Upgrading and Repairing Networks (5th Edition)

Microsoft Windows Services for Unix 3.0

Instead of trying to tackle the enormous job of developing still more applications to make it easier to integrate Unix and Windows into a cohesive network, Microsoft chose to take advantage of developments by other vendors and instead released the Windows NT Services for Unix Add-On Pack. This set of applications contains in-house applications developed by Microsoft as well as products licensed and bought from other companies. Now simply called Services for Unix (SFU) Version 3.0, this optional software, which sells for about $100, contains applications that were developed by Microsoft and other vendors , but that can be bought as a single package.

Not all the services available in SFU 3.0 are discussed in this chapter, but Table 61.1 can give you an idea of what types of software are available in SFU 3.0 and which platforms they can be used on.

Table 61.1. Services Provided by the SFU 3.0 Package

SFU Component

Windows 2000/2003

Windows XP

Basic Utilities

Yes

Yes

Unix Perl

Yes

Yes

Interix GNU Utilities

Yes

Yes

Interix GNU SDK

Yes

Yes

Client for NFS

Yes

Yes

Server for NFS

Yes

Yes

Server for PCNFS

Yes

Yes

Server for NFS Authentication

Yes

Yes

Gateway for NFS

Yes

No

Server for NIS

Yes (DC Only)

No

Password Synchronization

Yes

Yes

Telnet Server

Yes

No

Windows Remote Shell Service

Yes

Yes

User Name Mapping

Yes

Yes

Interix SDK

Yes

Yes

ActiveState ActivePerl

Yes

Yes

Tip

Although the price for SFU 3.0 is inexpensive, you can still try it before you buy it. At www.microsoft.com, search for SFU 3 ; from the results, you'll be able to go to the home page for Windows Services for Unix 3.0. You can also try the link http://www.microsoft.com/windows/sfu/default.asp, although URLs at Microsoft's Web site tend to change now and then.

You can download a copy of a 120-day trial version. Other vendors sell similar software, so it would be prudent to check out SFU 3.0 against what competitors are offering, especially because many parts of SFU 3.0 were licensed from third-party vendors.

In addition, you'll find many other components , such as support for Sun's Network Information System (NIS) among others.

SFU 3.0 can be run on Windows NT 4.0 (with Service Pack 6a installed), Windows 2000 and 2003, and even Windows XP Professional (which was a surprise to me). In this chapter, Windows XP will be the example. Perhaps the best thing about SFU, besides its price, is that you can install it on as many computers in your network as you want . You don't have to buy a license or additional copies of the software for each computer.

Installing SFU 3.0

Installing SFU 3.0 is a simple task, as explained in this section. Note that some of the dialog boxes and steps in the following text might not appear during your installation. This example is based on installing all components of SFU 3.0. If you select less than all components, only dialog boxes for those components will appear. To begin the installation:

  1. Insert the CD and wait for the Installation Wizard to appear. If the CD does not automatically run, execute the setup.exe program on the CD. Click Next to continue the installation.

  2. The next wizard dialog box asks you to enter customer information (your name and organization name). After you click Next, the End User License Agreement (EULA) dialog box appears. Read the licensing information, click the I Accept The Agreement radio button, and then click Next.

  3. You're then presented with a dialog box asking whether you want to select the standard installation or a custom installation. I suggest you select the custom installation because doing so gives you the ability to select just the components you want to install. For example, you might want to install the new Telnet server and the Interix system and not install other components. Using the Custom Installation radio button, you can make choices in the next dialog box.

  4. In Figure 61.9, you can see the Selecting Components dialog box (if you chose to perform a custom installation). Some of the entries in this dialog box can be expanded by clicking on the plus sign (+) to reveal additional components. To get a brief description of each component, click once and read the text that appears at the bottom of the dialog box under the Description label.

    Figure 61.9. This dialog box enables you to select which components to install when performing a custom installation.

  5. Use the arrow button (pointing downward) to reveal the options for each component. The options you can select are a) Will be installed on local hard drive, b) Entire feature (including all subfeatures if any) will be installed on the local hard drive, or c) Entire feature will not be available. An icon that looks like a hard drive will be displayed for each component you select to install. A red X will appear by a component you've chosen not to install. Click Next.

  6. Some features preclude installing other features. If you choose to install both the Client for NFS as well as the Gateway for NFS, for example, a warning box will inform you that you must select one or the other. Dismiss the warning box and re-select the option to install.

  7. If you chose to install the Interix GNU SDK (software development kit), the next wizard dialog box gives you information about the GNU license. If you accept these licensing terms, click Next. If you don't accept them, click Back and deselect that option.

  8. Figure 61.10 shows another license dialog box; this one appears if you chose to install ActiveState Perl. This license is presented as an option because the component is provided by a third-party software developer instead of Microsoft. Click I Accept the Agreement radio button and then click Next to continue. Otherwise, click the Back button to deselect this option.

    Figure 61.10. Some components of SFU 3.0 are provided by third-party software developers and require you to accept the terms of their license before you can install that component of SFU.

  9. Figure 61.11 shows an important dialog box that might be displayed, depending on which components you chose to install. You can enable the setuid options for programs that run under the Interix system, and change Windows default from case-insensitive behavior to case sensitive. This is because the Unix and Linux operating systems use case-sensitive filenames. For example, MyFile.txt is not the same file as MYFILE.TXT .

    Figure 61.11. Select options that enable certain features to behave the same as if they were running on a Unix/Linux computer.

  10. If you've decided to install username mapping, a dialog box will ask you to enter the name of the server that runs this service. You can enter the server name here or enter it at a later time if you don't know the name of the server. Click Next.

  11. If you chose to install the NIS/Password Synchronization component, the next wizard screen informs you that this feature will need to be installed on all replicas of domain controllers in your domain and that the Active Directory schema will be changed. Remember that changes to the schema cannot be deleted, although they can be disabled.

  12. In Figure 61.12, the wizard lets you choose the hard drive and directory path that will be used to install the SFU components. Make your choices and click Next.

    Figure 61.12. Select the drive and directory path for the SFU installation.

  13. A wizard screen will show the progress as the installation of SFU components are installed. After the selected components have been installed, the services for SFU will be started. This can take a few minutes, depending on the services chosen and the hardware of your server.

  14. Finally, a wizard screen will inform you that the SFU components have been installed, and that some services, such as cron and some of the Interix daemons (background processes similar to services in Windows operating systems), have not been started. To start these, use Start/Administrative Tools/Services for Windows XP or Windows 2003 (or Start/Programs/Administrative Tools/Services for Windows 2000) to start or stop the new services that have now been added to Windows.

After the installation has finished, you have to restart your server to make all components available.

Network File System

The NFS client allows Windows clients to connect to NFS file systems hosted on Unix servers. The client can connect to the file system exported by a Unix server using several methods . The simplest method is to use the Windows Explorer Accessory; click on My Network Places, and select the server you want to connect to from the right-side pane. Then use Tools, Map Network Drive to make a drive letter to the NFS file share. You also can use the command line to connect to NFS file systems. To make matters simpler for a network that's composed of both Unix and Windows users, several syntaxes are supported:

  • net use The standard Windows net use command can be used to connect just as you can to a normal Windows file share. The specification of the resource to which you want to connect can be expressed as a standard Windows file share ( net use * \\ server \ sharename ), or you can use a format that's similar to using the Unix mount command ( net use * server / sharename ). Note, however, that the second (Unix) syntax will result in the connection being set up more quickly.

  • mount Those of you more familiar with NFS might prefer to use the mount command. Again, you can use either the Windows or Unix format to specify the resource to which you want to connect; for example, mount server / sharename * or mount \\ server\sharename .

In the preceding syntax examples, the asterisk character causes the next available drive letter to be assigned to the resource. You also can specify a particular drive letter. In either case, after the connection has been made to the NFS resource, you can then use Windows applications to access files on the resource just as if they were Windows file shares.

SFU also provides for these:

  • Server for NFS Use this to allow Unix clients to access file shares on Windows NT through Windows 2003 computers using standard Unix NFS commands. After this component is installed, you can offer a Windows directory as a file share by clicking on the NFS Sharing tab that's located on the properties page for a directory using Windows Explorer. Alternatively, you can use the command line to offer a directory on a Windows server to create the NFS share. The syntax for this is nfsshare sharename = drive:path .

  • Gateway for NFS Use this when your Windows clients need to make only moderate use of Unix NFS file systems. By using a gateway, you need to load SFU on only a single server, and it acts as a gateway, making the connections to Unix NFS file systems for Windows clients. The Windows clients connect to a file share offered by the gateway. If your Windows clients will be using NFS resources heavily, load the SFU client software instead so that the gateway does not become a bottleneck in a bandwidth-limited network.

  • Server for PCNFS This component enables a Windows NT or Windows 2000/2003 Server to act as a PCNFSD server. This provides for authentication when connecting to NFS resources.

Using these components, you can grant access to both sets of clientsUnix or Windowsto files stored on the other's systems. One limitation you should note for the gateway service is that you're still stuck with the drive letter limitation. Suppose that your network has a large number of Unix servers and each exports an NFS file system. For each connection, the gateway server will use one of its drive letters that could normally be mapped to a regular Windows file share.

The Korn Shell

The Korn Shell commands that SFU gives to Windows NT/2000/2003 and Windows XP enable you to use existing script files that run on Unix systems. For users trained on Unix systems, the Korn Shell commands make it much easier to add Windows computers to their flock of computers that must be administered. Table 61.2 lists the most useful commands provided by SFU.

Table 61.2. Korn Shell Unix Commands Provided by the Add-On Pack

Korn Shell Command

Use

Sh

Invokes the Korn Shell.

basename

Removes a pathname and leaves just the filename.

cat

Similar to DIR ; shows files in the directory. Also can be used to concatenate files.

chmod

Administers file permissions.

chown

Administers file ownership.

Cp

Copies files.

cron

Executes commands found in the user's crontab file at the times specified.

cut

Cuts selected fields from each line of a text file.

date

Displays the current date and time.

diff

Compares two text files and displays lines that are different.

dirname

Extracts pathname from string.

dos2unix

Converts a DOS-style text file to a Unix-style text file.

Du

Displays disk use of one (or more) files or directories.

find

Searches directories to find files matching a Boolean expression.

grep

Searches files for a pattern.

head

Copies n number of lines from a file to standard output.

kill

Sends a message to a process; can be used to delete the process.

ln

Creates a link to a file (hard link).

ls

Lists a directory.

mkdir

Creates named directory in mode 777.

mount

When Client for NFS is installed, mounts an NFS file system.

more

Displays contents of file, one screen at a time.

mv

Moves a file.

nice

Runs the user's command at a lower priority.

od

"Dumps" the contents of files.

paste

Pastes text from one file into another.

perl

An interpreted language printenv . Displays the current environment.

ps

Displays a list of processes currently running.

pwd

Displays the current directory ("print working directory").

rcmd

Executes a command or a shell on a remote computer system.

renice

Changes the priority of a process.

rm

Removes a file entry from a directory.

rmdir

Removes a directory.

sed

Copies a file to standard output while making edits according to a script.

sdiff

Formats the output from the diff command so that the lines of text that differ appear side-by-side.

sleep

Pauses (sleeps) for a specified number of seconds.

sort

Sorts contents of one or more files.

split

Splits a file into separate pieces.

strings

Searches for strings in a binary file.

su

Changes the user ID of the current shell.

tail

Similar to head ; sends lines from a file to standard output, starting at a specified location in the file.

tar

Tape Archive utility that creates or extracts files from a tape archive.

tee

Transcribes standard input to standard output and makes copies in filename.

top

Displays a list of processes making the most use of CPU time.

touch

Updates the modification or access time of a file.

tr

Replaces all occurrences of one set of characters with another set of characters .

uname

Displays system information (name, operating system, and so on).

uniq

Finds repeated lines in a file.

unmount

If Client for NFS is installed, use this command to dismount an NFS directory.

uuecode ( uuencode )

Encodes and decodes a binary file into a 7-bit ASCII text file.

wait

Waits for a process to terminate.

wc

"Word Count"; displays a count of lines, words, or characters in a file.

which

Identifies the location of a given command that will execute.

vi

Screen-oriented text editor.

xargs

Creates an argument list and executes a command.

Tip

Although SFU 3.0 provides a great deal of functionality to Windows that appeals to Unix/Linux administrators, there are other products that can offer similar functionality. Some are comprehensive, such as SFU, whereas others offer partial solutions. For example, see http://www.cygwin.com for a Linux set of utilities that you might find more useful in your Windows environment.

Some of these commands, such as mkdir and find , are already familiar to Windows NT users. However, their functions in the Korn Shell might differ from those provided by the standard Windows implementation. For Unix administrators, the addition of these commands can make moving into managing Windows NT and Windows 2000/2003 computers a simpler transition. You can use the Unix commands listed in Table 61.1 and, at the same time, become familiar with the Windows Script Host (WSH). WSH enables you to create scripts using VBScript or JScript so that you aren't stuck using only the familiar MS-DOS commands that have been the mainstay for creating script files on Windows systems for more than 20 years . In addition, SFU provides an implementation of Perl that can be used with WSH.

Password Synchronization

In Version 1 of SFU, the password synchronization feature enabled you to configure a group of Unix servers so that when a user's password was changed on a Windows NT server, the change was propagated to the user's accounts on those target Unix servers. Because the application ran only on the Windows NT computer, it was a one-way service. That is, changes made on the Unix servers were not sent back to the Windows NT computer.

Versions 2 and 3 of SFU now make this functionality a two-way street. To use this SFU component, you'll need to load the Password Synchronization service on the Windows 2000/2003 Server (or NT) and, additionally, you'll have to run a daemon (called a Single Sign-On Daemon, or SSOD for short) on each Unix box that will participate in the password-update process. SFU Version 3 comes with versions of the daemon that have been compiled for the following variants of Unix:

  • HP-UX 10.3+

  • Sun Solaris 2.6+

  • IBM AIX 4.3+

  • HP (formerly Digital, and then Compaq) Tru64 Unix

  • Red Hat Linux

However, if your Unix isn't in this list, you can still use the synchronization daemon. SFU comes with the source code and makefiles that you can use to compile a version for your particular system. The SSOD daemon is the background process that receives password changes from Windows computers. Another program, called the Password Authentication Manager (PAM), is used on the Unix server to send password changes made on the Unix system to Windows systems.

There are a few things about the synchronization process to consider before you deploy this service in your network. First, if your Windows computers are participating in a domain, you'll have to run the service on all the domain controllers in that domain. If you use Windows NT or Windows 2000 in a workgroup (or simply as standalone computers), you'll have to run the service on each computer if you want the passwords to stay synchronized among all the Windows computers.

Note

Although most large Windows NT and Windows 2000/2003 networks use the Active Directory to make managing network users, computers, and resources an easier task, you can still run Windows NT/2000/2003 as standalone computers. In that situation, each computer stores user and computer account information locally instead of in the Active Directory. That's why you must run the Password Synchronization service on each Windows computer if you don't use a domain or an Active Directory model for your network. Each computer must be capable of receiving password changes and applying them to the local database. In a domain-based environment, where users log on to the domain, only the domain controllers need to run the service.

Another caveat you must keep in mind is that Unix account names and passwords are case sensitive. Therefore, you'll have to create accounts on your Windows and Unix systems that are exactly the same. If you already have accounts set up in your network that have users with different account names on different systems, you'll have to pick a single account name for the user and then re-create the account on each computer so that they all match.

Finally, in addition to providing the capability to synchronize passwords between the Windows systems and those that are stored on individual Unix computers (in the /etc/passwd file, for example), you also can synchronize passwords with Unix networks that use the Network Information Service (NIS). Just install the SSOD on a master NIS or NIS+ server.

User Name Mapping

If you have an environment in which users already have accounts on both Unix and Windows NT/2000/2003 servers that aren't the same, SFU provides a component that can be used to map the different usernames. You can map usernames in a one-to-one manner or in a one-to-many manner. For example, you can create an entry that maps the name togletree to TOGLETREE . Or if you want the user to be able to access multiple user accounts, you can map the user's account name to several different account names. This second feature proves very useful if you have an assortment of Unix servers and each server has a different name used for an administrative account. You can map a single Windows NT/2000/2003 user account name to each of the user accounts on the various Unix servers. Or you can use this multiple-mapping feature to map the typical Unix account called root to more than one Windows administrative account.

The advantages of multiple mappings might not seem very intuitive at first, but let's consider an example. Suppose that you want to enable the Unix administrator in your network to manage some, but not all, of your Windows-based systems. You can create a user account on each Windows computer and grant it the necessary rights and permissions. Then map the root account to these new account names. That way you don't have to simply map root to Administrator, which would give access to all computers in the domain.

One final note about username mapping: It isn't a substitute for password synchronization. Remember that password synchronization, discussed in the previous section, requires that user account names be exactly the same on the computers that are participating in the synchronization process. User Name Mapping is simply another tool you can use to manage users who have accounts on both systems. If you're creating a network from scratch or if you can easily create user accounts on all of your systems that are the same, you probably won't need to use User Name Mapping and simply can let the users have a single account name on all systems, keeping passwords synchronized. Password synchronization will not work to synchronize passwords for accounts that are linked using User Name Mapping!

New Telnet Server and Client

SFU also includes a Telnet server for Windows servers, and a character-cellstyle client application that greatly improves on the simple GUI Telnet client that comes with the standard Windows client operating systems. That makes it easy to use Telnet to log in to Windows server computers to perform system administration tasks or run character- cell based user applications.

However, if you're using Windows 2000/2003 computers, this new Telnet client is already on your computer. It's now the standard client for Windows 2000 computers. Simply use the telnet command at the Command Prompt. Alternatively, click Start, Run, enter telnet , and click OK. If you use the telnet command at the Command Prompt, you can specify a target computer on which you want to establish a session. If you use the Start, Run method, you'll find the client starts up in console mode, as shown in Figure 61.13.

Figure 61.13. The new Telnet client will start in console mode if you use the Start/Run method to start the program.

For those not familiar with console mode, it simply means that the client is ready to accept configuration commands or open a session with a remote system. In Figure 61.13, you can see that the ? character has been used to display the help text that you can access while in console mode. If you simply want to telnet to a remote system, use the open < remotesystem > command. After you exit the remote system, you can return to console mode by holding down Ctrl and then the right- bracket (]) key.

Note

After you use the open command to start a Telnet session with a remote computer, you can use the Ctrl+] key sequence to escape to console mode. This can be useful if you need to use the display command to show your current configuration, such as the terminal emulation type. Suppose that you open a session and find that certain keys don't seem to work as you expect. You can escape to console mode, check your current settings (using the display command), and then use the set command to change to a different terminal type. Then simply use the close command to close the session you started, and use the open command to re-establish a session with the remote system. The terminal types that you can emulate using the set command are ANSI, VT100, VT52, and VTNT.

Some users who are accustomed to using the GUI Telnet client might not appreciate you giving them a simple character cell type of Telnet client. However, the new version is actually faster than the older GUI client and offers more features than its predecessor.

Although Windows server operating systems come with an excellent Telnet server (as described earlier in this chapter), SFU also provides a Telnet server that will run on Windows NT/2000/2003 servers.

The new server also supports logging to the Windows event log or to a separate log file, and you can choose which events you want to store in the log file. Instead of using the Internet Services Manager to manage and configure the Telnet server, you can load the SFU snap-in for the Microsoft Management Console (MMC) or you can use a command-line utility, tnadmin . Both methods enable you to configure the standard options discussed earlier in this chapter. This includes selecting which authentication method to use, enabling logging, setting the maximum number of connections (remember that the Windows server versions allow for only 2 simultaneous connections, whereas this SFU version allows for up to 63), and other parameters.

ActiveState ActivePerl 5.6

Web site administrators will be glad to see this SFU component because it's used on a lot of Web servers. Additionally, Perl can be used for other functions, such as automating system management procedures. The version included with SFU is Perl 5.6, ported to the Windows NT/2000/2003 platform. Your Windows clients also will be pleased because this port of Perl provides support for the Windows Script Host (WSH). By including Perl with the SFU package, it becomes easier for Unix or Web administrators who are already familiar with the language to manage systems or Web sites that run on Windows servers. WSH enables those coming from the Windows camp to continue to use JScript, VBScript, and other procedural languages with which they are used to working.

Related

Категории