Version PK-5.50
(Nov 22, 1998)
DISCLAIMER: THIS PRODUCT IS SUPPLIED "AS IS". DREAMLAN DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE WARRANTIES OF MERCHANTABILITY AND OF FITNESS FOR ANY PURPOSE. DREAMLAN ASSUMES NO LIABILITY FOR DAMAGES, DIRECT OR CONSEQUENTIAL, WHICH MAY RESULT FROM THE USE OF THIS PRODUCT. |
NDSLogin is a DOS command-line utility that allows a user to log into a NetWare 4/5 NDS tree using simply a username, without having to know the context in which the username is located.
This feature is useful in installations where users do not wish to learn about the longer naming convention, or to simplify travelling users. In general, a name context is specified in the NET.CFG on each workstation. This helps the owner of the workstation to log in. However, if another user from a different department (context) needs to use this workstation to log into the network, it is a little more involved. It is the goal of NDSLogin to simplify such situations.
NDSLogin is simply a front-end utility to the standard NetWare LOGIN. NDSLogin takes the same arguments as LOGIN, but tries to parse out the username portion. Using the name, NDSLogin will search the NDS tree to locate user objects with this (common) name. If there are duplicates, the first 10 will be displayed and the user can choose from the displayed list.
Once the user object is located, and its context determined, NDSLogin passes control to NetWare LOGIN. Therefore, all login script commands will be processed.
- Version 1.13 added the ability for you to "hide" LOGIN.EXE in a secret directory under LOGIN and to ignore the /NS parameter. This gives you some added security as the user will not be able to (easily) bypass the login scripts you have set up for your network.
- Version 3.00 gives you the ability of holding the user in a login-loop so that the username need not be entered again should the login failed.
- Version 5.00 added limited support to switch between different NDS trees.
- Version 5.40 is NetWare 5 certified. (YES Bulletin #44438)
[Root] | O=DreamLAN | ---+--- | | OU=NW4SG | ---+--- | | CN=Test OU=NW4SG | CN=TestIf you set the BaseContext to NW4SG.DreamLAN and give Test as the username to search for. NDSLogin will come back with 2 hits (correctly) but will show that both Test objects are in the first NW4SG container. However, if you set the BaseContext to DreamLAN, then the context of the found Test objects are reported correctly (Test.NW4SG and Test.NW4SG.NW4SG). If there is no two subsequent levels with the same name, the problem does not occur. Therefore, if the second NW4SG is changed the NW4SG-2, then the Test user objects are found with the correct context information. This problem may have been addressed with v1.12 of NDSLogin.
No special installation steps or program need to be used. Simply copy NDSLOGIN.EXE and NDSLOGIN.CFG to SYS:LOGIN and SYS:PUBLIC of your servers. You must have the unicode files for the country code and code page that your workstation use available in the the respective NLS directories, for example, SYS:LOGIN\NLS.
Without a valid license (defined in the CFG file), this copy of NDSLOGIN.EXE runs in the demo mode. In the demo mode, the contents of NDSLOGIN.CFG (if present) is ignored.
If your workstation's AUTOEXEC.BAT calls LOGIN automatically, one way you can ease the transition to NDSLogin is to rename NDSLOGIN.EXE to LOGIN.COM and place that in the SYS:LOGIN and SYS:PUBLIC directory. If you do this, however, the CFG file will have to be named LOGIN.CFG. Basically, the CFG file will have to be named after whatever you renamed NDSLOGIN.EXE to be. If you are using Intel's LANDesk Manager, for example, there is already a LOGIN.COM. In such situation, you will have no choice but to update the workstations' AUTOEXEC.BAT files.
Upgrade to v5.00 and higher
For registered owners of previous versions of NDSLogin, you can use the same LiceneKey. However, because of a format change in the CFG file, you need to make a small change. For each NDS tree, you need to create a "section" for the parameters to be used for that tree. For example, for the NDS tree named DREAMLAN, the CFG file looks like this:
;--------------------------------------------------------------- [TreeName = DREAMLAN = xxxx] LicensedTo = Internal Use Only Banner2 = DreamLAN Network Consulting Ltd. LoginLoop = 3 ;---------------------------------------------------------------where "xxxx" is the LicenseKey value. For more details, see Multi-Tree Support section below.
You use NDSLogin just like you would with LOGIN:
NDSLOGIN username [other LOGIN.EXE parameters] [-Q]
If you specify a context with the username, NDSLogin will not search the tree, but will simply pass the information on to LOGIN.
If you are using NDSLogin as part of a batch file and would like to suppress the display of the copyright information, use the -Q (Quiet) option.
If your login script loads any TSRs, you need to create a batch file, similar to the following, to use NDSLogin:
@Echo off NDSLOGIN %1 CALL C:\LOGIN_DS.BAT DEL C:\LOGIN_DS.BATand you will need to create a NDSLOGIN.CFG file and specify HasTSR to TRUE (see below). The reason for doing this is to prevent DOS memory fragmentation of loading a TSR while NDSLOGIN spawns a process to run LOGIN.EXE.
You can use the same technique if NDSLOGIN/LOGIN reports insufficient memory to execute some external program. During testing, we have not come across any insufficient memory problem.
The NDSLOGIN.CFG file must be in the same directory as where you have NDSLOGIN.EXE. Therefore, if you installed the EXE into both SYS:PUBLIC and SYS:LOGIN, a copy of the CFG must be in each directory.
You can control the following functions of NDSLogin using a NDSLOGIN.CFG (or whatever.CFG if you renamed NDSLOGIN.EXE to whatever) file:
1. Banner1 = text (no default) 2. Banner2 = text (no default) 3. Banner3 = text (no default) 4. BaseContext = contextname (default is [Root]) 5. ColorMode = TRUE or FALSE (default is FALSE) 6. ExcludeContext = contextname (no default) 7. HasTSR = TRUE or FALSE (default is FALSE) 8. IncludeContext = contextname (no default) 9. LocalMode = TRUE or FALSE (default is FALSE) 10. LoginLoop = 'number' (default 1; max 5) 11. NoLogo = TRUE or FALSE (default is FALSE) 12. Quiet (no parameter; is a "toggle") 13. SecureLogin = TRUE or FALSE (default is FALSE) 14. SetContext = TRUE or FALSE (default is FALSE)Banner1 through Banner3 (BannerX) allows you to configure a simple 3-line banner. Use Banner1 for the first line, Banner2 for the second, and Banner3 for the third line. Each line is limited to 80 characters, and will be automatically centered.
The BaseContext setting allows you to specify from which container NDSLogin will start searching from. This is useful if you have a large tree or if you do not have local replicas of the partitions. This will speed up the search time considerably. The drawback is that you have limited the scope of the search. The context name is relative to [Root], therefore, you should not place a period in the beginning.
The ColorMode flag indicates if NDSLogin should use colour on the display or not. The default is black/white.
The ExcludeContext option allows you to specify which containers will the userids not be included as "hits" in the search. These containers are still searched for the object, but any hits will be discarded. Opposite in function to the IncludeContext option (see below). There may be times that rather than including 7 containers, you may be able to exclude 2 containers instead. Up to 10 ExcludeContext entries may be specified.
The HasTSR flag indicates to NDSLogin if the external batch file (C:\NDSLOGIN.BAT) is to be created or not. Using this option will cause the workstation's name context to be switched to where the user object name is located. But the batch file created by NDSLogin (i.e. C:\LOGIN_DS.BAT) will restore the workstation's context back to where it was before with a CX command.
The IncludeContext option allows you to select the starting container from which NDSLogin will search for usernames. Up to 10 may be used. The BaseContext option is ignored if IncludeContext is used.
The LocalMode option will limit the search to terminate at the first hit. This is useful if you have specified multiple contexts to search as this will return the result faster. This is especially useful if some of your contexts are across WANs and you do not have a local replica.
The LoginLoop option allows the login program to "loop" a number of times in case the login was not successful. This is useful in "locking" the user in the login mode without having to specify the login name again. However, this option is only useful if you are _not_ using the HasTSR option. If you are using the HasTSR option, you need to modify the batch file that calls LOGIN_DS.BAT and test for ErrorLevel - a non-successful login will return a non-zero value.
By setting the NoLogo option to TRUE, the red "Novell NetWare" banner from the LOGIN.EXE is not displayed. This option is set to TRUE if you specified the BannerX (see above) flags. Or you can set this to TRUE without using any of the BannerX flags.
The Quiet option (no parameters) will turn off the copyright information being displayed during the initial screen.
By setting SecureLogin to TRUE, NDSLogin will disallow the use of /NS and execute LOGIN.EXE from a directory called NDSL under your current working directory. You can flag NDSL hidden to prevent the user from finding where LOGIN.EXE is placed. When you place LOGIN.EXE in the NDSL directory, you also need to place a copy of LOGIN.MSG there as well. If you use this option, you should make sure if you are using the batch file to launch NDSLogin (because of TSRs) the batch file deletes the LOGIN_DS.BAT file as it contains the location of the hidden directory. Some drawbacks of this option:
- A skilled user can find the hidden directory without "too much" effort.
- A legit use of LOGIN.EXE with /NS option from the SYS:LOGIN directory would not be possible.
- A user logged into the network can possibly execute LOGIN.EXE from SYS:PUBLIC and specify the /NS parameter.
Therefore, this option is not fool-proof, but it offers additional security.
The SetContext option changes the workstation's context to where the user object id is located.
None of the commands are case sensitive.
NDSLogin does not check the validity of the context name you entered.
For each NDS tree, you need to create a "section" for the parameters to be used for that tree. For example, for the NDS tree named DREAMLAN, the CFG file looks like this:
;--------------------------------------------------------------- [TreeName = DREAMLAN = xxxx] LicensedTo = Internal Use Only Banner2 = DreamLAN Network Consulting Ltd. LoginLoop = 3 ;---------------------------------------------------------------where "xxxx" is the LicenseKey value. If you have multiple tree licenses, create a section for each tree. NDSLogin will use the workstation's preferred tree to determine which section of the CFG file is used. You can log into a different tree using the syntax:
ndslogin tree_name/user_name
Ensure there is a section for the "tree_name" in the CFG file. The following is a sample CFG file for three trees:
;--------------------------------------------------------------- [TreeName = DREAMLAN = xxxx] LicensedTo = Production Tree Banner2 = DreamLAN Network Consulting Ltd. LoginLoop = 3 [TreeName = WEBSITE_TREE = yyyy] LicensedTo = Web Server Tree Banner2 = DreamLAN Network Consulting Ltd. (Web) LoginLoop = 2 [TreeName = TEST_TREE = zzzz] LicensedTo = Development Test Tree Banner2 = DreamLAN Network Consulting Ltd. (Test) LoginLoop = 3 ;---------------------------------------------------------------If you do not have a valid license for a given tree name, but would like to evaluate NDSLogin in a mutli-tree environment, set the LicenseKey to 0. For example, the following is a sample CFG for two trees, one licensed (DREAMLAN) and one is not (TEST_TREE):
;--------------------------------------------------------------- [TreeName = DREAMLAN = xxxx] LicensedTo = Production Tree Banner2 = DreamLAN Network Consulting Ltd. LoginLoop = 3 [TreeName = TEST_TREE = 0] LicensedTo = Web Server Test Tree Banner2 = DreamLAN Network Consulting Ltd. (Web) LoginLoop = 2 ;---------------------------------------------------------------You may notice some screen color inconsistencies if switching between a licensed tree and an unlicensed tree (because color is not supported on unlicensed trees).
The version included here is a Shareware/Evaluation version. It does not read the NDSLOGIN.CFG file. That means the search will ALWAYS start from the [Root]; it does not support the loading of TSRs in the login script; and the screen will only be in black/white. The unregisted version will not handle duplicate names; the first hit will be returned. (See what else it will not do by referring to the Configuration section above.)
You are granted 30-day Evaluation License to the Shareware version. You are not allowed to sell or package this utility as part of another software package.
The full version of NDSLogin is available by registering on-line through the following Web sites:
The NDS tree name is required as it is used to generate a key. The registration cost is $99 US. Canadian registration is $135 CDN plus GST. All other countries, please remit in US funds.
You can also FAX a company Purchase Order to +1 (905) 887-3836. Please make sure you either include your tree name information on the FAX or send a follow up email.
Special site agreements for multiple trees and service providers are available. Although the license does not grant you the right to resell the program (for a profit; but you can charge the customer a service charge for your time). If you are a service provider, you can register copies on behave of your customers (by providing your customer's mailing information -- this is used only for tracking purposes). At the same time, we ask you to send us a separate email indicating that you are registering on behave of your customer and inciate in this email if further software upgrade (free or for a charge) be send to you or the customer directly, and an email address for that purpose.
NDSLogin is written in C using Microsoft C optimizing compiler and Novell Developer Kit. Some string manipulating routines are from the CXL library and some color routines are from TCIO library.
Inclusion of this utility on CD-ROMs (except for backup purposes) without permission from DreamLAN Network Consulting Ltd. is expressly prohibited.