Setting Up File and Print Services

Previous page
Table of content
Next page

After you install and configure the AppleTalk protocol, you're ready to install and configure the Macintosh services themselves. Even though FSM and PSM are two separate packages, they are grouped together in this section because their respective installation processes are very similar. You can install the components in any order.

Prerequisites for Installing Macintosh Services

Before installing the Macintosh service components, you must meet a few prerequisites. First, if you're going to install FSM you must have at least one NTFS partition on your server. This is because you can create MAVs only on NTFS or CD-ROM File System (CDFS) partitions—and even if you want to create MAVs only on CDFS partitions, you need an NTFS partition or FSM won't install.

Second, you should already have installed and configured the network adapters you plan to connect to your AppleTalk networks and verified that they work. Finally, you should have installed and configured AppleTalk and tested your installation to make sure that your existing network clients can see your new server as an AppleTalk node. You might need a tool like EtherPeek or Dartmouth's InterNetMapper to do this.

If you want your Macintosh users to have access to files that are on ordinary shares (not MAVs), you can either upgrade them to Mac OS X 10.1 or later, or use a third-party utility like Thursby Software's (http://www.thursby.com) Dave, which allows Macintosh computers to log on to Windows NT or Windows 2000 domains and use shared files and printers using Microsoft's native network protocols.

Although installing and managing FSM is pretty straightforward, there are some magic numbers that you need to be aware of. These numbers (or, more accurately, limits) curb some of the things you can do with FSM:

  • Classic Macintosh volumes can support filenames of only 31 characters maximum, whereas NTFS supports 256-character filenames. Macintosh files appear with their correct names on Windows systems that support long filenames, but they'll have truncated 8.3 names on systems that don't. FSM truncates NTFS filenames that exceed the 31-character limit, so Macintosh clients see only the first 31 characters.
  • NTFS allows a maximum path filename length of 255 characters, and so does Mac OS. However, under some circumstances FSM might not send the Macintosh folder or file information for items whose combined path lengths exceed 260 characters.
  • Like NTFS, the file systems for classic Mac OS and Mac OS X are case-insensitive. If you have the POSIX subsystem enabled, don't use POSIX filenames, or the Macintosh clients will get confused.
  • MAV volume names can be up to 27 characters long, but the FSM tools can create only 12-character names (although you can use the Macfile utility to work around this).
  • AppleTalk requires that all share names served by a single machine fit into a single announcement packet. This packet cannot exceed 4760 bytes in size, meaning that there is an upper limit of about 175 MAV names (at 27 characters each) per server.

Creating Accounts for Macintosh Users

FSM and PSM get account information from Microsoft Windows 2000 Active Directory service. This means that Macintosh clients can't log on to your FSM or PSM servers unless they have a valid account in your directory or unless you allow guest access to your servers. It's a good idea to set up the accounts you'll need for your Macintosh users as part of installing and configuring Macintosh support on your server; that way, as soon as you get the MAVs and shared printers created, your users can start connecting to the server.

Mac OS users can supply a domain name along with their user name when they log on. Suppose that you have accounts in two domains: Engineering\Paulr and Ra\Paul. If you want to log on to an FSM server that's part of the Engineering domain as Engineering\Paulr, you can leave off the domain name; if you want to use your master account (Ra\Paul), you can, but you must add the domain prefix.

PSM must be supplied with a set of user account credentials so that it can send print jobs to the standard Microsoft Windows 2000 print manager. It uses the system account by default, but for security purposes it's a better idea to create a separate account to be used only with PSM.

Installing the Components

To install both PSM and FSM, you use the Windows Components Wizard. The actual process is very simple:

  1. From the Start menu, point to Settings and then to Control Panel and choose Add/Remove Programs. When the Add/Remove Programs window appears, click the Add/Remove Windows Components icon to start the wizard.
  2. In the first screen of the wizard, click Next. The Windows Components screen appears. Scroll through the component list to find Other Network File And Print Services. Select it and click Details.
  3. The Other Network File And Print Services dialog box appears (Figure 23-9). Select the Macintosh services you want to install and then click OK. When you return to the wizard, click Next.

    Figure 23-9. The Other Network File And Print Services dialog box.

  4. Click Finish to finalize the installation.

After you've installed the FSM and PSM components, you must configure them before they'll do anything useful. The only MAV that a newly installed FSM server offers to clients is the one containing Microsoft's plug-in authentication module.

Installing the Microsoft Authentication Module on the Macintosh

When a Mac OS client connects to a Windows 2000 FSM server, the client has to send its user name and password credentials as clear (plain) text with no encryption. This is nonsecure because an attacker with a network analyzer can easily grab the credentials from the network and use them to log on to the Windows 2000 Server directly.

Mac OS supports encrypted authentication when talking to AppleShare servers, but to add that same level of security to Mac OS-FSM connections you must choose one of two options. One is to configure your server to accept Apple-encrypted authentication, and the other is to install an additional user authentication module (UAM) on the Macintosh side. The Microsoft UAM allows the Mac OS client to encrypt its credentials using the same scheme that Windows clients use when talking to a Windows 2000 Server. It also offers two other useful benefits: it allows you to use longer passwords (14 characters instead of the 7-character limit imposed by AppleShare), and it lets your clients know when their Windows 2000 password has expired.

Mac OS X 10.1 and newer versions support encrypted authentication directly with Windows file servers, without the need for FSM. This is good, because Microsoft hasn't written a native Mac OS X UAM.

