Client, unless you specify options listed in Table 2-3.

Table 2-3  Maestro Command Line Options

Option	Meaning	Usage Note
/L:s	Use DOS-style sharing.	Requires that the hclnfsd daemon run on the server.
/L:	Disables locking.	Use this parameter if the server does not have hclnfsd daemon running.
/M:p	Preserve case of filenames.
/A:u	Use System/UNIX authentication.	Always use this setting.
/T	Use a TCP connection instead of a UDP connection (optional).	TCP connections always use port 2049. Do not use this option unless the Oracle Files NFS server is running port 2049 (the default).

Common problems are often due to incorrect port numbers. If the hclnfsd daemon is not running on the server, be sure that DOS-style locking and sharing is disabled on the client.

Maestro Error Messages

Table 2-4 lists some common error messages and other Maestro client problems.

Table 2-4  Maestro Client or Server Error Messages or Problem Symptoms

Problem	Corrective Action
"Access denied by server" message	Check that the correct port number is being used for the Oracle Files NFS server. Note: A TCP connection will always use the standard NFS port (2049). Do not use this option if the Oracle Files NFS server is running on an alternate port.
"Authorization Error" message	The username and password may have been specified incorrectly. Make sure that a UNIX username and password which are valid on the authentication server are specified.
"Bad Network Name" message	Verify that the host name and pathname are correctly specified. If they are, then use the NFS Maestro Rpcinfo tool and verify that the NFS server (process number 100003) is running on the host.
Maestro client appears to hang	Verify that the hclnfsd daemon is running on the server machine. If it's not, either start the daemon (if possible), or verify that DOS-style sharing UNIX lock manager have been de-selected in the Maestro client settings. For the Maestro command line, be sure to specify '/L:' on the command line when linking to disable locking. (You can check all current mapped drives by using Maestro's nfs use command.).
"Network Timeout or HCLNFSD/PCNFSD not running on Host" message	Verify that the default authentication server has been correctly configured in the NFS client. Verify that the hclnfsd daemon is running. Perform the verifications listed for the "Bad Network Name" message.
nfs link command hangs	Verify that the correct host name and port number are specified and that the Oracle Files NFS server is running.
"NFS service not responding" error message	Verify that the correct host name and port number are specified and that the Oracle Files NFS server is running.
"Permission denied" error message	Verify that the host name and pathname are correctly specified. Verify that the port is correctly specified for the Oracle Files NFS server.

Using Oracle Files with NFS

Depending on the specifics of your Oracle Files deployment, you may choose to perform the post-configuration task of configuring the NFS Server. This task is not required to get Oracle Files up and running.

Configuring the NFS Server

There are three different configuration changes you may want to make to the Oracle Files NFS Protocol Server:

• UNIX-UID-to-Oracle Files-User Account Client Mapping. Creates a mapping between UNIX UIDs and Oracle Files user accounts so that users can access Oracle Files after logging on to their UNIX user accounts.
• Setting Up a Trusted Client List. Explicitly grants or revokes access privileges to a specific IP address (or host machine) or domains. The Trusted Client list is an Oracle-specific capability to enhance NFS protocol security.
• Enabling NIS Authentication. If your environment uses NIS for user, group, and password information, you can configure the Oracle Files NFS protocol server to use the NIS server to authenticate users.

In most environments, you should map the UNIX and Oracle Files accounts.

The Trusted Client List and NIS authentication are NFS server configuration properties. UID mapping is specified in a dynamic domain property.

UNIX-UID-to-Oracle Files-User Account Client Mapping

Oracle Files NFS Protocol Server uses the UNIX system authentication process to authenticate users; that is, the UNIX UID (user identification) number is passed to the Oracle Files NFS protocol server.

Users can log in once to the UNIX operating system, and then access Oracle Files without having to undergo an additional log in process, as long as their UNIX accounts are mapped to Oracle Files accounts.

UNIX-UID to-Oracle Files client mapping is configured in the IFS.DOMAIN.PROTOCOL.NFS.UidToUserMap domain property. You can map UIDs manually, through the Oracle Enterprise Manager Web site, or you can upload UIDs using the Java Bulk NFS Tool.

To map UIDs manually:

1. From a Web browser, access the URL to connect to the Oracle Enterprise Manager Web site running on the machine where the Oracle Files domain controller is configured:

   http://<hostname>:1810
   
   

2. Enter the Oracle9iAS login username and password to continue.
   • Enter ias_admin as the username with the appropriate password for the Oracle9iAS instance.

   The Application Server Home page appears, listing all the Oracle9iAS system components running on the instance, including the Oracle Files domain:

   iFS_<hostname.companyname.com>:1521:<DBServiceName>:<files schema>
   
   

3. Click the name of the Oracle Files domain. The Oracle Files top-level page appears, listing the Domain Controller and nodes that comprise the domain.
4. Click Domain Properties (under the Configuration heading). The Domain Properties page appears, listing 25 property bundles at a time. Scroll down until you find IFS.DOMAIN.PROTOCOL.NFS.UidToUserMap (you may need to move to the second or subsequent page to find this object).
5. Click IFS.DOMAIN.PROTOCOL.NFS.UidToUserMap. The Edit page appears.

   By default, the UID 60001 (default UNIX guest account) is listed on the page.

6. Click Add to add a UNIX UID and create a mapping to an Oracle Files user account:
   • Enter the UID in the Name field.
   • Enter the Oracle Files user account name in the Value field.
   • Leave the Type setting as "String."
7. Continue adding users in this manner until you have added all users with UNIX client accounts that will access Oracle Files using NFS.

