Oracle® Files Administrator's Guide Release 2 (9.0.4) Part Number B10872-02 |
|
|
View PDF |
This chapter discusses the protocol servers supported by Oracle Files, along with the client access paths and software for the supported protocols. Topics include:
Oracle Files supports a wide range of protocols, including the following:
HTTP, the Hypertext Transfer Protocol, is used for Web browser-based access. HTTP has been extended with WebDAV, a protocol designed for Wide Area Networks such as the Internet. Currently, the most widespread WebDAV client is the Web Folders extension to Windows Explorer, also known as Network Places in Windows 2000/XP.
FTP, the File Transfer Protocol, is used for file transfers across Wide Area Networks such as the Internet.
SMB, the Server Message Block protocol, lets you map Oracle Files as a network drive or browse to it through the Network Neighborhood.
AFP, the AppleTalk Filing Protocol, enables Macintosh users to use Oracle Files as if it were an AppleShare server. Mac OS X supports AFP over TCP, which allows AFP services to be made available over the Internet and networks that use TCP/IP as the underlying transport.
NFS, the Network File System, is a mechanism for mounting remote file systems on UNIX platforms.
Users can connect to Oracle Files using protocols appropriate to their platform. For example, Macintosh users can connect to Oracle Files as if it were an AppleShare server, Windows users can map a network drive or connect using Web Folders, and UNIX clients can connect using NFS.
Some protocols, such as FTP and AFP, send unencrypted passwords over the network. Oracle Internet Directory users should use an Oracle Files-specific password for these protocols for greater security. See "Oracle Files-Specific Passwords" for more information.
This section describes how to install the Oracle FileSync client software. It also provides information about the client access paths for various protocols, including AFP, HTTP, and NFS.
For complete client certification information, see the Oracle Files chapter of the Oracle Collaboration Suite Release Notes.
In addition to using the networking protocols or client applications native to the Windows operating system, Windows users can install and use Oracle FileSync to keep local directories on a desktop computer and folders in Oracle Files synchronized.
Oracle FileSync is client software for Windows that enables users to keep files synchronized between their local computer and Oracle Files.
Follow these steps to install Oracle FileSync:
Save and exit all Windows applications.
Log in to Oracle Files and click Help. On the main online help page, click the link in the Oracle FileSync section.
Save the install executable to your hard drive.
Double-click fileSync.exe
to run the installation program.
Follow the instructions and accept the defaults. The application will be installed on the Windows client computer in the following directory:
c:\Program Files\Oracle\Oracle FileSync
To start the Oracle FileSync application, select Oracle FileSync from the Windows Start > Programs menu.
See the Oracle FileSync online help for information about using Oracle FileSync.
With an account name and password, users—administrators or regular end-users—can access Oracle Files using the client tool of their choice. Web users can use a Web browser for HTTP access. Windows users can map drives or use WebDAV, and Macintosh users can use the Go menu to access the AFP server. Table 2-1 lists some of the client platforms, protocols, and access methods supported by Oracle Files. See the Oracle Files chapter of the Oracle Collaboration Suite Release Notes for complete client certification information.
Table 2-1 Client Platforms and Protocol Support
Client Platform | Protocols Supported | Access Using |
---|---|---|
Windows | FTP, HTTP, SMB/NTFS, WebDAV, NFS | Browser, Windows Explorer, Oracle FileSync, Hummingbird Maestro |
Macintosh (Mac OS 10.2) | AFP, FTP, HTTP | Macintosh Go Menu (Mac OS X), Browser |
UNIX | FTP, NFS | Command line |
Red Hat Linux Adv. Server 2.1 (Kernel 2.4.9-e.16) | FTP, NFS | mount command |
The following sections provide additional information about client access to Oracle Files:
Oracle Files includes an AFP 2.2-compliant AppleTalk Filing Protocol (AFP) server. A Mac OS X client can use the AFP Server just as if it were an AppleShare server. The steps required to connect to the AFP server depend on the Mac OS on the client. Mac OS X clients use the Go menu from the desktop.
The Chooser does not exist in Mac OS X. Clients should connect using the new Go menu, as follows:
Select Go from the menu.
Select Connect to Server. A dialog box appears.
Enter the address of the Oracle Files middle-tier computer running the AFP Server in URL format:
afp://computer_name
The AppleShare icon appears on the client desktop.
Use the following URL to access Oracle Files with HTTP, WebDAV, and Oracle FileSync:
http://server_name:7777/files/content
The port number for Oracle Files varies depending on whether Oracle9iAS Web Cache is configured. If Oracle9iAS Web Cache is not configured, the value is typically 7778.
The URL is required for access from:
Web browser
DAV applications, such as Web Folders
Oracle FileSync utility
SMB, the Server Message Block protocol, lets you map Oracle Files as a network drive or browse to it through the Network Neighborhood.
The Oracle Files server provides SMB protocol support when Oracle Files is running on UNIX or Linux. When Oracle Files is running on Windows, SMB protocol support is provided by the Oracle Files NTFS server, due to the differing architectures of Windows versus UNIX.
The following restrictions apply to SMB/NTFS access:
Use the syntax \\
servername
\myhome
or \\
servername
\allpublic
to map a directory.
Use an existing Oracle Files user name and password when connecting.
You cannot have multiple SMB/NTFS mappings as different users to folders on the same server. This is a limitation of the Windows operating system.
Versioned documents cannot be deleted, moved, or renamed over SMB/NTFS.
FTP, the File Transfer Protocol, is used for file transfers across Wide Area Networks such as the Internet.
The most lightweight protocol, FTP can move large amounts of data faster than the other protocols. For bulk operations, such as migrating from an existing system, FTP is the protocol of choice. You need to use either command line FTP or a GUI FTP client for this step.
To FTP your files into Oracle Files, the following requirements must be met:
An FTP client must be installed on your local computer.
You must know the port number for FTP, which was specified during Oracle Files configuration.
Oracle Files provides an NFS protocol server that is certified for use with several NFS clients, including:
Solaris 2.8 and Solaris 2.9
Red Hat Linux Adv. Server 2.1 (Kernel 2.4.9-e.16)
Windows NT and 2000 Clients using Hummingbird Maestro NFS
If the Oracle Files NFS server is configured as the primary NFS server, then UNIX clients (Solaris 2.8, Solaris 2.9, and Red Hat Linux Adv. Server 2.1) can access the server using the standard NFS mount command, as shown in Table 2-2.
Table 2-2 Mount NFS Server (Configured as Primary NFS Server)
Syntax | Example |
---|---|
mount host :/ mount_point |
mount ifsserver:/ /data/ifs |
If the Oracle Files NFS server is configured as the secondary NFS server, or if the Oracle Files NFS server is not on the standard port number, Solaris clients must specify the public
option and Linux clients must specify the mount port, as described in "Solaris 2.8 and Solaris 2.9 Clients" and "Red Hat Linux Adv. Server 2.1 and Red Hat Linux 8.0 Clients".
Other caveats apply to Hummingbird Maestro clients, as detailed in "Linking an NFS Directory Using the NFS Maestro Network Access Tool".
Permission mode bits used by native UNIX NFS are not used by the Oracle Files NFS protocol server. Instead, as it does with other protocol servers, Oracle Files NFS uses access control lists (ACLs) to control access.
Note: If Oracle Files is configured to use a schema that is enabled for multiple subscribers, the guest user cannot access any folders using NFS. The guest account is valid only in a dedicated single-subscriber schema. |
In addition, the Oracle Files NFS server does not support the following:
UNIX symbolic and hard links
UNIX chown
, chgrp
, and chmod
commands
UNIX lock manager
Handles returned by the Oracle Files NFS server are not compatible with the UNIX lock manager. Applications requiring UNIX lock manager services do not work with the Oracle Files NFS server.
NFS clients cannot access the checked-out version of a versioned document. To avoid potential conflicts, the Oracle Files NFS server does not allow access by NFS clients to the checked-out version of a versioned document. In addition, versioned documents cannot be deleted, moved, or renamed.
If the Oracle Files NFS server is running as the primary NFS server on the host, users can enter the standard mount command as shown in Table 2-2. If the Oracle Files NFS server is the secondary NFS server on the host, you must explicitly include the port number in the mount command:
mount nfs://host:port/ mount_point
For example:
mount nfs://ifsserver:4049/ /data/ifs
Alternatively, you can use the following command:
mount -o port=port,public host:/ mount_point
For example:
mount -o port=4049,public ifsserver:/ /data/ifs
If the Oracle Files NFS server is running as the primary NFS server on the host, users can enter the standard mount command as shown in Table 2-2. If the Oracle Files NFS server is the secondary NFS server on the host, you must explicitly include the port number in the mount command:
mount -o port=port,mountport=portno1 host:/ mount_point
For example:
mount -o port=4049,mountport=4048 ifsserver:/ /data/ifs
While client access to NFS is available on all UNIX operating systems, Windows systems require additional client software. Hummingbird Maestro NFS is a Windows client certified for use with Oracle Files NFS Server.
