[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]
System Management Guide: Communications and Networks

Connecting Client PCs to AIX Fast Connect for Windows

The steps shown in the following sections are required to connect a PC client to the Fast Connect server.

TCP/IP Configuration

To access the Fast Connect Server, each client PC must be configured for NetBIOS over TCP/IP (RFC1001/1002). This can be accomplished for the various clients as shown in the following sections.

Windows 95, Windows 98 Clients

  1. From the Start button, select Settings->Control_Panel->Network.

  2. On the Configuration tabbed panel (initially shown), verify that the following entries exist:

    If any is missing, add it from your Windows 95 disks.

  3. Click on the TCP/IP entry and select Properties. The TCP/IP Properties dialog box has several tabbed panels. Verify the following:

    IP Address panel
    Configure as needed. (For initial testing, you may find it convenient to manually specify unique IP addresses for each PC.)

    Bindings panel
    Select Client for Microsoft Networks.

    Additionally, you may wish to enable WINS support, DNS support, and/or GATEWAY support for each client. If so, configure each as needed.

  4. TEST the client's TCP/IP configuration by ping-ing (by IP address) from the client PC's DOS prompt to the Fast Connect server, and vice versa.

Windows NT Clients

Note: You must be logged in as an Administrator.
  1. From the Start button, select Settings->Control_Panel->Network.

  2. On the Services tabbed panel, verify that there are entries for the following services:

    If any is missing, add it from your Windows NT CD.

  3. On the Protocols panel, add TCP/IP (if missing), then select Properties.

    The TCP/IP Properties dialog box has several tabbed panels. Verify the following:

    IP Address panel
    Configure as needed. (For initial testing, you may find it convenient to manually specify unique IP addresses for each PC.)

    You may also want to configure DNS, WINS Address, and Routing.

  4. Test the client's TCP/IP configuration by ping-ing (by IP address) from the client PC's DOS prompt to the Fast Connect server and vice versa.

Windows For Workgroups (Windows 3.11) Clients

  1. From group Network (within Program Manager), run Network Setup.

  2. Verify that the following entries exist:

    You may need to install the TCP/IP protocol. TCP/IP is not included on the Windows 3.11 installation media. You can download a copy of Microsoft TCP/IP-32 3.11b from Microsoft's web site www.microsoft.com.)

    To set up the TCP/IP configuration, double-click on Microsoft TCP/IP-32 3.11b. Configure the IP Address, Subnet Mask, Default Gateway, WINS Server(s), DNS, and other options as needed. (LMHOSTS and DNS enablement are available as Advanced options.)

  3. Test the client's TCP/IP configuration by ping-ing (by IP address) from the client PC's DOS prompt to the Fast Connect server and vice versa.

OS/2 Clients

  1. Install TCP/IP and NetBIOS support during OS/2 installation.

  2. Use the TCP/IP Configuration program to verify and configure TCP/IP.

  3. Use the Multi-Protocol Transport Services program (MPTS) to verify and configure the following protocols for your network adapter:

    These protocols should have the same LAN adapter number, which should match your TCP/IP interface.

    Note: The default installation is IBM OS/2 NetBIOS. Be sure to add IBM OS/2 NetBIOS OVER TCP/IP if not already listed.)
  4. Test the client's TCP/IP configuration by ping-ing (by IP address) from the client PC's DOS prompt to the Fast Connect server and vice versa.

User Authentication and Administration

supports the following methods for user authentication:

User administration is dependent on the authentication method selected by Fast Connect administrator. Each type has its advantages and disadvantages. Which method you choose depends on your environment, your administration policy, and the type that you determine would be easiest to administer and use.

AIX-based User Authentication

AIX-based authentication uses AIX user definitions and passwords. Following session setup, a Fast Connect session gets the authenticated AIX user credentials (UID, GID and Secondary groups set).

Requirements
  1. Clients must be able to negotiate plain text passwords. This may require enabling plain text passwords by updating required registry entries for Windows NT, 95, and 98 clients.
  2. Fast Connect must be enabled for plain text passwords using SMIT, Web-based System Manager or the net command
Advantages
  1. Low administrative overhead (uses existing AIX user information).
  2. AIX tools for managing users can be used.
Disadvantages
  1. Windows registry update may be required.
  2. Windows may require user ID and passwords to be typed again
  3. Clear-text passwords are sent over the network.

CIFS LM (LAN Manager) Password Encryption Protocol

The CIFS LM protocol method uses Fast Connect user definitions and encrypted passwords for user authentication. Each user must be defined as an AIX user as well, and share the same user name. Fast Connect encrypts passwords and saves them in its files for use during session setup. Following session setup, a Fast Connect session gets the authenticated user's credentials (UID, GID and Secondary groups set).

Requirements
  1. Users must be defined to Fast Connect using SMIT, Web-based System Manager or the net command.
  2. AIX Fast Connect for Windows must be enabled for encrypted passwords using SMIT, Web-based System Manager or the net command.
  3. Windows or OS/2 user logon passwords must be same as Fast Connect passwords. These passwords are not required to be same as AIX logon password.
  4. Changing passwords requires root authority.
Advantages
  1. No additional logon other than logging into the Windows or OS/2 workstation is required.
  2. Clear text passwords are not sent over the network, which provides additional security.
Disadvantages
  1. Additional administrative tasks are needed for Fast Connect users.
  2. Administrator intervention is needed for password update.

NT Domains Passthrough Authentication

This authentication method uses AIX user definitions and NT Server user authentication. Each user must be defined as an AIX user as well. Passthrough authentications is enabled using SMIT, Web-based System Manager or the net command by specifying Passthrough authentication NTserver IPaddress.

During session setup, Fast Connect forwards the session setup request to the NT server. If the NT server authenticates the user, Fast Connect grants access. Following session setup, a Fast Connect session gets the authenticated user's credentials (UID, GID and Secondary groups set).

Requirements
  1. User must be defined on the Passthrough authentication server.
  2. AIX Fast Connect for Windows must be enabled for Passthrough authentication using SMIT, Web-based System Manager or the net command to define IP address of the NT server.
  3. NT user name must match AIX user name, although passwords can be different.
Advantages
  1. No additional logon other than logging into the Windows or OS/2 workstation is required.
  2. Clear text passwords are not sent over the network, which provides additional security.
  3. Uses NT user definition, therefore less administrative overhead is needed.
Disadvantages
  1. Requires an NT server.

NetBIOS Name Service (NBNS)

NetBIOS Name Service (NBNS) for AIX Fast Connect for Windows provides name resolution services. It also supports some functions of Windows Internet Name Service (WINS), such as registration of multihomed name and Internet group name.

To activate NBNS, 'nbns' in the cifsConfig file needs to be set to 1 (The default is 1) and restart the Fast Connect Server.

To turn off NBNS, set nbns = 0 in the cifsConfig file.

Administering NBNS Tasks
Task SMIT Fast Path Command or File
List names in the NetBIOS Name Table smit smb net nblistnames
Add a NetBIOS Name smit smb et nbaddname /name:NetBIOS Name
/ipaddress:ip address [/subcode:00-ff]*
Delete a NetBIOS name in Name Table smit smb net nbdelname /name:NetBIOS Name [/subcode:00-ff]
Delete by Address and by Name smit smb net nbdeladdr /name:NetBIOS Name /ipaddress:ipaddress*
Backup the NetBIOS Name Table to a File smit smb net nbbackup [/file:file name]
Restore a NetBIOS Name Table from Backup File smit smb net nbrestore [/file:file name]
Note: The value of ip address can be any number in IP address range.

Workgroups, Domains, and User Accounts

For ease of use, client PCs should be in the same Windows workgroup or NT domain as the Fast Connect server (or vice versa). Windows 3.11, Windows 95, and Windows NT all use WORKGROUP as a default workgroup name, and Fast Connect server initializes itself to use WORKGROUP, also. If your network uses NT domain login authentication, you can configure the Fast Connect server to verify Fast Connect access using the NT domain authentication servers.

Whether you use Workgroups or NT domains, access to Fast Connect is managed by user security. You must set up AIX user accounts for each Windows user who is accessing Fast Connect. It is easiest to use if the user accounts (and passwords) on AIX match the Windows or NT domain user accounts (and passwords).

