لطفا منتظر باشید ...
Planning and Installing Services for UNIX on Windows 2000 Professional
To best integrate Windows 2000 Professional and Services for UNIX 2.0 into your networking environment, you need to understand the capabilities and limitations of the components you install and configure. This section discusses the Services for UNIX components that you can implement when working in the following areas:
File accessAuthenticationAccount managementUNIX printing
File Access
Client for NFS, Server for NFS, and Gateway for NFS are solutions for file access between computers running Windows 2000 Professional and UNIX. Before installing Services for UNIX 2.0, you need to select the NFS component that best suits your needs.Client for NFS Client for NFS installed on Windows 2000 Professional allows for file access on an NFS server, generally a UNIX-based computer. Figure 25.1 shows an example of this scenario.
Figure 25.1 UNIX File Access Using Client for NFS
Server for NFS Server for NFS can be installed on either Windows 2000 Professional, Windows 2000 Server, or Windows NT. Server for NFS allows NFS-enabled client computers, generally those running UNIX, to access files, as Figure 25.2 illustrates.
Figure 25.2 Server for NFS: UNIX File Access
Gateway for NFS Gateway for NFS must be installed on Windows 2000 Server. Gateway for NFS allows clients running Windows 95, Windows 98, Windows NT, and Windows 2000 to access UNIX files without having to install an NFS Client. Figure 25.3 illustrates how Gateway for NFS enables Windows 2000 Server to act as a translator between the CIFS protocol that Windows 2000 Professional uses and the NFS protocol that UNIX uses.
Figure 25.3 Gateway for NFS Acts As a Translator
Choosing Among Client for NFS, Server for NFS, or Gateway for NFS
Client for NFS provides clients that are running Windows 2000 Professional access to UNIX files on an NFS server. Server for NFS allows Windows NT, Windows 2000 Professional, or Windows 2000 Server to act as an NFS Server. Gateway for NFS allows Windows 2000 Server to act as a bridge between the CIFS protocol used by Windows 2000 Professional-based computers and the NFS protocol used by the UNIX NFS network. To help you decide which component is best suited to your networking environment, read the following lists of details and capabilities for each of the three different NFS components.Client for NFS
Installs on each Windows 2000 Professional-based computer that needs NFS file access.Provides access to NFS files on a UNIX NFS network.Resolves all UNIX path names to follow the Universal Naming Convention (UNC).Integrates with Server for PCNFS or Server for NIS to provide user authentication.
Server for NFS
Installs on either Windows 2000 Professional or Windows 2000 Server.Enables Windows 2000 (Professional or Server) to act as an NFS server.Allows users on computers running NFS client software, generally those running UNIX, to access files on Windows 2000.Integrates with Server for PCNFS or Server for NIS to provide user authentication.
Gateway for NFS
Installs on Windows 2000 Server.Provides access to NFS files for computers running Windows 95 or Windows 98, Windows NT, and Windows 2000 Professional without Client for NFS installed.Acts as a gateway or translator between the CIFS protocol that Windows 2000 Professional uses and the NFS protocol that UNIX uses.
Installing Client for NFS
If you select Client for NFS for file access from an NFS Server, you need to install Client for NFS on each Windows 2000 Professional-based computer that needs access to NFS files.
NOTETo install Client for NFS from Windows
To install Client for NFS, you need administrator rights to the computer running Windows 2000 Professional.
Run Services for UNIX Setup.Click typical installation.Select Client for NFS, and then select run it from my computer.
To install Client for NFS from the command prompt
At the command prompt type:msiexec /I sfusetup.msi /qb ADDLOCAL="NFSClient"
NOTEWhenever you install any of the components from Services for UNIX, the files listed in Table 25.2 are also installed.Table 25.2 Common Services for UNIX Files
The preceding command assumes Sfusetup.msi exists in the same directory from which you execute the command. If Sfusetup.msi is in a different directory, include the full path. You can find Sfusetup.msi on the Services for UNIX installation CD.
| File Name | Description | Location |
|---|---|---|
| Cligrps.dll | Object for enumerating Client Groups of NFS Server | <SFU directory>admin |
| Clilocks.dll | Object for enumerating locks of NFS Server | <SFU directory>admin |
| Listview.lpk | Licensed Package for listview | <SFU directory>admin |
| Pcctrl.dll | Object for PCNFSD Administrator | <SFU directory>admin |
| Sfuadmin.dll | Services for UNIX snap-in | <SFU directory>admin |
| Client, Gateway,Mmain, Nisdmain,Nissmain, Pcmain,Psmain, Server,Tnmain | All files are HTML for administrative UI | <SFU directory>admin |
| Agroup.js, Auser.js,Clifiles.js, Cliperf.js,Clisec.js, Gtwmapng.js,Gtwshrng.js, Maintain.js,Maps.js, Nispush.js,Pcgroups.js, Pcusers.js,Psaudit.js, Pshosts.js,Psport.js, Pssec.js,Slaves.js, Srvaudit.js,Srvclgrp.js, Srvfiles.js,Srvsecur.js, Suser.js,Tnaudit.js, Tnauth.js,Tnsess.js, Tnsvset.js,View.js | All .js files are scripts for administrative UI | <SFU directory>admin |
Table 25.3 lists the files that are installed during the installation of Client for NFS.Table 25.3 Client for NFS Files
| File Name | Description | Location |
|---|---|---|
| Gwdll.dll | Gateway network provider | %windir%system32 |
| Nfsccfg.dll | Client network provider helper | %windir%system32 |
| Nfsclnt.exe | NFS client | %windir%system32 |
| Nfscprop.dll | NFS shell | %windir%system32 |
| Nfsnp.dll | Client network provider | %windir%system32 |
| Nfsrdr.sys | Client redirector | %windir%system32drivers |
| Clinotfy.mof, Cliauth.mof,Clifiles.mof, Cliperf.mof,Clisec.mof | All .mof files are Windows Management Instrumentation (WMI) classes for Services for UNIX administrator | %windir%system32wbem |
| Clinfs.chm, Clinfs_.chm,Gatenfs.chm,Gatenfs_.chm,Mapserv.chm,Mapserv_.chm,Nisserv.chm, Nisserv_.chm,Passynch_.chm,Pcnfsd.chm, Servnfs.chm,Servnfs_.chm, Stuart.chm,Sfushare.chm,Sfuwipro.chm,Svcsunix.chm,Telclin_.chm, Telclint.chm,Telserv.chm, Telserv_.chm,Unixutil.chm, Readme.txt | Help files | <SFU directory>help |
Installing Server for NFS
If you select Server for NFS to enable Windows 2000 Professional or Windows 2000 Server to act as an NFS server, you need to install a copy of Server for NFS on each Windows 2000 Professional or Windows 2000 Server that acts as an NFS server.
NOTETo install Server for NFS from Windows
To install Server for NFS, you need administrator rights to the computer that is running Windows 2000.
Run Services for UNIX Setup.Click typical installation.Select Server for NFS, and then select run it from my computer.
To install Server for NFS from the command prompt
At the command prompt type:msiexec /I sfusetup.msi /qb ADDLOCAL="NFSServer, NFSServerAuth"
NOTETable 25.4 lists the files that are installed during the installation of Server for NFS.Table 25.4 Server for NFS Files
To use the preceding command, Sfusetup.msi must exist in the same directory from which you execute the command. If Sfusetup.msi is in a different directory, include the full path. You can find Sfusetup.msi in the i386 directory on the installation CD.
| File Name | Description | Location |
|---|---|---|
| Dsctrnm.h | Performance counter data | <SFU directory>nfs |
| Dsctrs.dll | Performance counter | <SFU directory>nfs |
| Dsctrs.ini | Performance counter | <SFU directory>nfs |
| Monitor.lst | Status monitor data | <SFU directory>nfs |
| Nlm.lck, Pend.lck,Share.lck | NLM data | <SFU directory>nfs |
| Rpcinfo.exe | Remote procedure call (RPC) information | <SFU directory>common |
| Sfueula.txt | End-User License Agreement for Services for UNIX | <SFU directory>common |
| Sfumgmt.msc | MMC Console for Services for UNIX Admin Snap-in | <SFU directory>common |
| SfuWbem.dll | Wrapper for Microsoft® ActiveX® Objects | <SFU directory>common |
| Showmnt.exe | Showmount utility | <SFU directory>common |
| Style.css | Cascading style sheet for admin HTML pages | <SFU directory>common |
| Tnadmin.exe | Command Line Administration for Telnet | <SFU directory>common |
| Sfuhelp.gif, Sfurefr.gif,Sfusave.gif | Images in Services for UNIX Admin | <SFU directory>common |
| Gwdll.dll | Gateway network provider | %windir%system32 |
| Nfsext.dll | Shell extension | %windir%system32 |
| Nfssa.dll | Server for NFS authentication | %windir%system32 |
| Nfssvc.exe | Server for NFS service | %windir%system32 |
| Nfssvr.sys | Server for NFS driver | %windir%system32drivers |
| Portmap.sys | Portmapper driver | %windir%system32drivers |
| Rpcxdr.sys | RPC driver | %windir%system32drivers |
| Srvaudit.mof,Srvauth.mof,Srvfiles.mof, Srvsec.mof,Srvnotfy.mof | All .mof files are WMI classes for Services for UNIX administrator | %windir%system32wbem |
| Clinfs.chm, Clinfs_.chm,Gatenfs.chm,Gatenfs_.chm,Mapserv.chm,Mapserv_.chm,Nisserv.chm,Nisserv_.chm,Passync.chm,Passync_.chm,Pcnfsd.chm, Servnfs.chm,Servnfs_.chm,Sfuart.chm,Sfushare.chm,Sfuwipro.chm,Svcsunix.chm,Telclin_.chm,Telclint.chm,Telserv.chm,Telserv_.chm,Unixutil.chm | Help files | <SFU directory>help |
User Authentication
When an attempt is made to access NFS resources located on Server for NFS, user name mapping and authentication are performed. During an NFS call, Server for NFS receives a UNIX user identifier (UID) from an NFS client. Server for NFS then uses the mapping server to map this UID to a Windows user name. Server for NFS uses its authentication feature to authenticate the mapped Windows user name. It uses the credentials of the mapped user to access the files and provide them to the NFS client. Thus, only valid UNIX users get access to files stored on Windows-based computers when their access privileges are the same as the corresponding Windows user. Authentication is provided by Server for NFS Authentication, which you must install either on all domain controllers, for validation of domain users, or on the computer running Server for NFS, for validation of local users.Services for UNIX 2.0 provides the following components, which you can use for authentication of file access on an NFS server.Server for PCNFS You can install Server for PCNFS on either Windows 2000 Professional or Windows 2000 Server. Server for PCNFS is one option for providing user authentication services when NFS-based clients (Client for NFS or third-party NFS clients) need to access NFS files. Server for PCNFS works with the mapping server. The mapping server can parse files from any PCNFSD server and then provide authentication and mapping to client computers running Client for NFS.Server for NIS Server for NIS must be installed on a Windows 2000 Server that is configured as a domain controller. Server for NIS allows a Windows 2000 Server that is configured as a domain controller to act as the NIS master for a particular UNIX domain. One service that Server for NIS provides is the capability to authenticate requests for NFS shares.
NOTE
You can also configure a UNIX NIS server to provide authentication for computers that have Client for NFS installed.
Installing Server for PCNFS
If you select Server for PCNFS for authentication, you need to install it on any computer that is running either Windows NT or Windows 2000, which you want to act as a PCNFSD server. To install Server for PCNFS from Windows
Run Services for UNIX Setup.Click typical installation.Select Server for PCNFS, and then select run it from my computer.
To install Server for PCNFS from the command prompt
At the command prompt type:msiexec /I sfusetup.msi /qb ADDLOCAL="PCNFSDServer"
NOTETable 25.5 lists the files that are installed during the installation of Client for NFS.Table 25.5 Server for PCNFS Files
To use the preceding command, Sfusetup.msi must exist in the same directory from which you execute the command. If Sfusetup.msi is in a different directory, include the full path. You can find Sfusetup.msi in the i386 directory on the installation CD.
| File Name | Description | Location |
|---|---|---|
| Pcnfsd.exe | PCNFSD service | %windir%system32 |
| Kepcnfsd.sys | Kernel-mode component | %windir%system32drivers |
| Portmap.sys | Portmapper | %windir%system32drivers |
| Rpcxdr.sys | RPC/XDR | %windir%system32drivers |
| Pcnotify.mof | WMI class for Services for UNIX admin | %windir%system32wbem |
| Clinfs.chm, Clinfs_.chm,Gatenfs.chm,Gatenfs_.chm,Mapserv.chm,Mapserv_.chm,Nisserv.chm,Nisserv_.chm,Passync.chm,Passync_.chm,Pcnfsd.chm, Servnfs.chm,Servnfs_.chm,Sfuart.chm,Sfushare.chm,Sfuwipro.chm,Telclin_.chm,Telclint.chm,Telserv.chm,Telserv_.chm,Unixutil.chm, Readme.txt | Help files | <SFU directory>help |
Username Mapping Server
The computer on which you install Username Mapping Server can be running either Windows 2000 Professional or Windows 2000 Server. Username Mapping Server depends on either an NIS server or a PCNFSD server to provide the UNIX user information. This UNIX user information is used by Username Mapping Server to map and authenticate users. As Figure 25.4 illustrates, all the NFS components (Client for NFS, Server for NFS, and Gateway for NFS) must first go through Username Mapping Server during the mapping and authentication process.
Figure 25.4 Username Mapping Server
Username Mapping Server provides two kinds of mappings. The easiest is simple mapping: a UNIX user is mapped to a user with the same user name in the Windows domain and vice versa. Administrators can also configure advanced mapping: a UNIX user is mapped to a user with a completely different user name in a Windows domain and vice versa.When Username Mapping Server receives a request, it first checks if there is an advanced mapping for the given user and returns the mapping if it finds one. If it does not find such a mapping, it looks for a simple mapping. If it finds such a user, it provides the mapped user.
NOTE
When using Username Mapping Server, you can use Server for PCNFS or Server for NIS from Services for UNIX, or you can use a PCNFSD server or NIS server on a UNIX computer.
Installing Username Mapping Server
If you select Username Mapping Server to map and authenticate your users, you need to install it on any computer that is running Windows NT or Windows 2000 and acting as a mapping server. To install Username Mapping Server from Windows
Run Services for UNIX Setup.Click custom installation.Select Username Mapping Server, and then select run it from my computer.
To install Username Mapping Server from the command prompt
At the command prompt type:msiexec /I sfusetup.msi /qb ADDLOCAL="Username Mapping Server"
NOTETable 25.6 lists the files that are installed when you install Username Mapping Server.Table 25.6 Username Mapping Server Files
To use the preceding command, Sfusetup.msi must exist in the same directory from which you execute the command. If Sfusetup.msi is in a different directory, include the full path. You can find Sfusetup.msi in the i386 directory on the installation CD.
| File Name | Description | Location |
|---|---|---|
| Mapadmin.exe | Mapping utility | <SFU directory>common |
| Mapsvc.exe | Mapping server | <SFU directory>mapper |
| Clinfs.chm, Clinfs_.chm,Gatenfs.chm,Gatenfs_.chm,v Mapserv.chm,Mapserv_.chm,Nisserv.chm, Nisserv_.chm,Passync.chm,Passync_.chm, Pcnfsd.chm,Servnfs.chm, Servnfs_.chm,Sfuart.chm, Sfushare.chm,Sfuwipro.chm,Telclin_.chm, Telclint.chm,Telserv.chm, Telserv_.chm,Unixutil.chm, Readme.txt | Help files | <SFU directory>help |
Password Synchronization
The computer on which you install Password Synchronization can be running either Windows 2000 Professional or Windows 2000 Server. Password Synchronization eliminates the need to enter two different passwords when you log on and access resources from either UNIX or Windows 2000. Services for UNIX 2.0 allows for two-way password synchronization. For example, if you change the password for a user on Windows 2000 Professional, the password for the UNIX account of that user is automatically synchronized to the same password, and a password change under UNIX causes synchronization of the Windows 2000 password. Password Synchronization can be used in an environment with or without Windows 2000 Server configured as a domain controller. If you have Windows 2000 Professional-based computers in an environment without a domain controller, then install the Services for UNIX Password Synchronization component on the individual Windows 2000 Professional-based computers. In a Windows 2000 environment with multiple domain controllers, you must install Password Synchronization on each domain controller.Password Synchronization can synchronize passwords with multiple UNIX-based computers at the same time, instantaneously, and securely. It also provides administrative control over the computers and users who participate in password synchronization. In addition, Password Synchronization interoperates with the Services for UNIX 1.0 single sign-on daemon installed on UNIX-based computers.
Installing Password Synchronization
If you select Password Synchronization, you need to install a copy of Password Synchronization on each Windows 2000 Professional-based computer that needs access to NFS files or on each domain controller in the domain.You also need to install the single sign-on daemon (SSOD) on the UNIX-based computer with which you synchronize passwords. If you are using NIS, verify that SSOD is installed on the NIS master and that the Ssod.config file is configured with the full path to the Makefile located on the NIS master .In addition, if you are using shadow passwords, edit the Ssod.config file and set USE_SHADOW equal to 1 (default is 0).For propagating password changes from UNIX to Windows NT or Windows 2000, you need to install the supplied Windows NT Password Authentication Module (PAM) on UNIX. To install Password Synchronization
Run Services for UNIX Setup.Click typical installation.Select Password Synchronization, and then select run it from my computer.
To install Password Synchronization from the command prompt
At the command prompt type:msiexec /I sfusetup.msi /qb ADDLOCAL="Password Synchronization"
NOTETable 25.7 lists the files that are installed when you install Password Synchronization.Table 25.7 Password Synchronization Files
To use the preceding command, Sfusetup.msi must exist in the same directory from which you execute the command. If Sfusetup.msi is in a different directory, include the full path. You can find Sfusetup.msi in the i386 directory on the installation CD.
| File Name | Description | Location |
|---|---|---|
| Psadmin.exe | No longer required; HTML UI takes over | <SFU directory>pswdsync |
| Pswdsync.dll | Ssynchronizes passwords from Windows to UNIX | %windir%system32 |
| Psync.mof | All .mof files are WMI classes for Services for UNIX administrator | %windir%system32wbem |
| Clinfs.chm, Clinfs_.chm,Gatenfs.chm,Gatenfs_.chm,Mapserv.chm,Mapserv_.chm,Nisserv.chm, Nisserv_.chm,Passynch.chm,Passynch_.chm,Pcnfsd.chm, Servnfs.chm,Servnfs_.chm, Sfuart.chm,Sfushare.chm,Sfuwipro.chm,Svcsunix.chm,Telclin_.chm, Telclint.chm,Telserv.chm, Telserv_.chm | Help files | <SFU directory>help |
Account Management
In an NIS environment, clients and servers are logically grouped together to form a domain. Each NIS domain can have specific parameters for the NIS maps that you configure. The NIS maps are databases that contain the parameters or system information. For example, host names, user names, and passwords are some of the NIS maps.Server for NIS enables a Windows 2000 Server that is configured as a domain controller to act as the NIS master for a particular UNIX NIS domain. This provides you with the capability to migrate NIS maps and then centrally manage UNIX NIS domains from Windows 2000 Server. The NIS maps that you select to migrate are then migrated into Active Directory. A Windows 2000 Server that is Active Directory-enabled can then act as the NIS master for the specified UNIX domains. For more information about Server for NIS, see Services for UNIX Help.
UNIX Printing
Windows 2000 Professional provides services for printing to and from UNIX resources. There are multiple ways to implement these services; one option, as illustrated in Figure 25.5, is to configure Windows 2000 Professional with Line Printer (LPR), which sends print requests to a print queue on a UNIX host that is configured with Line Printer Daemon (LPD). LPD manages the print queue and sends the print job to the correct UNIX printer.
Figure 25.5 Printing to a UNIX Printer from Windows 2000 Professional
Another option is for Windows 2000 Server to act as an LPR/LPD gateway so that Windows computers without LPR/LPD services can print to a UNIX printer, as shown in Figure 25.6.
Figure 25.6 Printing Through an LPR/LPD Printer Gateway to a UNIX Printer
Another option, as illustrated in Figure 25.7, is to configure a UNIX computer with Line Printer (LPR), which sends print requests to a print queue on a Windows 2000-based computer configured with Line Printer Daemon (LPD). LPD manages the print queue and sends the print job to the correct Windows 2000 printer.
Figure 25.7 Printing to a Windows 2000 Printer from UNIX
