Internetworking with UNIX and Linux


The UNIX operating system, originally developed in the 1970s at AT&T's Bell Laboratories as a platform for internal software development, is still evolving and growing. In its early days, UNIX was distributed at no cost to academic institutions, so an entire generation of programmers and computer scientists learned their art on UNIX systems in college. Almost all of the Internet software you're familiar with today was developed on UNIX systems, and it's the most common operating system for high-end graphics and engineering workstations manufactured by Sun Microsystems, Hewlett-Packard, and many other companies. The Open Source phenomenon (which is by no means new, but is certainly resurgent) has also produced the no-cost NetBSD, GNU, and Linux UNIX clones, ensuring that a new generation of programmers will continue the traditions of openness, collaboration, and sharing that typify the UNIX community.

This section looks at ways to network Windows XP with UNIX-type operating systems. Although many of the examples involve Linux (Red Hat Linux 6.0), most of the examples can be translated to almost any UNIX-type operating system.

The SMB/CIFS Protocol

The Server Message Block (SMB) protocol is the high-level network protocol used for Windows and LAN Manager file and printer sharing. To promote interoperation, Microsoft, the Santa Cruz Operation (SCO), Intel, and other companies began the Common Internet File System (CIFS) initiative to extend SMB networking to other operating systems. CIFS-compatible software packages can be obtained for many varieties of UNIX and Linux. For this chapter, I'll concentrate on just one: the Samba package.

Samba

Certainly the most popular UNIX-to-Windows networking package, Samba can be a lifesaver for integrated networks. Samba is an open source (read: free) software suite based on the SMB/CIFS protocol. The Samba server program makes it possible for UNIX/Linux computers to share folders and printers that Windows users can access, while the Samba client tools lets UNIX/Linux users access folders and printers shared by Windows computers. (Samba is integrated with Mac OS X, by the way, which is how OS X gets its Windows file-sharing capability.) And, because typing UNIX/Linux is already getting tiresome, I'll just write UNIX from now on, but for this discussion, I mean "UNIX and/or Linux and/or Mac OS X."

NOTE

You can get more information about Samba and download a version for your UNIX system from www.samba.org. Most Linux distributions include a version of Samba and install it by default.

For a good introduction to Samba, visit www.informit.com and search for samba. Skip down to the "Free Library" results, and select Sams Teach Yourself Samba in 24 Hours. After you register or log on, you can purchase the book or read it online for free. (By the way, InformIT is run by one of Que's sister companies.)


Samba Client Tools

To access file services on a Windows server from UNIX, you must know exactly what resources are available from a given host on the network. Samba includes a command-line program called smbclient for just that purpose. This application enables you to list available Windows shares and printers from within UNIX. The command

 smbclient -L \\lombok 

for example, lists all the folders and printers shared by the computer named lombok.

When you know the name of the desired shared folder, the smbmount command allows you to mount the Windows share on the local Linux file system. The command

 smbmount //lombok/shareddocs /mnt/winshare -U brian 

mounts the SharedDocs folder on computer lombok to the local directory /mnt/winshare. The -U switch tells smbclient what username to use when trying to mount the share. You'll be prompted for a password.

NOTE

If the Windows computer is running Windows XP with Simple File Sharing enabled, you can use any username and password. With Simple File Sharing, all network access is made using Guest credentials.


You also can use a Windows printer from a UNIX client. The easiest way to configure a Windows printer on a Red Hat Linux system is to use the Red Hat GUI-based print tool while logged on as root. This way, you can set up an SMB-based printer with a minimal amount of hassle. If you are not using Red Hat Linux, you must edit your /etc/printcap file manually. The number of options involved are beyond the scope of this chapter. A thorough reading of the SMB How-To, available from http://en.tldp.org/HOWTO/SMB-HOWTO.html, is recommended.

Samba Server Tools

Samba also includes tools and servers to make your UNIX system look just like a Windows-based network server; this capability lets your Windows computers use files and printers shared by UNIX systems.

The parameters for configuring Samba in a server capacity are contained in the file /etc/smb.conf on the UNIX host. The default file included with Samba has comments for every parameter to explain what each one is. Configuring the Samba server is beyond the scope of this book. However, I can offer a few pointers:

  • Samba is complex. You should read the documentation and FAQs for your Samba version before starting the setup procedure. A good place to start is http://en.tldp.org/HOWTO/SMB-HOWTO.html.

  • You can configure Samba for share-level passwords (à la Windows 9x sharing) or user-specific passwords with the security option. User security is the usual way to go, although you'll have to set up UNIX user accounts for each of your Windows users.

  • If you do use user security, you should set encrypt passwords = yes in smb.conf, as Windows will not transmit unencrypted passwords without special configuration. You'll also need to set up a user and password file for Samba's use, which is usually specified with the smb.conf entry smb passwd file = /etc/smbpasswd. Your Samba documentation will explain how to do this.

  • You can mimic Windows's Simple File Sharing by using share-level security without a password. However, in this case you must take care to prevent SMB access to your UNIX computer over the Internet.

When you have finished editing the smb.conf file, you can test to see that the syntax is correct by using the Samba program testparm. testparm checks smb.conf for internal "correctness" before you actually use it in a production environment. By running

 /usr/bin/testparm 

you get a printout like the following if all goes well:

 Load smb config files from /etc/smb.conf Processing section "[homes]" Processing section "[printers]" Processing section "[storage]" Loaded services file OK. Press enter to see a dump of your service definitions 

You can press Enter to see a dump of all the parameters the server uses to configure itself. When the configuration file is complete and correct, you must stop and restart the smbd service to make the changes take effect.

Printing to UNIX Queues from Windows

You can configure Samba to offer standard Windows shared printer service. As an alternative, Windows XP has built-in support to send output to UNIX-based printers using the lpr protocol. You can install a standard Windows printer whose output is directed to a UNIX system and can use this printer just as you would any local or networked Windows printer.

For instruction on connecting to an lpr-based printer, p. 645.


Printing to Windows Printers from UNIX

You can also install an LPD server on Windows XP Professional to let UNIX users print to any local printers shared by your computer. (It can print only to local printers installed on and shared by your computer, not to network printers from other machines used by your computer.)

To install this service, log on as Administrator (or as a Computer Administrator) and follow these steps:

1.

Open Network Connections by clicking Start, My Computer, My Network Places, View Network Connections.

2.

From the menu, select Advanced, Optional Networking Components.

3.

Select Other Network File and Print Services and click Details.

4.

Check Print Services for UNIX and click OK.

5.

Click Next. You may need to insert your Windows XP Installation CD-ROM.

These steps install the service but, because of an installer glitch, don't make the service start when you boot your computer. You might have to finish the job manually, like this:

1.

Click Start, right-click My Computer, and select Manage.

2.

In the left pane, open Services and Applications; then select Services.

3.

In the right pane, locate TCP/IP Print Server. Double-click this entry.

4.

If the service's Status is not shown as Started, click the Start button.

5.

If its Startup Type is not shown as Automatic, select Automatic from the Type drop-down list, and click OK.

6.

Close Computer Management.

Now, UNIX users can send print jobs to your computer by using the command

 lpr -S computername -P sharename 

where computername is the DNS name or IP address of your computer, and sharename is the share name of any of your printers.

TIP

By default, Windows treats incoming print jobs as ASCII text that must be formatted and printed. If the UNIX machine is sending, say, a PostScript file, Windows will print the PostScript source code rather than the document the file represents. UNIX users must use the appropriate -o option to send a "binary" print job in this case. For example, you can enter the following:

 lpr -S ambon -P Laserjet -o l filename.ps 


If text files are printed with line feeds inserted where just carriage returns were expected, see "Carriage Returns and Line Feeds Are Mangled" in the "Troubleshooting" section at the end of this chapter.



Telnet

The telnet command is perhaps one of the most well-known UNIX network tools. Telnet provides a remote terminal function and on a UNIX system lets you use a shell or command prompt environment on a remote system across a LAN or the Internet. Windows XP Professional includes a Telnet client for connecting to other systems running a Telnet server.

Windows XP supplies a Telnet application, but there's a surprise! This version is a Windows console program, meaning it looks like a Command Prompt window rather than a regular graphical Windows program. It also supports built-in NTLM authentication, so it can securely connect to the Telnet host service provided with Windows XP Professional and Server. To connect to a remote server with Telnetsay amber.somewhere.eduyou can issue the command by choosing Start, Run, or in a command prompt, as follows:

 telnet amber.somewhere.edu 

Alternatively, you can simply run the Telnet program without naming a remote host to start it in its "prompt" mode. Type help in prompt mode to see the list of valid commands.

To terminate a Telnet session, you can press Ctrl+] and enter the quit command, or simply close the Telnet console window.

TIP

Microsoft's Telnet client is less than wonderful. You can use the supplied Hyperterminal application, or download free SSH (secure shell) Telnet clients from www.chiark.greenend.org.uk/~sgtatham/putty or www.ssh.com. There are commercial SSH clients as wellsee www.ssh.com and www.datafellows.com.

These alternatives don't support NTLM encryption, so they're not secure for connecting to Windows Telnet hosts over the Internet, but the SSH clients are safer for connecting to UNIX hosts over the Internet.


The Telnet Host Service

Windows XP comes equipped with a Telnet server as well as a client. Having both a server and a client sounds like a boon for network managers, as it theoretically lets a remote user connect to and run programs on your Windows XP computer. It could conceivably also let a UNIX user connect to and run programs on a Windows XP computer. This could provide access to industrial-strength command-line management tools including cscript (Windows Script Host) and netsh (Network Shell). It's limited to two simultaneous incoming connections.

However, I don't recommend using the Telnet Host Service. As I've mentioned, Telnet is an insecure protocol. The Windows XP Telnet server does use the NTLM password encryption protocol to authenticate users, but this feature can be disabled. The result is that, in the end, using it is more of a risk than a benefit, and you can accomplish the same results by using Windows graphical interface management tools, such as Remote Desktop.

If you really want to try it, you must configure and activate it manually:

1.

Log on as a Computer Administrator.

2.

Open a command prompt window and type the command tlntadmn to view its current settings, and tlntadmn -? to view the list of configuration options. At the very least you should enter the command tlntadmn config sec -passwd to disable acceptance of unencrypted passwords; this will allow only NTLM authentication.

3.

Right-click My Computer and select Manage.

4.

Open Services and Applications, and select Services.

5.

Select Telnet in the right pane, and right-click Start. If you want the service to run when you boot up Windows, select Automatic under Startup Type.

6.

By default, only Administrators are permitted to sign on via telnet. To allow other users to log on, create a local security group named TelnetClients and add the users to it. (See "Local Users and Groups Management Tool", p. xxx (Chapter 28) for more information on assigning users to groups.)

7.

Test the service by opening a Command Prompt window and typing the commands telnet, set ntlm, open localhost.

8.

Type exit to disconnect. If you want to stop the service, go back to the Services Manager, right-click Telnet, and select Stop.

CAUTION

If you enable telnet, I really caution you against permitting connections to the Telnet service from the Internet. You should block incoming connections on TCP Port 23 at your router. Telnet is a prime target of network scanners and hackers, and dictionary attacks on key accounts like Administrator are common.


The Berkeley r Commands

Most UNIX operating systems also come equipped with a suite of programs collectively referred to as the "Berkeley r commands." Windows XP includes many of these tools, which are available from the Command Prompt. If you're a UNIX user, you're probably already familiar with these commands. Table 20.4 provides a brief list and description of the r commands provided with Windows XP.

Table 20.4. Berkeley r Commands Provided with Windows XP

Command

Description

rsh

Remote shell, or rsh, executes a single command on another network system. rsh copies its standard output to the remote system's standard input and redirects the remote system's standard output to the local standard input.

rexec

Remote execute, or rexec, executes a single command on a remote system. This command is similar to rsh, except that it works with a different host service.

rcp

Remote copy, or rcp, is a command for copying files between two systems. rcp can even do third-party copies in which neither the source nor the destination reside on the system executing rcp.


TIP

The Berkeley r commands, although very useful, are also inherently insecure because the commands used by these programs are usually passed in plain text through the network. Additionally, these commands are designed to be run in a trusted network where clients are not always required to reauthenticate themselves. This might not always be the case where today's networks are concerned. Because of these inherent vulnerabilities, it's best not to use these commands across the Internet. You might use the Secure Shell package, which replaces all the r commands as well as adds a greater degree of security via strong encryption. SSH also replaces the very insecure Telnet protocol and offers X11-encrypted forwarding.

For information on obtaining a free Windows-based client version of SSH, see the tip on page 795.


Services for UNIX

Microsoft offers a free set of tools called Services for UNIX (SFU) that provides most all of the utilities you will need to seamlessly glue together a network that includes Windows, UNIX, and Linux computers. You can obtain it via a free download at www.microsoft.com/sfu, or you can order it on CD. SFU is also provided with some Microsoft Developers Network subscriptions.

While "vanilla" Windows XP comes with several of the TCP/IP tools that UNIX gurus expect, SFU provides a much more complete toolkit for those who are used to UNIX computers. For example, while Windows XP contains a basic FTP client and a Telnet Server, you'll find enhanced versions of both of these important utilities in SFU 3.5. While some components of SFU are applicable only to Windows 200x Server, most parts that can be installed on Windows XP Professional and put to good use, as I'll explain shortly.

NOTE

Services for UNIX 3.5 does not work on Windows XP Home Edition.


The major components of Services for UNIX Version 3.5 include

  • NFS This includes an NFS client, an NFS server, a gateway service for NFS, and a server for PCNFS. PCNFS enables Windows clients to access NFS servers on UNIX boxes, by mapping the Windows SID to a Unix GID/UID (via user name mapping).

  • NIS Server for NIS (Sun's Network Information Service) allows a Windows 2000 Active Directory domain controller to act as a master NIS server. Unix NIS servers and clients can be managed from the Windows environment. A migration tool is also provided so that NIS data stored on UNIX systems can be imported into the Windows-based NIS Server.

  • User Name Mapping This tool allows for mapping Windows user account names to Unix account names.

  • Password Synchronization Similar to User Name Mapping, this utility can be used to keep passwords for user accounts synchronized between UNIX and Windows systems.

  • New Telnet Client and Server While Windows 2000 comes with a Telnet client and server, SFU 3.5 offers enhanced versions of these standard TCP/IP applications.

  • ActiveState PERL You can use this tool to run PERL scripts on Windows systems. (This is available separately from www.activestate.com.)

  • Interix The Windows NT kernel upon which Windows XP is built was designed to provide support for more than one operating system environment. The Interix subsystem overlays NT with more than 1,900 UNIX APIs, to provide a nearly complete Unix environment that can run alongside Windows. With Interix, you can run real UNIX applications from the familiar Korn and C shells, in an environment that even exposes a single-root file system. SFU Version 3.5 adds support for Posix Threads (pthreads).

  • Utilities including the vi editor, the gcc C/C++ compiler, the GNU SDK, make, rcs, yacc, lex and more than 300 other UNIX utilities.

Table 20.5 lists the components provided with Services for UNIX. SFU can be installed on Windows 200x Server, Advanced Server, and Windows XP Professional. However, not all components will be installed on Windows XP, as shown in the table.

Table 20.5. Services for UNIX System Compatibility

SFU Component

Windows 200x Server

Windows XP

Basic Utilities

Yes

Yes

UNIX Perl

Yes

Yes

Interix GNU Utilities

Yes

Yes

Interix GNU SDK

Yes

Yes

Interix SDK

Yes

Yes

ActiveState ActivePerl

Yes

Yes

Client for NFS

Yes

Yes

Server for NFS

Yes

Yes

Server for PCNFS

Yes

Yes

Server for NFS Authentication

Yes

Yes

Gateway for NFS

Yes

No

Server for NIS

Yes[*]

No

Password Synchronization

Yes

Yes

Telnet Server

Yes

No[]

Windows Remote Shell Service

Yes

Yes

User Name Mapping

Yes

Yes


[*] Server for NIS can only be installed on a Windows 2000 Domain Controller with Active Directory, since the NIS information is stored in the directory.

[] Use the downloaded SFU 3.5 setup package (or CD) to install at least one of the components. Any installation will by default install the MMC Console Snap-In used to manage the various components you choose, as well as a Help file and the release notes for SFU 3.5.



Special Edition Using Microsoft Windows XP Professional
Special Edition Using Microsoft Windows XP Professional (3rd Edition)
ISBN: 0789732807
EAN: 2147483647
Year: 2003
Pages: 450

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net