Setting Up File and Print Services

Previous page
Table of content
Next page
[Previous] [Next]

Once you've installed and configured the AppleTalk protocol, you're ready to install and configure the Macintosh services themselves. Even though FSM and PSM are two separate packages, we've grouped them together in this section because their respective installation processes are very similar. You can install the components in any order.

Prerequisites for Installing Macintosh Services

Before installing the Macintosh service components, you must meet a few prerequisites. First if you're going to install FSM you must have at least one NTFS partition on your server. This is because you can create MAVs only on NTFS or CD-ROM File System (CDFS) partitions—and even if you want to create MAVs only on CDFS partitions, you need an NTFS partition or FSM won't install.

Second you should already have installed and configured the network adapters you plan to connect to your AppleTalk networks and verified that they work. Finally you should have installed and configured AppleTalk and tested your installation to make sure that your existing network clients can see your new server as an AppleTalk node. You may need a tool like EtherPeek or Dartmouth's InterNetMapper to do this.

NOTE
If you want your Macintosh users to have access to files that are on ordinary shares (not MAVs), you can use a third-party utility like Thursby Software's (http://www.thursby.com) DAVE, which allows Macintosh computers to log on to Windows NT or Windows 2000 domains and use shared files and printers using Microsoft's native network protocols.

REAL WORLD   Beware the Magic FSM Numbers

Although installing and managing FSM is pretty straightforward, there are some magic numbers that you need to be aware of. These numbers (or, more accurately, limits) curb some of the things you can do with FSM:

  • Macintosh volumes can support filenames of only 31 characters maximum, while NTFS supports 256-character filenames. Macintosh files appear with their correct names on Windows systems that support long filenames, but they'll have truncated 8.3 names on systems that don't. FSM will truncate NTFS filenames that exceed the 31-character limit, so Macintosh clients will see only the first 31 characters.

  • NTFS allows a maximum path length of 255 characters, and so does Mac OS. However, under some circumstances FSM may not send the Macintosh folder or file information for items whose combined path lengths exceed 260 characters.

  • Like NTFS, Macintosh file systems are case-insensitive. If you have the POSIX subsystem enabled, don't use POSIX filenames, or the Macintosh clients will get confused.

  • MAV volume names can be up to 27 characters long, but the FSM tools can create only 12-character names (although you can use the Macfile utility to work around this).

  • AppleTalk requires that all share names served by a single machine fit into a single announcement packet. This packet cannot exceed 4760 bytes in size, meaning that there is an upper limit of about 175 MAV names (at 27 characters each) per server.

Creating Accounts for Macintosh Users

FSM and PSM get account information from Microsoft Windows 2000 Active Directory directory service. This means that Macintosh clients can't log on to your FSM or PSM servers unless they have a valid account in your directory or unless you allow guest access to your servers. It's a good idea to set up the accounts you'll need for your Macintosh users as part of installing and configuring Macintosh support on your server; that way, as soon as you get the MAVs and shared printers created, your users can start connecting to the server.

TIP
Mac OS users can supply a domain name along with their user name when they log on. Suppose that you have accounts in two domains: Engineering\Paulr and Ra\Paul. If you want to log on to an FSM server that's part of the Engineering domain as Engineering\Paulr, you can leave off the domain name; if you want to use your master account (Ra\Paul), you can, but you must add the domain prefix.

PSM must be supplied with a set of user account credentials so that it can send print jobs to the standard Windows 2000 Print Manager. It uses the system account by default, but for security purposes it's a better idea to create a separate account to be used only with PSM.

Installing the Components

To install both PSM and FSM, you use the Windows Components Wizard. The actual process is very simple:

  1. From the Start menu, point to Settings and then to Control Panel and choose Add/Remove Programs. When the Add/Remove Programs window appears, click the Add/Remove Windows Components icon to start the wizard.

  2. At the first screen of the wizard, click Next. The Windows Components screen appears; scroll through the component list to find Other Network File And Print Services. Select it and click Details.

  3. The Other Network File And Print Services dialog box appears (Figure 22-5). Select the Macintosh services you want to install and then click OK. When you return to the wizard, click Next.

    4. click to view at full size.

    Figure 22-5. The Other Network File And Print Services dialog box.

  4. Click Finish to finalize the installation.

Once you've installed the FSM and PSM components, you must configure them before they'll do anything useful. The only MAV that a newly installed FSM server will offer to clients is the one containing Microsoft's plug-in authentication module.

Installing Microsoft's Authentication Module on the Macintosh

When a Mac OS client connects to a Windows 2000 FSM server, the client has to send its user name and password credentials as clear text with no encryption. This is nonsecure because an attacker with a network analyzer can easily grab the credentials from the network and use them to log on to the Windows 2000 Server directly.

Mac OS supports encrypted authentication when talking to AppleShare servers, but to add that same level of security to Mac OS-FSM connections you must choose one of two options. One is to configure your server to accept Apple-encrypted authentication, and the other is to install an additional user authentication module (UAM) on the Macintosh side. The Microsoft UAM allows Mac OS client to encrypt its credentials using the same scheme that Windows clients use when talking to a Windows 2000 Server. It also offers two other useful benefits: it allows you to use longer passwords (14 characters instead of the 7-character limit imposed by AppleShare), and it lets your clients know when their Windows 2000 password has expired.