Windows 2000 users who want to connect to Oracle Files NFS Server must use Hummingbird Maestro NFS 7.0.
Windows NT users who want to connect to Oracle Files NFS Server can use Hummingbird Maestro NFS 6.0 or later.
See the Oracle Collaboration Suite Release Notes for other supported NFS client applications and version numbers.
Note: Enter the fully-qualified hostname (for example,hostname.yourcompany.com ) in the Windows client network configuration for the NFS client. Move the NFS client to the top of the list (network access in Network control panel, if you have more than one NFS client installed) to ensure that its driver is used for the connection. |
Before using the Hummingbird NFS Maestro client to access the Oracle Files NFS server, check that the NFS Maestro client is properly configured.
From the NFS Maestro folder, start the NFS Network Access tool. The NFS Network Access dialog appears.
Enter the host name of the Oracle Files NFS server in the Network Path field using the following format:
\\hostname\
In the Authentication Details area, enter the UNIX user name and password for accessing the Oracle Files NFS server. Select System/UNIX Authentication as the Authentication Protocol.
Set the following Miscellaneous values:
DOS-style sharing: Deselect DOS-style file sharing unless you have the HCLNFSD
daemon running on the NFS server computer. HCLNFSD
is required for DOS-style file sharing. If the HCLNFSD
daemon is not running on the NFS server, response times in accessing files will be unacceptable.
UNIX lock manager: Deselect UNIX lock manager if it is checked. The Oracle Files NFS server is not compatible with the UNIX lock manager.
CD-ROM: Deselect this box if it is selected. This is used for CD-ROM or other read-only file systems.
Click Advanced to display the Advanced Connection Properties dialog.
Select Preserve Case for Filename Case.
If the Oracle Files NFS server is running as a secondary NFS server, change the value of NFS Port number from the standard port (2049
) to the alternate port number that the Oracle Files NFS server is using.
To use TCP instead of UDP for connection to the NFS server, select Use TCP.
TCP uses the standard NFS port 2049. Do not select this box if the Oracle Files NFS server is running on an alternate port.
If the Oracle Files NFS server is the primary NFS server on the host, you can mount Oracle Files using the following Maestro command-line syntax:
nfs link drive: \\host\ username
For example:
nfs link n: \\ifsserver\ scott
If the Oracle Files NFS server is the secondary NFS server on the host, you must specify the Oracle Files NFS server port number in the command line:
nfs link drive: \\host\ username /n:port
For example:
nfs link n: \\ifsserver\ scott /n:4049
The nfs link
command uses the default values configured for the NFS Maestro Client, unless you specify options listed in Table 2-3.
Table 2-3 Maestro Command-Line Options
Option | Meaning | Usage Note |
---|---|---|
/L:s |
Use DOS-style sharing. | Requires that the HCLNFSD daemon run on the server. |
/L: |
Disables locking. | Use this parameter if the server does not have the HCLNFSD daemon running. |
/M:p |
Preserve case of file names. | N/A |
/A:u |
Use System/UNIX authentication. | Always use this setting. |
/T |
Use a TCP connection instead of a UDP connection (optional). | TCP connections always use port 2049. Do not use this option unless the Oracle Files NFS server is running port 2049 (the default). |
Problems are often caused by incorrrect port numbers. If the HCLNFSD
daemon is not running on the server, then DOS-style locking and sharing must be disabled on the client.
Table 2-4 lists some common error messages and other Maestro client problems.
Table 2-4 Maestro Client or Server Error Messages or Problem Symptoms
Problem | Corrective Action |
---|---|
"Access denied by server" message | Check that the correct port number is being used for the Oracle Files NFS server.
A TCP connection will always use the standard NFS port (2049). Do not use this option if the Oracle Files NFS server is running on an alternate port. |
"Authorization Error" message | The user name and password are invalid. Specify a UNIX user name and password that are valid on the authentication server. |
"Bad Network Name" message | Verify that the host name and path name are specified correctly. If they are, then use the NFS Maestro Rpcinfo tool and verify that the NFS server (process number 100003) is running on the host. |
Maestro client appears to hang | Verify that the HCLNFSD daemon is running on the server computer. If it is not, either start the daemon (if possible), or verify that DOS-style sharing and UNIX lock manager have been deselected in the Maestro client settings.