The Microsoft UAM is stored in a special MAV called Microsoft UAM Volume. This MAV is always available to Macintosh clients on an FSM server; there's no way to remove or rename it, and it's available as soon as the FSM service is started. The UAM volume contains four items: a text file (Readme.uam) explaining what the UAM does and how to install it, an application that automatically installs the appropriate UAM for a given Mac OS configuration, and versions of the UAM for AppleShare versions 3.8 (present on Mac OS 7.5 and later) and 3.6 (for earlier Mac OS versions). The following steps illustrate how to install the Microsoft UAM on a classic Mac OS client:

  1. On the Macintosh classic Mac OS computer, open the Chooser from the Apple menu.
  2. Select the AppleShare icon in the Chooser. If you have multiple AppleTalk zones on your network, select the zone your FSM server is in from the AppleTalk Zones list.
  3. Select the FSM server to which you want to connect. The Chooser should look similar to Figure 23-10. Click OK to attempt the connection.
  4. The AppleShare logon dialog box appears. Log on to the FSM server, either as a guest (click Guest) or as a user with credentials on the server (click Registered User and then type the user name and password). Click OK when you're done.

    Figure 23-10. The Chooser with the FSM server and its zone selected.

  5. Select Microsoft UAM Volume from the list of available volumes and then click OK. The Microsoft UAM Volume icon appears on the Macintosh desktop. Open it and launch the MS UAM Installer application; it installs the UAM version that is appropriate for this particular client.

If you want to install the UAM on multiple machines, it might be easier to copy the appropriate UAM to the destination machines instead of logging on from every workstation. This process is a little different from the one just outlined:

  1. Find out what version of the AppleShare client the target machine has. Open the System folder, go to the Extensions subfolder, select the AppleShare extension, and choose Get Info from the File menu in the Finder to get its version.
  2. Find the matching folder on the Microsoft UAM Volume: either MS UAM for AppleShare 3.8 or MS UAM for AppleShare 3.6. Open it and you'll find a subfolder named AppleShare Folder.
  3. Look in the System folder of the target machine. If no AppleShare folder is present, drag the AppleShare folder you found in the Microsoft UAM Volume in step 2 into the System folder. If the folder is there, open the AppleShare folder from the Microsoft UAM Volume and drag the MS UAM 5.0 extension into the target system's AppleShare folder.

After you've installed the Microsoft UAM, the logon process for Mac OS clients is a bit different from what they're accustomed to. The ordinary process works like this: the user picks a zone and server in the Chooser, clicks OK, and fills in the AppleShare logon dialog box. When multiple UAMs are installed—as will be the case after you complete the preceding steps—clicking OK in the Chooser produces a dialog box listing the available UAMs. You'll need to train your users to use the Microsoft Authentication 5.0 UAM. After choosing that UAM, they'll see the logon dialog box shown in Figure 23-11.

Figure 23-11. The Microsoft UAM logon dialog box.

Configuring FSM Options

Apart from its obvious uses, the Shared Folders snap-in also allows you to configure some helpful FSM parameters, including the message that users see when they log on, the kinds of authentication your server accepts, and the number of users that can connect at once.

To get to these options, open the Shared Folders snap-in, right-click Shared Folders, and choose Configure File Server For Macintosh from the shortcut menu. You see the Configuration tab of the File Server For Macintosh Properties dialog box, shown in Figure 23-12. You can perform four useful tasks with this tab:

  • Change the name that the FSM server presents to AppleTalk clients by providing a name in the Server Name For AppleTalk Workstations field. This has no effect on how the computer appears in Active Directory, but it can present a friendly name to Macintosh users if you're using machine-generated names.
  • Provide a logon message that appears to Macintosh users when they log on. This might be a warning notice, an announcement about upcoming maintenance, or whatever you want to put in front of your users' faces.
  • Control some security aspects of how clients talk to your server:
    • The Allow Workstations To Save Password check box governs whether users can tell their computers to save their account credentials on their computers. Allowing this makes things easier for end users but less secure.
    • The Enable Authentication box lets you choose the authentication types you want your server to accept. The default is to allow Apple clear text or Microsoft-encrypted authentication; you can also choose to accept only Microsoft authentication, only Apple clear text or Apple-encrypted authentication, or only Apple and Microsoft- encrypted authentication. The last choice is recommended because it allows modern Mac OS clients to securely log on whether or not they're using the Microsoft UAM (note that this last option isn't without a catch; it requires that user passwords be stored in Active Directory using clear text).
    • Regulate how many users can connect concurrently to your FSM server. Normally, FSM allows an unlimited number of AppleTalk connections to your MAVs, but you can throttle that number back by selecting Limited To and typing a connection limit in the box.

    The contents of the Limited To box are stored in HKLM\System \CurrentControlSet\Services\MacFile\Parameters\MaxSessions. A value of 0xFFFFFFFF means "unlimited"; otherwise, FSM interprets this number as the session limit.

    Figure 23-12. The File Server For Macintosh Properties dialog box.

The File Association and Sessions tabs of the File Server For Macintosh Properties dialog box are covered in the sections Managing Type and Creator Codes and Sending Messages to Users, respectively, later in this chapter.


Previous page
Table of content
Next page
Microsoft Windows 2000 Server Administrator's Companion
Microsoft Windows 2000 Server Administrators Companion
ISBN: 0735617856
EAN: 2147483647
Year: 2003
Pages: 320
Authors: Charlie Russel, Sharon Crawford, Jason Gerend
BUY ON AMAZON
A+ Fast Pass
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
What is Lean Six Sigma
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy