Kanaka for Mac 2.1 Providing Mac OS X automated single login access to Novell storage resources Doug Ouzts Technical Trainer douzts@condreycorp.com.

Kanaka for Mac 2.1

Providing Mac OS Xautomated single login access to

Novell storage resources

Doug OuztsTechnical Trainerdouzts@condreycorp.com

Agenda• Current Novell and Mac Integration Challenges• Kanaka for Mac 2.1 Overview• Kanaka for Mac 2.1 Technical Architecture• Kanaka for Mac 2.1 Requirements• Interactive Training

Integration Challenges Between Apple and Novell• Developing software for Mac environments

has not been a priority with Novell• Client software is either nonexistent or out of

date.• Integration tends to be workarounds rather

than solutions

Complex to Configure Manually1. Configure for simple or universal password in

the eDirectory tree2. Ensure AFP or CIFS is installed and configured3. Ensure that each Mac can resolve server’s

host name4. Edit SSL certificate on each Mac5. Extend eDirectory schema6. Verify extended schema

Complex to Configure Manually (cont.)7. Extend user objects8. Create mount volumes for each volume you

want to access9. Configure each Mac to authenticate to

eDirectory10. Set additional preferences in eDirectory

Provided you put in all of the time to learn to understand and perform each step, this approach might work.

Manual Configuration RequiresOn-going Configuration• As users are added, moved, renamed, or

removed, the extended user object needs reconfigured

• When a new Mac is added, one half of these steps must be repeated

• If a home directory path is moved, the mount objects need to be updated

What about the“Magic Triangle Configuration”?• Capability of integrating Mac client system and

two differing directories to provide the information for both login and management.

• Tips for doing so are scattered among Mac “Tips & Tricks” documents, forum discussions, and Apple Open Directory Admin Guide.

• Significant investment in time to learn and then implement.

Why Make Things More Complex than They Have to Be?

Simplified Integration with Kanaka1. Configure simple or universal password in the

eDirectory tree2. Ensure AFP or CIFS is installed and configured3. Install the Kanaka Engine4. Run the Setup Wizard5. Install Kanaka on workstations6. Login and access storage resources

Developed with Apple Directory Services Engineering Group• Onsite cooperative engineering effort in 2005• Close developer association with Apple• Apple Developer Connection member since

2005• Kanaka is recommended by Apple as a

preferred solution for integrating Macs and Novell networks

How Kanaka Works

Single Password Login Options

A. Kanaka Plug-in: • Simultaneous authentication to eDirectory during

Mac login• Mounts all user and group storage

B. Kanaka Desktop Client:• Client login authentication to eDirectory• Mounts all user and group storage

Kanaka Plug-in Authentication 1. Single Novell Simple or

Universal password login.2. Home directory and

collaborative storage attributes retrieved.

3. Converts attributes into URL format for OS X to mount storage. URL can be AFP or CIFS.

4. Checks to see if eDirectory authentication is required to gain access to the desktop.

Kanaka Desktop Client Authentication

1. Single Novell Simple or Universal password login.

2. Home directory and collaborative storage attributes retrieved.

3. Converts attributes into URL format for OS X to mount storage. URL can be AFP or CIFS.

Why Two Authentication Methods?Kanaka Plug-in• Users in a computer lab setting• Mac OS X 10.4 users

Kanaka Desktop Client• Users with assigned workstations and local

accounts• Users who do not want to go through the Login

Window to access network storage resources• Users who do not want to lose their workstation

settings when accessing network storage resources

• Mobile users who frequently work at home and connect through VPN

Identity Determines User and Collaborative Storage Resources

• Home directory and collaborative storage links built dynamically at login

• Group membership automatically mounts associated group storage

• No machine dependency for accessing storage

• No need to remember location of storage • No need to traverse from root of a volume

down to a user’s storage• No need to visit each machine to manually

mount volumes

The PlayerseDirectoryFollowing context-less, single login, used by Kanaka to determine user and collaborative storage resources.

Apple Filing ProtocolAfter Kanaka determines home and collaborative storage attributes, AFP can be used to mount volumes.

CIFS/SMBAfter Kanaka determines home and collaborative storage attributes, CIFS/SMB can be used to mount volumes.

Mac OS XInitiates login process. Causes Kanaka Plug-in to authenticate to eDirectory and retrieve necessary user information.

Novell Native File AccessReceives control structures from OS X. Eliminates need to log in to multiple servers.

Apple Open DirectoryKanaka integrates with Apple Open Directory to extend management of Mac OS X via Workgroup Manager.

Mounting Home and Group Storage

Home directory and group storage mounts on the Dock or in the Mac Finder.

Network resources are displayed on the desktop.

Kanaka Mobility• Leverages Apple’s Mobile Account feature• Provides Mac network and local login• Flexibility to configure mirroring so that

network home directory and local home directory always contain same data

• Capable of reducing network traffic and network home directory quotas

Kanaka Plug-in Console

Allows for the user to manage his or her eDirectory password.

Kanaka Plug-in Console (cont.)

Displays identity information from Novell eDirectory.

Kanaka Plug-in Console (cont.)

Indicates storage capacity and usage.

Enhancements to Kanaka 2.1• No NetWare dependencies• Kanaka Engine can be hosted on either a

– Novell Open Enterprise Server 2– Microsoft Windows Server 2008 or Windows 7

• Improved management capabilities• Improved support for extended characters and

object names

Technical Architecture and Requirements

Kanaka for Mac 2.1

Architecture

Mac

Kanaka Client

OS X

Windows / OES 2

Kanaka Engine

Policy

eDirectory

MCX

<AFP/CIFS/SMB>

Open Directory

Workgroup Manager

• Context-less Authentication• Auto-mount Storage Resources

• User• Group

OES 2NetWare

• MCX Directives• Password Change• Disk Quota

Kanaka Plug-In

<HTTPS>

Kanaka RequirementsEngine• Linux

– Open Enterprise Server 2 (OES 2) SP2 or later

• Windows– OS Requirement

• Windows Server 2008 or later

• Windows 7 or later– Novell Client 2 SP1 IR4 or

later

Desktop Client / Plug-In• Desktop Client

– Mac OS X 10.5 or later

• Plug-In– Mac OS X 10.4 or later

• Plug-In Console– Mac OS X 10.5 or later

Kanaka 2.1 Prerequisites•Kanaka clients leverage eDirectory and Native File Access (NFA) technologies from Novell, therefore, the configuration of these components is prerequisite to the installation and configuration of the Kanaka client software on Mac OS X.

• Please reference the Kanaka Admin guide for more information on configuring NFA and Password Management

Product Web Pagehttp://www.condreycorp.com

Interactive Training Exercises

Questions and Answers

Q & A