For the Maestro command line, specify the |
"Network Timeout or HCLNFSD/PCNFSD not running on Host" message | Verify that the default authentication server has been correctly configured in the NFS client. Verify that the HCLNFSD daemon is running. Perform the verifications listed for the "Bad Network Name" message. |
nfs link command hangs |
Verify that the correct host name and port number are specified and that the Oracle Files NFS server is running. |
"NFS service not responding" error message | Verify that the correct host name and port number are specified and that the Oracle Files NFS server is running. |
"Permission denied" error message | Verify that the host name and path name are specified correctly. Verify that the port is correctly specified for the Oracle Files NFS server. |
Depending on the specifics of your Oracle Files deployment, you may choose to perform the post-configuration task of configuring the NFS Server. This task is not required to get Oracle Files up and running.
You can make the following three configuration changes to the Oracle Files NFS Protocol Server:
Mapping UNIX UIDs to Oracle Files User Accounts. Creates a mapping between UNIX UIDs and Oracle Files user accounts so that users can access Oracle Files after logging on to their UNIX user accounts.
Setting Up a Trusted Client List. Explicitly grants or revokes access privileges to a specific IP address, host computer, or domain. The Trusted Client list is an Oracle-specific capability to enhance NFS protocol security.
Enabling NIS Authentication. If your environment uses NIS for user, group, and password information, you can configure the Oracle Files NFS protocol server to use NIS to authenticate users.
In most environments, you should map the UNIX and Oracle Files accounts. The user account map is a domain property, and it can be updated dynamically. You do not need to restart the server to have the mappings take effect. In addition, the changes are persistent, even after the server is restarted.
The Trusted Client List and NIS authentication are NFS server configuration properties.
The Oracle Files NFS Protocol Server uses the UNIX system authentication process to authenticate users. The UNIX UID (user identification) number is passed to the Oracle Files NFS protocol server.
If their UNIX accounts are mapped to Oracle Files accounts, users can log in to the UNIX operating system and access Oracle Files without having to undergo an additional login process.
UNIX-UID-to-Oracle Files client mapping is configured in the IFS.DOMAIN.PROTOCOL.NFS.UidToUserMap
domain property. You can map UIDs manually, through the Oracle Enterprise Manager Web site, or you can upload UIDs using the Java Bulk NFS Tool.
To map UIDs manually using the Oracle Enterprise Manager Web site:
From the Oracle9iAS Farm Home page, click the name of the application server on which Oracle Files is running. The Oracle9iAS Instance Home page appears, listing all the components running on the application server instance. The Oracle Files domain appears in the following format:
iFS_db_host:port:db_service:files_schema
Click the name of the Oracle Files domain. The Oracle Files home page appears, listing the Domain Controller and nodes that comprise the domain.
Click Domain Properties (under the Configuration heading). The Domain Properties page appears, listing 25 property bundles at a time. Scroll down until you find IFS.DOMAIN.PROTOCOL.NFS.UidToUserMap
. The property might be located on a second or subsequent page.
Click IFS.DOMAIN.PROTOCOL.NFS.UidToUserMap. The Edit page appears.
By default, the UID 60001 (the default UNIX guest
account) is listed on the page.
Click Add to add a UNIX UID and create a mapping to an Oracle Files user account:
Enter the UID in the Name field.
Enter the Oracle Files user account name in the Value field.
Leave the Type setting as String
.
Continue adding users in this manner until you have added all users with UNIX client accounts that will access Oracle Files using NFS.
To map UIDs using the Bulk NFS Tool:
On any middle-tier host, ensure that the CLASSPATH
includes files.jar
.
This file is located in the $ORACLE_HOME/ifs/files/lib
directory.
Run the following single line with the required values:
java oracle.ifs.protocols.nfs.tools.UidLoader SmallServiceConfiguration system files_system_user_password uidfile=UidToName
Where UidToName
is the full path to a flat file you have created with entries of type:
files_user:x:uid_on_client
For example:
jsmith:x:44610
When prompted, enter the name of the Oracle Files domain, in the format:
ifs://db_host:port:db_service:files_schema
When prompted, enter the Oracle Files schema password.