To map UIDs using the Bulk NFS Tool:

1. On any middle-tier host, ensure that the CLASSPATH includes files.jar.
2. Run the following Java code with the required values:

   java oracle.ifs.protocols.nfs.tools.UidLoader SmallServiceConfiguration 
   system <files system user password> 
   uidfile=$IFSROOT/test/common/sosd/uidtoname
   
   

   Where uidtoname is a flat file you have created with entries of type:

   <files user>:x:<uidonclient>
   
   

   For example:

   jsmith:x:44610
   
   

3. When prompted, enter the name of the Oracle Files domain, in the format:

   ifs://<host>:<port>:<service>:<schema>
   
   

4. When prompted, enter the Oracle Files schema password.

Setting Up a Trusted Client List

You can create a list of trusted clients for Oracle Files to enhance NFS security. You should change these settings in the Configuration Object and then load the server on the service using the modified configuration object so that the client list is used after a restart. (Optionally, you can modify these properties dynamically).

1. From a Web browser, connect to the Oracle Enterprise Manager Web site running on the machine where the Oracle Files domain controller is configured:

   http://<hostname>:1810
   
   

2. Enter the Oracle9iAS login username and password to continue.
   • Enter ias_admin as the username with the appropriate password for the Oracle9iAS instance.

   The Application Server Home page appears, listing all the Oracle9iAS system components running on the instance, including the Oracle Files domain:

   IFS_<hostname.companyname.com>:1521:<DBServiceName>:<files schema>
   
   

3. Click the name of the Oracle Files domain. The Oracle Files top-level page appears, listing the Domain Controller and nodes that comprise the domain.
4. Click Server Configurations (under the Configuration heading). The Server Configurations page appears, listing 25 property bundles at a time. Scroll down until you find NfsServerConfiguration.
5. Click NfsServerConfiguration. The Edit page appears.
6. Scroll down to the Properties section of the page to the IFS.SERVER.PROTOCOL.NFS.TrustedClientList and the IFS.SERVER.PROTOCOL.NFS.TrustedClientsEnabled properties. (You may need to move to the subsequent page for these properties.)
7. Select the IFS.SERVER.PROTOCOL.NFS.TrustedClientsEnabled property and click Edit. The Edit Property page appears.
8. Set the Value to True. Click OK to save the change and return to the Edit page.
9. Select the IFS.SERVER.PROTOCOL.NFS.TrustedClientList property and click Edit. Specify each entry in one of the following formats:
   • Client address, specified by a hostname or an IP address, such as smith.oracle.com or 130.35.59.9
   • Domain suffix, specified as a string starting with a period character, such as.us.oracle.com
   • Subnet, specified as an "@" character followed by an IP address, with an optional subnet bit length (/n) specifying the number of significant bits in the subnet address. Low order zero bytes of the subnet address may be omitted. Examples include @130.35.68.0, @130.35.68, and @130.35.68.0/24.

     If an entry is preceded by a hyphen, then that specific client will be denied access through the Oracle Files NFS server.

10. Click OK to save the change and return to the Edit page.
11. Click OK to save and return to the Server Configuration page.

If the node is currently running, you must either restart the node or load the modified configuration object onto the node.

To reload the node configuration:

1. Return to the Oracle Files top-level page.
2. Click the Node where the NFS protocol server (NfsServer) is running. The Node page appears.
3. Stop the existing NfsServer (if one is already running on the service).
4. Unload this NfsServer.
5. Load the modified NFS protocol server object.
6. Start the new, modified NfsServer.
7. Restart the service.

Enabling NIS Authentication

NIS (Network Information System) is a centralized management facility that consolidates UNIX password, group, and host file information. It is essentially a distributed database of information that is easier to maintain than individual files (/etc/group, /etc/passwd, /etc/hosts) in large UNIX networks.

1. Using a Web browser, connect to the Oracle Enterprise Manager Web site running on the machine where the Oracle Files domain controller is configured:

   http://<hostname>:1810
   
   

2. Enter the Oracle9iAS login username and password to continue.
   • Enter ias_admin as the username with the appropriate password for the Oracle9iAS instance.

   The Application Server Home page appears, listing all the Oracle9iAS system components running on the instance, including the Oracle Files domain:

   IFS_<hostname.companyname.com>:1521:<DBServiceName>:<files schema>
   
   

3. Click the name of the Oracle Files domain. The Oracle Files top-level page appears, listing the Domain Controller and nodes that comprise the domain.
4. Click Server Configurations (under the Configuration heading). The Server Configurations page appears, listing 25 property bundles at a time. Scroll down until you find NfsServerConfiguration.
5. Click NfsServerConfiguration. The Edit page appears.
6. Scroll down to the Properties section of the page to the IFS.SERVER.PROTOCOL.NFS.NISEnabled and IFS.SERVER.PROTOCOL.NFS.NISServiceProvider properties.
7. Select the IFS.SERVER.PROTOCOL.NFS.NISEnabled property and click Edit. The Edit Property page appears.
8. Set the Value to True. Click OK to save the change and return to the Edit page.
9. Select the IFS.SERVER.PROTOCOL.NFS.NISServiceProvider property and click Edit.
   • Specify the name of the NIS server in your network that should be used to authenticate users. The format is:

     nis://<NIS-Server-Name>/<files domain>
     
     

10. Click OK to save the change and return to the Edit page.
11. Click OK to save and return to the Server Configuration page.

If the node is currently running, you must either restart the node or load the modified configuration object onto the node.

To reload the node configuration:

1. Return to the Oracle Files top-level page.
2. Click the Node where the NFS protocol server (NfsServer) is running. The Node page appears.
3. Stop the existing NfsServer (if one is already running on the service).
4. Unload this NfsServer.
5. Load the modified NFS protocol server object.
6. Start the new, modified NfsServer.
7. Restart the service.