Using Plain Text Passwords with Windows 98 or Windows NT 4.0 (Service Pack 3)

For security reasons, Microsoft has disabled support for nonencrypted (plain text) network passwords in Windows 98 and Windows NT 4.0 (with Service Pack 3 installed).  If you want to use plain text passwords on your network, these clients must be upgraded with the following Registry patches.

To install the Windows 98 Enable Plain Text Passwords patch:

  1. Use EDIT or the NOTEPAD accessory to create the following text file, named W98plain.reg, as a local file on the Windows 98 machine:
    REGEDIT4
    
    ; Registry file to allow plaintext passwords on Windows 98
    
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP]
    "EnablePlainTextPassword"=dword:00000001
  2. Using Windows Explorer, double click on the W98plain.reg file name in the directory where you saved it. This action will update the Windows Registry for that client to allow plain text passwords.

  3. Shutdown/Restart the Windows 98 machine. (Shutdown/Restart is required for this patch to take effect.)

To install the Windows NT 4.0 Enable Plain Text Passwords patch,

  1. Use EDIT or the NOTEPAD accessory to create the following text file, named NT4plain.reg, as a local file on the Windows NT machine:
    REGEDIT4
    
    ; Registry file to allow plaintext passwords on Windows NT 4.0, SP3
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters]
    EnablePlainTextPassword=dword:00000001
  2. Using Windows Explorer, double click on the NT4plain.reg file name in the directory where you saved it. This action will update the Windows Registry for that client to allow plain text passwords.
  3. Shutdown/Restart the Windows NT machine. (Shutdown/Restart is required for this patch to take effect.)
Note: Even with the previous patch installed, all Windows NT 4.0 clients still require the user to type his/her password every time the user first connects to the Fast Connect server (by browsing, mapping drives, etc.). Once the user is successfully connected, additional browsing or drive mapping operations proceed without hindrance. The initial Password Invalid message is because Windows NT 4.0 attempts to use encrypted passwords while connecting to Fast Connect server, rather than plain text passwords.

Browsing the Network

AIX Fast Connect for Windows supports Browser operations such as Network Neighborhood and NET VIEW. These operations show the user a list of file and printer shares exported by each server.

Network Neighborhood can also be used as a convenient way to map drives. (Right-click on a file share name, then select Map Network Drive from the pop-up menu.)

However, note the following limitations on network browsing:

Mapping Drives

Normally, PC clients will need to define drive mappings to use the Fast Connect-exported file shares. These drive mappings can be done from Windows or from the DOS command prompt.

You can use the following mechanisms to define/undefine mappings between PC drive letters and Fast Connect file shares. For the sake of the following examples, assume that the NetBIOS servername is cifs01, and that file shares apps and pcdata are defined.

From DOS:

DOS> net help	                   (help info for DOS)
DOS> net use H: \\cifs01\home     (pre-defined Fast Connect share)
DOS> net use F: \\cifs01\apps
DOS> copy F:\oldfile H:\newfile   (uses previous drive-mappings)
DOS> net use F: /delete           (delete the drive-mapping)

From Windows:

  1. Find the Map Network Drive dialog box.

  2. Select the desired drive (for example, F:) from the Drive: drop-down list, then

Using Fast Connect Printers

For printing, DOS and Windows mappings are somewhat different. For the following examples, assume that Fast Connect server cifs01 has print shares netprint1 and pscolor defined.

For DOS applications, the following simple device-mappings can be used:

DOS> net use LPT1: \\cifs01\netprint1
DOS> net use LPT2: \\cifs01\pscolor

But to support printing from Windows applications, a Windows printer driver needs to be installed, and mapped to the network printer, as follows:

  1. Select Start -> Settings -> Printers -> Add Printer.
  2. Select Network Printer.
  3. Enter the Fast Connect print share name (for example, \\cifs01\netprint1) or, use the browse list to select the desired print share.
  4. Select the proper Windows printer driver for that network printer (for example, IBM 4039 Laser Printer PS), which will be installed from your Windows installation disks.

For Windows 3.11, install the desired printer driver through Control Panel, and use the Connect... button to map it to the Fast Connect print share.


[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]