412 Chapter 10 • Supporting Non-Windows 2000 Clients and Servers 5. Now that you have agreed to the EULA and entered your personal infor- mation, you’re ready to pick the components of Services for UNIX you want to install.The Installation Options window shown in Figure 10.17 gives two choices for installation: standard installation and custom installa- tion. Standard installation installs the components Microsoft considers to be the most typical.The default components are shown in Table 10.3, which also tells us which components require a reboot and the minimum www.syngress.com Figure 10.15 The Customer Information Window in the SFU Setup Wizard Figure 10.16 The License and Support Window in the SFU Setup Wizard 181_SerSec2e_10 9/5/01 1:56 PM Page 412 Supporting Non-Windows 2000 Clients and Servers • Chapter 10 413 space required for each component. (Because of shared files, installing everything at once uses only 52MB of space.) A standard installation installs to C:\SFU\. Custom installation allows us to choose the compo- nents you want installed, along with where you want them installed. For this exercise, choose Custom. Table 10.3 Services for UNIX Installation Defaults Based on Operating System Windows 2000 Windows Professional 2000 Server and Windows and Windows NT 4.0 Requires Space NT 4.0 Server Workstation a Reboot Requirements Client for NFS X X 19MB Cron Service 17MB Gateway for NFS X 19MB Password X 17MB synchronization Remote 17MB Shell Service Server for PCNFS 17MB Server for NIS X 21MB www.syngress.com Figure 10.17 The Installation Options Window in the SFU Setup Wizard Continued 181_SerSec2e_10 9/5/01 1:56 PM Page 413 414 Chapter 10 • Supporting Non-Windows 2000 Clients and Servers Server for NFS X 19MB Server for NFS X 15MB authentication Telnet Client X X 17MB Telnet Server X X 18MB UNIX utilities X X 25MB User Name 17MB Mapping 6. If you chose custom installation, you are presented with the Selecting Components window shown in Figure 10.18.This is where you choose which components will be installed. Notice that some of the compo- nents have a gray box with a hard drive symbol, and some of the com- ponents have a white box with a red X.The hard drive symbol means that the component will be installed on your hard drive.The red X indi- cates that component will not be installed on your hard drive. For this exercise, we want to install all components. Right-clicking a component will gives you the choice to install to the hard drive or to not install to the hard drive. 7. Since you installed all components,ActiveState Perl will be installed, and you will be presented with the ActiveState Perl License and Support Information window shown in Figure 10.19.This window appears only if you are installing Perl.You have only two choices: agree to the license and continue installation or don’t accept the license. If you choose not to accept the license, you need to go back to the Selecting Components window and choose not to install ActiveState Perl. www.syngress.com Table 10.3 Continued Windows 2000 Windows Professional 2000 Server and Windows and Windows NT 4.0 Requires Space NT 4.0 Server Workstation a Reboot Requirements 181_SerSec2e_10 9/5/01 1:56 PM Page 414 Supporting Non-Windows 2000 Clients and Servers • Chapter 10 415 8. Figure 10.20 shows the User Name Mapping window.This window appears only if we are installing User Name Mapping. User Name Mapping is a component of Authentication Tools for NFS. If you know the name of your User Name Mapping server, you can enter the infor- mation here. If you don’t know the server’s name, you can enter the name after installation has finished. If you are installing User Name Mapping now, you must type the name of the server on which you are currently installing Services for UNIX. www.syngress.com Figure 10.18 The Selecting Components Window in the SFU Setup Wizard Figure 10.19 The ActiveState Perl License and Support Information Window 181_SerSec2e_10 9/5/01 1:56 PM Page 415 416 Chapter 10 • Supporting Non-Windows 2000 Clients and Servers 9. Figure 10.21 shows us the NIS/Password Synchronization window.This window is more warning than anything else. Notice that it doesn’t ask us for any information. It is merely telling us that password synchronization must be installed on all domain controllers and that installing NIS will update the Windows 2000 schema.What does this mean to us? The account used to install NIS must be a schema admin and the schema master must be enabled for schema writes. www.syngress.com Figure 10.20 The User Name Mapping Window in the SFU Setup Wizard Figure 10.21 NIS/Password Synchronization Window in the SFU Setup Wizard 181_SerSec2e_10 9/5/01 1:56 PM Page 416 Supporting Non-Windows 2000 Clients and Servers • Chapter 10 417 10. Now you have to choose where on your local hard drive you want to install Services for UNIX. Figure 10.22 shows the Installation Location window.This window shows the drives available for installation.The default installation path is C:\SFU\.You can change that by typing a new path or browsing to the folder where you want Services for UNIX installed. 11. After choosing where to install SFU, you must wait for the actual instal- lation to take place.This can take a while, depending on how many components you install.After installation is complete, you will be given the Completing the Windows Services for UNIX Setup Wizard window shown in Figure 10.23. Click Finish to end the installation wizard. The Services for UNIX feature has many components.We have just seen how to install these components. Now let’s look at what each component does and how to use it.We could organize all the individual components into the following four categories: ■ NFS software ■ Account administration tools ■ Network administration tools ■ UNIX utilities www.syngress.com Figure 10.22 The Installation Location Window in the SFU Setup Wizard 181_SerSec2e_10 9/5/01 1:56 PM Page 417 418 Chapter 10 • Supporting Non-Windows 2000 Clients and Servers NFS Software Network File System (NFS) is the primary file system used by UNIX. NFS soft- ware allows Windows 2000 clients to access UNIX resources, and vice versa. These components are managed via the Services for UNIX Microsoft Management Console shown in Figure 10.24.The NFS software includes the fol- lowing components: ■ NFS Client Software ■ NFS Server Software ■ NFS Gateway Software ■ PCNFS Server Software Using the Client Software for NFS The NFS Client software allows Windows clients to access resources on NFS UNIX servers.The Windows client operates as though it is mapping to a share on a Windows 2000 server. Users can access shares by using their normal Windows methods, such as mapping a drive using universal naming convention (UNC) names from the run command window (i.e., \\server\share), browsing to resources through My Network Places, or using the net use command in the command prompt window.They can also use UNIX mount commands with the standard UNIX syntax (i.e., server:/share).The NFS Client supports NFS versions 2 and 3. www.syngress.com Figure 10.23 Completing the Windows Services for UNIX Setup Wizard 181_SerSec2e_10 9/5/01 1:56 PM Page 418 Supporting Non-Windows 2000 Clients and Servers • Chapter 10 419 Clients use a single logon to access both UNIX resources and Windows 2000 resources.As long as the user has both a Windows account and a UNIX account, the User Name Mapping service maps the Windows account to the UNIX account. Users have the same permissions whether accessing files from a Windows NFS client or from a UNIX NFS client.Access to NFS servers is controlled by the name or IP address of the client. Directory and file access is controlled by assigning permissions (read, write, and execute) to users and groups.The Client for NFS is managed in the Services for UNIX Administration MMC tool shown in Figure 10.25.Table 10.4 explains the tabs available for the Client for NFS. www.syngress.com Figure 10.24 The Services for UNIX Microsoft Management Console Window 181_SerSec2e_10 9/5/01 1:56 PM Page 419 420 Chapter 10 • Supporting Non-Windows 2000 Clients and Servers Table 10.4 Client for NFS Options Option Description Authentication Types the name of the server to be used for authentication. File permissions Applies default UNIX permissions to new files. Performance Configures options such as protocol preference (TCP or UDP), the length of time to wait for a connection, and the number of times to try to make a connection. Using the Server Software for NFS The NFS Server software allows UNIX clients to access resources on Windows 2000 servers.The UNIX client operates as though it is mapping to a UNIX resource.The server software for NFS supports all Windows file systems, including CDFS, FAT, FAT32, and NTFS.The NFS Server software supports NFS versions 2 and 3. It also supports file locking for NFS. www.syngress.com Figure 10.25 Managing the Client for NFS in the Services for UNIX Administration Tool 181_SerSec2e_10 9/5/01 1:56 PM Page 420 Supporting Non-Windows 2000 Clients and Servers • Chapter 10 421 One of the main benefits of NFS Server software is the ease of file sharing and controlling share access.We may assign access to local user accounts and domain accounts.We can assign the read, read/write, or root (UNIX Administrator) based permissions to our users.We can also assign permissions to groups.We can administer Server for NFS from the graphical user interface (GUI) or from the command prompt. Figure 10.26 shows the Server for NFS Administration tool.Table 10.5 explains the tabs available within this tool. Table 10.5 Server for NFS Options Option Description User mapping Types the name of the server to be used for authentication. Logging Selects the events to log. Choices include Mount, Locking, Read, Write, Create, Delete, and All. Locking Sets the lock grace waiting period (type in the seconds that users have to re-establish locks after restarting the server) and configure release locks. Client groups Creates and deletes groups. Adds clients to a group. www.syngress.com Figure 10.26 The Server for NFS in the Services for UNIX Administration Tool 181_SerSec2e_10 9/5/01 1:56 PM Page 421 [...]... machines.Windows 2000 server doesn’t use CSNW It uses GSNW Gateway Service for NetWare Gateway Services for NetWare (GSNW) doesn’t get installed on every client machine Instead, it is installed on a Windows 2000 server. The Windows 2000 server then functions as a gateway to the NetWare servers Client computers connect to the Windows 2000 server running GSNW, and the Windows 2000 server gets the information... NFS The PCNFS software allows Windows 2000 servers to function as PCNFS servers Clients that don’t support User Name Mapping use PCNFS servers for www.syngress.com 181_SerSec2e_10 9/5/01 1:56 PM Page 423 Supporting Non-Windows 2000 Clients and Servers • Chapter 10 authentication to NFS servers.When a username and password are sent to a PCNFS server, the PCNFS server verifies that they match the username... NetWare for their servers and Windows 2000 (or Windows 9x/NT) for their clients Many www.syngress.com 439 181_SerSec2e_10 440 9/5/01 1: 57 PM Page 440 Chapter 10 • Supporting Non-Windows 2000 Clients and Servers companies have both NetWare and Windows servers In this section we discuss how to make these two server products work together.We also describe how to make clients work in a mixed (both server platforms)... 9/5/01 1:56 PM Page 422 Chapter 10 • Supporting Non-Windows 2000 Clients and Servers Using the Gateway Software for NFS The Gateway software for NFS allows Windows clients to access NFS UNIX servers without loading Services for UNIX.The Windows Clients access a Windows 2000 server, and the Windows 2000 server retrieves the information from the UNIX server Gateway for NFS uses the User Name Mapping service... Supporting Non-Windows 2000 Clients and Servers • Chapter 10 Table 10.8 Server for NIS on a Domain Options Option Description NIS servers Adds or removes UNIX slave servers Changes a slave server to a master Propagates selected maps Maps Configuring the User Name Mapping Service NFS uses UNIX user identification to control access NFS uses user IDs (UIDs) and group IDs (GIDs).Windows 2000 doesn’t support... a server, pressing the Ctrl key and the right bracket (Ctrl+]) takes you back to the telnet prompt, where you can enter more commands Understanding the Telnet Server The telnet client allows clients to connect to remote servers and run programs The telnet server allows the telnet client to connect to a Windows server remotely.The telnet server is required for UNIX clients to access your Windows servers... file Figure 10.35 displays the Telnet Server Administration tool.Table 10.11 lists some of the possible server settings Figure 10.35 The Telnet Server Administration Tool www.syngress.com 181_SerSec2e_10 9/5/01 1:56 PM Page 435 Supporting Non-Windows 2000 Clients and Servers • Chapter 10 Table 10.11 Telnet Server Options Option Description Authentication Logging Server settings Chooses NTLM or clear... 9/5/01 1:56 PM Page 4 27 Supporting Non-Windows 2000 Clients and Servers • Chapter 10 Figure 10.30 The NIS Data Migration Wizard Using Server for NIS Server for NIS is an upgrade path from password synchronization It provides password synchronization and account management Server for NIS allows administering the Windows domain and the NIS domain from Active Directory A Windows 2000 domain controller... information Server for NIS is managed in the Services for UNIX Administration tool shown in Figures 10.31 and 10.32 Table 10.8 explains the tabs available for Server for NIS www.syngress.com 4 27 181_SerSec2e_10 428 9/5/01 1:56 PM Page 428 Chapter 10 • Supporting Non-Windows 2000 Clients and Servers Figure 10.31 Managing Server for NIS with the Services for UNIX Administration Tool Figure 10.32 Expanding the Server. .. NIS domain from Active Directory A Windows 2000 domain controller functions as the primary server for the NIS domain (It can also function as a slave.) Server for NIS supports UNIX NIS subordinate servers and UNIX NIS clients.We can also use Server for NIS to migrate a NIS server running on UNIX to a Windows 2000 computer Active Directory contains all the NIS objects One Active Directory object can . Supporting Non-Windows 2000 Clients and Servers Server for NFS X 19MB Server for NFS X 15MB authentication Telnet Client X X 17MB Telnet Server X X 18MB UNIX utilities X X 25MB User Name 17MB Mapping 6 17MB Gateway for NFS X 19MB Password X 17MB synchronization Remote 17MB Shell Service Server for PCNFS 17MB Server for NIS X 21MB www.syngress.com Figure 10. 17 The Installation Options Window in. Non-Windows 2000 Clients and Servers • Chapter 10 4 27 Using Server for NIS Server for NIS is an upgrade path from password synchronization. It provides password synchronization and account management. Server