You can use Oracle Enterprise Manager Web site to create a list of trusted clients for Oracle Files to enhance security. Oracle recommends that you change these settings in the Configuration Object and then load the server on the service using the modified configuration object so that the client list is used after a restart. Optionally, you can modify these properties dynamically.
From the Oracle9iAS Farm Home page, click the name of the application server on which Oracle Files is running. The Oracle9iAS Instance Home page appears, listing all the components running on the application server instance. The Oracle Files domain appears in the following format:
iFS_db_host:port:db_service:files_schema
Click the name of the Oracle Files domain. The Oracle Files Home page appears, listing the domain controller and nodes that comprise the domain.
Click Server Configurations (under the Configuration heading). The Server Configurations page appears, listing 25 property bundles at a time. Scroll down until you find NfsServerConfiguration
.
Click NfsServerConfiguration. The Edit page appears.
Scroll down to the Properties section of the page to the IFS.SERVER.PROTOCOL.NFS.TrustedClientList
and the IFS.SERVER.PROTOCOL.NFS.TrustedClientsEnabled
properties. The properties might be located on a second or subsequent page.
Select IFS.SERVER.PROTOCOL.NFS.TrustedClientsEnabled and click Edit. The Edit Property page appears.
Set the Value to True
. Click OK to save the change and return to the Edit NfsServerConfiguration page.
Select IFS.SERVER.PROTOCOL.NFS.TrustedClientList and click Edit. Specify each entry in one of the following formats:
Client address: Specify a hostname or an IP address. For example, smith.oracle.com
or 130.35.59.9
.
Domain suffix: Specify the domain as a string starting with a period character. For example, .us.oracle.com
.
Subnet: Specify the subnet as an at symbol (@
) character followed by an IP address, with an optional subnet bit length (/n
) specifying the number of significant bits in the subnet address. You can omit low order zero bytes of the subnet address. For example, @130.35.68.0
, @130.35.68
or @130.35.68.0/24
.
If an entry is preceded by a hyphen, then that specific client will be denied access through the Oracle Files NFS server.
Click OK to save the change and return to the Edit NfsServerConfiguration page.
Click OK to save and return to the Server Configuration page.
If the node is currently running, you must either restart the node or load the modified configuration object onto the node.
To reload the node configuration:
Return to the Oracle Files Home page.
Click the Node where the NFS protocol server (NfsServer
) is running. The Node page appears.
Stop the existing NfsServer
(if one is already running on the service).
Unload this NfsServer
.
Load the modified NFS protocol server object.
Start the new, modified NfsServer
.
Restart the service.
NIS (Network Information System) is a centralized management facility that consolidates UNIX password, group, and host file information. It is a distributed database of information that is easier to maintain than individual files (/etc/group
, /etc/passwd
, /etc/hosts
) in large UNIX networks.
To enable NIS authentication using the Oracle Enterprise Manager Web site:
From the Oracle9iAS Farm Home page, click the name of the application server on which Oracle Files is running. The Oracle9iAS Instance Home page appears, listing all the components running on the application server instance. The Oracle Files domain appears in the following format:
iFS_db_host:port:db_service:files_schema
Click the name of the Oracle Files domain. The Oracle Files Home page appears, listing the domain controller and nodes that comprise the domain.
Click Server Configurations (under the Configuration heading). The Server Configurations page appears, listing 25 property bundles at a time. Scroll down until you find NfsServerConfiguration
.
Click NfsServerConfiguration. The Edit page appears.
Scroll down to the Properties section of the page to the IFS.SERVER.PROTOCOL.NFS.NISEnabled
and IFS.SERVER.PROTOCOL.NFS.NISServiceProvider
properties.
Select IFS.SERVER.PROTOCOL.NFS.NISEnabled and click Edit. The Edit Property page appears.
Set the Value to True
. Click OK to save the change and return to the Edit NfsServerConfiguration page.
Select IFS.SERVER.PROTOCOL.NFS.NISServiceProvider and click Edit.
Specify the name of the NIS server in your network that should be used to authenticate users. The format is:
nis://NIS_server_name/files_domain
Click OK to save the change and return to the Edit NfsServerConfiguration page.
Click OK to save and return to the Server Configuration page.
If the node is currently running, you must either restart the node or load the modified configuration object onto the node.
To restart the node:
Return to the Oracle Files Home page.
Select the node where the NFS protocol server is running and click Stop.
On the Warning page, click Yes to stop the node. The status of the node changes to Down.
Select the node and click Start. The status of the node changes to Up.