The Microsoft UAM is stored in a special MAV called Microsoft UAM Volume. This MAV is always available to Macintosh clients on an FSM server; there's no way to remove or rename it, and it's available as soon as the FSM service is started. The UAM volume contains four items: a text file (Readme.uam) explaining what the UAM does and how to install it, an application that automatically installs the appropriate UAM for a given Mac OS configuration, and versions of the UAM for AppleShare versions 3.8 (present on Mac OS 7.5 and later) and 3.6 (for older Mac OS versions). To install the Microsoft UAM on a Mac OS client, follow these steps:

  1. On the Macintosh computer, open the Chooser from the Apple menu.

  2. Select the AppleShare icon in the Chooser. If you have multiple AppleTalk zones on your network, select the zone your FSM server is in from the AppleTalk Zones list.

  3. Select the FSM server to which you want to connect. The Chooser will look similar to Figure 22-6. Click OK to attempt the connection.

  4. The AppleShare logon dialog box appears. Log on to the FSM server, either as a guest (click the Guest button) or as a user with credentials on the server (click the Registered User button and then enter the user name and password). Click OK when you're done.

    5. click to view at full size.

    Figure 22-6. The Chooser with the FSM server and its zone selected.

  5. The Microsoft UAM Volume icon appears on the Macintosh desktop. Open it and launch the MS UAM Installer application; it will install the UAM version that is appropriate for this particular client.

If you want to install the UAM on multiple machines, it may be easier to copy the appropriate UAM to the destination machines instead of logging on from every workstation. This process is a little different from the one just outlined:

  1. Find out what version of the AppleShare client the target machine has. Open the System folder, go to the Extensions subfolder, select the AppleShare extension, and choose Get Info from the File menu in the Finder to get its version.

  2. Find the matching folder on the Microsoft UAM Volume: either MS UAM for AppleShare 3.8 or MS UAM for AppleShare 3.6. Open it and you'll find a subfolder named AppleShare Folder.

  3. Look in the System folder of the target machine. If no AppleShare folder is there, drag the AppleShare folder you found in the Microsoft UAM Volume in step 2 into the System folder. If the folder is there, open the AppleShare folder from the Microsoft UAM Volume and drag the MS UAM 5.0 extension into the target system's AppleShare folder.

Once you've installed the Microsoft UAM, the logon process for Mac OS clients will be a bit different from what they're accustomed to. The ordinary process works like this: the user picks a zone and server in the Chooser, clicks OK, and fills out the AppleShare logon dialog box. When multiple UAMs are installed—as will be the case after you complete the preceding steps—clicking OK in the Chooser produces a dialog box listing the available UAMs. You'll need to train your users to use the Microsoft Authentication 5.0 UAM. After choosing that UAM, they'll see the logon dialog box shown in Figure 22-7.

click to view at full size.

Figure 22-7. The Microsoft UAM logon dialog box.

Configuring FSM Options

Apart from its obvious uses, the Shared Folders snap-in also allows you to configure some helpful FSM parameters, including the message that users see when they log on, the kinds of authentication your server will accept, and the number of users that can connect at once. To get to these options, open the Shared Folders snap-in, right-click Shared Folders, and choose Configure File Server For Macintosh. You see the Configuration tab of the File Server For Macintosh Properties window, shown in Figure 22-8. You can perform four useful tasks with this tab:

  • Change the name that the FSM server presents to AppleTalk clients by providing a name in the Server Name For AppleTalk Workstations field. This has no effect on how the computer appears in Active Directory, but it can present a friendly name to Macintosh users if you're using machine-generated names.

  • Provide a logon message that appears to Macintosh users when they log on. This might be a warning notice, an announcement about upcoming maintenance, or whatever you want to put in front of your users' faces.

  • Control some security aspects of how clients talk to your server:

    • The Allow Workstations To Save Password check box governs whether users can tell their computers to save their account credentials on their computers. Allowing this makes things easier for end users but less secure.

    • The Enable Authentication box lets you choose the authentication types you want your server to accept. The default is to allow Apple clear text or Microsoft encrypted authentication; you can also choose to accept only Microsoft authentication, only Apple clear text or Apple encrypted authentication, or only Apple and Microsoft encrypted authentication. The last choice is recommended because it allows modern Mac OS clients to securely log on whether or not they're using the Microsoft UAM.

  • Regulate how many users can connect concurrently to your FSM server. Normally, FSM allows an unlimited number of AppleTalk connections to your MAVs, but you can throttle that number back by selecting Limited To and entering a connection limit in the box.

TIP
The contents of the Limited To box are stored in HKLM\System\CurrentControlSet\Services\MacFile\Parameters\MaxSessions. A value of 0xFFFFFFFF means "unlimited"; otherwise, FSM interprets this number as the session limit.

Figure 22-8. The File Server For Macintosh Properties window.

The File Association and Sessions tabs of the File Server For Macintosh Properties window are covered under "Managing Type and Creator Codes" and "Sending Messages to Users," respectively, later in this chapter.


Previous page
Table of content
Next page
Microsoft Windows 2000 Server Administrator's Companion, Vol. 1
Microsoft Windows 2000 Server Administrators Companion (IT-Administrators Companion)
ISBN: 1572318198
EAN: 2147483647
Year: 2000
Pages: 366
Authors: Charlie Russel, Sharon Crawford
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Lotus Notes and Domino 6 Development (2nd Edition)
Cisco IOS Cookbook (Cookbooks (OReilly))
An Introduction to Design Patterns in C++ with Qt 4
Special Edition Using FileMaker 8
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy