CONTENTS |
Up to this point, we have been discussing moving UNIX functionality such as X Windows and NFS onto Windows in order to achieve interoperability. Why not do the converse? Having some Windows functionality on UNIX would certainly be helpful in some cases. UNIX resources such as printers and disks could then be shared with several Windows systems on the network.
Advanced Server for UNIX is an AT&T product that serves as the basis for many products that bring Windows functionality to UNIX. Advanced Server for UNIX Systems is the result of a joint development agreement between AT&T and Microsoft Corporation. It provides Windows functionality that facilitates Windows and UNIX interoperability. With Advanced Server for UNIX, a UNIX system can act as a Primary or Backup Domain Controller (PDC or BDC), a file server, a print server, or any other Windows functional component. Most major UNIX vendors have a product that is based on Advanced Server for UNIX. This chapter will use the HP-UX implementation of Advanced Server for UNIX called Advanced Server/ 9000. Other implementations of Advanced Server for UNIX are similar, so you can use the examples in this chapter as a basis of understanding for other such implementations.
This chapter makes use of some of the net commands of Windows, especially the net share command. When I am working on the UNIX system (dloaner) in this chapter, I use the command line including some net commands. When I am working on the Windows system (hpsystem1) in this chapter, I will use graphical Windows functionality, which is preferable to issuing commands on the command line. I use both the command line and graphical methods so that you can see the difference in the two approaches. You may want to explore some of these net commands described in the "Command Line" chapter and using the online help of your Windows system as you progress through this chapter. Here is a list of some widely used net commands and a brief explanation of each:
net accounts | Used to maintain the user accounts database. |
net computer | Used to add or delete computers from the domain database. |
net config server | |
Displays or changes settings for a server service on which the command is executed. | |
net config workstation | |
Displays or changes settings for the workstation service on which the command is executed. | |
net continue | Reactivates a Windows service that has been suspended with the net pause command. |
net file | Used for network file manipulation, such as listing ID numbers, closing a shared file, removing file locks, and so on. |
net group | Used to add, display, or modify global groups on servers. |
net help | Displays a listing of help options for any net command. |
net helpmsg | Displays explanations of Windows network messages such as errors, warnings, and alerts. |
net localgroup | Used to modify local groups on computers. |
net name | Used to add or delete a "messaging name" at a computer, which is the name to which messages are sent. |
net print | Used to list print jobs and shared queues. |
net send | Sends messages to other users, computers, and "messaging names" on the network. |
net session | Used to list or disconnect sessions between the computer and other computers on the network. |
net share | Shares a server's resources with other computers on the network. |
net start | Used to start services such as server. |
net statistics | Displays the statistics log for the local Workstation or Server service. |
net stop | Used to stop services such as server. |
net time | Synchronizes the computer's clock with another computer on the domain. |
net use | Displays, connects, or disconnects a computer with shared resources. |
net user | Creates or modifies user accounts. |
net view | Lists resources being shared on a computer. |
You can easily install and configure Advanced Server/9000 on your UNIX system. Advanced Server/9000 is installed using Software Distributor on your HP-UX system, just as you would load any other software. After installing Advanced Server/9000, you must run the configuration script called asu_inst. The following text shows running asu_inst to configure the UNIX system dloaner to be a Backup Domain Controller (BDC) for the Windows system hpsystem1:
# /opt/asu/lanman/bin/asu_inst This request script will prompt you for information which is necessary to install and configure your Advanced Server for UNIX Systems. There are two installation modes: Express Setup - the installation scripts use default settings so installation is quick and easy. You may change these settings after installation completes. The server is installed as a primary domain controller in its own domain. Custom Setup - this mode allows you to specify the settings at the beginning of installation. If you select this mode, you must specify the server's name, the domain it will participate in, and the role in that domain. NOTE: The installation requires a password for the administrative account. A default password of 'password' will be used, although you may elect to be prompted for a different password at the end of the installation. If you are installing many servers it is strongly recommended that you use the default password for all installations. Be sure to change these passwords after determining that your network is operating correctly. Do you want Express Setup [y/n]? y Advanced Server for UNIX provides a NETLOGON service which simplifies the administration of multiple servers. A single user accounts database can be shared by multiple servers grouped together into an administrative collection called a domain. Within a domain, each server has a designated role. A single server, called the primary domain controller, manages all changes to the user accounts database and automatically distributes those changes to other servers, called backup domain controllers, within the same domain. You may now supply a server name (the name which this server will be known on the network), the role that this server will perform in that domain (primary or backup), and a domain name. Enter the name of the server or press Enter to select 'dloaner': Each server must be given a role in a domain. The possible roles are: primary domain controller: Administration server. Distributes user accounts information to backup domain controllers. Validates network logon requests. There can be only one primary domain controller per domain. backup domain controller: Receives user account information from the primary domain controller. Validates network logon requests and can be promoted to primary if the primary domain controller is not accessible. Enter role (primary or backup): backup This installation will configure the server as a backup domain controller. You will be prompted to enter the name of the primary domain controller, and an administrative account name on the primary along with its password. In order for this installation to complete successfully, the primary domain controller must be running and connected to the network. Enter the name of the primary domain controller (eg, abc_asu): hpsystem1 Confirm choices for server dloaner: role : backup primary: hpsystem1 Is this correct [y/n]? y _&a0y0C_J Enter the name of an administrative account on the primary domain controller 'hpsystem1' or press Enter to select 'administrator': This procedure requires the password for the administrative account on 'hpsystem1'. If the password is the default ('password') created during installation, you will not need to be prompted for a password. If you have changed the password, you should allow this program to prompt for a password after the files have been installed. Do you want to use the default password [y/n]? y Advanced Server/9000 Copyright (c) 1988, 1991-1996 AT&T and Microsoft Copyright (c) 1992-1996 Hewlett-Packard All rights reserved Adding Advanced Server for UNIX Systems administrative users and groups Add Comment <Advanced Server account> Home Dir </opt/asu/lanman> UID <100> GID <99> Shell </sbin/false> Name <lanman> pw_name: lanman pw_passwd: * pw_uid: 100 pw_gid: 99 pw_age: ? pw_comment: pw_gecos: Advanced Server account pw_dir: /opt/asu/lanman pw_shell: /sbin/false enter addusr pw_name = lanman pw_passwd = * pw_uid = 100 pw_gid = 99 pw_gecos = Advanced Server account pw_dir = /opt/asu/lanman pw_shell = /sbin/false enter_quiet_zone() exit_quiet_zone() exiting addusr, error = 0 Add Comment <Advanced Server Administrator> Home Dir </var/opt/asu/lanman/lmxadmin> GID <99> Name <lmxadmin> pw_name: lmxadmin pw_passwd: * pw_uid: 0 pw_gid: 99 pw_age: ? pw_comment: pw_gecos: Advanced Server Administrator pw_dir: /var/opt/asu/lanman/lmxadmin pw_shell: enter addusr pw_name = lmxadmin pw_passwd = * pw_uid = 0 pw_gid = 99 pw_gecos = Advanced Server Administrator pw_dir = /var/opt/asu/lanman/lmxadmin pw_shell = enter_quiet_zone() exit_quiet_zone() exiting addusr, error = 0 Add Comment <Advanced Server GUEST Login> Shell </sbin/false> GID <99> Name <lmxguest> pw_name: lmxguest pw_passwd: * pw_uid: 0 pw_gid: 99 pw_age: ? pw_comment: pw_gecos: Advanced Server GUEST Login pw_dir: pw_shell: /sbin/false enter addusr pw_name = lmxguest pw_passwd = * pw_uid = 0 pw_gid = 99 pw_gecos = Advanced Server GUEST Login pw_dir = /usr/lmxguest pw_shell = /sbin/false enter_quiet_zone() exit_quiet_zone() exiting addusr, error = 0 Add Comment <Advanced Server World Login> Shell </sbin/false> GID <99> Name <lmworld> pw_name: lmworld pw_passwd: * pw_uid: 0 pw_gid: 99 pw_age: ? pw_comment: pw_gecos: Advanced Server World Login pw_dir: pw_shell: /sbin/false enter addusr pw_name = lmworld pw_passwd = * pw_uid = 0 pw_gid = 99 pw_gecos = Advanced Server World Login pw_dir = /usr/lmworld pw_shell = /sbin/false enter_quiet_zone() exit_quiet_zone() exiting addusr, error = 0 Creating Directory: /home/lanman Setting owner, group, and permissions for installed files.... Enter the password for administrator on hpsystem1: Re-enter password: Contacting the server 'hpsystem1' ... Success Creating Advanced Server for UNIX Systems accounts database. Starting the Advanced Server for UNIX Systems... The Advanced Server for UNIX Systems is now operational. #
After the installation and configuration are complete, you have netdemon running, which is an essential component of Advanced Server/9000, as shown in the following ps command:
# ps -ef | grep netdemon root 1100 1 0 10:18:38 ? 0:00 /opt/lmu/netbios/bin/netde mon #
In addition to netdemon, NetBIOS must also be running.
Advanced Server/9000 starts several processes on your UNIX system in addition to netdemon. You can also verify that the Advanced Server/9000 server is running by viewing its processes with the ps command:
# ps -ef | grep lm root 3285 1 0 10:37:19 ? 0:00 lmx.dmn root 3200 1 0 10:36:57 ? 0:00 lmx.ctrl root 3262 3200 0 10:37:07 ? 0:00 lmx.srv -s 1 root 3295 1 0 10:37:20 ? 0:00 lmx.sched root 3289 1 0 10:37:19 ? 0:00 lmx.browser root 1100 1 0 10:18:38 ? 0:00 /opt/lmu/netbios/bin/netdemon #
Many processes are shown here, such as lmx.dmn, which is the daemon; lmx.ctrl, which is the control process; lmx.sched, which is the scheduler; lmx.browser which is the browser; and lmx.srv, which is a client session. If Advanced Server/9000 is not running, you would use the net start server command to start the server. Similarly, you would stop the server with net stop server.
In addition, you have several users and groups that have been created on your UNIX system to facilitate using Advanced Server/ 9000 with your Windows systems. The new users are shown in the upcoming /etc/passwd file, and the new groups are shown in the upcoming /etc/group file:
# cat /etc/passwd root:jThTuY9OhNxGY:0:3::/:/sbin/sh daemon:*:1:5::/:/sbin/sh bin:*:2:2::/usr/bin:/sbin/sh sys:*:3:3::/: adm:*:4:4::/var/adm:/sbin/sh uucp:*:5:3::/var/spool/uucppublic:/usr/lbin/uucp/uucico lp:*:9:7::/var/spool/lp:/sbin/sh nuucp:*:11:11::/var/spool/uucppublic:/usr/lbin/uucp/uucico hpdb:*: :1:ALLBASE:/:/sbin/sh nobody:*:-2:-2147483648::/: lanman:*:100:99:Advanced Server account:/opt/asu/lanman:/sbin/false lmxadmin:*:202:99:Advanced Server Administrator:/var/opt/asu/lanman/lmxadmin: lmxguest:*:203:99:Advanced Server GUEST Login:/usr/lmxguest:/sbin/false lmworld:*:204:99:Advanced Server World Login:/usr/lmworld:/sbin/false # cat /etc/group root::0:root other::1:root,hpdb bin::2:root,bin sys::3:root,uucp adm::4:root,adm daemon::5:root,daemon mail::6:root lp::7:root,lp tty::10: nuucp::11:nuucp users::20:root nogroup:*:-2: DOS----::99:lanman DOS-a--::98:lanman DOS--s-::97:lanman DOS---h::96:lanman DOS-as-::95:lanman DOS-a-h::94:lanman DOS--sh::93:lanman DOS-ash::92:lanman #
In addition to the UNIX system modifications that have automatically taken place, the Windows Primary Domain Controller (PDC) now recognizes the UNIX system as the backup domain controller. Figure 29-1 shows a screen shot from the Windows system hpsystem1, which is the primary domain controller. The screen shot shows dloaner acting as the backup domain controller and the default shared directories on the UNIX system dloaner. The share properties for one of the shares, C:\opt\asu\lanman, are also shown.
These shares can also be viewed on the command line of the UNIX system using the net command, as shown in the following output:
# /opt/asu/lanman/bin/net share Sharename Resource Remark ------------------------------------------------------------------------------- ADMIN$ C:\OPT\ASU\LANMAN Admin Share IPC$ IPC Share C$ C:\ Root Share D$ C:\VAR\OPT\ASU\LANMAN\SHARES SystemRoot Share ASTOOLS C:\VAR\OPT\ASU\LANMAN\SHARES... Advanced Server Tools DOSUTIL C:\VAR\OPT\ASU\LANMAN\SHARES... DOS Utilities NETLOGON C:\VAR\OPT\ASU\LANMAN\SHARES... Logon Scripts Directory PATCHES C:\VAR\OPT\ASU\LANMAN\SHARES... Client Patches PRINTLOG C:\VAR\OPT\ASU\LANMAN\SHARES... LP printer messages USERS C:\HOME\LANMAN Users Directory The command completed successfully. #
These are the default shares that have been set up by Advanced Server/9000. Those followed by a $ are hidden shares used only for administrative purposes. When you run Windows Explorer, you don't see these hidden directories.
You can set up additional shares, such as the printer and disk we will set up in the upcoming sections, " Sharing a Printer " and " Sharing a File System," respectively.
In addition to the default sharing that takes place with Advanced Server/9000, there may be additional resources you may want to share between Windows and UNIX systems.
For example, you may have a printer used in your UNIX environment to which you want Windows systems to have access. The following commands show adding a shared printer and viewing it in UNIX.
The first command is lpstat on UNIX, which shows the status of the existing printer laser:
# lpstat -t scheduler is running system default destination: laser device for laser: /dev/c2t0d0_lp laser accepting requests since Feb 11 17:23 printer laser is idle. enabled since Feb 11 17:23 fence priority : 0 no entries #
Next, we run the net command and specify the printer laser as a shared printer device:
# /opt/asu/lanman/bin/net net share laser=laser /print laser was successfully shared
To see the configuration of the printer, we can issue the net print command as shown below:
# net print laser /options Printing options for LASER Status Queue Active Remark Print Devices laser Driver HP-UX LM/X Print Manager Separator file Priority 5 Print after 12:00 AM Print until 12:00 AM Print processor Parameters COPIES=1 EJECT=AUTO BANNER=YES The command completed successfully. #
After printing a text file from the Windows system onto the device laser connected to the UNIX system running Advanced Server/9000, I received a bunch of unintelligible information on the printed sheet. The Advanced Server/9000 printer was not configured raw. I issued the following command to make the printer raw:
# net print laser /parms:types=-oraw The command completed successfully.
The new configuration, with the TYPES=-oraw, is shown in the following output. This device successfully printed from the Windows system to the UNIX system running Advanced Server/9000 to which laser is connected:
# net print laser /options Printing options for LASER Status Queue Active Remark Print Devices laser Driver HP-UX LM/X Print Manager Separator file Priority 5 Print after 12:00 AM Print until 12:00 AM Print processor Parameters COPIES=1 TYPES=-oraw EJECT=AUTO BANNER=YES The command completed successfully. #
We can now view all the shared devices with the net command:
# /opt/asu/lanman/bin/net share Sharename Resource Remark ------------------------------------------------------------------------------- ADMIN$ C:\OPT\ASU\LANMAN Admin Share IPC$ IPC Share C$ C:\ Root Share D$ C:\VAR\OPT\ASU\LANMAN\SHARES SystemRoot Share ASTOOLS C:\VAR\OPT\ASU\LANMAN\SHARES... Advanced Server Tools DOSUTIL C:\VAR\OPT\ASU\LANMAN\SHARES... DOS Utilities NETLOGON C:\VAR\OPT\ASU\LANMAN\SHARES... Logon Scripts Directory PATCHES C:\VAR\OPT\ASU\LANMAN\SHARES... Client Patches PRINTLOG C:\VAR\OPT\ASU\LANMAN\SHARES... LP printer messages USERS C:\HOME\LANMAN Users Directory LASER laser Spooled The command completed successfully. #
The last item in this listing is the printer laser that was added with the net command. All the previous commands were issued on the UNIX system running Advanced Server/9000. We can now view the shared devices of dloaner on the Windows system using Explorer to confirm that the printer laser is a shared device, as shown in Figure 29-2.
The details of this shared printer can be viewed in Printers under Control Panel.
With the printer having been added, the shares that are now set up on the UNIX system running Advanced Server/9000 look like the following:
# /opt/asu/lanman/bin/net share Sharename Resource Remark ------------------------------------------------------------------------------- ADMIN$ C:\OPT\ASU\LANMAN Admin Share IPC$ IPC Share C$ C:\ Root Share D$ C:\VAR\OPT\ASU\LANMAN\SHARES SystemRoot Share ASTOOLS C:\VAR\OPT\ASU\LANMAN\SHARES... Advanced Server Tools DOSUTIL C:\VAR\OPT\ASU\LANMAN\SHARES... DOS Utilities NETLOGON C:\VAR\OPT\ASU\LANMAN\SHARES... Logon Scripts Directory PATCHES C:\VAR\OPT\ASU\LANMAN\SHARES... Client Patches PRINTLOG C:\VAR\OPT\ASU\LANMAN\SHARES... LP printer messages USERS C:\HOME\LANMAN Users Directory LASER laser Spooled The command completed successfully. #
The shares shown include the printer that was added. We could now issue the net share command and add a UNIX file system to be shared. To sharethe/home directory on the UNIX system dloaner, we would issue the following command:
# /opt/asu/lanman/bin/net share home=c:/home home was shared successfully
Note that the UNIX notation for the directory was issued with the slash (/) rather than the backslash (\), as you would on a Windows system. We can now view the shares on dloaner, including the new HOME share, with the net command:
# /opt/asu/lanman/bin/net share Sharename Resource Remark ------------------------------------------------------------------------------- ADMIN$ C:\OPT\ASU\LANMAN Admin Share IPC$ IPC Share C$ C:\ Root Share D$ C:\VAR\OPT\ASU\LANMAN\SHARES SystemRoot Share ASTOOLS C:\VAR\OPT\ASU\LANMAN\SHARES... Advanced Server Tools DOSUTIL C:\VAR\OPT\ASU\LANMAN\SHARES... DOS Utilities HOME C:\HOME NETLOGON C:\VAR\OPT\ASU\LANMAN\SHARES... Logon Scripts Directory PATCHES C:\VAR\OPT\ASU\LANMAN\SHARES... Client Patches PRINTLOG C:\VAR\OPT\ASU\LANMAN\SHARES... LP printer messages USERS C:\HOME\LANMAN Users Directory LASER laser Spooled The command completed successfully. #
You could now view this share on the Windows system and map it to a drive, as shown in Figure 29-3.
_____________________________
I covered only a small subset of Advanced Server/9000 functionality in this chapter. I covered using a UNIX system running Advanced Server/9000 as a backup domain controller, sharing a UNIX-connected printer with a Windows network, and sharing a UNIX-connected disk with a Windows network. These are some of the more common uses for Advanced Server/9000. Nearly everything you can do with a Windows system can be done with Advanced Server/9000, so don't limit yourself to only the functionality covered in this chapter.
CONTENTS |